Archive: In the News
Tabloid Hired Gun Tells of Shady Hunt for Meghan Markle Scoops
The New York Times, March 18, 2021 by Sarah Lyall and Mark Landler
Mr. Portley-Hanks logged in to TLOxp, a service with a vast database of restricted information about individuals and businesses, and pulled up a trove of details — home addresses, cellphone numbers, Social Security numbers and more — about Ms. Markle, her parents, her siblings and her ex-husband. He then sold it to the U.S. editor, James Beal, for $2,055, according to an invoice reviewed by The New York Times.
Licensed private investigators like Mr. Portley-Hanks have the right to access such information on behalf of clients to use, for example, in civil and criminal cases. But it is a violation of U.S. privacy statutes for people to pass these reports on to news organizations. (U.S. news outlets can research some information on TLOxp and similar services, but only have access to a limited set of data.)
“There’s lots of things you can use these reports for — but not this,” said Paul M. Schwartz, an expert in privacy law and professor at Berkeley Law School.
Opinion: Regulating Big Tech Will Be Hard, and California Is Proving It
MarketWatch, January 2, 2021 by Therese Poletti
“CCPA really changed a lot, for California law, and for the world,” said Paul Schwartz, a professor at the Berkeley Law School and director of the Berkeley Center for Law and Technology at U.C. Berkeley. “Both CCPA and CPRA govern businesses based in California and processing information of California residents. Since California is the fifth largest economy in the world, that is a lot of information. It’s a wide reach.”
The CPRA, he said, is an elaborate amendment to the CCPA. Enforcement of the new law will not begin until July 2023, giving businesses some time to address the new requirements, which provide more consumer protections.
How California Could Benefit Fom a Privacy Deal With the EU
Politico Pro, January 9, 2019 by Katy Murphy
Bruno Gencarelli, the European Commission’s head of international data protection, stated that the European Union “in principle” could reach a data-transfer agreement with the state of California. Such an agreement would depend on whether the European Commission deems the California Consumer Privacy Act (CCPA) to sufficiently protect Europeans’ personal data. To reach an agreement, California must apply for an adequacy arrangement with the European Union. “The process and ensuing negotiations can drag on for months, and even years,” said University of California, Berkeley School of Law professor Paul Schwartz, an information privacy expert. A proposed initiative by Alastair Mactaggart, the wealthy privacy advocate and original proponent of CCPA, would provide the CCPA with an “EU-friendly makeover” by creating a new data protection regulatory authority in California, adding restrictions on use of sensitive data and automated decision-making, and other elements similar to GDPR. “It’s really striking how much of this is like EU law,” Schwartz said.
Column: Shadowy Data Brokers Make the Most of Their Invisibility Cloak
Los Angeles Times, November 5, 2019 by David Lazarus
California Governor Gavin Newsom signed into law a bill requiring data brokers to register with the state. This bill is in response to an unregulated industry of data brokers that purchases and sells personal identifying information. This bill will come into effect on January 1, 2020, alongside California’s other “sweeping privacy safeguards,” which “will allow[] consumers to instruct companies to delete their personal information and to opt out of having their information shared.” It is unknown whether a consumer can contact a registered data broker to opt out of having their data shared. Professor Paul Schwartz says, “I’d say you could still opt out. But there’s a little ambiguity.”
Apple Preaches Privacy. Lawmakers Want the Talk to Turn to Action
The Washington Post, July 15, 2019 by Reed Albergotti and Tony Romm
Apple CEO Tim Cook has been vocal about the need for federal privacy legislation. But as discussions begin at both the state and federal level, Apple has backed off. Despite declarations that “privacy is a fundamental human right,” Apple has failed to support any privacy legislation. In fact, the tech giant has backed industry groups that actively lobby against such legislation. Professor Paul Schwartz thinks that “the states will influence privacy legislation.”
Is Europe Winning the Argument on How to Regulate Big Tech?
The Telegraph, July 6, 2019 by Laurence Dodds and Olivia Rudgard
American tech firms are beginning to look to Europe for guidance on regulating their technology. Leaders from Apple, Facebook, Salesforce, and other companies have all stated that the US should follow Europe’s lead in some way. “It’s really quite noticeable…” said Professor Paul Schwartz. “Think about French ideas of liberty and freedom jumping over the Atlantic and influencing the American Revolution.” The EU’s most recent regulation, the General Data Protection Regulation (GDPR), came into effect last year and has directly influenced legislation passed in California, Brazil, Thailand, and Japan. As the US grapples with implementing a regulatory scheme, many experts believe EU regulations could provide a valuable guide–though the the ultimate results of the GDPR remain to be seen.
Massive La Liga Fine Just the Beginning of Sports Media’s Newest Battle
Sports Illustrated, June 14, 2019 by Jacob Feldman
Spain’s top soccer league, La Liga, was fined €250,000 ($280,000) by the country’s data protection agency for monitoring its Android app users’ microphones and locations without proper approval. The feature was designed to imperceptibly identify bars playing league games by obtaining geographic information to check whether the establishment had paid to license the content or was showing it illegally. According to Berkeley Law professor Paul Schwartz, such a tactic would be met with similar rebuke in the U.S. Regardless of what is in the fine print, Professor Schwartz stated that if an analysis found the behavior to be outside the bounds of user expectations, the Federal Trade Commission maintains the power to rule the practice deceptive and/or unfair.
Verizon Gives Away Cool Freebies, As Long As You Give Away Your Privacy
Los Angeles Times, September 15, 2017 by David Lazarus
Verizon is bribing people into giving up their privacy through its rewards program, Verizon Up. The reward credits can be used to “get exclusive access to prime sporting events, shows, concerts, and live experiences.” But consumers may not realize how much personal information and behavioral data they are giving up just to get their hands on a fast freebie. “All sorts of companies—Google, Facebook— are already in the data collection business,” said Paul Schwartz, a law professor at UC Berkeley and co-director of the Berkeley Center of Law and Technology. “Now we’re seeing older companies—cable companies, cellular companies—placing a great emphasis on it,” he said.
Experts Criticize US Electronic Devices Ban on Some Flights from Middle East
The Guardian, March 21, 2017 by Sam Thelma
On March 20th, the U.S. Transportation Security Administration (TSA) rushed out a “confidential” ban prohibiting laptops, iPads, and other electronics “larger than a cellphone” on flights from 10 airports in the Middle East. The ban has been sharply criticized by technology experts who questioned both its purpose and effectiveness. As noted by Professor Paul Schwartz, “terrorists have cells throughout the entire world.” As an example, the hijackers responsible for 9/11 had a cell in Hamburg, Germany. Thus, “[o]ne potential problem with this approach where you single out countries is that you ignore the extent to which the terrorist threat is kind of state-less.”
Privacy Regulations Increasingly Unwieldy Heading into 2017
Daily Journal, December 29, 2016, by Joshua Sebold
The year 2016 witnessed a dramatic expansion of privacy regulations from federal agencies, foreign countries, and state governments. The increase has led to an almost unmanageable amount of information. As stated by Professor Paul Schwartz, a special adviser at Paul Hastings LLP and the Jefferson E. Peyser Professor at UC Berkeley School of Law, “I don’t know how we can keep up at this pace. For those of us who practice and teach in this field, it’s almost scary.” In particular, the invalidation of the U.S.-EU Safe Harbor Framework by the EU Court of Justice forced the United States and the European Union to scramble to create the replacement Privacy Shield, which requires that companies have agreements with third party contractors with whom they share data. A recent update to HIPAA, the Health Insurance Portability and Accountability Act, similarly requires companies to rewrite contracts with third party contractors.
Kanye West May Have Broken the Law by Recording Call with Taylor Swift
The Guardian, July 18, 2016, by Sam Levin
Music star Kanye West may have broken California law by secretly recording a phone call with pop star Taylor Swift. California law requires “two-party consent,” meaning that it is a crime to record any form of communication without the consent of all involved parties. West could thus be facing both civil and criminal liability if it turns out that he secretly recorded the call. While criminal prosecution is unlikely, Swift could bring a tort claim for damage to her reputation. As explained by Professor Paul Schwartz, co-director of the Berkeley Center for Law and Technology and a professor at the University of California, Berkeley, School of Law, Swift could also bring a tort claim based on West’s “public disclosure of private facts.”
Scope of EU Privacy Law Has Companies Scrambling to Comply
Law360, April 20, 2016, by Allison Grande
Last week the European Parliament approved the proposed general data protection regulation, or GPDR, which will supplant Europe’s current data protection framework. The GDPR is a uniform regime that increases restrictions and provides national privacy regulators with the authority to fine companies up to either 4 percent of a company’s annual global revenue or $22.2 million. Because the regulation increases the burden on multinational companies, most businesses will have to establish new guidelines for working with EU customers. As explained by Professor Paul Schwartz, a special adviser at Paul Hastings LLP and a professor at the University of California, Berkeley, School of Law, “To some extent, U.S. companies welcome the GDPR because they feel that it offers greater harmonization, but there are national differences and differences between the various national data protection authorities that are not going to go away.”
EU Privacy Pushback Prompts Lawyers to Look for Plan B
The Recorder, April 13, 2016 by Ben Hancock
On April 13th the Article 29 Working Party, composed of Europe’s data protection regulators, sharply criticized the draft US-EU “Privacy Shield” framework as insufficient to uphold EU law and limit the collection of data by US companies. As a result, attorneys may advise clients to employ different mechanisms to abide by EU law. Although the working party’s opinion is non-binding on the European Commission, it has important political ramifications ahead of decisions by EU member states on whether to approve the deal. As explained by Paul Schwartz, a Special Advisor at Paul Hastings LLP and a professor at the University of California, Berkeley, School of Law, the opinion “puts down a marker” by which the EU Court of Justice can evaluate the new framework.
Feds Lose Leverage With Breakthrough in Apple Phone Fight
Law360, March 30, 2016, by Allison Grande
Despite the FBI’s insistence that it needed Apple’s help to unlock an iPhone used by one of the suspects in the San Bernardino shooting, the government has now confirmed that it found a way to break into the phone without Apple’s assistance. While this particular fight may be over, the outcome may weaken the government’s argument in future disputes that it requires assistance from a third party technology company. In addition, the publicity surrounding the debate will likely incentive these companies to further bolster their security. As explained by Professor Paul Schwartz, a Special Advisor at Paul Hastings LLP and a professor at the University of California, Berkeley, School of Law, “A takeaway for Internet service providers and tech companies is that the government is going to be coming for us, so we need to continue to make our protections even stronger.”
Apple Peels Away At DOJ Bid To Unlock Phones With NY Win
Law360, March 1, 2016 by Allison Grande
U.S. Magistrate Judge Judge James Ornstein ruled on Monday that Apple does not have to help the government unlock a drug dealer’s iPhone. The New York order undermines the government’s position in a separate California case, in which prosecutors are arguing that their request for access to the suspected San Bernardino shooter’s phone is an isolated incident. As explained by Paul Schwartz, a Special Advisor at Paul Hastings LLP and a professor at the University of California, Berkeley, School of Law, “While the New York order is not directly binding outside this particular case, it does boost Apple because it undercuts the government’s argument that what is being requested in the San Bernardino case is minimal and unique by showing that these types of requests are being made all over the country.”
Lawyers Anticipate More Teeth in New Data-Transfer Pact
The Recorder, February 3, 2016, by David Ruiz
Paul Hastings special adviser Paul Schwartz, a law professor at UC-Berkeley, said the proposed Privacy Shield, when taken together with another soon to be adopted data-privacy regulation, signals a new mode of thinking for European enforcement. That law, the General Data Protection Regulation, exposes companies to high fines for violations. According to the new law, a company could be fined either 2 million euros or 4 percent of their global revenue for infractions. For Alphabet, Google’s new corporate parent, a 4 percent fine could approach $3 billion based on the earnings figures it posted Feb. 1. “If that’s their new model,” Schwartz said, “people are going to have to take this much more seriously.”
VW Refuses to Give American States Documents in Emissions Inquiries
The New York Times, January 8, 2016 by Danny Hakim and Jack Ewing
Volkswagen has refused to give emails or other executive communications to attorneys general in the United States on the basis of German privacy laws. The delay is impeding American investigators trying to determine the extent of the company’s emissions-cheating scandal. Germany has stricter privacy laws than the United States, including its Federal Data Protection Act, which limits access to data, particularly outside the European Union. “In the E.U., data protection is a fundamental right that is in the European Charter,” said Paul M. Schwartz, a law professor at the University of California, Berkeley and co-director of its Center for Law & Technology. The German federal constitutional court has also identified a right to “informational self-determination,” he said. Such laws are “real obstacles,” he said, adding, “Europeans really take privacy seriously.”
Privacy Conference Brings Berkeley Law Scholarship to Silicon Valley
Berkeley Law School, March 9, 2015, by Leslie Gordon
For the fourth consecutive year, Berkeley Law’s privacy and data security experts will travel to the heart of Silicon Valley to discuss the field’s most pressing issues with practitioners and policymakers… According to BCLT co-director Paul Schwartz, there’s a “huge thirst” among both policymakers and technology companies to learn more about the law school’s privacy scholarship because “we have the world’s best concentration of privacy experts here.”
Surveillance Tools at Issue in Lawsuit
Wall Street Journal, July 16, 2012 by Chad Bray
The American Civil Liberties Union will be in federal court Tuesday as it seeks to force the U.S. Department of Justice and other federal agencies to detail how often they use surveillance tools that capture the email addresses contacted, phone numbers called and websites visited by a person. Such tools are known as pen register and trace-and-track technology, and while the government believes they’re critical for law enforcement, privacy advocates are concerned about the lack of transparency on how often the searches are used. Paul M. Schwartz, a law professor and director of the Berkeley Center for Law and Technology, said the use of pen registers and trap-and-trace technology is likely up because the public is spending more time on smartphones and the Internet. The data available to agencies is much broader than when investigators tracked phone calls to and from a single line, he said. “It’s not surprising they’re going to make use of it,” he said.
Facing the PII: Problem: A Defining Moment in the Online Age
Transcript, Spring 2012 by Andrew Cohen
The law lacks a uniform definition of personally identifiable information (PII). At the same time, private companies are now gathering and reusing information linked to consumers without their permission. In an article with Daniel Solove, Paul Schwartz argues that the definition of PII should be based on the “risk of identification.” The Schwartz-Solove article is resonating strongly with policymakers and practitioners.
Trying to Balance Privacy, Free Speech on Internet
San Francisco Chronicle, February 10, 2012 by James Temple
Is there a right to be forgotten online? U.S. courts tend to defer to the free flow of information with exceptions while European judges tend to prioritize the potential harm to individuals. Paul Schwartz, faculty director for the Berkeley Center for Law & Technology, has studied the origins of this legal chasm. “Americans just feel more comfortable with this rough-and-tumble social discourse,” he said. In an interview, he said European – particularly German – perceptions are rooted in 19th century philosophers such as Georg Wilhelm Friedrich Hegel, as well as the way private information was used against citizens under communist rule and dictators like Adolf Hitler.
Online Privacy Battle Brings Gains, Setbacks
San Francisco Chronicle, January 27, 2012 by James Temple
Consumers are actively monitoring privacy settings but without stronger rules, the ever-changing environment poses risks for consumers and mixed rewards for companies. Paul Schwartz, faculty director for the Berkeley Center for Law & Technology, noted that the broad technological trends of the day, in and of themselves, raise “all kinds of data security and privacy issues.” The mere fact that more and more people are using social networks, smart phones, cloud computing, location-aware apps and mobile commerce means there are increasingly large troves of rich, personal data. These whet the appetites of businesses and hackers alike, and raise a host of complicated legal questions, he said.
Paul Schwartz Calls for Privacy Standards
Washington Internet Daily, January 5, 2012 by Kamala Lane
There should be incentives for companies “to keep information in the least identifiable form possible,” Schwartz said. Companies also should have an obligation “to track what happens to records after they’re released” and risk assessments are needed to figure out when that identifiable information is likely to become identified “and allow people to assess the levels of risk that follow.”
Paul Schwartz Compares US and European Privacy Law
American Public Media, Marketplace, September 14, 2011 by John Moe
“In Europe, there is a comprehensive privacy law in each nation which requires that online privacy be protected. In the U.S., we regulate sector by sector, and there are notable gaps in protection. We have statutory protection for things like health care privacy, video privacy, credit card records. But there is no one law that protects online privacy. The exception for that is there is a Children’s Online Privacy Protection Act, but that only protects those who are 13 years or younger.”
Paul Schwartz Reacts to Facebook’s Political Strategy
The New York Times, March 28, 2011 by Miguel Helft and Matt Richtel
Schwartz said Facebook seemed to have learned quickly that demands for regulation would pile up, not just from users and advocacy groups, but from competitors. “What they’re doing is pragmatic, and it’s pragmatic to do it sooner rather than later,” he said.
Paul Schwartz Comments on Google’s Opt-Out Policy for Germany
The Christian Science Monitor, August 12, 2010 by Stephen Kurczy
Street View’s opt-out option, says Schwartz, highlights how Web users can snoop without being snooped on. “The Golden Rule is not enforced or enforceable,” he says. “Google is not saying that since you’ve opted out, you can’t use [Street View] forever more. It allows people to become free riders.”
Paul Schwartz Cites Privacy Concerns if Personal Tax Info Publicized
The New York Times, February 13, 2010 by Anna Bernasek
In a 2008 paper, Schwartz concluded that tax returns would “increasingly be subject to the same kind of forces, legal and otherwise, as other personal information.”
Paul Schwartz Wants Regulators to Stay Focused on Privacy Policies
BNA Electronic Commerce, November 11, 2009 by Amy E. Bivins
“Privacy notices make companies think about what their privacy practices are,” Schwartz said. “Policies also give privacy advocates an opportunity to examine business practices related to consumer information.”…When it comes to data-sharing between online services, transparency gains additional importance, he added.
Paul Schwartz Raises Privacy Concerns of Online Advertising
The New York Times, July 31, 2009 by Stephanie Clifford
Schwartz said the unwitting participation by consumers makes online marketing different from offline. “Interactive media really gets into this creepy Orwellian thing, where it’s a record of our thoughts on the way to decision-making,” he said. “We’re like the data-input clerks now for the industry.”
Paul Schwartz Scrutinizes Warrantless Wiretap Case
NPR, Morning Edition, June 4, 2009 by Martin Kaste
For almost three years, the Bush administration tried to quash the lawsuit, arguing that the wiretapping program was simply too secret for court. This is known as the state secrets privilege, and that usually is enough to convince a court to shut a case down. “The general attitude has been extremely deferential and has taken the government at its word, and has decided that if there are state secrets, then there’s state secrets,” Schwartz says.
Paul Schwartz Warns Against Advertiser Tracking on Smartphones
The New York Times, March 11, 2009 by Stephanie Clifford
Schwartz said tracking by advertisers was problematic. “People should be allowed to trade most kinds of information for value as long as the terms are fair,” he said. “They’re not fair now.”
Paul Schwartz Calls for Reform of Telecommunications Surveillance Laws
San Francisco Chronicle, March 1, 2009 by Paul M. Schwartz
“Sadly, rational inquiry about telecommunications surveillance is prevented by the haphazard and incomplete information that the government collects about its own behavior. Neither the government nor outside experts know the basic facts about our surveillance practices.”
Paul Schwartz Believes Privacy Officers Provide Needed Advice on Data Protection
Chronicle of Higher Education, November 21, 2008 by Lisa Guernsey
“A chief privacy officer,” Schwartz says, “can clear up these misunderstandings.”
Paul Schwartz Explains Impact of US-EU Privacy Agreement
The New York Times, June 28, 2008 by Charlie Savage
“The reason it’s a big deal is that it is going to lower the whole transaction cost for the U.S. government to get information from Europe.… Most of the negotiations will already be completed. They will just be able to say, ‘Look, we provide adequate protection, so you’re required to turn it over.’”
Paul Schwartz Chastises Bush Administration for Illegal Wiretapping
KGO-TV, February 15, 2008 by Mark Matthews
“If the government feels that it needs to do something that the law does not allow, what they need to do is go to Congress and say, look, we’ve got to change the law,” said Schwartz.
