Header graphic for print

Socially Aware Blog

The Law and Business of Social Media

The Second Circuit Tackles Employee Rights, Obscenities & Social Media Use

Posted in Employment Law, Protected Speech

65329935_thumbnail_smallEmployers took note last year when the National Labor Relations Board (NLRB) ruled that “liking” a Facebook post can qualify as protected activity under the National Labor Relations Act (NLRA). The NLRB held that the owner of a sports bar violated Section 7 of the NLRA by firing employees for a protected Facebook discussion criticizing the owner’s tax-withholding practices. An employee who referred to the owner as an “asshole” and another employee who merely “liked” the Facebook discussion were both engaged in protected activity, according to the NLRB.

Now the Second Circuit has affirmed the NLRB’s ruling. The Court rejected the argument that the employees’ Facebook discussion was unprotected because it amounted to uttering obscenities in the presence of customers. Accepting such an argument, wrote the Court, “could lead to the undesirable result of chilling virtually all employee speech online.”

The Court noted that almost all Facebook posts have the potential to be viewed by customers, but in this case the discussion was protected because it was not directed at customers and did not reflect the employer’s brand.

In addition, the employees’ Facebook activity did not lose protection simply because it contained obscenities viewed by customers, as such protection “accords with reality of modern-day social media use.”

The Second Circuit’s decision signals significant protection of employees’ social media communications, including a Facebook “like.” However, the Court refused to publish its summary order, despite urging from the NLRB, so the decision has no precedential effect.

Nonetheless, the takeaway is clear: “Like” it or not, employers should proceed with caution when considering whether to take action against employees for social media postings, even where obscenities are involved. Such is the reality of modern-day online speech.

Google Books and Fair Use: From Implausible to Inevitable?

Posted in Copyright

[Editor’s Note: At Socially Aware, we occasionally invite guest columnists to contribute pieces on cutting-edge Internet-related legal issues; today we have the pleasure of publishing a piece by noted copyright scholar Jane Ginsburg, Morton L. Janklow Professor of Literary and Artistic Property Law at Columbia Law School*.]

Colorful books and symbol of copyright.Isolated on white.3d rendered.

A for-profit corporation scans millions of in-copyright books and permanently stores their full contents in its database, all without seeking permission or paying the books’ authors or publishers. Over  ten years ago, when Google began its massive digitization and storage program, with the cooperation of the University of Michigan library, who supplied the books that Google scanned, not many copyright scholars would have thought that the systematic copying of immense volumes of full text for commercial purposes, without the creation of new copyrightable expression building on the copied content, could plausibly assert the mantle of fair use. By the time the Second Circuit upheld Google’s fair use defense last month, that result seemed inevitable.

How did the fair use doctrine go from a safety valve to enable second authors to create new works that productively incorporate reasonable portions of prior works, to a free (in both senses of the word) pass for mass commercial digitizationat least so long as the outputs from the commercial database communicate no expression or insufficient expression to infringe? And, perhaps, so long as the compiler of that database can keep the contents safe from hacking.

In this column, I will set the decision in light of its forebears, and then consider its impact on future fair use defenses.

First, a summary, in the court’s words, of the Google Books holding:

 (1) Google’s unauthorized digitizing of copyright-protected works, creation of a search functionality, and display of snippets from those works are non-infringing fair uses. The purpose of the copying is highly transformative, the public display of text is limited, and the revelations do not provide a significant market substitute for the protected aspects of the originals. Google’s commercial nature and profit motivation do not justify denial of fair use. (2) Google’s provision of digitized copies to the libraries that supplied the books, on the understanding that the libraries will use the copies in a manner consistent with the copyright law, also does not constitute infringement. Nor, on this record, is Google a contributory infringer.

This column will address only the first holding. The key determination focused on the “highly transformative” purpose of the copying. In modern fair use jurisprudence, particularly in the Second Circuit, once a court rules the “nature and purpose of the use” (statutory fair use factor (1)) to be “transformative,” a successful outcome for the defense is almost assured. In the last 20 years of fair use case law, the meaning of “transformative” has itself become transformed.

In an influential article written in 1990, Judge Pierre Leval of the U.S. Court of Appeals for the Second Circuitwho also authored the Google Books opinion  – coined “transformative use” to describe what used to be called “productive uses,” through which the fair use doctrine traditionally allowed follow-on authors to bestow their intellectual labor in reworking selections from a prior work, provided the borrowings did not prejudice the profits or prospects of that work.

The Supreme Court, four years later, for the first time recognizing parody as a potential fair use, adopted the label. In Campbell v. Acuff-Rose Music, Inc., the Supreme Court inquired whether the defendants’ musical parody had made a “transformative” use: not one that merely supersedes the objects of the earlier work by copying it, but one that “adds something new, with a further purpose or different character, altering the first with new expression, meaning, or message.” In the context of the Supreme Court’s Campbell decision, the Two Live Crew rap parody “transformed” Roy Orbison’s “Pretty Woman” by creating a new (and rather raunchy) work. But courts came to interpret Campbell’s reference to “something new, with a further purpose” to encompass copying that does not add “new expression,” so long as the copying gives the prior work “new meaning.” (See, for example, Kelly v. Arriba Soft Corp.) Fair use cases began to drift from “transformative work” to “transformative purpose,” in the latter instance, copying of an entire work, without creating a new work, could be excused, particularly if the court perceived a sufficient public benefit in the appropriation.

In the initial shift from “transformative work” to “transformative purpose” the defendant had in fact created an independent work of authorship, even though that work did not significantly alter the copied work. Thus, in Bill Graham Archives v. Dorling Kindersley Ltd. (which did not concern digital technologies), the Second Circuit held a coffee-table-book biography’s reduced-sized complete images of posters of the legendary rock band The Grateful Dead were “transformative” because the book used the images of the posters as “historical artifacts” to document the Dead’s concerts, rather than for the posters’ original aesthetic purpose. But the documentary/aesthetic distinction also significantly expanded the application of the fair use exception to new technological uses that did not yield new works. The search engine practice of permanent storage of works for the purpose of “indexing” has been the principal digital beneficiary of the “documentary” or “new purpose” brand of transformativeness (see, as examples, Perfect 10, Inc. v. Amazon.com, Inc. and Kelly v. Arriba Soft Corp.).

Other applications of the aesthetic/documentary distinctionmore broadly characterized as a distinction between expression and informationto the inputting of copyrighted works into databases then emerged. In A.V. ex rel. Vanderhye v. iParadigms, LLC, the Fourth Circuit ruled the constitution of a commercial database of student papers by the “Turn It In” plagiarism detection services a fair use: “the archiving of plaintiffs’ papers was transformative and favored a finding of ‘fair use.’ iParadigms’ use of these works was completely unrelated to expressive content and was instead aimed at detecting and discouraging plagiarism.” In a decision that in many ways presaged Google Books, the Second Circuit in Authors Guild v. HathiTrust, concerning library uses of their holdings, as digitized by Google, found the scanning and permanent storage of full copies of in-copyright books to further the ‘transformative use’ of allowing “data mining” of the contents of the books. Such uses are nonexpressive in two senses: they produce no new expression by the copying and storage entities, and the ‘mining’ of the scanned book seeks not to expose its expression, but rather to extract information.

In light of this progression, the decision in Google Books probably surprised no one, even though Google Books presented two ultimately nonsalient differences with HathiTrust. While the University of Michigan is a nonprofit educational institution, and (apart from a limited program for the visually impaired) it confined its use of the database to datamining so that it conveyed none of the scanned works’ contents to the public, Google is not a charitable entity, and its book search program communicated to the public “snippets” of the books. “A snippet is a horizontal segment comprising ordinarily an eighth of a page”; on a 24-line page, a snippet works out to three lines. The court accorded scant weight to the commercial nature of Google’s enterprise, stressing that the Second Circuit has “repeatedly rejected the contention that commercial motivation should outweigh a convincing transformative purpose and absence of significant substitutive competition with the original.” Distinguishing between outputs that convey information about the scanned book from outputs that convey its expression, the court ruled that neither the datamining uses nor the snippet views exploited the copied works for their expressive value.  Hence “the creation of complete digital copies of copyrighted works [results in] transformative fair uses when the copies ‘served a different function from the original.’”

With respect to the datamining uses there is a powerful argument that exploiting a work for its non-expressive information (bibliographic or bean-countinghow many times and in what works a given word or phrase appears) is not even prima-facie infringing, and that the digitization of lawfully possessed copies (loaned from the University of Michigan library) to create a database that enables nonexpressive, but progress-of-knowledge-enhancing outputs must therefore be equally free. By contrast, the snippet views did convey limited amounts of expression, but the court repeatedly emphasized the very constrained and controlled, “fragmentary and scattered,” “cumbersome, disjointed, and incomplete nature of the aggregation of snippets made available through snippet view.” As a result, “at least as presently structured by Google, the snippet view does not reveal matter that offers the marketplace a significantly competing substitute for the copyrighted work” (emphasis supplied). The court appears to be endeavoring to avoid slippery-slope expansion of the content or presentation of fair use-permissible snippets.

As currently constituted, the snippet views may well provide too little copyrightable expression to substitute for purchase of the full book, or for licenses of smaller, expression-bearing, increments of the book. But, as Appendix A to the court’s decision (reproducing a snippet view of one book) demonstrates, it is not clear that the snippets in fact offer sufficient “information about” the books to perform their “transformative” fair use function of allowing the user to ascertain whether the book is relevant to her purposes. More expression might better promote that objective, but might also risk displacing the potential licensing market for expressive excerpts. The decision upholds a status quo that may in fact satisfy neither authors nor users; the slippery slope thus may yet loom.

Similarly, in response to the authors’ concern that the database might be vulnerable to hacking, the court responded that “Google has documented that Google Books’ digital scans are stored on computers walled off from public Internet access and protected by the same impressive security measures used by Google to guard its own confidential information.” Less “impressive security” might doom a fair use defense, given the devastating consequences of unfettered access to reproduce and further communicate the full text of digitized works. Thus, while the court found that Google’s program did not present a sufficiently credible risk of harm, it is not clear who else’s programs could clear the decision’s high security bar.

The court’s cautious circumscription thus suggests that the Google Books decision does not herald a new extension of an already-expanded fair use defense, but (at least until a competitor with equivalent resources appears) is instead sui generis. The Second Circuit’s abstention from addressing some of the district court’s fair use analyses similarly betokens the decision’s modest scope.  For example, the district court embraced the long-spurned argument that defendant’s copying does the plaintiff a favor by bringing the work to greater public attention (“a reasonable factfinder could only find that Google Books enhances the sales of books to the benefit of copyright holders”), but the Second Circuit’s opinion forgoes such contentious flourishes.

That said, in cases involving complete copying of entire works, questions undoubtedly remain regarding the reach of the recasting of “transformative use” as a dichotomy between the provision of “information about” a copied work (likely fair use) and the communication of “expressive content” (less likely fair use, though defendant may still show that its use does not substitute for an actual or potential market for the plaintiff’s expression).  Indeed, if fair use turns on nondisclosure to the public of a digitized work’s copyrightable expression, then, if Google had scanned and stored millions of books, and used the content for internal purposes without permission but also without disclosing any outputs of any kind to the public, would its use still be “fair”?

[ *Author’s Note: Many thanks to June M. Besek, Executive Director of the Kernochan Center for Law, Media & the Arts, Columbia Law School.]

Following the Wisdom of the Crowd? A Look at the SEC’s Final Crowdfunding Rules

Posted in Crowdsourcing

This article provides a detailed overview of the final rules, Regulation Crowdfunding, which will be applicable to crowdfunding offerings conducted in reliance on Section 4(a)(6) of the Securities Act of 1933 as amended (the “Securities Act”), which was added by Title III of the Jumpstart Our Business Startups Act of 2012 (the “JOBS Act”), as well as to those intermediaries participating in such offerings. We do not address the proposed FINRA framework applicable to funding portals, which will be covered in a separate alert. All rule references, unless otherwise noted, refer to rules under Regulation Crowdfunding.

We will supplement this alert with a more detailed practical analysis comparing the various new offering exemptions available to issuers as a result of the JOBS Act.


Limit on Capital Raised

Consistent with the statutory limitations, Rule 100(a) provides that an issuer may sell up to $1 million in any 12-month period to investors in an offering made pursuant to the exemption. Of course, an issuer may consider conducting other exempt offerings in close proximity with its crowdfunded offering.  In calculating the amounts sold for purposes of the threshold, amounts sold by a predecessor or by an entity under common control with the issuer will be aggregated with the amounts sold by the issuer.

Individual Investment Limits

In the final rules, the Securities and Exchange Commission (the “SEC”) has modified the investor limits from those included in its proposed rules. The final rules make clear that the individual investor limit is an aggregate limit, which applies to all investments made by the individual over a 12-month period in crowdfunded offerings and not to a specific offering.

An investor will be limited to investing:

  1. The greater of: $2,000 or 5% of the lesser of the investor’s annual income or net worth if either annual income or net worth is less than $100,000; or
  2. 10% of the lesser of the investor’s annual income or net worth, not to exceed an amount sold of $100,000, if both annual income and net worth are $100,000 or more.

As we discuss below, the issuer can rely on the intermediary’s calculation of the investment limit; provided that the issuer does not have knowledge that the investor has exceeded, or would exceed, the investment limits as a result of participating in the issuer’s offering.

Offering through an Intermediary

An issuer would only be able to engage in an offering through a registered broker-dealer or through a funding portal, and an issuer can only use one intermediary for a particular offering or concurrent offerings made in reliance on the exemption.

The offering must be conducted online only through the intermediary’s platform, so that the “crowd” has access to information and there is a forum for an exchange of information among potential offering participants.

A “platform” is defined as “a program or application accessible via the Internet or other similar electronic communication medium through which a registered broker or a registered funding portal acts as an intermediary in a transaction involving the offer or sale of securities in reliance on Section 4(a)(6) of the Securities Act.”

Eligible Issuers

The ability to engage in crowdfunding is not available to all issuers. By statute, the following issuers cannot rely on crowdfunding transactions under Section 4(a)(6):

  • issuers not organized under the laws of a state or territory of the United States or the District of Columbia;
  • issuers already subject to Securities Exchange Act of 1934, as amended (the “Exchange Act”) reporting requirements;
  • investment companies as defined in the Investment Company Act of 1940 (the “Investment Company Act”) or companies that are excluded from the definition of “investment company” under Section 3(b) or 3(c) of the Investment Company Act; and
  • any issuer that the Commission, by rule or regulation, determines appropriate.

The final rules also exclude:

  • issuers disqualified from relying on Section 4(a)(6), or “bad actors;” and
  • issuers that have sold securities in reliance on Section 4(a)(6) and have failed, to the extent required, to make required ongoing reports required by Regulation Crowdfunding during the two-year period immediately preceding the filing of the required new offering statement; and
  • any issuer that is a development stage company that has no specific business plan or purpose, or has indicated that its business plan is to engage in a merger or acquisition with an unidentified company or companies.

Continue Reading

Building a Successful Social Media App: Four Lessons Learned From Snapchat

Posted in Disappearing Content

43909832_thumbnailSince its launch in 2011, the social media platform Snapchat has generated its share of negative press, with most of that press in some way related to the very characteristic that, at least initially, helped Snapchat to become popular among its mostly youthful user base: its “disappearing” messages feature.

Yet, despite reports that the app began as (and continues to be) a popular sexting tool, that Snapchat’s less-than-ironclad security measures resulted in the posting of millions of the app’s users’ personal information, and that Snapchat inaccurately represented its privacy and security policies, Snapchat was the fastest growing app in 2014 and is the third-most-popular social app among millennials.

So what accounts for Snapchat’s $19 billion valuation? According to senior Fortune editor Andrew Nusca, the social media company has employed a “well worn” business model: “marshal a captivated audience, sell advertisements against it, profit.”

Since that sounds a lot easier said than done—especially in light of Snapchat’s public missteps—we attempted to discern exactly how the company has managed to achieve those milestones. What has it done right?

There is, of course, no exact formula for success; surely the rearing of all unicorns involves some measure of magic pixie dust. But a close examination of Snapchat reveals certain strategies that tech entrepreneurs seeking to duplicate Snapchat’s success might wish to emulate.

1. Identify and pioneer a highly desirable feature.

Because they encourage spontaneity and reassure social network users that they’re not sacrificing long-term privacy, disappearing messaging apps have been popping up everywhere over the last couple of years. But Snapchat was one of the very first social media companies to recognize the appeal of ephemeral posts—the app was premised on the claim that photos and texts sent using Snapchat disappeared after 10 seconds—and being first never hurts, especially when it comes to attracting an audience.

In the last couple of years, however, doubts have arisen regarding Snapchat’s “disappearing messages” claims. Most notably, a 2014 Federal Trade Commission investigation concluded that, because several work-arounds exist, the company’s statements about its messages being ephemeral are essentially false.

Surprisingly, use of the Snapchat app continued to increase even as the scandal broke, perhaps because, by then, Snapchat had already become popular with teenagers, or because the company had already implemented even more “addictive” features (see numbers 2 and 3, below).

Nevertheless, Snapchat has since toned down its description of the app in the iTunes store—the description now clarifies that Snaps disappear “unless [the recipients of the Snaps] take a screenshot”—and the company is also taking steps to beef up security and convince users that it’s worthy of their trust.

2. Improve on a feature that has already proven popular with social media users.

Snapchat’s reputation as the first “disappearing message” app may have been responsible for marshalling its young audience, but the social media company’s innovative online video features are likely the reason that audience has stuck around.

As a medium that allows people to easily “satisfy their information and entertainment needs,” online video is one of social media users’ favorite features, industry experts agree. But the video functionality of many social media platforms has left a lot to be desired, according to some social media enthusiasts. Until now.

In his own video explaining Snapchat’s popularity, YouTube personality Casey Neistat explains what online video fans have always wanted most from social media platforms: “It’s never been about just sharing a moving image,” Neistat explains. “It’s about giving people an easy way to tell a story.”

With the introduction of Snapchat Stories, a feature that allows users to stitch several photos and quick videos together throughout their day to create a narrative, Snapchat “became the first company to figure out video on mobile,” according to Neistat.

Snapchat Stories also have an authentic, unedited quality that the platform’s young users really appreciate. “You can’t, like, lie,” one of the Snapchat fans in Neistat’s video explains, “It’s in the moment.”

“Snapchat is about now, not about photos with pretty filters or perfectly edited videos,” Neistat said. “It’s about sharing stories of your life with people who are interested.”

3. Create compelling content by leveraging human resources.

Recognizing that even the most sophisticated algorithms have limitations, many tech companies are starting to rely on human curators for their content, writes Time tech reporter Victor Lukerson, and Snapchat is no exception. Snapchat Live Stories, a feature Lukerson describes as the app’s “most addictive feature,” uses teams of actual people to choose from among as many as 20,000 user content submissions for each story. The curators create montages with narrative arcs by stitching together the best of the users’ photos and short video submissions.

Based on the numbers—Live Stories reportedly attract 20 million viewers in a 24-hour window—Snapchat’s use of human curators is clearly paying off.

 4. Give brands a unique and attractive way to advertise.

With privacy concerns at an all-time high, social media users may become less inclined to patronize sites that use personal data to serve targeted ads, predicts Forbes contributor Jayson DeMers.

That works for Snapchat. In contrast to most of the top social media platforms, Snapchat “has very little information about its users,” Time’s Lukerson reports. And Evan Spiegel, Snapchat’s CEO, has said that he doesn’t want to populate his platform with “creepy” hyper-targeted ads.

Snapchat’s abstention from user-info aggregation may or may not prove important to its youthful user base; the nearly 100 million daily users who continue to log in despite reports about the holes in the platform’s “disappearing messages” claim apparently don’t place as much of a premium on privacy as everyone originally thought.

The important part is that Snapchat has hit on another—potentially more lucrative—way to monetize its business. According to Lukerson, the company “is pitching advertisers the same way TV executives do: by touting the massive audience that can view a single piece of media at the same time.”

Advertisers love content that’s live, and Snapchat’s Live Stories are exactly that. Snapchat’s presentation of its live content in a linear feed makes it very much like live event feeds on television, a medium that Snapchat’s coveted demographic is slowly but surely abandoning.

Advertising on the platform is still risky. After just three seconds, 60% to 70% of Snapchat’s users stopped watching ads on the app. For that reason, some industry observers assert that Snapchat advertising is still probably best left to big brands with big advertising budgets.

And a big budget they’ll need. Snapchat has been tight-lipped about exactly what it’s charging, but, according to sources familiar with the business, the platform is selling $400,000 worth of ad space for a story generating 20 million views.



Now Available: The October Issue of Our Socially Aware Newsletter

Posted in Bankruptcy, Compliance, Discovery, Employment Law, FTC, IP, Labor Law, Litigation, M&A, Marketing, Mobile, Online Endorsements, Online Promotions, Online Reviews, Securities Law, Terms of Use

10-14-2015 3-48-13 PMThe latest issue of our Socially Aware newsletter is now available here.

In this issue of Socially Aware, our Burton Award-winning guide to the law and business of social media, we highlight five key social media law issues to address with your corporate clients; we discuss when social media posts are discoverable in litigation; we identify six important considerations in drafting legal terms for mobile apps; we take a look at the clash between bankruptcy law and privacy law in RadioShack’s Chapter 11 proceedings; we examine a recent federal district court decision finding “browsewrap” terms of use to be of benefit to a website operator even if not a binding contract; we outline best practices for employers’ use of social media to screen and interact with employees and conduct workplace investigations; we explore a Washington state court’s refusal to unmask an anonymous online reviewer; and we discuss Facebook’s recent update of its “Notes” feature.

All this—plus an infographic illustrating the growing popularity of video on social media.

Read our newsletter.


California Passes Four Bills Protecting Privacy Rights

Posted in Data Security, Privacy

California State on vector technology pattern BackgroundLast week was a big one for California’s privacy regime.

In a landmark move, Governor Jerry Brown signed into law four bills further protecting Californians’ privacy rights: Three strengthen the state’s data breach notification statute and impose restrictions on operators of automated license plate recognition systems (ALPRs), and one requires law enforcement to obtain a warrant for the collection of digital records and location.

A.B. 964, S.B. 570 and S.B. 34

California passed the nation’s first data breach notification law in 2003, and it has since incrementally increased the scope of personal data subject to the law and heightened obligations in the event of a breach.

Continuing this trend, on October 6, 2015, Governor Brown signed into law three amendments.

The first, A.B. 964, adds to the law a definition for the term “encrypted.” According to Assemblyman Ed Chau, the addition is meant to encourage businesses to adopt encryption standards.

The second amendment, S.B. 570, specifies the form and content of the notices that must be sent to consumers in the event of a breach. Notices must, for example, be titled “Notice of Data Breach” and present information under prescribed headings, such as “What Happened,” “What We Are Doing,” and “What You Can Do.”

The last bill in the trifecta, S.B. 34, includes information collected from ALPRs, when used in combination with an individual’s name, within the scope of personal information that falls under the breach notification law. That bill also requires ALPR operators to have reasonable security procedures and practices, as well as a privacy policy. S.B. 34 provides for a private cause of action for individuals harmed by violations.

S.B. 178

Just two days later, on October 8, 2015, Governor Brown signed CalECPA, which bars a state law enforcement agency or other investigative entity from compelling a business to turn over any metadata or digital communications—including emails, texts, or documents stored in the cloud—without a warrant.

The law also requires a warrant to track the location of electronic devices like mobile phones, or to search them.

Though a handful of states have warrant protection for digital content or for GPS location tracking, California is the first to enact a comprehensive law protecting location data, content, metadata, and device searches.

Status Updates: People-rating app proves unpopular; new tech automates compelling-photo selection; Twitter 101 for the political class

Posted in Cyberbullying, Marketing, Online Reviews, Status Updates

Bad reviews. On September 30th, the soon-to-be-launched app Peeple was described by the app’s co-founder, Julia Cordray, as a “Yelp for people,” that is, a people-rating platform that would allow users to assign number ratings to anyone—anyone at all, fellow Peeple user or not—as long as the critic was 21, had an established Facebook account, used his real name, and could provide his subject’s cell phone number. The Washington Post reported that “you can’t opt out—once someone puts your name in the Peeple system, it’s there unless you violate the site’s terms of service. And you can’t delete bad or biased reviews—that would defeat the whole purpose.” But by October 4th Cordray had changed her tune entirely, describing Peeple as a “positive only app” that will not allow a review to appear until it has been explicitly approved by the subject of the review. An outraged public can take credit for Cordray’s about-face. In the comments section of the Washington Post piece in which Cordray described Peeple’s original iteration, many readers expressed fear and disgust at the prospect of a site that would doubtless facilitate cyberbullying and, for some, encourage crippling self-consciousness. In other words, the very online lynch mob whose power Cordray hoped to profit from wound up turning on her. The irony of that did not go unnoticed. Cordray’s new version of Peeple, which she promises will be part of a “positive revolution” designed to fight back against the kind of online negativity she faced after the Washington Post piece was published, is expected to launch before the end of the year.

Picture perfect. Any social media marketing plan necessarily includes these two goals: Identify your target audience, and attract and engage that audience with compelling content. We’ve written about how neural networks are facilitating marketers’ use of photographs to help find target audiences by automatically identifying the products being used and the activities being undertaken by the subjects of photos posted to social media. Now, companies like EyeEm Mobile GmbH and Neon Labs Inc. are rolling out software to help marketers choose photographs that will engage those audiences with attractive content. The technology that these companies have developed automatically identifies images with qualities that potential customers are likely to find compelling. The software, according to the Wall Street Journal, identifies “patterns common to images selected by professional photographers” or “characteristics shown to trigger brain activity in neuroscience experiments.” The human eye has proven to be more attracted to photographs in which the subject appears to be speaking in mid-sentence, for example, or in which the subject appears to be attracted to something happening offscreen. Since EyeEm debuted two months ago, the startup’s customers have enjoyed a 30% increase in interaction with their online content. The software works for online video posts, too, helping companies to select the most compelling frames for posting. Neon Labs reports that its partners and customers “made 16% to 40% more revenue on their videos due to increased clicks.”

The powers that tweet. Twitter has a handbook explaining its platform to people running for elected office and it runs just under 140 characters pages. That’s right, the social media company notorious for its draconian limit on post lengths took 136 pages to “make sure that people feel empowered with the full story of what Twitter is,” according to NPR’s interview with Bridget Coyne, one of the people responsible for the manual’s compilation. Coyne told NPR that the creators of the “wildly popular” guide went into painstaking detail explaining how the platform works because they “didn’t want to make assumptions.” Still, it’s difficult to comprehend how the manual’s target audience—whom Coyne says includes congresspersons, chiefs of staff and Congressional interns—aren’t likely to be insulted by a manual that dedicates whole pages to topics such as, for example, “The Anatomy of a Tweet,” complete with numbered illustrations pointing out which part of a Twitter post constitutes the “profile photo” and which part is defined as the “tweet text.” Nevertheless, Coyne insists that Twitter continues to get positive feedback about the manual, and says she hopes to eventually publish a second version of it explaining new Twitter features like Periscope. Does all this mean an end to political scandals due to Twitter misuse? Count us skeptical.

ECJ Safe Harbor Opinion Has Implications for All Data Transfers Out of Europe

Posted in Privacy

Yesterday the European Court of Justice (ECJ) followed the core of the Opinion of the Advocate General (AG) in Schrems v. Data Protection Commissioner (Case No. C-362/14).

In sum, the ECJ held that:

1. Member State Data Protection Authorities (DPA) must be allowed to:

  • examine complaints from individuals regarding the treatment of their personal information by other countries;
  • bring cases to court to question the validity of adequacy decisions; and
  • suspend the transfer of personal information to other countries when they believe it is appropriate.

2. The Safe Harbor Decision is invalid because:

  • US companies may provide information to the US government to protect national security, public interest or law enforcement requirements;
  • The US does not provide European individuals with the ability to obtain judicial redress in the US; and
  • The European Commission overstepped its authority by limiting the bases on which DPAs could suspend transfers to the US.


Lock and globe on white background. Isolated 3D imageThis decision opens the door for every DPA to evaluate whether other countries outside the EU provide adequate protection for personal information. The Standard Contractual Clauses (SCCs) specifically give the DPAs the authority to prohibit or suspend transfers to other countries when the DPA determines that the laws of the other country are insufficient to protect privacy. Similarly, the adequacy decisions for Switzerland, and Canada and Argentina all provide authority for the DPAs to suspend transfers to these countries. Thus, the ultimate effect of the ECJ decision is to remove certainty and disrupt harmonization across the European Union and allow each DPA to decide for itself what cross-border transfers are permissible.

Moreover, because the invalidation of the Safe Harbor Decision was based, at its core, on a finding that the U.S. does not provide adequate protection for personal information, that same logic can be applied to every other adequacy mechanism such as Binding Corporate Rules (BCRs) and the SCCs. Thus, a second result of the decision is that none of the existing adequacy mechanisms is a safe bet at the moment because the DPAs now have authority to independently determine if the recipient country, such as India, Brazil, China or the U.S., provides appropriate security (independent of the adequacy mechanism).

This decision demands a political solution that addresses the following points:

• The EU and the U.S. must agree on what protections will be sufficient to protect personal information. It is worth noting that on September 8, 2015, the EC and the U.S. agreed on privacy safeguards to govern the exchange of personal information in the context of cooperation between law enforcement agencies. If the safeguards that the U.S. and the EC are willing to implement are adequate in the context of direct sharing of personal information between law enforcement authorities, surely those safeguards should also be adequate when U.S. companies transfer data to law enforcement. By not agreeing to these safeguards at the appropriate governmental level, companies are forced to either violate the European data protection rules and share the personal information as lawfully ordered by U.S. authorities, or they can refuse to share the information and be at risk of penalties for not responding to a lawful request from the U.S. government. This type of catch 22 situation will not be solved under the draft Data Protection Regulation. The issue will only be exacerbated as violations of the European privacy rules will carry the risk of a fine of 2% of a company’s global revenues.

• A consensus must be reached within Europe regarding whether harmonization is a priority and how important having a single market for the sharing of data will be.

Practical Implications for Companies

Companies have only a series of bad choices before them:

• They can take steps to immediately substitute another adequacy mechanism for the Safe Harbor such as BCRs or SCCs. This, however, will leave them entirely vulnerable to any DPA taking the position that the recipient country does not provide adequate protection and thus suspending or prohibiting the transfer based on those other mechanisms.

• Companies could state that they will not allow any government access to personal information received from Europe and then potentially place themselves at risk of ignoring a valid government request such as a subpoena or court order.

• Companies could elect to seek consent from all individuals whose information is collected in Europe, which in many circumstances is expensive, difficult and impractical (and is often a problem for employee data).

In a press conference today, the European Commission stated that it perceives the ECJ’s ruling as confirming the Commission’s approach to the renegotiation of the Safe Harbor and that, in the meantime, transatlantic data flows can continue using other mechanisms available or exceptions provided for under EU law (e.g., performance of a contract, public interest, consent). The Commission intends to work closely with national DPAs and will issue “clear guidance” on how to deal with data transfer requests to the US in light of the ruling, to avoid a patchwork of contradictory decisions. While reiterating the importance of protecting personal data, the Commission set as a priority to ensure that data flows can continue, as they are the “backbone” of the EU economy.

Just as with the whistleblowing hotlines a few years ago, the ECJ opinion has brought into clear view the conflict of laws between Europe and the U.S.. Companies may spend a tremendous amount of time and money in the next few weeks seeking an alternative that just does not exist.

Waiting to see how this settles in the next few weeks may be the wisest course of action.




Three Steps to Help Ensure the Enforceability of Your Website’s Terms of Use

Posted in E-Commerce, Terms of Use

Operators of social media platforms and other websites typically manage their risks by imposing terms of use or terms of service for the sites. As we previously wrote, websites must implement such terms properly to ensure that they are enforceable. Specifically, users must be required to manifest acceptance of the terms in a manner that results in an enforceable contract. But what specifically constitutes such acceptance, and what steps should website operators take to memorialize and maintain the resulting contract? This article attempts to answer these practical questions.

Use Boxes or Buttons to Require Affirmative Acceptance

Website operators should avoid the cardinal sin in online contract formation: burying terms of use in a link at the bottom of a website and attempting to bind users to those terms based merely on their use of the website. Outside of some specific (and, for our purposes, not particularly relevant) circumstances, such approaches, often confusingly referred to as “browsewrap” agreements, will not result in a valid contract because there is no objective manifestation of assent. (Note, though, that even so-called browsewrap terms may be helpful in some circumstances, as we described in this post.)

Moreover, even website terms presented through a “conspicuous” link may not be enforceable if users are not required to affirmatively accept them. For example, in Nguyen v. Barnes & Noble, Inc., Barnes & Noble did include a relatively clear link to its website terms on its checkout page, but nothing required users to affirmatively indicate that they accepted the terms. The Ninth Circuit held, therefore, that Barnes & Noble could not enforce the arbitration provision contained in the terms. While the specific outcome in Barnes & Noble arguably is part of a Ninth Circuit trend of declining to enforce arbitration clauses on the grounds that no contract had been formed, nothing in the opinion limits the Ninth Circuit’s holding to arbitration provisions. The case is an important cautionary tale for all website operators.

To avoid the Barnes & Noble outcome, website operators should implement two key features when users first attempt to complete an interaction with the site, such as making a purchase, registering an account, or posting content: (1) present website terms conspicuously, and (2) require users to click a checkbox or an “I accept” button accompanying the terms. The gold-standard implementation is to display the full text of the website terms above or below that checkbox or button. If they fit on a single page, that is helpful, but an easy-to-use scroll box can work as well. Website operators taking the scroll box approach may consider requiring users to actually scroll through the terms before accepting them.

Many website operators, however, choose not to present the terms themselves on the page where a user is required to indicate acceptance. Instead, they present a link to the terms alongside a checkbox or button. Courts have ratified this type of implementation as long as it is abundantly clear that the link contains the website terms and that checking a box or clicking a button indicates acceptance of those terms. This was essentially the implementation at issue in a 2012 case from the Southern District of New York, Fteja v. Facebook, Inc. Specifically, signing up for Facebook required users to click a button labeled “Sign Up,” and immediately below that button was the text, “By clicking Sign Up, you are indicating that you have read and agree to the Terms of Service.” The phrase “Terms of Service” was underlined and operated as a link to the terms. The court reasoned that whether the plaintiff read the terms of service was irrelevant because, for the plaintiff and others “to whom the internet is an indispensable part of daily life,” clicking on such a link “is the twenty-first century equivalent” of turning over a cruise ticket to read the terms printed on the back. As sure as vacationers know they can read the small print on their cruise tickets to find the terms they accept by embarking on the cruise, the plaintiff knew where he could read the terms of use he accepted by using Facebook. The parties formed an enforceable contract once the plaintiff clicked the “Sign Up” button.

This reasoning, however, does not necessarily mean that an implementation like the one at issue in Fteja will always will result in an enforceable contract. Because it relied on the plaintiff’s admitted proficiency in using computers and the Internet, the court likened the “Terms of Service” link to the backside of a cruise ticket. This leaves room to argue for a different outcome when a website operator should expect that novice computer users will be among its visitors. The simple way to avoid that (perhaps far-fetched) argument is to expressly identify the hyperlink as a means to read the contract terms. That approach succeeded in Snap-On Business Solutions v. O’Neil & Assocs., where the website expressly instructed users, “[i]mmediately following this text is a green box with an arrow that users may click to view the entire EULA.”

These cases illustrate how important it is to expressly connect users’ affirmative actions to the terms of use. In particular, the checkbox or button and accompanying text should clearly indicate that the user’s click signifies acceptance of the website terms. The terms should be presented in a clear, readable typeface and be printable, and the “call to action” text should be unambiguous—not susceptible to interpretation as anything other than acceptance of the website terms.

Here are some examples:

  • “By checking this box ¨, I agree to the ‘Terms of Use’ presented above on this page.”
  • “By clicking ‘I Accept’ immediately below, I agree to the ‘Terms of Service’ presented in the scroll box above.”
  • “Check this box ¨ to indicate that you accept the Terms of Use (click this link to read the Terms of Use).” (In this example, the website terms would be presented through a link, as in the Fteja case. The added instruction, “click this link to read the Terms of Use,” avoids any potential argument that a Fteja-type implementation only works where users can be assumed not to be novice computer users.)

Ensure You Can Prove Affirmative Acceptance

Even website operators that properly implement website terms often neglect another important task: making sure they can prove that a particular user accepted the terms. One common approach—to present declarations from employees—is illustrated in Moretti v. Hertz Corp., a 2014 case from the Northern District of California. The employees in that case affirmed via declarations that (1) a user could not have used the website without accepting the website terms, and (2) the terms included the relevant provision when the use took place.

The approach in Moretti, however, has a potential weakness: it depends on declarants’ credibility and their personal memory of when the terms of service included certain provisions. Website operators can address that vulnerability by emailing a confirmation to users after they accept the website terms and then archiving copies of those messages. To limit the volume of email users receive, this confirmation could be included with other communications, such as messages confirming an order or registration. This approach has two benefits. First, the confirmation email provides further notice to the user of the website terms. Second, instead of (or in addition to) invoking employees’ memory of historical facts to establish which terms were in effect at the relevant time, employees can simply authenticate copies of the messages based on their knowledge of the messaging system.

Provide Notice of Any Changes

Some of the most difficult implementation issues arise when a website operator wishes to modify its terms. Website terms often purport to allow the operator to change the terms whenever it wishes, but unilateral modifications may not be enforceable if they’re not implemented properly because—like any other contract amendment—modification of website terms requires the agreement of both parties. Ideally, website operators should require users to expressly accept any changes or updates through a mechanism like the one used to obtain their acceptance of the website terms in the first place.

Many website operators, however, are understandably reluctant to add friction to the user experience by repeating such legal formalities every time they modify their terms. In those cases, operators should consider providing users with clear advance notice of modifications. Such notice could specify when the changes will go into effect and state that continued use after that date will constitute acceptance of the changes. For example, in Rodriguez v. Instagram, Instagram announced a month in advance that it planned to modify its terms, and the plaintiff continued to use the site after the effective date of the change. On those facts, the trial court found that the plaintiff agreed to the modified terms by continuing to use the service. While Instagram and other cases have indicated that unilateral changes require, at the very least, advance notice, other courts may be less willing to enforce unilateral modifications without express acceptance by the user, especially where the factual issue of notice is contested. Obtaining express acceptance remains the safest approach.

Following the above guidelines will increase the likelihood that courts will view website terms—and the important risk mitigation provisions they contain, such as disclaimers, limitations of liability and dispute resolution provisions—as enforceable contracts.

How UK Brands That Use Vlogger Endorsements & Social Media for Marketing Can Stay on the Right Side of the Law

Posted in Compliance, Marketing, Online Promotions, Online Reviews

JD_iStock_000019152244_LargeVloggers have become the reality stars of our times. For an increasing number of social media users, what was once a hobby is now a lucrative career. You may be surprised to learn that Felix Kjellberg (aka “PewDiePie”), a 25-year-old Swedish comedian and the world’s most popular YouTube star, is reported to have earned $8.5 million in 2014.

The UK has its own vlogger superstars in the form of Zoella and Alfie Deyes. Together, this power couple of social media has amassed 12 million YouTube subscribers, 6.8 million Instagram followers and almost 6 million Twitter followers. Zoe Suggs (aka “Zoella”), 25, started vlogging in 2009 and has since become a brand in fashion and beauty marketing, publishing a novel and creating a line of products. Alfie, 21, started his Pointless vlog when he was 15 and has since published a series of books. It was even announced earlier this year that tourists will soon be able to see waxworks of Zoella and Alfie at London’s Madame Tussauds. But Zoella and Alfie are not alone; there is now a whole generation of vloggers rivalling film and sports stars in the popularity ranks. Indeed, we now even have a host of social media talent agencies formed to help propel vloggers to superstardom.

Vloggers are particularly popular with young people who enjoy the more intimate connection they can have with these approachable idols. Therefore, brands who want to target a young demographic are increasingly keen to work with vloggers. This collaboration typically involves brands paying vloggers to feature in “advertorial vlogs,” i.e., videos created in the usual style of the vlogger, but with the content controlled by the brand.

Now, of course, there is nothing inherently wrong with there being a commercial relationship between a brand and a vlogger from a legal perspective. However, particularly where you have the influence of celebrity, plus an impressionable audience, vloggers and brands need to be very careful that they don’t fall foul of consumer protection rules that are in place to protect consumers from unfair advertising practices. In August 2015, the UK advertising regulator issued new guidance to help vloggers and brands be responsible and stay on the right side of the law. In this blog post, we will identify the key issues raised by the guidance. We will also provide an overview of some of the other key legal issues that brands need to be aware of when using social media for marketing and advertising in the UK.


The Consumer Protection from Unfair Trading Regulations 2008 (“CPRs”) prohibit certain unfair commercial practices. These include using editorial content in the media to promote a product where a trader has paid for the promotion without making that clear (advertorial).

The Committee of Advertising Practice Code (the “CAP Code”) acts as the rule book for non-broadcast advertisements in the UK and requires that advertising must be legal, decent, honest and truthful. The CAP Code was extended to cover social media in 2011. The Cap Code is enforced by the Advertising Standards Authority (“ASA”), the UK regulator responsible for advertising content in the UK. The ASA has the power to remove or have amended any ads that breach the CAP Code.

Rule 2.1 of the CAP Code states that marketing communications must be obviously identifiable as such. Rule 2.4 states that marketers and publishers must make clear that advertorials are marketing communications, e.g., by labelling them “advertisement feature.” These rules apply to marketing communications on vlogs in the same way as they would to marketing communications that appear on blogs or other online sites. But as the CAP Executive noted last year, a number of marketers have “fallen foul of the ASA by blurring the line, intentionally or not, between independent editorial content written about a product and advertising copy.”

In November 2014, the ASA’s ruling against Mondelez provided a clear example of a brand failing to comply with the CAP Code. Mondelez had engaged five celebrity vloggers to promote its Oreo cookies by participating in a race to lick cream off a cookie as quickly as possible. The channels featuring the vlogs typically contained non-promotional content, and the vlogs failed to clearly indicate the commercial relationship between Mondelez and the vloggers. The reference to “Thanks to Oreo for making this video possible” might indicate that Oreo had been involved in the process, but it did not make clear that the advertiser had paid for and had editorial control over the videos. As a result, the advertorials were banned.

In another high-profile case, in May 2015, a YouTube video providing makeup tutorials featuring the popular vlogger Ruth Crilly, who has 300,000 subscribers on YouTube, was banned by the ASA for failing to clearly identify itself as marketing material. The video appeared on the “Beauty Recommended” YouTube channel, which is operated by Procter & Gamble, with the intention of marketing its Max Factor range of products. The ASA stated that the channel page provided “no indication” that it was a Max Factor marketing tool, and emphasized that “it wasn’t clear until a viewer had selected and opened the video that text, embedded in the video, referred to Procter & Gamble….We consider that viewers should have been aware of the commercial nature of the content prior to engagement.”


In August 2015, the CAP Code Executive published guidance to help vloggers and brands better understand their obligations under the advertising rules. While the guidance is not binding, it’s a helpful statement of the rules as they apply to vlogs.

Advertorial. Where a brand collaborates with a vlogger on a video that is produced by the brand and published on the brand’s website or social media page, this is very likely to be a marketing communication—but it wouldn’t be an advertorial. However, where a vlog is made in the usual style of the vlogger, but the content of the vlog is controlled by the brand and the vlogger has been paid (not necessarily with money) for the vlog, this would be an advertorial. Because the extent of the brand involvement may not be obvious to the viewer, this needs to be made explicit upfront so that viewers are aware that the video is an ad before engaging. Labels such as “ad,” “ad feature,” “advertorial,” or similar are likely to be acceptable, whereas labels such as “sponsored by,” “supported by” and “thanks to X for making this possible” should be avoided, as these would not make it sufficiently clear that the brand had control over the content of the vlog. Viewers should be aware that they are selecting an ad to view before they watch it so that they can make an informed choice. Finding out that something is an ad after having selected it, at the end of a video or halfway through, is not sufficient.

Commercial breaks/product placement. In terms of commercial breaks or product placement within a vlog, it needs to be clear when the ad or product placement starts. This could be via onscreen text, a sign, logo or the vlogger explaining that they have been paid to talk about a particular item by the brand.

Vlogger-promotion. If the sole content of a vlog is a promotion of the vlogger’s own merchandise, this would not be considered an advertorial. Rather, it would be a marketing communication. The video title should make clear that the video is promoting the vlogger’s products, but it’s unlikely that the vlog itself will need labelling as an ad if it’s clear from the context that it’s a marketing communication.

Sponsorship. Where a brand has sponsored a vlog, but the brand has no control over the vlog, this would not be considered an ad and would not be caught by the CAP Code. However, to ensure compliance with the CPRs, the vlogger should give a nod to the sponsor in order to disclose the nature of the commercial relationship.

Free Items. Vloggers may be sent free items by a brand. Where there is no condition attached to the item by the brand and the vlogger can choose whether or not to cover the item in a vlog, this would not be an ad caught by the CAP Code. In addition, where the brand provides the vlogger with free products on the condition that they are reviewed independent of any brand input, then, as the brand retains no control over the vlog, the video would not have to be labelled as an advertorial. However, in such circumstances, the vlogger should disclose to consumers that the vlogger has an incentive to talk about the product, along with the nature of the incentive, to ensure compliance with the CPRs.

Other Social Media Marketing

Vlogging isn’t the only aspect of social media marketing that creates compliance challenges, of course. There are other issues that brands need to be aware of when advertising and marketing using social media in the UK. We have outlined some of these below. For issues specific to the UK financial services sector, please see our previous blog post: UK’s Financial Services Regulator: No Hashtags in Financial Promotions.

Native Advertising (written advertorial). A native ad is advertising that resembles editorial content. Native ads are a popular form of content marketing, but again raise concerns that consumers may not be aware that the content is advertising in breach of the CPRs and Cap Code. Guidance issued in February 2015 by IAB (the UK trade association for digital advertising) advised advertisers to provide consumers with prominently visible visual cues to enable them to understand, immediately, that they are engaging with marketing content that has been compiled by a third party in a native ad format and is not editorially independent. The guidance suggests clear brand logos and the use of different design formatting for native ads. It also advises the publisher or provider of the native ad format to use a reasonably visible label that makes clear that a commercial arrangement is in place.

Employee Endorsements. Companies are keen to encourage their employees to use social media and become advocates for the company. However, companies must be careful; if an employee chooses to discuss his or her employer’s brand favorably on social media, then this is likely to be construed as an advert under the CAP Code, even where the employee is acting independently and not at the request of his or her employer. An employee endorsement that is not transparent also runs the risk of breaching the CPRs. Therefore, employees must make clear that they are affiliated with their employer when making any company endorsements on social media. Organizations should also provide employees with clear social media policies and training to avoid any incident of inadvertent advertising.

Ads via Twitter and Celebrity Endorsements. As mentioned above, the CPRs and CAP Code require users to be aware that they are viewing an advert. In terms of Twitter, this means that promotional tweets should be accompanied by the hashtag #spon or #ad. This is particularly the case where the advert may not be immediately apparent as a promotional tweet, e.g., where it is in the form of a celebrity endorsement. As with promotions using vloggers, companies are increasingly keen to use celebrities in connection with promotions in order to increase their brand awareness within that celebrity’s group of followers.

In March 2012, an advertising campaign by Mars involved reality star Katie Price tweeting about the Eurozone crisis, and soccer player Rio Ferdinand engaging his followers in a debate about knitting. The campaign involved four teaser tweets by each celebrity to focus attention on their Twitter profile (but with no marketing content), culminating with a final tweet that was an image of the celebrity with a Snickers chocolate bar and the line “you’re not you when you’re hungry @snickersUK #hungry#spon.” While the final tweet was clearly labelled as an advert, the ASA ruled that the first four tweets only became marketing communications at the point the fifth and final tweet was sent (as the first four tweets contained no marketing references). As a result, the ASA ruled that the campaign did not breach advertising standards as the fifth tweet (and as such, the entire campaign) was clearly identifiable as an advert.

However, Nike was less successful in June 2012. Soccer players Wayne Rooney and Jack Wilshere tweeted “My resolution – to start the year as a champion, and to finish it as a champion… #makeitcount.gonike.me/makeitcount.” While the ASA agreed that the tweets were obviously marketing communications, the reference to the Nike brand was not sufficiently prominent. The tweets also lacked #spon or #ad to signify advertising. As it was not sufficiently clear to all readers that the tweets were part of a marketing campaign, the advertisement was banned.

User-Generated Content. Companies also need to be wary when using user-generated content when promoting their brand. For example, companies may be deemed to be advertising if they: (i) provide a link to a user blog that includes positive comments, (ii) re-tweet positive tweets from users, or (iii) allow users to post comments on the company website. To ensure that such content is responsible, accurate and not misleading, harmful or offensive, companies should monitor user-generated content to ensure that the content is appropriate for the likely audience and preserve documentary evidence to substantiate any claims.

Advergames. Advergames are online video games that are created in order to promote a brand, product or organization by immersing a marketing message within the game. In May 2012, the ASA published guidance that made clear that advergames will be considered advertising and are subject to the CAP Code. For further discussion on advergames, please see our previous blog post: What Are the Rules of the Advergame in the UK?


The key message for organizations who want to use social media in their marketing campaigns is to treat consumers fairly and to be upfront and transparent. But good practice isn’t just about legal compliance, it will also help maintain consumers’ respect for and trust in your brand. If your social media campaign hits the headlines, you want it to be for all of the right reasons.