June, 27th, 2018

By Robert D. Keeler and  Andrew E. Kerrick

Innovation often occurs much faster than the laws required to address the new social concerns they bring about. Often, this leads to a disconnect between law and society. For example, laws regarding horse travel became outdated once the automobile was introduced. Recently, this disconnect has focused on the power of data and its exploitation for technological innovation. Technology has become integrated into countless aspects of everyday life, like smartphones, digital assistants, social media, etc. While new technological inventions make our lives easier, people flock to gadgets without always considering what rights and data they are giving up.

For instance, Uber recently sought patent protection on a “Vehicle Management System” that recognizes if a ride-requesting user is drunk by analyzing criteria such as a user’s typing accuracy and how the user holds the phone.[1]  With this information, drivers can change the pickup location to somewhere better-lit, decline the pickup in favor of a driver with relevant training, or change the pickup in other ways.[2] While there are undeniable benefits to this idea, privacy experts are quick to scrutinize Uber’s use of these data. For example, there are concerns that Uber’s use could result in false positives, where Uber could easily mislabel a person with a physical disability (or even a malfunctioning cell phone) as a person who just finished a night-long bar crawl. These false positives are just one illustration of how companies can process user data to the users’ detriment, but allowing this type of use opens the door for other, more offensive and discriminatory uses.

Lately, however, governments have begun to protect users from tech companies overreaching in obtaining user data. Dominating recent international news are updates of Privacy Policies and developments relating to the European Union’s General Data Protection Regulation (“GDPR”). The GDPR gives EU citizens control over and protection for the data they share online. The GDPR came into effect on May 25, 2018, prompting countless companies to flood your inbox with updates to their data collection and processing practices to ensure compliance.[3] In fact, suits alleging GDPR violations against tech giants Facebook and Google have already been filed.[4] These suits will explore questions around the GDPR’s extraterritoriality (requiring compliance from jurisdictions outside of the EU) and whether EU governmental institutions must comply with the GDPR despite “legal reasons” to the contrary.[5]

Back in the United States, there’s a powerful privacy defender hard at work: The United States Supreme Court. Recently, the Court issued its opinion in Carpenter v. United States, where, in a 5-4 vote, the Court held that the police’s tracking of cellphone location data was unconstitutional.[6] The majority opinion heavily relied on United States v. Jones, especially Justice Sotomayor’s concurrence addressing technology and changing expectations of privacy. There, Justice Sotomayor suggested to reconsider “third-party doctrine” because it is “ill suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks.”[7] Sotomayor’s opinion seeks to bridge the gap between society’s rapid technological advancement and the sanctuary of the Fourth Amendment. But this ruling is long overdue. Though police have tracked cellphones for decades, the Supreme Court has only addressed this issue now.

There is a tradeoff between new technological features and legal requirements like the GDPR and Carpenter. Many of the most useful applications of technology, including those for completing “mundane tasks,” require users to share their personal information. But in the digital age, you can’t afford to be blasé about your data.

Takeaways: Though these protections lag and cannot be based on perfect analyses (given the evolving nature of technology’s interaction with society), people and companies can still be proactive in protecting themselves. As long and daunting as Terms of Use and Privacy Policies seem, users should look at them every now and then. If not, the risk of unknowingly giving away your private information increases. With frequent disruptive technological innovation, companies want to maximize the application of their inventions, and one of the best ways to do so is gathering data from their users. Take a look through updated policies so you know what you’re sharing, who you’re sharing it with, and what they do with it. Companies: ensure your privacy policies comply with applicable laws and regulations, especially if you haven’t done so in a while. However, with the growing awareness and discussion around privacy that parallels technological innovation, industry and the law will continue to evolve in the years to come.

WHIPgroup is leading counsel for U.S. and international technology companies. We specialize in patent and trademark law.

© 2018 Whitmyer IP Group, Stamford, Connecticut.

[1] http://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO2&Sect2=HITOFF&u=%2Fnetahtml%2FPTO%2Fsearch-adv.html&r=3&p=1&f=G&l=50&d=PG01&S1=uber.AANM.&OS=aanm/uber&RS=AANM/uber

[2] https://www.scmagazine.com/ubers-drunk-passenger-patent-could-be-a-privacy-nightmare-for-consumers/article/774229/

[3] https://www.forbes.com/sites/steveolenski/2018/06/20/the-common-sense-approach-to-gdpr/#6c0290ff1bcc

[4] https://www.theverge.com/2018/5/25/17393766/facebook-google-gdpr-lawsuit-max-schrems-europe

[5] https://businesslawtoday.org/2018/04/extraterritorial-scope-gdpr-businesses-outside-eu-need-comply/; https://abovethelaw.com/2018/06/eu-commission-violates-gdpr-claims-that-its-exempt-from-the-law-for-legal-reasons/

[6] Carpenter v. United States, 2018 WL 3073916 (U.S. 2018).

[7] United States v. Jones, 565 US 400, 417 (2012).

© Copyright 2018 Whitmyer IP Group