opinion

Adult Biz & the Law: Violations and the Violated

In early November, Uber found itself under fire for a number of privacy violations and frankly chilling suggestions of how it can use its data. One of Uber’s executives admitted spying on a journalist, and reports leaked out about how Uber used its “God view” ability to watch well-known passengers’ whereabouts as a mere party trick. Another Uber executive suggested that if journalists were critical of tech companies, that they should be fair game if tech companies wanted to use their data to mine for dirt on them.

When I saw this story, it reminded me of a time when I was with an executive at an adult entertainment company, and he bragged about how his site had a handful of celebrity members — and he liked to voyeuristically keep tabs on what they liked to watch. He began rattling off names and titles of works, smirking at the power he had in his hands.

Today, privacy storms are brewing on both sides of the Atlantic, and woe unto the adult entertainment company that ignores the forecast.

Wherever there is private data, there is the potential for misuse and exploitation. And in the adult space, that potential is explosive. No matter how a judge or jury might look at Uber’s sins, you can bet your company that they would look much more negatively at a porn company that unethically exploited its members’ data.

America Slumbers, Europe Advances – If You Want Euros, Advance With The E.U.

Today, privacy storms are brewing on both sides of the Atlantic, and woe unto the adult entertainment company that ignores the forecast.

Locally, the American public is just starting to wake up to privacy worries. We know that the NSA spies on us constantly. Target can’t keep your credit card data safe. Silicon Valley’s behemoths love to use your personal life as their own private raw material. Americans chafe at it, but a mass exodus from Facebook has not come to pass. Meanwhile, few legislators seem focused on privacy issues — but to presume that it will always be so is naïve.

Right now, regulatory forces are not putting pressure on companies in the U.S. But, in Europe, privacy is a constitutional right — and if you want euros to come into your merchant account, you had better be versed in E.U. privacy issues.

The Charter of Fundamental Rights of the European Union is the equivalent of an E.U. Constitution, and with the Lisbon Treaty of 1 December 2009, it became a legally binding primary law of the E.U. The charter contains provisions protecting private and family life (Article 7), and establishes a right to data protection (Article 8). The combination of Articles 7 and 8 raise privacy issues to the level of fundamental rights for all Europeans. While they are balanced by free expression concerns, protected by Article 11 of the charter, privacy and free expression rights are equal partners in the European constitutional landscape.

The ill-named and poorly understood “right to be forgotten” case grew from this balance of rights. While Silicon Valley employed its usual harpies to screech that this right would “break the Internet,” no such thing has happened. In fact, the mere name “right to be forgotten” displays a fundamental misunderstanding of the rights and responsibilities created by the charter and E.U. legislation. The real message from this case is not that anyone can erase their past — that would be impermissible under Article 11 of the charter. What it really meant was that Europe recognizes that data about you belongs to you — and you can exercise some rights over it.

This is not a completely alien concept in the U.S. Consider HIPAA. Every time you go to the doctor’s office, you likely have to sign a form that tells you how your healthcare information will be used, and you are vaguely aware of the fact that the doctor can’t use it for improper purposes. The rationale behind that is that you own your personal data about your medical history, and nobody else can use it for their own purposes. Sure, doctors can share it with insurance companies, but a journalist can’t go to your doctor and ask to publish the results of your latest test on that nasty itch you have. Why? Privacy.

To put it very simply, for the sake of column space, Europeans have HIPAA-style protection (to some degree) for all of information about them. While a journalist can write about them, because Europe has strong free speech laws as well, Google can’t just take the information data and use it as its raw material for its own purposes, unless it wants to adhere to E.U. law balancing personal data integrity rights with free speech rights. And neither can an adult company in the U.S. or anywhere else, unless that company wants to give up the lucrative (and growing) E.U. market.

Realities Of Today

European companies are already wrestling with this issue. In fact, E.U. legislation requires every company doing business with E.U. customers, including companies outside the E.U., to hire a “data protection officer,” (DPO) to handle privacy issues. That DPO has to be an outside contractor with at least a four-year contract.

Now lets come back around to what this means for the average adult entertainment company. If you have a paysite or an affiliate program, or even if you merely manage a tube site, you are going to have a data privacy issue one day. Maybe, as in the example above, an executive is watching what celebrity members enjoy in their free time. Or, maybe one of your employees is mining your data for other nefarious purposes. Those kinds of transgressions are easy to spot, and it does not take much to explain why they can be problematic.

But, what if the victim is an E.U. citizen? In cases like that, the repercussions can be financially devastating. And, don’t think that a U.S. address protects you – E.U. regulators take the position that if you do more than a sliver of business in Europe, you’re subject to E.U. data protection laws. If you violate E.U. law and get sued or prosecuted for it, you can kiss future euros goodbye.

The Dark Future — Privacy Trolls Arise

And with that, bring on the predators. You can rest assured that right now, some enterprising lawyer is in his office in Europe thinking of a way to start trolling the adult entertainment industry. The myriad violations that likely take place every day are probably enough to warrant a full shakedown scheme. Given how little this industry has seemed concerned about privacy issues to date, it will be a target rich environment for enterprising regulators and opportunistic attorneys.

Get ready now — before it becomes fashionable. By then, it will be a bit too late.

If the last time you reviewed your privacy policy was when you set up your website, you’re sitting on a cracked foundation. But, don’t just re-write your policy. You need to do a comprehensive audit of your data protection practices, and you need to do so with the assistance of professionals trained in E.U. law as well as your home country’s law.

Marc J. Randazza is the managing partner at Randazza Legal Group. The firm has offices in Las Vegas and Miami, both specializing in intellectual property, First Amendment and Internet law. He can be reached at info@randazza.com.

Related:  

Copyright © 2024 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More Articles

opinion

Best Practices for Payment Gateway Security

Securing digital payment transactions is critical for all businesses, but especially those in high-risk industries. Payment gateways are a core component of the digital payment ecosystem, and therefore must follow best practices to keep customer data safe.

Jonathan Corona ·
opinion

Ready for New Visa Acquirer Changes?

Next spring, Visa will roll out the U.S. version of its new Visa Acquirer Monitoring Program (VAMP), which goes into effect April 1, 2025. This follows Visa Europe, which rolled out VAMP back in June. VAMP charts a new path for acquirers to manage fraud and chargeback ratios.

Cathy Beardsley ·
opinion

How to Halt Hackers as Fraud Attacks Rise

For hackers, it’s often a game of trial and error. Bad actors will perform enumeration and account testing, repeating the same test on a system to look for vulnerabilities — and if you are not equipped with the proper tools, your merchant account could be the next target.

Cathy Beardsley ·
profile

VerifyMy Seeks to Provide Frictionless Online Safety, Compliance Solutions

Before founding VerifyMy, Ryan Shaw was simply looking for an age verification solution for his previous business. The ones he found, however, were too expensive, too difficult to integrate with, or failed to take into account the needs of either the businesses implementing them or the end users who would be required to interact with them.

Alejandro Freixes ·
opinion

How Adult Website Operators Can Cash in on the 'Interchange' Class Action

The Payment Card Interchange Fee Settlement resulted from a landmark antitrust lawsuit involving Visa, Mastercard and several major banks. The case centered around the interchange fees charged to merchants for processing credit and debit card transactions. These fees are set by card networks and are paid by merchants to the banks that issue the cards.

Jonathan Corona ·
opinion

It's Time to Rock the Vote and Make Your Voice Heard

When I worked to defeat California’s Proposition 60 in 2016, our opposition campaign was outspent nearly 10 to 1. Nevertheless, our community came together and garnered enough support and awareness to defeat that harmful, misguided piece of proposed legislation — by more than a million votes.

Siouxsie Q ·
opinion

Staying Compliant to Avoid the Takedown Shakedown

Dealing with complaints is an everyday part of doing business — and a crucial one, since not dealing with them properly can haunt your business in multiple ways. Card brand regulations require every merchant doing business online to have in place a complaint process for reporting content that may be illegal or that violates the card brand rules.

Cathy Beardsley ·
profile

WIA Profile: Patricia Ucros

Born in Bogota, Colombia, Ucros graduated from college with a degree in education. She spent three years teaching third grade, which she enjoyed a lot, before heeding her father’s advice and moving to South Florida.

Women In Adult ·
opinion

Creating Payment Redundancies to Maximize Payout Uptime

During the global CrowdStrike outage that took place toward the end of July, a flawed software update brought air travel and electronic commerce to a grinding halt worldwide. This dramatically underscores the importance of having a backup plan in place for critical infrastructure.

Jonathan Corona ·
opinion

The Need for Minimal Friction in Age Verification Technology

In the adult sector, robust age assurance, comprised of age verification and age estimation methods, is critical to ensuring legal compliance with ever-evolving regulations, safeguarding minors from inappropriate content and protecting the privacy of adults wishing to view adult content.

Gavin Worrall ·
Show More