LEXQUIRO PLLC provides this Technology Law Glossary as a public service. In defining each term, statute, or case, every attempt has been made to provide an understandable and correct meaning. However, technology laws and regulations are subject to change. This means that the meanings of some terms in this Technology Law Glossary may change. In addition, different jurisdictions may use different definitions. Cases cited are generally available through Google Scholar (Case Law) and are provided for context, not legal authority.
Therefore, you should not make legal decisions based on these Technology Law Glossary definitions without first checking with an attorney to take your circumstances and situations into account.
If there is a word, phrase, case, or statute that should be added to this Technology Law Glossary, please use the contact form to request we add it.
Latest additions: ABC Test (August 22, 2019); Affirmative Consent, Express, Federal Trade Commission Act (August 23, 2019); Opt-in, Opt-out (August 24, 2019)
ABC Test means a test of employee status that presumes a person is and employees unless they: (A) are free from control by the employer; (B) are doing work that is outside the usual course of the employer’s business; and (C) have their own independently established business.
Adhesion Contract (or Agreement) means a standardized contract generally offered on a take-it or leave-it basis, usually by the party with the most bargaining power. Many Website or application Terms of Service (TOS) are adhesion contracts. See generally: Terms of Service; Berksen v. GOGO LLC
Affirmative Consent (Express Affirmative Consent) means approval granted when a person specifically choses or agrees to a course of action, such as use of their personal information. Sometimes referred to as opt-in. The FTC first required it in the consent decree In the Matter of Gateway Learning Corp. Under the FTC Act and the GDPR, affirmative consent cannot be given if the user has no choice but to agree.
Aggregate Consumer Information means information relating to a group or category of consumers or users. Such aggregated data may be anonymized. See generally: CCPA §1798.140(a).
Americans with Disabilities Act (ADA) means a U.S. federal law which requires places of public accommodation be accessible to people with disabilities. Consequently, any barrier to access must be removed. The federal government codified the ADA’s in the Code of Federal Regulations (CFR). Title II, 28 CFR 35 applies to State and Local Governments. Its counterpart, 28 CFR 36, or Title III, applies to Public Accommodations and Commercial Facilities.
Autonomous Privacy means the right to control one’s personal activities or intimate decisions. For example, a person exercises their autonomous privacy right when they keep their medical records and decisions private. Privacy legislation, such as the CCPA, GDPR, and HIPAA provide autonomous privacy rights.
Biometric Identifiers Act means legislation enacted in Washington State in 2017, as codified in the RCW §19.375 et seq. This law regulates the collection and attribution of biometric data to a specific uniquely identified individual. It requires disclosure about how biometric data will be used. In addition, notice and consent must be obtained from an individual before enrolling or changing the use of that individual’s biometric data. See generally: RCW §19.375 et. seq.
Biometric Information means an individual’s physiological, biological, or behavioral characteristics, including an individual’s deoxyribonucleic acid (DNA), which could be used alone or in combination with other identifying data, to establish an individual data subject. See generally: CCPA §1798.140(b); GDPR Art. 4(14).
Biometric Privacy Information Act means legislation enacted in Illinois in 2008, as codified in ILCS §14/1 et seq. This law regulates the collection, use, safeguarding, handling, retention, and destruction of biometric information. See generally: ILCS §14/1 et seq.)
Breach. See Personal Data Breach.
Browser Wrap Agreement means an adhesion contract, such as a Website’s Terms of Service (TOS), where merely accessing the site, or downloading information creates the contract. The case Specht v. Netscape, generally held such agreements are legal, so long as the user had reasonable notice of the terms. See generally: Click Wrap Agreement; Scroll Wrap Agreement; Shrink Wrap Agreement; Berkson v. GOGO LLC,.
California Consumer Privacy Act of 2018 (CCPA) means legislation enacted in California in 2018, as codified in CA CIV §1798.100 et seq. This law goes into effect in Jan. 2020, and applies to California domestic and foreign companies that process the data of natural persons in California (commonly Californians). See generally: CA CIV §1798.100 et seq.
CCPA. See California Consumer Privacy Act.
Click Wrap Agreement means an adhesion contract, such as a Website’s Terms of Service (TOS), where clicking a checkbox creates the contract. See generally: Browser Wrap Agreement; Scroll Wrap Agreement, Shrink Wrap Agreement; Berkson v. GOGO LLC;.
Collect means the buying, renting, gathering, obtaining, receiving, or accessing a consumer’s personal data. See generally: CCPA §1798.140(e).
Commercial Purpose means advancement of a person, party, or organization’s economic interests. See generally: CCPA §1798.140(f).
Controller means a person or party, including an organization, that decides what personal data to collect, store, and process about a data subject. See Processor. See GDPR Art. 4(7).
Consent means any freely given, specific, informed, and unambiguous indication the data subject signifies agreement to the collection and processing of their personal data. See GDPR Art. 4(11).
Consumer. See Data Subject.
Data Anonymization means the processing of personal data so it makes such personal data no longer attributable to a specific data subject. See GDPR Art. 4(5).
Data Subject means a person whose personal data is collected, stored, and processed, or who’s data is being used to create a profile. GDPR Art. 4(1).
De-identified. See Data Anonymization. See CCPA §1798.140(h).
Data Protection Impact Assessment (DPIA) means an analysis of the impact of processing on the protection of personal data. Data controllers prepare the DPIA to define the nature, scope, context, and purposes of the collection and processing, to determine whether there is a high risk to the rights of data subjects. See GDPR Art. 35(1).
Domestic Company means an entity, such as a limited liability company or a corporation, operating within the state where it incorporated.
Entick v. Carrington. British case dating from 1765 which held it was trespass for agents of the British government to use warrants and “writs of assistance” issued by the British Secretary of State, for searching private houses for the discovery and seizure of books and papers that might be used to convict their owner of the charge of libel. Although British Common Law, this case is held up as an example of abuse which led to the 4th Amendment to the U.S. Constitution. See generally: Boyd v. United States.
Expectation of Privacy means a test introduced in Katz v. United States, to determine when and where the government has intruded on a person’s privacy. In Katz, the court held that the Fourth Amendment protects people, not places. In addition, what a person exposes to the public, even in the person’s home or office will generally not be protected. On the other hand, what a person seeks to preserve as private, even in an area accessible to the public, generally is protected. The case introduced a two part test. First did the person exhibit an actual (subjective) expectation of privacy? Second, is that expectation of privacy one that society is prepared to recognize as “reasonable?” See generally: Fourth Amendment.
Express means clear and unmistakable communication.
Facial Recognition means the use of algorithms and other processes to create a “signature” or unique pattern for an individual. This pattern can be used to detect the individual on subsequent observations. Although the unique pattern or template is calculated using photographs or images, only the pattern is permanently stored.
Federal Trade Commission (FTC) Act Section 5 means 15 U.S.C. §45(a)(2) that empowers the FTC to prevent individuals and businesses from using unfair methods of competition and unfair or deceptive acts or practices affecting commerce. Unfair and deceptive acts are described here.
Foreign Company means an entity, such as a limited liability company or corporation, operating outside of the state where it incorporated.
Fourth Amendment means the amendment to the U.S. Constitution which provides that people are to be secure in their persons, houses, papers, and effects, against unreasonable search and seizures, and that no warrants shall issue without probable cause. The Fourth Amendment is available here. See: Expectation of Privacy.
General Data Protection Regulation (GDPR) means Regulation (EU) 2016/679 of the European Parliament and the Council of 27, April 2016 and is the law that applies to companies and organizations in and outside of the EU, that process the personal data of natural persons in the EU. The full English text of the GDPR is available here.
Health Insurance Portability and Accountability Act (HIPAA) means legislation enacted by the U.S. Congress in 1996 as codified in Public Law 104-191 or 110 STAT. 1936. The Act is available here It is often misspelled as HIPPA.
Illinois Compiled Statutes (ILCS) means the state laws of Illinois. The ILCS are available here.
Informational Privacy means the right to control if, how, and when data about a person is made public or shared with others. Privacy legislation, such as the CCPA, GDPR, and HIPAA generally address informational privacy.
Personal Data means any information relating to an identified or identifiable person. Most privacy laws define personal data broadly. For example, even a dynamic Internet Protocol (IP) address, may be considered personal data. See GDPR Art. 4(1).
Personal Data Breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed. GDPR Art. 4(12).
Personal Information. See Personal Data. See CCPA §1798.185(0)(1) and §1798.185(2).
Privacy means the right to be left alone, free from intrusion into or interference with one’s life. Under some privacy laws, such as the GDPR, privacy is a fundamental human right. See GDPR Rec.(1).
Processing means performing operations on personal data or sets of personal data. See CCPA §1798.185(q); GDPR Art. 4(2).
Processor means a person or party, including an organization, which processes personal data about data subjects, for a controller. See Controller. See GDPR Art. 4(8).
Profiling means any form of processing of personal data to evaluate certain personal aspects relating to a data subject in particular, to analyze or predict aspects of the data subject’s behavior. See GDPR Art. 4(4).
Pseudonymization. See Data Anonymization.
Scroll Wrap Agreement means an adhesion contract, such as a Website’s Terms of Service (TOS), where a contract is created when a user scrolls through the terms and clicks a checkbox to acknowledge their agreement. See generally: Browser Wrap Agreement; Click Wrap Agreement; Shrink Wrap Agreement; Berkson v. GOGO LLC;
Shrink Wrap Agreement means an adhesion contract, such as a Website’s Terms of Service (TOS), where a contract is created when a user removes the shrink wrap from a box of software or hardware. Generally, fine print or a label on the box puts the user on notice that by opening the package, they have agreed to the terms of the contract. See generally Berkson v. GOGO LLC; Browser Wrap Agreement; Scroll Wrap Agreement.
Sell means the sale, rent, release, disclosure, dissemination, making available, transferring, or otherwise communicating by any means, personal information. See CCPA §1798.185(t); §1798.185(2).
Third party means a person, public authority or agency, other than controller, data subject, or processor. See CCPA §1798.185(w); GDPR Art. 4(10).
Warrant means a writ directing or authorizing someone to perform an act, for example a writ directing a law enforcement officer to make an arrest, a search, or a seizure.
Writ means a court’s written order commanding the named party to do something, or to refrain from doing something. For example, a Writ of Restitution is used to return property from a tenant to a landlord at the end of a Show Cause hearing regarding an Unlawful Detainer.