The high-end skincare brand Sunday Riley has settled lawsuits filed by the Federal Trade Commission claiming that the brand’s founder encouraged employees of her eponymous company to set up accounts “under different identities” on the cosmetics retail site Sephora.com and leave positive reviews for Sunday Riley’s products. The FTC filed the complaints after the agency conducted an investigation that was prompted by a whistle blower’s post on REDDIT last year. Read about the settlement’s lenient terms, which two of the FTC’s five commissioners don’t believe are severe enough to deter other companies from attempting to post fraudulent reviews online.

Last month four senators—three Democrats and one Republican—introduced a bipartisan bill to require communications platforms to provide their users with a means of exporting the data that their users have accumulated on the platforms, such as friends lists. The rationale behind the legislation: making it easier for smaller platforms to compete with the likes of social media giants like Facebook and YouTube. Legislation like this is intended to benefit consumers and would require “operability standards to be revised” as interfaces evolve, writes Forbes columnist Robert Seamans. The real challenge, he argues, would be determining the types of data covered by the legislation.

Twitter announced it will extend to all of its users around the world the “Hide Replies” feature that it first tested in Canada in July and then rolled out in the United States and Japan in September. The feature allows users to “hide” any replies to their tweets. However, other Twitter users may view and respond to hidden replies by clicking a grey icon that appears on the tweets. Twitter’s blog reports that the platform’s test runs of the Hide Replies feature revealed that “27% of people who had their Tweets hidden said they would reconsider how they interact with others in the future,” and Twitter posters who hid replies “may want to take further action after [they] hide a reply, so now [Twitter will] check to see if you want to also block the replier.” This isn’t the first action that Twitter has taken to control trolls, and the platform’s blog promises that it won’t be the last.

Influencer culture has infiltrated the world of cybersecurity, with the Twitter accounts of several popular experts in that increasingly prominent field running ads for Lenovo’s “ThinkShield” line of products and services. VizSense, an influencer marker, reached out to the influencers, who included journalists, a former intelligence operative, and experts in areas like artificial intelligence, each with more than 10,000 Twitter followers apiece. Find out why the campaign sparked controversy in the cybersecurity community.

Speaking of influencers, guess what Bloomberg reports is now the number one career aspiration of the “overwhelming majority” of young Americans? Sigh.

The Federal Trade Commission is trying yet another approach to convey the message that the relationship between a social media “influencer” and the brand he or she is endorsing must be disclosed. This new guidance from FTC staff takes the form of a brochure (with accompanying video) aimed directly at influencers. It bluntly states that influencers “must comply with the law” when working with brands to recommend or endorse products and provides “tips on when and how to make good disclosures.”

The brochure is a distillation of the FTC’s Guides Concerning the Use of Endorsements and Testimonials in Advertising (the “Endorsement Guides”), as well as subsequent FAQs, guidance, and related materials. Arising out of the prohibition under Section 5 of the FTC Act on unfair and deceptive acts or practices, the Endorsement Guides require advertisers and endorsers (i.e., influencers) to, among other things, clearly and conspicuously disclose when the advertiser has provided an endorser with any type of compensation in exchange for an endorsement. This type of arrangement is what the Endorsement Guides describe as a “material connection,” meaning “a connection between the endorser and the seller of the advertised product that might materially affect the weight or credibility of the endorsement (i.e., the connection is not reasonably expected by the audience).” The new brochure delivers this message as follows: “Telling your followers about these kinds of relationships [i.e., material connections] is important because it helps keep your recommendations honest and truthful, and it allows people to weigh the value of your endorsements.” Continue Reading Influencing the Influencers: FTC Staff Release “Disclosures 101” Guidance for Online Endorsers

A recent decision from a federal court in New York highlights the limits social media users enjoy under Section 230 of the Communications Decency Act (CDA). The case involves Joy Reid, the popular host of MSNBC’s AM Joy who has more than two million Twitter and Instagram followers, and the interaction between a young Hispanic boy and a “Make America Great Again” (MAGA)–hat wearing woman named Roslyn La Liberte at a Simi Valley, California, City Council meeting.

The case centers on a single re-tweet by Reid and two of her Instagram posts.

Here is Reid’s re-tweet.

It says: “You are going to be the first deported” “dirty Mexican” Were some of the things they yelled at this 14 year old boy. He was defending immigrants at a rally and was shouted down.   

Spread this far and wide this woman needs to be put on blast.

 
 

Here is Reid’s first Instagram post from the same day.

 

It says: joyannreid He showed up to a rally to defend immigrants. … She showed up too, in her MAGA hat, and screamed, “You are going to be the first deported” … “dirty Mexican!” He is 14 years old. She is an adult. Make the picture black and white and it could be the 1950s and the desegregation of a school. Hate is real, y’all. It hasn’t even really gone away. Continue Reading The Joys and Dangers of Tweeting: A CDA Immunity Update

For the last twenty years, the music industry has been in a pitched battle to combat unauthorized downloading of music. Initially, the industry focused on filing lawsuits to shut down services that offered peer-to-peer or similar platforms, such as Napster, Aimster and Grokster. For a time, the industry started filing claims against individual infringers to dissuade others from engaging in similar conduct. Recently, the industry has shifted gears and has begun to focus on Internet Service Providers (ISPs), which provide Internet connectivity to their users.

The industry’s opening salvo against ISPs was launched in 2014 when BMG sued Cox Communications, an ISP with over three million subscribers. BMG’s allegations were relatively straightforward. BMG alleged that Cox’s subscribers are engaged in rampant unauthorized copying of musical works using Cox’s internet service, and Cox did not do enough to stop it. While the DMCA provides safe harbors if an ISP takes appropriate action against “repeat infringers,” BMG alleged that Cox could not avail itself of this safe harbor based on its failure to police its subscribers. Continue Reading Will the Music Industry Continue To Win Its Copyright Battle Against ISPs?

Courts continue to grapple with the enforceability of online agreements. While courts generally enforce clickwrap agreements—online agreements where users affirmatively show their acceptance after being presented with the terms, usually by clicking “I agree”—browsewrap agreements have stood on shakier enforceability grounds. Browsewrap agreements are online terms that, unlike a clickwrap agreement, do not require any affirmative indication of consent. Indeed, users can often continue using a website without ever viewing the terms of a browsewrap agreement, or possibly even knowing they exist. As the Northern District of California’s decision in Alejandro Gutierrez v. FriendFinder Networks Inc. demonstrates, browsewrap agreements are not always unenforceable, but reaching such a determination can be a highly fact-specific inquiry requiring significant discovery—including discovery of offline activities, such as phonecalls between the user and the online service provider.

AdultFriendFinder.com (AFF) is an online dating website. The website is generally free, although users can pay for particular upgrades and services. Users must register to use the site, and AFF collects users’ personal information as part of the registration process. Use of AFF is governed by the site’s Terms of Use (the Terms). Users don’t have to explicitly agree to the Terms in order to register or use AFF, but the Terms are readily available on the site, and they state that continued use of AFF constitutes acceptance. The Terms also include an arbitration provision. Continue Reading Just Browsing: District Court Finds Browsewrap Agreement Enforceable

In a move likely welcomed by publishers seeking a solution to honoring “sale” opt-outs in the interest-based advertising space, the Interactive Advertising Bureau last week released the IAB California Consumer Privacy Act Compliance Framework for Publishers and Technology Companies. The IAB is the trade association for the digital media and marketing industries, and it developed the Framework to help publishers (i.e., websites) and the online advertising supply chain comply with the CCPA—and particularly with the CCPA’s right to consumer opt-outs of “sales” of personal information.

The Framework sets up a system in which a consumer opt-out has the result that the parties in the digital advertising supply chain become limited service providers to the publisher, such that there is no longer a “sale” with respect to those consumers’ personal information. A limited service provider may still serve ads on behalf of the publisher, but those ads cannot involve any “sale” of personal information under the CCPA.

IAB is accepting public comments to the Framework until Tuesday, November 5, 2019. Comments should be emailed to privacy@iab.com. The draft Framework and draft technical specifications for the Framework can be accessed here. Continue Reading We’re Sorry, Your Service (Provider) Is Limited: The IAB CCPA Compliance Framework

One of the most recent chapters in the ongoing EU cookies saga has come in the form of a recent ruling by the Court of Justice of the European Union (CJEU) in the Planet49 case. The CJEU ruled that:

(i) implied consent is not sufficient anymore, requiring website operators to seek active consent from users which cannot be obtained by means of pre-ticked boxes; and

(ii) any obtained consent will only be sufficiently informed if an average user can understand what cookies do and how they function.

The outcome of the case – while pivotal – does not come as a surprise considering the cookie developments in the EU over the past few years.

In 2003, when the current Privacy and Electronic Communications Directive (ePrivacy Directive) came into effect, the use of cookies and similar technologies was not as advanced as it is now and did not process users’ personal information in the same way and with such complexity. Sixteen years later, cookies and similar technologies have become an indispensable part of almost every business. The amount of useful details that companies learn about their users’ interests and internet behavior through such technologies is vast and seemingly unlimited. As you would expect with such rapid technological development, the EU data protection authorities (DPAs) have caught on that the technologies are a data goldmine. Continue Reading Cookies: A Coming-of-Age Story

As regular readers of Socially Aware already know, there are many potential traps for companies that use photographs or other content without authorization from the copyright owners. For example, companies have faced copyright infringement claims based on use of photos pulled from Twitter. Claims have even arisen from the common practice of embedding tweets on blogs and websites, and we have seen a flurry of stories recently about photographers suing celebrities for posting photos of themselves.

Now there is another potential source of liability: the appearance of murals in the background of photographs used in advertisements. In at least two recent cases, automotive companies have faced claims of copyright infringement from the creators of murals painted on buildings that appear in the backgrounds of ads.

Most recently, in a federal district court in the Eastern District of Michigan, Mercedes Benz sought a declaratory judgment that its photographs, taken in Detroit (with permits from the city) and later posted on Instagram, did not infringe the copyrights of three defendants whose murals appeared in the backgrounds of those photographs. Continue Reading Insta-Mural Infringement: Public Art in Instagram Ad Leads to Copyright Claim

Singapore has enacted a law granting government ministers the power to require social media platforms to completely remove or place warnings alongside posts the authorities designate as false.

Unlike the compensation earned by child stars who perform on television, in films, or on other traditional media in California, the income generated by children who perform on social media—“kidfluencers”—still isn’t protected under California law.

The Federal Trade Commission is suing Match Group, the owner of dating sites including Match.com, Tinder, OkCupid and Plenty of Fish, for allegedly tricking hundreds of thousands of Match.com users into subscribing by disingenuously implying that their profiles were getting a lot of attention from other users.

Speaking of dating sites, OKCupid is auditing photos posted by its users and banning the ones that employ filters.

Instagram and Facebook are testing the practice of making the “likes” on a person’s posts invisible to other users. Some marketers say that eliminating engagement metrics such as “likes” will have a significant effect on the influencer marketing industry.

YouTube is modifying its popularity metrics too, citing a concern for its users’ mental health.

Also motivated by concern for their users’ wellbeing, Instagram and Facebook have adopted a new policy regarding posts promoting weight loss products and certain types of cosmetic surgery.

Based in China, the social media network TikTok is incredibly popular, having been downloaded more than 104 million times in the United States since its U.S. debut in 2017. Although the network has sparked controversy in several ways—including its parent company’s $1 billion spend on ads to achieve TikTok’s meteoric rise—the revolutionary artificial intelligence that the network employs to gather data about its users might be the biggest cause for concern, according to Hootsuite CEO Ryan Holmes.

Librarians are not happy with LinkedIn. Here’s why.

Is antagonizing your brand’s competition on social media a sound marketing strategy? It worked for Popeye’s last summer.

In a landmark ruling, the European Court of Justice—Europe’s highest court—dealt Google a clear win by placing a territorial limit on the “right to be forgotten” in the EU. The court’s holding in Google v. Commission nationale de l’informatique et des libertés (CNIL) clarifies that a search engine operator that is obligated to honor an individual’s request for erasure by “de-referencing” links to his or her personal data (i.e., removing links to web pages containing that personal data from search results) is only required, under the GDPR, to de-reference results on its EU domains (e.g., google.fr in France and google.it in Italy), and not on all of its domains globally.

However, in the same ruling, the Court also stated that the GDPR applies to Google’s data processing on all of its domains globally (by virtue of such processing comprising “a single act of processing”). Therefore, an EU Member State’s supervisory authority and courts are free to treat the ECJ’s EU-wide de-referencing requirement as a “floor” and go one step further, requiring search engines to implement the right to be forgotten on all of its domains worldwide, including those outside the EU.

Background – The Right to Be Forgotten

The right to be forgotten—codified at Article 17 of the GDPR—grants individuals the right to obtain erasure of their personal data without undue delay, where, for example, the data are no longer necessary for the purpose for which they were collected or processed. However, the right is not unlimited; exceptions apply if the processing is deemed necessary for the exercise of freedom of expression, compliance with a legal obligation, public interests such as public health, scientific or historic research, or the establishment or defense of legal claims. Continue Reading Forget Me…or Not: Europe’s High Court Limits Territorial Reach of Right to Be Forgotten, But Not of GDPR