In a little-noticed decision, Matter of Noel v. Maria, Support Magistrate Gregory L. Gliedman—a Staten Island, New York family court official—recently permitted a father seeking to modify his child support payments to serve process on the child’s mother by sending her a digital copy of the summons and petition through her Facebook account.

Magistrate Gliedman’s decision struck us at Socially Aware—where we follow such developments closely—as a groundbreaking move. We are unaware of any published U.S. court opinion permitting a plaintiff to serve process on a domestic, U.S.-based defendant through a Facebook account.

As we addressed in a 2012 Socially Aware blog post, in Fortunato v. Chase Bank a federal district court in Manhattan held that Chase Bank could not rely on Facebook to serve a third-party defendant.

While the same federal district court subsequently allowed the FTC to serve defendants through Facebook in FTC v. PCCare247, the service at issue in that case concerned documents other than the summons and complaint, and the defendants were two India-based entities and three India-based individuals who had already appeared through counsel and shown themselves to be on notice of the lawsuit.

Other cases authorizing service via social media have been similarly limited in scope. For example, in WhosHere v. Orun, the U.S. District Court for the Eastern District of Virginia allowed service via social media on a defendant who allegedly resided in Turkey. In Mpafe v. Mpafe, a Minnesota family court authorized the service of divorce proceedings on a defendant by “Facebook, Myspace or any other social networking site” where the defendant was believed to have left the country.

Continue Reading New York Family Court Magistrate Allows Unprecedented Service of Process via Facebook; Will Others Follow?

The Federal Trade Commission (FTC) announced this week that it sent warning letters to more than 60 national advertisers regarding the inadequacy of disclosures in their television and print ads. The letters are part of an initiative named “Operation Full Disclosure,” which the FTC implemented to review fine print disclosures and other disclosures that it believed were difficult to read or easy for consumers to overlook, yet included critical information that consumers would need to avoid being misled.

What Does it Mean for a Disclosure to be “Clear and Conspicuous”

Disclosures may be necessary to clarify a claim or to ensure that the full terms of an offer are adequately disclosed, in order to avoid a charge of deception by material omission. In FTC jurisprudence, disclosures must be “clear and conspicuous,” and while they may modify claims in the text of an ad itself, they may not contradict any such claims. The most recent pronouncement on how to make effective disclosures (this one was focused on online disclosures, but the general principles are the same) was issued in March 2013. The key is that if a disclosure is necessary to make an ad truthful and not misleading, it must be clear and conspicuous; otherwise, it is as though the disclosure was not made at all.

Continue Reading FTC Warns Advertisers to Check the Fine Print in “Operation Full Disclosure”; Shot Across the Bow Could Signal Law Enforcement Actions to Come

  • Time out. New FTC rules will generally require Internet retailers to give consumers the option of a full refund for an online purchase that the retailer failed to ship within the time period promised in the retailer’s solicitation for the purchased item. If such solicitation doesn’t specify a time period, the online seller may be required to ship the merchandise within 30 days of purchase to avoid having to secure the consumer’s consent to proceed with the delivery instead of making a refund. Internet retailers have until December 8th of this year to get into compliance.
  • Breaking news. In an effort to ensure its users’ news feeds feature more of the stories they actually want to see, Facebook is updating its news feed algorithm to push timely stories to the top. While the number of “likes” and comments a story received always affected where it showed up in users’ news feeds, the new algorithm will also take into account when a story elicited those responses. Facebook’s refreshed news feed formula will also favor stories that concern topics that are currently trending on the social media site.
  • Back to school. The NYPD’s top brass has so far taken four classes designed to teach them how to send appropriate tweets from the department’s more than 40 Twitter accounts. The goal: To get every New York City precinct, public housing patrol unit and transit commander tweeting by year’s end as effectively as Boston police did when they used Twitter successfully refute false reports and announce an arrest in connection with the 2013 Boston Marathon bombings. Until January of this year, New York’s Finest had only a single account, @NYPDnews, which was run by the department’s media relations team.

“Web scraping” or “web harvesting”—the practice of extracting large amounts of data from publicly available websites using automated “bots” or “spiders”—accounted for 18% of site visitors and 23% of all Internet traffic in 2013. Websites targeted by scrapers may incur damages resulting from, among other things, increased bandwidth usage, network crashes, the need to employ anti-spam and filtering technology, user complaints, reputational damage and costs of mitigation that may be incurred when scrapers spam users, or worse, steal their personal data.

Though sometimes difficult to combat, scraping is quite easy to perform. A simple online search will return a large number of scraping programs, both proprietary and open source, as well as D.I.Y. tutorials. Of course, scraping can be beneficial in some cases. Companies with limited resources may use scraping to access large amounts of data, spurring innovation and allowing such companies to identify and fill areas of consumer demand. For example, Mint.com reportedly used screen scraping to aggregate information from bank websites, which allowed users to track their spending and finances. Unfortunately, not all scrapers use their powers for good. In one case on which we previously reported, the operators of the website Jerk.com allegedly scraped personal information from Facebook to create profiles labeling people “Jerk” or “not a Jerk.” According to the Federal Trade Commission (FTC), over 73 million victims, including children, were falsely told they could revise their profiles by paying $30 to the website.

Website operators have asserted various claims against scrapers, including copyright claims, trespass to chattels claims and contract claims based on allegations that scrapers violated the websites’ terms of use. This article, however, focuses on another tool that website operators have used to combat scraping: the federal Computer Fraud and Abuse Act (CFAA).

Continue Reading Data for the Taking: Using the Computer Fraud and Abuse Act to Combat Web Scraping

The latest issue of our Socially Aware newsletter is now available here.

Welcome to a special privacy issue of Socially Aware, focusing on recent privacy law developments relating to social media and the Internet. In this issue, we analyze a controversial European ruling that strengthens the right to be forgotten; we examine a recent California Attorney General report regarding best practices for compliance with the updated California Online Privacy Protection Act; we summarize the FTC’s recent settlement with Snapchat and its broader implications for mobile app developers; we report on a case filed by a French consumer association accusing three major social networking sites of using confusing and unlawful online privacy policies and terms of use; and we highlight the growing popularity of anonymous social apps and the security risks that they pose.

All this–plus a collection of thought-provoking statistics about online privacy…

California Attorney General Kamala Harris released a long-awaited report entitled Making Your Privacy Practices Public (Report) on May 21, 2014. The Report recommends “best practices” for compliance with the California Online Privacy Protection Act (CalOPPA). It was originally intended to answer critical questions about exactly what website, online service, and mobile application operators (collectively, “site operators”) must do to comply with CalOPPA’s new do not track (DNT) disclosure obligations, which took effect on January 1, 2014. It does not accomplish that goal. Unfortunately, the Report leaves important questions unanswered and raises new questions.

The Report explains that “its recommendations . . . which in some places offer greater privacy protection than required by existing law, are not regulations, mandates or legal opinions.” It fails, however, to clarify what the law actually requires, and we expect that trade associations will continue to seek guidance on important compliance issues. In the meantime, site operators may wish to comply with at least some of the Report’s recommendations to the extent possible because such “recommendations” tend to harden into regulatory “expectations” over time. Continue Reading California AG Offers Best Practices for Do Not Track Disclosures; Crucial Compliance Questions Left Unanswered

The latest issue of our Socially Aware newsletter is now available here.

In this issue of Socially Aware, our Burton Award-winning guide to the law and business of social media, we analyze a groundbreaking FTC complaint alleging deceptive practices online that could turn website Terms of Use into federal law; we summarize a U.S. Supreme Court copyright case that could impact existing technologies and future technological innovation; we discuss a ruling from Europe’s highest court that will aid copyright owners in the fight against illegal streaming sites; we report on new SEC guidance on social media use by investment advisers as it relates to testimonials; we take a look at the development of the Internet of Things and the many regulatory, privacy and security issues that go along with it; and we highlight a recent class action decision that potentially impacts any company that hosts videos on its website.

All this—plus a collection of thought-provoking statistics about digital music…

Snapchat’s recent settlement with the Federal Trade Commission (FTC) generally provides a comprehensive but not groundbreaking roadmap to the FTC’s privacy and data security expectations in the mobile environment under Section 5 of the FTC Act, with two very notable exceptions:

  1. It now appears that companies are required to follow researchers’ blogs and other writings to see if there are any privacy or data security vulnerabilities, and to act on any such information promptly; and
  2. It also appears that the FTC expects companies to be aware of all third parties who have technology that can interact with an app, and to make sure that when consumers engage in any such interaction, all of the company’s privacy and data security representations remain true. If the FTC continues down this path, it will create unsustainable new burdens on app developers, many of which have very few resources to begin with. Furthermore, if this is the new standard, there is no reason it should be limited to the app environment—analytically, this would lead to a rule of general application.

THE BASIC ALLEGED MISREPRESENTATION

The Snapchat app became very popular because of its branding as an “ephemeral” mobile messaging service. Among other things, the app promised its users and prominently represented—in its privacy policy and an FAQ, among other places—that the “snaps” (e.g., messages) users sent would “disappea[r] forever” after 10 seconds (or less). However, according to the FTC’s complaint, in addition to other problems with the app’s privacy and security features, it was much too easy to capture these supposedly ephemeral messages, making the company’s claims false and misleading in violation of Section 5. And since the company’s representations were not consistent with the app’s practices, now it’s the FTC that won’t be disappearing any time soon. Continue Reading Snap Judgment: FTC Alleges Snapchat Did Not Keep Its Privacy and Security Promises, But Suggests Broad New Duty in the Process

The Federal Trade Commission’s (FTC) announcement that it had filed a complaint against Jerk, LLC and its websites like “jerk.com” (“Jerk”) looks at first glance like a run-of-the-mill FTC Section 5 enforcement action involving allegedly deceptive practices online. But hidden in the facts of Jerk’s alleged misbehavior is a potentially significant expansion of the FTC’s use of its deception authority.

According to the FTC’s complaint, Jerk allegedly led consumers to believe that the profiles on its websites were created by other users of the website. The company also allegedly sold “memberships” for $30 a month that supposedly included features that would enable consumers to alter or delete their profiles, or to dispute false information in the profiles. Jerk also charged consumers a $25 fee to email Jerk’s customer service department, according to the FTC’s complaint.

The FTC alleges that Jerk created between 73.4 million and 81.6 million unique consumer profiles primarily using information such as names and photos pulled from Facebook through application programming interfaces, or APIs. The complaint states that “[d]evelopers that use the Facebook platform must agree to Facebook’s policies,” such as obtaining users’ explicit consent to share certain Facebook data and deleting information obtained from Facebook upon a consumer’s request. Continue Reading Jerked Around? Did the FTC’s “Jerk.com” Complaint Just Turn API Terms Into Federal Law?

Cisco estimates that 25 billion devices will be connected in the Internet of Things (IoT) by 2015, and 50 billion by 2020. Analyst firm IDC makes an even bolder prediction: 212 billion connected devices by 2020. This massive increase in connectedness will drive a wave of innovation and could generate up to $19 trillion in savings over the next decade, according to Cisco’s estimates. 

In the first part of this two-part post, we examined the development of, and practical challenges facing businesses implementing, IoT solutions. In this second part, we will look at the likely legal and regulatory issues associated with the IoT, especially from an EU and U.S. perspective.

The Issues

In the new world of the IoT, the problem is, in many cases, the old problem squared. Contractually, the explosion of devices and platforms will create the need for a web of inter-dependent providers and alliances, with consequent issues such as liability, intellectual property ownership and compliance with consumer protection regulations. Continue Reading The Internet of Things Part 2: The Old Problem Squared