Header graphic for print

Socially Aware Blog

The Law and Business of Social Media

Data for the Taking: Using the Computer Fraud and Abuse Act to Combat Web Scraping

Posted in Litigation, Privacy

“Web scraping” or “web harvesting”—the practice of extracting large amounts of data from publicly available websites using automated “bots” or “spiders”—accounted for 18% of site visitors and 23% of all Internet traffic in 2013. Websites targeted by scrapers may incur damages resulting from, among other things, increased bandwidth usage, network crashes, the need to employ anti-spam and filtering technology, user complaints, reputational damage and costs of mitigation that may be incurred when scrapers spam users, or worse, steal their personal data.

Though sometimes difficult to combat, scraping is quite easy to perform. A simple online search will return a large number of scraping programs, both proprietary and open source, as well as D.I.Y. tutorials. Of course, scraping can be beneficial in some cases. Companies with limited resources may use scraping to access large amounts of data, spurring innovation and allowing such companies to identify and fill areas of consumer demand. For example, Mint.com reportedly used screen scraping to aggregate information from bank websites, which allowed users to track their spending and finances. Unfortunately, not all scrapers use their powers for good. In one case on which we previously reported, the operators of the website Jerk.com allegedly scraped personal information from Facebook to create profiles labeling people “Jerk” or “not a Jerk.” According to the Federal Trade Commission (FTC), over 73 million victims, including children, were falsely told they could revise their profiles by paying $30 to the website.

Website operators have asserted various claims against scrapers, including copyright claims, trespass to chattels claims and contract claims based on allegations that scrapers violated the websites’ terms of use. This article, however, focuses on another tool that website operators have used to combat scraping: the federal Computer Fraud and Abuse Act (CFAA).

Continue Reading

Status Updates

Posted in Status Updates
  • According to a current study by Bank of America, Americans are very closely attached to their smartphones. Of those surveyed, 85 percent said they check their phone at least a few times a day and 35 percent say they check it constantly. 47 percent of Americans say they couldn’t last more than one day without their phone. And, perhaps most worrisome, Millennials between ages 18 to 24 view their mobile phone as more important to their daily lives than even deodorant or their toothbrush . . . .
  • The Uniform Law Commission has embraced the Uniform Fiduciary Access to Digital Assets Act, which, to the extent adopted by states, would give grieving families immediate access to a deceased family member’s online accounts, unless the deceased family member specified otherwise in a will.  Privacy advocates have expressed skepticism regarding the initiative.
  • In a break from past practice, the New York Police Department has begun to embrace social media, giving its precinct commanders “relatively free rein” in using Twitter. Top brass hopes to spur greater sharing of information and to engage the public in a dialogue regarding police business.

Status Updates

Posted in Status Updates

Status Updates

Posted in Status Updates
  • Since launching its Google+ social network three years ago, Google has insisted that Google+ users use only their real names on the network — no pseudonyms.  Perhaps in an effort to attract more users to Google+, the company has now abandoned its real-name policy — but has this change arrived too late to have an impact?
  • Airbnb, perhaps the best known “sharing economy” platform, reportedly plans to launch a major redesign soon and may be moving well beyond its current business of providing short-term apartment rentals.
  • LinkedIn has just acquired Newsle, a three-year-old service that scours the Web for news items regarding a user’s friends, colleagues and acquaintances (as gleaned from the user’s LinkedIn, Facebook and email contacts), and makes available such news items to the user.

Copyright: Europe Explores its Boundaries Part 3: “Meltwater” – EU rules that browsing does not need a licence – a victory for common sense (or for pirates)?

Posted in Copyright, UK High Court

On 5 June 2014 the European Court of Justice (CJEU) published its decision in the “Meltwater” Case C-360/13, (Public Relations Consultations Association Ltd (PRCA) v Newspaper Licensing Agency Ltd (NLA) and Others). In a ruling that some have hailed as a victory for common sense, the CJEU declared that browsing freely accessible copyrighted material on the Internet does not constitute a copyright infringement, and on-screen and cached copies will constitute temporary copies for the purposes of Article 5(1) of the InfoSoc Directive ( EC Directive 2001/29 on the harmonisation of certain aspects of copyright and related rights in the information society (“InfoSoc Directive”) was introduced in 2001 to meet the challenge of the Internet, e-commerce, and digital technology).


The case concerns the PRCA, which is an association of public relations professionals, and the NLA, which is a body set up by UK newspaper publishers for the purpose of collective licensing of newspaper content. The PRCA’s members use a media monitoring service offered by Meltwater which involves Meltwater sending emails to users containing headlines of articles which are then linked to the rights holder’s website. Users can also access search results on Meltwater’s website. (It should be noted that if a website has a paywall, the user will have to pay for access to the material on the same terms as everyone else – the link does not enable the user to avoid the paywall.)

The NLA argued that Meltwater’s customers needed various licences to access the rights holder’s material, including: (i) a licence to use the temporary on-screen and cached copies of search results created when the user viewed search results on Meltwater’s website and (ii) a licence to use the temporary on-screen and cached copies of an article created when the user clicked on a link and viewed an article on the rights holder’s website. The PRCA claimed that these temporary copies fell within the copyright exemption detailed in Article 5(1) (as transposed into UK law by Section 28A of the Copyright, Designs and Patents Act 1988).

Article 5(1) provides an exemption from copyright infringement based on the following cumulative conditions where:

  • Copying is temporary.
  • Copying is transient or incidental.
  • Copying is an integral and essential part of a technological process (i.e., (1) the acts of reproduction are carried out entirely in the context of the implementation of a technological process and (2) the completion of those acts of reproduction is necessary, in that the technological process could not function correctly and efficiently without those acts).
  • The sole purpose of copying is to enable a transmission in a network between third parties by an intermediary or a lawful use of a work.
  • Copying has no independent economic significance.

Both the UK High Court and UK Court of Appeal agreed that PRCA members needed a licence from the NLA in order to receive the Meltwater service. The PRCA appealed to the UK Supreme Court.

Continue Reading

Status Updates

Posted in Status Updates

EU Cloud Standardisation Guidelines

Posted in Cloud Computing

In November 2012, we wrote an Alert about the European Commission’s Communication on Cloud Computing intended, it said, to “… unleash the potential of cloud computing in Europe”.  Sceptics were doubtful that the cloud industry needed much help from European regulators to thrive.

Twenty months later, the Commission has begun to deliver on its key actions in the Communication with the publication of its Cloud Service Level Agreement Standardisation Guidelines.

How helpful are these Standardisation Guidelines to the cloud sector at this point in its development?

The recently-issued Cloud Service Level Agreement Standardisation Guidelines have their origin back in November 2012.  At that time, the European Commission issued a Communication setting out a road map for the future growth of cloud computing in Europe.

In the 2012 Communication, the Commission set out a number of key actions, including to cut through the jungle of standards and to promote safe and fair cloud contracts.  The Commission believes that the development of model terms for cloud computing – and, specifically, service level agreements in the cloud sector – is one of the most important issues affecting the future growth of the cloud industry in Europe, and that standardising the approach to cloud services will enable buyers of cloud computing services to make fair comparisons between different providers’ offerings.

Continue Reading

Status Updates

Posted in Status Updates

Hot Off the Press: The July Issue of Our Socially Aware Newsletter Is Now Available

Posted in FTC, IP, Litigation, Privacy, Terms of Use, UK High Court

The latest issue of our Socially Aware newsletter is now available here.

Welcome to a special privacy issue of Socially Aware, focusing on recent privacy law developments relating to social media and the Internet. In this issue, we analyze a controversial European ruling that strengthens the right to be forgotten; we examine a recent California Attorney General report regarding best practices for compliance with the updated California Online Privacy Protection Act; we summarize the FTC’s recent settlement with Snapchat and its broader implications for mobile app developers; we report on a case filed by a French consumer association accusing three major social networking sites of using confusing and unlawful online privacy policies and terms of use; and we highlight the growing popularity of anonymous social apps and the security risks that they pose.

All this–plus a collection of thought-provoking statistics about online privacy…