The U.S. Supreme Court has handed down a major decision, Carpenter v. United States,1 concerning the Fourth Amendment’s application to the rapidly evolving technological landscape. The 5-4 decision dramatically alters the status quo concerning government requests for data about individuals that is collected and held by third parties. Under Carpenter, personal location information maintained by a third party that the government could previously obtain with a subpoena or similar order will now require a warrant meeting the standards of the Fourth Amendment.

By finding that information held by a third party is—in at least some circumstances—protected by the Fourth Amendment, the Supreme Court has upended decades of precedent in an effort to keep the amendment relevant in the digital age. Although portrayed by the court as a narrow decision, like other recent Supreme Court decisions concerning privacy and the Fourth Amendment, Carpenter will likely result in a broad reconsideration of what information law enforcement can properly obtain without a warrant. Companies will now have to carefully consider their statements regarding the sharing of data with law enforcement, and how they will respond to law enforcement agencies’ requests for data without a warrant.
Continue Reading U.S. Supreme Court Requires Warrant for Law Enforcement Requests for Location Information from Third Parties

2018 promises to be an interesting year in the world of privacy and cybersecurity. In this article, we highlight a few of the most notable developments we expect this year, including major developments in Europe, changes and pending cases at the Federal Trade Commission (FTC), notable U.S. Supreme Court cases scheduled to be decided this year, and some areas of legislation that actually may become law in the U.S.

Big Changes Taking Effect in the European Union

One of the biggest areas where everyone in the privacy field will be looking in 2018 is the European Union (EU). On the legislative front, the General Data Protection Regulation (GDPR) will enter into force on May 25, 2018; the proposed e-Privacy Regulation is scheduled to be adopted this year; and the EU parliament will issue a report on the proposed Regulation on Non-Personal Data. Additionally, the Court of Justice of the EU (CJEU) will rule on several important data protection cases, including on third-party tracking, the right to be forgotten, and the possibility of class actions.Continue Reading A Look Ahead at Privacy and Data Security in 2018