Header graphic for print

Socially Aware Blog

The Law and Business of Social Media

Status Updates

Posted in Status Updates

Social discovery. Are the photos and status updates that you post to your social media accounts discoverable regardless of the privacy settings you choose? If they contain information that is especially relevant to the case, they probably are. Take, for example, two recent cases in which courts have required litigants to produce information contained in their Facebook accounts. In Nucci v. Target the Florida Court of Appeals denied a personal injury claim plaintiff’s petition to quash an order compelling her to produce photographs from her Facebook account from two years before the accident to the present. The plaintiff sought emotional and economic damages stemming from a fall that she alleged was caused by a foreign substance on the floor of a Target store. The Florida court held that the photographs were “powerfully relevant” to the plaintiff’s damages claim since the quality of her life before and after the accident was at issue, and because surveillance videos of the plaintiff called her account of her post-accident life into question. The court held that this relevance “overwhelms” the plaintiff’s privacy interest in photos posted to a Facebook account despite privacy settings that prevented the photos from being seen by the general public. In the second case, Crowe v. Marquette Transportation Co., a federal district court in Louisiana ordered the plaintiff to produce a complete copy of his entire 4,000-page Facebook history, including the private messages he sent via the Facebook platform. The defendant Marquette alleged that investigators had discovered that the plaintiff in this worker’s compensation case had sent a Facebook message admitting that he was injured while fishing, not while working for Marquette. When, during a deposition, the defendant was shown a printout of the Facebook message, which appeared to have been sent from an account bearing his name, the defendant denied sending the message and testified that his account had been hacked. The district court held that “Marquette is entitled to analyze the thousands of pages of Facebook messages [that the plaintiff] exchanged with others… particularly given his [Facebook-account related] testimony.”

Smartphoning it in. A recent survey from Pew Research Center shows that the number of Americans with smartphones has jumped to 64%—a 29% increase since 2011. Despite the fact that the great majority of those smartphone owners (90%) have other means of accessing the Internet from home, 35% of them “frequently” use their phones to follow along with breaking news, 62% of them have used their phones to look up information about a health condition, and 57% have used their phones to do online banking. Whether someone has used his or her smartphone to access career opportunities, according to Pew, is largely dependent on whether a person is what the research firm calls “smartphone-dependent”—i.e., one of the 10% of Americans with no high-speed Internet access beyond their smartphones’ data plan. Of the smartphone-dependent people surveyed by Pew, 63% used their phones to access job openings in the last year, and 39% used their phones to submit job applications in the last year. Of the overall pool of cell phone owners surveyed by Pew, only 43% and 18% performed those job-search related activities, respectively.

Schadenfacebook. Bummed out by all of your friends’ check-ins at swanky restaurants and photos of their perfect offspring in your newsfeed? It turns out that you can get a handle on the depression that we’ve come to associate with social media use without swearing off your virtual networks altogether. Forbes reports that two new studies—one by the Journal of Social and Clinical Psychology and one out of the University of Houston—have attributed the negative feelings that social media users sometimes experience to the same underlying mechanism: social comparison. And that’s something you can control. So the next time you find yourself clicking back through your old college buddy’s montage of his trip to Machu Picchu, remember: Most people only post the highlights of their experiences, not the reality of their daily lives. And, Forbes’s contributor suggests, “it wouldn’t hurt to post about those quieter, less glamorous moments, too. That might actually go a long way in making people feel more connected, instead of just the opposite.”

Court Protects Anonymity of Yelp Users

Posted in Defamation, First Amendment, Litigation, Privacy

 

0428_BLOG_iStock_000034491882_LargeVirginia’s highest court recently held that Yelp could not be forced to turn over the identities of anonymous online reviewers that a Virginia carpet-cleaning owner claimed tarnished his business.

In the summer of 2012, Joseph Hadeed, owner of Hadeed Carpet Cleaning, sued seven anonymous Yelp reviewers after receiving a series of critical reviews. Hadeed alleged that the reviewers were competitors masking themselves as Hadeed’s customers and that his sales tanked after the reviews were posted. Hadeed sued the reviewers as John Doe defendants for defamation and then subpoenaed Yelp, demanding that it reveal the reviewers’ identities.

Yelp argued that, without any proof that the reviewers were not Hadeed’s customers, the reviewers had a First Amendment right to post anonymously.

A Virginia trial court and the Court of Appeals sided with Hadeed, ordering Yelp to turn over the reviewers’ identities and holding it in contempt when it did not. But in April 2015, the Virginia Supreme Court vacated the lower court decisions on procedural grounds. Because Virginia’s legislature did not give Virginia’s state courts subpoena power over non-resident non-parties, the Supreme Court concluded, the Virginia trial court could not order the California-headquartered Yelp to produce documents located in California for Hadeed’s defamation action in Virginia.

Although the decision was a victory for Yelp, it was a narrow one, resting on procedural grounds. The Virginia Supreme Court did not address the broader First Amendment argument about anonymous posting and noted that it wouldn’t quash the subpoena because Hadeed could still try to enforce it under California law.

After the ruling, Yelp’s senior director of litigation, Aaron Schur, posted a statement on the company’s blog stating that, if Hadeed pursued the subpoena in California, Yelp would “continue to fight for the rights of these reviewers under the reasonable standards that California courts, and the First Amendment, require (standards we pushed the Virginia courts to adopt).” Schur added, “Fortunately the right to speak under a pseudonym is constitutionally protected and has long been recognized for the important information it allows individuals to contribute to public discourse.”

In 2009, a California law took effect, allowing anonymous Internet speakers whose identity is sought under a subpoena in California in connection with a lawsuit filed in another state to challenge the subpoena and recover attorneys’ fees if they are successful. In his Yelp post, Schur added that Hadeed’s case “highlights the need for stronger online free speech protection in Virginia and across the country.”

Had Hadeed sought to enforce the subpoena in California, the result may have been the same but possibly on different grounds. In California, where Yelp and many other social media companies are headquartered, the company would have been subject to a court’s subpoena power. Still, Yelp may have been protected from having to disclose its users’ identities. California courts have offered protections for anonymous speech under the First Amendment to the U.S. Constitution and the state constitutional right of privacy.

Nevertheless, there is no uniform rule as to whether companies must reveal identifying information of their anonymous users. In 2013, in Chevron v. Danziger, federal Magistrate Judge Nathanael M. Cousins of the Northern District of California concluded that Chevron’s subpoenas seeking identifying information of non-party Gmail and Yahoo Mail users were enforceable against Google and Yahoo, respectively, because the subpoenas did not seek expressive activity and because there is no privacy interest in subscriber and user information associated with email addresses.

On the other hand, in March 2015, Magistrate Judge Laurel Beeler of the same court held, in Music Group Macao Commercial Offshore Ltd. v. Does, that the plaintiffs could not compel nonparty Twitter to reveal the identifying information of its anonymous users, who, as in the Hadeed case, were Doe defendants. Music Group Macao sued the Doe defendants in Washington federal court for anonymously tweeting disparaging remarks about the company, its employees, and its CEO. After the Washington court ruled that the plaintiffs could obtain the identifying information from Twitter, the plaintiffs sought to enforce the subpoena in California. Magistrate Judge Bheeler concluded that the Doe defendants’ First Amendment rights to speak anonymously outweighed the plaintiffs’ need for the requested information, citing familiar concerns that forcing Twitter to disclose the speakers’ identities would unduly chill protected speech.

Courts in other jurisdictions have imposed a range of evidentiary burdens on plaintiffs seeking the disclosure of anonymous Internet speakers. For example, federal courts in Connecticut and New York have required plaintiffs to make a prima facie showing of their claims before requiring internet service providers (ISPs) to disclose anonymous defendants’ identities. A federal court in Washington found that a higher standard should apply when a subpoena seeks the identity of an Internet user who is not a party to the litigation. The Delaware Supreme Court has applied an even higher standard, expressing concern “that setting the standard too low will chill potential posters from exercising their First Amendment right to speak anonymously.”

These cases show that courts are continuing to grapple with social media as a platform for expressive activity. Although Yelp and Twitter were protected from having to disclose their anonymous users’ identities in these two recent cases, this area of law remains unsettled, and companies with social media presence should be familiar with the free speech and privacy law in the states where they conduct business and monitor courts’ treatment of these evolving issues.

Status Updates

Posted in Status Updates

Photo negative. Daniel Morel, the photojournalist who was awarded $1.2 million in damages from news agencies that distributed his iconic Haiti earthquake pictures without his permission after he posted those pictures on Twitter, will not be collecting attorneys’ fees. A federal district court in New York has denied Morel’s motion for an order compelling Agence France Presse and Getty Images to pay the attorneys’ fees and costs that Morel incurred while pursuing his copyright infringement claim against those two companies. In her opinion, Judge Alison Nathan wrote that one “particularly important consideration” factoring into her decision to deny attorneys’ fees was the fact that the Morel’s underlying copyright infringement suit “raised a relatively novel issue, the adjudication of which may… help further define the contours of copyright law in the digital age.” Indeed, Judge Nathan’s opinion in the underlying case, which held that Twitter users do not lose ownership rights in their content simply by posting that content to Twitter, was one of the first cases to examine the rights of a user posting his own (as opposed to someone else’s) copyrighted works to a social media platform vis-à-vis other users of the same platform (we suspect that we’ll see many more such cases over the coming years). Moreover, although Morel’s fee motion was denied, the case remains a stark reminder to companies that just because content has been made available on a social media network, that content isn’t necessarily available for use off of the platform, absent consent from the copyright owner or the platform provider (assuming such provider has acquired the necessary rights from the copyright owner).

Photo shop. And while on the topic of photographs, social media and copyright law, one enterprising company—Lobster—is trying to create an efficient, low-cost way for companies to license photographs posted to social media platforms for off-platform use. People post countless new images to social media regularly; Seventy-million new photographs are posted to Instagram alone every day. That’s a lot of content, especially when you consider that Getty Images, a go-to source for many businesses’ graphics needs, has an archive with 80 million images total. Lobster seeks to create a market for the almost unimaginable pool of photos posted to social media by facilitating the licensing of those images. Having secured approximately $386,000 in funding so far, the company just recently added a search function that, according to TechCrunch, “allows users, usually corporate marketers, digital agencies or publishers, to run a search across various social media for specific imagery and then request a license for that content through the platform.” Images cost $0.99 or $1.99, depending on the platform. For now, only photos posted to Instagram and Flickr are available on Lobster, but the start-up hopes to expand its service to include pictures that have been posted to Twitter, Vine, Facebook and Vimeo. To make their content available for licensing, Instagram and Flickr users need only include the hashtag #ilobsterit.

Photo (over)sharing. You know them: Those parents who assume their kid’s every move will be as fascinating to their entire social network as it presumably is to their immediate family. They post photos of their children engaged in all kinds of activities—even intimate ones like potty training and bathing—to Facebook and Instagram several times a day. This “oversharenting” is popular: 74% of the people who responded to a recent poll of parents with children four-years-old and younger said they know of another parent who has shared too much information about a child on social media. And 27% said they know of another parent who has shared inappropriate photos of a child. Now, according to ABC News, some people tired of the endless parade of kid photos in their Facebook newsfeeds are fighting back by telling the oversharenters how they feel. One objector has even created an entire blog dedicated to criticizing the oversharenters. If that’s not enough to make oversharenters reconsider their posting habits, perhaps this advice from the University of Michigan’s Child Health Evaluation and Research Unit will: “The federal Children’s Online Privacy Protection Act (COPPA) limits the collection or release of information via the Internet prior to 13 years of age; ironically, by that age, many children have a lengthy ‘digital profile’ based on their parents’ social media use. Parents need to be thoughtful about their use of social media to discuss parenting issues, and are encouraged to be diligent about understanding privacy policies that could impact the way their child’s information is shared.” Let’s face it: It’s hard enough for recent college grads searching for a job to live down those drunken party photos posted to Facebook—do they need to worry about those embarrassing potty training videos as well?

Status Updates

Posted in Status Updates

Home(page) renovation. In an effort to encourage return visits from the 150 million Internet users who visit Twitter every month without signing in, the social media giant has revamped its home page. Now, instead of just “a background photo, a few lines of text, and a prompt to sign up or log in,” Twitter’s home page features boxes with the names of several of the platform’s most popular content topics, including “Actors & Actresses,” “Cute Animals” and “General News Sources.” A click on one of the boxes will take you to a timeline of tweets from some of the most popular commentators who tweet on that topic. Whether the new homepage will be enough to help Twitter expand its active-user base remains to be seen. LexBlog’s Kevin O’Keefe thinks that, to get more attorneys to join, the platform will need to go a few steps further by breaking down its content into niche areas of law.

Teen traffic. A new Pew Research study shows that Facebook is still the most popular social media platform among the members of an age group that many companies consider a crucial target market: 13- to 17-year-olds. Of the 1060 teens surveyed, 71% reported using Facebook. Snapchat, the vanishing messaging app that seems to be make news almost every day (for some reason or other) is up there (41%), too, right behind the photo sharing site Instagram (52%). Interestingly, teens from households with incomes greater than $75,000 are much more likely than teens whose families earn less than $30,000 to call Snapchat their top social media platform (14% compared to 7%). And teenage girls are more likely than teenage boys to use what Pew classified as “visually-oriented social media platforms”: Instagram (61% of girls vs. 44% of boys); Snapchat (51% of girls vs. 31% of boys); online pinboards like Pinterest (33% of girls vs. 11% of boys); and Tumblr (23% of girls vs. 5% of boys).

Rules for the nude and rude. Instagram has amended its Community Guidelines, which formerly simply asked users to be polite and respectful, to specify that the photo sharing platform will remove “content that contains credible threats or hate speech, content that targets private individuals to degrade or shame them, personal information meant to blackmail or harass someone, and repeated unwanted messages.” Instagram also amended its original guidelines to amplify its blanket prohibition on nudity. The new guidelines specify that Instagram will allow nudity in photos of paintings and sculptures, and “photos of post-mastectomy scarring and women actively breastfeeding,” but will not allow “close-ups of fully nude buttocks.” And, in the interest of discouraging users from posting images that they have “copied or collected from the Internet,” something the platform’s guidelines always proscribed, the new guidelines contain a link to a page that informs users about their intellectual property rights. But Techcrunch notes that because Instagram, unlike Youtube, still “doesn’t offer any copyright fingerprinting system to automatically remove infringing media,” there remains a gap between the photo sharing platform’s intellectual property policy and its enforcement.

Status Updates

Posted in Status Updates

Searching social. At long last, tweets will appear in Google search results as soon as they’re sent, as the result of a deal that the two Internet giants recently struck. As part of its efforts to increase user growth and attract more eyeballs to its social media platform, Twitter is finally giving Google immediate access to the content produced by its 284 million users. Previously, Google had to crawl through Twitter’s data, allowing Google to include in search results only a relatively small percentage of tweets. The announcement of the deal, which Mashable suggests should cause “trigger-happy users” to “think twice now before they tweet,” was followed by a 1.3%  rise in Twitter’s share price to $41.26. And this week Twitter shares rose as high as $52 each amid speculation that Google or some other company is trying to buy the social media giant.

Don’t worry, be app-y. Feeling blue? There’s an app for that. At least there will be, come this fall. A man named Robert Morris developed a prototype for the world’s first social network for people suffering from depression while he was a psychology PhD candidate at MIT, where he felt like everyone—except him—was a “brilliant coder.” Crowdsourcing answers to his computer programming conundrums on Stack Overflow inspired Morris to create a similar online resource for people struggling with mental health issues. On Koko, the iPhone app that Morris is developing for release in the autumn, users will be able to post their negative feelings (e.g., depression and anxiety) and the problems to which they attribute those feelings (e.g., a job loss). The poster’s Koko social network will then presumably respond to the post by pointing out the bright side of the situation or errors in the poster’s thinking. Fast Company reports that the Koko community will be “coached at every turn to pin their answers down so that they fall within the guidelines of cognitive therapy techniques that are proven to work,” but it remains to be seen how such coaching will work in practice.

Meer-terial girl. In what The Guardian has dubbed “a sign of the music industry’s keen interest in the popularity of social apps,” Madonna has decided to premier her Ghosttown video on the fledgling video broadcasting app Meerkat, which currently has only around 1,000 subscribers. Launched in February, Meerkat is an iPhone app that makes livestreaming easier than ever by allowing users to link their live videos to their Twitter accounts, thereby giving a Twitter user the ability to live stream a video he’s shooting on his phone. (Twitter’s own Periscope app performs essentially the same function). Since the pop star likely won’t be live streaming the video, exactly how she’ll use Meerkat for its premier is unclear. Meerkat is the fourth social media platform that Madonna has used to promote material on her current album, Rebel Heart; she’s already run campaigns for it on Grindr, Instagram, and Snapchat.

Status Updates

Posted in Status Updates

Bad ads. New research shows that 5% of the people visiting Google-related websites are using computers infected with programs that insert illegitimate ads onto web pages; as a result, these web surfers see ads that site operators haven’t been paid to run and that may even be promoting products or services that are objectionable to such site operators. Known as ad injectors, these programs are often bundled with other software that Internet users download for free. Ad injectors inconvenience Internet users in several ways: They sometimes place ads over a website’s text or otherwise make websites unpleasant to read; they can put web surfers’ cybersecurity at risk; and they can negatively affect a computer’s performance. Moreover, ad injectors also deprive website operators of ad revenue, and undermine the ability of advertisers to control where their ads are running (as a result of the complicated system of intermediaries in the Internet ad sales business, advertisers often don’t know that their ads are being injected). For these reasons, Google has disabled 192 Chrome extensions that resulted in illegitimate ad launches affecting 14 million users. According to TechCrunch, however, “unless Google and other browser and advertising vendors find a technical solution to this problem, chances are it’ll never fully go away.”

Hot button. Well, the future is officially here. Amazon has introduced the Dash Button, a wireless, WiFi-enabled, doorbell-like button that Amazon customers can depress to order products ranging from smartwater to Bounty Paper Towels. Each Dash Button bears a single brand’s product logo. Consumers are meant to stick the buttons—they have adhesive on the back—near the products themselves (in the pantry or, in the case laundry detergent, for example, the laundry room) so that they can order more product the second they realize their supply is low. The button makes purchasing even easier than the one-click-to-buy feature on Amazon’s app—consumers don’t have to use their devices—and is part of Amazon’s effort to become a player in the Internet of Things market, a world in which network connected devices anticipate consumers’ needs. Critics are split on whether the Dash Button is brilliant or a bad (if inevitable) idea. Here at Socially Aware, we’re waiting for a version that allows for pizza delivery.

Bon app-e-tip. New payment platforms are making the act of tipping more awkward and more expensive. Popping up everywhere from taxis to hair salons, these payment platforms often make it easiest for the customer to choose from among a few pre-selected percentages, the lowest of which is usually higher than the gratuity the average tipper would otherwise add to the price of the item or service. (In New York City taxicabs, for example, a “large portion” of riders tip 20%, 25%, or 30% because those are the percentages suggested on the automatic tipping buttons on the payment platform displayed on a screen in the taxis’ back seats.) These platforms also make it difficult to skip the tip altogether—unless you’re not easily embarrassed. Ignoring the tip jar on the counter at your local coffee house was one thing, but clicking “no tip” on the screen that the cashier turns toward you is quite another. Now, in an effort to appease the consumers who are fed up with these new tipping trends, some higher-end restaurants have banned tipping, and start-ups are introducing apps that automatically calculate the bill and a preset tip. These apps, which include Reserve and Cover, allow diners to “simply walk out at the end of the meal” with their card being charged through the app, according to the New York Times. Only time will tell whether the seamlessness of this technology will make automatically paying an extra 20% more palatable for restaurant patrons.

Big Data and Human Resources—Letting the Computer Decide?

Posted in Employment Law

Employees are a company’s greatest asset, but if the company gets hiring decisions wrong, employees could also be the company’s greatest expense. Accordingly, recruiting the right people and retaining and promoting the best, while identifying and addressing under-achievers, is critical. Many organizations spend a lot of time and effort on human resources issues but do not have sufficiently detailed data to help them fully understand their employees and the challenges that can affect workforce planning, development and productivity.

Big data analytics can help to address these challenges, which explains why more and more HR departments are turning to them for a variety of purposes, for example, to: (i) identify potential recruits; (ii) measure costs per hire and return on investment; (iii) measure employee productivity; (iv) measure the impact of HR programs on performance; (v) identify (and predict) attrition potential leaders. Supporters also argue that big data analytics can help to provide evidence to de-bunk commonly held assumptions about employees that are wrong and based on biases.

Accordingly, the use of analytics promises many potential benefits for organizations, not only in terms of making improvements in talent identification and recruitment, but also in terms of workforce management. However, the use of data analytics in the HR sphere also raises some specific risks and challenges that companies need to consider, including increased exposure to discrimination claims, breaches of privacy law and reputational/brand damage. In this article, we will discuss some of the key factors companies need to bear in mind.

What Is Big Data?

Organizations have always accumulated information but, in this digital age, the amount of data being generated and retained is growing exponentially. IBM has calculated that 90 per cent of the digital data that exists today was created in the last two years. In addition, historically, organizations may not have been able to draw value from the data that they held, particularly where such data were unstructured (and Gartner Inc. estimates that roughly 80 per cent of all corporate data is unstructured). However, new technologies now enable the analysis of large, complex and rapidly changing data sets comprised of structured, semi-structured or unstructured data. In short, ‘‘big data’’ is just data. It’s simply that we have more of it and we can do more with it.

I. Recruitment

Organizations are using big data analytics, for example, to identify candidates with the right skills and experience. New talent management systems can help organizations quickly search and analyze huge volumes of applicant data, e.g., using concepts, not just key words. Organizations are also using analytics to analyze hiring data to help make changes in hiring strategy and recruitment collateral to attract more candidates and minimize attrition. There are two key stages that need to be considered in managing legal compliance with respect to these activities. First, there is the collection of data, and second, there is the analysis of the data and the formulation of resulting decisions.

          A. Collecting and Processing Personal Data for Big Data Analytics

In terms of the collection of data, companies are increasingly mining candidate data from online sources, including job sites and social media sites, for the purpose of talent identification and recruitment. Privacy issues loom large because information collected about a proposed candidate will be considered personal data and may even contain sensitive personal information (e.g., health data, ethnic origin and sexual orientation).

In Europe, where any recruitment activities involve the processing of potential recruits’ personal data (and big data analysis of personal data will constitute processing), companies must give notice to potential recruits of the purposes for which data are intended to be processed and any other information that is necessary to ensure that processing is fair (e.g., the names of data recipients).  Companies also must have a legal basis for processing the personal data (e.g., consent). If a third party is engaged to carry out any processing, the potential employer will need to put in place with the third party a written contract with appropriate data protection provisions. There are some regional variations across Europe of which companies need to be aware. For example, in some countries (e.g., Germany), even with an individual’s consent, a potential employer is restricted in the background checks that it can carry out.  As a general rule, all background checks should be limited to the information strictly necessary to determine whether an applicant is suitable for a particular position, even if the applicant has consented. Additionally, through an online background check, information may only be collected if it is publicly available and the applicant does not have an apparent and justified interest in the exclusion of the information. Local employment laws may impose additional restraints. Accordingly, a company’s processes may need to be modified from country to country.

Concerns over automated decision-making are sometimes raised and, certainly, automated decision processing is particularly problematic under European Union data protection law.  Accordingly, employers that use big data analytics in recruitment need to ensure that there is an element of human judgment involved in decision-making. It should not be (and typically is not) just a question of ‘‘computer says yes’’ but rather an informed decision based on the available data and the interpretation of the data.

In the U.S., if a company purchases background reports about candidates, the company will need to be mindful of the Fair Credit Reporting Act and state consumer reporting laws. These laws may come into play any time a company procures information about a candidate or employee from a third party that is in the business of supplying such information on a commercial basis, even if that information may be publicly available. Federal and state laws also limit the types of information that an employer may lawfully request or consider in making employment-related decisions, even if the information has been obtained lawfully.

Across Asia, rules regarding the use of personal data in terms of recruitment vary.

  • In China, individuals are subject to a general right to privacy, and employers have certain obligations of confidentiality. In general, employers are viewed as having a fairly broad ability to conduct background checks, although illegal or intrusive means may be viewed as a breach of privacy. However, third-party sources of information should be used with caution as few legitimate channels of information are available. The use of personal data from illegal channels can attract civil and sometimes criminal liability, and there have been a number of high-profile cases in recent months involving the illegal provision or acquisition of personal data.
  • In Hong Kong, under the Personal Data (Privacy) Ordinance, personal information must be collected by lawful and fair means, and, if personal information will be used for a purpose other than that for which the data were originally posted (or a directly related purpose), consent will be required. It may be acceptable to use without specific consent personal information that is published on a job-seeking or professional references social media site such as LinkedIn. However, personal information published on a personal social media site (such as a personal Facebook page) will generally require express consent.
  • In Japan, personal information about applicants must be collected by appropriate and fair means. As a rule, personal information about applicants must be collected directly from applicants or from third parties with the applicant’s consent. Collection of sensitive personal information without express consent is generally prohibited. There is one exception: an employer may collect such sensitive information when such information is definitely necessary to achieve the employer’s business, the employer has notified the applicant of the purposes of collection of such information and the employer collects such information directly from an applicant.

          B. Avoiding Discriminatory Impact

Of course, as with all talent identification and recruitment activities, organizations also need to ensure that they do not act in a manner that could be considered discriminatory. In Europe, Directive 2000/78/EC establishes a general framework for equal treatment in employment and occupation, forbidding discrimination based on religion, belief, disability, age and sexual orientation.  Separate directives also forbid discrimination on the grounds of sex and race. The principle of equal treatment means that there must be no direct or indirect discrimination on any of these grounds.

Likewise, in the U.S., laws such as Title VII of the Civil Rights Act of 1964, the Age Discrimination in Employment Act, the Americans with Disabilities Act and a variety of other federal and state laws prohibit discrimination against applicants and employees based on protected characteristics such as race, age, sex, national origin, religion and disability. Employers may face liability under these laws if they unlawfully consider protected characteristics in their hiring or employment decisions. Employers may also face liability if

they rely on screening or hiring practices that appear neutral on the surface but have a disparate impact on workers in protected classifications, such as disproportionately screening out older candidates or candidates with disabilities. This liability may arise even if the employer had no intent to discriminate or no knowledge of the discriminatory impact.

Organizations are generally aware of their obligations in this area in the context of traditional recruitment activities. However, they now need to appreciate their application in this new age of big data analytics. When organizations are identifying key words and concepts for a data collection exercise, they need to apply the same rigor that they would use when creating job advertisements, i.e., avoid any terms that could be considered directly or indirectly discriminatory (e.g., ‘‘recent graduate,’’ ‘‘highly experienced,’’ ‘‘energetic’’). Organizations also need to be careful not to discriminate in terms of where they collect data from. Otherwise it could be a case of data that are ‘‘discriminatory in, discriminatory out.’’

In terms of an organization’s analysis of the data collected, again it will need to ensure that its analysis and the decisions that it makes as a result of such analysis are not deemed discriminatory—in particular decisions that are based on predictive decision-making about candidates.  Of course, it is very important that organizations do not blindly accept data without challenge.  Given the size of the potential data pool, conclusions may well be based on correlations, rather than being determinative. Proper interpretation and assessment of the results of a big data exercise is essential. For example, organizations should be wary of any predictive decision-making that gives results that appear skewed in favor of certain types of candidates. For example, if a big data analytics exercise brings up a short list of potential candidates that have the same race, gender or other characteristic, that may suggest that there has been a discriminatory input at some point in the big data process. Although it may be difficult for a candidate to establish that a big data analytical exercise has been discriminatory, particularly given the potentially complicated algorithmic calculations involved and lack of transparency about those algorithms, organizations need to be mindful of the risks. In some cases, if a practice is determined to have a discriminatory impact, the burden may shift back to the employer to defend its methodology. Employers may also be required to disclose detailed information about their big data methodologies in the event of employment litigation or a government investigation. As a result, employers will want to be prepared to explain and, if necessary, justify their big data analytics methods.

          C. Third-Party Rights

However, it is not just a question of compliance with privacy and HR issues because mining data from third party sites, such as online job sites, could be a breach of their terms of use and, potentially, an infringement of intellectual property rights. Web scraping may also be considered a breach of applicable local cybersecurity laws that prohibit unauthorized access to computer systems (e.g., the U.K. Computer Misuse Act 1990 and the U.S. Computer Fraud and Abuse Act). Accordingly, organizations need to ensure that they have adequately addressed all potential legal risks prior to embarking on any data collection activities.

II. Workforce Management

The second area where analytics are being increasingly harnessed by HR departments involves the monitoring and analysis of data relating to employees. Again, this use of analytics throws up some particular issues that companies need to be aware of.

Many organizations already use analytics to obtain insights into their customers and target customers. Organizations are now seeking to obtain the same insights into their employees, which they can use to improve organizational efficiencies and drive productivity. This can help organizations to objectively evaluate their current people management practices. Of course, if HR is going to become a more data-driven department, it will need to identify what data it holds on its employees and whether such data simply need to be joined up or more data need to be collected.

The collection of more data is very likely to involve increased monitoring of employees. The applicable rules relating to such monitoring vary across the world and, therefore, if a company is rolling out an HR analytics project, it will need to address monitoring and data collection on a country-by-country basis.

In Europe, employees have certain protections under the European Convention of Human Rights as incorporated into national law (e.g., the right to respect for private life (Article 8), freedom of speech (Article 10) and freedom of association (Article 11)). Employees also have protections under applicable data protection law.  However, there are regional variations that employers need to address. For example, in certain countries, privacy regulators have issued specific guidance relating to the extent to which employers can monitor their staff (e.g., see Part 3 of the U.K. Information Commissioner Office’s ‘‘Employment Practices Code’’). In countries such as Germany, work councils rules apply to the monitoring of staff.  Areas of particular concern include managing employees’ legitimate expectations of monitoring, having appropriate notices/policies in place with employees and protecting employees’ rights against discrimination for certain off-duty activities, e.g., religious activities and trade union and political activities.

In the U.S., restrictions on monitoring arise under federal laws including the Electronic Communications Privacy Act, Stored Communication Act and Computer Fraud and Abuse Act, and state laws that restrict certain types of monitoring activities, such as seeking to gain access to personal social media of applicants or employees.

In Asia, there are similar restrictions on monitoring.

  • In China, while employers are not restricted from monitoring publicly available information about employees, monitoring employees’ computer use in the workplace may be more susceptible to legal challenge. However, an employees’ right to privacy would be balanced against an employer’s statutory duties.
  • In Hong Kong, applicable law requires that monitoring must serve a legitimate purpose that relates to the function and activities of the employer. Monitoring measures must be necessary to meet that purpose and must be confined to an employee’s work. Personal data collected must be kept to the minimum necessary to protect the interests of the employer or to effectively address those risks inherent in the lawful activities of the employer. Monitoring must be carried out by the least intrusive means and with the least harm to the privacy interests of the employees. Employers are also required to document monitoring in a formal privacy policy setting out the employer’s purpose, and employers must notify employees of the policy before commencing monitoring.
  • In Japan, applicable law requires that if monitoring is implemented, an employer should: (i) establish in advance the in-house rules that stipulate the implementation of monitoring; (ii) specify in advance the purpose of the monitoring and notify workers of such purpose plus the relevant inhouse regulations; (iii) establish the responsible official for the implementation of monitoring and its authority; and (iv) check that monitoring is properly implemented.

When carrying out big data analysis, employers will need to ensure that they avoid automated decision making and otherwise process such employee data fairly and in accordance with applicable privacy and employment laws. Again, inputs and algorithms need to be carefully set up to ensure that they do not discriminate, and organizations need to avoid any decision making (predictive or otherwise) that could be considered discriminatory.

Of course, big data analytics are not a panacea. Organizations are complex, and human judgment is always going to be needed to interpret the data in context, taking into account relevant factors such as local market conditions. Complex algorithms may help to identify an organization’s highest performing employees who may be likely to leave the organization in the next 12 months, but HR departments will still need to tread carefully in deciding how to respond (or not) to such data.

Also, it is clear that better, more informed data about your workforce can help drive change in the business, but only if the business is actually prepared to embrace that change. Organizations have to be open to accept what the data are telling them, be prepared to change their systems and processes to take account of the data science and acknowledge that a period of adoption is likely to be needed. In addition, companies cannot underestimate the expense and effort of any training programs that may be required to roll out an operational change that may be inconsistent with traditional thinking.

Of course, it is not only a question of legal compliance. In this age of international business, the war for talent in certain sectors has never been greater, and companies want to attract and retain the best people. Accordingly, companies need to strike a balance between monitoring staff for the purpose of people management analytics and the organization being seen as a ‘‘creepy’’ employer, where employee movements and communications are extensively monitored Big Brother style. From the employee’s perspective, much may depend on the nature and extent of data being collected and what the employer plans to do with the data. In order to foster employee engagement and trust in analytics, organizations also need to explain to their workforce how those analytics will directly benefit the employees, for example, in terms of better engagement, transparency and empowerment.

Conclusion

Big data analytics may offer HR departments the ability to make better, more objective, data-driven decisions about recruitment and employees. However, the value of a big data project will depend very much on the quality of the inputs and project parameters and the careful interpretation of the results. HR departments will need to have appropriate analysis in-house or hire appropriate service providers to help them design the appropriate big data program and interpret the resulting data.  Of course, if a company uses a third-party provider for the provision of HR big data technology and analytics services, there will be other legal issues it will need to consider, in particular in respect to commercial arrangements (e.g., many HR analytics providers offer analytics on the basis of cloud-based Software as a Service) and intellectual property rights and data ownership.

 

Status Updates

Posted in Status Updates

Dueling for ad dollars. U.S. companies will spend $52.8 billion on digital advertising this year, 2.5% more than they spent on it in 2014. And, while television advertising is still king—corporate marketers will invest almost $79 billion in TV commercials in 2015—researchers predict that spending on digital ads will outpace spending on TV commercials by 2019. Digital ads, after all, can be an effective way to reach Millennial target audiences. They’re also significantly less expensive and easier to track than TV commercials. Now, in an effort to intercept advertisers’ exodus to digital platforms, the CBS television network has launched a campaign designed to help maximize the effectiveness of television ad campaigns and prove the ads’ return on investment. As part of the initiative, dubbed the Campaign Performance Audit, CBS will help advertisers to create their messages using cutting edge editing equipment. CBS will also help advertisers to determine the most appropriate shows on which to air the commercials, and “then test [the ads] in front of live audiences using tools including biometric feedback and neurotesting.” The network’s executives have admitted to sinking a lot of money into the campaign, but they won’t specify exactly how much.

Platforms against porn. For a while now we’ve been tracking the legal landscape of revenge porn—the public dissemination of nude photographs without the subject’s consent, usually by a jilted paramour seeking retribution. More than a dozen states now have laws criminalizing the posting of revenge porn, the victims of which suffer untold harm to their careers, reputations, personal lives, and psyches. These laws are no doubt helpful in deterring revenge porn postings, especially as they are effectively used to convict perpetrators. Once an image is posted online, however, stopping its dissemination can be extremely difficult. Now, there’s a new—potentially more effective—obstacle to the proliferation of revenge porn posts: social media platforms’ anti-revenge porn policies. Three of the most popular social media platforms—Facebook, Twitter and Reddit—have recently amended their terms of use to state that they will remove digital images of nudes that have been posted without the subjects’ permission. “Twitter executives have said the company will lock the accounts of users who post content that violates their user policy,” Mashable reports. These policies are critical weapon in the war against revenge porn because they can be used to remove revenge porn photos before they have been widely disseminated.

Stars of the (really) small screen. Have you caught any of the first four episodes of “Literally Can’t Even,” the first-ever scripted series created especially for the disappearing messaging app Snapchat? If you haven’t, we have some bad news for you: Like everything else on that incredibly hip platform, the episodes vanish. Each four-minute installment of the show, which has been airing on Saturday nights since late January, is viewable for just 24 hours. According to the New York Times, the show’s writers and stars, Sasha Spielberg and Emily Goldwyn, say that “they like the social media platform because it is very of-their-generation” and also because it is far removed from the work of their famous fathers, the film director Steven Spielberg and the producer John Goldwyn. Ms. Goldwyn also told the Times, “My dad always says it’s great to be at the forefront of change, but to spend so much time working on something and to have it disappear after a day, my parents were very shocked.”

Status Updates

Posted in Status Updates

Out with the inbox? The overwhelming popularity of workplace-specific platforms that facilitate coworker communication—commonly referred to as “enterprise social media”—is undeniable. But are these platforms poised to someday supplant business email accounts altogether? New York Times technology columnist Farhad Manjoo thinks so. The one big advantage that enterprise social media platforms like Slack have over regular email is their potential for workplace transparency; as Mr. Manjoo notes, by making employees’ communications archivable and visible to the entire company, they facilitate the flow of information and make electronic exchanges a resource for employees looking for background information on a project, or what Slack’s co-founder and chief executive, Stewart Butterfield, refers to as “soft knowledge”: how the employees at the company approach group projects, for example. While privacy advocates will undoubtedly raise concerns at the prospect of employees having to communicate in a fish bowl, many of the workers at companies that use enterprise social media platforms appreciate that such platforms inhibit the hoarding of information, thereby facilitating collaboration and resulting in less hierarchical workplaces.

Tweet carefully. Financial services firms operating in the United Kingdom need to be careful of running afoul of that country’s regulations when they use social media. According to new guidance issued by the UK’s Financial Conduct Authority (FCA), re-tweeting a customer’s comment can be enough to trigger the rules that apply to financial promotions if the tweet “comments on or endorses the benefits of a regulated financial product or service.” Among the many other guidelines set forth by the FCA in its social media communications guidelines is the admonition that a certain platforms’ restrictions—Twitter’s 140-character limit, for example—can make it especially difficult to for financial services firms to ensure that their communications are compliant.

All is fair in love… and movie promotions? A controversial social media ad campaign generated as much attention as any up-and-coming rock band at this year’s SXSW festival. To promote a science-fiction film—Ex Machina—that debuted at the festival, the film’s producers set up a fake Tinder account for “Ava,” a character featured in the movie. Ava’s profile incorporated a photograph of Alicia Vikander, the Swedish actress who plays Ava in the film. Once a Tinder user gave Ava’s (Vikander’s) photo the right-swipe-of-approval on the popular dating app, the computer-generated Ava asked the user a series of questions that, only in hindsight, are appropriate for both a young woman quizzing a guy she just met on a dating app and a robot trying to figure out what it’s like to be human—the role Vikander’s character Ava plays in the movie. If Ava approved of a Tinder suitor’s answers, she offered up her Instagram account, @meetava, for his perusal. Upon visiting Ava’s Instagram account, the avatar’s wanna-be boyfriends—perhaps to their chagrin—found videos and pictures promoting Ex Machina. Is this the beginning of a new era in online advertising—computer-generated fake friends and love interests being used to pressure us into buying stuff that we didn’t think we needed? If so, let’s hope that advertisers keep the FTC’s Endorsement Guides in mind…

UK’s Financial Services Regulator: No Hashtags in Financial Promotions

Posted in FCA Regulations

Earlier this month the UK’s financial services regulator, the Financial Conduct Authority (FCA), issued its final guidance on financial promotions made via social media channels.

As we reported last year, the FCA issued long-awaited draft guidance in August 2014 on the use of social media in financial promotions by regulated financial institutions. Following the publication of the draft guidance, the FCA held a consultation exercise which closed on Nov. 6, 2014. In response to feedback from regulated firms and industry bodies, in the final guidance the FCA has clarified a few areas and amended portions of the text, as well as added more visual examples.

Very little has changed in the final guidance with respect to the FCA’s approach to regulating promotions in social media. The overarching principle for all communications with consumers is that they must be “fair, clear and not misleading” and the FCA’s view remains that its rules are, and should be, media neutral. It believes that to take any other approach would create a more complex and costly regime.

However, there is one notable amendment in the final guidance. In the draft guidance, the FCA had suggested using a hashtag #ad to help identify promotions. In the final guidance, the FCA has done an about turn and stated that the use of hashtags is not an appropriate way to identify promotional content.

KEY RECOMMENDATIONS

The recommendations detailed in the final guidance include the following.

  •  Form of communication

Any form of communication made by a firm is capable of being a financial promotion – the key is whether it includes an invitation to engage in financial activity. All communications must be fair, clear and not misleading, even if the communication ends up in front of a non-intended recipient (e.g., due to a re-tweet).

  • In the course of business

Some communications will not include an invitation to engage in financial activity – for example, communications solely relating to the firm’s community work. Only financial promotions made “in the course of business” will be subject to the FCA guidance. The definition laid down in the guidance effectively requires a commercial interest on the part of the firm. The FCA provides a couple of examples to illustrate the issue.

Firstly, if a company is already operating, it will be acting in the course of business when seeking to generate additional capital. However, if the company has not yet been formed, and the proposed founders approach friends and family to obtain start-up capital, they will not generally be acting in the course of business. Secondly, where a personal social media account is used by someone associated with a firm, that firm and individual should take care to distinguish clearly personal communications from those that are, or are likely to be understood to be, made in the course of that business. During the consultation exercise, further guidance was requested as to the difference between personal and business communications. The FCA clarified that if an employee of a firm uses their own social media account to send communications that could be considered an inducement or invitation then this may constitute a financial promotion and will therefore be subject to the same rules that apply to the firm. Accordingly, firms will need to ensure that their social media policies and training cover the risks of personal social media use.

  • Hashtags

All financial promotions made via digital media must be clearly identified as such. In the original draft guidance the FCA suggested using a hashtag #ad to help identify promotions. However, in the final guidance, in response to feedback, the FCA has reversed its stance and stated that hashtags are not an appropriate way to identify promotional content. This is based on a few factors.

Firstly, the FCA believes that most promotions on social media will be self-evident. For example, paid-for advertising on various social media platforms already indicates that a communication is promotional (e.g., on Twitter ‘promoted by’, on Facebook ‘SPONSORED’). Secondly, the nature of a hashtag means that if the consumer looks up that hashtag the consumer will be presented with a whole series of communications unrelated to the firm. The FCA believes that this could lead to consumer confusion.

The FCA has also explicitly stated that hashtags would be inappropriate for the inclusion of risk warnings (e.g., #capitalatrisk) or to highlight jurisdictional limitations (e.g., #UKinvestors). The FCA has suggested that signposting of a tweet will only be appropriate where the promotion is obscured or combined with other content (e.g., a celebrity endorsement or native advertisement).

It seems surprising that the FCA did not appreciate how hashtags worked until now. In addition, given that a consumer who regularly uses Twitter is likely to be familiar with how hashtags work, would a consumer really be confused by the use of #ad? Nevertheless, given the position taken in the guidance, if companies have been widely using hashtags in connection with financial promotions they will need to rethink their approach.

  • Re-tweets

The FCA has confirmed that when a communication is re-tweeted or shared, the responsibility lies with the person who sends the communication. Accordingly, if a consumer re-tweets a firm’s promotional communication and is not acting in the course of business, then it is only the original communication that will need to be compliant with the promotion rules. The firm would not be responsible for the re-tweet.

Where a firm re-tweets, shares, or likes a consumer’s communication, whether this is a financial promotion or not will depend on the content of the tweet. For example, if the tweet praises the firm for good customer service, the FCA has confirmed that would not be a promotion because customer service is not a controlled activity. Whereas, if a customer is endorsing the benefits of a particular product, then re-tweeting, sharing or liking that tweet would constitute a promotion. Accordingly, firms will need to ensure that training for their social media operators deals with the potential risks of sharing positive customer comments.

  • Images

Risk warnings must be suitably prominent in social media promotions. If a risk warning is set out in too small a font size and/or lost in surrounding text, the promotion will not be compliant with the guidance. Of course, social media often poses particular challenges because of space and character limitations. The FCA has suggested that one solution is to insert images (such as infographics into tweets) as long as the image itself is compliant. The FCA acknowledges that the functionality which allows a Twitter image to be permanently visible may be switched off so that the image appears simply as a link. Accordingly, any risk warning or other information required by the rules cannot appear solely in the image.

  • Signposting

It may be possible to signpost a product or service with a link to more comprehensive information, provided that the signpost remains compliant in itself. The FCA has rejected that compliance should be assessed based on the combination of a tweet and the website to which it links. This form of ‘click-through’ approach was proposed by a number of respondents during the consultation period. The FCA is of the opinion that the tweet and the website are separate financial promotions and so each tweet needs to be compliant, even if the tweet has been created to point the consumer to the firm’s website.

  • Image advertising

Firms may be able to advertise through image advertising, which is less likely to cause compliance issues. An image advertisement (i.e., an advert that only includes the name of the firm, a logo or other image associated with the firm, contact point, and a reference to types of regulated activities provided by the firm or its fees or commissions) may be exempt from financial promotion rules, but will still need to be fair, clear and not misleading.

  • Likes

Being a follower of a regulated firm on Twitter or having “liked” its Facebook page does not constitute an “existing client relationship” or “express request” for a communication under applicable rules. Issuing a financial promotion to such an individual would therefore be considered unsolicited.

  • Systems

Firms need to put in place adequate systems for signing off digital media communications. Sign-off should be by a person of appropriate competence and seniority within the organisation. 3 © 2015 Morrison & Foerster LLP | mofo.com Attorney Advertising lient Alert

CONCLUSION

The final guidance does not introduce any major surprises. By and large, it follows very closely existing guidance relating to financial promotions and includes some pretty clear-cut examples of compliant and non-compliant communications.

Some firms may have been holding back from becoming fully engaged on social media in anticipation of this final guidance. Such firms may be disappointed that the guidance is not more detailed and does not give them the regulatory certainty that they were hoping for, but that’s really not surprising – FCA guidance is rarely prescriptive.

In any case, firms can’t afford to wait any longer to take the plunge. Increasingly consumers want to engage via social media and with the rise of FinTech, we are seeing a whole host of new competitors moving into the financial services market, many of whom are potentially more agile and better equipped in terms of a digital strategy than the traditional finance brands. While organisations need to be careful to comply with the relevant laws and regulations, they also need to get on board with social media if they do not want to be left behind.

Social media may be a new method of communicating with customers, but compliance risks are not insurmountable. Firms need to exercise the same risk-balancing that they use with other types of media. It’s a case of putting in place appropriate guidance, policies and procedures to adequately address the risks, while not overly restricting the firm’s ability to be up-to-date in terms of its promotional campaigns.