Expressing concern about the spread of disinformation related to COVID-19, Federal Trade Commissioner Rohit Chopra said Congress may need “to reassess the special privileges afforded to tech platforms, especially given their vast power to curate and present content in ways that may manipulate users.” His words implicate one of our favorite topics here at Socially Aware: Section 230 of the Communications Decency Act, which generally protects websites from liability for content posted by third parties.

Florida Governor Ron DeSantis signed into law legislation requiring Florida state agencies, local governments and firms that contract with them to use the E-Verify system, an online database operated by the U.S. Department of Homeland Security that can confirm a person’s eligibility to work in the United States.

In the wake of a series of tweets insulting the family of Turkey’s President, Recep Tayyip Erdogan, the president submitted legislation to parliament that would require social media companies with more than 1 million daily users in Turkey to appoint someone responsible for, among other things, responding to the company’s alleged violations of privacy laws.

China’s recently imposed security law—which outlaws subversion, secession, terrorism and colluding with foreign forces—had many Hong Kongers “scrubbing their social media accounts.”

Pop-up brokers tried to capitalize on the scarcity of personal protective equipment—especially masks—meant to safeguard people against COVID-19 by connecting with suppliers on LinkedIn. Learn what makes that social media platform convenient for sellers and scammers interested in sourcing goods.

In a suit that Socially Aware covered last year, a federal district court in New York was able to avoid addressing whether a defamation claim against television show host Joy Reid should be dismissed based on the safe harbor in Section 230 of the Communications Decency Act. The reason: The plaintiff in the suit failed to prove actual malice, which is required to succeed on a defamation claim against a public figure. On remand, the U.S. Court of Appeals in July 2020 once again passed on the opportunity to answer the re-tweet question, holding, “[The plaintiff’s] initial complaint included Reid’s retweet of the Vargas tweet; but since [the plaintiff] later dropped that claim, we need not decide whether a retweet qualifies for Section 230 immunity. Nor are we called to decide whether Section 230 protects a social media user who copies verbatim (and without attribution) another user’s post, a question that may be complicated by issues as to malice and status as a public figure.

This opinion piece argues that, because facial recognition technology can be inaccurate and biased, and “privacy-encroaching facial recognition companies rely on social media platforms to scrape and collect user facial data,” social media platforms should add a “do-not-track” option for users’ faces.

Foreign websites that use geotargeted advertising may be subject to personal jurisdiction in the United States, even if they have no physical presence in the United States and do not specifically target their services to the United States, according to a new ruling from the Fourth Circuit Court of Appeals.

In UMG Recordings, Inc. v. Kurbanov, twelve record companies sued Tofig Kurbanov, who owns and operates the websites: flvto.biz and 2conv.com. These websites enable visitors to rip audio tracks from videos on various platforms, like YouTube, and convert the audio tracks into downloadable files.

The record companies sued Kurbanov for copyright infringement and argued that a federal district court in Virginia had specific personal jurisdiction over Kurbanov because of his contacts with Virginia and with the United States more generally. Kurbanov moved to dismiss for lack of personal jurisdiction, and the district court granted his motion. Continue Reading Stretching the Bounds of Personal Jurisdiction, 4th Circuit Finds Geotargeted Advertising May Subject Foreign Website Owner to Personal Jurisdiction in the U.S.

In a purported attempt to safeguard free speech, President Trump has issued an order “Preventing Online Censorship,” that would eliminate the protections afforded by one of our favorite topics here at Socially Aware, Section 230 of the Communications Decency Act, which generally protects online platforms from liability for content posted by third parties. President Trump issued the order after Twitter tagged some of his tweets as misleading and linked the tweets to text contradicting their substance. Democratic presidential candidate Joseph Biden is also in favor of abolishing the law, but for very different reasons. Find out what they are.

There’s more than one way to strip a law of its teeth. In what Politico describes as “the latest GOP-led plan to target Section 230” of the Communications Decency Act, Senator Josh Hawley is proposing legislation that would make websites eligible for the Section 230 protections only if they stop the sale of ads that target users based on behavioral data.

And a Circuit Court in Virginia dismissed a suit that Representative Devin Nunes, a California Republican, brought against Twitter for defamation stemming from two parody accounts—@DevinNunesMom, and @DevinCow—that posted unflattering things about Rep. Nunes during President Trump’s impeachment hearings last year. The court held that Section 230 of the Communications Decency Act insulated Twitter from liability.

After the first Supreme Court oral argument held over the phone, Justice Ruth Bader Ginsburg wrote in a majority opinion that Booking.com is entitled to a trademark, and that “adding ‘.com’ to a generic word can make the entire combination eligible for trademark protection.”Twitter’s new “request verification” option will allow run-of-the-mill users to acquire the blue checkmark next to their names that the platform formerly reserved for public figures. Read about how else Twitter plans to improve its verification system.

Tik My Day, a marketing agency that Tik Tok launched in Australia, says it can provide all the services necessary for a branded Tik Tok campaign within 24 hours.

Users of the dating app OkCupid can now add a #BlackLivesMatter badge to their profiles. The social media firm also donated $1 million in advertising to Black American civil rights organizations, and added several social-justice-related questions to their matching process. How did the app’s users answer? Read the statistics.

Eric Akira Tate spoke to TechRepublic about how businesses should think about establishing or updating corporate social media policies to account for the changing standards, especially as the U.S. is in the midst of a civil rights movement.

“Reviewing social media policies so that there are no misunderstandings about what use of social media is acceptable or not for an employer is all the more appropriate to do now,” Eric said, adding that employers should have policies in place to prevent employees from inadvertently or purposefully interfering with the employer’s desired image.

“A policy puts employees on notice of what conduct or use of social media is allowed and not allowed within the parameters of their employment and work for the employer,” he said. “It allows employers to have more consistent enforcement in the event of improper behavior.”

Eric also recommended reviewing existing social media policies to cover the increase in remote work, “Being careful about taking selfies with computer screens or work papers in the background, for example, could inadvertently reveal confidential business information.”

Read the full article.

Online service providers typically seek to mitigate risk by including arbitration clauses in their user agreements. In order for such agreements to be effective, however, they must be implemented properly. Babcock vs. Neutron Holdings, Inc., a recent Southern District of Florida case involving a plaintiff who was injured while riding one of the defendant’s Lime e-scooters, illustrates that courts will closely scrutinize the details of how an online contract is presented to users to determine whether or not it is enforceable. Continue Reading Sweating the Details: Court Analyzes User Interface to Uphold Online Arbitration Clause

Alex van der Wolk, Marijn Storm, and Ronan Tigner authored an article for the IAPP covering the Belgian Data Protection Authority’s challenge to the “tell-a-friend” function on social media websites that enables users to share content with their personal contacts.

The DPA’s decision to fine social media platform Twoo for privacy violations of its tell-a-friend feature is important “because it makes non-users’ consent necessary for a platform to send emails or other communications to non-users, which puts the platform in a near-impossible situation,” according to the authors.

“The challenge for the outcome of the DPA’s decision is that it renders most tell-a-friend systems impracticable,” the authors wrote. “One of the main purposes of a tell-a-friend system is to alert and invite people who are not on the platform. From the platform’s perspective, it will be nearly impossible to validly obtain their consent to receive communications.”

Read the full article.

In the wake of the COVID-19 pandemic, children are spending more of their lives in the digital realm, both for education and entertainment purposes—but that doesn’t mean the Federal Trade Commission (FTC) is cutting online operators slack for not complying with the Children’s Online Privacy Protection Act (COPPA). Last week, the FTC levied a $4 million penalty against HyperBeard, Inc., a popular mobile app developer, to settle allegations that HyperBeard integrated third-party ad networks into its child-directed apps in violation of COPPA.(Due to HyperBeard’s inability to pay the full amount, the $4 million penalty will be suspended upon payment of $150,000 by HyperBeard).

The complaint is notable in that the FTC did not allege that HyperBeard itself collected any personal information from children—rather, the alleged violations centered around the company enabling third parties to collect personal information from children through its service. The fine serves as a warning to online operators that they are strictly responsible for their third-party integrations, even if they themselves do not collect personal information from children. Andrew Smith, Director of the FTC’s Bureau of Consumer Protection, emphasized, “If your app or website is directed to kids, you’ve got to make sure parents are in the loop before you collect children’s personal information. This includes allowing someone else, such as an ad network, to collect persistent identifiers, like advertising IDs or cookies, in order to serve behavioral advertising.” Continue Reading It’s 10 p.m. Do You Know What Your Third-Party Integrations Are Doing?

Despite the coronavirus pandemic, the process of implementing Brexit continues. One of the key Brexit issues for the tech sector is the extent to which the UK will either align or diverge its digital regulations with the EU.

Both the UK and EU have set out their intentions for their post-Brexit relationship in matters relating to technology, digital, and telecoms issues. There are signs that both the UK and EU will seek early alignment in key tech/digital compliance areas: is this a sign of things to come?

The UK government recently published its draft working text for a comprehensive free trade agreement between the UK and the EU (the “draft text”). As we explain below, the draft text covers (1) digital trade, recognising the importance of adopting frameworks that promote consumer confidence in digital services, (2) telecoms, and (3) audiovisual services. Intriguingly, the draft text aims to maintain regulatory alignment between the UK and the EU, insofar as possible, which could be a sign of the extent to which the UK plans to align with the EU (rather than forge its own path), both in these three areas and elsewhere, once the Brexit transition period is over. Continue Reading Digital Compliance in Europe: Regulatory Alignment Post-Brexit

Is scraping data from a publicly available website trade secret misappropriation? Based on a new opinion from the Eleventh Circuit, It might be.

In Compulife Software, Inc. v. Newman, Compulife Software, a life insurance quote database service alleged that one of its competitors scraped millions of insurance quotes from its database and then sold the proprietary data themselves. Compulife brought a number of claims against its competitors, including misappropriation of trade secrets under Florida’s version of the Uniform Trade Secrets Act (FUTSA) and under the Federal Defend Trade Secrets Act (DTSA).

Following a bench trial, Magistrate Judge James Hopkins found that, while Compulife’s underlying database merits trade secret protection, the individual quotes generated through public Internet queries to the database do not. So using a bot to take those individual quotes one by one did not constitute a misappropriation of trade secrets. On appeal, however, the Eleventh Circuit disagreed, vacated, and remanded the case.

Facts of the Case

Compulife’s main product is its “Transformative Database,” which contains many different premium-rate tables that it receives from life insurance companies. While these rate tables are available to the public, Compulife often receives these tables before they are released for general use. In addition, Compulife applies a special formula to these rate tables to calculate its personalized life insurance quotes. Continue Reading Webscraping a Publicly Available Database May Constitute Trade Secret Misappropriation

As we have noted many times in prior articles, courts often refuse to enforce “browsewrap” agreements where terms are presented to users merely by including a link on a page or screen without requiring affirmative acceptance. Courts typically look more favorably on “clickwrap” agreements where users agree to be bound by, for example, checking a box or clicking an “I accept” button.

The problem is that many implementations of online contracts do not fit neatly into one category or the other. The result is that courts, seemingly unable to resist the siren song of the “-wrap” terminology, find themselves struggling to shoehorn real-life cases into the binary clickwrap/browsewrap rubric, and often resort to inventing new terminology such as the dreaded “hybridwrap.”

HealthplanCRM, LLC v. Avmed, Inc., a case out of the Western District of Pennsylvania, illustrates this phenomenon. Plaintiff Cavulus licensed certain CRM software to defendant AvMed. AvMed decided to replace Cavulus software with a different CRM product and engaged defendant NTT to assist AvMed in transitioning its data to the successor product. Cavulus alleged, among other things, that NTT misappropriated its trade secrets in the course of doing this work. Cavulus sought to compel NTT to arbitrate these claims based on an arbitration clause contained in an “End-User Agreement” that was referenced in a link on the log-in page of the Cavulus software. Continue Reading Court Discovers Rare and Elusive “Enforceable Browsewrap”