The best argument for why companies should never simply copy and paste the text of another entities’ privacy policy onto their own website can be found in the recent announcement by the FTC of a settlement reached with Snapchat – relating to misrepresentations contained in the Privacy Policy, among other things. (Snapchat is not alleged to have used someone else’s Privacy Policy as its own; however, its mistakes in its public statements about its products illustrate fully that companies should say what they mean, and mean what they say in their privacy policies!) Continue reading
Category Archives: Social Networking
LinkedIn Sued for Providing “Trusted References” to Paying Subscribers
On October 9, 2014, a class action complaint was filed in the U.S. District Court for the Northern District of California alleging that LinkedIn violated the Fair Credit Reporting Act, 15 U.S.C. § 1681 et seq., (“FRCA“) by offering to subscribers reports containing “Trusted References” without complying with the FCRA’s requirements to keep the data safe from disclosure. Sweet v. LinkedIn Corp., Civ. A. No. 5:14-cv-04531 (N.D. Cal. filed Oct. 9, 2014) (available at Law360 – subscription required).
Specifically, the complaint alleges that LinkedIn: 1) failed to comply with the certification and disclosure requirements of the FRCA for credit reporting agencies who furnish consumer reports for employment purposes; 2) failed to maintain reasonable procedures to limit the furnishing of consumer reports for the purposes enumerated in the FRCA and to assure the maximum possible accuracy of these reports; and 3) failed to provide the notices required by the FRCA to users of the consumer reports. Id. at 2. Plaintiffs seek both damages for past violations and injunctive relief to prevent the continued misuse of these reports in violation of the FRCA. Id. Continue reading
New Year’s Resolution: Always Read Terms of Service for Social Media Networks!
You should always read very carefully the various terms of service associated with the social media networks in which you participate – particularly with respect to ownership of the material that you post and/or share on these sites. In other words, do you know who owns what you post?
Recently, one social media site’s public announcement highlighted this question in appalling clarity. On December 17, 2012, Instagram announced that it had the right to sell any photo that you took and uploaded using its service – in other words, to “commercialize” it. (SeeCNET’s article about the change in terms: Declan McCullagh, “Instagram says it now has the right to sell your photos,” CNET, Dec. 17, 2012.)
If you are unfamiliar with Instagram, it used to be a standalone company, but was recently acquired by Facebook and is used on Facebook to share customized photos with your networks.
Here’s the rub: the right to distribute (or not to) is actually an exclusive right set forth in the Copyright Act as being owned EXCLUSIVELY by the copyright owner. 17 U.S.C. §106. Not by a vendor who handles the distribution.
Unless the author has licensed its ability to redistribute an “original work of authorship fixed in a tangible medium of expression” (as an original photograph surely is) to another, any redistribution of a published work constitutes copyright infringement under 17 U.S.C. §501, and carries certain remedies and penalties depending on the context.
The public outcry in response to this notice was apparently widespread, as Instagram immediately appeared to retract this statement, and stated that users retain the copyrights in their original photographs even when posting them using Instagram’s tools. Declan McCullagh and Donna Tam, “Instagram apologizes to users: We won’t sell your photos,” CNET, Dec. 18, 2012; see also Instagram Blog, “Thank You and We’re Listening,” Dec. 18, 2012. Its restatement of the policy suggested that Instagram believed the hue and cry to have been solely based on a misunderstanding of the revised terms of use and privacy policies.
In this restatement, Instagram explained that ownership rights would not change as a result of this policy, and neither would any privacy settings users have already set. Current Version of Instagram’s Privacy Policy and Terms of Use, updated Dec. 18, 2012.
The Copyright Alliance points out that this explanation does not meant that Instagram cannot commercialize your images – in fact, the text that Instagram removed was merely a disclosure of the ways in which it “can” use your photos:
“Instagram has issued a statement saying that it has heard its customer’s complaints, is removing the clause that most offended its customers, and reverting to its old terms of use. But ironically, the clause that caused the outrage, and which Instagram says it has removed, was merely a disclosure and acknowledgment by the user of how Instagram could use a customer’s images. Removing that clause alone doesn’t change the license the user grants Instagram. Moreover, even if Instagram reverts to its current terms of service, those terms of use not only permit Instagram to commercialize user posted images in virtually unrestricted ways, they pass the responsibility for paying any royalties or fees owed for such commercialization on to the user who originally posted the works.” (emphasis added). Read the Copyright Alliance’s full article for more on this point, “Instagram Still Has the Right to Commercialize Your Work (or Why You Should Read Terms of Service Carefully),” Dec. 21, 2012.
The lesson to be learned here is to be proactive with all of your social media use – understand what Terms of Service apply to your use, and whether the company will be using your information in a way with which you are not comfortable. Review carefully to determine whether by using their site, you automatically grant the site a license to use your content (your text, pictures, video, whatever) without specific notice or obtaining your consent to that specific use.
And, try to stay on top of changes to these policies in case changes are made that further impose on your privacy or intellectual property rights. Many of these policies have a “these terms can be modified without prior notice” provision, but the sites may also host blogs that announce new features or changes to their services. You might want to subscribe to them (through RSS feeds or email) so that you are notified promptly of any advertised changes.
Here are links to some of the more commonly-used social media sites, and their relevant blogs (if available):
You might also be interested in posts from The Copyright Alliance(their article on Instagram is here) or the Electronic Frontier Foundation(their article on Instagram is here) generally, as they both cover issues like these on a regular basis.
Two New Privacy Lawsuits Filed — Part One, Facebook
Within the last few weeks, two major companies have been sued for alleged violations of privacy laws – one filed before the Federal Trade Commission seeking an investigation into Facebook’s privacy settings and the other filed in federal court, styled as a class action against Netflix. (The Netflix suit will be analyzed separately, in Part 2 of this topic.)
Facebook Complaint
On December 17, 2009, privacy advocates filed a complaint with the Federal Trade Commission, requesting that “the FTC open an investigation into Facebook’s revised privacy settings.” In the Matter of Facebook, Inc., Docket Number —- (FTC); see also EPIC’s Press Release, “EPIC Defends Privacy of Facebook Users: Files Complaint with the Federal Trade Commission,” Dec. 17, 2009.
Facebook announced its privacy policy revisions in a December 9 Press Release, “Facebook Asks More Than 350 Million Users Around the World To Personalize Their Privacy; Service Gives Users New Tools to Control Their Information” – which suggested that the changes would actually benefit users, and help them protect their information. In fact, however, these changes potentially undo the restrictive settings that users may have applied to keep their profiles closely guarded and viewable only by “friends.”
A copy of the Complaint, Request for Investigation, Injunction and Other Relief can be found on EPIC’s site, but EPIC is not the only plaintiff. Nine other consumer protection organizations have joined, namely the American Library Association (see also their privacy resources), The Center for Digital Democracy (see also a Dec. 17 blog post that explains CDD’s reasons for joining the complaint), Consumer Federation of America, FoolProof Financial Education, Patient Privacy Rights (see also their Dec. 11 criticism of Facebook’s privacy policy changes and their Feb. 18 analysis of the Complaint Almost Filed Against Facebook), Privacy Activism, Privacy Rights Now Coalition, The Privacy Rights Clearinghouse and the U.S. Bill of Rights Foundation. (If the organization name is not hyperlinked, it’s because I could not find an updated web site for the organization. If you find one, please post it in the Comments section below.)
Other Information about Facebook’s Privacy Policies
* EPIC has also developed an “In Re Facebook” page, on which it summarizes all of the actions it has taken to date relating to privacy issues faced by Facebook participants, provides a background to the debate, and chronicles various articles that have been written about the complaint. (Last updated on Dec. 30, although it appears to be kept current, so keep checking back.)
* The Electronic Frontier Foundation (EFF) has also posted (Dec. 21) an interesting article on its Deep Links Blog entitled, “Who Knows Who Your Facebook Friends Are?”, discussing how Facebook’s changes to its privacy policies have exposed users’ list of friends – thus causing real problems for political activists operating under oppressive regimes. Another EFF article worth reviewing in detail is “Facebook’s New Privacy Changes: The Good, The Bad, and The Ugly” (Dec. 9).
* The New York Times’s Brad Stone blogged about the lawsuit in an article entitled “Privacy Group Files Complaint on Facebook Changes,” (Dec. 17) which has been updated to include Facebook’s response to the Complaint. The response notes that Facebook “discussed” the revisions to its privacy policies with regulators, including the FTC.