Google, Yahoo, and Ad Networks Agrees to Set of Best Practices to Combat Online Piracy

Mintz Logo

The United States Intellectual Property Enforcement Coordinator Victoria Espinel recently blogged about a new effort to combat online piracy of intellectual property.  The broad-based effort attempts to leverage the participation of several large internet/publishing companies (GoogleYahooMicrosoft, AOL and Condé Nast), advertising networks (24/7 MediaAdtegrity) and the Interactive Advertising Bureau.  The parties have agreed to voluntarily adopt a set of best practices to remove advertising from websites that are primarily engaged in copyright piracy (movies, video games, music, books, etc.) or selling counterfeit goods.

In addition to efforts by companies to combat a similar problem using the Copyright Alert System, which we have previously covered, the current agreement takes aim at shutting down the profitability (and it is hoped, the major incentive) of these piracy websites to attenuate their proliferation.

The parties have agreed to implement these procedures and establish a system whereby a rights holder will send an initial informal complaint to one of the participating ad networks alleging that the website at issue is “principally dedicated to” engaging in copyright piracy and/or counterfeiting goods.  Further, the website must have no “substantially non-infringing uses.”  Upon receipt of a complaint, the ad networks will investigate and determine whether to take action, which can range from requesting the website cease from engaging in the alleged activity, to an embargo on advertisements placed by that ad network on the website until such time as the alleged violations are removed, or ultimately, removing the website from the ad network altogether.  While not required to, the ad network may also consider any evidence provided by the website owner that it is either not principally dedicated to counterfeiting or copyright piracy, or has substantial non-infringing uses.  Any such “counter notice” should include the content prescribed in the Digital Millennium Copyright Act (17 U.S.C. §512(g)(3)).  In addition, the participating ad networks will be certified by the Interactive Advertising Bureau’s Networks and Exchanges Quality Assurance Guidelines.

It is important to note that the burden to initiate the process is squarely on the rights holder, the guidelines explicitly noting that (i) there is no burden on the ad networks to police or actively monitor the websites on which their ads are placed; and (ii) by participating in this program, the ad networks do not prejudice their ability to maintain any “safe harbor” status they may otherwise be entitled to.

These best practices certainly have the critical mass to succeed.  The critical question, however, will be the quality of the analysis by the ad networks in response to allegations of piracy or counterfeiting, and the efficacy of this avenue of redress as perceived by the rights holders.  Regardless, this agreement, which may be refined going forward, is another step towards alleviating some of the pressure search engines have been under recently to take more proactive steps toward protecting intellectual property.

Article By:

 of

Reporters Committee and Media Companies Back Google, Microsoft in Foreign Intelligence Surveillance Court (FISA)

ArmstrongTeasdale logo

In a historic move for The Reporters Committee for Freedom of the Press (RCFP), the organization has filed an amicus brief with the secretive Foreign Intelligence Surveillance Court (FISA) to support the free-speech rights of Google and Microsoft. The July 15, 2013 action marks the first time RCFP has both filed with the FISA Court and backed the First Amendment interests of Internet companies.

The RCFP has provided free legal advice, resources, support, and advocacy to journalists for more than 40 years.  It is joined in the brief by the following media companies: The Associated Press, Bloomberg L.P., Dow Jones & Company, Inc., Gannett Co., Inc., Los Angeles Times, The McClatchy Company, National Public Radio, Inc., The New York Times Company, The New Yorker; The Newsweek/Daily Beast Company LLC, Reuters America LLC, Tribune Company, and the Washington Post.

In June, both Microsoft and Google filed petitions with the FISA Court seeking permission to publish data on national security requests they received and which had been authorized by the court. The same month the American Civil Liberties Union (ACLU) and the Media Freedom and Information Access Clinic at Yale Law School filed a brief with the FISA Court requesting that it publish its opinions on the meaning, scope, and constitutionality of Section 215 of the Patriot Act.

That section authorizes the government to obtain “any tangible thing” relevant to foreign-intelligence or terrorism investigations.  It was the legal basis for an April FISA Court order requiring Verizon to turn over “on an ongoing daily basis” to the National Security Agency all call logs “between the United States and abroad” or “wholly within the United States, including local telephone calls.” The order was revealed by U.K.-based newspaper The Guardian in early June.

The amicus filing by RCFP and the coalition of news-media organizations supports the ACLU arguments that the court should release decisions that interpret the FISA laws and create binding precedent. However, the RCFP  brief emphasizes a related point: that the public has a First Amendment right to know both about the secretive court’s core activities and receive information from Google and Microsoft. The brief describes the two companies as “speakers” with significant free-speech interests who want to provide the public with information about the government surveillance programs in which they have been required to participate.

“In addition to implicating their rights as speakers, the Google and Microsoft cases raise important concerns relating to the interests of the public in receiving information, an interest that the Supreme Court has long recognized as a separate component of the speech and press freedoms under the First Amendment,” the brief argues. “Where the communications providers are willing speakers, the public has a heightened interest in hearing their speech. That interest is heightened even more when the government is itself choosing to provide information to the public regarding issues central to the Google and Microsoft cases.”

The information Google and Microsoft want to share with the public is not prohibited by law, the media coalition states, and this information “will better explain the nature of their participation in these (government-surveillance) programs and correct popular misconceptions about the operation of key antiterrorism initiatives undertaken by the government.”

The brief continues that the issues raised in the petitions are vitally important to both national security and civil liberties: “They inevitably and rightfully are going to be the subject of public reporting and debate, and secrecy is preventing the public and the press from having even the rudimentary information needed for the kind of informed discussion that the country deserves.”

 of

Twitter: Little Statements with Big Consequences for Companies

McBrayer

Twitter is under attack. In recent months, accounts belonging to media giants CBS, BBC, and NPR have all been temporarily taken over by hackers. The Associated Press is the most recent victim. On April 23, 2013, a false statement about explosions at the White House and the President being injured sent shock waves through the Twitter-sphere. The real surprise is the effect the single tweet had in the real world: the Standard & Poor’s 500 Index dropped so sharply moments after the frightening tweet that $136 billion in market value was wiped out. While the hacking of these massive media outlets make headlines, everyday businesses are not safe from the threat, either. In February of this year, a hacker changed the @BurgerKing feed to resemble that of McDonald’s, putting the McDonald’s logo in place of Burger King’s. The hackers posted offensive claims about company employees and practices. If accounts belonging to well-established companies like these are vulnerable, so is yours. If a tweet can have a profound impact on the nation’s stock market, imagine what an ill-contrived tweet could do to your business.

Business owners may have the knee-jerk reaction to delete their Twitter account, but despite the recent blemishes to its security, Twitter remains one of the most important social media sites out there. Just recently, the Securities Exchange Commission made clear that companies could use social media like Twitter when announcing key information in compliance with Regulation Fair Disclosure. Twitter is not just a marketing or PR tool—Twitter is business. And you should never turn your back on existing business. So instead of hanging up your hashtags, consider some steps that can make your Twitter account safer.

Limit Access

Not every employee should have access to the company’s Twitter account. In fact, hardly anyone should, except a few designated employees like the marketing director or business owner. While those with access may never do anything harmful to the account, the more people who have the log-in information, the more likely it is to fall into the wrong hands.

Create a strong password

I know, you already have too many passwords to remember. But a creative password is your best defense against someone seeking to break into your account. Employers should, at minimum, have unique passwords for their most commonly used media sites; please do not use the same word for your Facebook, LinkedIn, and Twitter account. Once a hacker figures it out, they have control of your entire social media presence.

When creating a password, avoid using anything that would be too common. “Password,” “1234,” or the business’s name should never be the only thing standing between you and a hacker. The longer the password, the better. Use a mix of uppercase and lowercase letters, numbers, and symbols.

Article By:

 of

Price Transparency and the Legal Marketplace

consumer_colorlogo (1)

My teenage children don’t know a world without the internet; a place where the sum of all human wisdom is a few clicks away.
Or where it’s really easy to research and buy the latest videogame.

 

Aside from the democratization of information and sharing enabled by the internet, the biggest impact of the web in most people’s lives is how it has transformed the consumer experience.  It has done so in two important ways:  by creating unprecedented levels of transparency and removing friction from the purchase process.   In nearly every industry, a wealth of information is available to consumers prior to making a purchase:  what the options are, differences between products, user feedback, and price transparency.  With full information about products, including price, the internet makes comparison shopping easy.

 

And with all of that information, purchasing is smoothed out as well.  Web services continue to refine the art of removing friction from the purchase process.  Amazon aggressively knocked down reasons to purchasing goods in brick-and-mortar stores.  Uber removed the transactional choke points from cab rides.  iTunes made it easy to buy music on an a la carte basis.  Much of the consumer internet continues to iterate and expand on the winning concept of blending ever-higher levels of information with ever-smoother transaction processing.

 

This online purchasing revolution has also reached beyond everyday consumer goods and services.  Buying insurance, trading stocks, even government licensing – all have been streamlined online.

 

But there’s one notable area that has remained largely impervious: legal services.  Despite some increases in transparency on lawyer backgrounds (Avvo) and do-it-yourself online legal forms (LegalZoom), the legal marketplace has seen nothing approaching the change in consumer empowerment and ease of transacting experienced in virtually all other industries.
It’s not as if legal services is a tiny economic niche.  The market for legal services in the U.S. is worth over $250 billion per year, and nearly 40% of that is made up of consumer legal spending.  Rather, a mixture of byzantine regulation, barriers to market entry, and restrictions on common forms of marketing have kept consumers from experiencing the same form of experimentation and innovation that has transformed the delivery of so many other goods and services:

  • Until the late 1970’s, lawyers in the U.S. could not advertise in any meaningful way, and many states still have laws on the books prohibiting lawyers from using common advertising techniques.
  • Non-lawyers cannot own even a minority interest law firms, preventing outside investment in the industry and removing the ability to offer equity compensation to talented non-lawyer leaders.
  • Except in limited circumstances, attorneys are prevented from participating in services that attempt to match clients with lawyers based on specific legal circumstances.
  • Rules based on the geographic location of an attorney prevent many forms of remote counseling, even when the matter in question is not dependent on a given state’s law.
  • Legal obligations in most states make it difficult for attorneys to offer limited-scope services that attempt to counsel or coach consumers through specific legal issues rather than engage in full-blown client advocacy.

Some of these restrictions are rooted in a learned profession’s reliance on tradition and resistance to rapid change, and much of it stems from a desire to protect clients and ensure the quality of legal work.  But a consequence of the locked-down nature of the industry is that many consumers who would otherwise use legal services do not avail themselves of them.

 

It’s not hard to see why.  There’s no way to shop for a lawyer-reviewed estate plan the way you would for a pair of shoes or a flight to Mexico.  And beyond price transparency, attorneys and law firm have shown little interest in marketing fixed-price, entry-level offerings that work fine for a large percentage of consumers.  Instead of leading with such offers and then upselling to those needing more involved help, the vast majority of lawyers treat every client as being in need of a custom solution.

 

It’s a shame for both consumers and lawyers. Many consumers who choose to do without a lawyer’s help are no doubt getting suboptimal outcomes in their legal matters.  And lawyers, by failing to deliver the transparency and ease of transacting that consumers have become used to, are missing out on a massive, underserved market.

–          Josh King is vice president and general counsel of Avvo.com, the web’s largest legal Q&A platform, directory and marketplace.

Federal Communications Commission (FCC) Considers Proposal To Lift 25% Cap On Indirect Foreign Investment In Broadcast Licensees

Sheppard Mullin 2012

In August 2012, the Coalition for Broadcast Investment (“CBI”), a group comprising national broadcast networks, radio and television station licensees, and community and consumer organizations, filed a letter with the FCC requesting clarification of the foreign ownership rules contained in Section 310(b)(4) of the Communications Act. Specifically, CBI requested clarification that “the FCC will conduct a substantive, facts, and circumstances evaluation of proposals for foreign investment in excess of 25 percent in the parent company of a broadcast licensee.…” If adopted, this approach would represent a marked change of course for the FCC, which has in the past “categorically refused” to consider transactions involving investment in broadcasters above the 25% benchmark, according to CBI.

Citing the numerous other contexts where foreign investment above 25% is permitted (including, among others, sectors such as cable, direct-to-home satellite, and wireless), CBI highlighted the “structural disadvantage” broadcasters face because of the FCC’s “effective presumption” against foreign investment above 25% in the broadcast sector. In addition, CBI pointed out that ending the presumption would place broadcasters “on the same footing” as other industry participants, facilitating crucial access to capital in a market where they face increasing competition for consumers.

In February 2013, the FCC responded with a Public Notice (MB Docket No. 13-50) soliciting comments on CBI’s request. The first round of comments were due April 15, and a review of those submissions reveals a uniform desire for the FCC to relax the de facto 25% indirect cap applied to foreign ownership in broadcasters. Although all commenters supported CBI’s request, different groups highlighted particular points of emphasis.

Adelante Media Group, the National Association of Broadcasters, and Nexstar Broadcasting all noted that the Over-the-Top providers competing with traditional broadcasters face no restriction on foreign ownership. The Minority Media and Telecommunications Council emphasized that encouraging foreign investment in broadcasters would help “reverse the decline in minority broadcast ownership.” The National Association of Media Brokers referenced the fact that many entities that provided working capital to prospective new broadcasters were no longer in the market.

The question remains whether the FCC will hear the pleas of the broadcasters for regulatory parity. On the one hand, broadcasters may have reason for optimism if the FCC’s recent Public Notice (IB Docket No. 11-133) stating that it has streamlined its policies and procedures for reviewing foreign ownership of common carrier wireless licenses and certain aeronautical radio licenses is any indication. On the other hand, the broadcast industry has a long history of special concern in Congress due to its potential to influence the outcome of elections, and the FCC has not yet heard from Congress on these issues.

Reply comments on the proposal to lift the 25% cap on indirect foreign ownership of broadcast licensees are due at the FCC on April 30.

Article By:

 of

“The #1 Client-Generation Tool:” The Web-Based Art of Legal Marketing

The business of law has always been important but today it is far more complicated due to the web which has allowed the channels of advertising and business development to grow exponentially. From product placement in movies to handrails featuring advertisements, commercial culture serves as an omnipotent force and has yielded two great premises:  that we as a people respond to advertisements and that the Internet is a powerful tool for advertising.

Mark Britton, founder, CEO and president of Avvo, teaches attorneys and marketing professionals to have no legal fear when it comes to the business of law. In his upcoming address at Lawyernomics 2013 entitled “Issue Spotting: Turning 10 Legal Marketing Challenges Into Opportunity,” he seeks to instruct attorneys how to establish a marketing protocol in order to expand their practices. Mr. Britton sat down with me recently to further school the legal community on web-based legal marketing and how to “sell” one’s self in the modern legal landscape.

Attorneys historically self-promoted by attending large gatherings at rotary clubs but now there are multiple outlets for them to sell their services, such as LinkedIn, YouTube and blogging. According to Mr. Britton, a practitioner can utilize any “set of variables” for advertising purposes and this is important, given the rising number of lawyers and the resulting competition. Therefore, in order to truly succeed in today’s legal marketplace, attorneys must remain strategic and learn how to manage their businesses effectively.

The Internet, which Mr. Britton characterized as “central to life” as the law, serves as the most influential avenue for legal marketing. Facebook alone hold 8 million registered users—a small nation of its own. Practitioners must therefore act defensively—while they frequently rely on word of mouth, they must transfer this technique to such Internet sources as Yelp, Reputation.com and the Yellow Pages. Mr. Britton advises that the attorney who is aware of her “Google status” is ahead of the game.

In addition, attorneys must act on the offensive by making use of the Internet to increase clientele. Mr. Britton relayed how in his interactions with thousands of lawyers on a yearly basis, the common complaint is that the less experienced attorneys obtain more business because they advertise more. Regardless of the level of experience and professionalism, practitioners must utilize the web as a “tremendous strategic tool” to attain a larger client base. For example, they can join blogging spheres and practice groups that exchange ideas, build networks and develop business. This sort of self-promotion might be considered “unseemly” by some lawyers, yet the Internet serves as the number one tool to generate clients.

Mr. Britton acknowledges the challenge of thinking in a technology-driven, business-geared mentality when one comes from a legal background. He stresses that the objective should be to take on the role of an opportunity-spotter rather than just an issue-spotter.  However, in law school, we were trained only to take fact patterns and analyze them and when we practice, we spot the issue and mitigate risks, all without placing any emphasis on the business aspects of practicing law. As a result, when it comes to a tool such as social media, nine out of ten attorneys will focus on its privacy issues, entirely missing the point of its social networking benefits.

For all the attorneys and legal marketing professionals who struggle with how to go about conforming to the marketing must’s, Mr. Britton offers his insights on five baselines of legal marketing with the ultimate intention of converting contacts into clients:

#1. Establish your target audience.

Who are you searching for? Future and existing clientele? Law firms invest significant resources into bringing in clients so figure out who you are trying to attract so you can tailor your marketing strategies accordingly. For example, after establishing that you want to attract clients, refrain from writing your blog posts in legalese.

#2. Target your time and money as it relates to your target audience.

This should be preplanned and reviewed on a quarterly basis and should be initiated with a goal in mind. For instance, if your aim is to acquire a higher number of lawyer referrals, find space in your budget and calendar to start an e-newsletter or present at a conference.

#3. Target channels that you think are valuable one at a time.

Be deliberate about your marketing tools. Learn if your channels’ ROI is worth the time and money and either maintain the channel or turn it off accordingly. After you start that e-newsletter, get Constant Contact or any other service that provides monthly reports to figure out how many people are reading them and whether it is a successful investment.

#4. Measure your targets by figuring out the benefits.

Hire a consultant to see if you are actually gaining benefits from your investments. Paying high fees to place an ad in the Yellow pages is pointless if you do not know how many clients you are actually attracting.

#5. Establish a strong web presence.

Your website is the modern-day calling card so certify that it is in fact well-developed. To exemplify, if someone were to raise a point on Twitter and you respond by saying you wrote about this topic on your blog, the potential client may go to your website and develop her first impression of you through your website. This is often how social networking works—it all goes back to the website where people first connect with you. Make sure you also have strong seo controls in place so you can zero in on the demographics of your website visitors.

Article By:

 of

Protect Your CEO’s Tweets and Posts from U.S. Securities Exchange Commission (SEC) Enforcement Action

vonBriesen

The U.S. Securities Exchange Commission (SEC) Enforcement Division altered the jet stream of blogosphere commentary last December by, for the first time, recommending legal action against a CEO on account of a Facebook post. Immediately after the announcement, a blizzard of articles, tweets, and blogs buried the mediascape with opinions about the critical role of CEO social media use in the new economy, the wisdom or foolishness of allowing CEO’s to Tweet or post, and whether the SEC should be time warped back to the Stone Age it seems to prefer.

Sweeping away the accumulated hyperbole reveals two important takeaways from the SEC’s announcement, applicable to both public and private companies: i) the more things change, the more they remain the same, and ii) this latest “grave threat” to the modern world is not a crisis, but an opportunity. Social media can be a valid, legal, and effective way to communicate with investors, if it’s done right.

About Regulation FD

The SEC’s action responded to a July 2012 Facebook post by CEO Reed Hastings stating that members watched over 1 billion hours on Netflix in June. Netflix estimated that Hastings had reached 200,000 people through his Facebook, Twitter, and LinkedIn accounts. The SEC felt this was material information for investors and that by announcing it through social media, rather than more traditional outlets, Netflix had violated Regulation Fair Disclosure (Reg. FD).

The SEC adopted Reg. FD in 2000 to fix a perceived lack of fairness in the public securities markets. Before Reg. FD, public companies could share material information with analysts who participated in conference calls or meetings not open to smaller investors. Well-connected investors got trading advantages over the general public. Reg. FD prohibits public companies from providing material information to limited groups of investors without simultaneously making the information available to the entire marketplace.

Under Reg. FD, public disclosures must be made by “filing or furnishing a Form 8-K, or by another method or combination of methods that is reasonably designed to effect broad, non-exclusionary distribution of the information to the public.” The “other method” most often employed is a press release to an array of media outlets likely to disseminate the information broadly and quickly. Individuals and companies violating Reg. FD risk injunctions and monetary penalties.

Use of Social Media Growing, Creating Risks

Social media channels first became critical communication tools for companies after adoption of Reg. FD. A 2010 study of the 100 largest companies in the Fortune 500 found that 79% were using at least one of the four most popular social media platforms. See Burson-Marsteller Fortune Global 100 Social Media Study, Feb. 23, 2010, available at http://www.burson-marsteller.com/Innovation_and_insights/blogs_and_podcasts/BM_Blog/Lists/Posts/Post.aspx?ID=160

A 2012 Forbes article cited an IBM study saying 57% of surveyed CEO’s likely would be using social media by 2017. Mark Fidelman, IBM Study: If you Don’t Have a Social CEO, YourGoing to be Less Competitive, FORBES, May 22, 2012.

The SEC itself uses social media to disclose important information such as speeches, trading suspensions, litigation releases, and administrative proceedings.

While some CEOs see social media as “part of their job description,” others try to minimize risk by having employees write or review tweets before posting, and some CEOs have already tried social media and moved on. See Leslie Kwoh and Melissa Korn, 140 Characters of Risk: Some CEO’s Fear Twitter, WALL STREET JOURNAL, September 26, 2012.

Not everyone does, or should, use all forms of social media. The point of Twitter, for example, is to provide information contemporaneously with the occurrence of a thought or an event. This promptness is both the differentiating touchstone of the medium and its source of danger. Quick, unconsidered, unscripted communications by senior executives of public companies pose risks in the form of leaked intellectual property, disclosed business plans, angered customers, litigious investors, and frothy regulators. The SEC Netflix announcement demonstrates the potential for liability arising from disclosures of information requiring consideration through social media focused solely on promptness. A Facebook post subjected to prior review might have been a better choice.

Even where the SEC does not act, executives may be at risk. In May 2012, retailer Francesca’s Holdings Corporation fired its CFO, Gene Morphis after he tweeted: “Board meeting. Good numbers = Happy Board.” Mr. Morphis, who was also active on other social media outlets, had a history of postings about earnings calls, road shows, and other work related matters. Morphis lost his job even though the SEC took no action. Rachel Emma Silverman, Facebook and Twitter Postings Cost CFO His Job, WALL STREET JOURNAL, May 14, 2012.

Social Media Without Big Risk

The SEC has never issued guidance about the use of social media, but it has issued guidance that websites could be deemed sufficiently “public” to satisfy Reg. FD when: (1) it is a recognized channel of distribution, (2) posting on the web site disseminates the information in a manner making it available to the securities marketplace in general, and (3) there has been a reasonable waiting period for investors and the market to react to the posted information. Indeed, “for some companies in certain circumstances, posting … information on the company’s web site, in and of itself, may be a sufficient method of public disclosure,” SEC Release No. 34-58288 (Aug. 7, 2008) at 18, 25.

This is an example of how “the more things change, the more they stay the same” when it comes to the intersection of law and technology. The purpose of Reg. FD is to make sure that all investors have access to the same information roughly simultaneously. The specific communications method is not important so long as the principle of public disclosure to the general market, not subsets of investors, is served. Because 8-K filings and press releases were the most common ways to quickly and broadly disseminate information in the past, investors knew where to look for them and could monitor those information outlets. Now, when companies establish their websites as well-known places to find press releases, SEC filings, and supplemental information, they, too, have become acceptable means for Reg. FD disclosures.

The same analysis applies to social media, as well as any new communications technology that may exist in the future. The critical question is: has the company sufficiently alerted the market to its disclosure practices based on the regularity, prominence, accuracy, accessibility, and media coverage of its disclosure methods? If so, social media should be just as acceptable as any other communication tool.

One company seems to have found the right balance. Alan Meckler, CEO of WebMediaBrands Inc. drew the SEC’s attention after a pattern of regularly disclosing company information through social media back in December 2010. The SEC’s Division of Corporation Finance questioned whether Mr. Meckler’s Tweets “conveyed information in compliance with Regulation FD.”SEC letter dated December 9, 2010. Despite, the investigation, the SEC brought no enforcement action.

To use social media with minimum SEC risk, the company must educate investors so that they know such communications will always occur at a particular place and at least simultaneously with other outlets. This is done by a regular pattern of social media disclosure and links to other sources, such as SEC filings, showing the way. A company should not force investors to win a shell game, finding the nut of important information in Twitter this time, on Facebook the next time, and Instagram after that. Consistency, predictability, and transparency are key. Used this way, social media present an opportunity to communicate with investors in new ways, not a source of legal problems.

©2013 von Briesen & Roper, s.c

Can Having Employees Pose for the Camera Pose Problems for You?

The National Law Review recently featured an article regarding Employee Photos written by Amy D. Cubbage with McBrayer, McGinnis, Leslie and Kirkland, PLLC:

McBrayer NEW logo 1-10-13

Employers have a variety of reasons for using employee photos, including:

  • internal company use (for a company directory or in the break room);
  • external use (such as the company website or a blog post—you’ll find my picture below);
  • for safety precautions (name badges or scan cards); and
  • for commercial use in advertisements or marketing.

Employees are usually amendable to having their picture taken. But, there may be a few who express their genuine disinterest in being photographed. Such employees could simply be camera shy; others may have a more serious reason to refuse to have an image published.  Some may need to protect anonymity for personal reasons, such as past domestic abuse.  Others may adhere to religions forbidding taking pictures.

There are generally no legal ramifications for using employee photos, unless it is for commercial purposes.  Most states, including Kentucky, have laws that require permission before using an individual or their “likeness” for commercial purposes. This is due to the commonly held notion that a person has property rights in his or her name and likeness and those rights should be shielded from exploitation. Kentucky’s law is codified in KRS 391.170.

If you need to use employee photos for a commercial use, there is a simple solution. Have employees sign releases in which they acknowledge that their picture may be used in a company advertisement and they will receive no compensation for the use of their photo. Keep these releases on file.

Even in a state where consent is not required, it is always a smart approach to use a release so that employees will not be surprised when they see their face plastered on a promotional piece. If minors appear in the commercial materials always use extra caution. Use a consent form, whether required or not, to be signed by the child’s parents.

A warning about taking photos of potential employees: if you take photographs of applicants applying for a job (to help remember who’s who), it may put you at risk for a discrimination claim. A photograph creates a record of certain protected characteristics (i.e., sex, race, or the presence of a disability) that employers generally cannot use in hiring considerations. If this information is collected and a discrimination claim arises, the burden will be on the employer to prove the photographs were not used to make a discriminatory employment decision.

I will leave you with a little common sense about employee photos. Always remember to publicize when the office picture day will be; no one likes showing up ill-prepared. Offer a “redo day” for those who are truly unhappy about how their picture turned out. If all else fails, resort to photoshopping. A little lighting adjustment or cropping can work wonders for a shutterbug humbug.

© 2013 by McBrayer, McGinnis, Leslie & Kirkland, PLLC

Federal Trade Commission (FTC) Recommends Privacy Practices for Mobile Apps

The National Law Review recently published an article, Federal Trade Commission (FTC) Recommends Privacy Practices for Mobile Apps, written by Daniel F. GottliebRandall J. Ortman, and Heather Egan Sussman with McDermott Will & Emery:

McDermottLogo_2c_rgb

On February 1, 2013, the Federal Trade Commission (FTC) released a report entitled “Mobile Privacy Disclosures: Building Trust Through Transparency” (Report), which urges mobile device application (app) platforms and developers to improve the privacy policies for their apps to better inform consumers about their privacy practices.  This report follows other recent publications from the FTC concerning mobile apps—including “Mobile Apps for Kids: Disclosures Still Not Making the Grade,” released December 2012 (December 2012 Report), and “Mobile Apps for Kids: Current Privacy Disclosures are Disappointing,” released February 2012 (February 2012 Report)—and the adoption of the amended Children’s Online Privacy Protection Act (COPPA) Rule on December 19, 2012.  (See “FTC Updates Rule for Children’s Online Privacy Protection” for more information regarding the recent COPPA amendments.

Among other things, the Report offers recommendations to key stakeholders in the mobile device application marketplace, particularly operating system providers (e.g., Apple and Microsoft), application developers, advertising networks and related trade associations.  Such recommendations reflect the FTC’s enforcement and policy experience with mobile applications and public comment on the matter; however, where the Report goes beyond existing legal requirements, “it is not intended to serve as a template for law enforcement actions or regulations under laws currently enforced by the FTC.”  Nevertheless, such key stakeholders should take the FTC’s recommendations into account when determining how they will collect, use and transfer personal information about consumers and preparing privacy policies to describe their information practices because they reflect the FTC’s expectations under its consumer protection authorities.

At a minimum, operating system providers and application developers should review their existing privacy policies and make revisions, as necessary, to comply with the recommendations included within the Report.  However, all key stakeholders should consider the implications of recommendations specific to their industry segment, as summarized below.

Operating System Providers

Characterized within the Report as “gatekeepers to the app marketplace,” the FTC states that operating system providers have the “greatest ability to effectuate change with respect to improving mobile privacy disclosures.”  Operating system providers, which create and maintain the platform upon which mobile apps run, promulgate rules that app developers must follow in order to access the platform and facilitate interactions between developers and consumers.  Given their prominent role within the app marketplace, it is not surprising that the FTC directs numerous recommendations toward operating system providers, including:

  • Just-In-Time Disclosures.  The Report urges operating system providers to display just-in-time disclosures to consumers and obtain express, opt-in (rather than implied) consent before allowing apps to access sensitive information like geolocation (i.e., the real world physical location of a mobile device), and other information that consumers may find sensitive, such as contacts, photos, calendar entries or recorded audio or video.  Thus, operating system providers and mobile app developers should carefully consider the types of personal information practices that require an opt-in rather than mere use of the app to evidence consent.
  • Privacy Dashboard.  The Report suggests that operating system providers should consider developing a privacy “dashboard” that would centralize privacy settings for various apps to allow consumers to easily review the types of information accessed by the apps they have downloaded.  The “dashboard” model would enable consumers to determine which apps have access to different types of information about the consumer or the consumer’s device and to revisit the choices they initially made about the apps.
  • Icons.  The Report notes that operating system providers currently use status icons for a variety of purposes, such as indicating when an app is accessing geolocation information.  The FTC suggests expansion of this practice to provide an icon that would indicate the transmission of personal information or other information more broadly.
  • Best Practices.  The Report recommends that operating system providers establish best practices for app developers.  For example, operating system providers can compel app developers to make privacy disclosures to consumers by restricting access to their platforms.
  • Review of Apps.  The Report suggests that operating system providers should also make clear disclosures to consumers about the extent to which they review apps developed for their platforms.  Such disclosures may include conditions for making apps available within the platform’s app marketplace and efforts to ensure continued compliance.
  • Do Not Track Mechanism.  The Report directs operating system providers to consider offering a “Do Not Track” (DNT) mechanism, which would provide consumers with the option to prevent tracking by advertising networks or other third parties as they use apps on their mobile devices.  This approach allows consumers to make a single election, rather than case-by-case decisions for each app.

App Developers

Although some practices may be imposed upon app developers by operating system providers, as discussed above, app developers can take several steps to adopt the FTC’s recommendations, including:

  • Privacy Policies.  The FTC encourages all app developers to have a privacy policy, and to include reference to such policy when submitting apps to an operating system provider.
  • Just-In-Time Disclosures.  As with the recommendations for operating system providers, the Report suggests that app developers provide just-in-time disclosures and obtain affirmative express consent before collecting and sharing sensitive information.
  • Coordination with Advertising Networks.  The FTC argues for improved coordination and communication between app developers and advertising networks and other third parties that provide certain functions, such as data analytics, to ensure app developers have an adequate understanding of the software they are incorporating into their apps and can accurately describe such software to consumers.
  • Participation in Trade Associations.  The Report urges app developers to participate in trade associations and other industry organizations, particularly in the development of self-regulatory programs addressing privacy in mobile apps.

Advertising Networks and Other Third Parties

By specifically including advertising networks and other third parties in the Report, the FTC recognizes that cooperation with such networks and parties is necessary to achieve the recommendations outlined for operating system providers and app developers.  The recommendations for advertising networks and other third parties include:

  • Coordination with App Developers.  The Report calls upon advertising networks and other third parties to communicate with app developers to enable such developers to provide accurate disclosures to consumers.
  • DNT Mechanism.  Consistent with its recommendations for operating system providers, the FTC suggests that advertising networks and other third parties work with operating system providers to implement a DNT mechanism.

Trade Associations

The FTC states that trade associations can facilitate standardized privacy disclosures.  The Report makes the following recommendations for trade associations:

  • Icons.  Trade associations can work with operating system providers to develop standardized icons to indicate the transmission of personal information and other data.
  • Badges.  Similar to icons, the Report suggests that trade associations consider developing “badges” or other visual cues used to convey information about a particular app’s data practices.
  • Privacy Policies.  Finally, the FTC suggests that trade associations are uniquely positioned to explore other opportunities to standardize privacy policies across the mobile app industry.

Children and Mobile Apps

Commenting on progress between the February 2012 Report and December 2012 Report, both of which relied on a survey of 400 mobile apps targeted at children, the FTC stated that “little or no progress has been made” in increasing transparency in the mobile app industry with regard to privacy practices specific to children.  The December 2012 Report suggests that very few mobile apps targeted to children include basic information about the app’s privacy practices and interactive features, including the type of data collected, the purpose of the collection and whether third parties have access to such data:

  • Privacy Disclosures.  According to the December 2012 Report, approximately 20 percent of the mobile apps reviewed disclosed any privacy-related information prior to the download process and the same proportion provided access to a privacy disclosure after downloading the app.  Among those mobile apps, the December 2012 Report characterizes their disclosures as lengthy, difficult to read or lacking basic detail, such as the specific types of information collected.
  • Information Collection and Sharing Practices.  The December 2012 Report notes that 59 percent of the mobile apps transmitted some information to the app developer or to a third party.  Unique device identifiers were the most frequently transmitted data point, which the December 2012 Report cites as problematic, suggesting that such identifiers are routinely used to create user “profiles,” which may track consumers across multiple mobile apps.
  • Disclosure Practices Regarding Interactive App Features.  The FTC reports that nearly half of the apps that stated they did not include advertising actually contained advertising, including ads targeted to a mature audience.  Similarly, the December 2012 Report notes that approximately 9 percent of the mobile apps reviewed disclosed that they linked with social media applications; however, this number represented only half of the mobile apps that actually linked to social media applications.  Mobile app developers using a template privacy policy as a starting point for an app’s privacy policy should carefully tailor the template to reflect the developer’s actual privacy practices for the app.

Increased Enforcement

In addition to the reports discussed above and the revisions to the COPPA Rule, effective July 1, 2013, the FTC has also increased enforcement efforts relating to mobile app privacy.  On February 1, 2013, the FTC announced an agreement with Path Inc., operator of the Path social networking mobile app, to settle allegations that it deceived consumers by collecting personal information from their mobile device address books without their knowledge or consent.  Under the terms of the agreement, Path Inc. must establish a comprehensive privacy program, obtain independent privacy assessments every other year for the next 20 years and pay $800,000 in civil penalties specifically relating to alleged violations of the COPPA Rule.  In announcing the agreement, the FTC commented on its commitment to continued scrutiny of privacy practices within the mobile app industry, adding that “no matter what new technologies emerge, the [FTC] will continue to safeguard the privacy of Americans.”

Key Takeaways

App developers and other key stakeholders should consider the following next steps:

  • Review existing privacy policies to confirm they accurately describe current privacy practices for the particular app rather than merely following the developer’s preferred template privacy policy
  • Where practical, update actual privacy practices and privacy policies to be more in line with the FTC’s expectations for transparency and consumer choice, including use of opt-in rather than opt-out consent models
  • Revisit privacy practices in light of heightened FTC enforcement under COPPA and its other consumer protection authorities

© 2013 McDermott Will & Emery

People Still Value Privacy. Get Over It. Online Privacy Alliance.

An article, People Still Value Privacy. Get Over It. Online Privacy Alliance., published in The National Law Review recently was written by Mark F. Foley with von Briesen & Roper, S.C.:

vonBriesen

 

Sun Microsystems’ CEO Scott McNealy famously quipped to reporters in 1999: “You have zero privacy anyway. Get over it.” Sun on Privacy: ‘Get Over It‘, WIRED, Jan. 26, 1999, http://www.wired.com/politics/law/news/1999/01/17538.

 

At the time, Sun Microsystems was a member of the Online Privacy Alliance, an industry coalition seeking to head off government regulation of online consumer privacy in favor of industry self regulation. Although McNealy was widely criticized for his views at the time, it is fair to say that much of the technology world agreed then, or agrees now with his remark.

Have we gotten over it? Do we reside in a world in which individuals assign so little value to personal privacy that companies who collect, process, analyze, sell, and use personal data are free to do whatever they want?

There are indications that if it ever were true that consumers did not value privacy, their interest in privacy is making a comeback. Where commercial enterprises do not align their practices with consumer expectations and interests, a regulator will step in and propose something unnecessarily broad and commercially damaging, or outraged consumers will take matters into their own hands. Recent privacy tornadoes provide the proof.

For some time, employers have accessed public information from social media sites to monitor employee activities or to investigate the personal qualifications of prospective hires. But recently, companies have gone further, demanding that employees and prospects provide user names and passwords that would enable the company to access otherwise limited distribution material. Dave Johnson, a writer for CBS Money Watch, said employer demands for access to an employee’s or prospective hire’s Facebook username and password are “hard to see … as anything other than an absolutely unprecedented invasion of privacy.”  http://www.cbsnews.com/8301-505143_162-57562365/states-protect-employees-social-media-privacy/

The reaction was predictable. In the past year, six states – California, Delaware, Illinois, Maryland, Michigan and New Jersey – have reacted to public outcries by outlawing the practice of employers coercing employees into turning over social media account access information. At least eight more states have similar bills pending, including Massachusetts, Minnesota, Missouri, New York, Ohio, Pennsylvania, South Carolina, and Washington. See National Conference of State Legislatures Legislation Summary as of Jan. 8, 2013 at http://www.ncsl.org/issues-research/telecom/employer-access-to-social-media-passwords.aspx.

Similarly, Congress enacted the Children’s Online Privacy Protection Act (COPPA) in 1998 in response to the failure of self-regulation to limit the scope and nature of information collected from young children. COPPA and implementing regulations limited the collection of information from or about children less than 13 years old. In the past several years, it was widely conceded that this law was not effective in preventing the collection and use of personal information about our children, particularly where photographs and mobile phones were concerned. Companies collecting and using information about children took no action to satisfy parental concerns.

The reaction? In December 2012, the Federal Trade Commission issued amended regulations to make clear that COPPA rules apply to a child-oriented site or service that integrates outside services, such as plug-ins or advertising networks, to collect personal information from visitors. The definition of restricted personal information now includes geolocation as well as photos, videos, and audio files that contain a child’s image or voice, and “persistent identifiers” that recognize users over time and across different websites or services.

Parents and job counselors have been warning for years that teenagers and young adults must not post unflattering images to their Facebook pages because, even if deleted, they will persist somewhere on the internet and may be found by prospective colleges and employers. There were many anecdotes about teenagers committing suicide after nasty postings or the distribution of photos. There did not seem to be a practical solution to the problem.

Last year, the European Commission proposed a sweeping revision to its already difficult data privacy rules to include an explicit “right to be forgotten.” If the proposal is adopted, individuals can demand that websites remove personal photos or other data. Companies that fail or refuse to do so could be fined an amount based on their annual income. The rules, as proposed, would apply both to information the data subject posted about herself and embarrassing information others posted about her, unless the website can prove to a regulator that the information is part of a legitimate journalistic, literary, or artistic exercise. Such a new law would set up a dramatic clash between the European concept of privacy and the American concept of free speech.

For the past three years we’ve heard shocking stories about phone Apps that quietly collect information about our searches, interests, contacts, locations, and more without disclosure or a chance to opt out. The uproar led to only limited action that has not satisfied consumer concerns.

The reaction? U.S. Representative Hank Johnson has proposed The Application Privacy, Protection, and Security (APPS) Act of 2013, which would require App developers to disclose their information-gathering practices and allow users to require that their stored information be deleted.

Increasingly, consumers are not waiting for regulatory action, but are taking privacy protection into their own hands. For example, Instagram built a business on its photosharing App. Shortly after it became popular enough to be purchased by Facebook, Instagram issued new terms of service and privacy policies that appeared to give the company the right to use uploaded images without permission and without compensation. The Washington Post described consumer reaction as a “user revolt. . . on Twitter where shock and outrage mixed with fierce declarations swearing off the popular photo-sharing site for good.” http://articles.washingtonpost.com/2012-12-18/business/35908189_1_kevin-systrom-instagram-consumer-privacy. The Twitter response was so memorable that perhaps, in the future “insta-gram” will come to have a secondary meaning of “a massively parallel instantaneous complaint in cyberspace.”

The blogosphere and Twitterterra were filled with apologies and explanations by Instagram and others stating the company was not a bad actor and truly had no intention of using photos of your naked child to sell diapers without your permission. Even some of the harshest critics admitted, “it’s [not] quite as dramatic as everyone . . . made it seem like on Twitter.” See Theron Humphrey quoted in David Brancaccio’s Marketplace Tech Report for December 19, 2012, http://www.marketplace.org/topics/tech/instagrams-privacy-backlash-and-dirty-secret-data-caps. But the truth about the revised terms and conditions may not matter because consumer goodwill toward Instagram had been destroyed by the perception.

Instagram users are not alone in their disapproval of commercial uses of personal information. Consumer analytics company LoyaltyOne released a July 2012 survey that shows U.S. consumers are increasingly protective of personal information. Of the 1,000 consumers responding, only about 50% said they would be willing to give a trusted company their religious or political affiliation or sexual orientation, only 25% were willing to share commonly commercialized data such as their browsing history, and only 15% were willing to share their smart phone location. See summary of findings at http://www.retailcustomerexperience.com/article/200735/Consumers-still-value-privacy-survey-shows. USA Today reported that an ISACA survey of adults 18 years and older showed that 35% would not share any personal information if offered 50% off a $100 item, 52% would not share any personal information if offered 50% off a $500 item, and 55% would not share any personal information if offered 50% off a $1,000 item. USA TODAY, Bigger Discount, Less Sharing, January 21, 2013.

I’m confident everyone reading this Update has been sufficiently careful and prudent in their own personal and professional lives; but who among us has not had an, ahem, family member, who does not regret a photo posted to a social media site, an unappreciated email joke, or a comment in a tweet or blog that looks much less “awesomely insightful” after the passage of a few days. (Is there an emoticon meaning “I’m being really facetious”?) Such brief moments of indiscretion can lead to disproportionately bad results.

Have commercial collectors, users, and resellers of such information shown sufficient willingness to respond to consumer’s widespread discomfort with the permanent retention and uncontrolled access to their personal information, candid photos, and musings?

We no longer inhabit a Wild West without limit on the collection and use of personal information for commercial purposes. Be assured, that when something perceived to be bad happens, there will be a violent, goodwill damaging, market value destroying, throw-out-the-baby-with-the-bath-water Instagram-like response that will obliterate some current business models and corporate franchises. Notwithstanding terms and conditions of service that try contractually to deprive users of any right to complain about your use of their data, they will complain and they will vote, with both their Feet and their Tweets.

There are very good social, psychological, religious, and political reasons why privacy should be protected. See Wolfgang Sofsky, PRIVACY: A MANIFESTO (Princeton Univ. Press 2008). As consumers and parents we instinctively know that privacy is important, even if we can’t precisely define it and can’t say exactly why. Even though we’ve sometimes been too foolishly willing to let go of privacy protections in exchange for the convenience of a nifty new website or clever new App, we do, in the end, still care. We know there is something important at issue here. We should not forget this insight when we change hats and become business people deciding what data to collect and how to use it.

Companies that want to avoid receiving an “insta-gram,” that want to build long term relationships with consumers, need to accept that sentiment has changed when designing their programs, analytics, and business models. It’s time to throw out McNealy’s aphorism. Businesses need to recognize that today consumers increasingly do value their privacy, and get over it.

©2013 von Briesen & Roper, s.c