California Lawmakers Want a Study of Fake News (If Someone Else Pays for It)

“Fake news” is a defining fear about our post-factual Trumpian era, which makes it important enough (or perceived to be so) that government regulators surely must do something about it. In response, the California legislature, demonstrating its characteristic leadership on tough issues, passed one of the nation’s first new laws addressing fake news. The law decisively calls for a government study of the problem…and only if the private sector pays for it. Wait, what???

* * *

Yesterday, the California legislature passed SB 1424. It is now awaiting Gov. Brown’s signature (which is always a tossup). The law requires the AG to assemble a working group consisting of “at least one member of the Department of Justice, Internet-based social media providers, civil liberties advocates, and First Amendment scholars.” This group will be charged with studying “the problem of the spread of false information through Internet-based social media platforms” and drafting a model strategic plan to mitigate this.

Who cares about this work product? Well, everyone would care greatly if the legislature mandates the plan’s requirements. However, it’s very likely that the First Amendment will prevent that. Accordingly, social media providers almost certainly will be free to adopt or ignore the plan as they choose.

It’s possible this plan will be so brilliant that social media providers will eagerly adopt it. But if the social media providers really wanted to voluntarily adopt an anti-fake news plan, they could easily undertake this effort without any “help” from the California legislature or the state AG. Indeed, having the AG’s office running the project seems likely to unhelpfully steer the discussion towards enforcement and regulatory considerations, not the wide range of technological or marketplace considerations that are probably bigger levers to combat false online information. About the only benefit I see from a state-mandated and -coordinated study is that it might minimize the risks that the conversation will violate antitrust law or constitute illegal collusion.

But here’s the kicker–someone is going to have to fund this effort, and it won’t be the California government. While the advisory group’s pricetag should be de minimis for the world’s fifth largest economy, apparently the legislature didn’t believe in the report’s value enough to actually pay for it. Instead, the law says that the AG isn’t obligated to do anything until it receives “sufficient private funding;” and if no one ponies up by Dec. 31, 2021, then the law expires.

The private funding requirement was added just this week, and with it, the law passed immediately. After all, if the effort won’t cost the government anything, what’s not to like? I don’t know the backstory, but I’m guessing the private payment mechanism emerged when someone represented to the California legislature that they would be the private benefactor. But who is this mystery benefactor? If it’s a social media provider, then I’m even more confused why they would prefer this law over simply running and funding the initiative privately.

While the law seemingly gives California something for nothing, it is truly free? The law encourages future enforcement targets to provide financial support to the AG’s office–payoffs that create potentially significant conflicts-of-interest or opportunities to curry financial favor with regulators. As much as I hate fake news, I hate government corruption even more, and this law does far more to encourage the latter than combat the former.

Side note: this is the second time in the past week that the California AG has apparently objected to unfunded Internet law-related mandates being imposed on it by the California legislature. Last week, AG Xavier Becerra wrote a blistering letter to the California legislature about the California Consumer Privacy Act, complaining that the law’s financial burdens were more than the DOJ could bear. I can’t tell if the California DOJ is facing bona fide resource constraints, or if the AG is just making negotiating ploys to gross up the DOJ’s budget.

Despite my criticisms, if anyone reading the post is involved in the initiative, I’m willing to be considered as one of the “First Amendment scholar” participants. I may be skeptical about the process leading to the advisory group, but ultimately I’m as interested in developing workable solutions to combat “fake news” as anyone.

Comments on Trump’s Empty Tweetstorm Threatening Social Media Providers

[Over the weekend, a reporter asked me to provide up to 300 words about Trump’s weekend tweetstorm threatening to regulate social media provider due to their alleged bias against conservatives. In light of subsequent events, it’s now clearer that Trump was rage-tweeting to deflect attention from the new revelations that were imminent. Still, I’m sharing my brief thoughts about the tweetstorm FWIW.]

As he does daily, Trump made a factual claim without credible evidence. Beyond anecdotes (of which there are many on all sides of the political spectrum), there is no evidence that social media providers are systematically biased towards any political ideology. Instead, Trump’s tweetstorm is consistent with his standard misdirection tactic of creating a fake crisis and portraying himself as the savior. He is trolling us. Again.

Social media providers are protected by the First Amendment’s Freedoms of Speech and Press. This isn’t a close question. Thus, even if social media providers were biased against conservatives (and there is no evidence to support this), they would be fully permitted to do so–just like the Constitution protects Fox News’ or Breitbart’s strong editorial biases.
As a result, any action Trump might take against social media providers would be clearly and unambiguously unconstitutional. Indeed, Trump’s tweets prove that he seeks to advance one viewpoint over others. That’s literally the most fundamental way the government can violate the First Amendment.
Sadly, Trump has shown zero respect for the Constitution, so it wouldn’t surprise me if his administration tries to punish social media providers. These actions would be unconstitutional and should fail in court eventually. Until then, these unconstitutional actions would create substantial chaos and impose high costs on social media providers to vindicate their rights. That’s where our country is today–undertaking costly and wasteful efforts just to preserve the status quo.
I note that Trump threatened Twitter’s existence on Twitter, yet Twitter tolerates his vitriol, bias, and lies. Twitter should have long ago terminated Trump’s account for his repeated terms of service violations. Until it does, Twitter is a culpable enabler of Trump’s trolling.

“Material Support for Terrorists” Lawsuit Against YouTube Fails Again–Gonzalez v. Google

This is one of numerous lawsuits against social media providers, seeking to hold them liable for terrorist attacks because they publish third party-provided terrorist-related content. These lawsuits have gone nowhere, including this one. I blogged the dismissal of the Second Amended Complaint. The plaintiffs tried a Third Amended Complaint, but it too fails. Remarkably, the court gives the plaintiffs a fifth chance, but only on one theory. When that theory inevitably fails, the case will be ready for its almost-certainly-futile appeal.

Section 230

For the most part, the court treats the plaintiffs’ arguments as reconsideration of its ruling on the Second Amended Complaint. The court recaps:

Claims one through four allege that Google violated the material support statutes by permitting ISIS and its supporters to publish harmful material on YouTube, and by failing to do enough to remove that content and the users responsible for posting the material. These claims target Google’s decisions whether to publish, withdraw, exclude, or alter content, which is “precisely the kind of activity for which section 230 was meant to provide immunity.”

The court takes a dangerous turn into what constitutes “neutrality” as articulated by Roommates.com:

As with Google’s targeted ad algorithm, there is no indication that its content recommendation tool is anything other than
content neutral. Plaintiffs dispute this, arguing that Google’s promotion of ISIS videos is not content neutral because “it looks to the content as well as the characteristics of the targeted viewer to decide which videos should be promoted.”…As with the Yelp review at issue in Kimzey that was linked to a different website, Google’s content recommendation tool “does not change the origin of the third-party content” that it recommends. Google’s provision of neutral tools such as its content recommendation feature does not make Google into a content developer under section 230, because as currently alleged, the tools do not encourage, elicit, or make aggressive use of the posting of unlawful or objectionable material (citing Kizmey v. Yelp),

This discussion is incoherent. It’s not credible to say that YouTube’s recommendation engine is “content neutral.” No “recommendation engine” ever could be “content neutral”–it wouldn’t be making recommendations then, would it? It would be more precise to say that YouTube’s recommendation engine doesn’t inherently prioritize terrorists’ videos over other videos, but (1) that still doesn’t fit the “neutrality” vernacular, and (2) Section 230 protects editorial discretion, so it should apply even if YouTube did prioritize terrorist videos. The court gets to the right place, but the reliance on “neutrality” garbles the analysis.

The plaintiffs newly allege that YouTube concealed its support for terrorists. The court says this is just a repackaging of the other claims preempted by Section 230:

Plaintiffs’ concealment claim ultimately seeks to hold Google liable for allegedly failing to prevent ISIS and its supporters from using YouTube, and by failing to remove ISIS videos from YouTube. As with claims one through four, the concealment claim “requires recourse to that content” to establish any causal connection between Google permitting ISIS to use YouTube and the Paris attack. The claim thus “inherently requires the court to treat [Google] as the ‘publisher or speaker’” of ISIS content.

The other new allegation is that YouTube engaged in transactions with blacklisted terrorist organizations. The court also says this is a recapitulation of the other preempted claims.

Proximate Causation

The Ninth Circuit’s Fields v. Twitter ruling made it quite clear that social media providers are not proximate causes of terrorist-caused injuries. The plaintiffs here do not overcome that standard: “the TAC does not allege a direct relationship between the “material support” that Google allegedly provided to ISIS and the Paris attack. While the TAC includes detailed allegations regarding the alleged use of YouTube by ISIS and its affiliates, the TAC does not allege any facts plausibly connecting the general availability of YouTube with the attack itself.” The court rejects the new causation allegations as too attenuated and speculative.

The court treads a little more cautiously with the allegations that YouTube shares revenues with the terrorists. The plaintiffs allege that YouTube’s financial support allowed the terrorists to redirect resources towards the attacks that killed the victims, but the Ninth Circuit expressly rejected that argument in Fields. Thus, this allegation also fails, but the court gives the plaintiffs another chance. This is generous by the court because the claim clearly has no chance.

So, the case fails again. Inevitably this genre of anti-Section 230 litigation will fade away.

Case citation: Gonzalez v. Google, Inc., 2018 WL 3872781 (N.D. Cal. Aug. 15, 2018)

Related posts:

Fifth Court Rejects ‘Material Support for Terrorism’ Claims Against Social Media Sites–Crosby v. Twitter
Twitter Didn’t Cause ISIS-Inspired Terrorism–Fields v. Twitter
Section 230 Again Preempts Suit Against Facebook for Supporting Terrorists–Force v. Facebook
Fourth Judge Says Social Media Sites Aren’t Liable for Supporting Terrorists–Pennie v. Twitter
Another Court Rejects ‘Material Support To Terrorists’ Claims Against Social Media Sites–Gonzalez v. Google
Facebook Defeats Lawsuit Over Material Support for Terrorists–Cohen v. Facebook
Twitter Defeats ISIS “Material Support” Lawsuit Again–Fields v. Twitter
Section 230 Immunizes Twitter From Liability For ISIS’s Terrorist Activities–Fields v. Twitter

Another Failed Trademark Suit Over Competitive Keyword Advertising–JIVE v. Wine Racks America

The parties compete in the wine rack/wine cellar business. The defendant bought the plaintiff’s trademarks for keyword ads. The plaintiff alleges this creates initial interest confusion. The 10th Circuit’s Lens.com ruling governs this case. The court says that case makes this an easy defense win:

A consumer using the search term Vino Grotto is unlikely to be confused by the appearance of an advertisement for Defendants. As is demonstrated by Exhibit Q to the Motion, a consumer will be able to easily distinguish between the advertisement placed by Defendants and Plaintiff’s actual website. The advertisement is clearly marked as an ad, while Plaintiff’s website is identified directly below the advertisement. Thus, while certain likelihood of confusion factors would appear to support Plaintiff’s argument, its claim suffers from the same deficiencies identified by the court in 1-800 Contacts

The court also notes that the plaintiff didn’t show any evidence of actual consumer confusion. “As a result, Plaintiff has failed to show a likelihood of success on its trademark infringement claim as it relates to Defendants’ use of Plaintiff’s marks in its advertising.” The court denied the preliminary injunction.

Case citationJIVE Commerce, LLC v. Wine Racks America, Inc., 2018 WL 3873675 (D. Utah Aug. 15, 2018)

More Posts About Keyword Advertising

Negative Keywords Help Defeat Preliminary Injunction–DealDash v. ContextLogic
The Florida Bar and Competitive Keyword Advertising: A Tragicomedy (in 3 Parts)
Another Court Says Competitive Keyword Advertising Doesn’t Cause Confusion
Competitive Keyword Advertising Doesn’t Show Bad Intent–ONEpul v. BagSpot
Brief Roundup of Three Keyword Advertising Lawsuit Developments
Interesting Tidbits From FTC’s Antitrust Win Against 1-800 Contacts’ Keyword Ad Restrictions
1-800 Contacts Charges Higher Prices Than Its Online Competitors, But They Are OK With That–FTC v. 1-800 Contacts
FTC Explains Why It Thinks 1-800 Contacts’ Keyword Ad Settlements Were Anti-Competitive–FTC v. 1-800 Contacts
Amazon Defeats Lawsuit Over Its Keyword Ad Purchases–Lasoff v. Amazon
More Evidence Why Keyword Advertising Litigation Is Waning
Court Dumps Crappy Trademark & Keyword Ad Case–ONEPul v. BagSpot
AdWords Buys Using Geographic Terms Support Personal Jurisdiction–Rilley v. MoneyMutual
FTC Sues 1-800 Contacts For Restricting Competitive Keyword Advertising
Competitive Keyword Advertising Lawsuit Will Go To A Jury–Edible Arrangements v. Provide Commerce
Texas Ethics Opinion Approves Competitive Keyword Ads By Lawyers
Court Beats Down Another Competitive Keyword Advertising Lawsuit–Beast Sports v. BPI
Another Murky Opinion on Lawyers Buying Keyword Ads on Other Lawyers’ Names–In re Naert
Keyword Ad Lawsuit Isn’t Covered By California’s Anti-SLAPP Law
Confusion From Competitive Keyword Advertising? Fuhgeddaboudit
Competitive Keyword Advertising Permitted As Nominative Use–ElitePay Global v. CardPaymentOptions
Google And Yahoo Defeat Last Remaining Lawsuit Over Competitive Keyword Advertising
Mixed Ruling in Competitive Keyword Advertising Case–Goldline v. Regal
Another Competitive Keyword Advertising Lawsuit Fails–Infogroup v. DatabaseLLC
Damages from Competitive Keyword Advertising Are “Vanishingly Small”
More Defendants Win Keyword Advertising Lawsuits
Another Keyword Advertising Lawsuit Fails Badly
Duplicitous Competitive Keyword Advertising Lawsuits–Fareportal v. LBF (& Vice-Versa)
Trademark Owners Just Can’t Win Keyword Advertising Cases–EarthCam v. OxBlue
Want To Know Amazon’s Confidential Settlement Terms For A Keyword Advertising Lawsuit? Merry Christmas!
Florida Allows Competitive Keyword Advertising By Lawyers
Another Keyword Advertising Lawsuit Unceremoniously Dismissed–Infostream v. Avid
Another Keyword Advertising Lawsuit Fails–Allied Interstate v. Kimmel & Silverman
More Evidence That Competitive Keyword Advertising Benefits Trademark Owners
Suing Over Keyword Advertising Is A Bad Business Decision For Trademark Owners
Florida Proposes to Ban Competitive Keyword Advertising by Lawyers
More Confirmation That Google Has Won the AdWords Trademark Battles Worldwide
Google’s Search Suggestions Don’t Violate Wisconsin Publicity Rights Law
Amazon’s Merchandising of Its Search Results Doesn’t Violate Trademark Law
Buying Keyword Ads on People’s Names Doesn’t Violate Their Publicity Rights
With Its Australian Court Victory, Google Moves Closer to Legitimizing Keyword Advertising Globally
Yet Another Ruling That Competitive Keyword Ad Lawsuits Are Stupid–Louisiana Pacific v. James Hardie
Another Google AdWords Advertiser Defeats Trademark Infringement Lawsuit
With Rosetta Stone Settlement, Google Gets Closer to Legitimizing Billions of AdWords Revenue
Google Defeats Trademark Challenge to Its AdWords Service
Newly Released Consumer Survey Indicates that Legal Concerns About Competitive Keyword Advertising Are Overblown

Twitter Gets Powerful Win in “Must-Carry” Lawsuit–Taylor v. Twitter

This is one of several lawsuits brought by disseminators of anti-social content (in this case, white supremacist content) seeking to prevent social media providers from cutting them off. In June, the lower court surprisingly rejected Twitter’s dismissal motion for the unfair competition claim. I didn’t blog that ruling because it clearly wasn’t the final word (plus, it was just a hearing transcript). Twitter sought a writ of mandate from the appeals court–an extraordinary request which courts are reluctant to grant. In another surprise twist, yesterday the appeals court granted Twitter’s request (without even inviting the plaintiff’s response) and told the lower court to dismiss the case unless it can better justify its ruling. I doubt the lower court can convince the appellate court to reverse this opinion, so this appellate ruling almost likely force a plaintiff appeal.

The court correctly treats this as an easy Section 230 case. Consistent with the modern trend post-Sikhs for Justice v. Facebook, the court treats users’ posts as third party content to Twitter, so 230(c)(1) applies instead of 230(c)(2).

The only 230(c)(1) element at issue is whether the claim treats Twitter as a publisher. The court says “California courts have held that a service provider’s decision ‘to restrict or make available certain material–is expressly covered by Section 230′” (citing Doe II v. MySpace, with additional cites to Fields v. Twitter, Riggs v. MySpace, Cohen v. Facebook, and Sikhs for Justice). The court also cites language from the Roommates.com en banc ruling that “any activity that can be boiled down to deciding whether to exclude material that third parties seek to post online is perforce immune under Section 230.”

The plaintiffs argued that the unfair competition claim is based on Twitter’s marketing collateral. The court responds that Section 230 protects publishing third party content regardless of how plaintiffs plead the claim. “Here, the duties real parties allege Twitter violated derive from its status or conduct as publisher because petitioner’s decision to suspend real parties’ accounts constitutes publishing activity” (cite to Cohen v. Facebook and Fields v. Twitter, with a backup cite to Hassell v. Bird).

This ruling has several powerful implications. First, it is a reminder that Section 230 sometimes applies to an Internet service’s marketing claims that relate to their publication of third party content–even where the defendant allegedly violated its own promises. This is not an unprecedented outcome (see, e.g., Milo v. Martin), but it may be counter-intuitive. Second, it highlights how Section 230 cuts across all claims, so the plaintiff’s pleading decisions shouldn’t matter. Third, this is the first opinion I’ve seen citing the California Supreme Court’s Hassell v. Bird ruling, and the court treated it as a strong endorsement of Section 230 despite the murkiness of the four opinions.

I’ll  remind you of the high stakes of this and similar lawsuits: the plaintiffs seek to eliminate Twitter’s discretion to shut down purveyors of anti-social content, and other trolls, on its site. If Twitter and other social media providers are defenseless against the trolls, their services will become unusable overnight. So this lawsuit and related suits are existential battles for the social media defendants and all of us who currently enjoy those services. And please please please don’t buy into the trope that these suits seek to vindicate users’ “free speech” rights. Instead, these lawsuits seek to negate the social media providers’ First Amendment-protected Freedom of the Press, so they actually reflect deeply censorious agendas. For more, see my essay, Of Course the First Amendment Protects Google and Facebook (and It’s Not a Close Question).

I got the following statement from Prof. Adam Candeub, one of Taylor’s lawyers:

We certainly regret that the Court of Appeals did not give us the opportunity to respond to Twitter’s petition—and the amicus brief from Google, Snap, Yelp et al. Certainly, given the forces arrayed against our client, that would seem a reasonable approach.

The Court of Appeals action stands in direct contradiction to established precedent as found in cases such as Demetriades v. Yelp, Inc., 228 Cal.App.4th 294 (2014). And, we are confident that once we are given the chance for a full and fair hearing, the opinion of the Superior Court will be upheld.

Case citation: Twitter v. Superior Court ex rel Taylor, A154973 (Cal. App. Ct. Aug. 17, 2018)

Selected Prior  Posts:

Twitter Isn’t a Shopping Mall for First Amendment Purposes (Duh)–Johnson v. Twitter
YouTube Isn’t a Company Town (Duh)–Prager University v. Google
Yelp, Twitter and Facebook Aren’t State Actors–Quigley v. Yelp
What Would a Government-Operated Search Engine Look Like in the US?
Facebook Not Liable for Account Termination–Young v. Facebook
Search Engines Defeat Must-Carry” Lawsuit–Langdon v. Google
Online User Account Termination and 47 U.S.C. §230(c)(2)
* Of Course the First Amendment Protects Google and Facebook (and It’s Not a Close Question)

Recent Developments Regarding the California Consumer Privacy Act

This post recaps some recent developments related to the California Consumer Privacy Act (which I’m still calling CCPA despite the IAPP’s effort to brand it CaCPA).

The Technical Amendments Bill

The technical amendments bill is SB 1121. The bill would do things like change “act” to “title,” “opt out” to “opt-out” and “business’” to “business’s,” so that should give you some sense of its value. For reasons that aren’t clear, the technical amendments bill misses dozens of obvious and outright errors, including most of the ones I flagged in my prior post. Some of the more noteworthy changes:

  • It would strike the surplusage after 1798.100(e).
  • It would add: “The rights afforded to consumers and the obligations imposed on any business under this title shall not be construed to infringe on the business’s speech rights that state or federal courts have recognized as noncommercial speech, including political speech and journalism.” I think this activity isn’t covered by the statute anyway, but the fear behind this insertion shows the massive and unpredicted reach of the law.
  • It would expressly specify that the private cause of action only applies to data breaches (more on this below).

Overall, this bill is better than nothing, but it represents less than 1% of the obviously needed changes to the bill. I’m hoping more changes will be folded in before passage.

Coalition Letter

A large coalition of business groups wrote a 20 single-spaced page letter to the California legislature about the law. The letter makes the following 23 requests (and more):

  • delay implementation until 12 months after the AG’s rule-making. This is a very sensible request because the AG’s rules could be quite complex and wide-ranging, and it will potentially take substantial time for businesses to accommodate the regulations. We recently saw a lot of avoidable angst with last minute “guidance” for both the GDPR and COPPA, and a 12 month window would reduce that angst.
  • strengthen the preemption of any local privacy laws
  • narrow the definition of “consumer” to exclude employees, contractors, and business contacts. The letter gives a great example that theoretically, thelaw currently permits an employee to demand expungement of evidence of sexual harassment from company records.
  • narrow the definition of “personal information” to information “linked or reasonably linkable” to a particular consumer; exclude references to household, devices, and family; explicitly exclude deidentified, aggregate, and pseudonymized consumer information; and strip out numerous specific items in the definition (including, for example, the references to “thermal” and “olfactory” information). They also propose cleaning up the garbled discussion about “publicly available” information. All of these changes are good, but I expect this will be a hotly contested topic.
  • expand the scope of “deidentified” information.
  • clarify that businesses won’t be required to keep information longer than they want. This is an interesting reading of the statute–that they think some language in the law counterproductively mandates data retention.
  • remove the obligation to disclose “specific pieces” of information back to consumers. This request would negate data portability.
  • limit the restrictions on price discrimination. I believe these changes are designed to gut it sub silento. Even that may not go far enough. Honestly, the whole price discrimination provisions should be expressly put in the dumpster fire depicted above.
  • allow targeted advertising if the advertiser doesn’t get any personal information. The letter claims it was never the privacy proponents’ intent to restrict targeted ads, but that doesn’t sound credible to me.
  • allow consumers to choose middle-ground opt-outs of data sales, not just all or nothing.
  • categorically limit the law’s applicability to businesses’ efforts to “prevent or detect identity theft, fraud, other criminal activity, or verify identities,” and allow data sales for those purposes. This is a pretty substantial loophole.
  • expand the statutory exclusion for compliance with other laws to include “the ability of a business contracted to collect, use, or provide personal information in order to assist another business or a government agency to comply,” and tone down the language that yields only in the face of “conflicts” with other laws. The last two bullets seem to be driven by the banks. However, the letter also makes a good point about HIPAA, which regulates both “covered entities” and “business associates” but only excludes HIPAA’s provisions on “covered entities.” (Oops).
  • limit any obligations that require businesses to “divulge information that the business reasonably believes would jeopardize the security of the business or public safety.” Another pretty big loophole.
  • strike language about a business’ willfulness towards a user’s age. This is in the same paragraph where the statute has the defect about 13 yr olds vs. 16 yr olds, but remarkably the letter doesn’t address it.
  • negate strict liability for data sales by third parties who haven’t gotten notice of the consumer’s opt-out.
  • allow businesses to ask consumers to opt-back-into data sales more frequently than 12 months if the consumer deletes his/her data. This is a logical request because the business doesn’t have a way to know these folks opted-out (they deleted their data), but there’s still a bit of irony here.
  • give businesses up to 45 days to honor opt-out requests. CAN-SPAM says 10 business days, and even that seems pretty long in the modern age (at least for large companies), so 45 days appears to be an inflated number for negotiating purposes.
  • remove all references to data portability. The letter claims the proponents had already agreed to this. Color me skeptical about that claim.
  • remove the requirement to have a toll-free number for opt-outs and provide more flexible options for the opt-out.
  • narrow the definition of “home page” so it’s not every web page. Good one–I missed this pretty bad drafting error!
  • remove the prohibition on requiring consumers to register in order to opt-out. This punts the issue to the AG rule-making.
  • make it clearer that the private right of action only applies to data breaches, not other parts of the law. I believe everyone has agreed to this. The technical amendments bill has a sentence reflecting this objective, but it’s not exactly the language requested by the coalition.
  • clarify that data breaches only apply to “nonencrypted and nonredacted personal information,” not “or.”

Public interest groups wrote their own letter contesting these requests, especially noting their disagreement about the data portability issue. They did propose some technical corrections:

  • The 13 yr old/16 yr old issue, which they propose to read “between 13 and 15”
  • Companies should not have to collect additional info to comply with the law
  • They agree with the “nonencrypted and nonredacted personal information” correction
  • Some clarification of “deidentified” information.

EFF’s Proposals

This is one of the first times I’ll publicly disagree with the EFF, but I completely disagree with their statement that “There’s a lot to like about the Act.” It reminds me of the line from the Princess Bride: “I wonder if he is using the same wind we are using?” Are they reading the same text I’m reading? The EFF’s proposed changes include the following:

  • Change the default from allowing data collection to requiring consumer opt-in.
  • Allow more granular disclosures of information collected about consumers.
  • Address data portability when multiple people are identifiable from the same content item (such as a photo of two people) and one of the folks has restricted content visibility.
  • Require consumer opt-in before companies share consumer data, even if the sharing isn’t financially motivated.
  • Tighten up the price non-discrimination provisions. As I mentioned, they should be deleted, not strengthened.
  • Create a private cause of action for breaches of the entire statute, not just data breaches

I vigorously and completely oppose ALL of these proposals. I still love the EFF and support it as a paying member (and I encourage you to do the same).

The New York Times Magazine Article: “The Unlikely Activists Who Took On Silicon Valley — and Won

Anyone who still portrays this law as targeting “Silicon Valley” or the “technology community” or “Google/Facebook” is an idiot. It will hurt taco stands in Calexico more than it will hurt Google or Facebook. The entire article is framed this way, making me wonder if the reporter ever actually read the law or understands it even today.

This article is the fawning and unquestioning history of the law we all knew was coming. Mactaggart and Ashkan Soltani get the most love. I thought this line was telling: “Mactaggart and Soltani imagined their rules to be comparatively light-touch.” This law is a privacy bomb being dropped on the California economy, so viewing it as “light touch” is a good indicator of their echo-chamber!

In particular, the article doesn’t question the initiative procedure as the route to passage, treating it more as a good thing than a hack on democracy. For example, the article says “It began to dawn on at least some people that Mactaggart’s vote might be the most important one.” This isn’t a good thing for democracy, is it? Or this line: “Soltani wryly pointed out that Mactaggart had offered Silicon Valley a take-it-or-leave-it privacy policy — the same kind that Silicon Valley usually offered everyone else.” If you’re a privacy advocate, this is a cute irony. If you’re a fan of democracy, this is chilling.

Here’s another good example of the article’s unquestioning discussion about the law’s overreach: “‘Under this law, the attorney general of California will become the chief privacy officer of the United States of America,’ Mactaggart argued.” I wonder how voters in the 49 other states feel about that?

The article doesn’t answer the most important question: why does the drafting differ so much from the GDPR? It simply says “Mactaggart was wary of proposing a sweeping law like the European Union’s General Data Protection Regulation, or G.D.P.R., fearing that Californians would find it mystifying and reject it.” Perhaps that’s true, but the deviation imposes enormous extra costs on California businesses for no clear benefit.

The article also doesn’t explain who outside of the echo chamber reviewed and commented on the bill text before it was submitted as an initiative. One possible explanation is that no skeptic actually commented on the initiative text before it was finalized. That would explain a lot of the obvious drafting problems.

More Suggestions for Corrections/Changes

In a prior post, I laid out dozens of typos and ambiguities. I’ve collected a few more since then:

  • In light of the overlap, the legislature should repeal the private right of action in the existing data breach law in 1798.80.
  • Similarly, the legislature should repeal the existing Shine the Law law (1798.83 and associated sections) due to the overlap and inconsistencies.
  • I quote this next issue/correction from an email sent to me by David Navetta:

The statute says (emphasis added):

(2) For purposes of this title, a business does not sell personal information when…

(D) The business transfers to a third party the personal information of a consumer as an asset that is part of a merger, acquisition, bankruptcy, or other transaction in which the third party assumes control of all or part of the business provided that information is used or shared consistently with Sections 1798.110 and 1798.115. If a third party materially alters how it uses or shares the personal information of a consumer in a manner that is materially inconsistent with the promises made at the time of collection, it shall provide prior notice of the new or changed practice to the consumer. The notice shall be sufficiently prominent and robust to ensure that existing consumers can easily exercise their choices consistently with Section 1798.120. This subparagraph does not authorize a business to make material, retroactive privacy policy changes or make other changes in their privacy policy in a manner that would violate the Unfair and Deceptive Practices Act (Chapter 5 (commencing with Section 17200) of Part 2 of Division 7 of the Business and Professions Code).

We may have an ambiguity and a timing issue here. Generally, this section is trying to say that the disclosure of personal information a business holds when it is bought by another business is not a sale (and therefore a consumer could not opt out of it).  However, that is the case only if the personal information is “used or shared consistently with Sections 1798.110 and 1798.115.” The carve out then goes into some details concerning third parties and uses beyond what was contemplated at the time of collection.

As to the ambiguity, Sections 1798.110 and 1798.115 do not, in large part, substantively address how a business may use or share information. Rather, sections 1798.110 and 1798.115 address how a business must disclose information to a consumer in response to a request (to exercise their rights). Section 1798.115 is the only section that discussed use and sharing of personal information, and it does so in a very narrow fashion.  It states that businesses are allowed to use a consumer’s personal information to respond to the request; and it also prohibit a third-party from selling personal information absent notice and the consumer’s right to opt-out of such sale, id. at § 1798.115(d). Therefore, it is not clear how a third party can use or share information consistently with Section 1798.110 at all, and for 1798.115 it appears that the only issue is to refrain from selling personal information without an opt-out.

As to timing, when a sale of a business is consummated how will the target company know what the buyer plans to do with the personal information in the future?  Does the target have to get some sort of assurance that the buyer will only use and share the information in a manner consistent with the 1798.110 and 1798.115?  And if it does not may a consumer opt out of the disclosure (because it becomes a “sale”?).

By the way, the language that details with third parties must do to material alter how it uses or shares personal information appears to contradict the outright prohibition I’ve highlighted in bold.

* * *

Related Posts

The California Consumer Privacy Act Should Be Condemned, Not Celebrated
A First (But Very Incomplete) Crack at Inventorying the California Consumer Privacy Act’s Problems
Ten Reasons Why California’s New Data Protection Law is Unworkable, Burdensome, and Possibly Unconstitutional (Guest Blog Post)
A Privacy Bomb Is About to Be Dropped on the California Economy and the Global Internet
An Introduction to the California Consumer Privacy Act (CCPA)

Negative Keywords Help Defeat Preliminary Injunction–DealDash v. ContextLogic

DealDash and Wish are e-commerce vendors. For a while, Wish offered a service called “Deal Dash” for time-limited bargains. Immediately after DealDash sued, Wish renamed its service “Bargain Blitz” and pulled the “DealDash” term from all advertising. DealDash still pressed for a preliminary injunction that restricted, among other things, using “DealDash” as keyword ad triggers in search engines and app stores.

Wish submitted an affidavit that it had blocked “DealDash” or “Deal Dash” as negative keywords in AdWords. The court responds:

defendant has offered unchallenged evidence showing not only that it has included “Deal Dash” and “DealDash” as “negative keywords,” but that its past use of the “Deal Dash” term “would have occurred only if Google’s own algorithm had included [it]…or if Google had suggested” the term to defendant; the term “was not sought out” by defendant. In light of the above, even assuming defendant’s past use amounted to infringement, defendant has clearly shown it cannot “reasonably be expected” to use “Deal Dash” or “DealDash” as Internet search keywords in the future

With respect to the app store, the court says that the defendant can’t control organic search results:

Kathiresan, in his declaration, avers defendant “does not use the term ‘DealDash’ or ‘Deal Dash’ as a search advertising keyword,” and, as defendant points out, the results for defendant’s apps, as shown in plaintiffs’ exhibits, do not include an “Ad” icon, which is displayed when a result is generated by way of the app’s “own search advertising.” The inclusion of defendant’s apps in the search results, Kathiresan avers, is due to “Apple’s or Google’s proprietary algorithm,” which determines “what apps appear in the app store search results and how they are ranked among the search results.” Given such unchallenged evidence, plaintiffs have failed to show defendant is currently, or will in the future, use “DealDash,” or any confusingly similar variation thereon, as a search keyword in the app stores.

I’d like to know more about why Wish adopted DealDash in the first instance (did they do an imperfect trademark search? Did they hope the plaintiff wouldn’t notice or care?). However, in light of the defendant’s instant crumple in response to the lawsuit, the case avoids the bigger issue of whether use of DealDash as a keyword ad trigger constituted trademark infringement. Instead, the defendant’s move to negative keywords seemed well-designed to assuage the judge’s concern and (ideally) put this incident behind everyone. If you’re a defendant who’s going to fold in the face of a trademark owner threat, negative keywords seems like a way to defang the plaintiff.

Case citation: DealDash OYJ v. ContextLogic, Inc., 2018 WL 3820654 (N.D. Cal. Aug. 10, 2018)

Other blog posts discussing negative keywords:

* Interesting Tidbits From FTC’s Antitrust Win Against 1-800 Contacts’ Keyword Ad Restrictions
FTC Explains Why It Thinks 1-800 Contacts’ Keyword Ad Settlements Were Anti-Competitive–FTC v. 1-800 Contacts
FTC Sues 1-800 Contacts For Restricting Competitive Keyword Advertising
Court Orders Uber To Control Its Google Search Results
What Are Trademark Defendants’ Obligations to Clean Up the Internet After a Trademark Injunction?
* Injunction Requires Negative Keywords in Future Adwords Campaigns
Broad Matching Doesn’t Violate Injunction–Rhino Sports v. Sport Court

Bonus: I also note Safeway Transit LLC v. Discount Party Bus, Inc., 2018 WL 3831345 (D. Minn. Aug. 13, 2018). The court:

PERMANENTLY ENJOINED [the defendants] from using or contributing to the use of the “Rent My Party Bus” and “952 Limo Bus” trademarks or related domain names, keywords, or hashtags in connection with the advertisement, marketing, or sale of transportation services.

This ruling was scrambled by the fact that the defendants actually used the trademarks before the plaintiffs did, but the court said the defendants didn’t achieve secondary meaning and then abandoned their use when the plaintiffs started using the terms. So the court said that it didn’t harm the defendants to enjoin them given their abandonment (further complicated by the fact that the parties had tangled in court previously). Also, the court’s discussion only addressed the defendants’ display of the trademarks on its website, not the AdWords usage, so the injunction’s extension to keywords wasn’t explained. Finally, the court didn’t award any damages or attorneys’ fees, so I wonder if this was an good economic outcome for the plaintiffs. Still, it’s never good when a court weaponizes such highly descriptive terms like “Rent My Party Bus” and “952 Limo Bus.”

More Posts About Keyword Advertising

The Florida Bar and Competitive Keyword Advertising: A Tragicomedy (in 3 Parts)
Another Court Says Competitive Keyword Advertising Doesn’t Cause Confusion
Competitive Keyword Advertising Doesn’t Show Bad Intent–ONEpul v. BagSpot
Brief Roundup of Three Keyword Advertising Lawsuit Developments
Interesting Tidbits From FTC’s Antitrust Win Against 1-800 Contacts’ Keyword Ad Restrictions
1-800 Contacts Charges Higher Prices Than Its Online Competitors, But They Are OK With That–FTC v. 1-800 Contacts
FTC Explains Why It Thinks 1-800 Contacts’ Keyword Ad Settlements Were Anti-Competitive–FTC v. 1-800 Contacts
Amazon Defeats Lawsuit Over Its Keyword Ad Purchases–Lasoff v. Amazon
More Evidence Why Keyword Advertising Litigation Is Waning
Court Dumps Crappy Trademark & Keyword Ad Case–ONEPul v. BagSpot
AdWords Buys Using Geographic Terms Support Personal Jurisdiction–Rilley v. MoneyMutual
FTC Sues 1-800 Contacts For Restricting Competitive Keyword Advertising
Competitive Keyword Advertising Lawsuit Will Go To A Jury–Edible Arrangements v. Provide Commerce
Texas Ethics Opinion Approves Competitive Keyword Ads By Lawyers
Court Beats Down Another Competitive Keyword Advertising Lawsuit–Beast Sports v. BPI
Another Murky Opinion on Lawyers Buying Keyword Ads on Other Lawyers’ Names–In re Naert
Keyword Ad Lawsuit Isn’t Covered By California’s Anti-SLAPP Law
Confusion From Competitive Keyword Advertising? Fuhgeddaboudit
Competitive Keyword Advertising Permitted As Nominative Use–ElitePay Global v. CardPaymentOptions
Google And Yahoo Defeat Last Remaining Lawsuit Over Competitive Keyword Advertising
Mixed Ruling in Competitive Keyword Advertising Case–Goldline v. Regal
Another Competitive Keyword Advertising Lawsuit Fails–Infogroup v. DatabaseLLC
Damages from Competitive Keyword Advertising Are “Vanishingly Small”
More Defendants Win Keyword Advertising Lawsuits
Another Keyword Advertising Lawsuit Fails Badly
Duplicitous Competitive Keyword Advertising Lawsuits–Fareportal v. LBF (& Vice-Versa)
Trademark Owners Just Can’t Win Keyword Advertising Cases–EarthCam v. OxBlue
Want To Know Amazon’s Confidential Settlement Terms For A Keyword Advertising Lawsuit? Merry Christmas!
Florida Allows Competitive Keyword Advertising By Lawyers
Another Keyword Advertising Lawsuit Unceremoniously Dismissed–Infostream v. Avid
Another Keyword Advertising Lawsuit Fails–Allied Interstate v. Kimmel & Silverman
More Evidence That Competitive Keyword Advertising Benefits Trademark Owners
Suing Over Keyword Advertising Is A Bad Business Decision For Trademark Owners
Florida Proposes to Ban Competitive Keyword Advertising by Lawyers
More Confirmation That Google Has Won the AdWords Trademark Battles Worldwide
Google’s Search Suggestions Don’t Violate Wisconsin Publicity Rights Law
Amazon’s Merchandising of Its Search Results Doesn’t Violate Trademark Law
Buying Keyword Ads on People’s Names Doesn’t Violate Their Publicity Rights
With Its Australian Court Victory, Google Moves Closer to Legitimizing Keyword Advertising Globally
Yet Another Ruling That Competitive Keyword Ad Lawsuits Are Stupid–Louisiana Pacific v. James Hardie
Another Google AdWords Advertiser Defeats Trademark Infringement Lawsuit
With Rosetta Stone Settlement, Google Gets Closer to Legitimizing Billions of AdWords Revenue
Google Defeats Trademark Challenge to Its AdWords Service
Newly Released Consumer Survey Indicates that Legal Concerns About Competitive Keyword Advertising Are Overblown

An Update on the Constitutional Court Challenge to FOSTA–Woodhull Freedom v. US (Guest Blog Post)

by guest blogger Alex F. Levy

Following the initial filings in Woodhull v. Sessions (summarized here), defendants filed a combined opposition to the motion for preliminary injunction and motion to dismiss (Dkt #16) on July 12th, 2018. Plaintiffs then filed a reply to the opposition to the motion for preliminary injunction (Dkt #17) on July 17th; the court held a motion hearing on July 19th, and plaintiffs filed a response to the motion to dismiss (Dkt #19) on July 26th. The plaintiffs and defendants each submitted supplemental briefings on August 6th (Dkts #21, #22). What follows is a summary of some (but not all) issues raised.

Do plaintiffs have standing to seek to enjoin FOSTA?

Plaintiffs are bringing a pre-enforcement challenge to FOSTA, which requires them to show that FOSTA is actually injuring them (as opposed to causing injury to others, or in the abstract). Because self-censorship is a cognizable harm, courts have found standing for plaintiffs reacting to a “threat [that] is latent in the existence of [a] statute” and whose conduct merely “arguably falls within the statute.” (Plaintiffs’ Opposition to Motion to Dismiss, Dkt #19, pp 4-5). In other words, the plaintiffs only need to prove that theirs is a plausible interpretation of the statute (and that under this plausible interpretation, they fear prosecution).

The government’s response has been to repeatedly reassure plaintiffs that they would not prosecute plaintiffs for their actions — a reassurance that the plaintiffs note is “gratifying but legally meaningless.” (See Supplemental Brief in Support of Plaintiffs’ Motion for Preliminary Injunction, Dkt #22, p 8). Elsewhere, the government claims that it not only would not prosecute them, but could not, claiming that “the statute on its plain terms does not reach the conduct described by Plaintiffs.” (See Defendants’ Reply in Support of Motion to Dismiss and Supplemental Motion Hearing Brief, Dkt #21, p 11). But this claim is fundamentally undermined by the government’s misunderstanding of what, exactly, plaintiffs are doing.

While the government claims that “none of [the plaintiffs’] activities would subject someone to liability under 18 U.S.C. § 2421A,” or any provision of FOSTA, the government’s reassurance is based on their misplaced perception that plaintiffs are, in fact, not working to promote or facilitate prostitution. (Defendants’ Opposition to Plaintiffs’ Motion for Preliminary Injunction and Motion to Dismiss Plaintiffs’ Complaint, Dkt #16, p 10). “Helping sex workers find appropriate service providers no more facilitates prostitution than rehabilitation services facilitate drug trafficking.” (Dkt #16, p 14). That may be true, but what at least one plaintiff aims to do is help sex workers engage in sex work more safely — the analogy, here, would not be to getting rehab treatment, but rather access to safer drugs. As plaintiffs point out in their reply to the opposition to the motion for preliminary injunction, the government “disregards the pleaded facts that Plaintiffs Woodhull, HRW, and Andrews intend to make sex work safer, and thus easier, raising the legitimate concern they will be found to have intended to ‘facilitate’ prostitution as that term is used in FOSTA.” (Plaintiffs’ Reply to Opposition to Motion for Preliminary Injunction, Dkt #17, p 15).

The government also notes the similarity between FOSTA and existing statutes — namely, the Travel Act, which prohibits the use of the internet to “promote, manage, establish, carry on, or facilitate the promotion, management, establishment, or carrying on, of any unlawful activity,” including “prostitution offenses in violation of the laws of the State in which they are committed or of the United States.” (18 U.S.C. § 1952(a)(3), (b)). Because no one like the plaintiffs have faced prosecutions under the Travel Act, the government argues, they cannot credibly fear prosecution under FOSTA. (See Dkt #16, p 13).

In fact, this overstates the similarity between the Travel Act and 2421A. The Travel Act, unlike 2421A, requires that a defendant actually follow up on the crime (or attempt to do so). (See 18 U.S.C. § 1952(a)(3).) FOSTA’s 2421A, on the other hand, potentially criminalizes speech totally untethered from any follow-up crime. Indeed, while both the Travel Act and 2421A both criminalize certain activities associated with the promotion or facilitation of prostitution, only the Travel Act contextualizes these verbs in such a way as to limit its scope to speech in furtherance of criminal transactions. (See Dkt #19, p 48). Thus, the fact that the Travel Act has never been used to prosecute anyone like the plaintiffs is not a surprise — nor does it actually mean that plaintiffs could not be prosecuted under FOSTA, which touches on a far broader amount of speech.

Furthermore, FOSTA, unlike the Travel Act (or any other statute mentioned by either side), does not restrict itself to speech related to illegal prostitution. Rather, it relies on an affirmative defense — that is, it shifts the burden to the defendant to prove that the promotion at issue “was targeted” “where” “the promotion or facilitation of prostitution is legal.” This is wholly different from a law (like the Travel Act) which is restricted to speech associated with illegal activity (and which, as noted, only affects speech directly proposing illegal acts). An affirmative defense does not do the work of a statutory exception; in fact, the Supreme Court has recognized that “serious constitutional difficulties [are raised by a law] seeking to impose on the defendant the burden of proving his speech is not unlawful.” (Ashcroft v. Free Speech Coalition, 535 U.S. 234, 255 (2002).)

To put things more concretely, 2421A reaches “owning, managing, or operating an interactive computer service” with an intent to promote or facilitate the prostitution of another, unless the defendant can prove that he was “target[ing] [his] promotion” to a specific jurisdiction in which “the promotion or facilitation of prostitution is legal.” It seems that a defendant who was merely acting to generally promote or facilitate the prostitution of others — say, by promoting measures that would improve sex workers’ general well being — could not satisfy the affirmative defense. Perversely, this would have the effect of censoring speech in proportion to how abstract it is. It seems that plaintiffs — three of whom engage in anti-trafficking or sex-work advocacy they fear might be construed as promoting prostitution — have expressed a fear that is consistent with the text of the statute.

(The claim that “section 2421A is more narrowly drawn even than the Travel Act because the latter requires only that prostitution generally be illegal in the relevant jurisdiction, but the former also mandates that the specific acts of promotion or facilitation of prostitution be illegal in order to avoid the affirmative defense of section 2421A(e)” is unavailing. (Defendants’ Reply in Support of Motion to Dismiss and Supplemental Motion Hearing Brief, Dkt #21, p 8). As noted, the affirmative defense is not akin to a statutory exception, as it shifts the burden to the defendant to prove his innocence on the element of the crime. If 2421A were rewritten to only include the promotion or facilitation of prostitution “targeted” “where” promotion and facilitation are illegal, a different (and interesting) set of questions would be raised, including under Greater New Orleans Broadcasting Assn., Inc. v. United States, 527 U.S. 173 (1999). But those are not the issues here.)

Does FOSTA force plaintiffs to choose between following the law and exercising their constitutional rights?

Plaintiffs allege that the new law exposes them to legal liability for engaging in constitutionally-protected activities. (See Dkt #19, pp 15-16.). Three of the five plaintiffs are engaged in anti-trafficking or sex-work advocacy, and fear that their work could be construed as violative of 18 U.S.C. 2421A (FOSTA’s prohibition on owning, managing, or operating a website with the intent to promote prostitution of another) or 18 U.S.C. 1591 (which, as of FOSTA’s enactment, criminalizes knowingly benefiting from knowingly supporting an entity that knowing advertises a minor’s sexual services). (The fourth plaintiff is a massage therapist who has had difficulty advertising since the enactment of FOSTA, and the fifth is the Internet Archive, which crawls and archives the Internet, and offers permanent access to certain digital materials. The standing issues raised by these final two are distinct, and outside the scope of this post.)

As noted, if FOSTA restricts speech, at least these three plaintiffs would seem to have standing: FOSTA forces them to choose between following the law and exercising their constitutional rights. But a question that came up at the hearing, and that was subsequently addressed in supplemental filings, was: does FOSTA actually burden speech? More specifically, is a law against owning, managing or operating a website actually akin to a law regulating the content of material transmitted on such a website? The government argues that “18 U.S.C. 2421A, regulates conduct (i.e., owning, managing, or operating an interactive computer service with the intent to promote or facilitate the prostitution of another person), not speech,” and that the law should therefore not be subject to strict scrutiny. (Dkt #21, p 21).

Plainly, the answer is yes. 2421A is legally indistinguishable from a restriction on the speech itself. As plaintiffs point out in their supplemental filing, this is akin to a criminal law prohibiting the ownership, management, or operation of a printing press for the purpose of communicating a particular idea. (See Dkt #22, p 2). One may draw an even more direct analogy to a hypothetical law outlawing the ownership, management, or operation of a website for the purpose of promoting a socialist agenda, or for the purpose of promoting the political candidacy of another, to see the triviality of the distinction between a regulation of the ownership/ management/ operation and the speech itself.

To be sure, the government also argues that the underlying speech is not protected — that is, this is more akin to a hypothetical law outlawing the ownership, management, or operation of a website for the purpose of planning terrorist attacks. But whether FOSTA reaches protected speech is a distinct question from whether it reaches speakers. Assuming, for the moment, that it does reach protected speech — that is to say, assuming that a law directly prohibiting “the promotion or facilitation of the prostitution of another” would be unconstitutional — then so is a law prohibiting the ownership, management, or operation of a website for this same purpose.

To dive into that question — does FOSTA impermissibly burden speech protected under the First Amendment? Again, the answer is clearly yes. The government argues that FOSTA does not cover protected speech, because speech that merely proposes lawbreaking is not protected. “FOSTA only applies to promotion or facilitation of illegal conduct. As such, no speech subject to FOSTA qualifies as protected by the First Amendment.” (Dkt #16, p 15). But as plaintiffs repeatedly point out, that is simply false — FOSTA covers far more than just the narrow category of speech left unprotected due to its nexus to crime. “This, in a nutshell, is FOSTA’s overbreadth problem: FOSTA’s sweep is indeed ‘vast,’ but the government’s constitutional latitude for imposing restrictions on speech is far more constrained.” (Dkt #17, p 21)

(Bizarrely, defendants cite to an imaginary “Section 4(a)” that allegedly limits state prosecutions permitted by FOSTA to jurisdictions in which “promotion or facilitation of prostitution is illegal.” (Dkt #21, p 20). In fact, FOSTA’s amendment to Section 230, codified in 47 U.S.C. 230(e)(5)(c) addresses state prosecutions — but, aside from the fact that there is no Section 4(a), the lifting of Section 230 immunity for certain state prosecutions is a different issue, and its limitations have no bearing on the scope of possible federal prosecutions under 2421A.)

* * *

The parties await a ruling on the preliminary injunction and motion to dismiss. The most concerning issue, at this point, is the government’s apparent misunderstanding of what the plaintiffs, and many advocates like them, seek to do: namely, to engage in conduct prohibited under FOSTA. For reasons I have described elsewhere, violating FOSTA may be key to reducing trafficking — which is, allegedly, where this all started.

For the case filings and more, see the EFF case library.

More SESTA/FOSTA-Related Posts:

Indianapolis Police Have Been “Blinded Lately Because They Shut Backpage Down”
Constitutional Challenge Against FOSTA Filed–Woodhull v. US (Guest Blog Post)
Catching Up on FOSTA Since Its Enactment (A Linkwrap)
More Aftermath from the ‘Worst of Both Worlds FOSTA’
‘Worst of Both Worlds’ FOSTA Signed Into Law, Completing Section 230’s Evisceration
Backpage Loses Another Section 230 Motion (Again Without SESTA/FOSTA)–Florida Abolitionists v. Backpage
District Court Ruling Highlights Congress’ Hastiness To Pass ‘Worst of Both Worlds FOSTA’– Doe 1 v. Backpage
More on the Unconstitutional Retroactivity of ‘Worst of Both Worlds FOSTA’ (Guest Blog Post)
Senate Passes ‘Worst of Both Worlds FOSTA’ (Linkwrap)
Why FOSTA’s Restriction on Prostitution Promotion Violates the First Amendment (Guest Blog Post)
SESTA’s Sponsors Still Don’t Understand Section 230 (As They Are About to Eviscerate It)
Can the ‘Worst of Both Worlds FOSTA’ Be Salvaged? Perhaps…and You Can Help (URGENT CALL TO ACTION)
Congress Probably Will Ruin Section 230 This Week (SESTA/FOSTA Updates)
What’s New With SESTA/FOSTA (January 17, 2018 edition)
New House Bill (Substitute FOSTA) Has More Promising Approach to Regulating Online Sex Trafficking
* My testimony at the House Energy & Commerce Committee: Balancing Section 230 and Anti-Sex Trafficking Initiatives
How SESTA Undermines Section 230’s Good Samaritan Provisions
Manager’s Amendment for SESTA Slightly Improves a Still-Terrible Bill
Another Human Trafficking Expert Raises Concerns About SESTA (Guest Blog Post)
Another SESTA Linkwrap (Week of October 30)
Recent SESTA Developments (A Linkwrap)
Section 230’s Applicability to ‘Inconsistent’ State Laws (Guest Blog Post)
An Overview of Congress’ Pending Legislation on Sex Trafficking (Guest Blog Post)
The DOJ’s Busts of MyRedbook & Rentboy Show How Backpage Might Be Prosecuted (Guest Blog Post)
Problems With SESTA’s Retroactivity Provision (Guest Blog Post)
My Senate Testimony on SESTA + SESTA Hearing Linkwrap
Debunking Some Myths About Section 230 and Sex Trafficking (Guest Blog Post)
Congress Is About To Ruin Its Online Free Speech Masterpiece (Cross-Post)
Backpage Executives Must Face Money Laundering Charges Despite Section 230–People v. Ferrer
How Section 230 Helps Sex Trafficking Victims (and SESTA Would Hurt Them) (guest blog post)
Sen. Portman Says SESTA Doesn’t Affect the Good Samaritan Defense. He’s Wrong
Senate’s “Stop Enabling Sex Traffickers Act of 2017”–and Section 230’s Imminent Evisceration
The “Allow States and Victims to Fight Online Sex Trafficking Act of 2017” Bill Would Be Bad News for Section 230
WARNING: Draft “No Immunity for Sex Traffickers Online Act” Bill Poses Major Threat to Section 230
The Implications of Excluding State Crimes from 47 U.S.C. § 230’s Immunity

The California Consumer Privacy Act Should Be Condemned, Not Celebrated (Cross-Post)

[I initially published this with the IAPP. They are the ones that chose “CaCPA” over “CCPA.”]

For years, many privacy professionals yearned for a comprehensive U.S. privacy law. So when California enacted the California Consumer Privacy Act, a comprehensive privacy law, you’d expect the privacy community to cheer loudly. However, the celebration has been muted—for good reason. It’s impossible to cheer a terrible law that passed via a terrible procedure.

Here are some reasons why the law hasn’t been enthusiastically received:

The law covers too many enterprises. The law was supposed to curb the purportedly abusive privacy practices of internet giants (like Google and Facebook) and data brokers. Unfortunately, the law overshot this goal; it reaches most businesses, online or off. Facebook may have been the target, but the local pizzeria will bear the law’s brunt.

Specifically, the law reaches businesses that collect personal information from 50,000-plus consumers per year, regardless of revenue. This applies to businesses that accept credit cards from 137-plus unique customers per day, including Walmart, Amazon, and a typical frozen yogurt stand.

The law also reaches commercial online services that collect IP addresses from 137-plus unique visitors per day, including tiny websites. For example, my blog gets 50,000-plus visitors per year and makes about $400 per year in ad revenue, yet the law treats my blog like Google and Facebook. If the law doesn’t change, I’ll likely shut down ads and forego the associated revenue to avoid compliance costs that would vastly exceed my revenues.

The cost/benefit problem. CaCPA requires businesses to adopt a variety of nominally consumer-friendly offerings, such as letting consumers learn more about, and opt-out of, privacy-invasive practices. While this sounds like a win for consumers, businesses will pass along the compliance costs to consumers; or to the extent the law inhibits currently profitable practices, businesses will stop providing those services to consumers or find other ways to charge consumers more. Thus, consumers will pay for the CaCPA-mandated offerings one way or another, regardless of whether they value, or take advantage of, them. It’s not a question of whether consumers value privacy; the question is whether the law is a good value for them.

Duplicative CaCPA/GDPR compliance. Because the CaCPA’s requirements don’t track the EU General Data Protection Regulation, GDPR-compliant businesses will incur additional compliance costs. Perhaps the duplicative compliance has some benefits (other than to privacy professionals!), but it’s more likely the extra costs won’t make businesses or consumers better off.

Ends don’t justify the means. CaCPA’s path to approval sounds like a failure of democracy. A wealthy Californian spent $3 million to qualify a privacy initiative for the November 2018 ballot. The text was drafted behind closed doors without multi-stakeholder input. Not surprisingly, a wide range of constituencies considered that text unpalatable.

Once the initiative qualified for the ballot, the initiative sponsor made the California legislature an “offer” it couldn’t refuse: pass a bill like the initiative, or if California voters approve the problematic initiative text, the bad provisions would become functionally permanent and beyond legislative supervision. This sparked a one-week frenzy where a few lobbyists made minor changes to the initiative’s text, and then the legislature passed an important, incredibly long (10,000-plus words) and complex law without adequate scrutiny or public input.

Due to these process deficiencies, the law doesn’t reflect the will of many affected stakeholders. Instead, it was just the less-odious option in a Hobson’s Choice.

Worse, CaCPA’s procedural trick is instructive to other policy entrepreneurs with pet topics and money to burn. CaCPA’s success encourages these policy entrepreneurs—with potentially more dubious objectives—to similarly strong-arm the California legislature.

The law is riddled with mistakes. A law as lengthy and complicated as CaCPA requires careful editing. Because of its speedy approval process, the final bill has many wince-inducing errors — such as the counterproductive requirement that businesses publish all of their consumers’ personal information in their privacy policies (see 1798.110(c)(5)). CaCPA also has innumerable ambiguities, such as whether employees are defined as “consumers” or how “personal information” excludes “de-identified information.” I’ve detailed a fuller list of problems here.

Collectively, the law’s mistakes make it look like the legislature was moving too fast (it was) and did an amateurish job (you can form your own opinion about that). The avoidable and embarrassing mistakes make it impossible to respect the law or the process that produced it.

CaCPA isn’t a model for other states. It’s not even a model for California. Other states will be interested in using CaCPA as a model law. However, with its many drafting defects, CaCPA isn’t ready for prime-time in California, let alone anywhere else. Plus, the California economy is about to bear an unanticipated, expensive, and business-chilling burden as hundreds of thousands of businesses scramble to comply with CaCPA. Other states would be well-served to wait-and-see how California’s “experiment” goes before dropping a similar bomb on their economies.

Conclusion. There are many other unresolved questions about CaCPA, including its constitutionality. Even if CaCPA survives the inevitable constitutional challenges, it is bad policy resulting from an unacceptable process. Because of this, I don’t think the privacy community will ever fully embrace CaCPA, no matter how much it supports consumer privacy.

Related Posts

A First (But Very Incomplete) Crack at Inventorying the California Consumer Privacy Act’s Problems
Ten Reasons Why California’s New Data Protection Law is Unworkable, Burdensome, and Possibly Unconstitutional (Guest Blog Post)
A Privacy Bomb Is About to Be Dropped on the California Economy and the Global Internet
An Introduction to the California Consumer Privacy Act (CCPA)