Archive:November 2024

1
Clarifications of Legal Bases for Cross-Border Data Transfers in Landmark Judgment by the Guangzhou Internet Court in China
2
Mass. SJC Limits Website Tracking Technology Claims Under Wiretap Act

Clarifications of Legal Bases for Cross-Border Data Transfers in Landmark Judgment by the Guangzhou Internet Court in China

By: Sarah Kwong, Dan Wu, and Amigo Lan Xie

The Guangzhou Internet Court in China (Court) issued a landmark judgment under the Personal Information Protection Law (PIPL) (Judgment). This marked the first court decision in China regarding cross-border personal information transfers. In the case, the plaintiff expressed concerns about his personal information being transferred internationally without his explicit consent, while the defendants argued that the data processing was necessary for contractual obligations and aligned with industry standards.

Read More

Mass. SJC Limits Website Tracking Technology Claims Under Wiretap Act

By: Christopher Valente and Michael Stortz

In a critical new decision, the Massachusetts Supreme Judicial Court has confirmed that the state’s anti-wiretapping statute does not extend to website tracking technologies. In Vita v. New England Baptist Hospital, the Court held that the state’s 1968 Wiretap Act (Mass. G.L. c. 272, § 99) does not apply to the deployment of online software that collects and transmits information regarding user interactions with websites to third parties.

The Court’s opinion is both extensive and precise, in that the Court’s ruling turned on the scope of the Wiretap Act’s prohibition against unauthorized interception of “communications,” a phrase undefined in the statute. Canvassing dictionary definitions, prior decisions under the Act, and caselaw from outside of the Commonwealth, the Court determined that “communications” applies to “conversations and messages between people[,]” rather than web browsing or other standard interactions with websites. Noting the “significant difference between communicating with a person and communicating with a website,” the Court rejected plaintiffs’ claims that the hospital defendants violated the Wiretap Act by deploying website tracking technologies before obtaining user consent.

In dissent, Justice Wentlandt argued that the majority’s opinion improperly limited the statute’s scope, and that the hospital defendants’ privacy policies misrepresented that users’ identities and privacy would be protected. Notably, both the majority and dissent agreed that users might have other remedies under common law, and that the analysis may differ depending on whether the interception involved confidential medical information, as opposed to browsing history on public websites involving less potentially sensitive topics.

The decision illustrates the difficulties of applying decades-old statutes in the context of current online tracking tools. As the majority aptly observed, the plaintiffs’ proposed reading of the Wiretap Act would potentially impose “severe criminal and civil penalties” on “thousands of websites of owners” across myriad industries. As courts across jurisdictions grapple with this ever-increasing species of litigation, the Vita decision may help establish guardrails, based on the specific online activity at issue, the nature of the website or application, and user consent to the challenged technology.

Copyright © 2024, K&L Gates LLP. All Rights Reserved.