June 2011

The Federal Election Commission (“FEC”) has promulgated extensive regulations requiring political advertisements to include disclaimers notifying viewers about who has paid for such ads.  In certain situations where it would be impracticable to include disclaimers, the FEC provides exceptions, but how do these exceptions apply to the small advertisements commonly found on the Internet? Facebook recently provided its own answer to that question in a 14-page letter prepared by its lawyers, calling for the FEC to exempt political advertisements on the Facebook.com site from these disclaimer obligations.  Ads on Facebook are limited to 25‑character headings with 135 characters of text, and generally take up less than one square inch of space on a standard laptop.  With that in mind, Facebook has argued that those advertisements should fall under the “small items” and “impracticability” exceptions to the disclaimer rule, found in 11 C.F.R. § 110.11(f).

The FEC’s exceptions are designed to enable political advertisements on certain media in which the disclaimer would be so intrusive as to essentially defeat the purpose of the advertisement.  For example, in a printed advertisement, the disclaimer must be “of sufficient type size to be clearly readable by the recipient of the communication” and “contained in a printed box set apart from the other content of the communication.” The FEC, recognizing the impracticality of making this disclaimer in certain situations, allows exceptions for “[b]umper stickers, pins, buttons, pens, and similar small items upon which the disclaimer cannot be conveniently printed,” as well as “[s]kywriting, water towers, wearing apparel, or other means of displaying an advertisement of such a nature that the inclusion of a disclaimer would be impracticable.” Facebook has argued that the type of advertisements used on its website should fall under both of these exceptions.

For the “small items” exception, Facebook cites an advisory opinion from 2002 in which the FEC declared that political ads sent to individuals via SMS messages, which by their nature are limited to 160 characters, were not required to include disclaimers.  Acknowledging that even a short disclaimer such as “Paid for by Smith for Congress” uses 30 of the available 160 characters, and that this small amount of available space places the same limits on advertisers as those related to bumper stickers and buttons, the FEC concluded that the “small item” exception applied to SMS messages.  In its letter to the FEC, Facebook argues that the exception should thus apply to its ads, which contain even fewer characters in their bodies than SMS ads, and further notes that, on most computer screens, its ads are smaller than campaign buttons.  Facebook points out that the small size of its ads is a business decision that the company made to enhance the Facebook.com site, and that it should not have to make larger political ads to accommodate the disclaimer rule because “[t]he purpose of the ‘small items’ exception is to allow political committees to speak through mediums, like Facebook ads, that consumers actually use,” as opposed to larger ads that would disrupt the Facebook experience.

Facebook does not provide precedent for including its ads under the “impracticable” exception, but notes that the exception applies when “inclusion of a disclaimer would be impracticable in most, but not all, instances.” Facebook also notes that Congress has shown a “clear preference for less regulation of Internet activity,” further implying that its political ads should not be regulated.

As of this writing, the FEC has yet to respond to Facebook’s letter, although reports have indicated that the commissioners may address this issue at a future meeting.  If the agency supports Facebook’s position, as the next election cycle gears up, we may see a new wave of “downsizing” by political advertisers who wish to remain anonymous.

 

The Federal Trade Commission (“FTC”) recently asked federal courts to shut down ten websites that touted the purported benefits of acai berry weight-loss products.  These were not your average promotional sites:  Each was convincingly designed to have the look and feel of a news reporting site.  For example, the headline of one site read, “Acai Berry Diet Exposed:  Miracle Diet or Scam?” and its sub-headline stated, “As part of a new series:  ‘Diet Trends:  A Look at America’s Top Diets,’ we examine consumer tips for dieting during a recession.” The accompanying article (ostensibly) discussed a reporter’s own experience with acai berry supplements, claiming to have lost 25 pounds in four weeks.

The FTC has charged that none of this was true and that the sites were not objective news sites but, rather, advertisements.  Moreover, the alleged deception did not start and end with the sites’ format.  In the words of David Vladeck, Director of the FTC’s Bureau of Consumer Protection, “Almost everything about these sites is fake.  The weight loss results, the so-called investigations, the reports, the consumer testimonials, and the attempt to portray an objective, journalistic endeavor.” Accordingly, the FTC has charged the sites with a litany of unlawful practices, including that:

  • They made false and unsubstantiated claims that acai berry supplements cause rapid and substantial weight loss;
  • They falsely claimed that independent tests demonstrate the supplements’ effectiveness;
  • They falsely claimed endorsement from legitimate news organizations, including ABC, Fox News, CBS, CNN, USA Today, and Consumer Reports;
  • They posted comments to their “articles” that were represented as coming from actual consumers, but did not; and
  • They failed to disclose their financial incentive to drive consumers to the sites that made the sales.  The targeted sites received commissions on consumers’ purchases, a fact that affects their objectivity about the product.

These final three charges represent violations of various sections of the FTC’s Endorsement Guides.  Although the Guides do not have the force of law, they provide advertisers with important guidance about how the FTC applies its deception authority to the use of endorsements, testimonials, and related practices.

The FTC takes the alleged deception very seriously.  It asked the court to temporarily halt the allegedly deceptive tactics and to freeze the sites’ assets pending trial.  It will eventually ask the courts to permanently prohibit the allegedly deceptive claims and require the companies to give refunds to consumers who purchased the supplements.

 

The Superior Court of New Jersey recently revisited the enforceability of online contracts and the importance of how terms and conditions are displayed on websites, in Hoffman v. Supplements Togo Management LLC, et al. In so doing, the court addressed a line of cases reaching back to the Second Circuit’s 2002 landmark decision in Specht v. Netscape, where Circuit Judge (now Justice) Sotomayor wrote that, unless a reasonably prudent Internet user would have learned of and unambiguously assented to terms governing an online commercial transaction, an online contract cannot be formed.  In Hoffman, the court seized the opportunity to clarify how the law’s view of a “reasonably prudent Internet user” has evolved over the intervening nine years in light of the rapid growth in Internet use and online transactions.  As it turns out, the answer is . . . not by much.

The plaintiff in Hoffman, an attorney with an alleged history of suing online retailers for deceptive practices, purchased a dietary supplement called “Erection MD” through a website operated by defendant Supplements Togo Management LLC (“Togo”).  The product in question was advertised on Togo’s site with a variety of claims, such as, “Enhances Sex Drive,” “Maximum Performance,” “Instantly Boost Testosterone Levels,” and “Ultimate Stamina.” Four days after receiving his shipment, the plaintiff filed a lawsuit in the Superior Court of New Jersey alleging violations of New Jersey’s Consumer Fraud Act (“CFA”) and claiming that Togo made false and exaggerated representations about the product that allegedly lacked scientific and objective support.  (New Jersey’s CFA essentially requires advertisers to substantiate with written proof any claims made concerning “the safety, performance, availability, efficiency, quality or price of the advertised merchandise,” and to keep such written proof on file for at least 90 days after the effective date of the advertisement.) In lieu of filing an answer to the complaint, Togo moved to dismiss Hoffman’s suit, arguing that Hoffman failed to state a claim under the CFA and was barred from suing Togo in New Jersey in light of the forum selection clause contained in Togo’s “website disclaimer,” which only permitted actions to be brought in Nevada.  The lower court, in addressing whether the clause was enforceable, dismissed Hoffman’s suit on the grounds of improper forum.

On appeal, the Hoffman court focused on the same key principles of notice and assent discussed in Specht, and in particular, on whether “a reasonably prudent [person] in these circumstances would have known of the existence of [the] license terms.” In this case, the disclaimer containing the forum selection clause was displayed “below the fold” (that is, on a “submerged” portion of the website to which a visitor needed to scroll down in order to see).  Hoffman stated that when he visited Togo’s website, Erection MD was the first product displayed, listed among other Togo products and supplements and appearing next to a box that read “ADD TO SHOPPING CART,” and that when he clicked to add the product to his cart, he was taken directly to the site’s checkout page.  Hoffman argued that because subsequent pages—including the one on which he consummated his purchase—did not contain the same disclaimer, he was never put on notice of those additional terms and, therefore, that Togo’s forum selection clause was unenforceable.  Applying New Jersey precedent, the court agreed with Hoffman and overturned the lower court’s dismissal.  The forum selection clause was ruled “presumptively unenforceable,” on the grounds that it was “proffered unfairly, or with a design to conceal or de-emphasize its provisions.” Persuaded by Hoffman’s argument, the judge emphasized that because the forum selection clause was “submerged” on the web page that listed Togo’s products, it was “unreasonably masked from the view of the prospective purchasers because of its circuitous mode of presentation,” which prevented Hoffman (or any customer) from being put on notice.

The analysis in Hoffman mirrors Specht where Justice Sotomayor noted that the fact that an unexplored portion of a web page could contain additional terms and conditions, does not mean that a reasonably prudent Internet user should assume the existence of—or be compelled to look for—those terms.  Rather, it should be the website operator’s responsibility to put Internet users on notice of applicable terms and to obtain their assent, in order to preserve the integrity and credibility of electronic “bargaining” and mutual assent necessary to establish a contract.  In applying the same logic, the court in Hoffman signaled that the view of what an Internet user (whether or not he or she is an attorney) should be responsible for today has not changed much since Specht, despite the fact that the majority of Internet  users have made purchases online.

Similar to previous clickwrap cases (including Specht), Judge Sabatino also made a point of noting that “if defendants establish on remand that Hoffman had actually read the forum selection clause before purchasing the product,” his ruling on the enforceability of the clause might have been different.  Additionally, on the issue of assent, the Hoffman court stopped short of ruling (as Hoffman had argued) that a website user must be made to expressly click an “I Agree” button or check-box in order to form a binding agreement; although the user’s “unambiguous manifestation of assent” is required, New Jersey’s courts, like others, remain hesitant to prescribe the means or technology that a website operator needs to use to obtain that assent.  (The Hoffman opinion did not address the fact that Togo’s website disclaimer was a browsewrap rather than a clickwrap agreement.) Hoffman is a reminder to website operators everywhere of the continuing importance of highlighting website terms and conditions, and making sure that visitors are on notice that their activities— including purchases—are governed by those terms.  As the line of clickwrap cases from Specht through Hoffman makes clear, this entails, at a minimum, notifying users of the existence of such terms on the site’s home page (for example, through a clearly marked link to such terms), in a manner that is conspicuous and easily viewed by site visitors.  Moreover, when goods and services are available for purchase, it is recommended that website owners require customers to affirmatively acknowledge their acceptance of applicable terms before a purchase is completed.

 

A pair of recent decisions in federal court in Arkansas confirms that nothing about the virtual world changes a core principle of contract formation—that there can be no valid contract without objective manifestation of assent.  The decisions both deal with the efforts of one repeat pro se plaintiff, David Stebbins, to impose upon large institutions binding agreements to arbitrate via email.  These two decisions signal that courts will not relax traditional rules of contract formation merely because of the informality and relative ease of online communication.

The first decision, Stebbins v. Wal-Mart Stores Arkansas, LLC, No. 10-cv-3086, 2011 WL 1519390 (W.D. Ark. Apr. 14, 2011), relates to Stebbins’ interactions with Wal-Mart.  After applying unsuccessfully for a number of jobs at a local store, Stebbins sent an email to the company’s customer service department purporting to extend to Wal-Mart a formal offer to arbitrate any dispute between him and the company through an online arbitration service.  In the email, Stebbins explained that contact by anyone from Wal-Mart, in any form at all, would constitute agreement to be bound by the terms of the email, including submitting to arbitration.  The company responded with generic emails directing Stebbins to another department.  Meanwhile Stebbins, believing that Wal-Mart had accepted his email offer by allowing him to pay by check for a gallon of milk, registered with the online arbitration service, which emailed Wal-Mart that Stebbins intended to arbitrate an employment dispute with the company.  When Wal-Mart did not accept the invitation to arbitrate within 24 hours (a condition imposed by Stebbins under a “forfeit victory” clause in the purported contract), Stebbins claimed that he was entitled to a default arbitration award of over $600 billion, regardless of the merits of the dispute.

In another dispute before the Arkansas federal court, Stebbins v. University of Arkansas, No. 10-cv-5125 (W.D. Ark. May 19, 2011), Stebbins sought a similar agreement with the University of Arkansas relating to his unsuccessful attempts to re-enroll at the university following a suspension in 2007.  Stebbins already had a discrimination suit pending against the university for allegedly failing to accommodate his mental health disability.  While motions to dismiss were being considered, Stebbins emailed the General Counsel’s office a link to a YouTube video containing an offer to arbitrate all legal disputes and specifying that he would deem the offer accepted if the university communicated with Stebbins in any way, allowed him to communicate with university officials, or permitted him on campus.  Stebbins claimed that counsel for the university accepted his offer by fielding a follow-up telephone call and that, by failing to accept the invitation to arbitrate within 24 hours, the university lost the dispute under a “forfeit victory” clause.  Stebbins sought over $50 million and re-enrollment in the university.

Acting pro se, Stebbins moved to confirm both arbitration “awards” in separate actions in Arkansas federal court, a venue in which he had similar actions pending against his landlord and an online arbitration service.  In both cases, the court shut Stebbins down.  In the Wal-Mart case, the court explained that Stebbins could not rely on the concept of unilateral contract—in which a party accepts an offer to contract by performance instead of by express agreement—to prove the existence of a contract.  Stebbins’ emails were merely “self-serving documents that did not form the basis for any conduct or performance on Wal-Mart’s part,” and, indeed, “Wal-Mart performed no act.”

Similarly, in the University of Arkansas case, the court declined to accept Stebbins’ “novel proposition that one party can force a contract on another by sending an offer to contract, and stating therein that conduct entirely unrelated to a showing of agreement to be bound will constitute acceptance.” Distinguishing authority about the enforceability of clickwrap and browsewrap agreements, the court found that Stebbins had failed to demonstrate that the university showed any objective manifestation of assent to the formation of a contract.  The court explained that, if acceptance could be manifested in the ways Stebbins suggested, a contract might be formed if a university employee greeted Stebbins in a grocery store.  But “[t]his, of course, is not how contracts are formed, even on the Internet.”

This pair of cases posed relatively straightforward questions for the courts.  The attempts at contract formation were so one-sided, and the terms of the purported awards so outlandish, that the courts seemed to have little trouble dismissing the claims.  But the cases reinforce a basic notion that might provide comfort to institutions in closer cases—objective manifestation of assent is required no matter what method of communication is used to form a contract.

 

Google’s recent announcement that it is preparing to offer behaviorally targeted ads for mobile devices has led to concerns regarding the tracking required to implement such functionality.  Online behavioral advertising has typically been implemented using cookies placed through a user’s web browser when the user visits a website.  Mobile devices, however, often access the Internet through applications that run outside of web browsers and do not support cookies.  This has left web hosts, advertisers, and those that sell advertising to find other ways to track online user behavior.  Google intends to tie users’ in-app behavior to their mobile devices’ unique “device identifiers,” potentially raising privacy concerns.

Google has sought to allay these privacy concerns through two mechanisms:  (1) it anonymizes user device information and allows users to reset the anonymous ID associated with their devices, and (2) it allows users to opt out of device tracking.  Google’s privacy policy, as updated on April 15, 2011, states that Google “uses anonymous IDs to serve ads in applications and other clients that do not support cookie technology.  When [a user] use[s] an application or other client,the application or other client may send device information to [Google].  [Google] anonymize[s] that device information by associating [the user’s] device ID with a random, anonymous string of characters.” Google uses the information received via the anonymous device IDs in the same ways that it uses AdSense information gathered through cookies.

Google’s announcement regarding mobile device tracking comes amidst growing scrutiny related to Internet tracking and privacy.  For example, in April 2011, Senators John Kerry (D., Mass.) and John McCain (R., Ariz.) proposed legislation setting forth “fair information practice principles” that would set minimum standards regarding the acceptability of information collection.  More recently, Senator Jay Rockefeller (D., W. Va.) went a step further, proposing an affirmative obligation for companies to not track people who click a browser flag indicating that they do not want to be tracked.  Additionally, Google’s new policy shortly preceded a lawsuit filed against it in federal court in Michigan alleging, among other things, that Google “d[id] not disclose its comprehensive tracking of users nor its use of a unique device ID attached to each specific phone” in its Terms of Service.

 

Although Google has been generally successful to date in defending against copyright claims in the United States, it has had a more mixed track record in Europe.  Recently, Google scored a victory in France in an infringement suit over Google’s linking to music file sharing sites, but suffered a setback in Belgium with respect to its links to and use of online news content.

In a May 3, 2011 judgment, Syndicat National de l’Edition Phonographique v. Google France and Google Inc., Paris Court of Appeal, Arret du 3 mai 2011, no. 10/19845, the Paris Court of Appeal ruled that Google did not breach copyright law by providing links to websites that allow the illegal downloading and sharing of music in its search results.  The French association that protects the rights of the French recording industry, the Syndicate National de l’Edition Phonographique (“SNEP”), brought the case against Google in April 2010, arguing that Google should remove such websites from its Autocomplete and Instant search services, as well as from final search results.  SNEP presented a list of search terms that it argued should be filtered by Google, including the names of websites:  “Torrent,” “RapidShare” and “MegaUpload.” SNEP’s argument was based on Article L336-2 of the French intellectual property code, which states that the high court has the power to take “all appropriate measures to prevent or halt” copyright infringements “caused by the contents of a communication service to the public online.” The Paris Tribunal de Grande Instance rejected the case in September 2010, ordering SNEP to pay Google EUR 5,000 (approximately USD 7,000) in costs.

Unsatisfied with this result, SNEP appealed to the Paris High Court, and added a list of artists and album names to the search terms to be filtered by Google.  The Court of Appeal, however, upheld the earlier ruling, stating that, although Google provides links to file-sharing websites in its search results, copyright infringement will not automatically follow.  For example, the court held that merely providing links and “suggesting” sites to be visited would not, standing alone, constitute copyright infringement under French law.  Moreover, the court found that the files made available on the linked-to sites were not necessarily intended for illegal downloading.  Further, the court noted that Google cannot be held responsible for individuals’ actions, and observed that the relief sought would be ineffective at stopping any copyright infringement that was occurring in connection with the linked-to sites.  Nevertheless, despite its victory, Google has reportedly removed such terms from its search results without official notice or explanation.

In a separate Belgian case involving online newspaper content, Copiepresse v. Google, Brussels Court of Appeal, No. 2007/AR/1730, Google did not fare so well.  On May 5, 2011, the Belgian Court of Appeal ruled in favor of Copiepresse, the Belgian association for the protection of French-language press copyright.  The court upheld an earlier ruling that Google had infringed copyright by displaying links to online newspapers and snippets of articles on its Google News service, and ordered Google to remove such links and content from its search results.  Copiepresse argued that the content at issue was only available to paying subscribers, and that Google was consequently causing newspapers to lose online subscriptions and advertising revenue by making content available for free.  The association also argued that websites should not have to opt out of Google indexation.  Google claimed that it qualifies for the “personal use” exemption under Belgian copyright law, but the court rejected this defense.  Belgium’s “personal use” exemption is far narrower than the “fair use” privilege under U.S. law, which Google has successfully invoked in defending copyright suits commenced in U.S. courts.  According to the judgment, Google faces a fine of EUR 25,000 (approximately USD 35,600) for every day it fails to comply with the court’s judgment.  In multilingual Belgium, the ruling only applies to French-language newspapers.

For website operators based in the United States, the two EU Google cases serve as an important reminder that copyright laws are territorial.  Online activities that are acceptable under one country’s copyright laws may nevertheless run afoul of another country’s copyright laws; and, because the Internet is necessarily global in nature, website operators need to pay attention to potential liability concerns arising under the laws of other countries.

 

The National Labor Relations Board (“NLRB”) remains vigilant regarding the interaction between social media and the workplace, and has continued to focus on the impact of restrictive social media policies on employee rights under the National Labor Relations Act (“NLRA”).  In an effort to issue uniform guidance on this emerging issue, all NLRB regional offices are now required to submit social media disputes to the NLRB’s Division of Advice before taking any action.  Specifically, the regional offices are required to submit for review all “cases involving employer rules prohibiting, or discipline of employees for engaging in, protected concerted activity using social media, such as Facebook or Twitter.”

Already, on April 21, 2011, the NLRB General Counsel published an Advice Memorandum regarding a social media complaint.  The case at issue involved an employee of The Arizona Daily Star (the “Daily Star”) who was terminated for posting “inappropriate and offensive” Tweets to a work-related Twitter account.  For example, the employee made the following posts:

“The Arizona Daily Star’s copy editors are the most witty and creative people in the world.  Or at least they think they are.”

“You stay homicidal, Tucson.
See Star Net for the bloody deets.”

“WHAT?!?!? No overnight homicide?
WTF? You’re slacking Tucson.”

The NLRB General Counsel centered his decision on whether these Tweets qualified as “protected, concerted activity,” and reasoned that they did not because the Tweets “did not relate to the terms and conditions of his employment or seek to involve other employees in issues related to employment.” Accordingly, the General Counsel concluded that the employee’s discharge did not run counter to the NLRA and declined to issue a complaint against the Daily Star.

In another social media case, the NLRB Regional Director in Buffalo, New York reached the opposite conclusion in a case involving a nonprofit organization.  Hispanics United, a group helping low-income Latinos, terminated five employees after they went on Facebook to criticize their working conditions.  Unlike the Tweets in Daily Star case, the comments posted on Facebook related to terms and conditions of employment, and the NLRB issued a complaint against the employer.  Trial in the Hispanics United case is expected to begin soon.

These cases illustrate the scrutiny that the NLRB is giving employer actions involving social media.  As the law continues to develop in this area, employers should review their current social media policies, consider revising overly broad restrictions and, as always, exercise caution before taking an adverse employment action against employees for their social media use.

 

When consumers sue online service providers for data breaches involving such consumers’ personally identifiable information (“PII”), courts routinely dismiss such suits based on the failure to allege an “injury in fact” as required to establish constitutional standing — see, for example, the decisions in Bell v. Acxiom Corporation and Amburgy v. Express Scripts, Inc.  In a recent ruling by the District Court for the Northern District of California in Claridge v. RockYou, Inc., however, the plaintiff survived a motion to dismiss on standing grounds by advancing a novel theory:  PII, such as login information used to access social media websites, constitutes “property” that consumers provide to website operators in exchange for products, services and the promise that such website operators will safeguard such PII.

RockYou provides applications for use with social media sites such as Facebook.  According to the plaintiff, RockYou promised in its online privacy policy to use “commercially reasonable physical, managerial, and technical safeguards to preserve the integrity and security” of the personal information of its customers.  The plaintiff alleged that, despite this promise, RockYou stored its customers’ PII in unencrypted form, and without taking any common and reasonable data protection measures, so that such PII was readily available to anyone who could access the database.  Furthermore, the defendant allegedly failed to respond immediately to a warning from an online security firm that hackers knew about and were actively exploiting a security flaw in RockYou’s database.  RockYou acknowledged that its database had not been up to date with regard to standard security protocols and that one or more hackers had gained access to its database, which contained social networking login credentials for millions of users.

The ruling may also signal a new willingness for courts to view PII as personal property having monetary value, which could give users greater ability to enforce public-facing privacy and data security policies against website operators.

The crux of the plaintiff’s theory was that RockYou’s customers “buy” products and services by providing their PII, which is valuable property and is consideration for RockYou’s promise that it would employ reasonable security methods.  Under the plaintiff’s theory, RockYou’s failure to safeguard customers’ PII breached RockYou’s obligations to its customers, and harmed the value of that PII by compromising it.  The court noted that there was no established law that clearly addressed such an argument.  Further, the court avoided a probing analysis of the fundamental issues, and even expressed doubt that the plaintiff could prove any damages, but nonetheless found the plaintiff’s allegations of harm sufficient “to allege a generalized injury in fact.” Thus, the plaintiff had standing to assert claims against RockYou for, among other things, breach of contract, negligence and violation of various statutes.

Although the plaintiff’s novel theory may not ultimately succeed as a way of establishing standing in data breach cases, commentators have observed that the RockYou case is noteworthy in its acknowledgment of the economic realities of the Internet, where creative use of PII is an increasingly important revenue source for online service providers.  The court’s ruling legitimizes, at least for now, complaints based on a website operator’s failure to protect the inherent value of PII collected from site users.  The ruling may also signal a new willingness for courts to view PII as personal property having monetary value, which could give users greater ability to enforce public-facing privacy and data security policies against website operators.  Further, in viewing a website privacy policy as a set of promises made by a website operator in exchange for valuable PI I, the RockYou decision has the potential to significantly alter the balance of risks in the gathering, storing and use of PII on the Internet.

It is unclear, however, whether other courts will follow RockYou’s novel approach.  Indeed, in an opinion issued only one month after the RockYou decision, another judge in the Northern District of California rejected the plaintiffs’ argument that PII was property for purposes of stating a claim under California’s Unfair Competition Law (“UCL”).  The plaintiffs in that case, In re Facebook Privacy Litigation, brought a number of claims against Facebook based on Facebook’s alleged transmission of PII to third party advertisers without plaintiffs’ consent.  The defendant moved to dismiss.  After dismissing the plaintiffs’ claims under the Electronic Communications Privacy Act, the court found that “personal information” was not property under the UCL.  The court distinguished one of its prior cases, Doe 1 v. AOL, LLC, and found that, because the plaintiffs had not paid fees to use Facebook, they could not be considered “consumers,” and thus could not state a claim under the California consumer protection statutes.  In a footnote, the court noted that, although the plaintiffs argued that PII was a form of property and itself constituted “currency,” the plaintiffs had offered no case law in support of those arguments.  The Facebook court had already found that the plaintiffs had standing; whether its holding on the issue of PII as property foreshadows the ultimate fate of the RockYou plaintiff remains to be seen.

A final note on the RockYou case:  While the court was required to address the cutting-edge standing issues discussed above, it also illustrated the perhaps more quotidian point that language matters when drafting privacy policies and other website terms of use.  As one commentator noted, the court’s decision depended in part on the literal meaning of certain disclaimer language in RockYou’s own privacy policy.  Specifically, RockYou’s privacy policy contained a disclaimer of liability related to unauthorized access to PII, which proved ineffective because the disclaimer only applied to “unauthorized access to or use of [RockYou’s] secure servers . . . .” (Emphasis added).  The court refused to dismiss the plaintiff’s contract claims based on this provision because the plaintiff alleged that RockYou’s servers were not “secure.” Therefore, at least with respect to its contract claims, the plaintiff survived defendant RockYou’s motion to dismiss based on the implied guarantee of security, a result that might have been avoided with a more carefully worded privacy policy.

 

 

10 Million Monsters!
Marking a truly historic social media milestone, Lady Gaga became the first Twitter user with more than 10 million followers.  According to reports, the entertainer noted this achievement with a Tweet saying “10MillionMonsters!  I’m speechless, we did it!  Its an illness how I love you.  Leaving London smiling.”

Netflix Traffic
Reports are that Netflix is now the single largest source of downstream Internet traffic, accounting for more than 20% of such traffic during peak times.  In comparison, YouTube accounts for approximately 10% of downstream traffic.

Google’s Contribution to Economic Activity
According to Google, the search giant’s programs, including AdWords and AdSense, provided $64 billion in economic activity for American companies and non -profits in 2010.  This represents an 15% increase over 2009.  Google’s home state of California is said to have benefitted the most—to the tune of $15 billion.

Facebook.com’s Integration with Microsoft’s Bing
The integration of the Facebook.com site with Microsoft’s Bing search engine, first announced in 2010, has been expanded.  Among other features, Bing will now display more data regarding search results that your Facebook friends have liked and a greater ability to share Bing search results with Facebook friends.

Facebook’s New Photo-Tagging Feature
On a somewhat related note, Facebook announced a new photo-tagging feature that allows users to tag businesses, brands, celebrities and musicians that have their own Facebook pages.  Previously, users could only tag themselves and their friends in photos.

Facebook Planting Negative Stories About Google?
Many have noted that the Facebook/ Bing integration presents a challenge to Google’s own search and social networking efforts.  In another indication of the increasingly heated competition between the Internet giants, controversy arose over allegations that Facebook hired a public relations firm to plant negative stories about Google.

Bin Laden’s Death Sets Twitter Records
Osama Bin Laden’s death set new Twitter records, becoming one of the most tweeted events ever.  According to Mashable, Twitter reached more than 5,000 Tweets per second at the beginning and end of President Obama’s speech announcing Bin Laden’s death, with a total of 27,900, 000 Tweets over a period of about two and a half hours.

Facebook Class Action
A Brooklyn man has filed a class action lawsuit against Facebook, alleging that the company’s “social ads”—which display the names and images of a user’s friends who have liked a particular brand or ad—use minors’ names and likenesses without the parental consent required under a section of New York’s civil rights law.

Social Widgets as Data Tools
“Social widgets,” those ubiquitous website buttons that allow users to “like” or “share” online articles and other content, also let their makers collect data about the websites people are visiting, potentially raising privacy concerns, according to a study prepared for The Wall Street Journal.

Google News Archive No More?
It has been reported that Google has ceased adding content to its Google News Archives, which provide free access to scanned archives of newspapers.  The existing archive remains accessible, however.

Social Networking for Children
Facebook’s founder, Mark Zuckerberg, announced recently that he would like to make the social networking site available to children, but also recognized the challenges presented by current law, particularly the Children’s Online Privacy Protection Act, which imposes strict rules regarding the collection of personal information from users under the age of thirteen.

Bad Yelp Reviews Barred from Anti-SLAPP Statute
A California court recently ordered a dentist who sued Yelp users for defamation over negative reviews to pay $80,000 in attorneys’ fees, after ruling that the dentist’s suit was barred by California’s anti-SLAPP statute.

Facebook and the ADA
A recent Ninth Circuit decision held that Facebook was not liable under the Americans with Disabilities Act when it terminated a user with bipolar disorder for terms of service violations because Facebook’s services do not have a nexus to a physical place of public accommodation that would be necessary to subject it to the ADA.

Morgan Stanley Employees on Twitter
Morgan Stanley Smith Barney has reportedly become the first major brokerage firm to allow its brokers to use Twitter.

“SB 242” Rejected
California’s Senate has rejected a bill (“SB 242”) that would require social networking sites to hide personal information about users unless they give their permission to share it.  A coalition of Web companies, including Facebook, Google, Skype, Twitter and Yahoo, had voiced opposition to the bill, arguing in a letter to Senator Ellen Corbett (D., San Leandro), who proposed SB 242, that the proposed statute “gratuitously singles out social networking sites without demonstration of any harm,” and would result in users making uninformed choices by requiring that they select privacy settings ahead of using the sites.