Category: Communication Media & Internet

Resist the Urge to Access: the Impact of the Stored Communications Act on Employer Self-Help Tactics

As an employer or manager, have you ever collected a resigning employee’s employer-owned laptop or cellphone and discovered that the employee left a personal email account automatically logged in? Did you have the urge to look at what the employee was doing and who the employee was talking to right before resigning? Perhaps to see if he or she was talking to your competitors or customers? If so, you should resist that urge.

The federal Stored Communications Act, 18 U.S.C. § 2701et seq., is a criminal statute that makes it an offense to “intentionally access[ ]without authorization a facility through which an electronic communication service is provided[ ]and thereby obtain[ ] . . . access to a[n] . . . electronic communication while it is in electronic storage  . . . .” It also creates a civil cause of action for victims of such offenses, remedied by (i) actual damages of at least $1,000; (ii) attorneys’ fees and court costs; and, potentially, (iii) punitive damages if the access was willful or intentional.

So how does this criminal statute apply in a situation in which an employee uses a personal email account on an employer-owned electronic device—especially if an employment policy confirms there is no expectation of privacy on the employer’s computer systems and networks? The answer is in the technology itself.

Many courts find that the “facility” referenced in the statute is the server on which the email account resides—not the company’s computer or other electronic device. In one 2013 federal case, a former employee left her personal Gmail account automatically logged in when she returned her company-owned smartphone. Her former supervisor allegedly used that smartphone to access over 48,000 emails on the former employee’s personal Gmail account. The former employee later sued her former supervisor and her former employer under the Stored Communications Act. The defendants moved to dismiss the claim, arguing, among other things, that a smartphone was not a “facility” under the statute.

While agreeing with that argument in principle, the court concluded that it was, in fact, Gmail’s server that was the “facility” for purposes of Stored Communications Act claims. The court also rejected the defendants’ arguments (i) that because it was a company-owned smartphone, the employee had in fact authorized the review, and (ii) that the former employee was responsible for any alleged loss of privacy, because she left the door open to the employer reviewing the Gmail account.

Similarly, in a 2017 federal case, a former employee sued her ex-employer for allegedly using her returned cell phone to access her Gmail account on at least 40 occasions. To assist in the prosecution of a restrictive covenant claim against the former employee, the former employer allegedly arranged to forward several of those emails to the employer’s counsel, including certain allegedly privileged emails between the former employee and her lawyer. The court denied the former employer’s motion to dismiss the claim based on those allegations.

Interestingly, some courts, including both in the above-referenced cases, draw a line on liability under the Stored Communication Act based on whether the emails that were accessed were already opened at the time of access. This line of reasoning is premised on a finding that opened-but-undeleted emails are not in “storage for backup purposes” under the Stored Communications Act. But this distinction is not universal.

In another 2013 federal case, for example, an individual sued his business partner under the Stored Communications Act after the defendant logged on to the other’s Yahoo account using his password. A jury trial resulted in a verdict for the plaintiff on that claim, and the defendant filed a motion for judgment as a matter of law. The defendant argued that she only read emails that had already been opened and that they were therefore not in “electronic storage” for “purposes of backup protection.” The court disagreed, stating that “regardless of the number of times plaintiff or defendant viewed plaintiff’s email (including by downloading it onto a web browser), the Yahoo server continued to store copies of those same emails that previously had been transmitted to plaintiff’s web browser and again to defendant’s web browser.” So again, the court read the Stored Communications Act broadly, stating that “the clear intent of the SCA was to protect a form of communication in which the citizenry clearly has a strong reasonable expectation of privacy.”

Based on the broad reading of the Stored Communications Act in which many courts across the country engage, employers and managers are well advised to exercise caution before reviewing an employee’s personal communications that may be accessible on a company electronic device. Even policies informing employees not to expect privacy on company computer systems and networks may not save the employer or manager from liability under the statute. So seek legal counsel if this opportunity presents itself upon an employee’s separation from the company. And resist the urge to access before doing so.

© 2019 Foley & Lardner LLP
For more on the Stored Communications Act, see the National Law Review Communications, Media & Internet law page.

Head Hacking: New Devices Gather Brainspray

For more than a decade I have been warning about the vulnerability of brainspray – the brain signals that can be captured from outside your head. In 2008, this article by Jeffery Goldberg demonstrated that an fMRI machine could easily interpret how a person felt about stimuli provided – which could be a boon to totalitarian governments testing for people’s true feelings about the government or its Dear Leader. Of course in 2008 the fMRI costs two million dollars and you must lie still inside it for a useful reading to emerge.

While fMRI mind reading and lie detection is not yet ready for the courtroom, its interpretations are improving all the time and mobile units are under consideration. And its wearable cousins, like iWatches and computerized head gear are reading changes from within your body, such as electrocardiogram, heart rate, blood pressure, respiration rate, blood oxygen saturation, blood glucose, skin perspiration, capnography, body temperature, motion evaluation, cardiac implantable devices and ambient parameters. Certain head gear is calibrated just for brain waves.

Some of this is gaming equipment and some helps you meditate.  Biofeedback headsets measure your brain waves, using EEG. They’re small bands that sit easily on your head and measure activity through sensors. Several companies like MindWave, NeuroSky, Thync, and Versus all make such equipment available to the general public.

Of course, if you really want to frighten yourself about how far this technology has advances, check in on DARPA and the rest of the US Military. DARPA has been testing brainwave filtering binoculars , human brainwave driven targeting for killer robots,  and soldier brain-machine interfaces for military vehicles. And these are just the things they are currently willing to dicuss in public.

I wrote six years ago about how big companies like Honda were exploring brainspray capture, and have spoken about how Google, Facebook and other Silicon Valley giants have sunk billions of dollars into creating brain-machine interfaces and reading brainspray for practical purposes.

I will write more on this later, but be aware that hacking of this equipment is always possible, which could give the wrong people access to your brain waves and pick up if you are thinking of your bank account PIN or other sensitive matter. Your thoughts of any sort should be protected from view.  Thought-crime has always been on the other side of the line.

Now that it is possible to read your brainspray with greater certainty, we should be considering how to regulate this activity.  I don’t mind giving the search engine my information in exchange of efficient immediate searches.  But I don’t want to open my head to companies or government.

Copyright © 2019 Womble Bond Dickinson (US) LLP All Rights Reserved.

For more in device hacking, see the Communications, Media & Internet law page on the National Law Review.

FTC Attorney on Endorsement Guide Compliance

Influencer marketing and review websites have attracted a great deal of attention recently by states and federal regulatory agencies, including the FTC.  The FTC’s Endorsement Guides addresses the application of Section 5 of the FTC Act to the use of endorsements and testimonials in advertising.

At their core, the FTC Endorsement Guides (the “Guides”) reflect the basic truth-in-advertising principle that endorsements must be honest and not misleading.  The Guides suggest several best practices, including, but not limited to the following:

  1. Influencers must be legitimate and bona fide users, and endorsements must reflect honest opinions.
  2. Endorsers cannot make claims about a product that would require proof the advertiser does not have.  Blogger and brands are potentially subject to liability for claims with no reasonable basis therefor.
  3. Clearly and conspicuously disclose material connections between advertisers and endorsers (e.g., a financial or family relationship with a brand)
  4. To make a disclosure “clear and conspicuous,” advertisers should use plain and unambiguous language and make the disclosure stand out.  Consumers should be able to notice the disclosure easily.  They should not have to look for it.  Generally speaking, disclosures should be close to the claims to which they relate; in a font that is easy to read; in a shade that stands out against the background; for video ads, on the screen long enough to be noticed, read, and understood; and for audio disclosures, read at a cadence that is easy for consumers to follow and in words consumers will understand.
  5. Never assume that a social media platform’s disclosure tool is sufficient.  Some platforms’ disclosure tools are insufficient.  Placement is key.
  6. Avoid ambiguous disclosures like #thanks, #collab, #sp, #spon or #ambassador.  Clarity is crucial.  Material connection disclosures must be clear and unmistakable.
  7. Do not rely on a disclosure placed after a CLICK MORE link or in another easy-to-miss location.
  8. Advertisers that use bloggers and other social media influencers to promote products are responsible for implementing reasonable training, monitoring and compliance programs (e.g., educating members about claim substantiation requirements and disclosing material connections, searching for what people are saying and taking remedial action).
  9. Statements like “Results not typical” or “Individual results may vary” are likely to be interpreted to mean that the endorser’s experience reflects what others can also expect.  Therefore, advertisers must have adequate proof to back up the claim that the results shown in the ad are typical, or clearly and conspicuously disclose the generally expected performance in the circumstances shown in the ad.
  10. Brands can ask customers about their experiences and feature their comments in ads.  If they have no reason to expect compensation or any other benefit before they give their comments, consult with an FTC CID and defense attorney to assess whether a disclosure is necessary.  If customers have been provided with a reason to expect a benefit from providing their thoughts about a product, a disclosure is probably necessary.

What about affiliate marketers with links to online retailers on their websites that get compensated for clicks or purchases?  According the FTC, the material relationship to the brand  must be clearly and conspicuously so that readers will be able to decide how much weight to give the endorsement.  In some instances – like when the affiliate link is embedded in a product review – a single disclosure may be adequate.

When the review has a clear and conspicuous disclosure of a material relationship and the reader can see both the review containing that disclosure and the link at the same time, readers may have the information they need.  However, if the product review containing the disclosure and the link are separated, readers may not make the connection.

Never put disclosures in obscure places, behind a poorly labeled hyperlink or in a “terms of service” agreement.  That is not enough.  Neither is placing a disclosure below the review or below the link to the online retailer so readers would have to keep scrolling after they finish reading.

Consumers should be able to notice disclosures easily.

U.S. regulators are not the only ones policing influencer disclosures.  In fact, the Competition and Markets Authority, the British government agency that regulates advertising, recently sent numerous warning letters to British celebrities and other social media influencers.  The CMA has also recently released its guidelines for influencers.

The FTC has already demonstrated that it monitors accounts of popular influencers.  It has also demonstrated that it can and will initiate investigations and enforcement actions.  Brands are well-advised to review promotional practices, implement written policies and monitoring protocols.

© 2019 Hinch Newman LLP

For more on influencers, endorsement & advertising, see the National Law Review Communications, Media & Internet law page.

How Harmful do Gender Stereotypes Need to be?

Ads Banned in UK Following New Rule

As we reported earlier this year, a new rule dealing with the depiction of harmful gender stereotypes, was introduced into the BCAP and CAP Codes as of June 2019.

The first decisions under the new rules have been released and we have seen two separate ads by Volkswagen and Philadelphia banned by the Advertising Standards Authority (ASA) under the new rule.

Volkswagen’s advert for its eGolf electric car, with the slogan “when we learn to adapt, we can achieve anything” features a man and a woman camping on a sheer cliff face, two male astronauts floating in space, a male athlete with a prosthetic limb, and a woman sitting next to a pram.

Separately, the Philadephia ad by Mondalez depicts fathers being distracted by the cheese spread long enough for their babies to end up on a conveyor belt of Philadelphia, resulting in an embarrassed dad saying “let’s not tell mum”.

Both ads received a number of complaints from the public on the basis that they were contrary to the new rule, which aims to ban harmful gender stereotypes in ads which can

“contribute to inequality in society” and “can, over time, play a part in limiting people’s potential.”

Whilst Volkswagen argued that caring for a new born child was a life-changing experience about adaption, regardless of the gender of the parent depicted, and that a female was also engaged in the adventurous activity of camping on the mountain, the ASA ruled that “unlike her male counterpart, the female rock climber was passive, because she was asleep” and that the woman with the pram was depicted in a stereotypical care-giving role.

Mondalez told ASA that it was in a “no-win situation” having deliberately chosen two dads to avoid depicting the stereotypical image of women handling the childcare responsibilities. However the ASA banned the ad on the basis that it reinforced the stereotype that males are ineffective in care-giving roles.

Critics have said that the watchdog has gone too far and in a statement posted on the website for ISBA, the body representing the UK’s leading advertisers, Phil Smith (director-general and a member of a working group that helped develop the new rules) said the bans are “concerning, both in terms of the precedent they set and the likely impact they will have on advertisers.”

Smith further commented

“In our view, the two decisions go beyond the intent of the new rule and guidance and will likely create confusion for advertisers and the broader co-regulatory system as they seek to address the harmful gender stereotypes and outdated portrayals this rule was designed to tackle.”

The effectiveness of the new rule will be reviewed by CAP in June 2020, to determine whether it is suitable in helping the ASA meet the rule’s objective. It will be interesting to see how the ASA applies the rule in future decisions.

© Copyright 2019 Squire Patton Boggs (US) LLP

ARTICLE BY Carlton Daniel and Katie Rodgers of Squire Patton Boggs (US) LLP.
For more on advertising regulation, see the National Law Review Communications, Media & Internet law page.

An Introduction to Digital Marketing Analytics for Law Firms

Analytics is the science behind the art of digital marketing and is an invaluable part of any law firm’s marketing strategy.  Digital analytics can provide a wealth of information that not only tells you how effective your digital channels are, but if analyzed properly, can provide fact-based information that can help identify prospect behavior and needs.  Legal marketers must be familiar with the proper web analytics tools to be able to capture and interpret the performance of their website but must also be able to go beyond their website to properly assess the performance and return of their digital marketing efforts. In this article we discuss  how law firms can merge web analytics and digital marketing analytics to improve the overall performance of their online marketing efforts.

Why Marketing Analytics Matter

To benefit from your marketing analytics, you must understand why they are important.  Analytics enables you to measure, analyze, and manage the performance of your digital marketing strategy in real time.  Legal marketers can leverage analytics to pinpoint problems and uncover areas of opportunity and potential growth. Knowing which digital marketing analytics are important to your bottom line will help you stay focused on the metrics that matter.

Why You Need to Measure Your Efforts

Your analytics should always include a measurement of your efforts. This is for one simple reason, sustainability. Essentially, you want to ensure that your marketing efforts are contributing to the growth of your firm and producing a positive return on investment (ROI).  By learning to create custom reports and glean actionable insights that actually matter to your firm, you can begin to make data-driven decisions and strengthen your marketing strategy.  At any point during your campaign, you can apply the data to tweak or remove tactics that are not producing the desired return.  By effectively leveraging data intelligence, you will build a more insightful and effective marketing plan.  The good news is that the process of tracking digital marketing has become very straightforward.  Your chosen marketing tool probably has analytics built-in, helping you measure your efforts.

Web Analytics Can Measure Those Efforts

Supplementing the built-in analytics with your marketing analytics is simple. Numerous websites offer web analytics tools, with Google Analytics being among the most famous and most popular. The most attractive reason to use Google Analytics is that it’s free!  Google Analytics will show you the number of views and visits to your website, where those visitors come from and what pages they are looking at. This information enables you to easily see how your website is performing in real-time. Google Analytics will even allow you to organize and track website data across all devices – smart phones, tablets, computers and even smart TVs.  To learn how to create a custom Google Analytics report, checkout this blog post.

Using KPIs

Evaluation of your efforts will come down to KPIs or Key Performance Indicators. You choose these criteria as measurements to demonstrate how effective your marketing strategies are at achieving your key business objectives. As such, they let you see if you are meeting your business goals, whether they are brand awareness or lead generation. Your marketing plan should include the KPIs that most closely meet your specific business objectives. Consider the following KPIs, as they are the most important for optimizing your campaigns:

  • Qualifies leads: This KPI lets you confirm that your campaign is generating qualified leads for your law firm
  • Cost Per Conversion: This metric allows you to evaluate how much you pay for each conversion to help you confirm that your marketing expenses are worth the expenditure.
  • Online Marketing Return on Investment: It should go without saying that your return on investment will let you know whether your efforts are worth it.
  • Form Conversion Rates: Form conversion rates help you determine how well your content marketing drives people to your law firm’s website and encourages them to take action. You can even use the combination of data from the forms and the form conversion rates to develop strategies that boost conversions.
  • Reach and share of voice on Social Media: Don’t forget to consider the conversions that you get from social media as one of your KPIs. This lets you determine which social media network is the best for you so that you can concentrate your efforts for the best ROI.

Takeaway

As a legal marketer, you must understand the impact of your marketing efforts through the effective use of digital marketing analytics and web analytics.  Applying data intelligence is invaluable to the process of improving and optimizing your marketing strategy.

© Copyright 2019 Good2BSocial

ARTICLE BY Talia Schwartz of Good2bSocial.
For more on marketing for law firms, see the Law Office Management page on the National Law Review.

How Are You Investing in Business-Building Relationships?

Discipline is the bridge between goals and accomplishment – Jim Rohn, international business management expert

Some things appear to be so simple that we assume (dangerously) that everyone “gets it.” Bear with me a moment.

For lawyers, it is imperative to consistently and persistently cultivate and nurture their relationships within their network; with clients, to receive more work and strengthen the loyalty bond; with referral sources, to receive more referrals; with prospects, to develop new work; and so on.

Why, then, is it that a significant number of lawyers either have no system — formal or otherwise — for getting and staying in touch with these people or do a dismal job of staying connected?

‘Getting and Staying in Touch’?

Again, a seemingly obvious question, but in my legal marketing practice of more than 25 years, I have worked with very few lawyers who realistically understand, as a practical matter, the fundamental principle of this phrase.

It is a widely known statistic that it takes 7-10 “touches” to achieve “top-of-mind awareness” status. Lawyers are implored to develop – often with the support of their legal assistant/marketing or IT team, a consolidated contact list including clients; industry and professional contacts; referral sources; prospects; friends and family; school classmates — law school, college, high school, etc.; co-workers and former co-workers; contacts from former clerkships; association contacts; community contacts; holiday card recipients; and so on.

Though it may be an arduous task to assemble all the business cards, old Rolodexes (yes, I’m showing my age), database printouts, etc., it is important to have all your contacts in one system. Can we say “CRM” (contact relationship management) system?

As I often relay to my clients, no list equals no connections, no communications with friends, peers, industry contacts and prospects, and, ultimately, no clients. Remember, we’re in the “relationship-building” business, and it becomes much more daunting to foster relationships if we don’t proactively get and stay in touch.

What does this mean to me?

For purposes of communicating regularly with your various constituents (clients, referral sources, prospects, etc.), no one communication message will be of interest to everyone on your contact list. That is to say, if you develop an e-newsletter or legal update on the importance of developing social media policies for the workplace and send it to your human resource clients, that topic may be of little interest to your charitable organization contacts unless they are involved in employment law issues. There is great efficiency and merit to tailor your message to an intended audience and there is no better way than to develop “categories” of contacts.

When it comes to knowing how, when and how often to reach out, paramount on most attorneys’ minds is that they do not want to be perceived as “too pushy” “aggressive” or otherwise annoying. Understandable. One principle I often convey to my clients is that most people are so involved in their own world, business, family, etc.; you are not capturing 100 percent of their attention most of the time. In other words, to adequately “register” on your targets’ radar, there must be regular, consistent and persistent “touch points”, be they via e-mail, phone call, face-to-face contact and social media outlets. You get the point.

Check Motivations

To build and grow a healthy practice, it is imperative to develop a system of getting and staying in touch but doing so with the appropriate mindset. In short, “It’s not about you.”

Lawyers often query, “What is it that I’m saying to all these people?” Lawyers sometimes say, “I don’t want to bother these folks”? Understandable.

My response is usually a variation on the theme of reaching out with a service mindset and with authentic intentions of checking in on your contacts’ business, seeing how they are making out with a recent transition or starting a new position, or a company move, etc. The universal sowing of seeds of goodwill will ultimately reap only good things. Or, relating another way, employing Newton’s Laws of Motion, “For every action, there is an equal and opposite reaction.” The more “goodwill” you put out, the more it will come back to you … usually multifold.

Time Considerations

Lawyers are very busy. Where do they “find” the time to get and stay in touch with everyone and have the oft-needed downtime?

Just today, I explained to a junior partner client that, if addressed productively, his contacts will soon become his friends. Consider this: we all have certain people with whom we enjoy sharing time. What if those special individuals could be the same ones in your categorized contact lists? How cool would that be? Kill two birds with, well, you know.

Many successful senior attorneys have worked most of their professional careers to create this very scenario though it didn’t happen overnight. It took years, in some cases, one contact at a time. This brings me to my next point.

Leverage Technology

In our digital age, it has never been easier to “get and stay connected” via a host of technological tools (e.g., LinkedIn, Facebook, Twitter, Instagram, blogging). Not a technophile? No sweat; there are “people” who make a career of helping clients “connect”. One such job title is “certified social media specialist”.

Net-Net

In the fiercely competitive legal services arena, cultivating strong relationships is more important than ever before. As a successful lawyer and business owner, you must find a way to get and stay in touch with your desired audiences, targeted constituents and those folks who ultimately can help you grow a healthy practice. It is most easily done by:

• Commit to making it happen.

• Seek buy-in from your support resources (internal and/or external) so everyone is on the same page.

• Develop a viable and workable system for gathering, categorizing and maintaining contacts on an ongoing basis.

• Schedule dates/calendar regular communication with your contacts in addition to the other regular “touches”.

  • For example, on Mondays, review last week’s business development actions. Schedule in two blocks of 15-minute increments to follow up with each contact, offering something of value to them…a copy of a new relevant report, a link to an interesting article, a professional announcement of a common acquaintance.
  • On Tuesdays, place three phone calls to inactive clients to check in on their status/business. Ask if there is anything with which you can help them.
  • On Wednesdays, invite three referral sources to schedule a coffee in the next month. Mark your calendar and make it happen.
  • On Thursdays, research upcoming targeted networking events in an industry you serve, a Bar association event and/or other relevant organization.
  • On Friday, consider what concrete steps you’ve taken during the week and consider next steps to nurture the relationships you’ve cultivated. Take the afternoon off to recover from a busy week.
  • Repeat.

 

© 2019 KLA Marketing Associates.

For more on legal marketing, see the National Law Review Law Office Management page.

Corporate Closedown Does Not Shield Boss From Potential TCPA Culpability

So, your corporation is sued under the Telephone Consumer Protection Act (TCPA). One defense strategy if you are the founder and sole owner: cease operations, terminate your employees, close your offices, formally dissolve the corporation and live in British Columbia. No potential individual exposure for TCPA violations in Alabama – right?

Not so fast, said the United States District Court for the Northern District of Alabama in Eric K. Williams v. John G. Schanck. 2019 U.S. Dist. LEXIS 151778, Case No.:5-15-cv-01434-MHH, decided September 6, 2019. Mr. Williams originally sued Stellar Recovery, Inc., a company founded and solely owned by Schanck, for collection calls made to the plaintiff’s cellphone in Alabama. Mr. Schanck then told the Court in a telephone conference call that “Stellar Recovery had dissolved and did not intend to participate in this lawsuit.” Mr. Williams moved to amend his complaint to add Mr. Schanck individually and Judge Madeline Hughes Haikala granted his motion.

But, wait a minute, countered Mr. Schanck. Service of the amended complaint on me in Vancouver, British Columbia does not afford the Court personal jurisdiction. Furthermore, Mr. Williams is too late because he added me as a defendant after the four-year TCPA statute of limitations had passed. So, Mr. Schanck moved to dismiss under Federal Rules of Civil Procedure (FRCP) 12(b)(2) and 12(b)(6), respectively.

The Court was unconvinced on both counts.

First, on the jurisdictional issue, the Court examined whether Mr. Schanck’s alleged contacts with the State of Alabama were sufficient to satisfy specific jurisdiction (i.e., “contacts within the forum state give rise to the action before the court”). Mr. Williams asserted that Mr. Schanck “guide[d], over[saw], and ratifie[d] all operations of…Stellar” and knew of the “‘violations of the TCPA alleged’ in the complaint and ‘agreed to and ratified such actions of his company.’” Indeed, throughout the complaint, Mr. Williams contended that “Stellar acted on behalf of Defendant Schanck.”

Mr. Schanck did “not challenge the factual allegations concerning his ownership interest in Stellar or his managerial control over the company.” Rather, he contended that the “corporate shield doctrine” precluded the Court from exercising jurisdiction over him. However, Judge Haikala noted that the “express language of the TCPA allows actions against corporate officers who authorize TCPA violations” and Mr. Williams “has alleged just that – that Mr. Schanck directed and authorized the alleged TCPA violations that purportedly occurred in this District.” Motion to dismiss for lack of personal jurisdiction under FRCP 12(b)(2) denied.

Second, the Court also dispensed with the statute of limitations issue. The Court concluded that the claim against Mr. Schanck as an individual arose out of the “conduct, transaction or occurrence set forth or attempted to be set forth in the original pleading.” Under such circumstances, the claims in the amended complaint could relate back to Mr. Williams original complaint.

But, Mr. Schanck argued, Mr. Williams knew about him and his status in Stellar yet chose only to sue the latter. Therefore, there could have been no mistake on his part about the “identity” of the proper party (i.e., Mr. Schanck) to sue and the FRCP 15(c) requirements regarding the timing of serving Mr. Schanck as a new defendant were not met.

Correcting Mr. Schanck’s application of that requirement, the Court noted that the issue was not about Mr. Williams knowledge, but “whether Mr. Schanck himself knew or should have known that he would be named as a defendant ‘but for an error’” by Mr. Williams. And at this stage, “if Mr. Williams contentions about Mr. Schanck’s involvement with Stellar prove correct,” then Mr. Schanck “reasonably should have known that he would be named as a defendant but for an error.” Motion to dismiss for failure to state a claim under FRCP 12(b)(6) denied.

So some TCPAWorld lessons learned about the solidity of the “corporate” shield when one person allegedly runs the company show.

© Copyright 2019 Squire Patton Boggs (US) LLP

Recent COPPA Settlements Offer Compliance Reminders

The recently announced FTC settlement with YouTube and its parent company, as well as the 2018 settlement between the New York Office of the Attorney General and Oath, have set a new bar when it comes to COPPA compliance.

The settlements offer numerous takeaways, including reminders to those that use persistent identifiers to track children online and deliver them targeted ads.  These takeaways include, but are not limited to the following.

FTC CID attorney Joseph Simons stated that “YouTube touted its popularity with children to prospective corporate clients … yet when it came to complying with COPPA, the company refused to acknowledge that portions of its platform were clearly directed to kids.”

First, under COPPA, a child-directed website or online service – or a site that has actual knowledge it’s collecting or maintaining personal information from a child – must give clear notice on its site of “what information it collects from children, how it uses such information and its disclosure practices for such information.”

Second, the website or service must give direct notice to parents of their practices “with regard to the collection, use, or disclosure of personal information from children.”

Third, prior to collecting personal information from children under 13, COPPA-covered companies must get verifiable parental consent.

COPPA’s definition of “personal information” specifically includes persistent identifiers used for behavioral advertising.  It is critical to note that third-party platforms are subject to COPPA when they have actual knowledge they are collecting personal information from users of a child-directed website.

In March 2019, the FTC handed down what, then, was the largest civil penalty ever for violations of COPPA following allegations that Musical.ly knew many of its users were children and still failed to seek parental consent.  There, the FTC charged that Musical.ly failed to provide notice on their website of the information they collect online from children, how they use it and their disclosure practices; failed to provide direct notice to parents; failed to obtain consent from parents before collecting personal information from children; failed to honor parents’ requests to delete personal information collected from children; and retained personal information for longer than reasonably necessary.

Content creators must know COPPA’s requirements.

If a platform hosting third-party content knows that content is directed to children, it is unlawful to collect personal information from viewers without getting verifiable parental consent.

While it may be fine for most commercial websites geared to a general audience to include a corner for children, it that portion of the website collects information from users, COPPA obligations are triggered.

Comprehensive COPPA policies and procedures to protect children’s privacy are a good idea.  As are competent oversight, COPPA training for relevant personnel, the identification of risks that could result in violations of COPPA, the design and implementation of reasonable controls to address the identified risks, the regular monitoring of the effectiveness of those controls, and the development and use of reasonable steps to select and retain service providers that can comply with COPPA.

The FTC and the New York Attorney General are serious about COPPA enforcement.  Companies should exercise caution with respect to such data collection practices.

© 2019 Hinch Newman LLP

Is Your Iphone Spying on you (Again)?

In the latest installment of this seemingly ongoing tale, Google uncovered (for the second time in a month) security flaws in Apple’s iOS, which put thousands of users at risk of inadvertently installing spyware on their iPhones. For two years.

Google’s team of hackers – working on Project Zero – say the cyberattack occurred when Apple users visited a seemingly genuine webpage, with the spyware then installing itself on their phones. It was capable of then sending the user’s texts, emails, photos, real-time location,  contacts, account details (you get the picture) almost instantaneously back to the perpetrators of the hack (which some reports suggest was a nation state). The hack wasn’t limited to Apple apps either, with reports the malware was able to extract data from WhatsApp, GoogleMaps and Gmail.

For us, the scare factor goes beyond data from our smart devices inadvertently revealing secret locations, or being used against us in court – the data and information the cyberspies could have had access to could wreak absolute havoc on the everyday iPhone users’ (and, the people whose details they have in their phones) lives.

We’re talking about this in past tense because while it was only discovered by Project Zero recently, Apple reportedly fixed the vulnerability without much ado in February this year, by releasing a software update.

So how do you protect yourself from being spied on? It seems there’s no sure-fire way to entirely prevent yourself from becoming a victim, or, if you were a victim of this particular attack, to mitigate the damage. But, according to Apple,  “keeping your software up to date is one of the most important things you can do to maintain your Apple product’s security”. We might not be ignoring those pesky “a new update is available for your phone” messages, anymore.

Copyright 2019 K & L Gates

ARTICLE BY Cameron Abbott and Allison Wallace of K&L Gates.
For more on device cyber-vulnerability, see the National Law Review Communications, Media & Internet law page.

Practical Tips and Tools for Maintaining ADA-Compliant Websites

Title III of the American with Disabilities Act (ADA), enacted in 1990, prohibits discrimination against disabled individuals in “places of public accommodation”—defined broadly to include private entities that offer commercial services to the public. 42 U.S.C. § 12181(7). Under the ADA, disabled individuals are entitled to the full and equal enjoyment of the goods, services, facilities, privileges, and accommodations offered by a place of public accommodation. Id. § 12182(a). To comply with the law, places of public accommodation must take steps to “ensure that no individual with a disability is excluded, denied services, segregated or otherwise treated differently than other individuals.” Id. § 12182(b)(2)(A)(iii).

In the years immediately following the enactment of the ADA, the majority of lawsuits alleging violations of Title III arose as a result of barriers that prevented disabled individuals from accessing brick-and-mortar businesses (i.e., a lack of wheelchair ramps or accessible parking spaces). However, the use of the Internet to transact business has become virtually ubiquitous since the ADA’s passage almost 30 years ago. As a result, lawsuits under Title III have proliferated in recent years against private businesses whose web sites are inaccessible to individuals with disabilities. Indeed, the plaintiffs’ bar has formed something of a cottage industry in recent years, with numerous firms devoted to issuing pre-litigation demands to a large number of small to mid-sized businesses, alleging that the businesses’ web sites are not ADA-accessible. The primary purpose of this often-effective strategy is to swiftly obtain a large volume of monetary settlements without incurring the costs of initiating litigation.

Yet despite this upsurge in web site accessibility lawsuits—actual and threatened—courts have not yet reached a consensus on whether the ADA even applies to web sites. As discussed above, Title III of the ADA applies to “places of public accommodation.” A public accommodation is a private entity that offers commercial services to the public. 42 U.S.C. § 12181(7). The First, Second, and Seventh Circuit Courts of Appeals have held that web sites can be a “place of public accommodation” without any connection to a brick-and-mortar store.1 However, the Third, Sixth, Ninth, and Eleventh Circuit Courts of Appeals have suggested that Title III applies only if there is a “nexus” between the goods or services offered to the public and a brick-and-mortar location.2 In other words, in the latter group of Circuits, a business that operates solely through the Internet and has no customer-facing physical location may be under no obligation to make its web site accessible to users with disabilities.

To make matters even less certain, neither Congress nor the Supreme Court has established a uniform set of standards for maintaining an accessible web site. The Department of Justice (DOJ) has, for years, signaled its intent to publish specific guidance regarding uniform standards for web site accessibility under the ADA. However, to date, the DOJ has not published such guidance and, given the agency’s present priorities, it is unlikely that it will issue such guidance in the near future. Accordingly, courts around the country have been called on to address whether specific web sites provide sufficient access to disabled users. In determining the standards for ADA compliance, several courts have cited to the Web Content Accessibility Guidelines (WCAG) 2.1, Level AA (or its predecessor, WCAG 2.0), a series of web accessibility guidelines published by World Wide Web Consortium, a nonprofit organization formed to develop uniform international standards across the Internet. While not law, the WCAG simply contain recommended guidelines for businesses regarding how their web sites can be developed to be accessible to users with disabilities. In the absence of legal requirements, however, businesses lack clarity on what, exactly, is required to comply with the ADA.

Nevertheless, given the proliferation of lawsuits in this area, businesses that sell goods or services through their web sites or have locations across multiple jurisdictions should take concrete steps to audit their web sites and address any existing accessibility barriers.

Several online tools exist which allow users to conduct free, instantaneous audits of any URL, such as those offered at https://tenon.io/ and https://wave.webaim.org/. However, companies should be aware that the reports generated by such tools can be under-inclusive in that they may not address every accessibility benchmark in WCAG 2.1. The reports also can be over-inclusive and identify potential accessibility issues that would not prevent disabled users from fully accessing and using a site. Accordingly, companies seeking to determine their potential exposure under Title III should engage experienced third-party auditors to conduct individualized assessments of their web sites. Effective audits typically involve an individual tester attempting to use assistive technology, such as screen readers, to view and interact with the target site. Businesses also should regularly re-audit their web sites, as web accessibility allegations often arise in connection with web sites which may have been built originally to be ADA-compliant, but have fallen out of compliance due to content additions or updates.

Companies building new web sites, updating existing sites, or creating remediation plans should consider working with web developers familiar and able to comply with the WCAG 2.1 criteria. While no federal court has held that compliance with WCAG 2.1 is mandatory under Title III, several have recognized the guidelines as establishing a sufficient level of accessibility for disabled users.Businesses engaging new web developers to design or revamp their sites should ask specific questions regarding the developers’ understanding of and ability to comply with WCAG 2.1 in the site’s development, and should memorialize any agreements regarding specific accessibility benchmarks with the web developer in writing.

See Carparts Distrib. Ctr., Inc. v. Auto. Wholesaler’s Ass’n of New England, Inc., 37 F.3d 12, 19 (1st Cir. 1994) (“By including ‘travel service’ among the list of services considered ‘public accommodations,’ Congress clearly contemplated that ‘service establishments’ include providers of services which do not require a person to physically enter an actual physical structure.”); Andrews v. Blick Art Materials, LLC, 268 F. Supp. 3d 381, 393 (E.D.N.Y. 2017); Doe v. Mut. of Omaha Ins. Co., 179 F.3d 557, 559 (7th Cir. 1999).

See Peoples v. Discover Fin. Servs., Inc., 387 F. App’x 179, 183 (3d Cir. 2010) (“Our court is among those that have taken the position that the term is limited to physical accommodations”) (citation omitted); Parker v. Metro. Life Ins. Co., 121 F.3d 1006, 1010-11 (6th Cir. 1997); Weyer v. Twentieth Century Fox Film Corp., 198 F.3d 1104, 1114 (9th Cir. 2000); Haynes v. Dunkin’ Donuts LLC, 741 F. App’x 752, 754 (11th Cir. 2018) (“It appears that the website is a service that facilitates the use of Dunkin’ Donuts’ shops, which are places of public accommodation.”).

See, e.g. Robles v. Domino’s Pizza, LLC, 913 F.3d 898, 907 (9th Cir. 2019) (holding that failure to comply with WCAG is not a per se violation of the ADA, but that trial courts “can order compliance with WCAG 2.0 as an equitable remedy if, after discovery, the website and app fail to satisfy the ADA.”).

© 2019 Vedder Price
This article was written by Margaret G. Inomata and Harrison Thorne of Vedder Price.
For more web-related legal issues, see the National Law Review Communications, Media & Internet law page.