Adlaw By Request : Advertising & Marketing Lawyer & Attorney : Reed Smith Law Firm : AdLaw By Request & KidAdLaw

This post was written by Avv. Felix Hofer, and first appeared in Volume V of the Gala Gazette.

1. Implementing both, EU Directive 2002/58/EC of July 12th, 2002 (Directive on privacy and electronic communications) as well as Directive 2000/31/EC of June 8th, 2000 (Directive on electronic commerce) the Italian legislator decided that unsolicited commercial communication must always to adopt a strictly “opt-in” approach. The choice clearly didn’t drive marketers into a state of happiness: they felt that their business was unnecessarily harassed by complex and costly burdens. Therefore they decided initially not to care too much about the requirements set by the new regulations and to continue in their proven aggressive marketing techniques.

In doing so they nevertheless had underestimated a couple of factors: on one hand, consumers’ reaction (who became more and more annoyed by SPAM and behavioural targeting and were no longer tolerant of disturbing intrusions into their sphere of personal intimacy), on the other hand, the role of a Special Authority (the Privacy or Information Commissioner - DPA) in charge – in all countries members to the EU - of supervising proper compliance with the key principles of protection of personal data (and quickly focusing on the purpose of achieving a correct balance between consumers’ privacy and electronic marketing.
 

Click here to read the full article as published in Volume V of the Gala Gazette.

• Email This
• Print
• Comments
• Trackbacks

If you haven’t already registered for the Interactive Advertising Bureau’s education webinar, entitled “What Me Worry? Legal Best Practices for Small Publishers”, THERE IS STILL TIME! The webinar, which is scheduled for this coming Friday, October 23, 2009 from 12:00 pm – 1:00 pm (Eastern US Time), is being presented by Reed Smith and sponsored by the Long Tail Alliance Program of the Interactive Advertising Bureau (IAB). The Webinar will provide an overview of the legal issues and suggested best practices in the following areas:

Advertising Compliance          Privacy              Social Media

There will be a Q&A session as time permits at the end of the session, and a .PDF copy will be available on Legal Bytes after the seminar is over.

The webinar is open not only to IAB members and Reed Smith clients, but also to anyone who is interested - on a first-come, first-served basis. So register now. You can get more information and register right here for What, Me Worry? Legal Best Practices for Small Publishers. 

About the Long Tail Alliance Program

The IAB formed the Long Tail Alliance program in summer 2008 to encourage involvement with individuals and small business who, powered by interactive advertising, have turned their interests and passions into a media revolution. The Alliance is the beginning of something the IAB envisions as a much larger portrait of American entrepreneurs who are pursuing and achieving the American dream, even as they row hard against strong economic currents. The IAB hopes to expand its Long Tail Membership in order to encourage advocacy, training, and a coming-together of smaller publishers across America as their businesses grow, all while the dynamic of technology and media continues to change.

For more information, click here: http://iamthelongtail.com/707346

About the IAB

The Interactive Advertising Bureau is comprised of more than 375 leading media and technology companies who are responsible for selling 86 percent of online advertising in the United States. On behalf of its members, the IAB is dedicated to the growth of the interactive advertising marketplace, of interactive's share of total marketing spend, and of its members' share of total marketing spend. The IAB educates marketers, agencies, media companies and the wider business community about the value of interactive advertising. Working with its member companies, the IAB evaluates and recommends standards and practices, and fields critical research on interactive advertising. Founded in 1996, the IAB is headquartered in New York City, with a Public Policy office in Washington, D.C.

About Reed Smith

Reed Smith is a global, full-service law firm with nearly 1600 lawyers in 23 offices around the world. Joseph I. (“Joe”) Rosenbaum, a partner in the New York office, chairs the firm’s global Advertising Technology & Media law practice, is the editor and publisher of Legal Bytes, is Corporate Secretary & General Counsel to the IAB, and is an ex-officio member of the IAB Board. Adam Snukal is a senior associate who works with Joe in the Advertising Technology & Media law group and is editor of Adlaw by Request, the gold standard in advertising legal publications in the industry.

Join us for this exciting and timely IAB Long Tail Alliance webinar presented by Reed Smith. We look forward to your participation.

• Email This
• Print
• Comments
• Trackbacks

This post was written by Paul Bond. 

When emergencies hit, Reed Smith's clients routinely call upon the Firm's Privacy, Security, and Management Group. We've dealt with everything from lost laptops to international hacking, database thefts by employees to pharmacy dumpster diving. On the litigation side, we have defended more than sixty (60) consumer class actions arising from privacy incidents, along with significant government relations and insurance recovery work. We are assisting a wide variety of clients with emerging challenges to what personal information they capture and utilize, both in connection with marketing as well as for day-to-day business operations.

There is no perfect privacy compliance program. However, in an article recently published by The Privacy & Data Security Law Journal, Paul Bond has presented a series of "Ten Data Security Questions Faced by Every Company." A comprehensive approach to privacy compliance will address each of these questions, and reduce the incidence and likely severity of privacy events going forward.

If you have questions about this article, feel free to contact Paul directly, the Group's head Mark Melodia, or the Reed Smith attorney with whom you regularly work.

• Email This
• Print
• Comments
• Trackbacks

Reed Smith will host the next brown bag lunch meeting of the Federal Communications Bar Association’s joint Privacy/Data Security and Legislative Committees. The meeting will be held tomorrow, October 13, 2009, between 12:00 noon – 2:00 p.m. at Reed Smith’s Washington, D.C. offices (1301 K Street, NW, Suite 1100 East Tower). The Committees will discuss the legislative priorities for the 111th Congress with special emphasis on behavioral marketing and data security legislation. The following speakers are confirmed to-date:

• Amy Levine, Legislative Counsel to Congressman Rich Boucher; and
• Paul Cancienne, Legislative Aide to Congresswoman Mary Bono Mack.

We also have invited staff from the U.S. Senate. It's not too late if you'd still like to attend -- please RSVP to Desiree Logan at dlogan@reedsmith.com.

• Email This
• Print
• Comments
• Trackbacks

On Friday, October 23, 2009, from 12 – 1 p.m. (Eastern US Time), Joseph I. (“Joe”) Rosenbaum, Partner at Reed Smith and General Counsel of the IAB, assisted by Adam Snukal, Senior Associate at Reed Smith, will be presenting an educational webinar, sponsored by the Long Tail Alliance Program of the Interactive Advertising Bureau (IAB), entitled: What Me Worry? Legal Best Practices for Small Publishers.

During the webinar, Joe and Adam will be discussing and fielding questions in each of the following areas:

Trademarks: Buying someone else’s key words? Displaying advertising? Sponsoring or hosting contests, sweepstakes, co-branded promotions? Using social media or virtual worlds? Trademarks are everywhere. When should you worry?

Compliance: What’s new at the FTC and FCC? Industry groups want self-regulation. Privacy and consumer advocacy groups want more regulation. Congress is poised to “do something.” What you need to know about marketing to children, adults, compliance with sectoral advertising regulations, from finance and health care to product safety. The new FTC guidelines for Endorsements and Testimonials, and the slow death of diet commercials.

Privacy: Behavioral targeting has everyone up in arms. What should a small publisher do if she feels her privacy policy has been violated?

Social Media: Blogs, splogs and vlogs. Virtual worlds, avatars and pseudonyms. Profiles and networks, friends and fans. Testimonials and endorsements – from celebrities to consumers, paid and unpaid. Buzz, viral and word of mouth. Defamation, libel, copyright and personalized URLs. Sound confusing? It is. But ignorance won’t insulate you from liability. Don’t want to become a regulatory target? What you should know.

Q&A: IAB and Reed Smith to answer questions from participants.

The webinar is open to IAB members, to Reed Smith clients, and to the general public on a first-come, first-served basis. Register now. You can get more information and register right here for What Me Worry? Legal Best Practices for Small Publishers. 

About the Long Tail Alliance Program

The IAB formed the Long Tail Alliance program in summer 2008 to encourage involvement with individuals and small businesses who, powered by interactive advertising, have turned their interests and passions into a media revolution. The Alliance is the beginning of something the IAB envisions as a much larger portrait of American entrepreneurs who are pursuing and achieving the American dream, even as they row hard against strong economic currents. The IAB hopes to expand its Long Tail Membership in order to encourage advocacy, training, and a coming-together of smaller publishers across America as their businesses grow, all while the dynamic of technology and media continues to change.

For more information, click here.

About the IAB

The Interactive Advertising Bureau is comprised of more than 375 leading media and technology companies that are responsible for selling 86 percent of online advertising in the United States. On behalf of its members, the IAB is dedicated to the growth of the interactive advertising marketplace, of interactive's share of total marketing spend, and of its members' share of total marketing spend. The IAB educates marketers, agencies, media companies and the wider business community about the value of interactive advertising. Working with its member companies, the IAB evaluates and recommends standards and practices, and fields critical research on interactive advertising. Founded in 1996, the IAB is headquartered in New York City, with a Public Policy office in Washington, D.C.

About Reed Smith

Reed Smith is a global, full-service law firm with nearly 1600 lawyers in 23 offices around the world. Joseph I. (“Joe”) Rosenbaum, a partner in the New York office, chairs the firm’s global Advertising Technology & Media law practice; is the editor and publisher of Legal Bytes; is Corporate Secretary & General Counsel to the IAB; and is an ex-officio member of the IAB Board. Adam Snukal is a Senior Associate who works with Joe in the Advertising Technology & Media law group and is editor of Adlaw by Request, the gold standard in advertising legal publications in the industry.

Join us for this exciting and timely IAB Long Tail Alliance webinar presented by Reed Smith. We look forward to your participation.

• Email This
• Print
• Comments
• Trackbacks

This post was written by Dan Jaffe.

The business community has won an important victory in a lawsuit challenging a Maine law that severely restricts the collection, transfer and use of “personal information” or “health-related information” from minors.  The Maine Attorney General has publicly committed not to enforce the law, which was scheduled to take effect on September 12^th.  Although the federal court stopped short of granting a preliminary injunction, it sent a clear message that any private cause of action under the new law could suffer from “constitutional infirmities.”  We are very hopeful that this will give the business community an opportunity to work with the Attorney General, the bill’s sponsor and others in the Maine Legislature to resolve the serious defects with the legislation.

On August 26^th, a lawsuit was filed in federal court in Maine by the Maine Independent Colleges Association, the Maine Press Association, NetChoice and Reed Elsevier challenging the Maine “Act to Prevent Predatory Marketing Practices Against Minors.”  The lawsuit argues that the law is unconstitutional on both First Amendment and dormant commerce clause grounds and is preempted by the federal Children’s Online Privacy Protection Act (COPPA).

After hearing arguments yesterday on the motion for a preliminary injunction against the Act, the federal court found that the Plaintiffs had “met their burden of establishing a likelihood of success on the merits of their claims that Chapter 230 is overbroad and violates the First Amendment.”  The court’s order specifically noted that the Attorney General has publicly acknowledged First Amendment concerns and has committed to not enforce the Act.  In addition, the order put potential third parties on notice that any private cause of action under the Act could suffer from “the same constitutional infirmities.”  We are very hopeful that this will discourage any such private lawsuits.  With these strong findings of the court, the parties agreed to dismiss the lawsuit without prejudice, allowing the parties to relitigate if some third party tries to enforce the law. 

ANA has provided financial support for the lawsuit and we are pleased with this result.  Also, there has been a commitment to revisit and consider carefully revising the law when the Maine Legislature reconvenes this January.

If you have any questions about the Maine lawsuit, please contact Dan Jaffe or Keith Scarborough in ANA’s Washington, DC office at (202) 296-1883.

• Email This
• Print
• Comments
• Trackbacks

The lawsuit filed in Maine to stay enforcement of a Maine privacy law targeting minors, received a hearing today in federal district court. The Maine attorney general argued that the motion for a preliminary injunction should be denied and that the case should be dismissed. MediaPost reports that Attorney General Janet Mills, having already stated that she will not enforce the law, sought dismissal of the case on the grounds that "It is well-established that a federal court has no jurisdiction over a challenge to a state statute when there is no credible risk of enforcement." Even though the plaintiffs in the case fear that the private right of action in the statute (which becomes effective Sept. 12, 2009) could bring an avalanche of lawsuits, the Maine AG contends that those lawsuits are hypothetical. She states in her papers, "Essentially, the courts do not require state officials to defend against theoretical lawsuits that might be brought by private parties against private parties." The judge in the case, the Hon. John A. Woodcock, did not rule from the bench at today’s hearing. He indicated that he would have a ruling no later than Friday (Sept. 11, 2009). Stay tuned. . . .

• Email This
• Print
• Comments
• Trackbacks

The news from the front is that progress is being made toward staying enforcement of the Maine privacy law targeting minors. The law, which contains a private right of action, has caused many to void Maine in their promotional plans for the fall and to adjust their data collection practices.

Background

The new Maine privacy law targeted at minors suffers from serious constitutional flaws. 

Under the new Maine law, which is scheduled to take effect Sept. 12, 2009, an entity may not collect, receive or use personal or health-related information from a minor for marketing purposes without first obtaining “verifiable parental consent.” To obtain such consent, the entity must undertake a “reasonable effort, taking into consideration available technology” to notify the parent and obtain parental consent. Any such notice must describe the entity’s practices regarding the collection, use, and disclosure of the information, and the consent provided must authorize such practices before any information may be collected, received or used.

Maine is following the lead of other states that have tried to expand the federal Children’s Online Privacy Protection Act (“COPPA”) to address adolescents between 13-17 years of age and their use of social networking websites. Like COPPA extension proposals in New Jersey (extending COPPA to cover the 13-17 age range) and Illinois (applying COPPA to most social networking sites), the Maine law tries to build on COPPA’s "verifiable parental consent" requirement for the 13-17 age range.

But, the Maine law addresses the following additional items:

• Online & Offline Information Collection: The Maine law applies to all collection, receipt or use of information from a minor, whether online or offline, whereas COPPA only applies to online activities.
• Personal Information: Although both COPPA and the Maine law define “personal information” generically as any “individually identifiable information,” the examples provided in the Maine law are less focused on the online collection of information than COPPA.
• Health Related Information: The Maine law applies to the collection and use of both “personal information” and “health-related information,” whereas COPPA only applies to personal information. 

This statute potentially could greatly complicate children’s marketing compliance, because it will create a marketing environment in Maine that is inconsistent with COPPA. Because the Maine legislature will not be in session until Jan. 6, 2010, and there have been no rumors of a special legislative session before September, the industry has been busy seeking a way to stay enforcement of the law. Among the bases for challenge that could forestall enforcement of the law might be:

• Statutory Preemption: Section 1303(d) of COPPA preempts state or local government laws that are inconsistent with COPPA. The legislative history of COPPA reveals Congressional findings that: (1) adolescents over the age of 13 have privacy rights and a greater understanding of commercial content, and (2) a national uniform standard was necessary because of the global distribution of the Internet. With this knowledge, Congress chose to regulate only the online collection of information from children younger than 13, and included this preemption provision to specifically guard against a patchwork of inconsistent regulation.
• Dormant Commerce Clause: Under Pike v. Bruce Church, 397 U.S. 137 (1970), if “the burden imposed . . . is clearly excessive in relation to the putative local benefit, and if the local interest can be promoted by other regulations that have a lesser impact on interstate activities,” the court may strike down a state law that burdens interstate commerce. Courts have invalidated a number of Internet-related state laws (regarding matters such as obscenity and SPAM regulation) on these grounds. In this case, the Maine law would be excessive because it forces out-of-state websites to treat Maine users differently – or to treat all Internet users as if they were located in Maine. Further, the interest of protecting children’s activities online is already addressed in COPPA, a uniform federal statute that has less impact on interstate commerce.First Amendment Commercial Speech: Under Central Hudson Gas v. Public Service Commission, 447 U.S. 557 (1980), commercial speech that is not illegal or deceptive is afforded First Amendment protection. Courts may overturn statutes where the government does not demonstrate that its regulation: (1) directly advances a substantial government interest, and (2) is no more restrictive of speech than necessary. In this case, the Maine statute is overbroad and would not directly advance the government’s interest of protecting children’s activities online – the statute pertains to any collection of a youth’s information whether online or offline. Likewise, advertisers could find less restrictive and less comprehensive approaches to deter the perceived harm. For example, a parent could monitor his child’s computer use, and prevent the child from providing personal information. Or, parents could purchase “Net Nanny” software, which has settings to prevent personal information disclosure. Both of these solutions require no regulation at all.
• Higher Value First Amendment Concerns: This statute has the potential to raise issues justifying a higher level of judicial scrutiny. For example, if government regulation could cause a chilling effect on any form of speech or regulate political speech, courts generally afford the speech strict scrutiny. In this case, it is not out of the realm of reasonableness to assume that some website operators could avoid information collection to the 14- to 17-year-old age group altogether, chilling all forms of youth marketing. Or, for political speech matters, groups like the Young Democrats or the Young Republicans may want to avoid collecting youth information as well, because much political activity could be viewed as marketing (i.e., party donation solicitations and memorabilia sales e-mails). 

The news on the front is that the AG of Maine understands and supports the stay. At least we know for sure the AG will not be bringing any actions under this law until the legislature revises it. It is critical that a stay be put in place to ensure that the industry is not inundated with nuisance private lawsuits for violation of the law. On the whole, however, things are moving in the right direction.

We will, of course, be following this carefully. Please call if you have any questions.

• Email This
• Print
• Comments
• Trackbacks (1)

Has blogging made critics out of us all? Maybe so, but we still have to watch what we say as illustrated in a recent New York case, Cohen v. Google/Blogger.com. Fashion model Liskula Cohen filed suit demanding that Google disclose the name of an anonymous blogger (who we now know was Rosemary Port) who created and operated the blog now infamously known as “Skanks in NYC.” Cohen alleged that Port posted sexually suggestive pictures featuring her, together with derogatory comments about her — labeling her as, among other things, “skank,” “ho” and “whoring.” Google refused to reveal the blogger’s IP address, citing its policies on protecting the privacy of bloggers. 

In New York, the elements for a cause of action for defamation “are a false statement, published without privilege or authorization to a third-party, constituting fault as judged by, at a minimum, a negligence standard, and, it must either cause special harm or constitute defamation per se.”   Cohen petitioned the court that because Port posted, essentially, “per se” defamatory content about her, the blogger’s identity must be disclosed to enable her to pursue her viable claim for defamation. Port filed papers on an anonymous basis in response to the petition, claiming that the statements were “non-actionable opinion and/or hyperbole,” and further argued that even if the words were capable of defamatory meaning, “the context here negates any impression that a verifiable factual assertion was intended” since blogs “have evolved as the modern day soapbox for one’s personal opinions,” by “providing an excessively popular medium not only for conveying ideas, but also for mere venting purposes, affording the less outspoken, a protected forum for voicing gripes, leveling invective, and ranting about anything at all.” While this pleading is certainly an accurate description of how blogs are frequently used by bloggers, the court was not persuaded that Port’s identity should be protected from disclosure because her statements were “reasonably susceptible of a defamatory connotation and are actionable.” The court held that Cohen was entitled to an order directing Google to disclose information as to the identity of the blogger. 

It turns out that Port is an acquaintance of Cohen who frequently attended the same social functions as she did. With Port's identity discovered, it has been reported that Cohen will file a defamation suit against her. In turn, Port has indicated that she will sue Google for $15 million for failure to protect her privacy, claiming that Google “breached its fiduciary duty to protect her expectation of anonymity.” While the merits of Cohen’s claim against Port and Port’s claim against Google are yet to be determined, the lesson for every blogger is that he or she may not hide behind a mask of anonymity with respect to blogs that may cross legal lines and create causes of action, such as defamation. 

Companies also need to be vigilant in connection with the development of policies around blogging by employees or agents. Imagine the scenario where an employee of a consumer products manufacturer posts malicious statements on a consumer opinion blog regarding a competing product. The rival company petitions for the identity of the blogger, and ultimately discovers that the blogger is an employee of a competitor. In this situation, not only the individual, but potentially the company as well, may be subject to a claim by the rival company for unfair competition, or for certain other Lanham Act or Communications Decency Act claims.

Tread carefully with your blogging, or you might get a flogging. (Sorry, we couldn’t resist).

• Email This
• Print
• Comments
• Trackbacks

This post was written by Rachel Rubin.

Website users have grown accustomed to the quid pro quo of Internet use and advertising: we browse websites, and those same website collect customer personal data or habits that are used to generate targeted advertising. But how far is too far in terms of data collection? Is our current system of consumer privacy protection a functional one, or one that falls short of adequately protecting the individual and his/her personal information and data?

According to the Federal Trade Commission’s new chief of the Bureau of Consumer Protection, David C. Vladek, the answer is the latter, and our system gets a failing grade. The FTC has expressed both distrust and displeasure with the current standard practice of online disclosure statements, and one-click, cookie-cutter privacy statements that consumers rarely read or understand, as neither may be enough to protect consumers from increasingly invasive Internet tracking practices and technologies. Also, the FTC sees this issue as having a consumer dignity interest element at stake, not merely consumer economic interests. The New York Times and the Wall Street Journal recently reported that Mr. Vladek will be scrutinizing online advertising and consumer privacy issues closely. Within his first few days on the job, Mr. Vladek announced that one of his “major goals” was “rethinking” the FTC’s approach to consumer privacy issues. 

As yet, Mr. Vladek has not articulated what these changes will be, but said he is not committed to “imposing regulation.” [quote from NYT article]. In his first few weeks in office, Mr. Vladek has been working with companies, public interest groups, and academics to evaluate the current rules and to suggest new ways to better protect consumer privacy. According to the Wall Street Journal, “the goal [is to have] new privacy guidelines in place by next summer.” 

These changes are part of the FTC’s move toward close evaluation of online advertising practices, which included the June settlement of a case with Sears Holdings Management Corp. In that case, Sears invited customers to download onto their computers, “research” software that allowed the company to track their online browsing. In return, customers were paid $10. The FTC found that the software also tracked consumer bank statements and prescription records, which some consumers did not realize, despite a lengthy privacy policy. The company was required to stop the program and to destroy the information it had collected. Mr. Vladek emphasized that the FTC was not just interested in protecting consumers from economic harm, but also in protecting consumers’ “dignity interest[s] wrapped up in having somebody looking at your financial records when they have no business doing that.” [quote from NYT article].  

How and what consumer data is collected has been a hot issue in recent months, with the release of a report from the FTC on its online behavioral advertising principles, followed shortly thereafter with self-regulation guidelines from industry groups. 

Why This Matters

Some industry groups fear the potential stricter regulations will harm their business models. It is clear that the FTC will expect more transparency from companies, but Mr. Vladek’s approach seems to be a collaborative one so far. Advertisers and industry groups should take advantage of this opportunity. As a practical matter, advertisers should be vigilant in adhering to consumer privacy and consumer information protection guidelines already in place, and should stay abreast of any and all developments in this area. Advertisers should also evaluate the programs and policies they use to protect the consumer information they collect, and alternative means of communicating the extent and use of personal data collected to consumers.

• Email This
• Print
• Comments
• Trackbacks

In what is likely to be seen as a watershed moment for the application of the Communications Decency Act of 1996 (the "CDA"), the Ninth Circuit Court of Appeals has released an opinion in Barnes v. Yahoo that has the potential to dramatically increase the cost of defending social media and computer service providers.

The Barnes case centered around the posting of defamatory "fake" profiles on Yahoo's social networking pages. The profiles, which appeared to be from Ms. Barnes but were in fact created by her ex-boyfriend, included several pictures of her in the nude. Ms. Barnes asked Yahoo to remove the profiles, but Yahoo took no action until local media did a story on the events, wherein Yahoo promised to remove the fake profiles. Two months after that, the profiles still appeared on the Internet, and Ms. Barnes sued Yahoo.

Yahoo sought a motion to dismiss based on the immunity provided to it by the CDA. The dismissal was granted and Ms. Barnes appealed to the Ninth Circuit. In deciding to remand the case to the District Court, the Ninth Circuit did two things that can be problematic for the future of the CDA.

First, it held that a promissory estoppel-like claim can survive CDA immunity (at least at the motion to dismiss stage). At its core, a promissory estoppel claim requires someone to make a promise, and someone to rely upon that promise to his/her detriment. The court explained that Yahoo could be seen as having made a promise to Ms. Barnes, as part of its privacy policy and terms of service, and reiterated through local media, that it would take down profiles such as the one at issue. The making of a promise would be an activity that would fall outside of the CDA's scope. Thus, a promissory estoppel claim can survive a CDA-based motion to dismiss.

The second, and potentially more problematic, result of this decision is the treatment of the CDA as an affirmative defense, and the basis for lawsuit immunity. Although this may seem like a small detail, the proverbial devil is in the detail. If the CDA is a source of lawsuit immunity, then this supports a motion to dismiss for failure to state a claim (a 12(b)(6) motion). A 12(b)(6) motion must be dispensed with before the filing of answer, and before the opening of discovery. An affirmative defense, on the other hand, is dealt with by a motion for a judgment on the pleadings. For this type of motion, the defendant must file an answer along with the affirmative defense. The filing of an answer is where things go awry. Upon the filing of an answer, the court can open discovery. If the case was presided over by an overly cautious judge, discovery could be mandated prior to the issuance of a ruling on the summary judgment motion. Given that discovery can be expensive and time consuming, it is not difficult to imagine that the potential costs of exercising CDA immunity may have greatly increased.

Why This Matters: This case should be of great interest to purveyors of social media and those who seek to tap into the power of social networks. Not only does this provide a wake-up call as to what the consequences are of the statements in privacy and terms-of-service policies, but it also defines a way to avoid future promissory estoppel-like claims. Promissory estoppel requires a promise and reasonable reliance – if it is unreasonable to rely on the promise, then the estoppel claim may fail. It is possible that an artful drafting of a terms-of-service document can make this kind of reliance unreasonable, and social media and other interactive website purveyors should think about whether their privacy policies need revision of this type.

Notwithstanding revisions to one's policies, the case is also noteworthy because of the shift in interpretation of the CDA. If the CDA is more properly an affirmative defense than the basis for lawsuit immunity, then the potential cost of tapping into the CDA's protections may rise significantly.

• Email This
• Print
• Comments
• Trackbacks (1)

This post was written by Avv. Felix Hofer.

1. The general principle is that the use of a person's image without his/her consent is basically prohibited (this even more if such use is performed for marketing or – in general - commercial purposes). In Italy the right on a person's image is governed both by the Civil Code and the Intellectual Property Act (Law no. 633 dated April 22nd, 1941, amended and integrated in the following).

(i) According to Section 10 of the Italian Civil Code the image of a person, or of his/her parent, spouse, or child can be exhibited or published only if such use is explicitly permitted by law and provided that the use does not cause prejudice to the dignity or reputation of the person represented.

Should abuse occur (save for the cases in which the use performed results in a criminal offense), a local (civil) Court can order termination of the abuse and award damages.

(ii) The local Intellectual Property Act contains additional provisions on the use of a person's image.

(ii.a.) A person's image MAY NOT be exhibited, reproduced or put on sale without his/her consent (so Section 96 of Law n° 633 dated April 22nd, 1941).
(ii.b.) Exceptions to this basic provision (i. e. use without consent) are allowed if the reproduction of a person's image is justified by his/her notoriety (see Section 97) and by a public interest (e. g. for purposes of information to the general public).
(ii.c.) Finally, a person's image may not be exhibited or put on sale if such use causes prejudice to the represented person's honour, dignity or reputation (Section 97 of the Intellectual Property Act). 

Click here to learn more. 

• Email This
• Print
• Comments
• Trackbacks

On Feb. 4, 2009, Facebook decided to change (aka “update”) its Terms of Use Policy. The new policy provided, essentially, the right of Facebook to continue using a user’s data even once he/she left the service. The following is an excerpt from Facebook’s current Terms of Use Policy:

You hereby grant Facebook an irrevocable, perpetual, non-exclusive, transferable, fully paid, worldwide license (with the right to sublicense) to (a) use, copy, publish, stream, store, retain, publicly perform or display, transmit, scan, reformat, modify, edit, frame, translate, excerpt, adapt, create derivative works and distribute (through multiple tiers), any User Content you (i) Post on or in connection with the Facebook Service or the promotion thereof subject only to your privacy settings or (ii) enable a user to Post, including by offering a Share Link on your website and (b) to use your name, likeness and image for any purpose, including commercial or advertising, each of (a) and (b) on or in connection with the Facebook Service or the promotion thereof.

The change that caused the uproar, however, was the deletion of the following, which appeared at the end of the aforementioned section: “You may remove your User Content from the Site at any time. If you choose to remove your User Content, the license granted above will automatically expire, however you acknowledge that the Company may retain archived copies of your User Content.”

Interestingly, Facebook’s amended policy went largely unnoticed until the popular consumer rights advocacy site, Consumerist.com, brought these changes to light.

This has sparked a very interesting debate on data ownership, and one that Facebook for now has decided to avoid as it backed down last week and reverted to its previous Terms of Use. According to Mark Zuckerberg, founder and CEO of Facebook, “Going forward, we’ve decided to take a new approach towards developing our terms. We concluded that returning to our previous terms was the right thing for now.”

While the arguments supporting why a user should have the right to control his/her data and information are both persuasive and intuitive, one must also consider the “reality” of the situation. For example, Facebook currently boasts a user base of approximately 175 million users around the world. Without having first-hand knowledge of Facebook’s IT policies and protocol, presumably a user’s data is stored across multiple networks and servers that are backed up regularly. Is it even possible for Facebook to delete all of a user’s data when he/she leaves Facebook? It is reasonable to demand that Facebook undertake a search and destroy mission for each departing user by deleting his/her data from each and every server that ever touched such data (including each back-up server), and then scrub the same servers to ensure that the deleted data can never be recovered? Moreover, if a user elects to leave the service without deleting his/her information, should Facebook then be required to do so?

Furthermore, social networking sites like Facebook are designed for data sharing between users—hence the term “social network.” Is it reasonable to expect Facebook to comb through millions of user pages to hunt down data that must be deleted and purged when a user leaves the service? Perhaps the changes reflected above were merely intended to address rights-clearance issues and to protect and insulate Facebook against claims from old users.

Whichever position one wishes to take in this debate, two points are certain: one, the reaction to Facebook’s changes to its Terms of Use reflects a much wider issue about user data, who owns the personal information, and what should happen to it if a user decides to leave a service; and two, the industry will be keen to see what Facebook decides to do next.

• Email This
• Print
• Comments
• Trackbacks

It’s a new year, and change is in the air. Although the holidays are over, some groups in Washington are hanging on to their wish lists with the hopes that President Obama will grant their desires.

Over the past few months, Obama has sent agency review teams into dozens of government offices, ranging from the Pentagon to the EPA to the FTC. These teams are dissecting agency initiatives, poring over budgets and reviewing functionality. Many lobbying groups see this time of transition as a prime opportunity to achieve desired changes by gaining the ear of the new administration.

In fact, in December, leading privacy and consumer groups met with leaders of the FTC review team to spread the message that the FTC has allowed industries to self-regulate online privacy practices – to the detriment of consumers – for far too long. Privacy groups are not alone in their concern. Obama himself said during his campaign that “[d]ramatic increases in computing power, decreases in storage costs and huge flows of information that characterize the digital age bring enormous benefits, but also create risk of abuse. We need sensible safeguards that protect privacy in this dynamic new world.” He committed to “strengthen the privacy protections for the digital age and to harness the power of technology to hold government and business accountable for violations of personal privacy.”

During their meeting with the FTC agency review team, privacy groups stressed a need for better (more?) regulation of targeted online marketing, oversight in the data broker industry, and privacy policies for medical information, just to name a few. Susan Grant, director of consumer protection at the Consumer Federation, called the Network Advertising Initiative’s behavioral advertising self-regulatory code of conduct “deceptive on its face,” and called for the FTC to establish a “Do Not Track” registry, similar to the popular “Do Not Call” registry for telemarketing. In support of increased oversight of data brokers, Beth Givens of the Privacy Rights Clearinghouse cited numerous complaints from consumers about use of their personally identifiable information by companies in violation of stated privacy policies.

In addition to Obama taking office, a Democratic shift in Congress has the potential to lead to increased regulation. In fact, two senators (Markey (D-Mass.) and Dorgan (D-N.D.)) have already expressed an interest in introducing Internet privacy legislation that would likely outlaw behavioral targeting, cookies and “deep packet inspection.” In addition, a bill currently pending in Congress would expand and enhance the authority of the FTC, possibly increasing the number of FTC litigations.

• Email This
• Print
• Comments
• Trackbacks