Navigating the Legal Issues Surrounding Social Media
Understanding and Avoiding the Legal Risks Associated with Social Media Services
Introduction
The emergence of social media as a dominating new way for companies to conduct business and interact with consumers as well as a real-time mechanism to connect millions of people on a personal level presents new legal issues as well as a new environment for existing issues. Because social media will grow with time and the law tends to lag technological development, companies and individuals using social media should take care.
This chapter identifies and discusses a number of legal issues implicated by social media: intellectual property ownership and infringement; risks of placing personal and business information on social media sites; legal protection for information posted on social media sites; federal laws covering social media; strategies that can be used by hosting providers to limit liability; recent Facebook privacy litigation; and social media litigation risks for businesses.
IP Protection and Other Legal Issues Associated with Social Media Sites
Several important legal issues are associated with the use of social media sites that those in the field need to take into consideration:
Intellectual Property
As third-party content routinely makes its way into social media forums, site owners should have a basic understanding of copyright and trademark law. It is also important to establish, publish, and adhere to your own policies related to user-submitted intellectual property (IP), including ownership and control issues.
User-Generated Content (UGC). A social media site operator should clearly define a policy on ownership and sourcing of the intellectual property generated by users, and adhere to the Digital Millennium Copyright Act (DMCA), Pub. L. 105-304, 112 Stat. 2860 (1998). The purpose of the DMCA is to protect copyrighted works in the digital age. To accomplish its stated objective, the DMCA contains provisions that prohibit circumventing access controls, as well as provisions that criminalize the production and dissemination of technology and devices that circumvent control access to copyrighted works.
DMCA
The DMCA should be posted clearly on a social media site. This is necessary to educate and inform users. To prepare for potential infringement disputes, make sure you are familiar with the DMCA safe harbor guidelines. The DMCA may provide a safe harbor for online service providers against liability if they promptly block access to or remove allegedly infringing material upon receipt of notice of infringement from the copyright holder.
Defamation
Social media users share more information with each other every day through mediums such as Facebook, Twitter, and blogs. With each post, the possibility of defamatory statements increases. It is then important for a social media site operator to be familiar with Section 230 of the Communications Decency Act, which provides immunity from liability for interactive computer service users and providers who publish information provided by others.
Privacy
The largest legal challenge with respect to social media usage is the protection of personal data. The Federal Trade Commission (FTC) has recently refined its privacy guidelines to safeguard personal e-mails, names, and Social Security numbers transmitted through social media. Other necessary compliances may include overseas privacy mandates, if your site is operated or accessible outside the United States.
Risks of Placing Personal Information on Social Media Sites
There is always a physical security concern whenever too much personal information is revealed through social media. In fact, in 2009, stalking statistics showed:
One in four victims were stalked through the use of some form of technology.
Ten percent of victims reported being monitored with global positioning systems (GPS), and 8 percent were monitored through video or digital cameras, or listening devices.
For more information on privacy and safety, go to BITS Financial Services Roundtable, Social Media Risks and Mitigation (June 2011), available at http:// www.bits.org/publications/security/BITSSocialMediaJun2011.pdf. – See more at: http://www.klemchuk.com/133-Navigating-the-Legal-Issues-Surrounding-Social-Media#sthash.ecnQ7wUD.dpuf.
The risk to personal safety increases as people use social media to advertise their physical location or travel agenda. Armed with GPS technology, Facebook check-ins, Foursquare, and other such social media location trackers, potential stalkers have every tool they need to determine what a person is doing, where they are, and even whom they are with.
Social media also presents the risk of inadvertent disclosure of confidential information. Caution should, therefore, be exercised in making posts.
The main social media risks for a business include employment, privacy, security, intellectual property, and media concerns. Examples include firings based on social media posts held unlawful by the National Labor Relations Board as protected speech, employees inadvertently posting confidential information, and trademark infringement via third-party registration of user names in social media.
While there is little precedent related to social media lawsuits, these types of lawsuits are working their way through the courts. The PhoneDog LLC v. Noah Kravitz, No. C 11-03474 MEJ (N.D. Cal, filed July 15, 2011), case seeks to determine who owns a Twitter account. Mr. Kravitz, using the Twitter name PhoneDog_Noah, attracted more than 17,000 followers during his tenure with PhoneDog. When Mr. Kravitz resigned, he took his Twitter account with him but changed his Twitter name to noahkravitz. After Mr. Kravitz began working for a competitor, PhoneDog sued him for $340,000 based on its valuation of Mr. Kravitz’ followers, alleging harm to the company from his continued use of the Twitter account, equating his followers to a customer list. As there is substantial overlap of social media and business activities these days, the outcomes of social media-related complaints and lawsuits, such as complaints regarding Facebook firings and the PhoneDog LLC v. Noah Kravitz case, should be closely monitored by businesses employing social media, and social media policies should be established, published, and adhered to in order to protect a business from litigation.
Additionally, during the hiring process, it is important for hiring personnel to refrain from researching job candidates through social media to avoid liabilityfor hiring discrimination based on personal information obtained from sources such as Facebook, to which the hiring personnel would not otherwise be privy.
For more information, please visit:
Toby Merrill, Kenneth Latham, Richard Santalesa, and David Navetta, Social Media: The Business Benefits May Be Enormous, But Can the Risks—Reputational, Legal, Operational—Be Mitigated? (Apr. 2011), http://www.acegroup.com/us-en/assets/ace-progress-report-social-media.pdf (pages 4-6); Whitney Redding, Legal Risks of Social Media, (Dec. 2011), http://www.asaecenter.org/Resource s/ANowDetail.cfm?ItemNumber=137233.
Legal Protection for Information Stored on a Social Media Site
Currently, few laws within the United States provide legal protection tailored specifically to safeguard the information posted on social media networks. While certain privacy laws exist that protect an individual’s medical and/or financial information, no specific legislation is known that governs private posts made on social media websites, although recent FTC settlements involving Facebook and Google have resulted in the tightening of privacy policies, wherein both Facebook and Google have agreed to implement comprehensive privacy programs to protect consumers.
Currently, a client or attorney can determine how personal information is being managed, disseminated, and utilized on a social media site by looking to the social media site’s privacy policy. Privacy policies generally include statements regarding the following: (1) the sources from which personal information is collected; (2) how collected personal information is used; (3) with whom the collected personal information is shared; (4) the choice of opting out of the disclosure of personal information to third parties; and (5) the steps taken to protect the collected personal information.
For more information, please visit:
News Release, Facebook Settles FTC Charges That It Deceived Consumers By Failing To Keep Privacy Promises, FTC (Nov. 29, 2011), http://www.ftc.gov/opa/2011 /11/privacysettlement.shtm; News Release, FTC Charges Deceptive Privacy Practices in Google’s Rollout of Its Buzz Social Network, FTC (Mar. 30, 2011), http://www.ftc.gov/opa/2011/03/google.shtm.
The Fair Information Principles
The Fair Information Principles, published by the US Federal Trade Commission, provide a set of non-binding governing principles for the commercial use of personal information. Fair Information Practice Principles, FTC (last modified 2007), available at http://www.ftc.gov/reports/privacy3 /fairinfo.shtm. These principles offer guidance to social media websites seeking to draft policies that encompass existing privacy concerns.
Four critical issues are identified in the Fair Information Principles. They are notice, choice, access, and security. Notice mandates that information practices must be disclosed before personal information is collected. Choice ensures consumers are given options on how collected personal information can be used beyond the purpose for which it was provided. Access means consumers should be able to check the accuracy and completeness of personal information collected; and security states that reasonable steps must be taken to assure consumers their personal information is secure from unauthorized use.
To conform to the Fair Information Principles, a privacy policy generally includes statements regarding the following:
The sources from which personal information is collected;
How collected personal information is used;
With whom the collected personal information is shared; An option allowing consumers to opt out of the disclosure of personal information to third parties; and The steps taken to protect the collected personal information.
Federal Laws Governing Privacy Policies
While there is no single comprehensive body of law that is generally applicable to privacy policies, there are some federal laws that govern privacy policies under specific circumstances:
The Children’s Online Privacy Protection Act (COPPA), 15 U.S.C.A. § 6501 et seq. mandates that commercial websites that direct online services to children under the age of thirteen, or that knowingly collect information from them, inform parents of their information practices, and obtain verifiable parental consent before collecting, using, or disclosing personal information from children. In addition to posting a privacy policy, these websites must also adhere to enumerated information-sharing restrictions.
The Gramm-Leach-Bliley Act, Pub. L. 106-102, 113 Stat. 1338 (1999) requires institutions significantly engaged in financial activities to provide clear, conspicuous, and accurate statements of their information-sharing practices. The Act also restricts the use and disclosure of financial information to unauthorized third parties.
The Health Insurance Portability and Accountability Act (HIPAA), Pub. L. 104-191, 110 Stat. 1936 (1996) requires notice in writing of the privacy practices of health care services. HIPPA protects how an individual’s health information is used by organizations and disclosed to others. All health care providers, insurance companies, employer-sponsored health plans, and HMOs must comply with this privacy rule’s guidelines. HIPAA-covered entities are among the most extensively regulated niches in terms of information privacy.
Some states have already implemented more stringent regulations for privacy policies. For example, California requires any commercial websites or online services that collect personal information on California residents through a website to conspicuously post a privacy policy on the site. Additionally, both Nebraska and Pennsylvania have laws treating misleading website privacy policy statements as deceptive or fraudulent business practices.
US companies should also be particularly cautious with respect to e-commerce, because the European Union (EU) has much stricter privacy regulations than the United States, which can also affect US entities. The EU Data Privacy Directive prohibits EU organizations from transferring personal data to countries where privacy protection is not deemed adequate.
To prevent the interruption of data transfers from the EU to the United States, the EU has approved a “safe harbor.” The safe harbor permits US companies that voluntarily abide by its principles to continue data transfers with EU member states. US companies within the safe harbor are presumed to provide adequate privacy protection.
Strategies Used by Hosting Entities to Limit Liability
It is important for social media companies to draft privacy policies that accurately reflect their actual practices. This is commonly where companies run into problems and open themselves to liability. When a company fails to strictly follow its posted privacy policy, its actions may be seen as deceptive trade practices, which, in turn, can lead to enforcement actions. It is therefore important to avoid borrowing language from another site’s privacy policy or a standard template in lieu of drafting customized policies. Rather, a company should disclose its actual collection and maintenance practices in a clear and concise manner. Hosting companies should also strictly adhere to the various safe harbors in this area.
Similarly, businesses utilizing social media must comply with the same laws that govern businesses generally. Of particular concern are issues related to employment law, defamation, copyright infringement, and the FTC’s rules and regulations concerning advertising.
When employing social media, businesses need to adhere to the FTC Guidelines Concerning the Use of Endorsements and Testimonials in Advertising, 16 C.F.R. § 255. These guidelines direct how endorsements and testimonials about products and services may be made. Under the guidelines, the FTC requires endorsers to disclose any financial relationships that may exist with the business they are promoting. Additionally, the FTC makes the business itself liable for the endorser’s statements.
Social media owners and operators may have some insulation from liability against third-party content, however. The Communications Decency Act (CDA) and the Digital Millennium Copyright Act (DMCA) provide some immunity for social media owners. The DMCA’s safe harbor take-down procedures are particularly noteworthy, as they may provide a valuable tool for those seeking to address copyright infringement without resorting to litigation. Once notice of infringement is received from a copyright holder, those social media owners and operators who wish to protect themselves from liability need to immediately block access to or remove the allegedly infringing material to fall within the DMCA safe harbor.
Recent Facebook Privacy Litigation
After the US government filed charges that Facebook violated US privacy law, Facebook confessed that it had failed to protect the privacy of its 800 million active users. The FTC invited the public to submit comments on the settlement through December 30, 2011.
Under the proposed consent order, which does not include any fines, Facebook is:
Barred from making misrepresentations about the privacy or security of consumers’ personal information;
Required to obtain consumers’ affirmative express consent before enacting changes that override their privacy preferences;
Required to prevent anyone from accessing a users’ material more than thirty days after the user has deleted his or her account;
Required to establish and maintain a comprehensive privacy program designed to address privacy risks associated with the development and management of new and existing products and services, and to protect the privacy and confidentiality of consumers’ information; and
Required, within 180 days, and every two years after that for the next twenty years, to obtain independent, third-party audits certifying that it has a privacy program in place that meets or exceeds the requirements of the FTC order, and to ensure that privacy of consumers’ information is protected.
However, only time will tell if the FTC can effectively police social media privacy. It is, therefore, critical for social media users to be cautious about what information they publish and take responsibility for protecting their own privacy.
For more information, visit:
News Release, Facebook Settles FTC Charges That It Deceived Consumers By Failing To Keep Privacy Promises, FTC (Nov. 29, 2011), http://ftc.gov/opa/ 2011/11/privacysettlement.shtm; Peter S. Vogel, Facebook Confesses Failure to Comply with Privacy Laws (Dec. 1, 2011), http://www.vogelitlawblog.com/ 2011/12/articles/internet-privacy/facebook-confesses-failure-to-comply-with- privacy-laws/.
Social Media Litigation Risks for Today’s Businesses
Some of the biggest litigation risks for businesses related to social media usage are:
Not complying with privacy policies;
Using social media sites to discriminate against employees or potential employees;
Failure to comply with safe harbor provisions and related regulations such as COPA; and
False or misleading communications that can lead to lawsuits or administrative action.
The best way to prevent or mitigate these types of lawsuits would be to:
Establish a privacy policy tailored specifically to your company;
Adhere to and enforce the policy on a continuing basis;
Avoid using social media to investigate current or potential employees; and
Comply with safe harbor provisions. Protecting IP in the Social Media Realm
Trademark owners, whether registered or unregistered, should monitor and police their brand to enjoy the benefits of their marks. One of the ways that a trademark owner can lose its mark is through abandonment. Non-intentional acts that could lead to abandonment include prolonged unchallenged third-party uses of a trademark or “genericide.” Genericide occurs when the mark or brand name becomes the colloquial or generic description for or synonymous with a general class of product or service. Genericide weakens the strength of the trademark as an identifier of the owner’s goods or services, and this severely damages the owner’s ability to later enforce the mark. Examples of marks that have fallen victim to genericide include Aspirin, Escalator, Thermos, Yo-yo, and Zipper. Xerox and Kleenex are examples of marks that came close to genericide, but were rescued by aggressive corrective campaigns. The US Patent and Trademark Office (USPTO) explicitly states that they do not provide trademark monitoring or any similar services; therefore, it is the responsibility of the mark owner to police against unauthorized third- party uses.
While Facebook, LinkedIn, Twitter, and other social marketing sites provide innovative ways for brand owners to grow their businesses and connect to new and existing clients, as with any interface that operates on user-generated content, these sites can also be hot spots for infringement. As a result, it is important for rights owners to monitor these sites and take action to stop infringement. Sites such as Facebook, LinkedIn, and Twitter all have procedures in place to assist rights owners in handling infringement. It is critical that rights owners take full advantage of these safeguards to protect their IP.
For Facebook, see http://www.facebook.com/legal/copyright.php?howto_ report. For LinkedIn, see http://www.linkedin.com/static?key=copyright_ policy&trk=hb_ft_copy. For Twitter, see http://support.twitter.com/ forms/trademark and http://support.twitter.com/forms/dmca.
Despite recent developments, increased regulation over social media sites is likely not needed. As with anything with the potential to be misused publicly, people should be careful with respect to what information they choose to share externally. There will always be people who try to take advantage of the unwary, but social media is a great innovation for anyone who wants to connect and interact with others, both individually and commercially. Over time, the law will evolve to address any abuses.
One of the best measures is to take a proactive approach regarding social media, including drafting comprehensive social media policies to address ownership of social media accounts and employee-generated accounts, and educating employees on proper usage of social media and associated risks. Companies should also monitor usage of their trademarks, brand names, and product names in social media to safeguard against infringement or improper use.
Conclusion
Social media creates tremendous opportunities for businesses and individuals to connect in new and meaningful ways. As with the Internet in the 1990s, social media presents a new venue for existing legal issues as well as some unique issues. The law will lag behind to address these issues. Social media’s ability to aggregate millions of users and connect them in real time presents heightened legal risks—defamation, trademark infringement, stalking, and harassment, to name a few. There are a number of blogs that focus on social media law developments.
Mr. Klemchuk has a bachelor of science in mechanical engineering from the University of Washington (1990) and a JD from Vanderbilt University Law School (1997). He formed Klemchuk Kubasta LLP in Dallas, Texas in 2009. He is currently the managing partner of the firm. Mr. Klemchuk has been recognized by D Magazine as “Best Lawyers – Intellectual Property” (2007 – 2015) as well as a Texas “Super Lawyer” (2008 – 2015) for intellectual property litigation by Law & Politics Magazine as published in Texas Monthly and Texas Rising Stars magazines.
Mr. Klemchuk’s practice includes all aspects of intellectual property with emphasis on patent, trademark, copyright, and trade secret litigation as well as social media law. He has handled more than 200 intellectual property disputes. His practice also includes assisting companies to increase their market share and protect their competitive advantage by identifying and protecting valuable branding, technological innovation, software, and other property; by procuring patent, trademark, and copyright registrations; and through employment agreements and non-compete agreements. He also advises clients on licensing, acquisitions, due diligence, and eCommerce, including the emerging field of branding in cyberspace and trademark issues related to the Internet. He also assists clients in recovering domain names taken by cybersquatters.
©2012 Thomson Reuters/Aspatore All rights reserved. Printed in the United States of America. No part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, except as permitted under Sections 107 or 108 of the U.S. Copyright Act, without prior written permission of the publisher. This book is printed on acid free paper.
Material in this book is for educational purposes only. This book is sold with the understanding that neither any of the authors nor the publisher is engaged in rendering legal, accounting, investment, or any other professional service. Neither the publisher nor the authors assume any liability for any errors or omissions or for how this book or its contents are used or interpreted or for any consequences resulting directly or indirectly from the use of this book. For legal advice or any other, please consult your personal lawyer or the appropriate professional.
The views expressed by the individuals in this book (or the individuals on the cover) do not necessarily reflect the views shared by the companies they are employed by (or the companies mentioned in this book). The employment status and affiliations of authors with the companies referenced are subject to change. For customer service inquiries, please e-mail West.customer.service@thomson.com.
If you are interested in purchasing the book this chapter was originally included in, please visit www.west.thomson.com.
Sign up for Legal Insights blog here. See all our content here.
About the Firm:
Klemchuk LLP is a litigation, intellectual property, transactional, and international business law firm dedicated to protecting innovation. The firm provides tailored legal solutions to industries including software, technology, retail, real estate, consumer goods, ecommerce, telecommunications, restaurant, energy, media, and professional services. The firm focuses on serving mid-market companies seeking long-term, value-added relationships with a law firm. Learn more about experiencing law practiced differently and our local counsel practice.
The firm publishes Intellectual Property Trends (latest developments in IP law), Conversations with Innovators (interviews with thought leaders), Leaders in Law (insights from law leaders), Culture Counts (thoughts on law firm culture and business), and Legal Insights (in-depth analysis of IP, litigation, and transactional law).