January 2013

In the latest issue of Socially Aware, our Burton Award-winning guide to the law and business of social media, we look at recent First Amendment, intellectual property, labor and privacy law developments affecting corporate users of social media and the Internet. We also recap major events from 2012 that have had a substantial impact on social media law, and we take a look at some of the big numbers racked up by social media companies over the past year.

To read the latest issue of our newsletter, click here.

For an archive of previous issues of Socially Aware, click here.

BitTorrent, the peer-to-peer (P2P) file-sharing system that enables the quick downloading of large files, has sparked another novel controversy stemming from copyright-infringement claims brought against its users. Users take advantage of the BitTorrent sharing system to anonymously access popular media such as books and movies. That anonymity is unlikely to last long for users who are alleged to have downloaded copyrighted material. Last month, Judge Sweet, a federal judge in the Southern District of New York (SDNY), held that an anonymous P2P user has no First Amendment right to quash a subpoena seeking her identity where the plaintiff had no other means to effectively identify the defendant.

In John Wiley & Sons Inc. v. Does Nos. 1-35, the plaintiff (Wiley), a publisher of books and journal articles, alleged that unidentified “John Does” used BitTorrent to illegally copy and distribute Wiley’s copyrighted works and infringe on Wiley’s trademarks. Wiley sued 35 defendants known only by their “John Doe Numbers” and Internet Protocol (IP) addresses. Seeking to identify the Does, Wiley moved for court-issued subpoenas to be served on various Internet service providers (ISPs), ordering them to supply identifying information corresponding to the Does’ IP addresses. In an attempt to maintain her anonymity and avoid liability, one of the 35 Does, then known only as John Doe No. 25 (“Doe 25”) or IP Address, moved to quash a subpoena served on her ISP, Time Warner Cable.

Wiley reflects a new wave of litigation in which copyright holders have shifted from suing host sites to focusing on individual users of P2P networks. The mere fact that copyrighted material is downloaded from a particular IP address may be insufficient to prove that the P2P network user is the infringer. An IP address typically provides only the location at which one of any number of devices may be used by any number of individuals (in fact, Doe No. 25 contended that her ex-husband, not she, downloaded the infringing works). If a motion to quash is granted, the account holder’s identity is not revealed, and the claim is effectively dead.

In considering whether to grant an anonymous account holder’s motion to quash a subpoena, courts balance the user’s First Amendment right to act anonymously with the plaintiff’s right to pursue its claims.

Anonymous users can rely on a line of precedent that extends the First Amendment’s protections to online expression. And under Rule 45 of the Federal Rules of Civil Procedure, a court must quash a subpoena if it requires disclosure of protected matter. Thus, to the extent that anonymity is protected by the First Amendment, courts will quash subpoenas designed to breach anonymity.

On the other hand, plaintiffs pursuing their claims can point to precedent holding that the First Amendment may not be used to encroach upon the intellectual property rights of others.

To balance these competing principles and determine whether certain actions trigger First Amendment protection, courts weigh the five factors set out in Sony Music Entertainment Inc. v. Does 1-40:

  • whether the plaintiff has made a concrete showing of actionable harm;
  • the specificity of the discovery request;
  • the absence of alternative means by which to obtain the subpoenaed information;
  • a central need for the data; and
  • the party’s expectation of privacy.

In Wiley, each of these five factors weighed in favor of disclosure of the defendant’s identity. Wiley pled a sufficiently specific claim of copyright infringement, and, without a subpoena, Wiley would have no other effective way to identify potential infringers of Wiley’s intellectual property rights.

At least five other courts within the SDNY have denied motions to quash in similar litigations involving defendants accused of infringing Wiley’s copyrights via BitTorrent. Going forward, so long as copyright holders can satisfy the Sony five-factor test, they will be able to rely on cases like Wiley to ferret out copyright infringers.

On December 21, 2012, the third Milan appeals court acquitted three U.S.-based Google executives who had previously been convicted for breaches of Italian data protection law after Google failed to remove an abusive video from its Google Video site. The video, which showed schoolboys bullying a child with Down syndrome, remained on the Google Video site for almost two months in spite of complaints from users. Google only removed the video in response to a police investigation, after the organization Vivi Down, which advocates for people with Down syndrome, filed a report with the Italian police. Vivi Down subsequently took Google to court, which resulted in six-month suspended prison sentences for Google’s Chief Privacy Counsel Peter Fleischer, Chief Legal Officer David Drummond and Chief Financial Officer George Reyes (now retired).

As reported in our earlier client alert on this subject, the convictions followed Milan Judge Oscar Magi’s February 2010 ruling that, although Google had no obligation to monitor user-generated content uploaded to its video site, Google controlled the data on the site and thus had obligations as a data controller under applicable data protection laws. In the first ruling in Europe to find a web operator liable for user-generated content, Judge Magi held that Google violated such laws when it failed to provide users with sufficient notice about how their personal data would be collected and processed or to obtain their consent (including for processing sensitive data revealing the child’s health condition). Further, the court determined that the Internet giant’s failure to remove the abusive video, even after receiving complaints from users, was motivated by profit because advertising revenues were generated each time the video was viewed.

Prior to the appeals hearing, Milan public prosecutor Laura Bertole Viale called for the jail sentences to be upheld, observing that “not only has the privacy of minors been violated but lessons of cruelty have been given to 5,500 visitors.” The panel of judges at the appeals court, however, overturned the Magi ruling based on Google’s argument that it had not breached any privacy or other laws. Google said that it did not offer an editorial function, and that it could not be held responsible for the content as it was not possible for Google to continuously monitor the Google Video site. Google noted that it had swiftly removed the video in response to the police investigation, and had fully cooperated with the police investigation. Further, none of the targeted Google executives was directly involved in the posting of the video.  Indeed, many observers had expected that the Google executives’ appeal would be successful, given that the practices seemingly required by Judge Magi’s ruling are not followed by most web operators. None of the Google executives, all based outside Italy, has served any jail time because each sentence had been suspended pending appeal. The full court judgment will be published soon.

Social media sites are transforming not only the daily lives of consumers, but also how companies interact with consumers. However, along with the exciting new marketing opportunities presented by social media come challenging new legal issues. In seeking to capitalize on the social media gold rush, is your company taking the time to identify and address the attendant legal risks?

Please join Socially Aware editor John Delaney as he chairs Practising Law Institute’s (PLI) “Social Media 2013: Addressing Corporate Risks.” Issues to be addressed at the conference include the following:

  • Social media: How it works, and why it is transforming the business world
  • Drafting and updating social media policies
  • User-generated content and related IP concerns
  • Ensuring protection under the CDA’s Safe Harbor
  • Minimizing risks relating to mobile apps
  • Online marketing: New opportunities, new risks
  • Privacy law considerations
  • Practical tips for handling real-world issues

Representatives from Twitter, Google, Tumblr and other companies will be speaking at the event. The conference is being held in San Francisco on February 6th and in New York City on February 27th; the February 6th event will be webcasted. For more information or to register, please visit PLI’s website here.

This article was first published by ALM Media Properties LLC in Internet Law & Strategy (January 2013).

For over a year, the National Labor Relations Board (NLRB) has been taking employers to task for intruding too far into employees’ social media activities. The NLRB’s enforcement actions have provided a well-publicized reminder that the protections of the National Labor Relations Act (NLRA) are alive and well, applying with as much force to employees’ use of social media as to picketing or other traditional forms of collective activity, and to both non-union and unionized workforces.

The NLRB’s activity in this area has important consequences for employers. While employers may seek to regulate what employees may or may not say in their social media postings, this objective may be at odds with current NLRB authority. When considering the likelihood of enforcement action, it is noteworthy that the NLRB has taken action against employers ranging from large corporations to small businesses and non-profits. This underscores that the NLRB’s enforcement priorities are not limited to any single organizational profile.

We offer below a set of frequently asked questions (“FAQs”) with answers distilling the key points that U.S. employers should understand about this new area of NLRA enforcement activity. These FAQs are accompanied by practical suggestions to help employers navigate these issues in drafting and updating their own social media policies.

To continue reading this post, click here.

On December 19, 2012, the Federal Trade Commission (“Commission”) announced long-awaited amendments to its rule implementing the Children’s Online Privacy Protection Act (“Rule”). The changes—which take effect on July 1, 2013—are significant. They alter the scope and obligations of the Rule in a number of ways. We discuss the revisions in greater detail below.

  • The Commission revised the Rule’s definition of “personal information” to include more types of data that trigger the Rule’s notice, consent, and other obligations. These include persistent identifiers when used for online behavioral advertising and other purposes not necessary to support the internal operations of the site or online service.
  • The Commission expanded the Rule’s coverage to third-party services—such as ad networks and social plug-ins—that collect personal information through a site or service that is subject to COPPA. The host site or service is strictly liable for the third party’s compliance, while the third party must comply only if it has actual knowledge that it is collecting personal information through a child-directed site or from a child.
  • The Commission streamlined the content of the parental notice and simplified the privacy policy.
  • The Commission retained the “email plus” method of obtaining parental consent. It also added new methods of obtaining consent and established a process for pre-clearance of other consent mechanisms.
  • The Commission imposed new data security pass-through requirements, as well as data retention obligations.
  • The Commission revised the Rule to permit certain sites that are “directed to children” to comply only with respect to those users who self-identify as under 13.

To continue reading this post, click here.

On top of a presidential election, protests over Instagram’s terms of use, and the invention of gloves that can translate sign language, 2012 also brought to light interesting constitutional issues involving public entities’ use of social media when a citizens’ group filed suit against the City and County of Honolulu for “violations of [the group’s] freedoms of speech” based on the Honolulu Police Department’s removal of several postings by the group from the Department’s official Facebook page.

The background behind the lawsuit is seemingly innocuous. Like the White House, the City of New York, and other governmental entities, the Honolulu Police Department (“HPD”) has an official Facebook page. The HPD uses its Facebook page to provide the citizens of Honolulu with everything from crime reports to information on public parking, and Facebook users are able to comment on its various posts. For a period of time, HPD also allowed Facebook members to post on its “wall.” (HPD no longer allows wall posts, but retains a “recommendations box” on its page where users can make comments.) Starting in the beginning of 2012, several members of the Hawaii Defense Foundation (the “Foundation”), a non-profit organization dedicated to training citizens to use handguns and informing Hawaiians of their rights regarding firearms, began posting comments, articles, and photographs on the HPD Facebook page’s wall, criticizing the HPD on issues ranging from restrictions on issuing concealed weapons permits to alleged corruption. The administrators of the HPD Facebook page took the same actions that administrators of other Facebook pages commonly take, deleting the offensive posts and blocking the posters, both of which are easily done using Facebook’s interface.

Although individuals and private companies take these actions every day on their Facebook pages, the Foundation pointed out that the HPD Facebook page was a self-proclaimed “forum open to the public” created and administered by a government entity. Facebook describes the HPD and other such bodies as “Government Organizations,” although this label is applied merely for categorization purposes and does not purport to carry any legal weight. Nonetheless, the Foundation labeled the administrators of the page as “agents” of the city of Honolulu, and argued that their actions were subject to scrutiny under the First and Fourteenth Amendments. In its complaint, the Foundation cited Rosenberger v. Rector and Visitors of the University of Virginia, a case in which a university’s fund for student activities was considered a “limited public forum” for First Amendment purposes, to demonstrate that “a forum need not be a physical place.” The Foundation also claimed that the HPD violated its Fourteenth Amendment rights by removing the posts and banning the group’s members in violation of the Foundation members’ due process rights.

Although the Foundation’s suit against the HPD is the first First Amendment suit of its kind, depending on its outcome, other private groups may soon file similar complaints against “Government Organizations” on Facebook that take a similarly aggressive approach to administering their Facebook pages. In fact, a former police officer in the small village of Island Lake, Illinois recently requested review from the Illinois Attorney General’s office when his comments on Island Lake’s Facebook page were deleted by the page’s administrators. The Illinois Attorney General issued an opinion in which it found that Island Lake’s actions did not violate the Illinois Open Meetings Act, but the opinion did not address the First Amendment issues.

The Foundation’s suit against the HPD and other complaints against administrators of Facebook pages that act as “public forums” raise policy issues that did not exist in the pre-social media era. Unlike more conventional forms of criticizing the government, such as holding up physical signs in front of city, state or federal buildings, using Facebook as a vehicle for dissent can be done from the privacy of one’s own home and allows the complaining individual to make his or her opinions instantly known to the entire Internet-equipped world. Governmental entities are not required to have Facebook pages, but often establish such pages as a simple and efficient way of conveying information to citizens. If these entities are to face constant constitutional scrutiny based on their means of administering their Facebook pages, they may be reluctant to maintain a social media presence. The White House Facebook Page endures an endless onslaught of criticism in the form of comments on its posts (although it does not allow users to post on its wall), while, on the other hand, it appears that the Island Lake Facebook page has been shut down for the most part. In light of the HPD and Island Lake complaints, one legal commentator advises public schools whose Facebook pages may be visited by disgruntled students to “consult with legal counsel before deleting comments from social media webpages to address the constitutionality of that action.” Regardless of the outcome of the HPD suit, the fact that the complaint exists in the first place reinforces the notion that social media is the new battleground for all aspects of the law, from intellectual property to criminal law, and now to the frontier of constitutionality.