' Kelsey McQuilkin | MTTLR

Patchwork Privacy: The Need for a Uniform Approach to Data Protection

When implemented in 2018, the European Union’s General Data Protection Regulation (GDPR) represented the most comprehensive privacy and data protection laws to date in the world. Its territorial scope is quite staggering. By its terms, the GDPR governs businesses based in the EU that process personal data, whether or not that data is physically stored or processed in the EU, and those that offer goods or services to or monitor the online behavior of individuals within the EU. Many non-EU citizens enjoy the broad protections guaranteed by the GDPR as well, through companies that voluntarily extend their GDPR-compliant policies to customers worldwide, albeit to varying extents. The significant fines imposed for infringement under the GDPR have encouraged widespread compliance with its provisions. However, there are still many parts of the world where the GDPR does not apply that need data and privacy protection too. Countries such as Brazil and Japan have considered following the lead of the European Union’s efforts to protect privacy and data. The United States, however, has yet to enact data protection legislation of its own, at least at the federal level. For the time being, it is a state-by-state endeavor. California is currently the leader in this regard, with its California Consumer Privacy Act (CCPA), which was enacted in 2018 and went into effect at the beginning of this year. The result of this patchwork system of data protection and privacy laws and regulations is that international companies must ensure they are compliant with each separate one to which they are subject (and with the borderless nature of the Internet, most companies today are international...

In re Ricardo P. and the Privacy Rights of Probationers: An Incomplete Resolution

Should a probationer be forced to submit to warrantless searches of their electronic devices at any time, including being forced to provide all electronic passwords to a probation officer to allow remote and continuous monitoring? In its recent decision in In re Ricardo P., the California Supreme Court grappled with this question as it related to juvenile probationer Ricardo P. After admitting to two counts of felony burglary, the minor was placed on probation; “[o]ne of the probation conditions requires Ricardo to ‘[s]ubmit…electronics including passwords under [his] control to search by Probation Officer or peace office[r] with or without a search warrant at any time of day or night.’” Ricardo challenged the condition as both constitutionally overbroad and unreasonable under People v. Lent, a California Supreme Court case setting out a three-prong test which, if satisfied, invalidates a probation condition as unreasonable. On appeal neither party disputed that the first two prongs were satisfied and only the third prong, which looks at whether the condition is reasonably related to future criminality, was at issue. The Court ultimately found that for Ricardo, the electronic search condition was not reasonably related to future criminality, the third prong of Lent was thus satisfied, and the condition was therefore invalid. In so holding, the Court explained that an analysis of the third prong of Lent required weighing an interest in effective supervision with the burden on a probationer. Writing for the majority, Justice Liu discussed the deep privacy right implications of such a probation condition, and the significant burden that imposing the condition would place on a probationer. In rejecting the California Attorney...