Internet Governance
U.K. To Establish New Tech Regulator: The agency will reportedly enforce a new code of conduct aimed at large technology firms and will oversee consumers’ access to data; the country’s competition regulator has also recommended the introduction of new rules to address digital advertising.
Privacy
Genealogy Website To Share Customers’ Genetic Data With GlaxoSmithKline: DNA testing service 23andMe will provide the genetic information of its 5 million customers to the pharmaceutical company as part of a $300 million deal; by agreeing to 23andMe’s terms and conditions, consumers consent to their DNA being used for medical research.
Federal Court Dismisses Challenge To NSA’s Upstream Surveillance Program: The Wikimedia Foundation, owner of Wikipedia, alleged that the NSA was illegally conducting bulk surveillance; the district court held that while Wikimedia could show its content was probably traveling through NSA-monitored connection points, Wikimedia could not prove that the content was being surveilled because the issue could not be litigated without jeopardizing the confidentiality of NSA technology.
Information Security and Cyberthreats
New Jersey’s Largest Hospital System Paid Hackers To End Ransomware Attack: The attack on Hackensack Meridian Health, which took place in early December, crippled the provider’s scheduling, billing, labs, and radiology systems for nearly five days and forced hospitals to reschedule non-emergency appointments and surgeries.
New Orleans Declares State Of Emergency In Response To Cyberattack: The city shut down most of its computers after detecting ransomware and phishing emails on its network; officials have not indicated whether any data was stolen, and a forensic investigation into the incident is ongoing.
Free Expression and Censorship
Instagram Expands Fact-Checking Feature, But Politicians’ Posts Will Be Exempt: The social media company will engage third-party organizations to assess the truthfulness of photo and video content on its app; material that is determined to be false will be covered by a warning blocking the content, which users must tap through to view the post.
Italian Court Orders Facebook To Reinstate Neo-Fascist Political Party’s Account: Facebook removed CasaPound’s account because it violated the social media company’s policy against spreading hate speech; the court held that the removal “prevented political pluralism” and ordered that the page be restored in Italy, although it may remain inaccessible from overseas.
Practice Note
Standard Data Transfer Clauses Deemed Legal In EU: An advisory opinion by the Advocate General of the Court of Justice of the European Union determined that the standard contract clauses used by Facebook and other firms to transfer personal data to data processors in third countries are valid; such transfers could still be blocked, however, if EU data protection standards are not met in those countries.
On the Lighter Side
College Takes “Old School” Approach, Issues New Passwords For 38,000 Email Accounts By Hand: A German university was forced to provide new passwords for all student and staff email accounts after it was targeted in a malware attack.
Joel R. Reidenberg
Stanley D. and Nikki Waxberg Chair and Professor of Law
Founding Academic Director, Fordham CLIP
Tom Norton
Executive Director, Fordham CLIP
Alison Gordon
Editorial Fellow