On taking the “scenic route” to becoming a lawyer

On taking the “scenic route” to becoming a lawyer

According to the Junior Lawyers Division of the Law Society of England & Wales, the average age of a qualifying solicitor now is 29. However, despite the fact that more and more lawyers are joining the profession in their late 20s or even early 30s, it’s still common for many prospective lawyers to feel like outliers – or even outsiders – if they take a “scenic route” to qualification. I know I certainly did!

Inspired by the recent #TimeToTalk day, here is some advice and perspective on being one of those slightly older junior lawyers.

For readers who are not familiar with the English legal education and training system, a solicitor must complete a mixture of classroom and practical internships prior to becoming a qualified lawyer. In the most streamlined scenario, a prospective lawyer will complete three years of undergraduate study in law, followed by one year of practical postgraduate study, called the Legal Practice Course. For students who study something other than law as undergraduates (or for international students) completing the Graduate Diploma in Law will also likely be necessary.

After the Legal Practice Course, a junior lawyer must complete two years of training (known as a training contract) at a law firm, before qualifying as a licensed solicitor. Obtaining a training contract is an extremely competitive process, with only one spot being available for every four or five students. Applications are therefore usually made two years in advance, with many students applying in their final year of undergraduate study.

However, “many” certainly does not mean “all.” And I’m here to tell you that if your path doesn’t follow the fastest or most direct route, don’t despair. 

When I was in my penultimate year of undergrad, I was a 20 year-old political science student at Washington State University. I had my heart set on becoming a military lawyer, with the ultimate ambition of working in Washington DC as some sort of government counsel, intelligence expert or (insert grimace here) even a lobbyist. When I injured my knee during my final training course for the Marine Corps, I was forced to imagine a new future for myself.

I needed the courage to let go of my idealised, perfect future. To put some space between myself and the goals I had been holding so tightly for so long, I applied for a masters degree in London. I thought a year or two away from familiar surroundings would help me overcome the grief of losing my “Plan A,” and help me to create a “Plan B.” What I realised in the process was that, to quote John Lennon, life is what happens when you’re making other plans. 

Image may contain: 1 person
My Masters’ Degree Graduation Ceremony, 2012. The following month, I began what would become a five-year journey to becoming a qualified solicitor.

During my masters’ degree, I ended up focusing on −and becoming fascinated by − European Union intellectual property law. Rather than return to the USA for law school, I decided to stay in London and become a lawyer in England. The next two years were a somewhat crazy mix of writing my thesis, finishing my masters, earning my Graduate Diploma in Law, and taking several short-term jobs. I also met my now-husband in late 2012, so I was trying to balance a social life with studying and of course, “adulting” in a foreign country.

It was during this rather eventful period that I realised just how competitive landing a training contract would be. As someone who earned very high marks at university, I never thought I’d struggle to land a job as a trainee lawyer. But I did, and there’s no shame in admitting that.

To put things in perspective, it’s important to remember that in any given year, there are some 25,000 first-year undergraduate law students in the United Kingdom. However, with fewer than 6,000 training contract spots available, this means that only about one in five students will become a trainee. Many well-regarded law firms in London routinely receive several thousand applications for only 50 or 60 training slots.

Many of us who were unsuccessful on our first round of applications pursued other things in the interim. I ended up working in business development at the London office of a major US law firm, and enjoyed helping the partners develop pitches and marketing materials for their key clients. I also spent some time working as a paralegal for the firm where I would eventually train, which gave me some early exposure to life as a fee-earner. And all of these experiences have in some way influenced the lawyer I’ve become.

Of course, I don’t routinely use the life-saving or swimming skills I gained as a lifeguard when I’m drafting commercial contracts. But that summer spent by the pool taught me how to stay focused and calm in chaotic environments, amongst other things. I can guarantee that clients and colleagues alike appreciate the perspective and maturity that comes with having experience from beyond the legal world’s bubble.

Image may contain: 1 person, sitting and child
In retrospect, what difference does a year or two (or five) really make?

I don’t like telling people – especially those in their early 20s – to stop being so negative about their future, or to just try to see the good in everything. I think those sentiments minimise the intense and very raw feelings of rejection and low-self esteem found amongst those who are struggling to find their place in the legal profession. The feeling of not being good enough is very common for aspiring lawyers, but just because it’s common doesn’t mean it’s any less real.

I won’t tell you to just be positive about your job search and application process, because it’s going to take a lot more than positive thinking to get you qualified as a solicitor (or barrister, or attorney, or whatever). It’s going to take research, writing, re-writing, and re-writing, humility, tenacity, and looking at your options from a variety of angles. In short, applying and working towards becoming a lawyer looks a lot like actually being a lawyer. 

mimi
Worth the wait. Here I am at my Law Society qualification ceremony last year.

What I will tell you is that securing a training contract is difficult. But you’ve likely accomplished difficult things before. While it is normal to feel negative when you receive a setback, I challenge you to reconsider how you define a “setback.” There is much that could go wrong throughout your journey, but needing an extra year (or two, or five) to reach your goal? To my mind, that isn’t “wrong.”

For what it’s worth, I qualified when I was 29. There are times that I feel old or a bit discouraged because some of the lawyers who qualified before me are several years younger than I am. But recently, I’ve started to challenge my long-held belief that younger means faster, and that faster somehow means better. The truth is, everyone’s path – scenic or otherwise – is completely subjective: and slowly, I’m learning not to care so much about what others may think of mine…

Featured photo – Holly Mandarich

DeepFakes and False Lights: what does the law say?

DeepFakes and False Lights: what does the law say?

What do Scarlett Johansson, cyber intelligence experts and some law makers have in common? Their shared concern about AI-generated videos. Known as “DeepFakes,” these videos can have damaging impact on reputations, emotional health, and even national security. But what is the legal status of this disruptive – and oftentimes disturbing – technology?

Deepfake – which combines “deep learning” and “fake” – is commonly defined as an artificial intelligence-based human image synthesis technique. Put simply, it’s a way to superimpose one face over another.

In December 2017, an anonymous Reddit user started a viral phenomenon by combining the machine learning software and AI to swap porn performers’ faces with those of famous actresses. Scarlett Johansson, one of the most highly-paid actresses in Hollywood, has herself been the victim of such “creations”. Speaking to the Washington Postshe explained that “nothing can stop someone from cutting and pasting my image or anyone else’s onto a different body and making it look as eerily realistic as desired. There are basically no rules on the internet because it is an abyss that remains virtually lawless.”

It goes without saying that such fake porn videos can easily damage careers, emotional well-being, and a person’s sense of dignity and self-esteem. But there are other implications, too.

As a general starting point, it’s useful to have an understanding of what AI is – and isn’t. “Artificial Intelligence” is not another word for the robot overlords in Blade Runner or even Skynet’s Terminators. Rather, AI is fundamentally a machine-learning application whereby a computer is to fulfill a certain task on its own. What makes AI special is that machines are essentially “taught” to complete tasks that were previously done by humans, by doing the task over and over again.

With deepfakes, it doesn’t take long for the AI to learn the skill with eerie precision, and produce sophisticated (albeit artificial) images. The technology has many legitimate uses, especially in the film industry, where an actor’s face can be placed on their stunt double’s body. But thanks to continued advancement in the technology itself, the political and legal risks are higher than ever before.

On 29 January, US Director of National Intelligence Dan Coates spoke before the Senate Select Committee on Intelligence to deliver the Worldwide Threat Assessment, which had been compiled by the US intelligence community. The document sets out the biggest global threats in the following order: cyber, online influence operations (including election interference), weapons of mass destruction, terrorism, counterintelligence, emerging and disruptive technologies. 

Yes, cyber attacks and online influence operations are discussed before traditional weapons of mass destruction. The report even mentions deepfakes explicitly:

Adversaries and strategic competitors probably will attempt to use deep fakes or similar machine-learning technologies to create convincing—but false—image, audio, and video files to augment influence campaigns directed against the United States and our allies and partners.

Senator Mark Warner, the top Democrat on the Senate Intelligence Committee, explained that “we already struggle to track and combat interference efforts and other malign activities on social media — and the explosion of deep fake videos is going to make that even harder.” This is particularly relevant given the severe political polarization around the world today: from Brexit to Trump and everywhere in between, deepfakes could become powerful ways to spread more disinformation and distrust.

There are some legal remedies which may combat some of the more nefarious aspects of the deepfake. As explained by the International Association of Privacy Professionals (IAPP), in common law jurisdictions like the United States and the United Kingdom, the victim of a deepfake creation may be able to sue the deepfake’s creator under one of the privacy torts. By way of example, the false light tort requires a claimant to prove that the deepfake in question incorrectly represents the claimant, in a way that would be embarrassing or offensive to the average person.

Another potentially relevant privacy tort is that of misappropriation or the right of publicity, if the deepfake is used for commercial purposes. Consider, for example, if someone made a deepfake commercial of Meghan, the Duchess of Sussex endorsing a certain makeup brand. Since individuals generally do not own the copyright interest in their own image (i.e., the photograph or video used to make a deepfake) copyright law is not a good remedy to rely upon. Instead, Meghan could argue that the deepfake misappropriated her personality and reputation for someone else’s unauthorised commercial advantage. However, it’s important to note that personality rights are frustratingly nebulous here in the United Kingdom, as I explained in Fame and Fortune: how celebrities can protect their image

Depending on the nature of the deepfake, a victim may also be able to sue for the intentional infliction of emotional distress, cyberbullying, or even sexual harassment. But in many instances, the burden of proof to establish these claims can be a notoriously difficult standard to meet.

Furthermore, the practical challenges of suing the creator of a deepfake are considerable. Firstly, such creators are often anonymous or located in another jurisdiction, which makes legal enforcement very difficult. Although a victim could request that the creator’s internet company (ISP) remove the deepfake, establishing what is known as “online intermediary liability” and forcing an ISP to get involved can be an uphill battle in and of itself (this was the topic of one of my papers in law school). As for the victim exercising their right to be forgotten under the EU’s General Data Protection Regulation (Article 17, GDPR), the same problem arises: who is responsible for taking down the deepfake?

Secondly, the creator may lodge a defense of free speech or creative expression, especially if the deepfake victim is a political figure or otherwise in the public spotlight. This may beg the question, to what extent is a deepfake depicting a member of parliament any different from a satirical cartoon or parody? Unless the deepfake is outrageously obscene or incites actual criminal behaviour, it may be nearly impossible to take legal action.

Deepfakes are but one of many instances where the law has not quite kept up with the rapid development of new technology. Although issues like these keep technology lawyers like myself employed, the potential for genuine harm caused by deepfakes in the wrong hands cannot be overstated. It should be fairly clear that outlawing or attempting to ban deepfakes is neither possible nor desirable, but perhaps increased regulation is a viable option. Deepfakes could be watermarked or labelled before being shared by licensed or regulated entities (for example, news organisations) much in the same way that airbrushed models in advertisements are labelled in France. Doing so may at least slow down the proliferation of deepfakes purporting to be genuine.

But until then, the only advice remains that you shouldn’t believe everything you read – or see, or hear – online.

 

Privacy Day 2019

Privacy Day 2019

In 2006 the Council of Europe officially recognised 28 January as a data privacy holiday, to celebrate the date The Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data was signed in 1981. Also known as Convention 108, this document remains the only international treaty in the field of personal data protection.

In honour of this year’s Privacy Day – also called Data Protection Day – here are a few excerpts from some of my favourite English and American legal cases about privacy.

Image result for entick v carrington

In 1762, the King George IV’s Chief Messenger Nathan Carrington and others broke into the home of the writer John Entick. Over the course of four hours, the messengers broke open locks and doors and searched all of the rooms, before taking away charts and pamphlets, and causing £2,000 of damage. The King’s messengers were acting on the orders of Lord Halifax, the newly appointed Secretary of State: Entick later sued Carrington for trespassing on his land. In his judgment in favour of Entick, Chief Justice of the Common Pleas Lord Camden wrote:

Has a Secretary of State a right to see all a man’s private letters of correspondence, family concerns, trade and business? This would be monstrous indeed; and if it were lawful, no man could endure to live in this country.

Today, Entick v Carrington is considered to have deeply influenced the establishment of individual civil liberties, and limiting the scope of executive power. It also served as an important motivation for the Fourth Amendment to the United States Constitution, which guarantees protections to Americans against certain searches and seizures. 

Image result for queen victoria sketches

Prince Albert v Strange was an 1849 court decision which began the development of confidence law, the common law tort that protects private information. By way of background, both Queen Victoria and Prince Albert sketched as a hobby. John Strange obtained some of these sketches after they had been stolen from Windsor Palace, and published a catalog showing them. Prince Albert filed suit for the return of the sketches, and a surrender of the catalog for destruction. The Lord Chancellor Lord Cottenham granted Prince Albert’s plea, and explained in his judgment that:

The Court of Chancery will protect everyone in the free and innocent use of his own property, and will prevent other parties from interfering with the use of that property, so as to injure the owner. It is certain every man has a right to keep his own sentiments if he pleases. He has certainly a right to judge whether he will make them public, or commit them only to the sight of his friends. Privacy is a part, and an essential part, of this species of property.

 

Image result for Eisenstadt v Baird

In 1967, William Baird was charged with a felony for handing a condom to an unmarried woman who had attended one of his lectures on birth control at Boston University. Under Massachusetts law on “Crimes against chastity”, contraceptives could only be distributed by registered doctors or pharmacists, and only to married persons. The Supreme Court of the United States overturned the law in the 1972 case Eisenstadt v. Baird, and the majority opinion was written by Justice Brennan, who famously wrote:

If the right of privacy means anything, it is the right of the individual, married or single, to be free from unwarranted governmental intrusion into matters so fundamentally affecting a person as the decision whether to bear or beget a child.

In 1982, the state of Pennsylvania enacted legislation that placed a number of restrictions on abortion. In the resulting 1986 case Thornburgh v. American College of Obstetricians and Gynecologists, the Supreme Court overturned the Pennsylvania law, holding (amongst other things) that the “informed consent” and printed materials provisions of the law unduly intruded upon the privacy of patients and physicians. Justice Brennan penned the opinion, noting:

Our cases long have recognized that the Constitution embodies a promise that a certain private sphere of individual liberty will be kept largely beyond the reach of government. Few decisions are more personal and intimate, more properly private, or more basic to individual dignity and autonomy, than a woman’s decision whether to end her pregnancy. A woman’s right to make that choice freely is fundamental. Any other result, in our view, would protect inadequately a central part of the sphere of liberty that our law guarantees equally to all. 

Image result for naomi campbell magazine 1994

In 2001, British supermodel Naomi Campbell was photographed leaving a drug rehabilitation clinic, despite having previously denied that she was a recovering drug addict. After the photographs were published in the tabloid The Mirror, Campbell sued for damages in Naomi Campbell v Mirror Group Newspapers. The House of Lords held the paper liable, and Law Lord Nicholls stated:

The importance of freedom of expression has been stressed often and eloquently, the importance of privacy less so. But it, too, lies at the heart of liberty in a modern state. A proper degree of privacy is essential for the well-being and development of an individual. And restraints imposed on government to pry into the lives of the citizen go to the essence of a democratic state.

In the 2011 case of Federal Aviation Administration v. Cooper, the Supreme Court considered if the United States Privacy Act of 1974 covers mental and emotional distress caused by privacy invasion. The Court held that the Privacy Act’s “actual damages” provision only allowed Cooper to recover for proven pecuniary or economic harm. Justice Sonia Sotomayor wrote the dissent, joined by Justices Ruth Bader Ginsburg and Stephen Breyer. Perhaps unsurprisingly, I personally agree with Justice Sotomayor’s dissent, which noted:

Nowhere in the Privacy Act does Congress so much as hint that it views a $5 hit to the pocketbook as more worthy of remedy than debilitating mental distress, and the contrary assumption [in this case] discounts the gravity of emotional harm caused by an invasion of the personal integrity that privacy protects.

Of course, the cases above provide only a small glimmer of insight into the weird and wonderful world of privacy law. On international Privacy Day in particular, it’s important to remember that the legislation and court cases which shape our understanding of privacy and protection from intrusion go far beyond the modern notion of cyber security.

The right to privacy is a human right!

Related image

Do Neo-Nazis have a right to privacy?

Do Neo-Nazis have a right to privacy?

Earlier this month, a leftist art collective in Germany called the Centre for Political Beauty (Zentrum für Politische Schönheit or “ZPS”) launched a website to name and shame neo-Nazis. At soko-chemnitz.de, people were invited to examine photographs taken during this summer’s violent anti-immigration protests in Chemnitz, and in exchange for identifying suspected right-wing demonstrators, would receive a crowd-funded reward of at least €30. The twist? The image recognition database was a honeypot: a sophisticated hoax to induce neo-Nazis into identifying themselves.

This recent project gives rise to serious questions regarding the exploitation of personal data for illegitimate or unlawful purposes – even if those purposes are seen by many as socially or ethically justified.

Image result for center of political beauty
“Doxing” – a portmanteau of document (“dox”) and dropping – is a term used to describe publicly exposing someone’s real identity on the internet.

The Chemnitz Context

Known as Karl-Marx Stadt when it was part of the Soviet bloc, Chemnitz is an industrial city in eastern Germany with a population of about 250,000. After German reunification in 1990, the political and economic systems changed drastically as democracy and capitalism replaced the communist regime. Similarly, as thousands of East Germans relocated to the more prosperous West, expatriates and immigrants filled shortages in the labour market and made their home in East Germany. For the first time in decades, the East was forced to deal with the challenges posed by multiculturalism, immigration and globalism.

Such problems have only intensified in light of Chancellor Merkel’s more liberal migrant policy, which has seen an influx of those seeking asylum and refugee status. Accordingly, Eastern Germany has seen a significant surge in far-right populism and xenophobic protests. In 2017, nearly 25 per cent of the city’s residents voted for the far-right German nationalist party, Alternative for Germany (Alternative für Deutschland, orAfD”).

Tensions between “native” East Germans and immigrants made headlines again this August, when a German man was stabbed to death in Chemnitz. When police revealed that his two attackers were Kurdish (one from Iraq and the other Syria) far-right groups quickly organised anti-immigration protests. Nearly 7,000 people joined the demonstrations, which were marked by hate speech and violence against non-Germans. The swastika and other Nazi symbols, including making the Nazi salute, are banned in Germany.

The Honeypot

Known for its “activist art”, the ZPS uses satirical stunts, performance pieces and interventions to draw attention to various humanitarian issues. By way of example, the group designed a monument in 2010 to “memorialise” Western co-responsibility for the Srebrenica massacre. In 2017, they built a “Holocaust Memorial” in front of nationalist politician Björn Höcke’s house.

In the weeks following the Chemnitz protests, ZPS published pictures of far-right rioters online at soko-chemnitz.de, and asked visitors to “identify and denounce your work colleagues, neighbors or acquaintances today and collect instant cash!” The rewards started at €34 (£30) with special bonuses awarded for identifying photos of people who were police, or members of Germany’s domestic security agency, the Federal Office for the Protection of the Constitution (Bundesamt für Verfassungsschutz or BfV). While the ZPS had indeed previously identified over 1,500 individuals who participated in the protest, the real goal of the campaign was to get far-right sympathizers to search for and thereby name themselves.

Related image
Gesucht: Wo arbeiten diese Idioten? / Wanted: where do these idiots work?

The honeypot design was simple. When visitors entered the website, they were presented with only 20 pictures at a time. Much to the delight of ZPS, Chemnitz protesters went straight to the site’s search bar to type in their own name and the names of fellow participants, to see if they’d already been named. The average visitor searched for the names of seven people.

In this way, the protesters “delivered their own entire network to ZPS without realising it. They told us more about themselves than publicly available sources ever betrayed.” ZPS founder Philipp Ruch claims that use of the website has created “the most relevant set of data on right-wing extremism that currently exists in Germany.”

The Controversy

The Special Commission Chemnitz site sparked a huge controversy in Germany for several reasons. Firstly, many questioned the legality of the website itself. Photos of demonstrators were uploaded without permission from the individuals pictured, an action which could potentially contravene German and European data protection law. Although no such private information other than photographs were revealed on soko-chemnitz.de,  users were asked to send in names, addresses, and names of employers of demonstrators. DeutscheWelle, Germany’s public international broadcaster, reported that “Germany’s data protection commissioner’s office said it was looking into whether the ZPS site was acting within legal limits.”

Image result for center for political beauty
Members of the ZPS always wear black face paint during during public appearances, to symbolize the “soot of German history”. The group’s fundamental mission statement is that “the legacy of the Holocaust is rendered void by political apathy, the rejection of refugees and cowardice. It believes that Germany should not only learn from its History but also take action.”

Beyond the textual or purely legalistic overtures of data protection law violations, the website elicits serious concerns over whether doxing private individuals is ever justified. Much has been written about the free speech rights of those who promote abhorrent ideologies. Those with a more libertarian perspective on free speech will insist that Nazi speech must be defended because it is so especially controversial. But what about the right to privacy?

In his article entitled Why it’s important to name the Nazis, journalist David Perry argued that identifying those whose pictures appear online attending a public rally is justified. Neo-Nazi protesters are people intending to do or to advocate harm, and have therefore surrendered their right to anonymity. The right to freedom of expression does not extend to a right of social impunity. One could also consider that view that as such protests occurred in a public space, any reasonable expectation of privacy was materially lacking.

But in the European —and notably, German— context, rights to privacy are especially treasured given the history of both Nazi and Communist security service tactics. These regimes demonstrated in the most heinous ways possible that collection of personal information can lead to harm. The idea of encouraging and paying private individuals to “out” their friends, neighbours and colleagues —even if for a seemingly noble cause—does not sit well with many Europeans today. Interior Minister Roland Wöller went so far as to say that the ZPS website “endangered social cohesion”.

Consider the distinction between how the United States and Germany “name and shame” sex offenders. The United States was the first country to establish a national sex offender registration and notification system in 1994. By contrast, Germany has no national sex offender registration legislation, nor a public notification system. This perhaps illustrates the extent to which Germans value the protection of individual privacy, even where those individuals have committed criminal or otherwise morally reprehensible acts.

The soko-chemnitz.de project forces upon the public an uncomfortable question: do neo-Nazis have a right to privacy? Those who say “no” would likely choose to identify and denounce the Chemnitz protesters as potentially dangerous far-right radicals. In so doing, one could take comfort in having participated in some sort of righteous, anti-Nazi resistance movement. But at what cost? Doxing campaigns have gone terribly wrong in the past, and errors in identification can led to irreparable emotional and reputation damage, or even job loss and suicide. On the other hand, refusing to participate in the campaign could arouse suspicions that one sympathizes or even identifies with the Nazi ideology.

As a piece of political performance art, soko-chemnitz.de was certainly provocative. But it is also politically significant. Coverage of the website forced people to consider their own personal prioritisation of ideals associated with a democratic society: to what extent should we protect privacy, expression, freedom from interference, security, liberty, trust…? It’s a predicament as old as political philosophy itself, and an increasingly uncomfortable balancing act to achieve in today’s world of hyper-surveillance and social media. Perhaps this was the disquieting, satirical reminder the ZPS was hoping to convey all along.

 


*Note on soko-chemnitz.de

ZPS has replaced its original soko-chemnitz website with a splash page explaining the honeypot campaign. You can visit earlier archives of the page using the Wayback Machine. This is what the website looked like on 4 December 2018, absent the images of individuals, which have since been deleted.

🎂 KelseyFarish.com’s 1st Birthday!

As of November 2018, KelseyFarish.com has officially turned one year old! When I come across something in the news about digital rights, free speech, intellectual property or other aspects of the media and entertainment industries, I really do love trying to get to the heart of the issue, and writing about it here. It’s a continual joy and fantastic learning experience for me to share with the world the legal stories I find most interesting. And of course, I hope you enjoy reading my posts!

In honour of reaching this milestone, here are my ten most popular posts in this first year of blogging at KelseyFarish.com.

10. Ricciardo’s Ritual Returns at Monaco Grand Prix

Screenshot 2018-11-29 at 7.36.59 PM.png

Australian Formula One driver Daniel Ricciardo has an interesting celebratory ritual when he stands on the podium after a race: he drinks champagne from his sweaty racing shoe. I wrote about how F1, keen to capitalise on the popularity of the stunt, trademarked the name of this quirky act, known as a “shoey.” Now, it’s pretty clear to me why this post became popular… my motor sport loving husband posted a link to this post on a F1 subreddit! Thanks, love! 😘

09. California Bar Exam; Introduction

Screenshot 2018-11-29 at 7.27.50 PM.png

This summer I decided to register for the July 2019 California bar exam – wish me luck! I thought it might be helpful to keep a written record of my experiences, thoughts, predictions, and study strategy (for more, see my “California Bar Exam” category tag). This post in particular explains my decision, and sets out the basics of how to become dual-qualified, and what the California bar exam entails.

08. No more Safe Harbours for EU-ser Uploaded Content?

Screenshot 2018-11-29 at 7.19.41 PM

Throughout the summer, there was heated debate concerning the EU’s sweeping new Copyright Directive. This post explored intermediary liability over user-uploaded content. Essentially, digital platforms and internet service providers argued that they are not responsible for any copyright infringing material uploaded by their users. I was surprised that this post was popular, as it was a fairly “technical” topic!

07. Lights, Camera, Data Protection

Screenshot 2018-11-29 at 7.33.19 PM.png

Cannes: movie stars, auteurs, glamour, the French Riviera, and… data privacy? Before the cameras start rolling, a film production company will need to agree service contracts for cast and crew. In honour of the Cannes Film Festival happening during the same time as my post, I wrote about how data protection issues need to be addressed for an actor’s contract under the new GDPR.

06. Lawyerpalooza: When Music Festivals get Intellectual Property Licensing Wrong

Screenshot 2018-11-29 at 6.55.36 PM

Artists and musicians often use license agreements to ensure their work is used only in accordance with their wishes. This post explains how licensing agreements work when commercialising intellectual property, and explored the case of an artist suing the Lallopalooza festival owners for misusing his designs. Perhaps unsurprisingly, although this post was written in February, it received most of its hits in August – during Lallopalooza!

05. Reputation: Taylor Swift’s Protections Under American and English Defamation Law

Screenshot 2018-11-29 at 7.08.38 PM.png

The right to freedom of expression is not an absolute right: there are certain restrictions in place to protect an individual’s reputation. But those restrictions vary significantly, depending on which side of the Atlantic you’re on. Using Taylor Swift’s lawsuit against a blogger who claimed Swift’s music video had alt-right political connections, I explained the differences between US and UK defamation and free speech laws.

04. The Copyright Between Oceans?

Screenshot 2018-11-29 at 6.50.59 PM.png

Copyright law only applies to the expression of ideas (such as the words or images), and not the ideas themselves. This post used a lawsuit against the author and film producers of The Light Between Oceans to explore this doctrine, which is known as the “idea–expression dichotomy” or “scène à faire.” It is also the post I submitted for my (successful) application to become the CopyKat Intern at the 1709 Copyright Law blog!

03. Is Posting Rap Lyrics on Instagram a #Hatecrime?

Screenshot 2018-11-29 at 6.36.38 PM.png

A teenager who posted rap lyrics on Instagram was convicted of “sending a grossly offensive message over a communications network,” which was uplifted to a hate crime. This story received a lot of media attention here in England, so I decided to do some research on the legal – and societal – implications. The post covers the UK’s Criminal Justice Act 2003 and Communications Act 2003, as well as the European Convention on Human Rights.

02. Morality Clauses and Talent Contracts

Screenshot 2018-11-29 at 6.32.23 PM.png

A “morality clause” permits an employer to end its contractual relationship with an individual if their conduct breaches certain ethical expectations. In early 2018 Netflix removed Kevin Spacey from its hit show House of Cards after Spacey was accused of sexual misconduct. I was inspired by the #MeToo movement, and wanted to write about this because Kevin Spacey claimed Netflix could not legally fire him, because his contract did not contain a morality clause.

01. Fame and Fortune: How do celebrities protect their image?

Screenshot 2018-11-29 at 6.27.17 PM

In this post, I explain how celebrities protect and control the publicity associated with their name, image, and brand. Prior to researching “image rights,” I dismissed the topic as somewhat irrelevant to anyone who isn’t a celebrity. But writing this post helped me come to the realisation that these protections are relevant not only to the rich and famous, but to all of us. In a world of pervasive social media and surveillance, I think we should all be able to control our images and identity as we choose.

Thank you for reading!

Facebook and Privacy: cases, reports and actions in Europe

Facebook and Privacy: cases, reports and actions in Europe

A list of European enforcement action, official legislative (Parliamentary) reports, and cases concerning Facebook with respect to data protection and privacy. This is a work in progress, last updated November 2018.

Data Protection Commissioner (Ireland) v Facebook Ireland Limited, Maximillian Schrems [Case C-311/18]

  • Jurisdiction: European Union, Ireland
  • Status: Case still in progress
  • Authority:  Court of Justice of the European Union
  • Keywords: EU Data Protection Directive (95/46/EC); EU/US Privacy Shield; Fundamental Rights

Continue reading “Facebook and Privacy: cases, reports and actions in Europe”

Transatlantic Data Transfers: US-EU Privacy Shield under review

When personal data travels between Europe and America, it must cross international borders lawfully. If certain conditions are met, companies can rely on the US-EU Privacy Shield, which functions as a sort of “tourist visa” for data. 

Earlier this week (19 November) the United States Federal Trade Commission finalised settlements with four companies that the agency accused of falsely claiming to be certified under the US-EU Privacy Shield framework. This news closely follows the highly anticipated second annual joint review of the controversial data transfer mechanism. 

IDmission LLC, mResource LLC, SmartStart Employment Screening Inc., and VenPath Inc. were slapped on the wrist by the FTC over allegations that they misrepresented their certification. But this is just the latest saga in an on-going debate regarding the Privacy Shield’s fitness for purpose. Only this summer, the European Parliament urged the European Commission to suspend the Privacy Shield programme over security and privacy concerns.

flying airplane

Background and purpose

Designed by the United States Department of Commerce and the European Commission, the Privacy Shield is one of several mechanisms in which personal data can be sent and shared between entities in the EU and the United States. The Privacy Shield framework thereby protects the fundamental digital rights of individuals who are in European Union, whilst encouraging transatlantic commerce.

This is particularly important given that the United States has no single, comprehensive law regulating the collection, use and security of personal data. Rather, the US uses a patchwork system of federal and state laws, together with industry best practice. At present, the United States as a collective jurisdiction fails to meet the data protection requirements established by EU lawmakers.

As such, should a corporate entity or organisations wish to receive European personal data, it must bring itself in line with EU regulatory standards, known as being “protected under” the Privacy Shield. To qualify, companies must self-certify annually that they meet the requirements set out by EU law. This includes taking measures such as displaying privacy policy on their website, replying promptly to any complaints, providing transparency about how personal data is used, and ensuring stronger protection of personal data.

Today, more than 3,000 American organisations are authorised to receive European data, including Facebook, Google, Microsoft, Twitter, Amazon, Boeing, and Starbucks. A full list of Privacy Shield participants can be found on the privacyshield.gov website.

Complaints and non-compliance?

There is no non-compliance. We are fully compliant. As we’ve told the Europeans, we really don’t want to discuss this any further.

—Gordon Sondland, American ambassador to the EU

Although the Privacy Shield imposes stronger obligations than its ancestor, the now-obsolete “Safe Harbor,” European lawmakers have argued that “the arrangement does not provide the adequate level of protection required by Union data protection law and the EU Charter as interpreted by the European Court of Justice.”

In its motion to reconsider the adequacy of the Privacy Shield, the EU Parliament stated that “unless the US is fully compliant by 1 September 2018” the EU Commission would be called upon to “suspend the Privacy Shield until the US authorities comply with its terms.” The American ambassador to the EU, Gordon Sondland, responded to the criticisms, explaining: “There is no non-compliance. We are fully compliant. As we’ve told the Europeans, we really don’t want to discuss this any further.”

Věra Jourová, a Czech politician and lawyer who serves as the European Commissioner for Justice, Consumers and Gender Equality, expressed a different view: “We have a list of things which needs to be done on the American side” regarding the upcoming review of the international data transfer deal. “And when we see them done, we can say we can continue.”

Photo: Ambassador Sondland with Commissioner Jourova in the Berlaymont.
Jourová and Sondland, via a tweet from Sondland saying he was “looking forward to our close cooperation on privacy and consumer rights issues that are important to citizens on both sides of the Atlantic.” 

The list from the Parliament and the First Annual Joint Review [WP29/255] (.pdf) concerns institutional, commercial, and national security aspects of data privacy, including:

  • American surveillance powers and use of personal data for national security purposes and mass surveillance. In particular, the EU is unhappy with America’s re-authorisation of section 702 of the Foreign Intelligence Surveillance Act (FISA), which authorises government collection of foreign intelligence from non-Americans located outside the United States (Remember Edward Snowden and PRISM? See the Electronic Fronteir Foundation’s explanation here)
  • Lack of auditing or other forms of effective regulatory oversight to ensure whether certified companies actually comply with the Privacy Shield provisions
  • Lack of guidance and information made available for companies
  • Facebook and the Cambridge Analytica scandal, given that 2.7 million EU citizens were among those whose data was improperly used. The EU Parliament stated it is “seriously concerned about the change in the terms of service” for Facebook
  • Persisting weaknesses regarding the respect of fundamental rights of European data subjects, including lack of effective remedies in US law for EU citizens whose personal data is transferred to the United States
  • The Clarifying Overseas Use of Data (“CLOUD”) Act signed into law in March 2018 allows US law enforcement authorities to compel production of communications data, even if they are stored outside the United States
  • Uncertain outcomes regarding pending litigation currently before European courts, including Schrems II and La Quadrature du Net and Others v Commission.

 

Image result for max schrems
Max Schrems is an Austrian lawyer and privacy activist. In 2011 (at the age of 25) while studying abroad at Santa Clara University in Silicon Valley, Schrems decided to write his term paper on Facebook’s lack of awareness of European privacy law. His activism led to the replacement of the Safe Harbor system by the Privacy Shield.

What happens if the Privacy Shield is suspended?

In a joint press release last month, the representatives from the EU and USA together reaffirmed “the need for strong privacy enforcement to protect our citizens and ensure trust in the digital economy.” But that may be easier said than done.

In the event that the Privacy Shield is suspended, entities transferring European personal data to the United States will need to consider implementing alternative compliant transfer mechanisms, which could include the use of Binding Corporate Rules, Model Clauses, or establishing European subsidiaries. To ensure that the American data importer implements an efficient and compliant arrangement, such alternatives would need to be assessed on a case-by-case basis involving careful review of data flows, and the controller and processors involved.

Regardless of the method used to transfer data, American companies must ensure that they receive, store, or otherwise use European personal data only where lawfully permitted to do so. The joint statement noted above concluded by saying that the “U.S. and EU officials will continue to work closely together to ensure the framework functions as intended, including on commercial and national-security related matters.”

The European Commission is currently analysing information gathered from its American counterparts, and will publish its conclusions in a report before the end of the year.