NEWS

CYBER AND PRIVACY LAW MARCH, 2023

The Utah State legislature has passed a new law wherein children and teenagers would lose access to social media apps such as TikTok if they don’t have parental consent and would face other restrictions under a first-in-the-nation law designed to shield young people from the addictive apps. See the following web link: https://winnipeg-can.newsmemory.com/?publink=0f57cdb31_134aad8 courtesy of the Winnipeg Free Press. 

It would prohibit kids under 18 years of age from using social media apps between the hours of 10:30pm and 6:30am. The law would require anyone who wants to use social media in the state to confirm their age and they want to seek tech companies from luring kids to their apps using addictive features.  

Federal laws are not keeping up with the changes in social media space. The state legislators are now taking action. But there are some serious questions and concerns that this new law raises.  What about freedom of choice? And, what about the ability for one to make a living with the use of data? Meta, that owns both facebook and Instagram, make their money by targeting advertising to their users. If the new laws do continue, the tech giants are going to have to design new features so that promotion ads are prohibited from being shown to minors.  

The mental health of young people is what is driving the new laws.  

Children can certainly get around the feature by simply lying about their age. How the state legislature is going to enforce the new law is an open question. 

There already is the federal Children’s Online Privacy Protection Act that prohibits companies collecting data from children under age 13. 

The USSC heard oral arguments last month in a very important case known as Gonzalez v. Google. It involves a review of the use and importance of section 230 in the Communications Decency Act. This section essentially establishes that interactive computer service providers and users shall not be treated as the publishers or speakers of content provided by third parties, and shall not be held liable for good faith content moderation efforts to remove “objectionable” content. As is discussed in legal arguments like that submitted by the ACLU, the debate centers around the rights of the individual to be able to make up their own mind as to what information is tolerable and what is not, and the state interests to shield its population from hate speech and holocaust deniers as well as extremist group’s.  It will be interesting to see how the USSC decides the issues in this case.  

In Canada, and for a related discussion about privacy rights is the case of Andrei Bykovets v. His Majesty The King. The Alberta Court of Appeal upheld the convictions of credit card fraud holding that there was no section 8 violation. The Court held that there is no right of privacy with an IP address. The case is on its way to the SCC. There is the Spencer case of the SCC from a few years back that dealt with search of a house and the issue of privacy in terms of internet subscriber information. The police in Spencer made direct contact with the cable provider and asked for the subscriber information pursuant to PIPEDA. But the police never secured a warrant. It was in effect a warrantless search which the Court held was a violation of section 8 rights under the Charter. However, the court admitted the evidence under s. 24(2) due to the heinous nature of child pornography and the genuine actions of the police. In Bykovets, the police did secure a warrant for the two IP addresses in question. It’s an interesting issue to be decided by the high Court. 

Privacy interests are certainly present when the biographical core of a person’s identity is the focus of attention. The lines get a little grey and less defined when we are talking about IP addresses and numerical data. To what length is the IP address information considered private? 

David H. Davis of Davis Cyber Law specializes in strategic risk management, incident response, privacy & data protection, and advocacy. He can be reached by email at david@daviscyberlaw.com or by telephone at 204-956-2336. We are also on the web at www.daviscyberlaw.com