On August 2, 2019, independent reporter Sophia Narwitz broke the story that the Entertainment Software Association (ESA), leading trade association of the video game industry, had made publicly available the personal information of more than 2,000 media members that had attended June 2019's Electronic Entertainment Exposition (E3).
Despite having waited for the ESA to disable access to the data before publishing, after Ms. Narwitz' posting it quickly became apparent that the ESA had not removed the data and that the same was still accessible to those inclined to search for it by other means.
The fallout was immediate and wide-ranging.
How did this happen and what was the nature of the leak on the ESA's website?
Why are the statements the ESA has made in response seemingly untethered from what actually happened?
What part of the ESA's privacy policies might have given them the belief that they could publish E3 attendees' personal data?
And finally, how might the release be litigated and what penalties could the ESA be facing in California, in Europe under the General Data Protection Regulation (GDPR), and beyond?
Buckle in. The ESA has blindly stumbled into...Virtual Legality.
#ESA #E3 #Doxxing
Discussed in this episode:
"The Entertainment Software Association doxxed over 2000 journalists..."
Tweet - August 2, 2019 - Sophia Narwitz (@SophNar0747)
VIDEO AT: https://youtu.be/aDflWZ1CbrA
"E3 organization leaks data for over 2,000 journalists and analysts"
VentureBeat/GamesBeat - August 2, 2019 - Jeff Grubb
E3 Additional Media Badge Requirements
"California Consumer Privacy Act of 2018"
CALIFORNIA CIVIL CODE 1798.100 - 1798.199
CA "Internet Privacy Requirements"
CALIFORNIA BUSINESS AND PROFESSIONS CODE 22575 - 22579
CALIFORNIA BUSINESS AND PROFESSIONS CODE 17200 - 17210
General Data Protection Regulation (GDPR)
GDPR Article 3 "Territorial Scope"
GDPR Article 6 "Lawfulness of processing"
GDPR Article 4 "Definitions
GDPR Article 7 "Conditions for Consent"
GDPR Article 83 "General conditions for imposing administrative fines"
GDPR Article 79 "Right to an effective judicial remedy against a controller or processor"
PODCAST VERSIONS AVAILABLE AT
Google Play Music:
"Virtual Legality" is a continuing series discussing the law, video games, software, and everything digital, hosted by Richard Hoeg, of the Hoeg Law Business Law Firm (Hoeg Law).
Rick has practiced for more than a decade at some of the country's largest law firms, representing IT, software, video game, and other technology companies, as well as the individuals and institutions which fund them.
DISCUSSION IS PROVIDED FOR INFORMATIONAL PURPOSES ONLY AND IS NOT TO BE CONSTRUED AS LEGAL ADVICE. INDIVIDUALS INTERESTED IN THE LEGAL TOPICS DISCUSSED IN THIS VIDEO SHOULD CONSULT WITH THEIR OWN COUNSEL.
Any and all feedback is appreciated. Let us know what you think!
Blog, "Rules of the Game", at https://hoeglaw.wordpress.com/
On "Help Us Out Hoeg!" a regular segment on the Easy Allies Podcast (formerly GameTrailers)
The Hoeg Law Firm is a business law firm with big law experience and a small firm approach focusing on start-ups, technology, financing, and everything else a business might need.