Archive for the ‘Social Media’ Category

Denial of Hulu’s Motion for Summary Judgment Paves Way for More Lawsuits Under the Video Privacy Protection Act

Monday, May 5th, 2014

A lawsuit filed in 2011 against Hulu, an on-line video content provider, claims the company violated the Video Privacy Protection Act (“VPPA”) by wrongfully disclosing users’ video viewing selections and personally identifiable information (PII) to third parties, comScore and Facebook.  On April 24, 2014, a federal court in the Northern District of California ruled that Hulu may have violated the VPPA by sharing user identifiers with Facebook.  Facebook could combine those user identifiers from Hulu with other information provided by cookies from a Facebook “like” button on Hulu’s web page that could reveal a user’s Facebook identity, as well as a user’s viewed video content on Hulu.  The court’s decision paves the way for privacy plaintiffs to bring suit against businesses who derive information from users’ viewing histories, with costly consequences given statutory damages of up to $2,500 per violation.

The VPPA prohibits a video service provider from knowingly disclosing PII of a consumer of the provider to third parties.  Under the VPPA, PII includes information that identifies a person as having requested or obtained specific video materials or services from a provider.  The VPPA prohibits disclosures that tie specific people to the videos they view.  The court found that disclosure of PII is not limited to a person’s actual name, but also consists of information that can identify a specific person and a specific transaction. The court affirmed that a unique, anonymized ID alone is not PII, but “context could render it not anonymous and the equivalent of the identification of specific person.”

Hulu’s Facebook disclosures included sufficient facts to potentially link the disclosure of a video name to an identified Facebook user to result in a violation of the VPPA.  A Facebook “like” button on Hulu’s web page sent Facebook the title of the video watched by the user, the IP address of the registered user’s computer, and cookies which could contain the Facebook user’s ID.  Hulu did not send Facebook the Hulu user’s ID or name when the user’s browser executed code to load the Facebook “like” button.  Nevertheless, the information provided to Facebook revealed information about what the Hulu user watched and the Hulu user’s name on Facebook.

In contrast with Hulu’s Facebook disclosures, Hulu’s disclosures to comScore did not potentially violate the VPPA because comScore could only have “hypothetically” linked to a user’s name or user’s viewing history.  Hulu provided comScore with users’ unique Hulu user ID, an alphanumeric string to differentiate between web browsers that Hulu assigned at random to a browser, a Hulu Ad ID identifying an advertisement, and the name of the video content program and any season or episode number.  Because comScore had the Hulu user ID, it possessed the “key” to locating user’s names, but there was no evidence it did so.

This ruling is significant because it further opens the door for class actions alleging violations of the VPPA because “anonymous” data may be considered PII under the statute when viewed in the context of other data points.  Privacy plaintiffs will undoubtedly seek to apply this more narrow interpretation of what constitutes “anonymous” data in other lawsuits implicating different state and federal privacy laws.

 See Order here.

LinkedIn Sues Unknown Defendants Operating BOTS for Stealing Members’ Data

Friday, January 10th, 2014

LinkedIn sued unknown defendants for employing automated software programs known as bots to copy members’ data and to register thousands of fake member profiles on the social network’s site.  In addition to its free networking benefits, LinkedIn also provides a subscription Recruiter service which permits headhunters to search for potential candidates. 

LinkedIn filed a complaint on January 6, 2014 in the Northern District of California, alleging violations of the Computer Fraud and Abuse Act, California’s Comprehensive Computer Access and Fraud Act, the Digital Millennium Copyright Act, breach of contract, misappropriation, and trespass.  At the heart of LinkedIn’s claims is that unknown defendants accessed LinkedIn’s website and servers without permission by using bots to circumvent existing technical barriers.

LinkedIn asserts the bots registered thousands of fake profiles on the site to view thousands of members’ profiles each day and copy data from their profiles.  This automated copying is referred to as scraping.  LinkedIn’s User Agreement prohibits scraping, as well as prohibits members from registering more than one profile.  The User Agreement also requires members to use their real names and provide accurate information.  All members agree to the User Agreement as a condition of joining the website.

LinkedIn believes the data copied by the bots was used by the unknown defendants to compete with LinkedIn or even sold to LinkedIn competitors.  As a result of the bots’ unauthorized copying of member’s data, LinkedIn contends its Recruiter service is devalued.  LinkedIn also asserts the bots’ fake profiles cause the non-subscription portion of its site to lose its integrity.  For example, LinkedIn claims that legitimate members tried to connect with fake members after seeing that a fake member viewed the legitimate member’s profile. 

When LinkedIn discovered bots registering fake profiles and copying member’s data, LinkedIn disabled the fake member profiles and implemented additional safeguards to try and prevent unauthorized access by bots.  The company plans to subpoena Amazon Web Services, which the bots used to access LinkedIn’s website and servers, in order to determine the identity of the unknown defendants.  LinkedIn’s litigation strategy is not without precedent, as Facebook and Craigslist have in the past filed lawsuits against scrapers and Facebook even won over $3 million in damages for resulting spam messages.

It will be interesting to see if LinkedIn members take any action either against LinkedIn or the defendants, once identified, in connection with unauthorized copying of the members’ data.

Facebook Hit With New Lawsuit Over User Information Privacy

Monday, January 6th, 2014

Perennial issues with Facebook’s data use policies have spawned another class action lawsuit in the Northern District of California. Plaintiffs in Campbell et al v. Facebook Inc., No. 13-CV-05996 make two distinct claims in their December 30, 2013 complaint, one of which might surprise even longtime Facebook users.

The first and less controversial claim is that Facebook monitors users’ “private” messages with other Facebook users to provide data to marketers and target advertisements. The complaint cites third-party research, including a report by a Swiss firm that sent Facebook private messages embedded with unique, hidden URL addresses to ascertain whether any of the test URL’s would be “clicked.” According to the complaint, “Facebook was one of the Web Services that was caught scanning URLs despite such activity remaining undisclosed to the user.” The plaintiffs allege that this practice is contrary to Facebook’s public statements touting the privacy of its messaging service and violates an alleged promise by Facebook “that only the sender and the recipient or recipients will be privy to the private message’s content, to the exclusion of any other party, including Facebook.” Google and Yahoo have faced similar lawsuits alleging that users of their respective email services have their mail “scanned” for advertising and marketing purposes. E.g., Dunbar v. Google, 10-CV-00194 (E.D. Tex.)

The second, more startling claim is unique to Facebook.  According to Plaintiffs, if the private messages contain a URL address, Facebook crawls the linked page to see if it contains one of Facebook’s “Like” buttons. If it does, Plaintiffs allege that Facebook registers that private-message link as a “Like” on the linked site’s Facebook page, effectively and automatically clicking “like” links within Facebook messages on behalf of its users without their knowledge.

A frequent issue in these types of lawsuits is whether the defendant’s data use practices have been adequately disclosed to users and what expectations reasonable consumers would have as to how their information is used. With respect to Facebook’s scanning and use of information in private messages, plaintiffs acknowledge that Facebook’s data use policy discloses that Facebook will “receive” information from the users, but plaintiffs allege that Facebook’s scanning, mining and “manipulate[ion]” of private message content goes well beyond the scope of disclosure.

The Campbell plaintiffs’ claim of Facebook auto-liking a web page based on the inclusion of a link to that web page in a private message is more problematic and may present novel legal issues. A credible argument can be made that Facebook’s liking of a webpage discussed in private message makes the message (albeit, a small part) public, raising questions of whether this use of nominally private data rises to the level of a public disclosure. The complaint also suggests (but does not directly allege) that automatic “likes” generated by a private message URL might be traced back to the message sender or recipients. If true, tort and fraud issues abound: imagine the consequences if a job applicant had sent a white supremacist organization’s URL in a private message only to later find that he or she had inadvertently and publicly “liked” the page as well.

This suit is the latest in a string of similar class actions that together represent a backlash against how tech companies use, share and profit from personal data. In addition to the lawsuits involving Gmail and Yahoo Mail, LinkedIn has recently been accused of scanning emails to spam users’ contacts. Third party research reports that the Campbell plaintiffs relied on have also accused Twitter, Google+, Formspring, and of misusing user data without their consent or knowledge. Whether these concerns will be resolved by the courts or through legislation is unclear, but it is increasingly apparent that consumers and plaintiffs’ lawyers are paying more attention to how personal information is being used without users’ knowledge.

Twitter Takes A Stand Against DMCA “Takedown Notice”

Monday, October 8th, 2012

Recently, a copyright infringement lawsuit was filed against Twitter by Christopher Boffoli regarding Twitter’s failure to take down links to his photographic art work that have been posted by Twitter users and hosted on Twitter’s servers. Boffoli is the creator of the “Disparity Series” of art photographs, which feature miniature figures in poses on fruit. Boffoli’s photos have been featured in magazines, newspapers and on television. Boffoli has also registered these photographs with the U.S. Copyright Office.

Boffoli claims that he sent Twitter four notices over a five week period pursuant to the Digital Millenium Copyright Act (“DMCA”) to take down the infringing material, but that Twitter failed to remove the posted works. Boffoli seeks injunctive relief requiring Twitter to remove the posted works, and any damages stemming from Twitter’s alleged copyright infringement.

Twitter’s failure to remove the allegedly infringing postings, puts it at risk for liability for copyright infringement. The DMCA provides a safe harbor against copyright infringement for service providers, such as Twitter, who provide an online service on which copyrighted materials might be posted by users. The DMCA allows for a copyright holder to send the service provider (i.e. Twitter) a notice that infringing content has been posted on their site (“takedown notice”), at which point the service provider can avoid liability for copyright infringement by removing the content from its site. If the service provider fails to comply with the takedown notice, they could be liable for copyright infringement. In addition, as articulated in Viacom Int’l Inc. v. YouTube, Inc., a service provider who has actual or “red flag” (i.e. apparent or objective) knowledge that infringing content is being posted to its site may be liable for copyright infringement if they do not remove the infringing content, regardless of whether a DMCA takedown notice has been issued.

Twitter’s decision to forego the protections of the DMCA by declining to comply with Boffoli’s DMCA takedown notice in such a high profile case is risky, but it is also telling. Social media service providers such as Twitter and Pinterest thrive off of their users’ ability to share information and content. However the ability of users to post content, and the service provider’s liability associated with the posted content, are constantly and increasingly in conflict. Twitter could be positioning itself in a fight over the parameters of the “fair use” of content on their (or other) website(s), where there is no clear economic gain being derived from the content being posted by users. Twitter’s stance could signal the beginning of a shift in how social media companies will respond to allegedly infringing content posted to their sites.

Since the complaint was filed, Twitter has removed some of the images that were hosted by Twitter, but many still remain. How Twitter will respond to the complaint, and where this dispute lands remains to be seen. Nonetheless, the potential ramifications to ordinary users and businesses that use Twitter and other social media websites could be significant, and could shape the way content is used on social media. Stay tuned.

FTC Disclosures Must Accompany Consumer Testimonials on Pinterest

Wednesday, September 19th, 2012

Businesses are flocking to the social media website Pinterest, a virtual bulletin board that allows businesses and consumers to “pin” online content (images of products and consumer comments) to a board (webpage) which links to the source of the image (company website) and ultimately drives traffic to the company’s website. Pinterest has obvious appeal to businesses as a marketing tool, but businesses should proceed carefully. Recently the National Advertising Division (“NAD”) of the Council of Better Business Bureaus issued an opinion about weight loss success stories pinned by consumers on a Nutrisystem sponsored board on Pinterest called “Real Consumers, Real Success.” The NAD is a unit within the advertising industry’s Advertising Self-Regulatory Council that reviews national advertisements and ensures compliance with truthfulness and accuracy (NAD link). Opinions issued by the NAD are used as guidance by those in the industry.

The Nutrisystem success stories pinned on Pinterest included specific information such as the consumer’s name, total weight loss and a photo of the consumer i.e. “Michael H. lost 125 lbs. on Nutrisystem.” Following its review of Nutrisystem’s board on Pinterest, the NAD determined that the success stories posted amounted to “consumer testimonials” about results that were unique and that Nutrisystem was required to provide all material information clarifying the typical type of results that consumers could expect from using the product.

In rendering its opinion, the NAD cited Section 255.2 (b) of the FTC’s Guides Concerning the Use of Endorsements and Testimonials in Advertising (FTC Guides), noting that “an advertiser should possess and rely upon adequate substantiation for this representation. If the advertiser does not have substantiation that the endorser’s experience is representative of what consumers will generally achieve, the advertisement should clearly and conspicuously disclose the generally expected performance in the depicted circumstances, and the advertiser must possess and rely on adequate substantiation for that representation.”

Because the results were not typical, the NAD found that the stories pinned needed to be accompanied by a clear and conspicuous disclosure explaining the typical weight loss results that consumers could expect to achieve using the product. In addition, although the stories pinned were linked to the Nutrisystem website where the consumer could find the disclosure, the NAD noted that the disclosures should be placed in immediate proximity to the claim or representation it is intended to clarify. Ultimately, Nutrisystem agreed with the NAD ruling, and added the necessary disclosure i.e. “Results not typical. On Nutrisystem, you can expect to lose at least 1-2 lbs. per week. Individuals are remunerated.”

The NAD decision illustrates a potential problem businesses may encounter when using Pinterest, or other social media, as a marketing tool. While consumer testimonials in the past may have been vetted internally prior to being used in a company sponsored advertisement, the same filters do not exist when using social media to engage consumers. Businesses must understand that the consumer protection laws extend to social media and that the increased exposure to consumers means an increased chance to run afoul of consumer protection laws. Businesses should monitor their accounts on social media sites to ensure that they remain in compliance with consumer protection laws and be prepared to add disclaimers or other notices to postings, or “pins”, if necessary.

Users Pin on Pinterest, But Pinterest Pins Users

Friday, March 23rd, 2012

Social media has a new kid on the block, and its name is Pinterest.  Seemingly out of nowhere, Pinterest has become the fastest website ever to receive 10 million visitors in a month.

The concept is fairly straight forward; basically, Pinterest is an online pin board that allows users to pin images, text and videos to personalized boards that they create.  Those boards may be personalized according to themes selected by the user and can be populated with works taken from all over the internet.  For example, a user may create a board entitled “Dream Vacations” and pin images found on various websites of beaches, hillside cities and the Taj Mahal.  Users pin works to their boards by use of a “Pin It” tab installed on users’ tool bars.  Whenever users come across works they simply click the “Pin It” tab, and that work is pinned to the user’s board.  Users may also re-pin works that they like from the boards of other users and may chose to follow other users whose boards they like. 

Typically, users collect images or images of other content that they like—text and videos—from various sites across the web without concern for who might own and have licensing rights to these works.  Needless to say, all of this pinning and re-pinning raises numerous legal questions regarding copyright and privacy rights.

Copyright Basics

Generally speaking, the owner of a copyright has the exclusive right to use, reproduce, license and profit from the images, pictures and other creative works they create.  Importantly, a copyright owner has the right to decide how—if at all—their work will be used.  The impermissible use by another of a copyrighted work is typically infringement, unless such use is permitted “fair use” which is a limited exception recognized to further the free exchange of ideas without impairing the present or future economic value of the work.  Copyright holders profit from extending licenses to others to use their works.  If works are used or re-produced without a license, the copyright holder may be entitled to damages.

Pinterest’s business model certainly appears to be problematic when viewed from this intellectual property perspective.  Pinterest encourages its users to “organize and share all the beautiful things you find on the web.”  Even the simplest transaction on Pinterest may result in copyright infringement.  For example, a user who maintains a board of his or her dream travel destinations finds a beautiful picture of the Colosseum in Rome taken at sunset from the website of a photographer.  The user clicks the “Pin It” button on their browser and the image is pinned to their board.  What seems like a simple action may be direct infringement of the copyright held by the photographer.  Pinterest asks users to credit the source of images it pins, but doing so doesn’t necessarily cure the infringement because the user has not obtained permission to use the image.  Additional problems arise when users credit inaccurate sources and deprive the authors of appropriate credit as well as the ability to promote the work.

Pinterest arguably facilitates the violation of privacy rights as well; in particular, a person’s right to publicity, by allowing users to pin images of people.  A person has the right to control the commercial use of his image.  For example, if an actor or athlete has licensed his image for use by Warner Brothers Studio or the NFL, that license does not extend to users of Pinterest and those that pin those images may violate that person’s privacy rights.

Pinners and Pinnees Beware

Pinterest is likely protected from liability under the safe harbor provisions of the Digital Millennium Copyright Act (“DMCA”), which provides immunity to service providers for acts of copyright infringement by customers who use their service.  Nonetheless, Pinterest has implemented additional protective measures.  Its Terms of Service (“TOS”) require Pinterest users to certify that they “are the sole and exclusive owner” of all content that is pinned or that “you have all rights, licenses, consents and releases” necessary to grant Pinterest rights to the content.  The TOS further require users to represent that the content that they pin does not “infringe, misappropriate or violate a third party’s patent, copyright, trademark, trade secret, moral rights or other proprietary or intellectual property rights or rights of publicity or privacy.”  Users agree to furnish Pinterest with a “worldwide, irrevocable, perpetual, non-exclusive, transferable, royalty-free license” to use, sell, copy, transfer or distribute the works pinned by its users.  It is highly unlikely that the millions of users of Pinterest obtain these licenses and representations that Pinterest requires of its users.  Nonetheless, pinning continues and pinners increase their susceptibility to claims of infringement.

Pintrest users are not as able to insulate themselves from potential liability.  If Pinterest subsequently sells or distributes images pinned by a particular user, the user may be liable for infringement.  In addition, users who pin images taken from the web may be subject to infringement claims from the copyright holders whose content is infringed.  Notably, small businesses owners who use the web to sell and advertise their products stand to miss what are already very limited opportunities to license and profit off of their works.  They have a big incentive to bring infringement claims against users of Pinterest.

Pinterest has provided some protection for the copyright holders whose works are pinned, but it may not be enough.  Pinterest offers an “opt-out” code that allows websites with copyrighted works to prevent Pinterest users from pinning images from the copyright holder’s website.  Users who attempt to pin images from the websites that make use of the “opt-out” code receive a message stating, “This site doesn’t allow pinning to Pinterest.  Please contact the owner with any questions.  Thanks for visiting!”  The efficacy of this “opt-out” code is questionable, since Pinterest is new and copyright holders may not be aware that the code is available.  In addition, the existence of the code might result in the unintentional grant by the copyright holder of an implied license to pin for the pinner.  The grant of an implied license to use copyrighted materials has been found in similar situations.  In Nevada, the owner of a website containing copyrighted material failed to make use of widely available code that would enable him to prevent the display of images from his website on Google.  The court found that the website owner’s failure to make use of the code resulted in a grant of an implied license to cache and display images from the website to Google.  Copyright holders who fail to employ the “opt-out” code offered by Pinterest may similarly be at risk.

Pinterest Not Completely Out of the Water

Despite the DMCA and its TOS, Pinterest may not be able to shield itself completely.  Immunity under the DMCA might not be available should Pinterest start to monetize the pins.  Pinterest has experimented with several revenue options including advertising and embedding affiliate links to pins featuring goods from retails sites like Target and Amazon.  If someone clicks on the link and purchases a product featured in the pin, Pinterest may make money from the transaction.

Additionally, claims for contributory infringement (for inducing infringing behavior,) may start to proliferate, and courts could perceive Pinterest as they did Napster and find that the service Pinterest provides compels infringing behavior.  The Napster court found that Napster’s service, which allows users to exchange and download copyrighted music files from their computers, encouraged and assisted the infringement of its users and that Napster had actual and specific knowledge of the infringement.  The court also found that Napster derived a financial benefit because the infringing material attracted additional customers to the service, thereby increasing its customer base and ultimately its revenue.  The service provided by Pinterest arguably is comparable to Napster, and Pinterest certainly benefits from the increase in traffic and marketing opportunities.

Should I Use Pinterest?

Whether folks – particularly the risk averse (looking at all lawyers out there) among us – should use Pinterest in light of these concerns is an individual question.  Pinterest provides a unique and socially useful service that inspires creativity, yet places an important responsibility on its users.  Whether this responsibility is too much to ask from the typical consumer remains to be seen, but if Pinterest is to survive, users must evolve and adapt to the new digital media platform.  That means users of Pinterest must learn to comply with the TOS of the site and to obtain permission before using certain images that may infringe on the intellectual property rights of others.  It also means that small business owners should recognize the possibilities presented by Pinterest and take steps to protect their intellectual property (opt-out), while at the same time being open to free publicity or licensing of their works for display to the large (and growing) audience of Pinterest users. 

Big businesses such as large retail chains should view Pinterest as a gold mine as Pinterest combines consumers with similar interests and tastes in one place.  Companies that would benefit from this should open accounts and create boards with lasting imagery for its customers and products.  Doing so might create a buzz about certain products and drive traffic to Pinterest boards and their websites.  All companies must ensure that they make use of their own images, or images they are licensed to use, to avoid any infringement issues.

Pinterest must also be open to adapting and evolving.  Just as Pinterest allows for copyright holders to opt out of having their works pinned, it should work toward developing mechanisms for users to obtain permission, or limited licenses, from copyright holders in order to pin works on Pinterest properly.  That way Pinterest can at least provide some protection to those who are most important to the site: the users.

Many thanks to Paul Pittman, out of our D.C. office, who contributed greatly to the research and drafting of this article. Reversed; But Communications Decency Act Analysis Stands

Wednesday, February 22nd, 2012

The Ninth Circuit has reversed itself on the result in one of the few cases holding for liability under the Communications Decency Act – the case. The CDA provides immunity to an “interactive computer service” that does not provide content to the site. The Ninth Circuit, en banc, had previously reversed a trial court ruling finding no liability on on grounds that section 230 did not provide immunity because actually developed the discriminatory questions, directly suggested discriminatory answers and included a discriminatory search mechanism all directly related to the alleged illegality of the site.

However, on the second time up, the Ninth Circuit found that the Federal Housing Act does not apply to the sharing of living units, and that privacy and constitutional concerns distinguish sharing of living units from simply renting accommodations. The basis for the ruling therefore leaves in place the analysis for finding liability under the CDA under the prior Ninth Circuit opinion, but finds there could be no liability in this case because even if the website actively assisted in the discriminatory activity, because it is not illegal to discriminate with regard to sharing living accommodations. Fair Housing Council of San Fernando Valley v., ___ F.3d ___ (9th Cir. 2012).

“Think Before You Tweet: Learning Social Media Lessons the Hard Way”

Tuesday, August 9th, 2011

Jim Holmes, a Parter in our LA office, recently published an entertaining article regarding social media etiquette and the learning curve that some companies have had to endure.  The article details some recent social media “issues,” as well as ways companies can avoid or mitigate similar digital media gaffes prospectively.

Looking forward to speaking at Bridge Conference in D.C. this week

Monday, July 18th, 2011

It seems that I will not be able to escape the heat as 100 degree temps are forecast for both Chicago and D.C. this week.  Regardless, am looking forward to presenting at the 2011 Bridge to Integrated Marketing & Fundraising Conference.  My co-presenter (and friend) Cyndi Greenglass and I will be speaking about privacy issues faced by digital marketers, including adequate disclosure and informed consent.  Our presentation is scheduled for 2:00 pm on Thursday, July 21; details for the conference are here.

About Us
Sedgwick provides trial, appellate, litigation management, counseling, risk management and transactional legal services to the world’s leading companies. With more than 350 attorneys in offices throughout North America and Europe, Sedgwick's collective experience spans the globe and virtually every industry. more >

Subscribe via RSS Feed
Receive blog updates via email: