Header graphic for print

Socially Aware Blog

The Law and Business of Social Media

New Copyright Office Rule Creates Potential “Gotcha” for Blogs and Websites Hosting User-Generated Content

Posted in Copyright, DMCA, User-Generated Content

3D rendering of Copyright Symbol made of transparent glass with Shades and Shadow isolated on white background.

If your company operates a website or blog that hosts user-generated content, you’ll want to read this post carefully.

We’re ringing the alarm bell on an important new U.S. copyright law development that, if ignored, could significantly increase your company’s potential liability exposure in connection with user-generated content.

If your company hosts user-generated content, such hosted content may include materials that were posted without the permission of the owners of the copyrights in such materials—potentially subjecting your company to copyright infringement liability.

For nearly two decades, however, Section 512(c) of the U.S. Copyright Act, enacted in 1998 as part of the Digital Millennium Copyright Act (DMCA), has provided a safe harbor insulating online service providers from monetary damages for hosting copyright-infringing materials posted by their users. To receive protection under the Section 512(c) safe harbor, service providers must, among other things, designate an agent to receive notifications of claimed infringement with the Copyright Office.

If a website operator fails to so designate an agent for its website, that operator runs the risk of incurring monetary damages for copyright-infringing materials hosted on its site. So, if your company is hosting user-generated content, it’s important to have designated an agent with the Copyright Office.

By our rough count, over 100,000 online service providers have designated agents with the Copyright Office. Under the Copyright Office’s “interim” regulations that had been in effect since the DMCA’s enactment, a service provider would register by filling out a paper form and filing the completed form with the Copyright Office.

Just last week, however, the U.S. Copyright Office rolled out a new online system for the designation of agents to receive notifications of copyright infringement. The new system, effective as of December 1, 2016, replaces the old paper-based system. Under the system, an online service provider with an agent registered through the old system must also register that agent through the new system by December 31, 2017, in order to maintain a valid designation. Failure to do so by that deadline could result in the online service provider no longer receiving the benefits of the Section 512(c) safe harbor in connection with its hosting of user-generated content, at least until such provider finally gets around to registering through the new system.

Moreover, going forward, online service providers will need to renew their agent designations every three years in order to maintain safe harbor protection in connection with their hosting of user-generated content. There was no such periodic renewal obligation under the old system.

Why is the Copyright Office doing this? Although by no means perfect, the old system was relatively easy to use and has worked well for bloggers and website operators ever since Bill Clinton was president. Why fix something that isn’t broken, particularly if, in fixing the system, this risk is created of online service providers losing safe harbor protection? Not surprisingly, the Copyright Office’s actions have generated some blistering criticism from Internet law pundits.

The Copyright Office, however, apparently believes that the system was in fact broken due to the failure of online service providers to keep their agent designation information up to date. For example, in announcing its new registration system, the Copyright Office noted that it had found that 22 percent of existing agent designations were for defunct service providers and that, with respect to non-defunct service providers, an estimated 65 percent of their agent designations contained inaccurate information. The new system seeks to address this problem by allowing service providers to more efficiently submit and update designated agent information through the use of an online system and by requiring periodic renewals of designations.

Perhaps in an effort to further incentivize online service providers to keep their records updated, the cost of designation under the new system will be cheaper than under the old system. Each paper form designation under the old system would have cost a service provider $105, not including additional fees to list non-legal names used by the service provider. Under the new online system, the designation fee is $6 with no additional fee for alternative names. This same fee would apply to each renewal of an agent designation.

The Copyright Office’s new approach also expands the options available to online service providers in designating an agent. Under the old system, service providers were required to name a natural person or a specific position or title. The new regulations provide that a designated agent may be an individual, a specific position or title held by an individual, or a specific department within the service provider’s organization or within a third-party entity.

The Copyright Office has released a series of tutorials to assist online service providers in registering an agent under the new system. The Copyright Office regulations adopting the new system can be found here.

Here are our key takeaways regarding this important development:

  • If your company hosts, stores or even links to user-generated content, it should ensure that it has registered an agent with the Copyright Office. If your company has never registered an agent, it should do so under the new system.
  • Even if your company has already registered its DMCA agent with the Copyright Office, if that registration was done under the old paper-based system, it will need to re-register under the new agent designation system by December 31, 2017.
  • After registering under the new system, online service providers will need to ensure that they observe the “every three years” deadlines for renewing their registrations.
  • Until January 1, 2018, copyright owners seeking to determine whether a blog or website hosting infringing user-generated content is in compliance with the DMCA agent designation requirement will want to check both the old directory and the new directory—prior to 2018, it should be sufficient that the requisite agent designation appears in either of the two directories.

*          *          *

For other Socially Aware blog posts on DMCA agent designation issues, please see: New Court Decision Highlights Potential Headache for Companies Hosting User-Generated Content; and Court Holds That DMCA Safe Harbor Does Not Extend to Infringement Prior to Designation of Agent. For a recent blog post on risk issues surrounding user-generated content, please see: Commercializing User-Generated Content: Five Risk Reduction Strategies.

In a Rough Year for CDA Section 230, Manchanda v. Google Provides Comfort to Website Operators

Posted in Litigation, Online Reviews, Section 230 Safe Harbor

PrintAs we noted in our recent post on the Ninth Circuit case Kimzey v. Yelp! Inc., in the right circumstances, Section 230 of the Communications Decency Act (CDA) still provides robust protection against liability for website operators despite the unusually large number of decisions this year seemingly narrowing the scope of the statute. Defendants notched another Section 230 win recently in Manchanda v. Google, a case in the Southern District of New York. The case began in May 2016 when Rahul Manchanda, an attorney, filed a complaint alleging that Google, Yahoo and Microsoft harmed his reputation by indexing certain websites that described him in negative terms.

Manchanda asserted various claims against the three defendants, including defamation, libel, slander, tortious interference with contract, breach of fiduciary duty, breach of the duty of loyalty, unfair trade practices, false advertising, unlawful trespass, civil RICO, unjust enrichment, intentional infliction of emotional distress, negligent infliction of emotional distress and trademark infringement. Manchanda sought injunctive relief requiring the defendants to “de-index or remove the offending websites from their search engines” in addition to damages.

The court made quick work of dismissing most of Manchanda’s claims on Section 230 grounds, emphasizing that the CDA “immunizes search engines from civil liability for reputational damage resulting from third-party content that they aggregate and republish.” The court went on to note that “[t]his immunity attaches regardless of the specific claim asserted against the search engine, so long as the claim arises from the publication or distribution of content produced by a third party and the alleged injury involves damage to a plaintiff’s reputation based on that content.”

Because the majority of Manchanda’s claims were based on the search engines’ publication of third-party websites with no allegation that the defendants created the allegedly defamatory content, and Manchanda’s damages flowed from reputational harms allegedly caused by the third-party websites, Section 230 provided immunity regardless of how Manchanda styled his particular claims.

Interestingly, according to the court, the fact that Manchanda sought the removal or de-indexing of links to the third-party websites further demonstrated that “Manchanda’s grievance is with Defendants’ actions as search engines and aggregators”—i.e., as “interactive computer services” protected by Section 230—and not as content providers. And the court noted that “the CDA’s broad protection for internet publishers also protects Defendants from any obligation to remove or de-index any links.” Accordingly, the court held, “Manchanda’s defamation and related claims must be dismissed.”

This left only Manchanda’s claims for trademark infringement, unfair trade practices and false advertising, all of which the court also dismissed for reasons that go beyond the focus of this post.

One final point, however, is worth noting: Manchanda had also filed a motion for sanctions against the defendants in the amount of $100 million based on the defendants’ alleged failure to comply with a restraining order that had been issued by a New York State court in a different proceeding to which the three search engines were not parties. The court disposed of Manchanda’s order easily, holding that “Defendants here were not party to that litigation and . . . are therefore not bound by that order.”

While that result may seem obvious, compare the result in another case we wrote about recently, Hassel v. Bird, in which the California Court of Appeal held that Section 230 did not prevent the court from ordering Yelp to remove from its website allegedly defamatory reviews posted by users, even though Yelp was not a party in the underlying defamation suit.

In any event, Manchanda breaks little new ground with respect to Section 230 and in years past would have seemed routine, but given the challenges that Section 230 has faced in 2016, Manchanda may provide website operators some comfort that the statute still has teeth.

*          *          *

For other Socially Aware blog posts regarding the CDA Section 230 safe harbor, please see the following: Yelp Case Shows CDA §230 Still Has Teeth; Controversial California Court Decision Significantly Narrows a Crucial Liability Safe Harbor for Website Operators; and Google AdWords Decision Highlights Contours of the CDA Section 230 Safe Harbor.

Social Links: Yellow journalism rakes in cash; NYC law protects gig economy pay; Twitter suspends “alt-right” accounts

Posted in Disappearing Content, Free Speech, Mobile, Online Reviews

“Yellow journalism” websites are using social media to capitalize on popular ideology. And they’re making a bundle.

New York City recently passed the country’s first law protecting the wages of “gig economy” workers. The Wall Street Journal published an illuminating infographic illustrating who’s making a living that way.

Twitter suspended high-profile accounts associated with the “alt-right” movement.

A state law kept 43,000 wannabe Uber users in upstate New York from ordering a car from the ride-hailing service on Thanksgiving eve.

PayPal reported some surprising statistics about this year’s online shopping over Thanksgiving weekend. Check out our own blog post from last year on how social commerce is killing off both Black Friday and Cyber Monday.

Two new ethics opinions from the D.C. Bar provide an excellent overview of potential ethical issues raised by social media use by attorneys; among other things, the opinions highlight the need for lawyers to exercise caution when tweeting or posting positions on legal issues (which could potentially create an inadvertent conflict with a client’s interest), and in allowing social media platforms to access their email contacts (which could potentially identify clients or divulge information for which there is an ethical obligation to protect from disclosure). The opinions can be reviewed here and here.

Apparently vlogging can be a grind even for the most financially successful social media stars.

This New York Times piece exploring how Snapchat revolutionized social media discusses some of the unique platform and business model features that we cited last year as responsible for Snapchat’s success.

CNN bought a social media company founded by a YouTube star with a millennial following.

Speaking of CNN, that company and other prominent news publishers are getting low app store ratings from people claiming that such publishers have a liberal bias.

Google Maps just made it easier to snag a table at usually-crowded restaurants and watering holes.

Think twice before giving out your cellphone number.

Socially Aware Made the Blawg 100 Again!

Posted in Uncategorized

We are delighted to announce that Socially Aware has been included in the 10th Annual Blawg 100, a list of “100 excellent legal blogs” selected by the staff and readers of the ABA Journal, the American Bar Association’s flagship magazine.

The ABA Journal’s editorial staff notes that it compiles the BLAWG 100 list as a service to its readers, “pointing them to a collection of some of the very best legal writing and commentary on the Web.”

We’re honored to have been selected from among the more than four thousand legal blogs in the ABA Journal’s directory. And we’re flattered to be listed alongside many of our own favorite law blogs, such as Eric Goldman’s Technology & Marketing Law Blog and Rebecca Tushnet’s 43(B)log.

We’d like to thank our many contributors to the blog and our wonderful readers.

Here’s to another great year!

Yelp Case Shows CDA §230 Still Has Teeth

Posted in Online Reviews, Section 230 Safe Harbor

"Unlike" on a screen. More>>

2016 has been a challenging year for Section 230 of the Communications Decency Act (CDA) and the website operators who depend on it for protection against liability stemming from user-generated content. An unusually large number of cases this year have resulted in decisions holding that the defendant website operators were not entitled to immunity under Section 230. For example, as we’ve discussed recently, in Hassel v. Bird, the California Court of Appeal held that Section 230 did not prevent the court from ordering Yelp to remove from its website allegedly defamatory reviews posted by users, even though Yelp was not a party in the underlying defamation suit.

We are working on an article surveying some of the recent cases holding that Section 230 did not apply. But in the meantime, it is important to remember that Section 230 remains a powerful shield against liability and that defendants continue to wield it successfully in many cases. The Ninth Circuit’s recent decision in Kimzey v. Yelp is one such case.

Kimzey arose from two negative Yelp reviews that user “Sarah K” posted in September 2011 about Douglas Kimzey’s locksmith business in the Seattle area. Sarah K’s reviews were extremely negative and rated Kimzey one out of five stars in Yelp’s multiple-choice star rating system. In all caps, she warned Yelpers that “THIS WAS BY FAR THE WORST EXPERIENCE I HAVE EVER ENCOUNTERED WITH A LOCKSMITH. DO NOT GO THROUGH THIS COMPANY . . . CALL THIS BUSINESS AT YOUR OWN RISK.”

In response, Kimzey filed a pro se complaint in the U.S. District Court for the Western District of Washington alleging that Yelp should be held liable for publishing such “Libelous Per Se statement[s]” on its website. In an apparent attempt to plead around Section 230 and the immunity afforded to website operators for liability arising from user-generated content, Kimzey asserted two arguments.

Kimzey’s first argument was that Yelp created the reviews itself, by copying them from another website and reposting them on Yelp’s website. The court made quick work of this theory, noting that “threadbare allegations of fabrication of statements are implausible on their face and are insufficient to avoid immunity under the CDA.” The court went on to observe that, “[w]ere it otherwise, CDA immunity could be avoided simply by reciting a common line that user-generated statements are not what they say they are” and that “it cannot be the case that the CDA and its purpose of promoting the free exchange of information and ideas over the Internet could be so casually eviscerated.”

Kimzey’s second theory was that Yelp was responsible for Sarah K’s reviews because it “transformed” the reviews into its own advertisements or promotions and because Yelp served as an “author” of the one-star rating by “designing the star image and creating the color” of its star rating system. While it is well established that a website operator may lose Section 230 immunity if it makes a material contribution to the creation or development of the content at issue, here the court held that “neither of the allegedly creative actions taken by Yelp falls within [the court’s] interpretation of the terms ‘creation’ or ‘development’ of information.”

Specifically, the court held that, because Yelp’s star rating system is based entirely on user input and merely “reduces this information into a single, aggregate metric,” the star ratings cannot be “anything other than user-generated data” within the scope of the Section 230 immunity. The court went on to characterize Yelp’s star rating system “as the kind of ‘neutral tool’ operating on ‘voluntary inputs’ that [the Ninth Circuit] determined did not amount to content development or creation” in the Roommates.com case. The court also cited Carafano v. Metrosplash for the proposition that “the mere fact that an interactive computer service classifies user characteristics and collects responses to questions does not transform it into a developer of the underlying misinformation.” Given this analysis, the Ninth Circuit upheld the district court’s dismissal of Kimzey’s complaint based on Yelp’s immunity under Section 230.

Kimzey represents a clean Section 230 victory for Yelp, of the kind that we took for granted before the spate of Section 230 wins for plaintiffs that we have seen this year. We will be watching closely to see how the Section 230 winds blow as we move into 2017.   

Social Links: IMDb sues over right to post actors’ ages; Facebook tests jobs feature; Pinterest adopts “tried it” button

Posted in Cyberbullying, E-Commerce, First Amendment, Free Speech, Litigation, UK, Wearable Computers

The Internet Movie Database (IMDb) has filed suit to overturn a law that requires the popular entertainment website to remove the ages or birth dates of people in the entertainment industry upon request.

Vine might not be history after all.

Twitter users posted more than one billion election-related tweets between the first presidential debate and Election Day.

Facebook is testing a feature that allows company Page administrators to post job ads and receive applications from candidates.

People who create or encourage others to use “derogatory hashtags” on social media could be prosecuted in England and Wales.

A new “tried it” checkmark on pins will allow Pinterest users to share the products and projects they’ve purchased or attempted.

Did social media ads allow political campaigns to circumvent state laws prohibiting the visible promotion of candidates within a certain distance of polling places?

The Eight Circuit held that a college has the right to expel a student from its nursing program for inappropriate social media posts about his classmates, including the suggestion that he would inflict on one of them a “hemopneumothorax”—a lung puncture.

Law enforcement officials are increasing their use of social media to locate missing persons.

An unemployed single mother in California is facing several misdemeanor charges for selling her ceviche over social media.

Coming soon to a vending machine near you: Snapchat Spectacles (but only if you live in a densely populated area like New York or Los Angeles).

Social media analytics firms claim that social media did a better job at predicting Trump’s win than the polls.

Preparing for a Data Security Breach: Ten Important Steps to Take

Posted in Data Security

A close-up on an abstract design of a display, which is warning about a cyber attack. Multiple rows of hexadecimal code are interrupted by red glowing warning text. Part of the display is reflected on a shiny surface. The image can represent a variety of threats in the digital world: data theft, data leak, security breach, intrusion, etc...

Is your company prepared to respond to a data security breach? For many companies, even reading this question causes some anxiety. However, being prepared for what seems like the inevitable—a security breach—can be the difference between successfully navigating the event or not. While we still hear some companies say, “That would never happen to our company!” a significant breach can happen to any company.

In light of this and the close scrutiny that the high-profile breaches reported over the past year have received, many companies have taken the opportunity to consider their preparedness and ability to respond quickly and decisively to such an incident. We have prepared for our readers who are in-house attorneys or privacy officers the following checklist highlighting some steps that companies may consider taking so that they can be better prepared in the event that a significant breach incident occurs.

  1. Make Friends With Your IT/IS Department.

It is important to be familiar with your company’s risk tolerance and approach to information security in order to develop an understanding of your company’s security posture. The time to explore these issues isn’t after a breach has happened, so ask your colleagues in your company’s information technology or information security departments the basic questions (e.g., What’s DLP?) and the tough questions (e.g., Why haven’t we addressed the data security concerns raised in last year’s audit?). You would rather learn, for example, that your company does not encrypt its laptops before one is stolen. Continue Reading

Now Available: The November Issue of Our Socially Aware Newsletter

Posted in Advertising, Data Security, Social Media Policy

CaptureThe latest issue of our Socially Aware newsletter is now available here.

In this edition, we provide five tips for reducing potential liability exposure in seeking to exploit user-generated content; we examine a Ninth Circuit decision highlighting the control that social media platform operators have over the content and data that users post to those platforms; we discuss five questions that companies should ask themselves to help prepare for a ransomware attack; we explore a controversial California court decision that narrows an important liability safe harbor for website operators; we review a federal court decision that illustrates the importance of securing clear and affirmative assent to electronic contracts; we take a look at some recent enforcement actions that indicate a shift toward requiring clearer and potentially more burdensome disclosures from companies engaged in interest-based advertising; and  we examine a recent Northern District of California decision holding that a mobile app developer was not be liable under the Telephone Consumer Protection Act for a text initiated by one of the app’s users.

All this—plus an infographic illustrating the impact of incorporating user-generated content in marketing campaigns.

Read our newsletter.

Social Links: LinkedIn’s new feature estimates salaries; states grapple with digital-asset-inheritance laws; insurance company wants to base rates on applicants’ Facebook posts

Posted in Big Data, Ethics, Litigation, Terms of Use, UK

Because it bases its assesments on job title, location and industry, LinkedIn’s new Salary feature might be more accurate than are other online compensation estimation tools.

States are trying to pass laws that balance bereaved people’s desire to access their deceased loved ones’ social media accounts with the privacy interests of the account holders and the people with whom they corresponded. Without such laws, access to a deceased person’s digital assets might depend on the various social media platforms’ terms of use.

In lawsuits, social media has occasionally made it easier to serve process on adverse parties, but it has also made it more difficult to ensure that jurors remain unbiased.

A UK company wants to set car insurance premiums using an algorithm that analyzes car owners’ Facebook posts for pertinent personality traits?! The plan likely won’t go far; it violates Facebook’s platform policy.

Kenya deported a registered refugee for posting to social media his support of the U.N. secretary-general’s firing of a Kenyan commander of a peacekeeping mission in South Sudan, the refugee’s native country.

Thinking of posting a photo of yourself in the voting booth on Tuesday? Not so fast. In many states it’s illegal to share on social media photos of completed ballots and photos of yourself inside a voting booth. Courts all over the U.S. are hearing challenges to these so-called “ballot selfie” laws.

Does a lawyer violate ethics rules by purchasing the names of competing lawyers or law firms as keywords that improve the purchasing lawyer’s own rank in Google search results?

In the three years since its launch, an app called Scholly, which matches students with a personalized list of scholarships, has been downloaded over a million times. Here’s some advice for other social entrepreneurs from the company’s 25-year-old founder and CEO.

Some researchers believe the likes, status updates and photos posted to social media platforms will someday be the source material for breakthroughs in the field of psychiatry.

A UK solicitor was fined by a professional conduct regulator for posting a series of “unprofessional and offensive” tweets bragging about his victory over vulnerable adversaries.

European Commission Publishes Draft Regulation Prohibiting Geo-Blocking by Online Traders and Content Publishers

Posted in Compliance, E-Commerce, European Union

As part of the European Commission’s Digital Single Market initiative, the European Commission has published a draft Regulation aimed at preventing traders from discriminating against customers located in other EU Member States by denying those customers access to e-commerce sites, or by redirecting those customers to websites that offer inferior goods or sales conditions—a practice known as geo-blocking. The proposed new rules will benefit both consumers and businesses that purchase goods or services within the EU (excluding resellers).

The European Commission believes that geo-blocking and discriminatory practices undermine online shopping and cross-border sales within the EU.

The Regulation, which must still undergo review by the European Parliament and the Council of the EU, may change and is expected to be in force in 2017 (except the ban on discriminating against customers of electronically supplied services, which is expected to be effective beginning July 2018). When it is adopted, the Regulation will automatically take effect in all Member States without each Member State having to implement it into national law.

The Traders to Whom the Regulation Applies

The Regulation will apply to all traders, (including small- and medium-sized enterprises and micro-enterprises) operating in the EU. Small businesses that fall under a national VAT threshold, however, will be exempt from certain provisions. The Regulation will also apply to traders  established outside the EU to the extent that they sell or intend to sell goods or services to customers in the EU.   Continue Reading