Unforced Error: A Lawyer's View On The ESA's Doxxing Of 2000+ E3 Attendees (VL81)


Manage episode 239241789 series 2515620
By Hoeg Law. Discovered by Player FM and our community — copyright is owned by the publisher, not Player FM, and audio is streamed directly from their servers. Hit the Subscribe button to track updates in Player FM, or paste the feed URL into other podcast apps.
On August 2, 2019, independent reporter Sophia Narwitz broke the story that the Entertainment Software Association (ESA), leading trade association of the video game industry, had made publicly available the personal information of more than 2,000 media members that had attended June 2019's Electronic Entertainment Exposition (E3). Despite having waited for the ESA to disable access to the data before publishing, after Ms. Narwitz' posting it quickly became apparent that the ESA had not removed the data and that the same was still accessible to those inclined to search for it by other means. The fallout was immediate and wide-ranging. How did this happen and what was the nature of the leak on the ESA's website? Why are the statements the ESA has made in response seemingly untethered from what actually happened? What part of the ESA's privacy policies might have given them the belief that they could publish E3 attendees' personal data? And finally, how might the release be litigated and what penalties could the ESA be facing in California, in Europe under the General Data Protection Regulation (GDPR), and beyond? Buckle in. The ESA has blindly stumbled into...Virtual Legality. CHECK OUT THE VIDEO AT: https://youtu.be/yNA2xRNwq4s #ESA #E3 #Doxxing *** Discussed in this episode: "The Entertainment Software Association doxxed over 2000 journalists..." Tweet - August 2, 2019 - Sophia Narwitz (@SophNar0747) (https://twitter.com/SophNar0747/status/1157434089236049920) VIDEO AT: https://youtu.be/aDflWZ1CbrA "E3 organization leaks data for over 2,000 journalists and analysts" VentureBeat/GamesBeat - August 2, 2019 - Jeff Grubb (https://venturebeat.com/2019/08/02/e3-data-leak/) E3 Website (https://www.e3expo.com/) ESA Privacy Policy (http://www.theesa.com/privacy-policy/) E3 Additional Media Badge Requirements (https://www.compusystems.com/servlet/AttendeeRegLoginServlet?evt_uid=124) "California Consumer Privacy Act of 2018" CALIFORNIA CIVIL CODE 1798.100 - 1798.199 (https://leginfo.legislature.ca.gov/faces/codes_displayText.xhtml?lawCode=CIV&division=3.&title=1.81.5.&part=4.&chapter=&article=) CA "Internet Privacy Requirements" CALIFORNIA BUSINESS AND PROFESSIONS CODE 22575 - 22579 (https://leginfo.legislature.ca.gov/faces/codes_displayText.xhtml?lawCode=BPC&division=8.&title=&part=&chapter=22.&article=) CA "Enforcement" CALIFORNIA BUSINESS AND PROFESSIONS CODE 17200 - 17210 (https://leginfo.legislature.ca.gov/faces/codes_displayText.xhtml?lawCode=BPC&division=7.&title=&part=2.&chapter=5.&article=) General Data Protection Regulation (GDPR) (https://gdpr-info.eu/) GDPR Article 3 "Territorial Scope" (https://gdpr-info.eu/art-3-gdpr/) GDPR Article 6 "Lawfulness of processing" (https://gdpr-info.eu/art-6-gdpr/) GDPR Article 4 "Definitions (https://gdpr-info.eu/art-4-gdpr/) GDPR Article 7 "Conditions for Consent" (https://gdpr-info.eu/art-7-gdpr/) GDPR Article 83 "General conditions for imposing administrative fines" (https://gdpr-info.eu/art-83-gdpr/) GDPR Article 79 "Right to an effective judicial remedy against a controller or processor" (https://gdpr-info.eu/art-79-gdpr/) *** FOR MORE CHECK US OUT: On Twitter @hoeglaw At our website: https://hoeglaw.com/ On our Blog, "Rules of the Game", at https://hoeglaw.wordpress.com/ On "Help Us Out Hoeg!" a regular segment on the Easy Allies Podcast (formerly GameTrailers) (https://www.youtube.com/channel/UCZrxXp1reP8E353rZsB3j

130 episodes