Header graphic for print

Socially Aware Blog

The Law and Business of Social Media

Negotiating Cloud Contracts

Posted in Cloud Computing

The cloud computing market is evolving rapidly. New as a service (aaS) platforms are appearing and the dichotomy between public and private cloud domains has been fractured into many different shades of hybrid cloud alternatives. And while many of the key issues – privacy risk, data location, service commitment – remain the same, service providers’ commercial offerings are becoming more flexible.

Over the past 18 months, we have even started to see changes in the “take it or leave it” approach to cloud contracts. Negotiations of cloud contracts have started to occur. But at this stage in cloud computing’s evolution, even more so than for traditional ICT contracting, the key is to know what can be negotiated and how much.

Cloud Market

The global cloud computing market is reportedly worth approximately $157 billion in 2014, and is expected to reach $290 billion by 2018. The market is growing at an annual rate of almost 50%. North America continues to represent the largest share of the global cloud market with over 50% of the market, followed by the EMEA region with approximately 29%.

Software as a service (SaaS) is still the biggest sell, followed by infrastructure as a service (IaaS) and platform as a service (PaaS). The Big 3 aaS cloud offerings represent 90% of the global cloud market according to a recent survey.

Flexibility and cost savings are still the main drivers for customers selecting cloud services – while security and privacy remain the top concerns. Interestingly, some customers are starting to consider cloud offerings as a means of improving the security of their data, taking the view that leading cloud providers have more expertise in protecting data and are able to invest more heavily in evolving technologies.

As the cloud market continues to grow in volume terms, the diversity of the market offerings is also increasing.  There is more competition than ever before in most of the main cloud market segments, with well-publicized price cuts, more service offerings and many, if not most, software providers examining ways to move into service-based offerings. Traditional market leaders, such as Microsoft and IBM, experience year-on-year growth. Reputation and cost are the key factors in cloud vendor selection, followed by performance assurance related issues.

In general, most large cloud providers are showing a renewed focus on multinational clients and also want to move up the value chain and target larger institutional clients. Outsourcing arrangements now increasingly encompass a cloud computing element, and some cloud providers are prepared to offer managed services to mimic elements of so-called “traditional” outsourcing.

Genuine adoption by regulated entities, especially financial services institutions, is the next big target; although the take-up is not helped by the reticence of regulators in some key global markets (with the notable exception of the United States) to provide a road map to assist regulated entities’ engagement of the cloud model.  Nevertheless, reticence to adopt a multi-tenanted cloud solution in regulated sectors is being eroded by the availability of aaS models available through virtual private cloud services and dedicated servers.

Cloud Contracts

It remains axiomatic that contracts for cloud computing services are generally implemented on the provider’s terms. Even projecting forward at the current rate of evolution, it is hard to see that core principle changing.  However, contract terms are increasingly negotiable to some extent; although the degree of negotiability pales in comparison with the contracting model in traditional services-based outsourcing.

In our experience there continues to be a (resigned) acceptance from most customers of the providers’ terms, i.e., the terms are what they are, and there’s a general recognition that that is the place to start. After all, if a customer organization expects customization of services and a genuine negotiation of service terms, then maybe the cloud is not the right place to be considered as a solution for those specific services.

Nevertheless, we have experienced greater negotiability compared to 18 months ago, and we anticipate that trend continuing in the future. The contracting areas where we perceive the most scope for negotiation tend to be commercially oriented issues such as price, privacy and security, scope and service levels, and liability caps. Technical areas, such as the variability of service elements that depend on specific data center features, do not lend themselves to negotiation because the shared service nature of cloud facilities limits the ability of providers to agree on changes in those areas. These are areas where customers often show their naivety of how cloud computing works by asking for changes that directly contradict the commoditized nature of the service offering.  That said, some providers do not help themselves by justifying their refusal of almost every requested change based on the invariability of the technical solution, even when an issue is plainly commercial and not technical.

Among the key issues that recur in cloud contract negotiations are:

  • Customer control and visibility over subcontracting: there is a general reluctance of providers to allow approval of, or even to identify, subcontractors.  Often, that can be for very good reasons, especially in a public cloud situation;
  • The limitation of the provider’s ability to change the nature of the services provided. Again, there may be very valid reasons for this depending on the nature of the services, but, typically, the negotiation ought to focus on the commercial implications of such changes rather than the basic right itself;
  • Privacy and data security commitments by the provider;
  • Rights of the provider to suspend services under circumstances such as non-payment or violation of an acceptable use policy;
  • Limitation of liability;
  • Termination assistance provisions allowing the customer to extend service for a period after termination or expiration to allow migration to the replacement solution; and
  • The stretching of some common contracting provisions into some pretty unfamiliar directions. One motto to bear in mind when reviewing cloud terms is “never assume that you know what’s in a provision based on its heading.” Force majeure provisions are a good example. You may have thought that it would be hard to reinvent force majeure, but in some cloud instances force majeure seems to be elastic-sided enough to capture “changes in the taxation basis of services delivered via the Internet” as a force majeure event.

Another area where some providers have not helped their industry’s cause is in the proliferation of complex, multi-document contract structures which are often poorly updated and oddly worded. Customers need to wade through the many pieces of paper and URL links, and with a lack of consistency among the documents frustration mounts and patience wears thin. These multi-layered contract structures are unwieldy and often, when quizzed, even the providers’ representatives cannot navigate their way around them. It would be beneficial if the cloud industry generally – and some notable large cloud providers specifically – were to address this contracting approach over the next couple of years.

Privacy and Security

MoFo’s Global Privacy Group has already written extensively about the privacy implications of moving data to the cloud. The conjoined issues of privacy and security remain center stage in most cloud contract negotiations. The key issues generally are who is responsible for data security and how obligations should be allocated between service provider and customer. Importantly, there may be a different analysis between different types of cloud services, e.g., between IaaS and SaaS for example. But it is worth understanding the exact commercial and legal implications of a provider that commits only to be responsible for the “security of our network” and expects its customer to be responsible for the “security of its data.”

Typically, of course, providers are more willing to take responsibility for the integrity of their networks, while attempting to steer clear of obligations in relation to data. However, some service providers now accept that a failure to improve their privacy offerings may compromise future growth in certain markets and be a competitive disadvantage.

So, for example, there is an increased willingness to adopt the EU model clauses for data transfer, and most of the large cloud providers are reacting to commercial pressures from Europe-based clients to offer services from ring-fenced European data centers. Despite this, there is still a lack of appreciation among many customers of the difference between commitments in relation to data “at rest” (i.e., where the data are stored) and where data can be accessed from.

Performance

In general, most cloud contracts are still relatively light in terms of service level commitments, with availability being the main measurement metric. There is no sign yet of widespread (or, indeed, early stage) acceptance of the EU’s standardized SLA suggestions.

In terms of remedies for service failure, the concept of providing credit via further services or contract extension is still prevalent despite the illogicality (from a customer perspective) of accepting more of the same as a service remedy.

Conclusion

The old maxim “Be careful what you wish for” applies to the cloud market at this stage of development. Many commercial users of cloud services have chafed at the “take it or leave it” approach to cloud contracts. But, now that some degree of negotiation is becoming possible in some areas of the cloud market, it is clear that users need to understand more than ever what can realistically be negotiated.

At the same time, users need to clearly distinguish their reasons for adopting cloud solutions in the first place and understand the specific sector of the market that they are seeking to access. If users perceive the risks to be so great that contract negotiation seems essential before putting services in the cloud, it is possible that they need to consider whether the services that they have in mind properly belong there in the first place.

In general, customers need to approach cloud computing transactions with realistic expectations. It is unrealistic to expect to re-negotiate a provider’s cloud contract terms materially on a project with a relatively low cost/value.  Providers are either technically constricted or simply commercially unwilling to devote expensive commercial management time or legal resources to negotiate the terms of a project with a relatively low margin or revenue generation.

 

 

What Are the Rules of the Advergame in the UK?

Posted in Online Promotions

Advergames are online video games that are created in order to promote a brand, product or organization by immersing a marketing message within the game. They are typically accessed via an organization’s website or app, or via a social media platform. Advergames are not particularly new. The concept of advertising via gaming has been around since the 1980s and the term advergame was included in Wired magazine’s Jargon Watch column back in 2001. In the early days of the advergame, though, the medium was generally embraced by brands that targeted the youth market.  These days, the growth of tablets, smartphones and mobile apps, as well as the rise in popularity of online gaming, has led to the increased adoption of advergames by a wide variety of organizations, including charities, financial services firms, car manufacturers, toy makers and government agencies.

Given the increased challenges of traditional advertising, advergames are considered a great way to help increase brand awareness and engagement—whether an organization is promoting a new product, educating, trying to grow its market, carrying out market research, or reaching out to prospective recruits. A key benefit of advergames is that users interact with a brand for far longer than they would with traditional forms of advertising. The best advergames can go viral and provide worldwide exposure and a shelf-life much longer than that of a traditional advert. For example, in 2013 Chipotle, the Mexican fast food chain, published a Scarecrow advergame that was downloaded 250,000 times within four days of its release.

In this post, we will consider some of the legal issues that organizations operating in the UK will need to consider when employing advergames as a marketing tool.

Advertising Rules

The first issue that an organization will need to consider is compliance with applicable advertising rules, as advergames are very likely to be regarded as advertising. That’s certainly the case in the UK.

In May 2012, the Advertising Standards Agency (ASA), the UK’s independent regulator of advertising, published guidance on the use of advergames. In the guidance, the ASA made clear that advergames in paid-for space online are covered by the relevant rules of the UK Code of Non-broadcast Advertising, Sales Promotion and Direct Marketing (the CAP Code). In addition, advergames that are made available on an organization’s website or app or via a social media platform under the organization’s control, and that are directly connected with the supply or transfer of goods, services, opportunities or gifts, must comply with the CAP Code.

Particular issues arise when advergames are considered appealing to children. The CAP Code includes an overarching principle that marketers must be careful when addressing children in marketing, and must bear in mind that children’s understanding of, and reaction to, marketing communications will be affected by their age and experience, and the context in which the message is delivered. The CAP Code also requires that advertisements be obviously identifiable as such. When deciding whether an advergame complies with this rule, the ASA will consider the context in which the advergame is made available; any references to the product, brand or organisation in or around the game; and the target audience.

To date, many of the complaints made to ASA about advergames concern their use by food manufacturers to promote foods perceived to be unhealthy. Under Rule 15.11 of the CAP Code, advertisements must not condone or encourage poor nutritional habits or an unhealthy lifestyle in children. In addition, Rule 15.15 states that, in general, food advertisements that are targeted directly at pre-school or primary school children must not include licensed characters or celebrities popular with children.

By way of example, in 2012, the ASA considered a Krave cereal advergame made available to Facebook users who had, via their Facebook profile information, confirmed themselves to be aged 16 or over.  The advergame featured a character, the Krave Krusader, which players controlled in order to collect chocolate and score points. The complainant considered that the advergame encouraged poor nutritional habits and an unhealthy lifestyle in children in breach of the CAP Code. However, the ASA rejected the complaint, precisely because the advergame was targeted at Facebook users over the age of 16.

In the same year, the ASA considered advergames published on the website of a confectionary manufacturer, www.swizzels-matlow.com. It held that a “Cola Capers” game that was (i) relatively long in duration, (ii) aimed at young children, and (iii) condoned eating a large number of sweets while hiding such consumption from the user’s parents irresponsibly encouraged poor nutritional habits and an unhealthy lifestyle in children. In addition, it held that certain games involving the character Scooby Doo were aimed at primary-school children and therefore in breach of the CAP Code.

It only takes one complaint for the ASA to investigate an advergame, and if the ASA upholds the complaint, the offending advertisement is very likely to be banned. As the ASA is a non-statutory body it does not have the power to fine advertisers or take advertisers to court.

However, some parties want more action. In March 2014, the UK’s Local Government Association (LGA), which represents almost 400 councils in England and Wales, called for pop-up health warnings to accompany “addictive” advergames used by food firms “targeted at children.” The ASA responded to this call by making reference to its recent bans and stating that it would not hesitate to ban any other advergames that breached the CAP Code. However, in May 2014, the University of Bath’s Institute for Policy Research issued a policy brief, Advergames: It’s not child’s play, looking at the use by food firms of advergames to promote high-salt, high-sugar and high-fat food and drink products. The brief concluded that children up to the age of 15 do not recognize that advergames are advertising, and called for various actions, including an obligatory, clear, uniform labelling system for all children’s advergames. So, as you can see, this issue is not going away.

Other Issues

It’s not just a question of advertising rules. Some of the other key issues advertisers will need to consider when launching an advergame include:

  • Terms of use for the advergame
  • Privacy and data protection laws
  • Consumer protection rules
  • Industry regulations affecting advertisements and promotions
  • App store rules and restrictions
  • Prize promotion rules
  • Intellectual property rights in the advergame
  • Ownership of data
  • Contracts with third-party providers (e.g., the game developer)

Conclusion

Advergames are a fun, interactive marketing tool. However, it’s important to comply with all applicable rules to make sure that your advergame doesn’t give you publicity for all of the wrong reasons.

 

 

Status Updates

Posted in Status Updates

Facebook fit. It’s been said that a species’ evolutionary success depends more on its adaptability than any other trait. That apparently holds true for a social media platform’s staying power, too. Facebook continues to flourish despite two hugely disruptive developments that, at least in theory, should have had a negative impact on its standing in the social media landscape: the proliferation of other social media platforms, and web surfers’ sudden and dramatic shift from desktop computers to mobile devices (and the resulting decrease in the value of cookies for tracking web surfers). According to Forbes, a key to the social media giant’s resilience may be Facebook Login. Rolled out in 2008 as Facebook Connect, Facebook Login allows its users to sign onto apps and other web sites by using their Facebook information, thereby eliminating a Facebook user’s need to remember or re-enter user names and passwords. The fact that Login allows advertisers to track Facebook users across platforms: (1) eliminates the need for cookies; and (2) means that Facebook users’ information remains valuable to advertisers whether or not the users spend their digital hours on Facebook itself. And, according to a recent report, adoption of Login by major websites continues to increase, further bolstering Facebook’s ability to weather future disruptions in the social media industry.

All’s a-twitter. Having been retweeted more than 3.3 million times—more than any other tweet—Ellen DeGeneres’ Oscar selfie was designated “The Golden Tweet” by Twitter’s chief communications officer in his year-end roundup of the social media platform’s 2014 highlights. The most popular hashtags on Twitter this year included #BringBackOurGirls, in response to the mass kidnapping of young females in Nigeria, and #BlackLivesMatter, regarding the Ferguson protests. The deaths of Maya Angelou, Phillip Seymour Hoffman and Robin Williams were also the subject of a significant number of tweets in 2014.

Are we less social? Social media may have peaked in the United States, a survey by the British telecom regulator Ofcom shows. Fifty-four percent of the 1,000 U.S. adults who participated in the survey reported visiting a social network at least once a week, compared to the 56% who reported having done so in 2013. That’s hardly enough to warrant sounding the U.S. social media death knell, however, especially when you consider that—according the analytics company comScore—the total U.S. Internet population increased 10.6% from 225.3 million to 249.4 million last year. The decline in weekly social media use among the British from 2013 to 2014 was much more significant, according to Ofcom; the number of UK residents making weekly network visits dropped from 65% to 56% over that period. For what it’s worth, 89% of the team here at Socially Aware is skeptical.

Hot Off the Press: The December Issue of Our Socially Aware Newsletter Is Now Available

Posted in Copyright, Infographic, Internet of Things, Litigation, Privacy, Terms of Use

The latest issue of our Socially Aware newsletter is now available here.

In this issue of Socially Aware, our Burton Award-winning guide to the law and business of social media, we look at several topics surrounding the proverbial online thumbs up, including the emerging legal status of Facebook likes and similar social media constructs; Facebook’s recent prohibition of the popular business practice of offering discounts, exclusive content and other incentives in exchange for liking a company’s Facebook page; and Facebook’s crackdown on the practice of buying phony likes. We realize though that likes aren’t everything, so we also explore the legal framework for moving personal data to the cloud; we examine clickwraps vs. browsewraps in relation to the implementation and enforcement of online terms of use; we discuss the new California privacy law revisions impacting website and mobile app operators directing their services to minors; we take a look at the new infringement exceptions in the United Kingdom; and we highlight a recent decision in the UK granting a website-blocking order against certain ISPs in a case involving counterfeit goods.

All this—plus an infographic about—what else?—Facebook likes.

Read our newsletter.

Status Updates

Posted in Status Updates

An undercover app. Internet innovators have for some time been trying to cash in on the public’s mounting desire for anonymous messaging platforms, with varied success. As we recently noted, at least 11 students at colleges around the country have been tracked down and arrested for threatening violence on the purportedly anonymous messaging app Yik Yak. Now, the entrepreneur behind OneOne – the latest app to hit the anonymous messaging market – claims that his product will succeed where Yik Yak’s has apparently failed. That’s because, OneOne founder Kevin Abosch says, while other so-called anonymous messaging apps rely on strong encryption to protect users’ data, OneOne actually ensures that messages sent using the app are not traceable back to the message sender’s or receiver’s devices. OneOne users aren’t required to establish OneOne accounts, and can begin exchanges by sending a recipient a link. The thread at the link can be deleted at any time, and automatically disappears after 24 hours. Abosch expects that OneOne will be popular among professionals who typically discuss sensitive information.

App trapped. Instant messages are on their way to becoming the modern-day equivalent of lipstick on a collar, at least in Italy. According to the Italian Association of Matrimonial Lawyers, nearly one-half of all divorce proceedings in Italy involve evidence found in messages sent using Facebook’s recently acquired messaging service, WhatsApp. While Italian men aren’t necessarily more likely to be unfaithful than Italian women, they are more likely to unwittingly disclose their infidelity via WhatsApp messages. That’s because men are more likely than women to save photos and messages so they can revisit them, the association’s president says. Maybe these folks should have used OneOne?

A like from Liam. The marketing team at 20th Century Fox is using an unconventional social media platform to promote actor Liam Neeson’s new flick, Taken 3: the business-oriented networking site LinkedIn. Capitalizing on some of the more famous lines that Neeson’s Bryan Mills character spoke in the first Taken movie – “[W]hat I do have are a very particular set of skills, skills I have acquired over a very long career. Skills that make me a nightmare for people like you” – the film studio is conducting a contest. The prize: Neeson, in character as Bryan Mills, will endorse one fortunate fan’s particular set of skills as described on LinkedIn.

Status Updates

Posted in Status Updates

Instagrowth. Instagram’s relationship with Facebook is turning out to be mutually beneficial. Since Facebook bought Instagram for $1 billion in 2012, the photo sharing platform has passed the 300-million-user mark, surpassing Twitter’s 284 million active-user base. Instagram CEO Kevin Systrom attributes his social media company’s growth to its decision to translate its app into more languages—there are now 210 million Instagram users outside the United States—and Instagram’s acquisition by Facebook, whose growth team’s efforts have supplemented the work done by Instagram’s own small team dedicated to increasing the social platform’s popularity. For its part, Instagram has grown into an incredibly valuable asset—according to some estimates, its 300 million users translate into a valuation of approximately $12 billion—as well as a means of keeping its parent company in touch with younger users, who have been abandoning Facebook in droves in favor of newer messaging apps and social media platforms.

Road rules. These days, recorders on automobiles track everything from a driver’s location to her braking habits and seatbelt use. In the interest of maintaining automobile consumers’ trust, two of the auto industry’s biggest trade groups have agreed on a set of principles specifying how automakers may use, store, and protect the information their products collect about the people who drive them. The automakers’ agreement, which is set to take effect in January 2016,  calls for the companies to adopt policies for their cars that are similar to the privacy policies typically found on websites. While the privacy principles don’t prescribe exactly what auto manufactures may do with drivers’ data—they require only that the information be used for “legitimate business purposes”—the guidelines do specify that manufacturers will not disclose customer location intelligence to law enforcement without a warrant. The manufacturers themselves have categorized the  guidelines as minimum requirements that auto makers will build upon as they compete to stay in automobile buyers’ good graces.

A digital chaperone? Facebook is developing an algorithm that will run interference between users and their networks when it identifies material in a post that has the potential to compromise the poster’s public image or reputation. Using “deep learning,” a type of artificial intelligence, the system will notify Facebook users when they are about to post something that will portray them in a less-than-optimal light (a drunken selfie, for example) or when other users post unauthorized photos of them. Since such a system will require technology with human-level intelligence, it will likely take a long time to become a reality.

So You Think You Have a Contract? Website Terms and Unconscionability

Posted in Litigation

We have written previously regarding the pitfalls of online contract formation, including where website operators fail to implement website terms in a manner that requires users to expressly accept such terms. A recent California case, however, shows that even a properly formed online contract may be unenforceable if its terms are found to be overly harsh and one-sided. Given that website terms are routinely drafted to be favorable to the website operator rather than the user, this case serves as a reminder that contract formation is not the only issue that must be considered when discussing the enforceability of online contracts. 

The case, MacKinnon v. IMVU, Inc., was brought as a putative class action by plaintiff Peter MacKinnon, a user of defendant IMVU’s instant messaging virtual universe. The IMVU application allows users to create avatars that can interact with other users’ avatars. Users can also acquire products for their avatars using online credits, which are purchased with real money. The available products include audio products created by users who submit them for inclusion in IMVU’s virtual catalog.

MacKinnon joined IMVU in October 2009. Shortly after joining, MacKinnon became aware of an IMVU policy first announced in 2008 stating that, because of bandwidth issues, any “new [audio] products submitted . . . would be cut down to 20 seconds.” MacKinnon subsequently spent hundreds of dollars for IMVU audio products, which he tested to ensure that they were “full length and had not been limited by IMVU to 20 seconds.”  However, on January 31, 2011, IMVU applied the 20-second limit to all audio products, allowing refunds only for purchases made on or after December 1, 2010.

As a result, on June 6, 2011, MacKinnon filed a seven-count first amended complaint against IMVU, asserting claims for violation of various consumer protection statutes, as well as for conversion, breach of contract and negligent misrepresentation. While MacKinnon asserted a large number of claims, they were all premised on the underlying theory that IMVU misled users into believing they would be able to play the full-length versions of the audio products they purchased as long as they used IMVU. The lower court dismissed MacKinnon’s first complaint and then sustained a demurrer as to his second complaint, holding that the IMVU Terms of Service (the “Terms”) unambiguously allowed IMVU to truncate audio products. MacKinnon appealed. 

The Court of Appeal first noted that, in order to create an IMVU account, a user must click a “Create My Account” button, which is accompanied by text stating “by clicking Create IMVU Account you are indicating that you have read and agree to the Terms of Service Agreement and Privacy Policy.” A link to the Terms and the IMVU privacy policy are also provided. Unlike courts in some prior cases, the court in MacKinnon did not delve into the contract formation issues that this type of terms-of-service implementation can raise. Instead, the court seemed to take as a given that MacKinnon accepted the Terms and proceeded to interpret the meaning of the contract formed between MacKinnon and IMVU.

The court noted that the Terms expressly provided that “all virtual products are non-refundable” and that this provision would apply to the audio products in dispute. Further, the Terms unambiguously authorized IMVU to unilaterally remove or change such products without offering any compensation. If enforceable, therefore, the Terms would undermine the majority of MacKinnon’s claims, since—as noted above—the fundamental harm complained of was IMVU’s allegedly misleading and unauthorized truncation of the audio products. This is where the case gets interesting, and potentially troubling for website operators.

Among MacKinnon’s claims were that the Terms were unenforceable because they were unconscionable, and that IMVU had breached the covenant of good faith and fair dealing under California law. First the court examined whether the Terms were procedurally unconscionable. The court noted that there was at least a degree of procedural unconscionability, given that the Terms were provided on a take-it-or-leave-it basis with no opportunity for MacKinnon to negotiate, but that the availability of market alternatives to IMVU’s service, the non-essential nature of the service, and the fact that the no-refund provision was not hidden within the Terms all suggested that only a low degree of procedural unconscionability was present.

After determining that there was a low degree of procedural unconscionability, the court examined whether the Terms were substantively unconscionable. The court observed that “[s]ubstantive unconscionability pertains to the fairness of an agreement’s actual terms,” and noted that contracts must not impose terms that are “overly harsh,” “unduly oppressive,” or one-sided to a degree that would “shock the conscience.” The issue at hand was whether IMVU’s no-refund provision, which permitted IMVU to alter or even entirely remove audio products that users had paid for, met this standard for substantive unconscionability. The court held that, on the record in the case, it could not make a determination one way or the other on the unconscionability issue, which would require analysis of the no-refund provision’s “commercial setting, purpose, and effect.” Accordingly, the court concluded that the lower court had erred in holding that the Terms were conscionable (and, therefore, enforceable) as a matter of law. Given this holding, the court also rejected the demurrer as to MacKinnon’s unconscionability-based claim under the California Consumer Legal Remedies Act.

With regard to MacKinnon’s claim for breach of the covenant of good faith and fair dealing, the court noted that, where a contract grants one party discretionary power, that party is required to exercise such discretion in good faith and in accordance with fair dealing. At the same time, however, “courts are not at liberty to imply a covenant directly at odds with a contract’s express grant of discretionary power except in those relatively rare instances when reading the provision literally would, contrary to the parties’ clear intention, result in an unenforceable, illusory agreement.” In this case, the no-refund provision granted IMVU discretionary power to alter or remove audio products and, if the provision was enforceable, then “no covenant of good faith and fair dealing can be implied which forbids” IMVU from exercising that power. In light of MacKinnon’s assertions of unconscionability, however, the court held that MacKinnon had successfully stated a claim for breach of the covenant of good faith and fair dealing.

Finally, the court held that MacKinnon was entitled to amend his false advertising law and misrepresentation claims to state a cause of action based on the September 2008 announcement. In addition, the court held that MacKinnon was further entitled to reassert conversion and breach of contract claims. However, the court upheld the dismissal of MacKinnon’s breach of warranty claim under the Song-Beverly Act because MacKinnon did not purchase the audio products in California (MacKinnon resides in Utah). 

It remains to be seen how the superior court will rule on MacKinnon’s claims and, in particular, whether the no-refund provision in the IMVU Terms will ultimately be held to be unenforceable.  In the meantime, given that website terms often include provisions that are seemingly no more “harsh,” “oppressive” or “one-sided” than was the IMVU no-refund provision, website operators may wish to review their existing terms in light of the MacKinnon case. In particular, MacKinnon suggests that unilateral amendments of website terms that impact users’ previous purchases without adequate compensation may be suspect.

Status Updates

Posted in Status Updates

Block party. Twitter has revamped its anti-harassment policies to make it easier to report harassment on the network or to block another account. The change follows recent highly-publicized instances of “Twitter harassment,” such as the Gamergate controversy, in which certain prominent women in the videogame industry reportedly became targets of harassing tweets. Twitter users will now be able to flag a wide variety of problems, including harassment, impersonation, and threats of self-harm or suicide, even if directed at someone else. Twitter has also changed how blocked accounts work to make it easier to avoid abusive users. While these steps may not keep harassment off the network entirely, they seem to be a step in the right direction.

See you on the dark side. The term “dark social” refers to the social sharing of content outside of social media platforms in such a way that it cannot be measured by Web analytics programs – for example, sending of a link via online chat or email. Studies have shown that between 60 percent and 70 percent of all sharing is “dark,” but when people self-report on their sharing habits, the dark social percentages are much lower. In a recent study, only 32 percent of consumers reported that they share through dark channels. Perhaps sending links in email or SMS chat is so commonplace that people aren’t even aware that they’re doing it. In any event, online marketers are keenly interested in strategies to harness this dark sharing.

Facebook ’em, Danno. A Houston-area man, Jeff Turner, was expecting a package from FedEx—a Houston Rockets sweater for his son—and never received it. Luckily, he had surveillance video from his front door area that showed someone taking the sweater. Who did it? Enter Facebook. Turner put the surveillance footage on his Facebook page, and another Facebook user recognized the thief. The miscreant, a local teenager, was found mowing the lawn at a nearby house and the sweater was recovered. Yet more proof that you can’t escape the long arm of social media!

 

 

 

Status Updates

Posted in Status Updates

Yik Yak arrests.  For several months now we at Socially Aware have been writing about how college students have been using the purportedly anonymous messaging app Yik Yak to communicate deeply offensive remarks and threats of violence.  Now The Huffington Post reports that students at seven universities have been arrested for doing just that.  Since September, at least 11 students at colleges including the University of Georgia and Penn State have been charged with everything from unlawful use of a computer to harassment for using Yik Yak to threaten violence.  Police and college IT services departments have been tracking down the students based on their IP addresses and, when available, GPS locations—information that Yik Yak has reportedly been consistently willing to surrender.  As my colleague Sue McLean warned in June, “The truth is that ‘anonymous’ doesn’t necessarily mean anonymous. Even if users are not required to provide any form of contact details to use an anonymous app, the app is very likely to collect certain information that will help identify the user.”  Based on the $63 million that Yik Yak secured in its third round of funding, investors seem to be turning a blind eye to the apparently compromised anonymity that the app provides.

YouTube for tots.  A recent study shows that the video sharing site YouTube is the most popular website among U.S. children between the ages of eight and 11.  Despite the site’s professed age restrictions, which require a user to be at least 13 to create an account, 69% of the 500 tweens recently surveyed by the Chicago-based agency The Marketing Store said they have a YouTube account, and 93% say they use the service regularly.  Google, YouTube’s owner, has reportedly been trying to develop a kid-friendly version of the video sharing site. In order to do so, Google would need to be careful not to run afoul of the Children’s Online Privacy Protection Act, or COPPA, which imposes strict limits on how companies can collect information on children under 13.

License to hack.  According to data security experts, the ride-sharing start-up Uber’s lack of privacy protections and stash of GPS-quality-precision travel information make it more of an espionage target than “any private entity of any kind.”  The detailed data the company collects would be especially valuable to maliciously motivated foreign powers—Uber is popular with Washington’s political class—as well people involved in corporate espionage and acrimonious divorces.  Therefore, a data security expert advises, when traveling to sensitive meetings or secret rendezvous, Uber users interested in protecting their privacy should take steps like “requesting a ride to another nearby address.”  While such measures may catch on with the tin foil hat crowd, we suspect that they are less likely to find acceptance with average Uber user.

FTC Enforcement Action Confirms That Ad Disclosure Obligations Extend to Endorsements Made in Social Media

Posted in FTC

The Federal Trade Commission (“FTC”) has once again made good on its promise to enforce against deceptive advertising under Section 5 of the FTC Act, regardless of the media in which the advertising appears:  Its recently announced proposed complaint and draft settlement with the advertising firm Deutsch LA, Inc. involves endorsements posted by social media users.  The action unmistakably signals to companies that advertise through social media—especially by leveraging user-generated content—that they need to comply with Section 5’s disclosure requirements.

As discussed below, not only is it deceptive to post bogus endorsements, but a clear and conspicuous disclosure of any material connection between an endorser and the advertising company is necessary in order to avoid a charge of deception.

Online Advertising Disclosure Requirements Under Section 5 of the FTC Act 

Section 5 of the FTC Act bars “unfair or deceptive acts or practices.”  This prohibition extends to advertising, marketing and other promotional activities, including the use of endorsements.  The FTC’s Guides Concerning the Use of Endorsements and Testimonials in Advertising (“Endorsement Guides”) represent the FTC’s interpretation of the application of Section 5 to the use of endorsements and testimonials in advertising.  See 16 CFR § 255.  In other words, they explain how an advertiser using endorsements can avoid engaging in deceptive practices.

The FTC defines an “endorsement” as an advertising message that “consumers are likely to believe reflects the opinions, beliefs, findings, or experiences of a party other than the sponsoring advertiser.”  See id. at § 255.0(b).  According to the Endorsement Guides, a customer endorsement must be from an actual, bona fide user of the endorsed product or service.  In addition, if there is any material connection between the endorser and the advertiser that consumers would not reasonably expect—such as payment or other exchange of consideration, or an employment relationship—then that connection must be clearly and conspicuously disclosed.  Because such information is likely to affect the weight or credibility that consumers will give to an endorsement, a failure to clearly and conspicuously disclose it is deceptive.

The FTC staff has provided guidance on how to effectively make clear and conspicuous disclosures in online advertising.  When the staff initially released its Dot Com Disclosures guidance in 2000, it affirmed that Section 5 applies to online advertising, just as it applies in the brick-and-mortar world.  In 2013, the FTC staff released updated Dot Com Disclosures, specifically addressing how to make appropriately clear and conspicuous disclosures online, including on mobile devices.  The guidance reaffirmed that disclosures that are required to avoid deception or to otherwise comply with the law must be presented in a clear and conspicuous manner—no matter the media in which they appear—and asserted that, if an advertiser cannot make a required disclosure effectively in a particular medium, then it should not run the ad in that medium.

The Deutsch LA Endorsement Action 

The proposed settlement with Deutsch LA arose out of the advertising firm’s alleged activities relating to the promotion, on behalf of its client Sony, of the PlayStation Vita handheld gaming console.  (The FTC also reached a proposed settlement with Sony.)  The gravamen of the FTC’s complaint related to allegedly deceptive advertising claims about the console’s technological capabilities.  The FTC also, however, included a count relating to the advertising firm’s use of Twitter to promote its client’s console.  Specifically, the complaint alleged that Deutsch LA employees responded to a request from an assistant account executive to use their personal Twitter accounts to post positive comments about the Sony console, using the same “#gamechanger” hashtag.  The complaint includes examples of the employees’ tweets, such as “One thing can be said about PlayStation Vita…it’s a #gamechanger.”

The FTC alleged that the employees’ tweets were deceptive because they falsely purported to be endorsements from actual users of the Sony gaming console.  Moreover, the fact that the tweets were written by employees of Sony’s ad agency would have been material to consumers in making decisions about whether to purchase the console.  For this reason, the tweeters’ failure to disclose their connection to Deutsch LA (and, in turn, to Sony) was allegedly deceptive.

In light of both the Endorsement Guides and the revised Dot Com Disclosures guidance, this FTC enforcement action is not surprising.  The Endorsement Guides establish that the failure to disclose a material connection is deceptive, and Dot Com Disclosures affirm that the FTC’s rules on necessary disclosures apply to any message, whatever the medium, and expressly including even “space constrained ads,” such as tweets.

What’s Next?

The Deutsch LA proposed consent order bars the company from representing that an endorser of a product is an independent user or ordinary consumer of the product, if that is not the case, and it requires the ad agency to make clear and prominent disclosures of any material connections between an endorser and Deutsch LA and/or entities on whose behalf it promotes a product or service.  The action thus reaffirms that individual endorsements that appear in social media must clearly and conspicuously disclose any material connection between the endorser and the advertiser of the endorsed product or service.

The FTC has brought cases based on deceptive endorsements before.  For instance, in 2010, In re Reverb Communications (also an advertising agency), the FTC alleged that Reverb’s employees posted reviews in iTunes about the agency’s clients’ gaming applications, without disclosing their relationship to the agency or its clients.   Deutsch LA, however, appears to be the first time that it has brought an enforcement action against endorsements made on social media.  Now that the FTC has followed through on its Dot Com Disclosures guidance that tweeted ads are just like any other advertisements—and thus require the same clear and conspicuous disclosures as in any other media—the obvious question is, what’s next?  Now that social media is multimedia (see, for example, Instagram and Pinterest, which let users post photos and videos), brands are likely to leverage users to incorporate promotions into their personal feeds.

For instance, if a brand discovers that a popular Instagram user takes compelling pictures that meld with the brand’s image, the brand might engage that user to produce content on behalf of the brand and to use a hashtag or some other means to promote the brand organically in the user’s feed.

If the brand does not require the user to disclose—clearly and conspicuously and in each picture, tweet or other post—that he or she has a material connection to the company, then both the company and the user run the risk of being subject to a charge of deception.