August 2012

Over the past year, a number of courts across the country have decided cases involving contributory infringement and the application of the Digital Millennium Copyright Act’s § 512(c) safe harbor in the social media context. Unfortunately for those who favor a uniform approach to the law, the precedent being developed is in many ways inconsistent. On one side of the country, the Ninth Circuit solidified § 512(c)’s protections for social media sites in UMG Recordings, Inc. v. Shelter Capital Partners LLC by holding that social media sites are not liable for infringing user-posted material subject to compliance with the DMCA’s notice and takedown procedures.  Several months later on the other side of the country, the Second Circuit addressed similar questions in Viacom Int’l, Inc. v. YouTube, Inc. Judge Cabranes’s opinion introduced the possibility that a social media site-owner’s “willful blindness” to infringing activity may trigger liability, thus raising the specter of (very) expensive litigation. The Seventh Circuit has now held in Flava Works, Inc. v. Gunter that online service providers are protected from contributory infringement liability—and therefore need not depend on the DMCA’s safe harbors at all—where they do not actually host allegedly infringing material or encourage copyright infringement but merely link to such material.

In an opinion written by one of the country’s preeminent circuit judges and cat fanciers, Richard Posner, the court addressed whether to uphold a preliminary injunction against social bookmarking site myVidster for contributory copyright infringement. myVidster allows users to “bookmark” videos they find on the Internet, such as videos from YouTube or Vimeo. myVidster automatically retrieves the “embed code”—code that permits the video to be viewed in a browser window separate from the original website (for example, when you link to a YouTube video on your Facebook page, the site automatically embeds the video so that your friends can view the video on Facebook rather than having to go to YouTube). myVidster then creates a new page for the embedded video, replete with advertisements.

Plaintiff Flava Works is an entertainment company that produces and streams adult videos through various websites. Flava allows its customers to download its content solely for personal use. Users are not permitted to upload Flava’s videos to other sites or to create any additional copies of the content. Thus, in Judge Posner’s view, a user who copies Flava’s videos by downloading them and then uploading the copyright-protected video to a third-party website is a direct infringer of Flava’s copyright. Because myVidster didn’t upload the infringing videos, the court found that myVidster did not directly infringe Flava’s copyright.

The court next considered whether myVidster should be held liable for contributory infringement based on such copying by Flava’s users. Posner disregarded the oft-cited Gershwin Publishing Corp. v. Columbia Artists Management, Inc. definition of contributory infringement in favor of a more succinct standard from Matthew Bender & Co. v. West Publishing Co.: contributory infringement is “personal conduct that encourages or assists [direct] infringement.” The court ultimately held that myVidster was not liable for contributory infringement for two reasons.

First, myVidster does not make any copies of Flava’s videos—whether on its own initiative or at its users’ direction—but instead links to videos on servers controlled by third parties. In bookmarking offending videos, myVidster’s users were not copying such videos. And by embedding those videos on its site, myVidster was not furthering any copying. Rather, the court found that myVidster effectively acts as an exchange, connecting the server hosting the video and myVidster’s users. Posner wrote:

[The user’s] bypassing Flava’s pay wall by viewing the uploaded copy is equivalent to stealing a copyrighted book from a bookstore and reading it. That is a bad thing to do (in either case) but it is not copyright infringement. The infringer is the customer of Flava who copied Flava’s copyrighted video by uploading it to the Internet.

Second, the court found that myVidster had done nothing to encourage uploaders to upload Flava’s videos. Therefore, myVidster did not “encourag[e]” infringement and was not a contributory infringer. As a result, myVidster had no need to resort to the § 512(c) safe harbors.

One of the most interesting aspects of the Flava Works opinion is its discussion of the various flavors (flavas?) of contributory infringement. Google and Facebook submitted an amicus curiae brief  in which they argued that the connections between myVidster’s (and other social bookmarking sites’) activities and any copyright infringement by users are simply too attenuated to constitute either direct or contributory infringement. They argued that myVidster was, at most, “contributing to contributory infringement.” Thus, myVidster’s potential infringement was not “secondary,” but rather, tertiary: the direct infringers are those who uploaded Flava’s copyrighted material, those who bookmarked the videos are arguably “secondary” infringers, while myVidster might be a “tertiary” infringer. Posner dismissed this argument, finding that common law notions of remoteness were sufficient to deal with this “contributing to contributory infringement” situation: “An injury will sometimes have a cascading effect that no potential injurer could calculate in deciding how carefully to act. The effect is clear in hindsight—but only in hindsight.” For Judge Posner, even in social media situations, there’s no need for the direct-secondary-tertiary “layer cake” model; there is simply infringement, contributory infringement, and non-infringement. And regardless of the theoretical “level” of removal of myVidster from the underlying direct infringement, myVidster was not “materially contributing” to that infringing activity—that is, myVidster’s actions were too remote from the uploader’s infringement—and was therefore not liable for contributory infringement by copying.

Judge Posner also addressed whether myVidster might be liable for contributory infringement based on public performance of Flava’s videos. The Copyright Act makes it unlawful “to transmit or otherwise communicate a performance . . . of the work . . . to the public . . . whether the members of the public capable of receiving the performance . . . receive it in the same place or in separate places and at the same time or at different times.” Posner identified two ways in which myVidster might infringe Flava’s performance right: “performance by uploading” and “performance by receiving.” On the “uploading” interpretation, “uploading plus bookmarking a video is a public performance because it enables a visitor to the website to receive (watch) the performance at will[.]” On the “receiving” interpretation, the performance occurs (or is, in other words, finalized) when the user clicks on and plays the video.

Posner dismissed the “uploading” view, arguing that myVidster is simply “giving web surfers addresses where they can find entertainment[,]” much like TimeOut and the New Yorker  list the details of various social events happening in the real world. According to Posner, the only infringer on the “uploading” view is the uploader himself. myVidster does not interfere with the data streaming directly from the host to the viewer, so myVidster did not contribute to the uploader’s infringement of Flava’s public performance right.

On the “receiving view,” the infringing act occurs when the myVidster users click “play” on Flava’s videos. Flava argued that, by providing an exchange that makes Flava’s videos available to myVidster’s users, myVidster provides “‘support services’ without which ‘it would [have been] difficult for the infringing activity to take place in the massive quantities alleged.’” Posner, however, was not persuaded by the “receiving” argument either. First, myVidster was not selling the allegedly infringing videos and thus had no direct pecuniary motive for pushing visitors to view Flava content bookmarked by the site’s users. Second, there was no substantial evidence that the videos were being accessed via myVidster rather than other websites. Thus, in Posner’s view, there was no basis to hold that myVidster was “abet[ting] others’ infringements” of Flava’s public performance right.

Judge Posner left open the possibility that myVidster had invited users to post infringing material, in which case it could be liable for inducing infringement. Similarly, he stated that myVidster’s now-discontinued sideloading service constituted direct—not secondary—infringement. Sideloading typically involves the transfer of data between two local devices. myVidster’s service allowed premium members to back up bookmarked videos on myVidster’s servers. As at least one commentator has noted, this raises interesting issues for sites like Pinterest and other social networks that periodically sideload copyrighted material posted by users on the presumption that such sideloading is authorized by, and therefore done at the direction of, the user. If such actions constitute direct infringement, the §512(c) safe harbors may not be available.

Following this morning’s meeting, the Commission has published its proposed rules:

http://www.sec.gov/rules/proposed/2012/33-9354.pdf

Summary

The SEC published its guidance today as a proposed rule, with a comment period, and not as an interim final rule.

The SEC proposes to amend Rule 506 to provide that the prohibition against general solicitation contained in Rule 502(c) shall not apply to offers and sales of securities made pursuant to Rule 506 provided that all purchasers are accredited investors and the issuer takes reasonable steps to verify their status.

Form D will be amended so that an issuer will be required to indicate whether it has used general solicitation.

The SEC is not proposing to amend the Section 4(a)(2) exemption.

Rule 506 offerings

Release implements a bifurcated approach—that is an issuer can conduct a Rule 506 offering without general solicitation, or a Rule 506(c) offering using general solicitation

A new Rule 506(c) is introduced, which would permit general solicitation provided:  issuer takes reasonable steps to verify investor status; purchasers are accredited investors; and other conditions of Rule 501 and 502(a) and 502(d) are satisfied.

The Staff is not prescribing a verification approach, but recognizing that the reasonableness of the steps taken to verify status will be based on particular facts and circumstances.  The Staff sets out a number of measures (in the form of a non-exclusive list) that could be used in order to assess investor status.

Rule 144A

Rule 144A will be amended to remove the reference to “offer” and “offeree” from Rule 144A(d)(1), requiring only that securities be sold only to a QIB or person reasonably believed to be a QIB.

Integration

Rule 144A/Rule 506 offerings will not be integrated with contemporaneous Regulation S offerings—however, the language used in the release may not be as clear as market participants would like.

At a meeting this morning, the SEC voted to propose rules relaxing the ban on general solicitation for certain offerings conducted pursuant to Rule 506 and resales under Rule 144A.  In a meeting that lasted approximately 45 minutes, the Staff outlined the principal aspects of the proposed rules.  The Staff indicated that it was proposing rules for comment, and not proposing an interim final rule.  As a result, market participants will have an opportunity to comment on the proposal and the Staff will have an opportunity to consider these comments prior to the adoption of final rules.  As anticipated, close attention will be required in relation to the Staff’s proposals regarding the “reasonable steps” to be taken to verify accredited investor status for offerings in which general solicitation is used.  The Staff discussed generally the verification process.  The Staff also discussed proposed changes to Form D.  The Staff also noted that the proposal would address the “directed selling effort” prong of Regulation S.  We will provide a detailed analysis of the proposal shortly.

The Commissioners provided interesting perspectives on the proposed rules and on the rulemaking process.

Commissioner Walter noted her support for modification of the communications rules in order to make these rules more contemporary.  She noted that allowing general solicitation is “a profound change,” which likely will have “unintended consequences.”  Commissioner Walter noted that comments on the proposal should help to identify these potential unintended consequences.  She also suggested that the Staff consider updating Form D in order to make it a source for more information regarding the types of offerings in which general solicitation is used and that the Staff should study the uses of general solicitation.  Commissioner Walter asked how the Staff intended to monitor the use of Rule 506 offerings involving general solicitation.  Meredith Cross noted that a multi-divisional task force would be formed in order to identify offerings in which general solicitation was used and to understand the verification processes used in these offerings.

Commissioner Aguilar noted he did not support the proposal and he would issue a separate statement which would be forthcoming.  He expressed concerns about investor protection.

Both Commissioners Paredes and Gallagher expressed their support for the proposal, while noting their significant concerns with the rulemaking process itself.  The two Commissioners noted that the original rulemaking course, which had been to release an interim final rule (not a proposal), had been changed in midstream.  This change had been occasioned after significant concerns had been expressed by various groups, including state regulators.  Both Commissioners Paredes and Gallagher noted their concern regarding the change in course and the resulting delays.

In today’s information economy, content owners are faced with a challenging decision regarding digital content. On the one hand, the viral nature of social media can mean unprecedented exposure as digital content is shared. On the other, that opportunity can come with significant legal risk if companies take an insufficiently careful approach to intellectual property clearance issues. One luxury clothing brand, Burberry Ltd., recently discovered just how substantial that legal risk can be.

Burberry approached social media with an innovative concept: “historical timelines” on its various social media pages, including Facebook, Twitter, and Instagram. These timelines featured photos of celebrities wearing Burberry’s iconic trench coats, scarves, and other products. Among Burberry’s chosen photos was a shot of Humphrey Bogart from the final scene of Casablanca, in which Bogart’s Rick, clad in a timeless Burberry trench, sends Ingrid Bergman’s Ilsa off to Brazzaville. While Burberry acquired permission to use the photo from photo agency Corbis, which manages the rights to various stock photos from Casablanca, Burberry failed to clear its use with Bogart LLC, which owns the actor’s publicity rights. Applicable law allows a celebrity to object to use of his or her name or likeness in a commercial context, particularly if the use is likely to cause members of the intended market to believe that the celebrity endorses the product. Bogart LLC alleged that Burberry’s use of the photo falsely implied that Bogart had endorsed the brand, thereby violating Bogart LLC’s publicity rights. Burberry countered, arguing that its timelines constituted “a historical positioning of the image within an educational project along with numerous other photographs of people wearing Burberry apparel over the last century.”

Although Burberry and Bogart LLC settled their pending state and federal cases for an undisclosed amount, this case provides a good example of the unexpected issues that can arise when brand managers fail to consider the full spectrum of rights that may be implicated by the use of photographs and other content. While the content industries have spent the last decade educating the public on copyright law’s effects in the digital media world, less attention has been paid to other areas of potential liability, such as trademark infringement and privacy and publicity rights violations, and their respective effects on the social media experience.

For example, in 2007, Virgin Mobile Australia (VMA) launched an advertising campaign using amateur photography culled from the social photo-sharing site, Flickr. The photos used by VMA were licensed under a Creative Commons “Attribution” license, which requires only that the original creator—that is, the copyright holder—be given credit. VMA chose for its campaign a photo of then-15-year-old Alison Chang, taken by her church youth counselor and uploaded by him to Flickr. Although VMA had appropriate copyright clearance to use the counselor’s picture under the Creative Commons license, Chang’s parents sued VMA for failing to get permission from Chang or her parents to use Chang’s name or likeness. Although the case was dismissed on procedural grounds, the incident illustrates how easily (and often) clearance procedures are overlooked when it comes to Internet-based content.

Similar cases have raised complex issues relating to federal preemption of state law claims. For example, in Laws v. Sony Music Entertainment, Inc., the plaintiff sued Jennifer Lopez and LL Cool J, alleging misappropriation of her name and voice through use of a sound recording on which the plaintiff’s voice was featured. The defendants had obtained a license to use the sound recording on which the plaintiff’s voice was featured, but had not obtained from the plaintiff the right to use her voice. Nonetheless, the Ninth Circuit held that, on this set of facts, the federal Copyright Act preempted the plaintiff’s state law right-of-publicity claim. Thus, her permission was not required for the defendants to use the validly licensed sound recording. By contrast, a different Ninth Circuit panel in Downing v. Abercrombie & Fitch, Inc., held that the Copyright Act did not preempt the plaintiffs’ state law publicity claims based on Abercrombie’s advertising use of a photo of the plaintiffs taken after the 1965 Makaha International Surf Championship in Hawaii. Thus, Abercrombie should have sought the plaintiffs’ permission in the first instance. The preemption inquiry is fact-bound—the Copyright Act preempts state law publicity claims in some circumstances, but not others.

While the details of these preemption cases exceed the scope of this article, suffice it to say that a company’s social media marketing personnel may not have the expertise to wade through such complex clearance issues. A clearance system that focuses narrowly on copyright issues and doesn’t consider other forms of intellectual property may therefore result in unexpected claims. It is also worth noting that the safe harbors provided by the Digital Millennium Copyright Act apply only to copyright claims, not other types of claims such as those mentioned above, and in any event, provide protection only with respect to user-generated content, not content posted by a company’s own employees. Therefore, companies should not assume that the DMCA will shield them from all liability for content posted on their social media pages.

Social media is an exciting new channel for reaching both current and prospective customers. But from a rights-clearance perspective, the old rules largely remain in force. Accordingly, companies’ review procedures for company-driven social media content should, to the extent possible, mirror the process they undertake for print ads and other traditional media. And where that may not be feasible (given the speed and flexibility often required on social media platforms), companies should institute rigorous policies and train marketing associates on how to avoid potential liability.

As we reported earlier this year, the Federal District Court for the Eastern District of Virginia held in Bland v. Roberts that merely “liking” a Facebook page is insufficient speech to merit constitutional protection.

In the case, former employees of the Hampton Sheriff’s Office brought a lawsuit against Sheriff B.J. Roberts, in his individual and official capacities, alleging that he violated their First Amendment rights to freedom of speech when he fired them, allegedly for having supported an opposing candidate, Jim Adams, in the local election for Sheriff.  Two of the plaintiffs had done nothing more than “like” Adams’s Facebook page.

Shortly after the district court ruled in favor of the defendants, the plaintiffs filed a notice of appeal.  Now Facebook and the American Civil Liberties Union (ACLU) have filed amicus briefs on behalf of the plaintiffs, arguing that “liking” something on Facebook is speech—or at the very least, expression—under the First Amendment, and thus should be entitled to constitutional protection.

In its amicus brief, Facebook argues that when the plaintiffs clicked the “like” button on Jim Adams’s campaign page, it was “the 21st-century equivalent of a front-yard campaign sign.”  Facebook also notes, as we did in our video interview with LexBlog, that clicking “like” is more than a passive signal of approval because it has real effects on Facebook’s algorithm, including “notices and statements on a Facebook user’s profile page, in his or her friends’ news feeds, and in other places around the site.”

The ACLU amicus brief takes issue with the district court’s ruling that “liking” is not entitled to protection because it involves no actual statements.  In response, the ACLU argues that even if “liking” something is not “pure speech,” courts have long recognized that First Amendment protection is not limited to actual words.  The brief goes on to cite almost a dozen cases where conduct or expression has been held to be protected under the First Amendment.  Further, the ACLU argues, whether someone presses a “like” button to express his thoughts or presses the buttons on a keyboard to write out those words, “the end result is the same:  one is telling the world about one’s personal beliefs, interests, and opinions.  That is exactly what the First Amendment protects, however that information is conveyed.”

This case is a prime example of the courts’ challenge of interpreting traditional legal regimes in dynamic, Internet contexts and one that we will continue to follow as it progresses.

The Federal Trade Commission (FTC) recently reached an $800,000 settlement with the data broker Spokeo, Inc. (“Spokeo”).  The FTC’s complaint alleged violations not normally seen together:  First, that Spokeo distributed personal information for background checks by employers in ways that failed to comply with the Fair Credit Reporting Act (FCRA) and, second, that Spokeo’s employees posted Spokeo product endorsements without revealing their connection to the company, in violation of Section 5 of the FTC Act, which prohibits “unfair or deceptive acts or practices in or affecting commerce.”

The Alleged FCRA Violations

The FCRA imposes certain obligations on “consumer reporting agencies,” which are generally defined as businesses that assemble or evaluate certain information about a consumer and furnish it to third parties for their use in determining the consumer’s eligibility for credit, insurance, or employment.  The FCRA requires a consumer reporting agency to follow specified procedures to help protect consumers’ rights, including steps to ensure that each report it sells is used for a purpose specifically permitted by the law and that the information contained in the report is accurate.  The law also requires a consumer reporting agency to inform each recipient of a consumer report of its obligations under the Act, including that it notify a consumer in the event that it takes adverse action against him or her based on information in the report (such as a decision to deny him or her credit or not to hire him or her).

Spokeo collects personal information about consumers from hundreds of online and offline sources—including social networks and marketing databases—and combines this information to create profiles on those consumers.  Spokeo then sells access to these profiles.  The FTC alleged that, because Spokeo marketed the profiles to human resources departments and others for use in the hiring process, it was a consumer reporting agency subject to the FCRA.  According to the FTC, Spokeo did not, however, comply with the Act’s requirements.  Moreover, even though Spokeo had changed its website terms of service to state that it was not a consumer reporting agency and to prohibit clients from using its information for purposes protected by the FCRA, Spokeo did not actually enforce those terms, such as by revoking the access of companies that it knew—or should have known—were using its consumer reports for employment purposes.

Although this is the FTC’s first FCRA case involving the sale of data collected for employment purposes from social media and other online sources, it should not have come as a complete surprise, as this was not the first time that the agency had weighed in on the subject.  In May 2011, FTC staff wrote to a company described as “an Internet and social media background screening service used by employers in pre-employment background screening,” reminding it of the FCRA’s applicability.  Even in light of these FTC activities, however, businesses may not appreciate just how broad the law’s definition of a “consumer reporting agency” is.  Companies that compile or evaluate and then distribute consumer data should seek to determine whether they need to comply with the FCRA’s requirements.  Further, companies that receive consumer reports from consumer reporting agencies—whether to make employment decisions or otherwise—are also bound by certain obligations under the FCRA and, potentially, state laws.

The Allegedly Deceptive Endorsements

Just a few years ago, the FTC updated its Endorsement Guides (“Guides”) to address issues specific to social media marketing.  Although the Guides do not have the force of law, they provide marketers with guidance from the FTC on avoiding potentially deceptive practices under Section 5 of the FTC Act.  Even prior to this update, however, the Guides made clear that any connection between an endorser and the seller of the advertised product—such as an employment relationship—must be disclosed, as such a connection affects the weight that consumers give to the endorsement.  The message to companies:  Create and enforce a social media policy that requires your employees to disclose the fact of their employment when talking about your products or services.

Spokeo allegedly did just the opposite:  The FTC asserted in its complaint that Spokeo directed its employees to pose as ordinary consumers and post endorsements praising the company’s products.  What’s more, Spokeo managers actually reviewed the endorsements and supplied the accounts that were used to make them—all to give the public the misleading impression that Spokeo had numerous happy customers.  In the FTC’s view, this practice was deceptive because, had consumers known that the endorsements were posted by the seller’s own employees, they would have known that they should probably take the endorsements with a grain of salt.  In its settlement with the FTC, Spokeo agreed not only to comply with the Guides going forward but to also remove all of the fake endorsements already posted.

A myth has developed among many companies seeking to exploit social media that the old rules do not apply in this new age.  The Spokeo settlement is a stark reminder that the old rules do in fact apply, and that companies ignore those rules at their peril.

The Children’s Online Privacy Protection Act of 1998 (“COPPA”), which became effective in April 2000, has long served as the primary regulatory tool of the Federal Trade Commission (the “FTC”) to police online privacy issues concerning children under 13.  The COPPA Rule (the “Rule”), promulgated by the FTC pursuant to COPPA, in general requires the operator of a website or online service that is directed to children or that knowingly collects personal information from children to obtain verifiable parental consent before collecting personal information from a child under the age of 13.  In September 2011, after the Act had been on the books for over a decade, the FTC announced that change was coming and proposed for public comment certain amendments to the Rule, as we explained last year.  After all, when the Act first passed in 1998, Mark Zuckerberg was just 14 years old, and social media giants like Facebook, YouTube and Twitter would not launch until well into the next decade.  Google had just been founded and operated out of a garage in Silicon Valley.  Pets.com was the next big thing.  Change was long overdue.

On August 1, 2012, after reviewing over 350 comments to its proposed amendments, the FTC announced that it was seeking further proposed modifications to the Rule.  So what’s new this time?

Network Advertisers and Other Third-Party Information Collectors Potentially Responsible for COPPA Compliance

Although COPPA applies only to websites or online services, the FTC’s proposed new modifications seek to expressly hold certain third-party plug-in, software download, and advertising networks accountable for COPPA compliance when they collect personal information through a website or online service that they know is child-directed.  Does this mean that such third parties are going to be held strictly liable for COPPA compliance when they are integrated into a website or online service?  No.  Although it considered this option, the FTC instead proposes to apply the Rule only if the third party “knows or has reason to know” it is collecting personal information through a host site or service that is directed to children.  Thus, if credible information that such use is occurring is brought to the attention of a plug-in or ad network, for example, it ignores this information at its peril.

Mixed Approach to Mixed Audience Sites

Historically, the FTC has not charged mixed audience websites that contain content appealing to both children and adults as “directed to children,” given the burden that this can impose on providers and users alike.  Instead, the FTC has charged such websites under COPPA only where they had actual knowledge that they were collecting personal information from children.  The FTC now seeks to codify this approach.  Under its proposed revisions, a website or service that has child-oriented content appealing to a mixed audience, where children under 13 are likely to be over-represented, will not be deemed “directed to children” if the site or service age-screens all users before personal information is collected.  Then, once the site learns who self-identifies as under 13, it must obtain appropriate parental consent before collecting any personal information and otherwise comply with the Rule with respect to them.  Websites or services that knowingly target, or have content likely to attract, children under 13 as its primary audience must still treat all users as children for COPPA compliance purposes.

Information collected by “persistent identifiers,” including in connection with behaviorally-targeted ads, counts as “personal information” for COPPA purposes

The FTC announcement also included certain modifications and clarifications to some of its earlier, more controversial 2011 proposals.  Last fall, for instance, the FTC expanded the definition of “personal information” (the collection of which generally triggers a parental consent obligation) to include information collected by “persistent identifiers” that track a devise’s use over time and across different platforms.  This expansion met considerable resistance from some quarters because commentators felt that “persistent identifiers” track devise use, not personal use, and therefore should not count as collecting “personal information,” but the FTC did not alter its stance.  An exception, however, exists for information collected by persistent identifiers if it is used as support for internal operations.

So what counts as “support for internal operations”?  The FTC now proposes to expressly define those operations as including “site maintenance and analysis, performing network communications, use of persistent identifiers for authenticating users, maintaining user preferences, serving contextual advertisements, and protecting against fraud and theft.”  Thus persistent identifiers can be used for these express purposes without regard to any COPPA compliance consequences.  But for all other uses, COPPA may become an issue.  Use of a persistent identifier for purposes outside of these operations, including for behaviorally-targeted advertising (specifically addressed in the recent commentary) will likely trigger the Rule’s obligations.  Because of this expanded definition, and the fact that age cannot be determined from a persistent identifier, sites directed to children may be well advised to engage in such activities only after first obtaining verifiable parental consent.  In fact, given the breadth of this potential rule, operators of sites wholly unrelated to children should take notice as this change may well portend a broader shift in policy within the FTC toward these issues.

The FTC is accepting comments on the proposals until September 10, 2012.  The FTC expects to publish a final Rule this year.  A more detailed explanation of these proposed changes, including analysis of important commentary, can also be found here.