One of our more popular posts of the year was the recent Online Marketers’ Guide to Online Privacy. It focuses mostly on U.S. law with some mention of of the E.U. Safe Harbor issues. The purpose of this post is to host information regarding international online privacy issues. If you know a good resource for a country not listed, let me know and I will update this periodically.
E.U. Regulations and Reforms
Reforms to the transfer of data from the E.U. to the U.S. may be coming. You can also read here.
The importance of E.U. regulations for online business cannot be understated. We will monitor these developments. In the meantime, know the basics and check out the Department of Commerce’s Safe Harbor website.
Other valuable resources
Let me know if I missed something and check back here later for details.
Thankful I didn’t copy images, parody the Beastie Boys, use overbearing TOS or have to stand behind TheDirty
With the short Thanksgiving week, I thought we would touch on a few interesting stories developing over the last couple of weeks.
Photographer gets $1 million+ verdict from AFP and Getty for copied Twitpics
In my three part series on using images from the web for your news stories, we talked about the Morel v. Agence France-Press case. Agence France-Press, the Washington Post and Getty used images of the Haitian earthquake put on Twitter by photographer Daniel Morel. The Washington Post settled, but the case went to trial last week against AFP and Getty. AFP thought they had permission from the photographer to use the images, but they did not get permission from the right person.
Previously, a judge rejected AFP’s argument that it could use the images because they were put up on Twitter. The Twitter terms of service did not provide that the photographer gave his rights in the images away or grant anyone else the right to use the images outside of Twitter. In the trial, it turns out AFP did not follow their internal guidelines on the use of images or take immediate corrective action. The jury awarded the upper end of the statutory damages.
Engineering gift for girls’ video spreads on Facebook – lawsuit follows.
I have a daughter. I liked this commercial.
I assumed they had the Beastie Boys’ permission. Apparently, they did not and the Beastie Boys sent a copyright cease and desist letter. The people at Goldiebox fought back and filed a suit asking the court to declare the parties’ rights. Is it a parody or do the Beastie Boys have to do this to make sure more people don’t use their songs in commercials? You can read more about the case here with some legal analysis from the EFF here. At least Goldiebox will get some more attention with the lawsuit at the beginning of the holiday shopping season.
Want to criticize me, it will cost you!
KlearGear’s terms of service state:
“In an effort to ensure fair and honest public feedback, and to prevent the publishing of libelous content in any form, your acceptance of this sales contract prohibits you from taking any action that negatively impacts KlearGear.com, its reputation, products, services, management or employees.
Should you violate this clause, as determined by KlearGear.com in its sole discretion, you will be provided a seventy-two (72) hour opportunity to retract the content in question. If the content remains, in whole or in part, you will immediately be billed $3,500.00 USD for legal fees and court costs until such complete costs are determined in litigation. Should these charges remain unpaid for 30 calendar days from the billing date, your unpaid invoice will be forwarded to our third party collection firm and will be reported to consumer credit reporting agencies until paid.”
A Utah couple criticized KlearGear on RipOff Report. Soon thereafter, KlearGear sent the couple a bill for $3,500. KlearGear never sued, but did report the couple as delinquent to the credit reporting agencies. We have talked about being proactive, but not too proactive, when it comes to online complaints. Since the news of this broke, KlearGear has shut down its Facebook page and its Twitter feed to hide from the blow back. You can read more here, here and here. This is not the kind of press you want before the shopping season.
Update 11/27/13 - a lawyer is now representing the couple and has sent a demand to KlearGear to remove the notation with the credit agencies or face a Fair Credit Reporting Act lawsuit. Read about it here.
Reputable companies line up to support TheDirty.com
Finally, we update you on the Jones v. TheDirty case we have talked about before. This is the suit by a former Cincinnati Bengals cheerleader against the website TheDirty. A Kentucky judge allowed the case to proceed against the rumor and trash site despite Section 230 of the Communications Decency Act which normally provides immunity for website operators based on user generated content. The jury awarded $380,000 and TheDirty.com appealed.
While some may believe the ends justified the means against this particular defendant, the refusal to dismiss this case flies in the face of almost every other Section 230 case. In this case, the court wrote “the very name of the site, the manner in which it is managed, and the personal comments of defendant Richie” shows that the site “specifically encouraged development of what is offensive about the content.” TheDirty.com asks people to “submit dirt.” Their submission form has entries for the “dirt,” and provides a link to upload photographs. The court seized on the fact that in response to the post about Jones, the site operator wrote “I love how the Dirty Army has a war mentality.” Thus, no dismissal by the judge.
Section 230 has its place. Imagine if Facebook, Google, or YouTube could be sued or had to police all of the user generated content. I don’t think those services would exist. That’s why many of them have filed amicus briefs with the Sixth Court of Appeals urging the court to reverse the ruling and dismiss the claims. You can read more here about how and why the likes of Amazon, Google, LinkedIn, Google and Microsoft are asking for the reversal.
I’ve hesitated to write this post because the law is always changing and you can’t cover it all in one blog post (thank goodness for linking). I did a presentation to the Houston Interactive Marketing Association this week which forced me to boil it down to digestable bites. If I had to give you three simple rules they would be:
1. Disclose what you do in plain English;
2. Avoid storing or transmitting Personal Health Information if you can; and
3. Avoid marketing to minors if you can.
At the presentation, we identified the numerous laws and regulations marketers had to know about including at least COPPA, HIPAA, the FTC’s guidelines, Self Regulatory Organization Guidelines, Cal-OPPA and the EU Safe Harbor status.
Regarding the Children’s Online Privacy and Protection Act and marketing to minors, you should check out my five-part series here. COPPA only applies if you collect personal information from children under 13, but the determination of whether you market to minors is not as clear as you might think. Last year, the FTC allowed private companies to send in suggestions on how to satisfy the parental notification requirement. The FTC recently rejected the idea of using the social graph.
In September, there were changes to HIPAA – the law governing the privacy of health information. If you are marketing for a medical practice or anyone that may retain Personal Health Information, unless you want to make medical a core business segment, you may want to avoid becoming what the law calls a “Business Associate.” If you are a Business Associate, you have to comply with HIPAA and compliance can be a pain.
A Business Associate is defined as someone or a company that provides “consulting, data aggregation, management, [or] administrative . . . services” to or for a Covered Entity, where the provision of the service involves the disclosure of protected health information from the Covered Entity, or from another business associate of such Covered Entity, to the person.
So the issue becomes whether you store or otherwise have access to Personal Health Information. Again, the analysis is not that simple. See here. You need to know both email and IP addresses are covered which is pretty basic information for online marketers.
The specifics of your marketing strategy will determine whether you need to be concerned. The point of this blog post is to make you think about it. Here is one marketer’s take on the issue. If you do a lot of marketing work for medical practices, doctors or hospitals, you should confer with a good HIPAA lawyer. If you have one medical practice as a client in an otherwise hearty stable of clients, you may want to consider whether that one client is worth the headaches and the risk.
The Federal Trade Commission is the agency insisting you disclose, disclose and disclose. The FTC’s more recent focus has been on mobile including this report from February 2013.
The more recent interesting drama has come from the W3C group’s unsuccessful attempts to come up with some “Do Not Track” proposals. The powerful Digital Advertising Alliance recently backed out leaving the ability of the W3C to promulgate suggestions in jeopardy.
Several years ago, the FTC urged private organizations to make some proposals. I previously warned the industry needed to police itself or the government would make their own regulations and you can read my 5-part series on Do Not Track here. For now, there is no Do Not Track law. You can still do it – as long as you disclose what you are doing and don’t mislead people. That was Google’s $17 million mistake.
You can read the DMA’s guidelines for online behavorial advertising which is a pretty good place to start. For mobile, check out the NAI Code of Conduct.
In the meantime, Wyndham Hotels is challenging the FTC’s authority to enforce alleged misrepresentations regarding privacy in a case we are watching. The court recently heard oral arguments on Wyndham’s motion to dismiss but no ruling has been made yet.
That’s where California comes in and strikes a middle ground. California did not ban tracking. But, effective January 1, 2014, if you retain personally identifiable information of a Californian, you will have to disclose how you respond to Do Not Track requests. I earlier posited that many companies will have to amend their privacy policies because of Cal-OPPA.
Finally, there is the EU requirements on privacy. Generally speaking, the E.U. prohibits the transfer of personal data to non-European Union countries that do not meet the European Union “adequacy” standard for privacy protection as directed in the European Union Directive on Data Protection of 1995. The U.S. is not on that list.
Generally, to comply with existing E.U. guidelines you need to:
1. Give a notice of what you collect and what you do with it and how individuals can ask about it.
2. Give individuals the chance to opt-out of disclosure to third parties for reasons outside of the main purpose.
3. Ensure that the company to whom you transfer data also had adequate protections.
4. Provide users access to the data you have about them.
5. Initiate adequate security, data integrity and enforcement procedures.
If you deal with customers in Europe you should consider looking into the Commerce Department’s Safe Harbor provisions that works like a Good Housekeeping Seal of Approval for dealing with the information of European consumers.
This post does not and cannot answer every question. Hopefully, now, however, you realize you may need to think a little more about the law when you start storing information about visitors to websites.
Last week, the Supreme Court of Texas heard oral arguments on whether a party can use a pre-suit deposition to identify an anonymous blogger. The petitioner tried to use a pre-suit subpoena to force Google to identify a blogger that constantly railed on how bad the company and its owner was. The trial court allowed the discovery, the court of appeals affirmed the trial court’s decision and now the highest court in Texas will have to answer the question.
The case is In re John Doe a/k/a Trooper. You can read the case summary here and the listen to the oral arguments here. We have talked about how to unmask the anonymous online tormentor before, but this case will shed some light on some of the more practical applications.
While the issue of anonymity is complex enough, the case also asks “whether Texas court rules governing discovery before a lawsuit is filed means that the trial court must have ‘personal jurisdiction’ over the ‘John Doe’ defendant–that is, the authority to hear a case against a person only after he has been served with papers notifying him of a suit–before his identity may be discovered.” Much of the argument focused on jurisdiction which is less sexy, but an equally important issue.
In Texas, under Rule 202, you can ask for discovery without filing suit to investigate the possibility of a claim. The company’s chairman lived here in Houston so the company sought to use Rule 202 to force Google to provide all information about the blogger.
The blogger filed documents that not only challenged the ability to unmask his identity, but challenged whether the Texas courts had any jurisdiction over him. If you do not have sufficient contacts with a state, usually you cannot be sued in that state. The anonymous blogger provided an affidavit claiming he did not live in Texas and did not have any contacts with Texas. When there is an actual lawsuit with an identified target, normally you are allowed to use discovery to challenge the assertions. If the person is not identified, challenging the assertion is next to impossible.
Then again, the purpose of pre-suit discovery is to determine whether you have a claim before you file suit. If you cannot file suit against someone with no contacts with Texas, then you should not be able to use the Texas courts to get information you may not be able to obtain in other jurisdictions. Other than the chairman of the company being in Houston, there was no other connection with the state. Plus, the blogger suggested the court should order the disclosure of only the IP address which could be tracked to a physical location.
There is little to no dispute that before a court requires the disclosure of an anonymous blogger, the person seeking the identity has to provide some basis to seek the identity. If the speech is purely political and protected by the First Amendment, it would be difficult to unmask the blogger. If it is commercial speech advertising a product, then there is little to no protections.
If the court gets over the jurisdictional hurdle, it will then have to decide what level of proof or pleadings does someone need to present before a court will order the identity to be disclosed. There are three standards: (1) a good faith basis for a claim; (2) sufficient pleadings to survive a motion to dismiss that assumes every allegation is true; or (3) a prima fascie case that would survive a motion for summary judgment that requires the right allegations and some proof.
The blogger wants the court to require pleadings and proof. The party seeking the information says the standard should be lower, but then says it can satisfy any one of the three levels.
It’s possible, the court could rule on the jurisdictional basis in a way that would allow it to punt on the anonymity issue. As often as it comes up and is likely to come up again, it would be nice to have some guidance. We’ll be keeping an eye on this case and report on it when the decision comes down. A lot of times, it is obvious — like when the sheriff seeks to unmask someone critical of the sheriff’s actions. That blogger will almost always be entitled to protection. The person that criticizes the company down the street based on a financial transactions and accuses the owner of accounting fraud deserves a little closer scrutiny.
Everyone supports the prevention of sexual predators texting illicit material to people under 17. Everyone knows that revenge porn is a scourge on public decency. But, can the law do anything about it? Should it?
Texas Throws Out Law Banning Explicit Online Communications With Minors.
Yesterday, the Texas Court of Criminal Appeals (our highest court that hears criminal cases) reversed the conviction of a 53-year-old man who was charged with the third degree felony of communicating in a sexually explicit manner with a person whom he believed to be a minor with an intent to arouse or gratify his sexual desire. You can read about the case here and read the court’s decision here.
The overturned law, Texas Penal Code 33.021(b)(1) states:
A person who is 17 years of age or older commits an offense if, with the intent to arouse or gratify the sexual desire of any person, the person, over the Internet, by electronic mail or text message or other electronic message service or system, or through a commercial online service, intentionally:
(1) communicates in a sexually explicit manner with a minor; or
(2) distributes sexually explicit material to a minor.
To be clear, you cannot solicit a minor for sex (conduct), but sending indecent, but not obscene materials (protected speech) is not illegal. The court said criminal laws “may protect children from suspected sexual predators before they ever express any intent to commit illegal sexual acts, but it prohibits the dissemination of a vast array of constitutionally protected speech and materials.” The court also noted there are several other statutes that criminalize other inappropriate conduct with minors.
For the constitutional lawyers out there, the court determined the “sexually explicit communications” provision is facially unconstitutional because it is content-based speech regulation that could not withstand the strict scrutiny analysis. Under that test, there needs to be a compelling state interest and the restriction on speech must be narrowly tailored.
While there is a compelling state interest to protect minors from sexual predators, the law covers merely indecent speech which is constitutionally protected. In light of the many other laws that protect children (solicitation, child pornography, obscenity, harassment), the court said the restriction was too broad.
Subsection (b) covers a whole cornucopia of “titillating talk” or “dirty talk.” But it also includes sexually explicit literature such as “Lolita,” “50 Shades of Grey,” “Lady Chatterly’s Lover,” and Shakespeare’s “Troilus and Cressida.” It includes sexually explicit television shows, movies, and performances such as “The Tudors,” “Rome,” “Eyes Wide Shut,” “Basic Instinct,” Janet Jackson’s “Wardrobe Malfunction” during the 2004 Super Bowl, and Miley Cyrus’s “twerking”* during the 2013 MTV Video Music Awards. It includes sexually explicit art such as “The Rape of the Sabine Women,” “Venus De Milo,” “the Naked Maja,” or Japanese Shunga. Communications and materials that, in some manner, “relate to” sexual conduct comprise much of the art, literature, and entertainment of the world from the time of the Greek myths extolling Zeus’s sexual prowess, through the ribald plays of the Renaissance, to today’s Hollywood movies and cable TV shows.
*I will leave it for someone else to determine whether this is the first reference to “twerking” to make it into case law — a sign that the fad needs to go.
The prosecutors say they may appeal to the U.S. Supreme Court.
Revenge Porn – a perplexing topic for legislators
The American Bar Association recently wrote an excellent article on revenge porn you can read here. For the uninitiated, revenge porn is when the ex publishes what were supposed to be private nude pictures for the world to see often including full names, addresses, phone numbers and links to social media profiles. There is a whole cottage industry bubbling up of websites who encourage posters to provide this information.
As a victim, you can bring civil claims like invasion of privacy, intentional infliction of emotional distress and copyright claims if you took a selfie because the copyright usually belongs to the photographer and not the subject. But, these claims are expensive to bring and there are no guaranties because a lot of people blame the victim for having nude pictures in the first place.
Meanwhile, it is hard to sue the websites where these pictures are downloaded because Section 230 of the Communications Decency Act gives immunity to websites based on claims related to user generated content.
California passed a law last month that seeks to punish “Any person who photographs or records by any means the image of the intimate body part or parts of another identifiable person, under circumstances where the parties agree or understand that the image shall remain private, and the person subsequently distributes the image taken, with the intent to cause serious emotional distress, and the depicted person suffers serious emotional distress.”
Professor Goldman on his Technology and Marketing Law Blog points out the faults of the law which include: (i) it does not apply to selfies; (ii) it does not apply to redistribution or websites which could have Section 230 issues; and (iii) the difficulty in proving beyond a reasonable doubt the parties’ expectations of privacy or the intent of the accused.
While having the intent to cause severe emotional distress may avoid First Amendment scrutiny, over broad laws would cover the publishing of Anthony Weiner’s infamous photos. Here is a Wired article by Sarah Jeong arguing that criminal laws may not be the answer.
While there are some class action lawsuits against some of the sites that encourage this behavior that we will keep an eye on, one of the best weapons may be to shine the light on the scum who engage in revenge porn using the same social media tools and the let the markets take care of the websites.
UPDATE – NOVEMBER 1 - Ask a question and the Internet answers. Professor Goldman directed me to one of his earlier tweets:
— Eric Goldman (@ericgoldman) October 30, 2013
I’m proud of the city where I grew up and am now raising my own kids. Although not a popular tourist destination, there are a lot of great things happening here, and here, and here, and here, and here–including a burgeoning start-up scene. Houston Tech Street is just more evidence of that.
Houston Tech Street is an event that will have an open and collaborative platform for the community to learn, share, showcase and promote their creative and innovative ideas, expertise and technologies for better living. The inaugural event will be November 20, 2013. You can learn more about it here.
They are already putting up content on their blog, including a piece I recently wrote on crowdfunding. Go check it out.
When it comes to privacy policies, I usually tell clients they need to comply with California law. Beginning January 1, 2014, California is adding a new wrinkle we all need to consider.
California recently passed an amendment to the California Online Privacy Protection Act (CA OPPA) that will require online and mobile websites to disclose how they respond “do not track” requests.
What are the new requirements for my relatively basic website?
If you have a basic website that merely retains IP addresses and basic information, it is not clear whether you need to change your policy. Rather than live with the doubt, it makes sense to go ahead and comply with the new disclosures.
The ambiguity is there because the law only applies to use of personally identifiable information (PII). If you aren’t keeping PII, then no need to worry.
So, what is PII?
The law defines PII as “individually identifiable information about an individual consumer collected online by the operator from that individual and maintained by the operator in an accessible form, including any of the following: (1) A first and last name; (2) A home or other physical address, including street name and name of a city or town; (3) An e-mail address; (4) A telephone number; (5) A social security number; or (6) Any other identifier that permits the physical or online contacting of a specific individual.”
The California Attorney General says she defines PII as “any data linked to a person or persistently linked to a mobile device: data that can identify a person via personal information or a device via a unique identifier. Included are user-entered data, as well as automatically collected data.”
If the AG enforces the law in a way broader than the definition in the statute, an IP address would be covered by the statute. Therefore, we are recommending that almost all websites should add the required disclosures than live with the ambiguity.
What do I have to disclose?
The amendment is about disclosure and not action. You do not have to change your behavior and honor do not track requests — you simply have to disclose what you do about it. It’s a middle ground that requires disclosures, but does not prevent advertisers from tracking or targeting ads or retaining and using any PII.
But I rely upon on my outside marketing firms. . .
The new law also applies if your site allows third parties such as ad networks to collect PII. You have “to disclose whether other parties” collect PII regarding a consumer’s “online activities over time and across different Web sites when a consumer uses the operator’s Web site or service.” It means you also need to know what your marketing firms are doing. If you have Google AdSense ads on your site or use the service yourself to place ads on other sites, you have to make the disclosure–not your outside marketing firm.
So, what if I don’t change?
If you violate CA OPPA, even if you are not based in California, the California Attorney General can bring a civil action against you or someone in California can bring a class action lawsuit against you. Granted, you will receive a notice of noncompliance and have 30 days to fix it, but why wait for the notice of non-compliance? Amend your privacy policies now disclosing what you do, if anything, about do not track requests.
I don’t often make predictions on legal outcomes, so when I do and I get it right, it’s worth sharing. In May, we talked about whether “liking” a candidate would constitute protected speech under the First Amendment. A district judge in Virginia ruled it was not. The Fourth Circuit Court of Appeals recently reversed in Bland v. Roberts.
In that case, a jailer in Virginia liked his boss’s opposition during a campaign for sheriff. The incumbent won and the plaintiff was fired. The sheriff said it was for competency issues, but the plaintiff said retaliation was the motivating factor for the termination.
I wrote back then that “it seems like a slam dunk case for our fired jailer,” before describing the district court’s dismissal based on the judge’s opinion that “liking” something on Facebook did not amount to a “substantive statement” worthy of protection. Both the lunacy of the idea of liking a candidate on Facebook not being considered “substantive” enough to warrant protection and the questions asked during the appeal according to this Bloomberg report, I wrote, “I would put my money on a reversal.”
Winner, Winner Chicken Dinner!
Reversing, the Fourth Circuit compared liking on Facebook to putting a campaign sign in your yard. “On the most basic level, clicking on the ‘like’ button literally causes to be published the statement that the User ‘likes’ something, which is itself a substantive statement.”
It is not likely your “like” will get you fired and set up a Supreme Court case. The lesson, however, is to be careful of making employment decisions based on what you see on Facebook. The issue is more problematic for public employers, but as we have discussed before even non-union private employers need to make sure their social media policies and employment decisions do not upset the NLRB. ”Liking” a complaint from a co-worker about working conditions cannot be the basis of a termination. In some states, it is illegal to fire someone for engaging in protected speech. ”Liking” Coke when you work at Pepsi in an at will state, like Texas, can still probably get you fired.
In part one, we discussed how fair use may apply to the media’s use of social media images. In part two, we looked at how the various sites’ terms of service come into play. Today, we look at the one prominent case in this area and describe some best practices.
The Agence France-Presse Twitter Case
There is just one well-known case involving the media’s use of social media images. Agence France-Press and the Washington Post both used images of the Haitian earthquake put on Twitter by photographer Daniel Morel. A judge rejected AFP’s argument that it could use the images because they were put up on Twitter. The Twitter terms of service did not provide that the photographer gave his rights in the images away or grant anyone else the right to use the images outside of Twitter. After denying AFP’s motion for summary judgment, the case, as far as I can tell, is still pending.
1. Make sure it’s legit
It’s easy to get duped. Jimmy Kimmel showed us that. This is more a producer/editorial function rather than legal, but it’s worth noting here.
2. Get permission
The good news about social media is that it makes it easy for you to reach out to ask permission. You don’t need any magic language and you don’t need a lawyer to draft anything for you. Send the person who posted the image – “Hi, I’m the producer, we are considering using this image. Did you take it and would you mind if we used on the news?” It is not uncommon for there to be a small payment, but most amateurs won’t ask.
3. Make sure you have permission from the right person
In the AFP case, AFP did reach out and tried to get a license to use the images. They just did not get them from Morel — the actual photographer. The AFP staffer saw the images on Twitter and reached to the account where the staffer saw them. Unfortunately, that person had already lifted them from Morel’s account. AFP then distributed the images to Getty and Morel was not pleased. You can read more about the facts of the case here. For those of you who want some more legal beef on the case, check out Professor Goldman’s post here.
4. Don’t make promises in your request or box yourself in
Because of fair use, you don’t have to ask for permission. Even if they say no, you might be able to use it. Therefore, don’t send a message that implies you are only going to use it if you obtain their permission or suggests that you have to have it. My example above would be fine. Sending a message that says: “We have to hear from you soon to know whether we have your permission” implies it’s a requirement and could be used against you if there is a trial later.
If you are unable to get permission, then you should at least provide attribution. Many amateurs would be satisfied with a little notoriety from the attribution. Attribution won’t get you out of a lawsuit if they get mad, but it may help show you were acting in good faith or alleviate any anger so the person reconsiders whether they really want to file a lawsuit.
The Poynter Institute’s Adam Hochberg wrote an article titled “Twitpic, Flikr Use by Eyewitnesses Raises Questions for News Orgs About Image Rights, Compensation” that includes a good discussion of these issues. According to the article, the Associated Press requires editors to contact all “citizen photos” and verify each image for both authentication and permission. The article provides several ideas for an image policy and some of the issues involved.
What is the real harm?
The main point of this series has been to avoid any liability and provide some guidance and good practices. I am not saying the minimal likely harm should be part of the decision-making process as to whether you violate a copyright. When dealing with fair use, there is risk, but it is usually not a huge risk. Assuming it is a close call (and you are not scooping or stealing some paparazzi images of the Royal Baby), you are likely looking at having to pay either actual damages or statutory damages. The actual damages could be the market rate for the license to use the image. The statutory damages, on the other hand, are between $750 and $30,000 per work. If the fair use analysis is a close call and you use best practices, you are likely to be on the lower end of the statutory damages. In the AFP case, the court ruled he damages would be assessed on each image used by AFP and not on each time it was subsequently downloaded or used after AFP sent it to Getty. Whether you multiply $5,000 times 8 or 8,000 makes a huge difference.
If you mess it up, your biggest liability is likely going to be the bad P.R. and your legal bill.
Last time, we looked at whether the media can use images from social media sites applying fair use to several typical situations. Today, we look at the specific terms of service of various popular sites to see if some make it easier than others for the media to use images.
Plain English: Each user allows Facebook, and only Facebook, to do what it wants with the images subject to the privacy settings. It gives no others any rights through its terms. Facebook could sublicense to the image to you, but I have not heard of this being done for the purpose of news reporting. As we discussed last time, the fact that someone puts up the image for the world to see can help with the fair use argument.
In plain English: The same as Facebook. Interestingly, Twitter includes a “Tip” section where it says: ”This license is you authorizing us to make your Tweets available to the rest of the world and to let others do the same.” There is certainly no issue retweeting images and posts, but the “tip” seems to be more broad because it would allow the media to repost images and posts off of the Twitter platform. The Twitter terms do not expressly allow that, but this language could help argue it does.
Twitter also reserves the right to sublicense whatever is provided, specifically allowing Twitter to make it available to other media and platforms without any compensation to the user. The tip says: ”Twitter has an evolving set of rules for how ecosystem partners can interact with your Content. These rules exist to enable an open ecosystem with your rights in mind. But what’s yours is yours – you own your Content (and your photos are part of that Content).”
While this is certainly not a green light to re-use images from Twitter, it could help a media outlet argue fair use.
Plain English: The terms contemplate that your images on LinkedIn may be copied, but they do not expressly allow it. The terms warn “[a]ny information you submit to us is at your own risk of loss.”
Plain English: The site had its own copyright issues in the past. It tries to make it clear that anything a user submits is meant to be shared as much as possible. The terms say: “You grant Pinterest and its users a non-exclusive, royalty-free, transferable, sublicensable, worldwide license to use, store, display, reproduce, re-pin, modify, create derivative works, perform, and distribute your User Content on Pinterest solely for the purposes of operating, developing, providing, and using the Pinterest Products.” This means they want you to share what you find on Pinterest, but only share it on Pinterest — not the front page or the 5:00 news.
Pinterest has a section called “More simply put” that says “if you post your content on Pinterest, it still belongs to you but we can show it to people and others can re-pin it.”
Plain English: Vine is allowed to sublicense content, but there is nothing that allows the general public to do whatever it wants with the videos.
In our conclusion of this series, we will discuss a couple of cases and talk about the best practices.