Header graphic for print

Socially Aware Blog

The Law and Business of Social Media

Cyber Monday, Social Commerce and the End of an Era

Posted in Marketing

Cyber Monday - online shopping and marketing concept -  text in letterpress wood type blocks on a laptop with a cup of coffee

Online sales on the Monday after Thanksgiving weekend—Cyber Monday—have continued to increase year over year since the day was first christened “Cyber Monday” in 2004. As social media enthusiasts, we were surprised to learn that social networks drove only 1.5% of the avalanche of online orders placed on Cyber Monday in 2014.

Social media platforms, however, are poised to become much more important players in Cyber Monday 2015.

Indeed, many industry experts are considering this holiday season “a testing ground for social commerce,” as Facebook, Twitter, Pinterest and Instagram are at various stages of implementing the “buy button”—a feature that allows social media users to purchase products they see in the brand posts that appear in their feeds without even leaving the platform.

Because Facebook’s buy button program is still in its early stages, only a small group of retailers are involved, and Facebook users might not even see a buy button on Monday. Pinterest’s buy button program is much further along, however, and now features more than 10,000 businesses, some of which are reaping great benefits as a result of their partnership with the online pinboard.

How Monday’s buy button results will affect marketers’ social media efforts in the future remains to be seen. In the meantime, here’s a rundown of consumer behavior on Cyber Monday last year:

  • U.S. online sales amounted to more than $2 billion, up from $1.74 billion in 2013
  • 23.9% of sales originated through email marketing
  • Online search results that were paid for by retailers generated 18.8% of sales
  • Online search results that were paid for by retailers generated 16% of sales
  • Average value of online purchases originating from Facebook: $123
  • Average value of online purchases originating from Pinterest: $97
  • There were 339,959 discussions about Cyber Monday on social media, a 75% increase over 2013
  • The brands mentioned most often were Amazon, Etsy, Motorola and EA

Of course, as we noted in an earlier post, in recent years consumers have started their online shopping earlier in the holiday weekend. As more Americans have access to high-speed Internet connections at home, they no longer need to wait until arriving at work on the Monday after Thanksgiving to do their online binge purchasing. In fact, online sales on Black Friday—the day after Thanksgiving famous for long lines at brick & mortar retail stores—increased 26% in 2014 over 2013.

So, even if social media is successful in goosing Cyber Monday sales this year, will Cyber Monday itself increasingly be viewed as a relic of an earlier age, having been pushed up to merge with Black Friday?

Black Friday: It’s Not Just About Brick & Mortar Stores Anymore

Posted in Marketing

Caution Sign - Black Friday Ahead

Here at Socially Aware, we’re focused on Thanksgiving dinner, but we’re well aware that the day after Thanksgiving—Black Friday—is one of the busiest shopping days of the year, and a critical sales day for brick-and-mortar retailers. So we were intrigued to stumble upon some statistics indicating that, although U.S. consumers are still interested in scoring retail bargains on Black Friday, they increasingly prefer to do it from the comfort of their living room sofas. Here, a rundown of consumer behavior on Black Friday last year:

  • At U.S. brick-and-mortar stores, consumers spent just over $9 billion. That was a 7% decline from 2013
  • Online sales amounted to $1.5 billion, up 26% over 2013
  • Due to heavy traffic, the e-commerce sites of Best Buy Co. Inc. and outdoor gear retailer Cabela’s Inc. both went down for a while that day
  • Referrals from Facebook resulted in orders averaging $109.94
  • Referrals from Pinterest resulted in orders averaging $100.23

In our next post, we’ll take a look at Black Friday’s hipper younger brother, Cyber Monday.

The Second Circuit Tackles Employee Rights, Obscenities & Social Media Use

Posted in Employment Law, Protected Speech

65329935_thumbnail_smallEmployers took note last year when the National Labor Relations Board (NLRB) ruled that “liking” a Facebook post can qualify as protected activity under the National Labor Relations Act (NLRA). The NLRB held that the owner of a sports bar violated Section 7 of the NLRA by firing employees for a protected Facebook discussion criticizing the owner’s tax-withholding practices. An employee who referred to the owner as an “asshole” and another employee who merely “liked” the Facebook discussion were both engaged in protected activity, according to the NLRB.

Now the Second Circuit has affirmed the NLRB’s ruling. The Court rejected the argument that the employees’ Facebook discussion was unprotected because it amounted to uttering obscenities in the presence of customers. Accepting such an argument, wrote the Court, “could lead to the undesirable result of chilling virtually all employee speech online.”

The Court noted that almost all Facebook posts have the potential to be viewed by customers, but in this case the discussion was protected because it was not directed at customers and did not reflect the employer’s brand.

In addition, the employees’ Facebook activity did not lose protection simply because it contained obscenities viewed by customers, as such protection “accords with reality of modern-day social media use.”

The Second Circuit’s decision signals significant protection of employees’ social media communications, including a Facebook “like.” However, the Court refused to publish its summary order, despite urging from the NLRB, so the decision has no precedential effect.

Nonetheless, the takeaway is clear: “Like” it or not, employers should proceed with caution when considering whether to take action against employees for social media postings, even where obscenities are involved. Such is the reality of modern-day online speech.

Google Books and Fair Use: From Implausible to Inevitable?

Posted in Copyright

[Editor’s Note: At Socially Aware, we occasionally invite guest columnists to contribute pieces on cutting-edge Internet-related legal issues; today we have the pleasure of publishing a piece by noted copyright scholar Jane Ginsburg, Morton L. Janklow Professor of Literary and Artistic Property Law at Columbia Law School*.]

Colorful books and symbol of copyright.Isolated on white.3d rendered.

A for-profit corporation scans millions of in-copyright books and permanently stores their full contents in its database, all without seeking permission or paying the books’ authors or publishers. Over  ten years ago, when Google began its massive digitization and storage program, with the cooperation of the University of Michigan library, who supplied the books that Google scanned, not many copyright scholars would have thought that the systematic copying of immense volumes of full text for commercial purposes, without the creation of new copyrightable expression building on the copied content, could plausibly assert the mantle of fair use. By the time the Second Circuit upheld Google’s fair use defense last month, that result seemed inevitable.

How did the fair use doctrine go from a safety valve to enable second authors to create new works that productively incorporate reasonable portions of prior works, to a free (in both senses of the word) pass for mass commercial digitizationat least so long as the outputs from the commercial database communicate no expression or insufficient expression to infringe? And, perhaps, so long as the compiler of that database can keep the contents safe from hacking.

In this column, I will set the decision in light of its forebears, and then consider its impact on future fair use defenses.

First, a summary, in the court’s words, of the Google Books holding:

 (1) Google’s unauthorized digitizing of copyright-protected works, creation of a search functionality, and display of snippets from those works are non-infringing fair uses. The purpose of the copying is highly transformative, the public display of text is limited, and the revelations do not provide a significant market substitute for the protected aspects of the originals. Google’s commercial nature and profit motivation do not justify denial of fair use. (2) Google’s provision of digitized copies to the libraries that supplied the books, on the understanding that the libraries will use the copies in a manner consistent with the copyright law, also does not constitute infringement. Nor, on this record, is Google a contributory infringer.

This column will address only the first holding. The key determination focused on the “highly transformative” purpose of the copying. In modern fair use jurisprudence, particularly in the Second Circuit, once a court rules the “nature and purpose of the use” (statutory fair use factor (1)) to be “transformative,” a successful outcome for the defense is almost assured. In the last 20 years of fair use case law, the meaning of “transformative” has itself become transformed.

In an influential article written in 1990, Judge Pierre Leval of the U.S. Court of Appeals for the Second Circuitwho also authored the Google Books opinion  – coined “transformative use” to describe what used to be called “productive uses,” through which the fair use doctrine traditionally allowed follow-on authors to bestow their intellectual labor in reworking selections from a prior work, provided the borrowings did not prejudice the profits or prospects of that work.

The Supreme Court, four years later, for the first time recognizing parody as a potential fair use, adopted the label. In Campbell v. Acuff-Rose Music, Inc., the Supreme Court inquired whether the defendants’ musical parody had made a “transformative” use: not one that merely supersedes the objects of the earlier work by copying it, but one that “adds something new, with a further purpose or different character, altering the first with new expression, meaning, or message.” In the context of the Supreme Court’s Campbell decision, the Two Live Crew rap parody “transformed” Roy Orbison’s “Pretty Woman” by creating a new (and rather raunchy) work. But courts came to interpret Campbell’s reference to “something new, with a further purpose” to encompass copying that does not add “new expression,” so long as the copying gives the prior work “new meaning.” (See, for example, Kelly v. Arriba Soft Corp.) Fair use cases began to drift from “transformative work” to “transformative purpose,” in the latter instance, copying of an entire work, without creating a new work, could be excused, particularly if the court perceived a sufficient public benefit in the appropriation.

In the initial shift from “transformative work” to “transformative purpose” the defendant had in fact created an independent work of authorship, even though that work did not significantly alter the copied work. Thus, in Bill Graham Archives v. Dorling Kindersley Ltd. (which did not concern digital technologies), the Second Circuit held a coffee-table-book biography’s reduced-sized complete images of posters of the legendary rock band The Grateful Dead were “transformative” because the book used the images of the posters as “historical artifacts” to document the Dead’s concerts, rather than for the posters’ original aesthetic purpose. But the documentary/aesthetic distinction also significantly expanded the application of the fair use exception to new technological uses that did not yield new works. The search engine practice of permanent storage of works for the purpose of “indexing” has been the principal digital beneficiary of the “documentary” or “new purpose” brand of transformativeness (see, as examples, Perfect 10, Inc. v. Amazon.com, Inc. and Kelly v. Arriba Soft Corp.).

Other applications of the aesthetic/documentary distinctionmore broadly characterized as a distinction between expression and informationto the inputting of copyrighted works into databases then emerged. In A.V. ex rel. Vanderhye v. iParadigms, LLC, the Fourth Circuit ruled the constitution of a commercial database of student papers by the “Turn It In” plagiarism detection services a fair use: “the archiving of plaintiffs’ papers was transformative and favored a finding of ‘fair use.’ iParadigms’ use of these works was completely unrelated to expressive content and was instead aimed at detecting and discouraging plagiarism.” In a decision that in many ways presaged Google Books, the Second Circuit in Authors Guild v. HathiTrust, concerning library uses of their holdings, as digitized by Google, found the scanning and permanent storage of full copies of in-copyright books to further the ‘transformative use’ of allowing “data mining” of the contents of the books. Such uses are nonexpressive in two senses: they produce no new expression by the copying and storage entities, and the ‘mining’ of the scanned book seeks not to expose its expression, but rather to extract information.

In light of this progression, the decision in Google Books probably surprised no one, even though Google Books presented two ultimately nonsalient differences with HathiTrust. While the University of Michigan is a nonprofit educational institution, and (apart from a limited program for the visually impaired) it confined its use of the database to datamining so that it conveyed none of the scanned works’ contents to the public, Google is not a charitable entity, and its book search program communicated to the public “snippets” of the books. “A snippet is a horizontal segment comprising ordinarily an eighth of a page”; on a 24-line page, a snippet works out to three lines. The court accorded scant weight to the commercial nature of Google’s enterprise, stressing that the Second Circuit has “repeatedly rejected the contention that commercial motivation should outweigh a convincing transformative purpose and absence of significant substitutive competition with the original.” Distinguishing between outputs that convey information about the scanned book from outputs that convey its expression, the court ruled that neither the datamining uses nor the snippet views exploited the copied works for their expressive value.  Hence “the creation of complete digital copies of copyrighted works [results in] transformative fair uses when the copies ‘served a different function from the original.’”

With respect to the datamining uses there is a powerful argument that exploiting a work for its non-expressive information (bibliographic or bean-countinghow many times and in what works a given word or phrase appears) is not even prima-facie infringing, and that the digitization of lawfully possessed copies (loaned from the University of Michigan library) to create a database that enables nonexpressive, but progress-of-knowledge-enhancing outputs must therefore be equally free. By contrast, the snippet views did convey limited amounts of expression, but the court repeatedly emphasized the very constrained and controlled, “fragmentary and scattered,” “cumbersome, disjointed, and incomplete nature of the aggregation of snippets made available through snippet view.” As a result, “at least as presently structured by Google, the snippet view does not reveal matter that offers the marketplace a significantly competing substitute for the copyrighted work” (emphasis supplied). The court appears to be endeavoring to avoid slippery-slope expansion of the content or presentation of fair use-permissible snippets.

As currently constituted, the snippet views may well provide too little copyrightable expression to substitute for purchase of the full book, or for licenses of smaller, expression-bearing, increments of the book. But, as Appendix A to the court’s decision (reproducing a snippet view of one book) demonstrates, it is not clear that the snippets in fact offer sufficient “information about” the books to perform their “transformative” fair use function of allowing the user to ascertain whether the book is relevant to her purposes. More expression might better promote that objective, but might also risk displacing the potential licensing market for expressive excerpts. The decision upholds a status quo that may in fact satisfy neither authors nor users; the slippery slope thus may yet loom.

Similarly, in response to the authors’ concern that the database might be vulnerable to hacking, the court responded that “Google has documented that Google Books’ digital scans are stored on computers walled off from public Internet access and protected by the same impressive security measures used by Google to guard its own confidential information.” Less “impressive security” might doom a fair use defense, given the devastating consequences of unfettered access to reproduce and further communicate the full text of digitized works. Thus, while the court found that Google’s program did not present a sufficiently credible risk of harm, it is not clear who else’s programs could clear the decision’s high security bar.

The court’s cautious circumscription thus suggests that the Google Books decision does not herald a new extension of an already-expanded fair use defense, but (at least until a competitor with equivalent resources appears) is instead sui generis. The Second Circuit’s abstention from addressing some of the district court’s fair use analyses similarly betokens the decision’s modest scope.  For example, the district court embraced the long-spurned argument that defendant’s copying does the plaintiff a favor by bringing the work to greater public attention (“a reasonable factfinder could only find that Google Books enhances the sales of books to the benefit of copyright holders”), but the Second Circuit’s opinion forgoes such contentious flourishes.

That said, in cases involving complete copying of entire works, questions undoubtedly remain regarding the reach of the recasting of “transformative use” as a dichotomy between the provision of “information about” a copied work (likely fair use) and the communication of “expressive content” (less likely fair use, though defendant may still show that its use does not substitute for an actual or potential market for the plaintiff’s expression).  Indeed, if fair use turns on nondisclosure to the public of a digitized work’s copyrightable expression, then, if Google had scanned and stored millions of books, and used the content for internal purposes without permission but also without disclosing any outputs of any kind to the public, would its use still be “fair”?

[ *Author’s Note: Many thanks to June M. Besek, Executive Director of the Kernochan Center for Law, Media & the Arts, Columbia Law School.]

Following the Wisdom of the Crowd? A Look at the SEC’s Final Crowdfunding Rules

Posted in Crowdsourcing

This article provides a detailed overview of the final rules, Regulation Crowdfunding, which will be applicable to crowdfunding offerings conducted in reliance on Section 4(a)(6) of the Securities Act of 1933 as amended (the “Securities Act”), which was added by Title III of the Jumpstart Our Business Startups Act of 2012 (the “JOBS Act”), as well as to those intermediaries participating in such offerings. We do not address the proposed FINRA framework applicable to funding portals, which will be covered in a separate alert. All rule references, unless otherwise noted, refer to rules under Regulation Crowdfunding.

We will supplement this alert with a more detailed practical analysis comparing the various new offering exemptions available to issuers as a result of the JOBS Act.


Limit on Capital Raised

Consistent with the statutory limitations, Rule 100(a) provides that an issuer may sell up to $1 million in any 12-month period to investors in an offering made pursuant to the exemption. Of course, an issuer may consider conducting other exempt offerings in close proximity with its crowdfunded offering.  In calculating the amounts sold for purposes of the threshold, amounts sold by a predecessor or by an entity under common control with the issuer will be aggregated with the amounts sold by the issuer.

Individual Investment Limits

In the final rules, the Securities and Exchange Commission (the “SEC”) has modified the investor limits from those included in its proposed rules. The final rules make clear that the individual investor limit is an aggregate limit, which applies to all investments made by the individual over a 12-month period in crowdfunded offerings and not to a specific offering.

An investor will be limited to investing:

  1. The greater of: $2,000 or 5% of the lesser of the investor’s annual income or net worth if either annual income or net worth is less than $100,000; or
  2. 10% of the lesser of the investor’s annual income or net worth, not to exceed an amount sold of $100,000, if both annual income and net worth are $100,000 or more.

As we discuss below, the issuer can rely on the intermediary’s calculation of the investment limit; provided that the issuer does not have knowledge that the investor has exceeded, or would exceed, the investment limits as a result of participating in the issuer’s offering.

Offering through an Intermediary

An issuer would only be able to engage in an offering through a registered broker-dealer or through a funding portal, and an issuer can only use one intermediary for a particular offering or concurrent offerings made in reliance on the exemption.

The offering must be conducted online only through the intermediary’s platform, so that the “crowd” has access to information and there is a forum for an exchange of information among potential offering participants.

A “platform” is defined as “a program or application accessible via the Internet or other similar electronic communication medium through which a registered broker or a registered funding portal acts as an intermediary in a transaction involving the offer or sale of securities in reliance on Section 4(a)(6) of the Securities Act.”

Eligible Issuers

The ability to engage in crowdfunding is not available to all issuers. By statute, the following issuers cannot rely on crowdfunding transactions under Section 4(a)(6):

  • issuers not organized under the laws of a state or territory of the United States or the District of Columbia;
  • issuers already subject to Securities Exchange Act of 1934, as amended (the “Exchange Act”) reporting requirements;
  • investment companies as defined in the Investment Company Act of 1940 (the “Investment Company Act”) or companies that are excluded from the definition of “investment company” under Section 3(b) or 3(c) of the Investment Company Act; and
  • any issuer that the Commission, by rule or regulation, determines appropriate.

The final rules also exclude:

  • issuers disqualified from relying on Section 4(a)(6), or “bad actors;” and
  • issuers that have sold securities in reliance on Section 4(a)(6) and have failed, to the extent required, to make required ongoing reports required by Regulation Crowdfunding during the two-year period immediately preceding the filing of the required new offering statement; and
  • any issuer that is a development stage company that has no specific business plan or purpose, or has indicated that its business plan is to engage in a merger or acquisition with an unidentified company or companies.

Continue Reading

Building a Successful Social Media App: Four Lessons Learned From Snapchat

Posted in Disappearing Content

43909832_thumbnailSince its launch in 2011, the social media platform Snapchat has generated its share of negative press, with most of that press in some way related to the very characteristic that, at least initially, helped Snapchat to become popular among its mostly youthful user base: its “disappearing” messages feature.

Yet, despite reports that the app began as (and continues to be) a popular sexting tool, that Snapchat’s less-than-ironclad security measures resulted in the posting of millions of the app’s users’ personal information, and that Snapchat inaccurately represented its privacy and security policies, Snapchat was the fastest growing app in 2014 and is the third-most-popular social app among millennials.

So what accounts for Snapchat’s $19 billion valuation? According to senior Fortune editor Andrew Nusca, the social media company has employed a “well worn” business model: “marshal a captivated audience, sell advertisements against it, profit.”

Since that sounds a lot easier said than done—especially in light of Snapchat’s public missteps—we attempted to discern exactly how the company has managed to achieve those milestones. What has it done right?

There is, of course, no exact formula for success; surely the rearing of all unicorns involves some measure of magic pixie dust. But a close examination of Snapchat reveals certain strategies that tech entrepreneurs seeking to duplicate Snapchat’s success might wish to emulate.

1. Identify and pioneer a highly desirable feature.

Because they encourage spontaneity and reassure social network users that they’re not sacrificing long-term privacy, disappearing messaging apps have been popping up everywhere over the last couple of years. But Snapchat was one of the very first social media companies to recognize the appeal of ephemeral posts—the app was premised on the claim that photos and texts sent using Snapchat disappeared after 10 seconds—and being first never hurts, especially when it comes to attracting an audience.

In the last couple of years, however, doubts have arisen regarding Snapchat’s “disappearing messages” claims. Most notably, a 2014 Federal Trade Commission investigation concluded that, because several work-arounds exist, the company’s statements about its messages being ephemeral are essentially false.

Surprisingly, use of the Snapchat app continued to increase even as the scandal broke, perhaps because, by then, Snapchat had already become popular with teenagers, or because the company had already implemented even more “addictive” features (see numbers 2 and 3, below).

Nevertheless, Snapchat has since toned down its description of the app in the iTunes store—the description now clarifies that Snaps disappear “unless [the recipients of the Snaps] take a screenshot”—and the company is also taking steps to beef up security and convince users that it’s worthy of their trust.

2. Improve on a feature that has already proven popular with social media users.

Snapchat’s reputation as the first “disappearing message” app may have been responsible for marshalling its young audience, but the social media company’s innovative online video features are likely the reason that audience has stuck around.

As a medium that allows people to easily “satisfy their information and entertainment needs,” online video is one of social media users’ favorite features, industry experts agree. But the video functionality of many social media platforms has left a lot to be desired, according to some social media enthusiasts. Until now.

In his own video explaining Snapchat’s popularity, YouTube personality Casey Neistat explains what online video fans have always wanted most from social media platforms: “It’s never been about just sharing a moving image,” Neistat explains. “It’s about giving people an easy way to tell a story.”

With the introduction of Snapchat Stories, a feature that allows users to stitch several photos and quick videos together throughout their day to create a narrative, Snapchat “became the first company to figure out video on mobile,” according to Neistat.

Snapchat Stories also have an authentic, unedited quality that the platform’s young users really appreciate. “You can’t, like, lie,” one of the Snapchat fans in Neistat’s video explains, “It’s in the moment.”

“Snapchat is about now, not about photos with pretty filters or perfectly edited videos,” Neistat said. “It’s about sharing stories of your life with people who are interested.”

3. Create compelling content by leveraging human resources.

Recognizing that even the most sophisticated algorithms have limitations, many tech companies are starting to rely on human curators for their content, writes Time tech reporter Victor Lukerson, and Snapchat is no exception. Snapchat Live Stories, a feature Lukerson describes as the app’s “most addictive feature,” uses teams of actual people to choose from among as many as 20,000 user content submissions for each story. The curators create montages with narrative arcs by stitching together the best of the users’ photos and short video submissions.

Based on the numbers—Live Stories reportedly attract 20 million viewers in a 24-hour window—Snapchat’s use of human curators is clearly paying off.

 4. Give brands a unique and attractive way to advertise.

With privacy concerns at an all-time high, social media users may become less inclined to patronize sites that use personal data to serve targeted ads, predicts Forbes contributor Jayson DeMers.

That works for Snapchat. In contrast to most of the top social media platforms, Snapchat “has very little information about its users,” Time’s Lukerson reports. And Evan Spiegel, Snapchat’s CEO, has said that he doesn’t want to populate his platform with “creepy” hyper-targeted ads.

Snapchat’s abstention from user-info aggregation may or may not prove important to its youthful user base; the nearly 100 million daily users who continue to log in despite reports about the holes in the platform’s “disappearing messages” claim apparently don’t place as much of a premium on privacy as everyone originally thought.

The important part is that Snapchat has hit on another—potentially more lucrative—way to monetize its business. According to Lukerson, the company “is pitching advertisers the same way TV executives do: by touting the massive audience that can view a single piece of media at the same time.”

Advertisers love content that’s live, and Snapchat’s Live Stories are exactly that. Snapchat’s presentation of its live content in a linear feed makes it very much like live event feeds on television, a medium that Snapchat’s coveted demographic is slowly but surely abandoning.

Advertising on the platform is still risky. After just three seconds, 60% to 70% of Snapchat’s users stopped watching ads on the app. For that reason, some industry observers assert that Snapchat advertising is still probably best left to big brands with big advertising budgets.

And a big budget they’ll need. Snapchat has been tight-lipped about exactly what it’s charging, but, according to sources familiar with the business, the platform is selling $400,000 worth of ad space for a story generating 20 million views.



Now Available: The October Issue of Our Socially Aware Newsletter

Posted in Bankruptcy, Compliance, Discovery, Employment Law, FTC, IP, Labor Law, Litigation, M&A, Marketing, Mobile, Online Endorsements, Online Promotions, Online Reviews, Securities Law, Terms of Use

10-14-2015 3-48-13 PMThe latest issue of our Socially Aware newsletter is now available here.

In this issue of Socially Aware, our Burton Award-winning guide to the law and business of social media, we highlight five key social media law issues to address with your corporate clients; we discuss when social media posts are discoverable in litigation; we identify six important considerations in drafting legal terms for mobile apps; we take a look at the clash between bankruptcy law and privacy law in RadioShack’s Chapter 11 proceedings; we examine a recent federal district court decision finding “browsewrap” terms of use to be of benefit to a website operator even if not a binding contract; we outline best practices for employers’ use of social media to screen and interact with employees and conduct workplace investigations; we explore a Washington state court’s refusal to unmask an anonymous online reviewer; and we discuss Facebook’s recent update of its “Notes” feature.

All this—plus an infographic illustrating the growing popularity of video on social media.

Read our newsletter.


California Passes Four Bills Protecting Privacy Rights

Posted in Data Security, Privacy

California State on vector technology pattern BackgroundLast week was a big one for California’s privacy regime.

In a landmark move, Governor Jerry Brown signed into law four bills further protecting Californians’ privacy rights: Three strengthen the state’s data breach notification statute and impose restrictions on operators of automated license plate recognition systems (ALPRs), and one requires law enforcement to obtain a warrant for the collection of digital records and location.

A.B. 964, S.B. 570 and S.B. 34

California passed the nation’s first data breach notification law in 2003, and it has since incrementally increased the scope of personal data subject to the law and heightened obligations in the event of a breach.

Continuing this trend, on October 6, 2015, Governor Brown signed into law three amendments.

The first, A.B. 964, adds to the law a definition for the term “encrypted.” According to Assemblyman Ed Chau, the addition is meant to encourage businesses to adopt encryption standards.

The second amendment, S.B. 570, specifies the form and content of the notices that must be sent to consumers in the event of a breach. Notices must, for example, be titled “Notice of Data Breach” and present information under prescribed headings, such as “What Happened,” “What We Are Doing,” and “What You Can Do.”

The last bill in the trifecta, S.B. 34, includes information collected from ALPRs, when used in combination with an individual’s name, within the scope of personal information that falls under the breach notification law. That bill also requires ALPR operators to have reasonable security procedures and practices, as well as a privacy policy. S.B. 34 provides for a private cause of action for individuals harmed by violations.

S.B. 178

Just two days later, on October 8, 2015, Governor Brown signed CalECPA, which bars a state law enforcement agency or other investigative entity from compelling a business to turn over any metadata or digital communications—including emails, texts, or documents stored in the cloud—without a warrant.

The law also requires a warrant to track the location of electronic devices like mobile phones, or to search them.

Though a handful of states have warrant protection for digital content or for GPS location tracking, California is the first to enact a comprehensive law protecting location data, content, metadata, and device searches.

Status Updates: People-rating app proves unpopular; new tech automates compelling-photo selection; Twitter 101 for the political class

Posted in Cyberbullying, Marketing, Online Reviews, Status Updates

Bad reviews. On September 30th, the soon-to-be-launched app Peeple was described by the app’s co-founder, Julia Cordray, as a “Yelp for people,” that is, a people-rating platform that would allow users to assign number ratings to anyone—anyone at all, fellow Peeple user or not—as long as the critic was 21, had an established Facebook account, used his real name, and could provide his subject’s cell phone number. The Washington Post reported that “you can’t opt out—once someone puts your name in the Peeple system, it’s there unless you violate the site’s terms of service. And you can’t delete bad or biased reviews—that would defeat the whole purpose.” But by October 4th Cordray had changed her tune entirely, describing Peeple as a “positive only app” that will not allow a review to appear until it has been explicitly approved by the subject of the review. An outraged public can take credit for Cordray’s about-face. In the comments section of the Washington Post piece in which Cordray described Peeple’s original iteration, many readers expressed fear and disgust at the prospect of a site that would doubtless facilitate cyberbullying and, for some, encourage crippling self-consciousness. In other words, the very online lynch mob whose power Cordray hoped to profit from wound up turning on her. The irony of that did not go unnoticed. Cordray’s new version of Peeple, which she promises will be part of a “positive revolution” designed to fight back against the kind of online negativity she faced after the Washington Post piece was published, is expected to launch before the end of the year.

Picture perfect. Any social media marketing plan necessarily includes these two goals: Identify your target audience, and attract and engage that audience with compelling content. We’ve written about how neural networks are facilitating marketers’ use of photographs to help find target audiences by automatically identifying the products being used and the activities being undertaken by the subjects of photos posted to social media. Now, companies like EyeEm Mobile GmbH and Neon Labs Inc. are rolling out software to help marketers choose photographs that will engage those audiences with attractive content. The technology that these companies have developed automatically identifies images with qualities that potential customers are likely to find compelling. The software, according to the Wall Street Journal, identifies “patterns common to images selected by professional photographers” or “characteristics shown to trigger brain activity in neuroscience experiments.” The human eye has proven to be more attracted to photographs in which the subject appears to be speaking in mid-sentence, for example, or in which the subject appears to be attracted to something happening offscreen. Since EyeEm debuted two months ago, the startup’s customers have enjoyed a 30% increase in interaction with their online content. The software works for online video posts, too, helping companies to select the most compelling frames for posting. Neon Labs reports that its partners and customers “made 16% to 40% more revenue on their videos due to increased clicks.”

The powers that tweet. Twitter has a handbook explaining its platform to people running for elected office and it runs just under 140 characters pages. That’s right, the social media company notorious for its draconian limit on post lengths took 136 pages to “make sure that people feel empowered with the full story of what Twitter is,” according to NPR’s interview with Bridget Coyne, one of the people responsible for the manual’s compilation. Coyne told NPR that the creators of the “wildly popular” guide went into painstaking detail explaining how the platform works because they “didn’t want to make assumptions.” Still, it’s difficult to comprehend how the manual’s target audience—whom Coyne says includes congresspersons, chiefs of staff and Congressional interns—aren’t likely to be insulted by a manual that dedicates whole pages to topics such as, for example, “The Anatomy of a Tweet,” complete with numbered illustrations pointing out which part of a Twitter post constitutes the “profile photo” and which part is defined as the “tweet text.” Nevertheless, Coyne insists that Twitter continues to get positive feedback about the manual, and says she hopes to eventually publish a second version of it explaining new Twitter features like Periscope. Does all this mean an end to political scandals due to Twitter misuse? Count us skeptical.

ECJ Safe Harbor Opinion Has Implications for All Data Transfers Out of Europe

Posted in Privacy

Yesterday the European Court of Justice (ECJ) followed the core of the Opinion of the Advocate General (AG) in Schrems v. Data Protection Commissioner (Case No. C-362/14).

In sum, the ECJ held that:

1. Member State Data Protection Authorities (DPA) must be allowed to:

  • examine complaints from individuals regarding the treatment of their personal information by other countries;
  • bring cases to court to question the validity of adequacy decisions; and
  • suspend the transfer of personal information to other countries when they believe it is appropriate.

2. The Safe Harbor Decision is invalid because:

  • US companies may provide information to the US government to protect national security, public interest or law enforcement requirements;
  • The US does not provide European individuals with the ability to obtain judicial redress in the US; and
  • The European Commission overstepped its authority by limiting the bases on which DPAs could suspend transfers to the US.


Lock and globe on white background. Isolated 3D imageThis decision opens the door for every DPA to evaluate whether other countries outside the EU provide adequate protection for personal information. The Standard Contractual Clauses (SCCs) specifically give the DPAs the authority to prohibit or suspend transfers to other countries when the DPA determines that the laws of the other country are insufficient to protect privacy. Similarly, the adequacy decisions for Switzerland, and Canada and Argentina all provide authority for the DPAs to suspend transfers to these countries. Thus, the ultimate effect of the ECJ decision is to remove certainty and disrupt harmonization across the European Union and allow each DPA to decide for itself what cross-border transfers are permissible.

Moreover, because the invalidation of the Safe Harbor Decision was based, at its core, on a finding that the U.S. does not provide adequate protection for personal information, that same logic can be applied to every other adequacy mechanism such as Binding Corporate Rules (BCRs) and the SCCs. Thus, a second result of the decision is that none of the existing adequacy mechanisms is a safe bet at the moment because the DPAs now have authority to independently determine if the recipient country, such as India, Brazil, China or the U.S., provides appropriate security (independent of the adequacy mechanism).

This decision demands a political solution that addresses the following points:

• The EU and the U.S. must agree on what protections will be sufficient to protect personal information. It is worth noting that on September 8, 2015, the EC and the U.S. agreed on privacy safeguards to govern the exchange of personal information in the context of cooperation between law enforcement agencies. If the safeguards that the U.S. and the EC are willing to implement are adequate in the context of direct sharing of personal information between law enforcement authorities, surely those safeguards should also be adequate when U.S. companies transfer data to law enforcement. By not agreeing to these safeguards at the appropriate governmental level, companies are forced to either violate the European data protection rules and share the personal information as lawfully ordered by U.S. authorities, or they can refuse to share the information and be at risk of penalties for not responding to a lawful request from the U.S. government. This type of catch 22 situation will not be solved under the draft Data Protection Regulation. The issue will only be exacerbated as violations of the European privacy rules will carry the risk of a fine of 2% of a company’s global revenues.

• A consensus must be reached within Europe regarding whether harmonization is a priority and how important having a single market for the sharing of data will be.

Practical Implications for Companies

Companies have only a series of bad choices before them:

• They can take steps to immediately substitute another adequacy mechanism for the Safe Harbor such as BCRs or SCCs. This, however, will leave them entirely vulnerable to any DPA taking the position that the recipient country does not provide adequate protection and thus suspending or prohibiting the transfer based on those other mechanisms.

• Companies could state that they will not allow any government access to personal information received from Europe and then potentially place themselves at risk of ignoring a valid government request such as a subpoena or court order.

• Companies could elect to seek consent from all individuals whose information is collected in Europe, which in many circumstances is expensive, difficult and impractical (and is often a problem for employee data).

In a press conference today, the European Commission stated that it perceives the ECJ’s ruling as confirming the Commission’s approach to the renegotiation of the Safe Harbor and that, in the meantime, transatlantic data flows can continue using other mechanisms available or exceptions provided for under EU law (e.g., performance of a contract, public interest, consent). The Commission intends to work closely with national DPAs and will issue “clear guidance” on how to deal with data transfer requests to the US in light of the ruling, to avoid a patchwork of contradictory decisions. While reiterating the importance of protecting personal data, the Commission set as a priority to ensure that data flows can continue, as they are the “backbone” of the EU economy.

Just as with the whistleblowing hotlines a few years ago, the ECJ opinion has brought into clear view the conflict of laws between Europe and the U.S.. Companies may spend a tremendous amount of time and money in the next few weeks seeking an alternative that just does not exist.

Waiting to see how this settles in the next few weeks may be the wisest course of action.