• Ahead of the law? In Hidalgo County, Texas, a former sheriff has been sued civilly over allegedly illegal campaign contributions. (He was also criminally convicted of money laundering.) At a civil deposition in the case, a lawyer for the plaintiff attempted to send live tweets from the deposition room. The judge ordered that the live tweets must stop — saying, “Our technology is far outpacing our ability to formulate rules.”
  • Fake book. A booking agent in the music industry is using California’s cyberbullying law as a basis for a lawsuit that he filed against a former colleague. The lawsuit claims that the former colleague defamed him by setting up a fake Twitter account in the plaintiff’s name that made him “appear to be foolish, inept and sexually perverted.” The defendant says that although the fake account exists, he had nothing to do with setting it up.
  • Principal objections. A New Jersey high school is revising its social media policy after settling a lawsuit brought by a student who was disciplined for tweeting disparaging remarks about the school’s principal. The student’s federal lawsuit claimed that the school violated her First Amendment rights when it punished her for “purely off-campus” speech.

The latest issue of our Socially Aware newsletter is now available here.

In this issue of Socially Aware, our Burton Award-winning guide to the law and business of social media, we analyze a groundbreaking FTC complaint alleging deceptive practices online that could turn website Terms of Use into federal law; we summarize a U.S. Supreme Court copyright case that could impact existing technologies and future technological innovation; we discuss a ruling from Europe’s highest court that will aid copyright owners in the fight against illegal streaming sites; we report on new SEC guidance on social media use by investment advisers as it relates to testimonials; we take a look at the development of the Internet of Things and the many regulatory, privacy and security issues that go along with it; and we highlight a recent class action decision that potentially impacts any company that hosts videos on its website.

All this—plus a collection of thought-provoking statistics about digital music…

Acknowledging the growing demand by consumers for information through social media, the Division of Investment Management set some ground rules on how investment advisers can use social media and publish advertisements featuring public commentary about them from social media sites.

Under the new rules, investment advisers may refer to commentary published in social media without violating the rule prohibiting publication of client “testimonials” if the content is independently produced and the adviser has no “material connection” with the independent social media site. While not a bright line in the sand, the distinction goes a long way to clear up this murky area of the law. Continue Reading New Regulatory Guidance on Use of Social Media by Investment Advisers

A 2013 CareerBuilder survey of hiring managers and human resource professionals reports that more than two in five companies use social networking sites to research job candidates. This interest in social networking does not end when the candidate is hired: to the contrary, companies are seeking to leverage the personal social media networks of their existing employees, as well as to inspect personal social media in workplace investigations.

As employer social media practices continue to evolve, individuals and privacy advocacy groups have grown increasingly concerned about employers intruding upon applicants’ or employees’ privacy by viewing restricted access social media accounts. A dozen states already have passed special laws restricting employer access to personal social media accounts of applicants and employees (“state social media laws”), and similar legislation is pending in at least 28 states. Federal legislation is also under discussion.

These state social media laws restrict an employer’s ability to access personal social media accounts of applicants or employees, to ask an employee to “friend” a supervisor or other employer representative and to inspect employees’ personal social media. They also have broader implications for common practices such as applicant screening and workplace investigations, as discussed below. Continue Reading Employer Access to Employee Social Media: Applicant Screening, ‘Friend’ Requests and Workplace Investigations

Please join Socially Aware editor John Delaney as he chairs Practising Law Institute’s (PLI) “Social Media 2014: Addressing Corporate Risks.” Issues to be addressed at the conference include:

  • Social media: how it works, and why it is transforming the business world
  • Drafting and updating social media policies
  • User-generated content and related IP concerns
  • Ensuring protection under the CDA’s Safe Harbor
  • Legal issues in connection with online data harvesting
  • Online marketing: new opportunities, new risks
  • Privacy law considerations
  • Practical tips for handling real-world issues

Representatives from Facebook, Pinterest, Google and other companies will be speaking at the event. The conference is being held in San Francisco on Monday, February 10th and in New York City on February 26th. The February 10th event will be webcasted. For more information or to register, please visit PLI’s website here.

The Supreme Court’s 1968 decision in Pickering v. Board of Education allows governmental employers, including law enforcement agencies, to fire or discipline employees for disrupting operations with excessive complaining, but it prohibits governmental employers from firing or disciplining an employee for speaking out on matters of public concern as a private citizen if the employee’s interest in speaking outweighs the agency’s interest in maintaining efficiency. While the line between disruptively complaining and responsibly speaking out may be clear enough in theory, however, it is often difficult to draw in practice, particularly when the employees in question work in law enforcement. The most recent case to dive into this thicket is Graziosi v. City of Greenville, from the Northern District of Mississippi.

We previously discussed the First Amendment rights of law enforcement personnel in connection with the Eleventh Circuit case Gresham v. City of Atlanta. In Gresham, the plaintiff was passed over for a promotion after making a Facebook post critical of what she saw as obstruction of justice by a fellow officer.  The court held that the plaintiff had spoken on a matter of public concern, but that her interest in speaking did not outweigh the government’s interest in promoting efficiency.  The key point was that the plaintiff had configured her Facebook post to be viewable only by her friends, which indicated that her post was not “calculated to bring an issue of public concern to the attention of persons with authority to make corrections . . . the context was more nearly one of Plaintiff’s venting her frustration with her superiors.”

The decision in Graziosi deals with the same elusive line between mere complaining on the one hand, and alerting the public to important information about the operations of government agencies on the other.  A member of the Greenville Police Department, Sergeant Graziosi, made a series of public Facebook posts criticizing the chief of police for failing to send a representative to the funeral of a fellow officer.  Graziosi posted these complaints first as her own Facebook status update, and then posted them on the campaign page of the local mayor.  The chief of police fired Graziosi for making the posts, which the chief of police contended violated several internal police department policies that forbid public criticism and excessive complaining by officers.  Graziosi filed a lawsuit alleging that her termination violated the First Amendment.

One pivotal issue in the case was whether the criticisms Graziosi posted on Facebook qualified as speaking out on a matter of public concern as a private citizen.  Graziosi argued that a decision about whether or not to send police officers to a funeral is inherently a matter of public concern because it involves the spending of public funds.  However, the court noted that if anything that involved spending funds was a matter of public concern, then “almost anything” would satisfy that requirement of the Pickering test.  Instead, the court looked to the primary motivation for speaking.  The court determined that “Graziosi’s comments to the Mayor, although on a sensitive subject, were more related to her own frustration of Chief Cannon’s decision not to send officers to the funeral and were not made to expose unlawful conduct within the Greenville Police Department.  Her posts were not intended to help the public actually evaluate the performance of the GPD.”  The court found that Graziosi was speaking out about a matter that was primarily internal to the police department, and hence, she was speaking not as a citizen, but as an employee, and not on a matter of public concern, but on a matter of personal concern.  Therefore, her comments did not pass the threshold requirement of the Pickering test.

This decision is similar to the decision in Gresham, but differs in important ways.  In both cases, the complaints that a law enforcement officer posted on Facebook were denied First Amendment protection because those complaints were more fairly described as venting frustrations than as attempts to get important information to the public.  In both cases, the court found that although the topic of the speech was of at least some concern to the public, the speaker was primarily motivated by a desire to vent frustration.  In Gresham, the court made this determination by considering the audience that the plaintiff spoke to; in Graziosi, the court made this determination by considering what the plaintiff spoke about.  However, the courts applied the determination that the speaker was motivated primarily by a desire to vent at different steps in the analysis.  In Gresham, the court found that the plaintiff’s interest in complaining was less weighty than the interest of the police department in preserving efficiency.  However, in Graziosi, the court found that the plaintiff’s primary purpose of venting personal grievances defeated her claim before the weighing stage was even reached.  Because the plaintiff’s intent was primarily to vent frustration, she was not speaking as a private citizen or speaking on a matter of public concern, and hence would not have been eligible for First Amendment protection even if her interest had outweighed the interest of the police department.

Viewed in the light of recent high profile situations involving governmental employees speaking out about matters of public concern contrary to applicable governmental policies, such as the leaks by Edward Snowden and Chelsea (formerly Bradley) Manning, clarifying the rules in this area is more important than ever.  And the fact that so much of the relevant communication now takes place in the diverse and always-changing world of social media only increases the complexity of the issues.  As a result, we can expect that the courts will continue to develop the law in this area for many years, but the outline of how the First Amendment applies to governmental employees using social media is at least beginning to take shape.

On December 11, 2013, the Federal Financial Institutions Examination Council (FFIEC) issued final guidance for financial institutions relating to their use of social media (the “Guidance”).  With its release, the FFIEC adopts its January 2013 proposed guidance in substantially the same form.  (Socially Aware’s overview of the proposed guidance is available here.)

Financial institutions should expect that the federal banking agencies, Consumer Financial Protection Bureau and National Credit Union Administration (the agencies that comprise the FFIEC) will require supervised institutions to incorporate the Guidance into their efforts to address risks associated with the use of social media and to ensure that institutional risk management programs provide effective oversight and controls related to such use.  As a result, financial institutions should consider the appropriateness of their social media risk management programs and should be cognizant of potential technical compliance traps that could result from the use of social media to interact with consumers about products governed by consumer financial protection laws, such as the Truth in Lending Act.

Changes to the Proposed Guidance

Although adopted in substantially the same form as the proposed guidance, the Guidance does attempt to address some concerns raised by commenters.  For example, the FFIEC clarifies that compliance should not be viewed as a “one-size-fits-all” process and that institutions should tailor their approach based on their size, complexity, activities and third-party relationships.  Additionally, the Guidance clarifies that stand-alone messages sent through traditional email and text channels will not be considered social media.  Nonetheless, the Guidance cautions that the term “social media” will be viewed broadly by the agencies.

While the FFIEC attempted to clarify a financial institution’s obligations with respect to service providers involved in the institution’s social media activities, the Guidance provides limited specific considerations.  For example, the Guidance directs institutions to “perform due diligence appropriate to the risks posed by the prospective service provider” based on an assessment of the third party’s policies, including the frequency with which these policies have changed and the extent of control the financial institution may have over the policies.

Another area where the FFIEC attempted to clarify its expectations is the extent to which a financial institution would be required to monitor consumer communications on Internet sites other than those maintained by the institution (“Outside Sites”).  While the preamble to the Guidance notes that “financial institutions are not expected to” monitor Outside Sites, the Guidance provides that the public nature of social media channels may lead to increased reputational risk, and that compliance considerations may arise if, for example, a consumer raises a dispute through social media.  Further, the Guidance states that institutions are still expected to make risk assessments to determine the appropriate approach to monitoring and responding to communications made on Outside Sites.  The Guidance also continues to state that, based on the risk assessments, institutions will need to consider the need to “monitor question and complaint forums on social media sites” to review and, “when appropriate,” address complaints in a timely manner.

Compliance Considerations

The cornerstone of the Guidance continues to be the expectation that a financial institution will maintain a risk management program through which it identifies, measures, monitors and controls risks related to its use of social media.  The Guidance provides that a financial institution’s risk management program should include the following components:

  • A governance structure so that social media use is directed by the institution’s board of directors or senior management.
  • Policies and procedures regarding the institution’s use of social media, compliance with applicable consumer protection laws and regulations, and methodologies to address risks from online postings, edits, replies and retention.
  • A risk management process for selecting and managing third-party relationships for social media use.
  • An employee training program incorporating the policies and procedures, and informing employees of appropriate work and non-work uses      of social media (including defined “impermissible activities”).
  • An oversight process for monitoring information posted to proprietary social media sites administered by the financial institution or contracted third party.
  • Audit and compliance functions to ensure compliance with internal policies and applicable laws, regulations and the Guidance.
  • Parameters for reporting to the institution’s board of directors or senior management to enable periodic evaluation of the effectiveness of the social media program and whether the program is achieving its stated objectives.

Moreover, the Guidance continues by focusing on identifying potential risks related to a financial institution’s use of social media, including risk of harm to consumers.  In particular, the Guidance identifies potential risks within three broad categories: (1) compliance and legal risk; (2) reputational risk; and (3) operational risk.  While the Guidance catalogs the many risks presented by the use of social media, the focus is on the risks associated with compliance with consumer protection requirements, including:

  • Fair Lending Laws:  While it focuses on an institution’s compliance with time frames for adverse action and other notices required by the federal fair lending laws and regulations, the Guidance also highlights possible compliance traps if a financial institution fails to carefully consider whether the institution’s social media use is consistent with applicable law.  For example, the Guidance highlights that, where applicable, the Fair Housing Act would require mortgage lenders who maintain a Facebook page to display the Equal Housing Opportunity Logo.
  • Truth in Lending Act/Regulation Z:  The Guidance highlights that the Regulation Z advertising requirements would apply to relevant advertisements made through social media.  Credit card issuers in particular will be familiar with Regulation Z’s disclosure requirements for advertisements that include trigger terms and reference deferred interest promotions, and should be cognizant of the application of these requirements in social media advertisements.
  • Truth in Savings Act/Regulation DD:  Like the considerations for compliance with Regulation Z, the Guidance highlights that Regulation DD also contains special advertising requirements for use of trigger terms such as “bonus”  and “APY,” and further notes that depository institutions can ensure compliance with the federal disclosure requirements by including a link to the additional information required to be provided to the consumer.  
  • Deposit Insurance and Share Insurance:  The Guidance reminds institutions that they are required to comply with the advertising requirements for deposit insurance in non-social media advertisements and displays.

The FFIEC having finalized its Guidance, financial institutions will need to carefully review their social media policies and practices in light of the Guidance.  Indeed, even companies that are not financial institutions may find the Guidance to reflect emerging best practices for minimizing risk in using social media to promote products and services.

Our global privacy + data security group’s Data Protection Masterclass Webinar series is turning the spotlight on social media marketing and policies in January.

Please join Socially Aware contributors Christine Lyon and Karin Retzer, along with Ann Bevitt in our London office for a webinar that will examine the laws and regulations in the United States and Europe relating to consumer-facing issues that arise from the use of social media in advertising and marketing. This presentation will also address the challenges that employers and employees face resulting from the use of social media in the workplace and in the recruitment process.

Topics Will Include:

  • Privacy issues for social media advertising, blogging and tweeting
  • Data sharing in relation to social plug-ins
  • Data protection requirements for social media market research
  • Targeting and analytics
  • Social media policies
  • Monitoring of social media use, including misuse of social media by employees
  • Use of social media in the application process

Date & Time:

Tuesday, January 21, 2014

4:30 p.m. – 6:00 p.m. GMT
11:30 a.m. – 1:00 p.m. EST
8:30 a.m. – 10:00 a.m. PST

Speakers:

Registration:

To register for this webinar, please click here.

For more information, please contact Kay Burgess at kburgess@mofo.com or +44 20 7920 4067.

Social media platforms have become an increasingly important means for companies to build and manage their brands and to interact with their customers, in many cases eclipsing companies’ traditional “.com” websites. Social media providers typically make their platforms available to users without charge, but companies nevertheless invest significant time and other resources to create and maintain their presences on those providers’ platforms. A company’s social media page or profile and its associated followers, friends and other connections are often considered to be valuable business assets.

But who owns these valuable assets – the company or the individual employee who manages the company’s page or profile? Social media’s inherently interactive nature has created an important role for these individual employees. Such an employee essentially acts as the “voice” of the company and his or her style and personality may be essential to the success and popularity of that company’s social media presence. As a result, the lines between “company brand” and “personal brand” may become blurred over time. And when the company and the individual part ways, that blurring can raise difficult issues, both legal and logistical, regarding the ownership and valuation of business-related social media accounts.

Such issues have arisen in a number of cases recently, several of which we discuss below. Although these cases leave open a number of questions, the message to companies who use social media is loud and clear: it is imperative to proactively establish policies and practices that address ownership and use of business-related social media accounts.

PhoneDog v. Kravitz

A recently settled California case, PhoneDog v. Kravitz, Case No. C 11-03474 (N.D. Cal.), raised a number of interesting issues around the ownership and valuation of social media accounts. The defendant, Noah Kravitz, worked for the plaintiff, PhoneDog, a mobile news and reviews website. While he was employed by PhoneDog, Kravitz used the Twitter handle “@PhoneDog_Noah” to provide product reviews, eventually accumulating 17,000 Twitter followers over a period of approximately four and a half years. Kravitz then left PhoneDog to work for one of its competitors but he maintained control of the Twitter account and changed the account handle to “@noahkravitz.” When Kravitz refused PhoneDog’s request to relinquish the Twitter account that had been previously associated with the “@PhoneDog_Noah” handle, PhoneDog filed a complaint against Kravitz asserting various claims, including trade secret misappropriation, conversion, and intentional and negligent interference with economic advantage.

Kravitz filed a motion to dismiss the complaint based on a number of arguments, including PhoneDog’s inability to establish that it had suffered damages in excess of the $75,000 jurisdictional threshold. Kravitz also disputed PhoneDog’s ownership interest in either the Twitter account or its followers, based on Twitter’s terms of service, which state that Twitter accounts belong to Twitter and not to Twitter users such as PhoneDog. Finally, Kravitz argued that Twitter followers are “human beings who have the discretion to subscribe and/or unsubscribe” to the account and are not PhoneDog’s property, and asserted that “[t]o date, the industry precedent has been that absent an agreement prohibiting any employee from doing so, after an employee leaves an employer, they are free to change their Twitter handle.”

With respect to the amount-in-controversy issue, PhoneDog asserted that Kravitz’s continued use of the “@noahkravitz” handle resulted in at least $340,000 in damages, an amount that was calculated based on the total number of followers, the time during which Kravitz had control over the account, and a purported “industry standard” value of $2.50 per Twitter follower. Kravitz argued that any value attributed to the Twitter account came from his efforts in posting tweets and the followers’ interest in him, not from the account itself. Kravitz also disputed PhoneDog’s purported industry standard value of $2.50 per Twitter follower, and contended that valuation of the account required consideration of a number of factors, including (1) the number of followers, (2) the number of tweets, (3) the content of the tweets, (4) the person publishing the tweets, and (5) the person placing the value on the account.

With respect to the ownership issue, PhoneDog claimed that it had an ownership interest in the account based on the license to use and access the account granted to it in the Twitter terms of service, and also that it also had an ownership interest in the content posted on the account. PhoneDog also pointed to a purported “intangible property interest” in the Twitter account’s list of followers, which PhoneDog compared to a business customer list. Finally, PhoneDog asserted that, regardless of any ownership interest in the account, PhoneDog was entitled to damages based on Kravitz’s interference with PhoneDog’s access to and use of the account, which (among other things) purportedly affected PhoneDog’s economic relations with its advertisers.

The court determined that the amount-in-controversy issue was intertwined with factual and legal issues raised by PhoneDog’s claims and, therefore, could not be resolved at the motion-to-dismiss stage. Accordingly, the court denied without prejudice Kravitz’s motion to dismiss for lack of subject matter jurisdiction. The court also denied Kravitz’s motion to dismiss PhoneDog’s trade secret and conversion claims, but granted Kravitz’s motion to dismiss PhoneDog’s claims of interference with prospective economic advantage.

The parties subsequently settled the dispute, so, unfortunately, we will never know how the court would have ruled on the variety of interesting issues that the case presented. Interestingly, although the terms of the settlement remain confidential, as of mid-September, Kravitz appears to have kept control of the Twitter account and its attendant followers. It is worth noting that the case might have been more straightforward—and the result more favorable to the company—had PhoneDog established clear policies regarding the ownership of business-related social media accounts.

Ardis Health, LLC et al. v. Nankivell

A New York case, Ardis Health, LLC et al. v. Nankivell, Case No. 11 Civ. 5013 (S.D.N.Y.), more clearly illustrates the fundamental point that companies should proactively establish policies and practices that address the ownership and use of business-related social media accounts.

The plaintiffs in Ardis Health were a group of closely affiliated online marketing companies that develop and market herbal and beauty products. The defendant was a former employee who had held a position at Ardis Health, LLC as a “Video and Social Media Producer.” Following her termination, the defendant refused to turn over to the plaintiffs the login information and passwords for the social media accounts that she had managed for the plaintiffs during her employment. The plaintiffs then filed a lawsuit against the defendant and sought a preliminary injunction seeking, among other things, to compel her to provide them with that access information.

Fortunately for the plaintiffs, they had required the defendant to execute an agreement at the commencement of her employment that stated in part that all work created or developed by defendant “shall be the sole and exclusive property” of one of the plaintiffs, and that required the defendant to return all confidential information to the company upon request. This employment agreement also stipulated that “actual or threatened breach . . . will cause [the plaintiff] irreparable injury and damage.” On these facts, the court noted that “[i]t is uncontested that plaintiffs own the rights to” the social media account access information that the defendant had refused to provide. Interestingly, the court held that the plaintiffs were likely to prevail on their conversion claim, effectively treating the disputed social media account access information as a form of intangible personal property. The court also determined that plaintiffs were suffering irreparable harm as a result of the defendant’s refusal to turn over that access information. Accordingly, the court granted the plaintiffs’ motion for a preliminary injunction ordering the defendant to turn over the disputed login information and passwords to the plaintiffs.

As far as we can tell from the reported decision in Ardis Health, the defendant’s employment agreement did not expressly address the ownership or use of social media accounts or any related access information. Nonetheless, even the fairly generic work product ownership and confidentiality language included in the defendant’s employment agreement, as noted above, appears to have been an important factor in the favorable outcome for the plaintiffs, which illustrates the advantages of addressing these issues contractually with employees—in advance, naturally. And as discussed below, companies can put themselves in an even stronger position by incorporating more explicit terms concerning social media into their employment agreements.

Eagle v. Morgan and Maremont v. Fredman

Former employers aren’t always the plaintiffs in cases regarding the ownership of business-related social media accounts.  In an interesting twist, two other cases – Eagle v. Morgan, Case No. 11-4303 (E.D. Pa.), and Maremont v. Fredman, Case No. 10 C 7811 (N.D. Ill.) – were brought by employees who alleged that their employers had taken over and started using social media accounts that the employees considered to be personal accounts.

Eagle began as a dispute over an ex-employee’s LinkedIn account and her related LinkedIn connections. The plaintiff, Dr. Linda Eagle, was a founder of the defendant company, Edcomm. Dr. Eagle alleged that, following her termination, Edcomm personnel changed her LinkedIn password and account profile, including by replacing her name and photograph with the name and photo of the company’s new CEO. Among the various claims filed by each party, in pretrial rulings, the court granted Dr. Eagle’s motion to dismiss Edcomm’s trade secret claim and granted Edcomm’s motion for summary judgment on Dr. Eagle’s Computer Fraud and Abuse Act (CFAA) and Lanham Act claims.

Regarding the trade secret claim, the court held that LinkedIn connections did not constitute trade secrets because they were “either generally known in the wider business community or capable of being easily derived from public information.” Regarding her CFAA claims, the court concluded that the damages Dr. Eagle claimed she had suffered – putatively arising from harm to reputation, goodwill and business opportunities – were insufficient to satisfy the “loss” element of a CFAA claim, which requires some relation to “the impairment or damage to a computer or computer system.” Finally, in rejecting the plaintiff’s claim that Edcomm violated the Lanham Act by posting the new CEO’s name and picture on the LinkedIn account previously associated with Dr. Eagle, the court found that Dr. Eagle could not demonstrate that Edcomm’s actions caused a “likelihood of confusion,” as required by the Act.

Eventually, the Eagle case proceeded to trial. The court ultimately held for Dr. Eagle on her claim of unauthorized use of name under the Pennsylvania statute that protects a person’s commercial interest in his or her name or likeness, her claim of invasion of privacy by misappropriation of identity, and her claim of misappropriation of publicity. The court also rejected Edcomm’s counterclaims for misappropriation and unfair competition. Meanwhile, the court held for the defendants on Dr. Eagle’s claims of identity theft, conversion, tortious interference with contract, civil conspiracy, and civil aiding and abetting. Although the court’s decision reveals that Edcomm did have certain policies in place regarding establishment and use of business-related social media accounts by employees, unfortunately for Edcomm, those policies do not appear to have clearly addressed ownership of those accounts or the disposition of those accounts after employees leave the company.

In any event, although Dr. Eagle did prevail on a number of her claims, the court concluded that she was unable to establish that she had suffered any damages. Dr. Eagle put forth a creative damages formula that attributed her total past revenue to business generated by her LinkedIn contacts in order to establish a per contact value, and then used that value to calculate her damages for the period of time when she was unable to access her account. But the court held that Dr. Eagle’s damages request was insufficient for a number of reasons, primarily that she was unable to establish the fact of damages with reasonable certainty. The court also denied Dr. Eagle’s request for punitive damages. Therefore, despite prevailing on a number of her claims, Dr. Eagle’s victory in the case was somewhat pyrrhic.

In Maremont, the plaintiff, Jill Maremont, was seriously injured in a car accident and had to spend several months rehabilitating away from work. While recovering, Ms. Maremont’s employer, Susan Fredman Design Group, posted and tweeted promotional messages on Ms. Maremont’s personal Facebook and Twitter accounts, where she had developed a large following as a well-known interior designer. Although Ms. Maremont asked her employer to stop posting and tweeting, the defendant continued to do so. Ms. Maremont then brought claims against Susan Fredman Design Group under the Lanham Act, the Illinois Right of Publicity Act, and the Stored Communications Act, as well as a common law right to privacy claim. The parties filed cross-motions for summary judgment, which the court denied with respect to the Lanham Act and Stored Communications Act claims, largely due to lack of evidence on whether or not Ms. Maremont suffered actual damages as a result of her employer’s actions. The court granted Susan Fredman Design Group’s motion for summary judgment with respect to Ms. Maremont’s right of publicity claim, based on the fact that the defendant did not actually impersonate Ms. Maremont when it used her accounts. The court also granted Susan Fredman Design Group’s motion for summary judgment with respect to Ms. Maremont’s right of privacy claim because the “matters discussed in Maremont’s Facebook and Twitter posts were not private and that Maremont did not try to keep any such facts private.”

Proactive Steps

Considering how vital social media accounts are to today’s companies, and given the lack of clear applicable law concerning the ownership of such accounts, companies should take proactive steps to protect these valuable business assets.

For example, companies should consider clearly addressing the ownership of company social media accounts in agreements with their employees, such as employee proprietary information and invention assignment agreements. Agreements like this should state, in part, that all social media accounts that employees register or manage as part of their job duties or using company resources – including all associated account names and handles, pages, profiles, followers and content – are the property of the company, and that all login information and passwords for such accounts are both the property and the confidential information of the company and must be returned to the company upon termination or at any other time upon the company’s request. In general, companies should not permit employees to post under their own names on company social media accounts or use their own names as account names or handles. If particular circumstances require an employee or other individual to post under his or her own name – for example, where the company has engaged a well-known industry expert or commentator to manage the account – the company might want to go a step further and include even more specific contractual provisions that address ownership rights to the account at issue.

In parallel, companies should implement and enforce social media policies that provide employees with clear guidance regarding the appropriate use of business-related social media accounts, including instructions on how to avoid blurring the lines between company and personal accounts. (Keep in mind, however, that social media policies need to be carefully drafted so as not to not run afoul of the National Labor Relations Act, state laws restricting employers’ access to employees’ personal social media accounts, or the applicable social media platforms’ terms of use.) Finally, companies should control employee access to company social media accounts and passwords, including by taking steps to prevent individual employees from changing account usernames or passwords without authorization.

Following our post on U.S. lawsuits concerning the ownership of LinkedIn and Twitter accounts, we report on a recent United Kingdom High Court ruling that considered who was entitled to operate four LinkedIn Groups, and other UK cases that have addressed related issues.

Before we describe the High Court’s ruling, it is important to provide a bit of background.  As with other social media services, opening a LinkedIn account requires an individual to enter into a contract with LinkedIn.  LinkedIn’s User Agreement prohibits account holders from transferring their accounts to another party.  Strictly speaking, then, the question is less one of, “Who owns a given LinkedIn account?” than the equally important question of who owns or controls the contacts accumulated by that account:  are those contacts the confidential information of the account holder’s employer, or are they the property of the account holder himself or herself?  And what about LinkedIn Groups, described on LinkedIn as “a place for professionals in the same industry or with similar interests to share content, find answers, post and view jobs, make business contacts, and establish themselves as industry experts”?  Does an employer have any proprietary interest in a LinkedIn Group that was set up and operated by an employee in connection with his or her employment, once that employee leaves the company?

Before third-party networks such as LinkedIn existed, the position in the UK with regard to the ownership of company contact lists and databases was relatively straightforward:  materials created during the course of employment are owned by the employer and are the employer’s confidential information.  However, in the social media context, the position is not so clear-cut.  If employees are encouraged to use LinkedIn in connection with their employment and so accumulate contacts, can the employer prevent employees from using those contacts when their employment terminates?

Although there is not, as yet, any definitive UK legal authority on the issue, two cases now give an indication of the position that the UK courts will likely take on this issue.

First, back in 2008, in the UK High Court case of Hays v Ions, Mark Ions, a former employee of recruitment company Hays, was ordered to hand over details of contacts that he had migrated from his work email address book to his personal LinkedIn account.  Hays had alleged that Ions transferred the contacts while working at Hays with a view to their subsequent use in connection with his own rival business.  Ions argued that Hays had encouraged his use of LinkedIn to connect with clients and that, once the Hays contacts accepted his own LinkedIn invite, those contacts ceased to constitute Hays’ confidential information because the information was then accessible to others on LinkedIn.  The court did not accept Ions’ argument and noted that, even if Ions had had permission to use client email addresses to connect with clients, it was unlikely that this extended to the use of such information outside his employment with Hays.

Despite ordering the disclosure of the Hays contacts and all emails and documentation relating to such contacts and any business obtained from them, the judge in that case held that Ions was not required to disclose all of his LinkedIn contacts to Hays because those contacts could include many persons who had no contact with Hays.  This suggests that the judge accepted that the entire LinkedIn account, although originally operated by Ions in the course of his employment, was not material proprietary to Hays, his employer.

We now have a second court ruling in the UK relating to the ownership of LinkedIn accounts.  In July 2013, the UK High Court considered who was entitled to operate four LinkedIn Groups that had been set up by an ex-employee when that employee left the company.  In Whitmar Publications Ltd v Gamage, Wright, Crawley and Earth Island Publishing Ltd, three employees had resigned from Whitmar to work for Earth Island, a rival publishing company that the employees had set up a few months earlier.  Whitmar alleged that the defendants had taken steps to compete against Whitmar while still employed by the company, in that they had misused Whitmar’s confidential information, infringed its database rights and breached their terms of employment.  Concerning the LinkedIn Groups at issue, Whitmar claimed that although the Groups had been managed by Ms. Wright—one of the former Whitmar employees—on behalf of Whitmar as part of her employment, the defendants had used them for the benefit of their rival business while still employed by Whitmar.  Whitmar sought an interim injunction to prevent the defendants from using, exploiting or divulging to any third party any of the information contained in these LinkedIn Groups.  Given that this was an emergency application, the court made a preliminary assessment of the evidence only.

The court agreed that Whitmar had a strong case that the defendants had been actively competing against Whitmar while still employed by it, in breach of the terms of their employment.  Further, the court rejected Wright’s claim that the LinkedIn Groups were personal to her and merely a hobby; Wright was responsible for dealing with the LinkedIn Groups as part of her employment duties at Whitmar, and the Groups operated for Whitmar’s benefit and promoted its business, as evidenced by the fact that Wright had used Whitmar’s computers to carry out her work on the LinkedIn Groups.  The judge also agreed that information contained within the LinkedIn Groups appeared to have been used as the source of the email addresses used to publicize an Earth Island launch event.

Ultimately, the court granted an order requiring the defendants to facilitate the exclusive access, management and control of the LinkedIn Groups to Whitmar, ordering the defendants not to access or do anything that would prevent Whitmar from accessing the Groups, and preventing the defendants from using, exploiting or divulging to any third party any of the information contained in the Groups.  In effect, the judge decided that Whitmar had a good chance of succeeding at full trial based on the available evidence.

Since the judgment in the first phase of the case, the parties have entered into an out-of-court settlement that, according to Whitmar’s website, means that the ex-employees will not enter into or fulfill any contract with a number of Whitmar clients or customers until December 20, 2013.  The ex-employees have also returned control of a number of Linked-In Groups to Whitmar.  Unfortunately for legal purists, but maybe happily for the parties, as a result of the settlement we won’t now get to know how the court would have ultimately ruled at full trial.

It is also worth noting that, in 2012, a UK employment tribunal case, Flexman v BG Group, raised an altogether different issue related to an employee’s use of LinkedIn: can an employee in the UK be dismissed for using LinkedIn to search for job opportunities?

In the first case of its kind, the tribunal ruled that John Flexman, an HR manager at BG Group, had been constructively dismissed following a dispute concerning his LinkedIn account.  BG Group had claimed that Flexman breached its social media policies by uploading his CV to LinkedIn and ticking the “career opportunities” box on his LinkedIn profile.  It also accused Flexman of breaching confidentiality by stating on his CV that he was assisting the company in reducing its “attrition rate.”  As a result, the company had ordered Flexman to remove any mention of BG Group from Flexman’s LinkedIn profile, other than his job titles and the dates he had worked there.  Flexman refused and demanded to know the source of the complaint.  After a dispute arose, Flexman faced an internal disciplinary hearing, with risk of dismissal, and Flexman eventually resigned and claimed constructive dismissal.  The tribunal upheld Flexman’s claim of constructive dismissal due to unacceptable delays in the company’s dealing of the case and the company’s failure to address a grievance related to the incident.  Unfortunately, the tribunal did not specifically address whether merely uploading a CV and ticking the career opportunities box was, indeed, a disciplinary matter.

As with the U.S. lawsuits we described in our earlier post on Socially Aware, these UK cases highlight the need for organizations to have clear social media policies in place in order for employees to understand what is expected of them when using business-related social media accounts.