Header graphic for print

Socially Aware Blog

The Law and Business of Social Media

Consumer Privacy Survey Results

Posted in Data Security, E-Commerce, Privacy, Statistics

privacy_As Socially Aware readers know, privacy presents real business risks that have the potential to negatively impact a company’s bottom line, from the legal fees associated with a data breach to revenue declines stemming from a loss of consumer trust.

Late last year, Socially Aware contributor Andrew Serwin conducted an online survey of more than 900 consumers from across the United States to gauge attitudes and concerns about various privacy issues.

Andrew’s summary of the survey results can be found here. The summary makes for interesting reading. Some of the findings include:

  • Privacy concerns influence consumer purchasing decisions. In fact, in the last 12 months, nearly one in three U.S. consumers (35%) made a decision about what company to purchase products or services from based on privacy concerns.
  • High-earning, well-educated consumers are more likely than other consumers to stop buying from a business because of a data breach
  • Identity theft is the single biggest privacy concern among consumers.

Enjoy!

The Internet of Things: Interoperability, Industry Standards & Related IP Licensing Approaches

Posted in Internet of Things, IP

InternetofthingsThe financial impact of the Internet of Things on the global economy will be significantly affected by interoperability. A 2015 McKinsey Global Institute report indicated that, “[on] average, interoperability is necessary to create 40 percent of the potential value that can be generated by the IoT in various settings […] Interoperability is required to unlock more than $4 trillion per year in potential economic impact for IoT use in 2025, out of a total impact of $11.1 trillion across the nine settings that McKinsey analyzed.”

However, at present, there is a lack of consensus between standards organizations and industry stakeholders as to even the most basic technical standards and protocols that apply to how devices communicate. Characterized as a “standards war” between technology groups, companies have competing incentives. While all vendors share an interest in aligned standards that promote IoT development and interoperability, individually some companies seek the perceived competitive and economic advantages of building proprietary systems based on proprietary standards and protocols (or so-called “walled-gardens”).

The lack of a uniform standard that applies across devices and networks means that we lack any universally adopted set of semantics. As a result, without clear definition, opportunities for misunderstandings abound. We start then with the definition of two key concepts: the definition of the Internet of Things or “IoT,” and the definition of interoperability as applied to the Internet of Things.

Internet of Things

The term “Internet of Things” is arguably a misnomer in today’s rapidly changing technical environment. The term has two components, both of which are somewhat misleading: “Internet” and “things.”

The reference to the Internet is misleading because the Internet is not the only networking protocol over which devices communicate. While the Internet is a powerful enabler of the broad adoption of connected devices, the networks and communications protocols that support our connected world are far more diverse and continue to proliferate.

The term “things,” while not limiting in and of itself, is vague at best. In this article, when we refer to “things,” we intend to encompass all of the types of objects that have the ability to connect and communicate, whether those objects be sensors, computers or everyday things. The ability to connect with other objects and communicate data makes the object “smart.”

Continue Reading

Now Available: The January Issue of Our Socially Aware Newsletter

Posted in Advertising, Cyberbullying, Data Security, Endorsement Guides, FTC, Marketing, Online Endorsements, Privacy, Terms of Use

The latest issue of our Socially Aware newsletter is now available here.

01_08__Jan_SociallyAware_COVER_v6In this issue of Socially Aware, our Burton Award-winning guide to the law and business of social media, we offer practical tips to help ensure the enforceability of website terms of use; we discuss the FTC’s ongoing efforts to enforce disclosure obligations in social media advertising; we examine efforts by top social media platforms to control cyber-harassment and explicit material; we take a look at four recently passed laws protecting Californians’ privacy rights; and we explore legal issues that UK brands need to consider when engaging in vlogger endorsements and social media marketing.

All this—plus an infographic listing 2015’s most popular social media trends.

Read our newsletter.

Social Media 2016: Addressing Corporate Risks

Posted in Event, Marketing, Online Promotions

As Socially Aware readers know, social media is transforming the way companies interact with consumers—indeed, some pundits have referred to social media as the greatest development for marketers since the printing press. But, of course, the new business opportunities created by social media also create new legal risks for companies. Learn how to make the most of these new business opportunities while minimizing associated legal risks at Socially Aware’s and Practising Law Institute’s upcoming Social Media conference in San Francisco on Tuesday, February 9th.  The conference will be chaired by Socially Aware editor John Delaney, and will be webcasted for our readers who are located outside of the Bay Area.

This year’s program features speakers from Facebook, Pinterest and Snapchat, as well as counsel at other prominent companies and law firms immersed in the emerging social media-related trends and best practices. Further, representatives from leading social media regulators, including the Federal Trade Commission and the California State Attorney General’s Office, will share their insights on how companies leveraging social media can stay on the right side of the law.

If you’re looking for a conference tackling today’s most challenging social media-related legal issues, this is it!  For more information or to register, please visit PLI’s website here.

Launching a Mobile App in Europe? Seven Things to Consider When Drafting the Terms & Conditions

Posted in Terms of Use

[Editor’s Note: In response to the success of our earlier post on terms and conditions for mobile apps, two of our London-based colleagues have prepared a “remixed” version, which looks at the subject of mobile app terms and conditions from a European perspective. Enjoy!]

The mobile app has become the new face of business. It’s no longer sufficient to have a company website. More and more companies want a mobile app that users can download to their smartphones and easily access. It’s not 75601199_illustration-[Converted]difficult to see why. People are voting with their thumbs.

In 2015, overall mobile app usage grew by 58%, with lifestyle and shopping apps growing 81%, following previous 174% growth in 2014, according to FlurryMobile. Indeed, FlurryMobile figures show that mobile commerce now accounts for 40% of online commerce worldwide. Accordingly, the advantages of an app to business, from a customer marketing, engagement, service and awareness perspective, are clear.

Even traditionally conservative sectors such as financial services are being revolutionised by the mobile app. In 2015, the British Bankers Association identified that banking by smartphone and tablet has become the main way for UK customers to manage their finances, with mobile banking overtaking branches and the internet as the most popular way to bank.

If your company will be among the many businesses that launch a mobile app in Europe in 2016, one of the key legal protections your company will need in connection with such launch is an end user licence agreement (EULA). So, where do you start? Here at MoFo, we regularly review mobile app EULAs and we’ve noticed a number of issues that app developers don’t always get right. Here is our list of the key issues you will need to consider.

  1. One size does not fit all

Your EULA will be an important part of your strategy to help mitigate risks and protect your intellectual property in connection with your app. It’s unlikely that you would release desktop software without an EULA, and mobile apps (which are, after all, software products) warrant the same protection. While platforms such as Google and Amazon each provide a “default” EULA to govern mobile apps downloaded from their respective app stores, they also permit developers to adopt their own customized EULAs instead—subject to a few caveats, as mentioned below. Because the default EULAs can be quite limited and can’t possibly address all of the issues that your particular app is likely to raise, it’s generally best to adopt your own EULA in order to protect your interests.

Continue Reading

New Court Decision Highlights Potential Headache for Companies Hosting User-Generated Content

Posted in Copyright, Digital Content, DMCA, IP, Litigation

0114_SA_ImageIn this election season, we hear a lot of complaints about laws stifling business innovation. And there is no doubt that some laws have this effect.

But what about laws that spur innovation, that result in the creation of revolutionary new business models?

Section 512(c) of the Digital Millennium Copyright Act (the DMCA) is one such law. Passed by Congress and signed by President Bill Clinton in 1998, Section 512(c) has played an enormous role in the success of YouTube, Facebook and other social media platforms that host user-generated content, by shielding such platforms from monetary damages from copyright infringement claims in connection with such content.

Absent this safe harbor, it is difficult to imagine a company like YouTube thriving as a business. For example, in 2014 alone, YouTube removed over 180 million videos from its platform due to “policy violations,” the vast majority of which likely stemmed from alleged copyright infringement; yet, absent the Section 512(c) safe harbor, YouTube could have been exposed to staggering monetary damages in connection with those videos.

The DMCA’s protection from liability is expansive, but it is not automatic. To qualify, online service providers must affirmatively comply with a number of requirements imposed by the law. While most of those requirements may seem straightforward, a recent case in the Southern District of New York illustrates how even seemingly routine paperwork can pose problems for websites that host user-generated content.

For companies seeking protection under the DMCA, the typical starting point is designating an agent to receive “takedown” notices from copyright owners. If a company is sued for copyright infringement relating to its website, that company will want to show that it has designated a DMCA agent. But what if the designation paperwork was handled by another entity within the defendant’s organizational structure, such as a corporate parent? That was the situation faced by one of the defendants in BWP Media USA Inc., et al. v. Hollywood Fan Sites LLC, et al. (S.D.N.Y. 2015)—and the court held that the defendant was out of luck.

Although the defendant’s corporate parent had filed a registration form with the U.S. Copyright Office under the parent’s name, nothing on the form mentioned the defendant or made any general reference to affiliates. Under those circumstances, the court concluded that the defendant was ineligible for the safe harbor because it had “no presence at all” in the Copyright Office’s directory of DMCA agents. The court reasoned that those searching the Copyright Office directory should not be “expected to have independent knowledge of the corporate structure of a particular service provider.”

Despite lacking a Copyright Office registration, the defendant argued that it did actually post the agent’s information on its own website, and that one of the plaintiffs had successfully used such information to send a takedown notice resulting in removal of the allegedly infringing material. The court found those assertions “irrelevant,” because they did nothing to address the Copyright Office registration requirement. As the court noted, the DMCA requires each service provider to post the agent’s name and contact information on the provider’s website, and submit such information to the Copyright Office.

Would the defendant’s DMCA eligibility have turned out differently if the parent had included the affiliate’s name on the form, or at least made a general reference to the existence of affiliates? The court’s opinion leaves those questions unaddressed, but the preamble to the Copyright Office regulations—cited in passing by the court—appears to reject such an approach. According to the preamble, each designation “may be filed only on behalf of a single service provider[, and] related companies (e.g., parents and subsidiaries) are considered separate service providers who would file separate [designations].”

Following the Hollywood Fan Sites decision, we expect that many companies that host user-generated content will be checking to make sure that all of their legal names are indeed listed in the Copyright Office directory—and, in light of the Copyright Office’s position on this subject, many such companies may also decide to file separate designations for each legal entity within a corporate family. While this process may be cumbersome, it seems a small price to pay for the generous safe harbor benefits offered by the DMCA, especially for companies with business models that depend on user-generated content.

Harmonizing B2C Online Sales of Goods and Digital Content in Europe

Posted in Cloud Computing, Digital Content, E-Commerce, European Union, Terms of Use

iStock_000048822690_smThe European Commission has announced new draft laws that would give consumers new remedies where digital content supplied online is defective or not as described by the seller.

On Dec. 9, 2015, the European Commission proposed two new directives on the supply of digital content and the online sale of goods. In doing so, the Commission is making progress towards one of the main goals in the Digital Single Market Strategy (the “DSM Strategy”) announced in May 2015: to strengthen the European digital economy and increase consumer confidence in trading across EU Member States.

This is not the first time that the Commission has tried to align consumer laws across the EU; its last attempt at a Common European Sales Law faltered earlier this year. But the Commission has now proposed two new directives, dealing both with contracts for the supply of digital content and other online sales (the “Proposed Directives”).

National parliaments can raise objections to the Proposed Directives within eight weeks, on the grounds of non-compliance with the subsidiarity principle—that is, by arguing that that regulation of digital content and online sales is more effectively dealt with at a national level.

Objectives

Part of the issue with previous EU legislative initiatives in this area is that “harmonized” has really meant “the same as long as a country doesn’t want to do anything different.” This time, the Proposed Directives have been drafted as so-called “maximum harmonization measures,” which would preclude Member States from providing any greater or lesser protection on the matters falling within their scope. The Commission hopes that this consistent approach across Member States will encourage consumers to enter into transactions across EU borders, while also allowing traders to simplify their legal documentation by using a single set of terms and conditions for all customers within the EU.

An outline of the scope and key provisions of each of the Proposed Directives, as well as the effect on English law, are summarized after the jump.

Continue Reading

Big Data, Big Challenges: FTC Report Warns of Potential Discriminatory Effects of Big Data

Posted in Big Data, Compliance, Data Security, FTC, Privacy

Magnifying2In a new report, the Federal Trade Commission (FTC) declines to call for new laws but makes clear that it will continue to use its existing tools it to aggressively police unfair, deceptive—or otherwise illegal—uses of big data. Businesses that conduct big data analytics, or that use the results of such analysis, should familiarize themselves with the report to help ensure that their practices do not raise issues.

The report, titled “Big Data: A Tool for Inclusion or Exclusion? Understanding the Issues” grew out of a 2014 FTC workshop that brought together stakeholders to discuss big data’s potential to both create opportunities for consumers and discriminate against them. The Report aims to educate businesses on key laws, and also outlines concrete steps that businesses can take to maximize the benefits of big data while avoiding potentially exclusionary or discriminatory outcomes.

What Is “Big Data”?

The Report explains that “big data” arises from a confluence of factors, including the nearly ubiquitous collection of consumer data from a variety of sources, the plummeting cost of data storage, and powerful new capabilities of drawing connections and making inferences and predictions from collected data. The Report describes the life cycle of big data as involving four phases:

  • Collection: Little bits of data are collected about individual consumers from a variety of sources, such as online shopping, cross-device tracking, online cookies or the Internet of Things (i.e., connected products or services).
  • Compilation and Consolidation: The “little” data is compiled and consolidated into “big” data, often by data brokers who build profiles about individual consumers.
  • Data Mining and Analytics: The “big” data is analyzed to uncover patterns of past consumer behavior or predict future consumer behavior.
  • Use: Once analyzed, big data is used by companies to enhance the development of new products, individualize their marketing, and target potential consumers.

The Report focuses on the final phase of the life cycle: the use of big data. It explores how consumers may be both helped and harmed by companies’ use of big data.

Benefits and Risks of Big Data

The Report emphasizes that, from a policy perspective, big data can provide significant opportunities for social improvements: big data can help target educational, credit, health care, and employment opportunities to low-income and underserved communities.  For instance, the Report notes that big data is already being used to benefit underserved communities, such as by providing access to credit using nontraditional methods to establish creditworthiness, tailoring health care to individual patients’ characteristics, and increasing equal access to employment to hire more diverse workforces. Continue Reading

2015: Our Greatest Hits

Posted in Uncategorized

Last year, entrepreneurs, companies and courts grappled with questions over content owners’ rights with respect to livestreaming, Yelp reviewers’ anonymity expectations, bankruptcy creditors’ access to business’ Facebook and Twitter accounts, and the constitutionality of laws punishing the posters of revenge porn and banning ballot selfies. And federal regulators weighed in on emerging issues such as cross-device tracking and the Internet of Things, as well as native advertising, marketing, and paid endorsements on social media.

We did our best to cover it all. But—of course—some articles resonated with our readers more than others. These were the most popular posts that appeared on Socially Aware in 2015:

  1. #Trademarks?: Hashtags as Trademarks
  2. Infographic: Social Media Marketing
  3. Social Media E-Discovery: Are Your Facebook Posts Discoverable in Civil Litigation?
  4. Data for the Taking: Using Website Terms and Conditions to Combat Web Scraping
  5. Employer Access to Employee Social Media: Applicant Screening, “Friend” Requests and Workplace Investigations
  6. First-Ever Award of “Any Damages” for Fraudulent DMCA Takedowns Under Section 512(f)
  7. Twenty Years Down the Road: A Q&A With Paul Goldstein, Author of Copyright’s Highway
  8. Shorter and Simpler, Yes – But Is IBM’s New Cloud Services Agreement Any Sweeter? 
  9. Five Social Media Law Issues To Discuss With Your Clients
  10. Big Data and Human Resources—Letting the Computer Decide?

 

 

 

 

Go Fish: Do General Discovery Rules Apply to a Litigant’s Facebook Posts?

Posted in Discovery, E-Discovery, Litigation

MagManWhile discovery of social media information has been commonplace for some time, courts are still struggling with when such discovery should be allowed. While courts generally hold that normal discovery rules apply to social media discovery, at least one judge has identified—and railed against—emerging trends in such cases that impose additional hurdles for litigants seeking discovery of social media information.

Recently, in Forman v. Henkin, a divided New York State Appellate Division panel debated whether requests for Facebook photos are subject to the same standard as any other discovery request. In this personal injury case, the plaintiff, Kelly Forman, alleged that she was injured when a leather stirrup broke while she was riding one of defendant’s horses, sending her tumbling to the ground and causing Forman physical and mental injuries. Forman claimed that her injuries have limited her social and recreational activities and that her “social network went from huge to nothing.”

The trial judge granted the defendant’s request for Forman’s social media activity, including:

(1) “all photographs of plaintiff privately posted on Facebook prior to the accident at issue that she intends to introduce at trial,”

(2) “all photographs of plaintiff privately posted on Facebook after the accident that do not show nudity or romantic encounters,” and

(3) “authorizations for defendant to obtain records from Facebook showing each time plaintiff posted a private message after the accident and the number of characters or words in those messages.”

In an unsigned opinion for four of the five justices on the panel, a New York appeals court reversed the trial court and substantially limited the scope of the defendant’s request, allowing discovery only of photographs posted on Facebook “either before or after the accident” that Forman “intends to use at trial”—effectively gutting the discovery request.

Citing long-standing principles of discovery and New York’s civil procedure rules, the panel held that discovery should include only matters “material and necessary” to the action, and the party seeking discovery must demonstrate that the request is “reasonably calculated” to lead to relevant information. In contrast, “hypothetical speculations calculated to justify a fishing expedition” are improper.

Applying these principles, the panel concluded that the defendant failed to establish that the request for either the private photos or messages might produce relevant information.

While the majority resoundingly rejected the accusation that it was applying different discovery rules for social media information, Justice Saxe, dissenting, identified two emerging trends in discovery procedures that he viewed as “problematic”: First, that a defendant is permitted to seek discovery of a plaintiff’s nonpublic social media information “if, and only if, the defendant can first unearth some item from the plaintiff’s publicly available social media postings that tends to conflict with or contradict the plaintiff’s claims”; and second, that trial courts must then “conduct an in camera review of the materials . . . to ensure that the defendant is provided only with relevant materials.” According to Justice Saxe, these two developments, applied in this case and other recent rulings, amount to extra procedural burden on the party seeking social media discovery, and add a substantial and unnecessary burden to often overworked trial courts.

Instead, Justice Saxe advocated applying the traditional discovery approach of any other document request—that is, treating social media information the same as any other document, tangible or electronic. Thus, a demand must have a reasoned basis that the requested category of items bears on the controversy, and must not be overbroad and fail to distinguish relevant from irrelevant items. In most contexts, the defendant describes a type of content relevant to the claimed event or injuries and the plaintiff locates such documents in his or her possession or control. Judge Saxe noted that a party is not normally required to prove the existence of relevant material before requesting it. In sum, “[u]pon receipt of an appropriately tailored demand, a plaintiff’s obligation would be no different than if the demand concerned hard copies of documents in filing cabinets.”

Finally, Justice Saxe pointed out that the majority’s focus on “private” Facebook photos should not be a legitimate basis for treating social media information differently. Such “private” photos are by definition shared with at least a small universe of individuals—a Facebook user’s Friends or a Group—and the expectation of privacy for such posts is low.

Even in light of Justice Saxe’s critique, the majority held firm that the discovery standard they applied is the same for social media information as it is for any other documents and that the request was an unreasonably broad fishing expedition.

This case can perhaps best be understood as a lesson in specificity in social media discovery requests. Courts may simply feel uneasy authorizing broad discovery requests regarding social media, which they may perceive as more personal and private. The panel clearly felt uneasy about the “unbridled” scope of the social media discovery request, and suggested that the dissent’s position is a slippery slope that leads to production of all information stored in “social media, a cell phone or a camera, or located in a photo album or file cabinet,” or even in “diaries, letters, text messages and emails.”

We wonder how the court would have dealt with a more targeted request—for instance, a request for all “private” Facebook photographs after the accident that depict Forman engaging in strenuous physical activity. As we’ve previously discussed, courts have regularly demanded specificity in discovery requests for social media information and have rejected requests that are not narrowly tailored to potentially relevant information.

This case demonstrates that, while the legal standard for discovery may technically be clear, courts are still grappling with the level of procedural protection such information should be afforded. This issue will surely be the topic of future litigation for years to come.