- Court spanks parents. In a landmark decision, the Georgia Court of Appeals ruled in Boston v. Athearn that parents can be held responsible for the social media activities of their kids. The case involved a seventh-grade boy who, with assistance from a friend, created a fake Facebook profile for a female classmate; then, pretending to be the classmate, the boy made a series of offensive and outrageous posts, some of which falsely claimed that the classmate suffered from mental illness and took illegal drugs. Following complaints from the victim’s parents, the school suspended the boy for several days, and his parents grounded him for a week; the fake profile, however, remained on Facebook for eleven months. The victim, through her parents, ultimately sued the boy and his parents and the Georgia Court of Appeals, reversing a lower court decision to the contrary, determined that a reasonable jury could find that the boy’s parents, after learning of their son’s behavior, failed to exercise due care from that point onward by allowing the fake profile to remain on Facebook, and that such negligence proximately caused some portion of the injury sustained by the girl. With the growth of cyberbullying, and in the wake of the Boston decision, will we see more suits seeking to hold parents liable for their kids’ online misconduct?
- The oversharing economy. An Uber driver in Albuquerque, New Mexico had his driver account for the company cancelled because of what Uber called “hateful statements regarding Uber through Social Media.” Turns out that he had posted a tweet linking to an article about robberies of Uber drivers, and had included the following observation: “Driving for Uber, not much safer than driving a taxi.” The driver, Christopher Ortiz, said he was just sharing a story that was going around. Uber quickly agreed that he had done no real harm and reinstated him with an apology, calling the original decision “an error.” After all, Ortiz had a high rating from customers (4.8 out of a possible 5), and Uber’s own position is that drivers associated with the company are independent contractors, not company employees.
- What’s not to like? Copyblogger, a highly successful social media and online marketing company, has decided to ditch its Facebook presence – even though it had 38,000 fans for its Facebook page. After a good deal of thought, the company concluded that “Copyblogger’s presence on Facebook has not been beneficial for the brand or its audience.” In a detailed essay, brand marketing consultant Erika Napoletano, whom Copyblogger had brought in for the purpose of improving its Facebook presence, explained the perhaps surprising decision. One of the main reasons: the 38,000 fans didn’t really interact with the page. “The page had an overwhelming number of junk fans. These are accounts with little to no personal status update activity that just go around “Liking” Facebook pages. They’re essentially accounts tied to “click farms”—ones paid pennies for every Facebook page they Like,” Napoletano wrote. For this reason and several others, Copyblogger decided that, going forward, it would be “on the Web, just not on Facebook.”
- Doctor in the mouse. What if you could input a list of your current symptoms to Google, and quickly be connected with a doctor for a brief consultation? For a limited trial period, Google seems to have set up such a system for people who are looking for medical advice online. A lot of the details aren’t known yet, but a Google spokesperson told a Gizmodo reporter, “When you’re searching for basic health information — from conditions like insomnia or food poisoning — our goal is provide you with the most helpful information available.” The feature is part of Google’s Helpouts video-chat service.
- Just shoot me. Data mining has reached the world of selfies. Social media users may not know this, but unless they have marked their photos posted on social media sites as private, the photos can be analyzed in bulk by third parties and used for marketing purposes. Privacy advocates say people should assume that their photos, unless clearly marked as private, are being scanned by market researchers. The rules and regulations applicable to this practice, including the privacy policies of the relevant social media platforms, are not always clear. So if you’ve posted a photo of yourself wearing a particular brand of ski gear on the mountain, some company may be making marketing decisions based on your photo and thousands of others. Soon, it may be targeting ads to you on that basis as well. For our own blog post on this subject, please click here.
- Mere threats? In 2010, Anthony Elonis, a man from western Pennsylvania, made a series of rants on Facebook in the form of rap lyrics that threatened to kill his wife, an FBI agent, and children in a kindergarten class. He claimed that he never intended to kill anyone and that he was merely venting. He also claimed that his comments were protected by the First Amendment. Elonis was nonetheless charged and convicted under a federal threat statute and sentenced to 44 months in prison. The U.S. Supreme Court will hear his appeal in December. The case raises important issues, including whether statements on social media should be treated differently from statements made on the phone or in person. Elonis wrote to the Court, for example, “Modern media allow personal reflections intended for a small audience (or no audience) to be viewed widely by people who are unfamiliar with the context in which the statements were made and thus who may interpret the statements much differently than the speakers intended.”
In June of this year, we sent out an alert about the anticipated new UK copyright infringement exceptions. These exceptions were to be introduced based on the recommendations of the Hargreaves Review. Surprisingly, some of the exceptions had been dramatically pulled from the legislative slate at the last minute. However, the UK government has now upheld its subsequent promise to re-publish the statutory instruments for the infringement exceptions for (1) personal use, (2) parodies and (3) quotations, with new legislation on all three subjects that came into force on October 1, 2014.
Almost in parallel, a European ruling and an Advocate General opinion have helped to prepare for the arrival of the two statutory instruments, with commentary on (i) the scope of parody and (ii) in relation to personal use, the impact of copyright levies.
The New Legislation
Two new regulations have come into force, amending the Copyright, Designs and Patents Act 1988 (the “CDPA”) to include new exceptions for copyright infringement. The first – the Copyright and Rights in Performances (Quotation and Parody) Regulations 2014 (the “Quotation and Parody Regulations”) – extends the provisions for quotations of copyright-protected works (having previously only been available for criticism and review), and creates a new provision for parodies. The second regulation – the Copyright and Rights in Performances (Personal Copies for Private Use) Regulations 2014 (the “Personal Copies Regulations”) – concerns making copies of copyrighted works for personal use.
From October 1, 2014, the free quotation of copyright protected works is no longer limited to reporting current events or to works of criticism or review. The Quotation and Parody Regulations, inserted into the CDPA as section 30(1ZA), now permit quotation for any purpose, provided that:
- the work quoted has been made publicly available;
- the use of the quotations constitutes “fair dealing” with the work;
- the extent of a quotation is no more than is necessary for the purpose; and
- the quotation is accompanied by sufficient acknowledgment to the copyright owner (unless this is impossible).
The UK Intellectual Property Office has stated that this amendment will help to save costs on copyright clearance, support free expression and align UK law with the rest of Europe. However, as anticipated in our previous alert, the Quotation and Parody Regulations do not provide a definition of “quotation”, or guidance as to how extensive a “quotation” is allowed to be. This may place undue pressure on the meaning of “fair dealing” as UK courts seek to define the scope of the exception.
The new exception for parodies allows fair dealing with a work for the purposes of caricature, parody or pastiche (section 30A of the CDPA) and provides that fair dealing with a recording or performance (section 2A to Schedule 2 of the CDPA) for the purposes of parody does not infringe copyright conferred in the performance or recording. This change now means that the permission of the copyright holder will no longer have to be obtained, provided that the use of the original work is fair and proportionate. This is good news for British comedians and artists, it would seem, unless, of course, it is their work that is being parodied.
However, an EU court ruling on parodies in September 2014 has already placed some restrictions on the new legislation. In Deckmyn v Vandersteen C-201/13, the Court of Justice of the European Union (the “CJEU”) defined a parody as something that evokes an existing work while being noticeably different from it and constituting an expression of humour or mockery. The CJEU also stated that national courts must strike a balance between copyright owners’ interests and mimickers, and that copyright owners have a legitimate interest in disassociating their work from a parody, if the parody involves a discriminatory message.
This creates a whole new checklist for UK courts to consider, alongside the usual fair dealing test. Judges will have to also hold a view on whether the parody (i) strikes a fair balance, (ii) differs noticeably from the original work, and (iii) is sufficiently humorous. In particular, the last of these requirements may worry budding parodists, who could end up having to justify their comedy in front of a very different audience than first intended.
In a little-noticed decision, Matter of Noel v. Maria, Support Magistrate Gregory L. Gliedman—a Staten Island, New York family court official—recently permitted a father seeking to modify his child support payments to serve process on the child’s mother by sending her a digital copy of the summons and petition through her Facebook account.
Magistrate Gliedman’s decision struck us at Socially Aware—where we follow such developments closely—as a groundbreaking move. We are unaware of any published U.S. court opinion permitting a plaintiff to serve process on a domestic, U.S.-based defendant through a Facebook account.
While the same federal district court subsequently allowed the FTC to serve defendants through Facebook in FTC v. PCCare247, the service at issue in that case concerned documents other than the summons and complaint, and the defendants were two India-based entities and three India-based individuals who had already appeared through counsel and shown themselves to be on notice of the lawsuit.
Other cases authorizing service via social media have been similarly limited in scope. For example, in WhosHere v. Orun, the U.S. District Court for the Eastern District of Virginia allowed service via social media on a defendant who allegedly resided in Turkey. In Mpafe v. Mpafe, a Minnesota family court authorized the service of divorce proceedings on a defendant by “Facebook, Myspace or any other social networking site” where the defendant was believed to have left the country.
- Big and bigger. Facebook and Twitter are the leading social media networks and, according to a recent Forbes article, they have some interesting similarities and key differences. Facebook is clearly the larger and more successful platform, with over 1.3 billion monthly active users and $2.9 billion in quarterly revenue, compared to Twitter’s 271 million monthly active users and $312 million in quarterly revenue. Both rely heavily on mobile users, with 86 percent of Twitter’s traffic coming via mobile devices while 68 percent of Facebook’s traffic is through such devices. And, every minute, there are roughly 350,000 tweets and 382,000 Facebook “likes.” Not bad for a 10-year old (Facebook) and an 8-year old (Twitter).
- New media, meet old media. Can success on the ultra-popular social network YouTube translate into success in, of all things, printed books? The book publishing industry is betting that it can, and has searched the world of pop-culture personas on YouTube for people who might be able to convert their millions of online followers into book readers. Take Michelle Phan, whose YouTube channel with makeup and beauty advice has attracted more than seven million subscribers. Her new book, “Make Up,” is set for publication this month, and is generating a big buzz. One industry executive dubs the video stars-turned-authors phenomena a “book-publishing tsunami.”
- Glass pain. We’re all aware that alcohol, drugs, smoking and gambling can become dangerous addictions. Will we soon be adding wearable computers to this list? According to The Guardian, scientists have recently diagnosed and treated a man “believed to be the first patient with internet addiction disorder brought on by overuse of Google Glass.” The patient reportedly removed his Glass only to shower and sleep, and, while sleeping, viewed his dreams as if he were still wearing the device. Although being treated for Glass addiction and alcohol addiction at the same time, the patient informed his doctors that his withdrawal from Glass was more difficult than his withdrawal from alcohol.
Congratulations to Socially Aware’s London-based correspondent Sue McLean for being shortlisted for the Women in the City Woman of Achievement Awards 2014. Established in 2007, these awards recognize senior level women who are actively promoting and encouraging the progress of women within their own organizations and beyond. Winners will be announced on October 23 at a celebration evening. In addition to her many contributions to Socially Aware, Sue is of counsel in Morrison & Foerster’s Technology Transactions Group, is the founder and chair of the firm’s MoFo Women affinity group, and manages and mentors a number of lawyers in the firm. She is also a passionate advocate of gender diversity in tech. Just this week she hosted and chaired a “Women in Technology” roundtable with Harriet Minter of The Guardian newspaper. Senior women from leading companies such as VMware, Oracle, Intel, IBM, and Fujitsu, along with other representatives from across the sector, attended to discuss how we can improve gender diversity in tech. It was a great success and follow-up sessions are planned.
- Buy local. Facebook has just announced that it’s going to provide hyper-local advertising services for merchants who want to reach consumers in very specific geographic areas. This new feature reportedly will allow a business to target just those consumers who are within a mile of the physical location of such business. Facebook is able to roll out this new business because so many of Facebook’s one billion plus mobile users permit Facebook to collect their location information, or otherwise provide Facebook with the data needed to allow hyper-local ads. This new feature should launch in the United States in just a few weeks.
- Psst – wanna know a secret? Secret is a hot new social network designed to permit people to share their secrets online in a completely anonymous setting, without letting anyone know who has made the post. But how secure is it actually? According to a Wired article, not very secure. “White hat” hackers – those who try to find the vulnerabilities of a network without doing harm – have repeatedly found out people’s supposed secrets by using basic hacking techniques. The best-known hack works only one way; the hacker can find a person’s secret if the hacker knows the person’s e-mail address, but can’t tie a posted secret to any particular individual. The Wired article raises an interesting question as to whether any app or platform can be truly social and truly secret at the same time.
- Nyet. The U.S. Court of Appeals for the Second Circuit recently rejected an effort by prosecutors to use a profile page from a popular Russian social media platform, Vk.com, to link a defendant with the sending of an allegedly fake birth certificate from a particular e-mail address. The Vk.com profile page at issue included a photograph of the defendant and the name “azmadeuz,” which was part of the e-mail address in question. The trial court had admitted the page into evidence, but the Second Circuit reversed, finding that, although it doesn’t take much to authenticate evidence, the page at issue could not be authenticated. In particular, the Second Circuit found that there could be no “reasonable conclusion” that the page at issue belonged to the defendant and wasn’t bogus in some way. The truly interesting question is whether there should be a higher standard for authenticating social media and other Internet-based evidence; the Second Circuit, however, declined the opportunity to set such a higher standard; rather, the focus should remain on the specific facts surrounding the specific item of evidence to be authenticated.
Not to be outdone by Florida, California has yet again amended its data security breach law and again in groundbreaking (yet confusing) fashion. On September 30, 2014, California Governor Brown signed into law a bill (“AB 1710”) that appears to impose the country’s first requirement to provide free identity theft protection services to consumers in connection with certain data security breaches. The law also amends the state’s personal information safeguards law and Social Security number (“SSN”) law. The amendments will become effective on January 1, 2015.
Free Identity Theft Protection Services Required for Certain Breaches
Most significantly, AB 1710 appears to amend the California breach law to require that a company offer a California resident “appropriate identity theft prevention and mitigation” services, at no cost, if a breach involves that individual’s name and SSN, driver’s license number or California identification card number. Specifically, AB 1710 provides, in pertinent part, that if a company providing notice of such a breach was “the source of the breach”:
an offer to provide appropriate identity theft prevention and mitigation services, if any, shall be provided at no cost to the affected person for not less than 12 months, along with all information necessary to take advantage of the offer to any person whose information was or may have been breached.
The drafting of this requirement is far from clear and open to multiple readings. In particular, the use of the phrase “if any” can be read in multiple ways. For example, the phrase “if any” can be read to modify the phrase “appropriate identity theft prevention and mitigation services.” Under this reading, the law would impose an obligation to provide free identity theft protection services if any such services are appropriate. The phrase “if any,” however, could be read to modify the “offer” itself. Under this alternate reading, the law would provide that if a company intends to offer identity theft protection services, those services must be at no cost to the consumer. It is difficult to know how the California Attorney General (“AG”) or California courts will interpret this ambiguity. One thing is clear: until the AG or courts opine, the standard will remain unclear.
The drafting of the requirement also is not clear in other ways. For example, the statute does not specify what type of services would qualify as “appropriate identity theft prevention and mitigation services.” For example, would a credit monitoring product alone be sufficient to meet the requirement? Or would the law require something in addition to credit monitoring, such as an identity theft insurance element?
Nonetheless, state AGs historically have encouraged companies to provide free credit monitoring to consumers following breaches. In addition, even though not legally required, free credit monitoring has become a common practice, particularly for breaches involving SSNs and also increasingly for high-profile breaches. Nonetheless, California appears to be the first state to legally require that companies offer some type of a free identity theft protection service for certain breaches.
AB 1710 is particularly notable in its approach. First, the offer of free identity theft protection services will only be required for breaches involving SSNs, driver’s licenses or California identification card numbers. In this regard, an offer of free identity theft protection services will not be required for breaches involving other types of covered personal information, such as payment card information or usernames and passwords. This approach endorses a position that many companies have long held—that credit monitoring is appropriate only when the breach creates an actual risk of new account identity theft (as opposed to fraud on existing accounts). In addition, the offer of free identity theft protection services will only be required for a period of one year (as opposed to, for example, two years). The length of the offer of free credit monitoring has always been an issue of debate, and California has now endorsed a position that a one-year offer is sufficient.
- Big Brother isn’t just watching. A single mother in upstate New York was surprised to find that she had a Facebook page in her name, complete with photos of her, her son, and her niece. She hadn’t actually set up the page. It turned out that she was being investigated as a bit player in a federal drug investigation and that the Drug Enforcement Administration had created the page in her name, without her permission. The page, which has since been taken down, used the woman’s real name as well as photos from her cell phone, which had been seized by the DEA. The DEA even went so far as to send and accept friend requests for the woman. The woman was sentenced to probation and has sued the DEA agent who put up the page. Facebook says impersonating someone to set up a page is a clear violation of its terms of service.
- Transparency vs. security. Twitter and other technology and communications companies frequently receive requests from the U.S. government for user data that the government asserts it needs for national security purposes. In the interest of transparency, these companies wish to disclose how many such requests they have received, if any, in a given span of time. The government wants to restrict the dissemination of this information and, earlier this year, it reached a settlement on the issue with Google, Microsoft, LinkedIn, Facebook, and Yahoo. Twitter did not reach any such settlement and it has now sued the government in U.S. District Court in California, claiming that the government restrictions violate the First Amendment. The government argues that the more is known about its sources and methods in collecting national security data, the less secure the nation will be. This should be an interesting First Amendment case.
- In the city there’s a thousand things. There’s been a lot of talk about “the Internet of things.” Google now wants to bring the Internet of things directly to city dwellers. What about Zipcars that broadcast when they’re available, or bus stops that communicate with your mobile device about the next bus arrival? As part of its “Physical Web” initiative, Google is seeking to bring these and similar features to the urban environment. The idea is to interconnect seemingly unconnected physical objects that city dwellers encounter on a daily basis. As a Google designer says, “Just tap and use.”
- Yik yuck. As we’ve discussed on this blog, secrecy is all the rage these days in the online world. Yik Yak – a particularly edgy social media app that seeks to preserve user anonymity – is sweeping the country, or at least the nation’s college campuses. With users’ identities concealed, the app has reportedly become a popular means for communicating deeply offensive remarks and even threats of violence. At one school, Colgate University, students launched a sit-in to protest against the ugliness they found on the app. And at the University of Tennessee, Dean of Students Melissa Shivers recently sent an email to students warning about the app and emphasizing the importance of civility on campus. With the growing popularity of anonymous social media platforms such as Yik Yak, expect to see increased tensions between anonymous speech rights and efforts to limit hateful or violent speech.
- Listening in. For some time, many pharmaceutical companies have reportedly “listened in” on patients’ social media conversations to obtain a sense of how their products were actually being used, and data-packaging and data-mining companies have sprung up to help pharma firms get a handle on the discussions on Facebook, Twitter and other social media platforms. Now, investors too are starting to jump into this emerging field of “social listening” to get ideas about where to put their money. An Israeli company, Treato, is actively courting fund managers with its pitch that it can tap into these aggregate conversations. Even though no actual patient names are apparently used in these reports, a lot of people are raising privacy concerns. Big Data, meet Big Privacy – should be an interesting battle to watch.
- Legally social. The Pennsylvania Bar Association just issued a formal ethics opinion on the use of social media by attorneys. Among the key provisions are ones requiring lawyers to have a basic working knowledge of social media as part of their competence in the law, prohibiting lawyers from disclosing confidential client information in response to negative online reviews, and permitting attorneys to access the public portion of jurors’ social media profiles while prohibiting efforts to access private information from such profiles. The formal opinion is one of the most comprehensive on the subject in any state, and is recommended reading for attorneys, regardless of their practice focus.