We created this infographic for some of our media clients to give them a one-page cheat sheet on the analysis they need to do when trying to decide whether they can use an image from the internet in a pinch.
The infographic includes all the caveats because rarely can a legal issue be discerned down to one page with so few words. In fact, I wrote a three-part series on this very topic last year.
To view this as a pdf, click Use of Images InfoGraphic.
#SMH-butnotacontestorsweepstakes – Check your online promotion hashtag or face scrutiny from the FTC
As we have reported before, the Federal Trade Commission requires the disclosure of any “material connection” offered in exchange for an online endorsement or post in their Online Endorsement Guidelines. Now, they are applying those rules to online promotions that require contestants to post, tweet or pin certain message to participate.
For those of you with short attention spans, this means that you should make all contestants post, pin, hashtag or use some method that notifies everyone that whatever content the contestants are submitting is part of a contest or sweepstakes. It could require the use of the word “contest” or “sweepstakes” in all hashtags or posts. Otherwise, the FTC believes consumers are misled by your friend’s endorsement of a product if they don’t know you endorsed it to enter a contest or sweepstakes.
The guidance comes to us courtesy of the FTC’s recent investigation of Cole Haan. The shoe and fashion company conducted a Pinterest contest where contestants had to use the hashtag #WanderingSole. In addition, contestants had to pin five images on the board posting their favorite places to wander. Cole Haan was giving away a $1,000 shopping spree to the most creative entries.
The FTC investigated. Although the FTC decided not to act in this instance, it indicated future contest sponsors may not be so fortunate. Under Section 5 of the FTC Act, the FTC has the ability to pursue claims for “unfair or deceptive acts or practices in or affecting commerce.” By not disclosing a “material connection” between an online endorsement and anything of value the brand may be offering, the FTC suggests you may be engaging in unfair or deceptive acts.
In the Cole Haan case, The FTC determined that each “pin” was an endorsement of the brand and the opportunity to win $1,000 in exchange for the pin was a material connection that should have been disclosed. Simply requiring “#WanderingSole” was not enough to inform other consumers who may view the pins, that they were part of a contest.
Despite these findings, the FTC decided not bring an enforcement action and therefore closed the investigation. The main reason for the lack of enforcement is this was the first time the FTC addressed the issue of whether contests provide a “material connection” offered in exchange for a social media or online action. You can therefore consider this to be the FTC’s warning. If you are doing a contest that requires posting, pinning, tweeting or something similar, then make sure the hashtag includes something that tells the market, this is a contest or sweepstakes. It could be as simple as “#WanderingSoleContest” or “#WanderingSoleSweeps”.
In addition, contest and sweepstakes rules should be prominently displayed so consumers know people are being asked to submit content as part of the contest.
While this may be taking the Online Endorsement Guides a little too far, and the FTC may not prevail in an enforcement action, you are better off letting someone else fight that battle as opposed to you. The safest course is to require contest or sweepstakes in your user generated content.
This guidance is just one more thing to consider when engaging in online marketing and contests. If you are offering anyone, anything of value (which, apparently now is the opportunity to win a prize, but was more traditionally free product) in exchange for content, then you need to consider including a disclosure of the connection.
You can find read the FTC Closing Letter here, the Online Endorsement Guidelines here, a discussion of the guidelines here, more about appropriate social media policies to address these issues here, and read more about legally compliant online promotions and contests here.
A frequent question we get is what can we do about the online posting about me? Often times, the answer is not much. Lawyers can only help when the online conduct crosses the line into a cognizable cause of action. Figuring that out is the hard part.
The Threatening or Harassing Post
Is there an ex spewing hate against you on Facebook? Is a disgruntled fan or customer telling the world what they would like to do you? Many times, the First Amendment will protect their conduct. Sometimes, however, the law can help.
Take for example, a “fan” of the New York Knicks who suggested the owner of the team needed to die with posts that included naked pictures of the poster with a gun. The police arrested him.
Sports often bring out the worst. I’ve seen some of it with my own sports teams with the Michael Sam story and the question of whether the Houston Texans will use the first pick on Johnny Football.
Most fan rants are protected by the First Amendment, but threats of immenint harm or immediate calls to illegal actions are not. Jack Greiner of the Graydon Head Out of the Box Blog blog breaks down the law on threats versus free speech in this case here. The oversimplification is that if a reasonable person would believe the speaker has an intent to cause actual harm, then it can become a threat and not mere protected speech. Moreover, when the target of the threat is a sport figure or politician, it may not be realistic to think the person would actually act it out, but there are enough crazy people out there for law enforcement to take a close look at some of these cases.
In addition to threats, may states, like Texas, have online harassment laws. Perhaps, your ex knows better than to make a physical threat, but continuously harasses you. In Texas, a person commits an offense if the person “uses the name or persona of another person to create a web page on or to post one or more messages on a commercial social networking site: (1) without obtaining the other person’s consent; and (2) with the intent to harm, defraud, intimidate, or threaten any person.”
It is also crime to: “send an electronic mail, instant message, text message, or similar communication that references a name, domain address, phone number, or other item of identifying information belonging to any person: (1) without obtaining the other person’s consent; (2) with the intent to cause a recipient of the communication to reasonably believe that the other person authorized or transmitted the communication; and (3) with the intent to harm or defraud any person.”
The American Bar Association recently wrote an excellent article on revenge porn you can read here. For the uninitiated, revenge porn is when the ex publishes what were supposed to be private nude pictures for the world to see often including full names, addresses, phone numbers and links to social media profiles. There is a whole cottage industry bubbling up of websites who encourage posters to provide this information.
As a victim, you can bring civil claims like invasion of privacy, intentional infliction of emotional distress and copyright claims if you took a selfie because the copyright usually belongs to the photographer and not the subject. But, these claims are expensive to bring and there are no guaranties because a lot of people blame the victim for having nude pictures in the first place.
Meanwhile, it is hard to sue the websites where these pictures are downloaded because Section 230 of the Communications Decency Act gives immunity to websites based on claims related to user generated content.
California passed a law last month that seeks to punish “Any person who photographs or records by any means the image of the intimate body part or parts of another identifiable person, under circumstances where the parties agree or understand that the image shall remain private, and the person subsequently distributes the image taken, with the intent to cause serious emotional distress, and the depicted person suffers serious emotional distress.”
Professor Goldman on his Technology and Marketing Law Blog points out the faults of the law which include: (i) it does not apply to selfies; (ii) it does not apply to redistribution or websites which could have Section 230 issues; and (iii) the difficulty in proving beyond a reasonable doubt the parties’ expectations of privacy or the intent of the accused.
While there are some class action lawsuits against some of the sites that encourage this behavior that we will keep an eye on, one of the best weapons may be to shine the light on the scum who engage in revenge porn using the same social media tools and the let the markets take care of the websites.
Most of the examples so far deal with criminal complaints. To do that, you need to get the D.A.’s attention. What about a civil lawsuit? What can you do if the police or the D.A. won’t act?
You can follow the lead of a woman who is suing Sprint for invasion of privacy, infliction of emotional distress and identity theft after a Sprint employee posted explicit pictures of the customer who turned in a phone for an upgrade. You can read more about the case here.
Intentional infliction of emotional distress can be a tough case to prove and the invasion of privacy of laws differ in each state.
Parents are also taking to the civil courts to address cyberbullying.
For tips on handling consumer reviews, go here and here.
Open source software sounds like a good idea. Your create some code and then put it out there for the public to use and let people build on it and improve. The only condition is that if someone improves on it and build from it, they often have to share their improvements with the world. Everyone wins right? Everyone except anyone trying to sell software or a company with proprietary customized software.
Great for inhouse customization
There is much more open source, also known as General Public License or copyleft software, than you may imagine. According to a 2010 PC Magazine survey, 98% of companies use open source software. Often times, companies customize the the open source software to fit their needs with in house programmers building from the publicly-available code. These improvements are often valuable to the company. Under most general public licenses, you don’t have to share the code when you are only using it in house.
Now we are selling, so do we have to show everyone our code?
But, what happens when there is a sale? Under most general public licenses, once the improved code is used by anyone else other than the creator, it has to be shared with the public. For private companies who go through major transactions, you can see the problem — disclosing what is a valuable proprietary asset to the world. In most large transactions, there is going to be a code audit that will reveal the code subject to GPL’s.
What to do?
So, what do you do about this? The best practice is to be proactive. If you are working on a commercial proprietary customization, many GPL’s allow for dual licensing. You can buy the commercial license of the GPL that gives you greater rights including the ability to keep your improvements secret. You need to review the GPL and the dual license carefully.
You can try and keep the proprietary part separate from the open source software. This is an extremely technical issue along with an analysis as to what is a modification versus an aggregation. You need to have the development team work with legal if you plan on going this route.
I wish I called you back when I started.
What if it is too late? You are probably not surprised that we get that a lot. If you have been using software in house but now need to transfer it, what do you do when you discover it has GPL code?
You can go back and try and get the dual license from the last creator of the open source software. Under the right circumstances, that will prevent you from having to disclose your improvements to the world.
You can also do a reversion. That means going back to the software before the introduction of the open source software and then rebuilding it. This, sometimes, is the only option.
When private companies are involved, you can see why some refer to open source software as a cancer. Its innocent inclusion on a basic building block of software can destroy all the commercial value of what you have spent years building.
Because copyleft is relatively new, there are few cases interpreting these licenses. You can read about a recent case here. You need to think about these issues while building software and certainly when you are in the acquisition stage.
I was a recent guest on the Content Marketing Podcast with Resonance Content Marketing’s Rachel Parker. It is always entertaining and refreshing to visit with the people in the trenches and find out what is on their mind. We covered privacy, intellectual property, employee relations, and much more. You should listen to the whole thing, but the interview starts at 6:56.
There has not been much activity on the blog because we have been engaged in a long copyright and misappropriation of trade secrets trial. So, we share with you some of the articles we have been reading, but just haven’t had time to write about:
Bloggers entitled to same protections as journalists under the First Amendment. The Ninth Circuit recently applied libel defense protections normally reserved to the “institutional press” to bloggers reasoning the First Amendment applies to all citizens and there has been a blurring of the lines between who and who is not a journalist. You can read more about this important decision here.
We have our first Twibel verdict – no defamation in 140 characters. In three hours, the jury returned a defense verdict saying Courtney Love did not libel her lawyers with a tweet that suggested her prior lawyers had been “bought off.” The bad news is that during the trial Love stayed off of Twitter, and now, she is apparently back. More here.
Yelp ordered to disclose identity of reviewers. A court ordered Yelp to review the identify of seven “anonymous” reviewers who criticized a dry cleaning business in Virginia. The business claimed the reviews are fakes and do not match any of their records. This is another example of how courts are trying to balance the interests of anonymous speech and a plaintiff’s right to combat defamatory speech. More here.
Parents take to the court to combat cyberbullying. Locally, there has been a lot of attention about a lawsuit filed by one set of parents against seven minors and their parents for libel and negligence. More here.
Will there be more transparency regarding government requests for online data? The Justice Department is relaxing the rules for technology companies like Google and Microsoft to disclose, in broad terms, the number of requests these companies receive from the government and the amount of data provided. Tech companies have long reported the number or requests from state and non-national security related requests from the federal government, but this will be the first time they can release general information related to national security letters. If the numbers are surprising, this could lead to even more push back against the government surveillance programs. More here.
Supreme Court to consider online re-broadcasting case. The U.S. Supreme Court will weigh in on the rights to re-transmit broadcast programs via the internet. Aereo receives over the air broadcasts the old fashion way in a warehouse and then sends them to paid subscribers devices. The broadcasters are arguing that Aereo is violating the “public performance” copyrights to the programming. Aereo says what they are no different than the users receiving the digital signals on their own devices. Both sides wanted guidance from the high court and this is one worth watching. More here.
There is a new California privacy law that goes into effect January 1, 2014, that you need to know about. It requires you to disclose how you respond, if at all, to do not track requests. Because it applies to any website used by California consumers, you should make sure you are in compliance.
Earlier this year, California passed an amendment to the California Online Privacy Protection Act (CalOPPA) that will require online and mobile websites to disclose how they respond “do not track” requests.
What are the new requirements for my relatively basic website?
If you have a basic website that merely retains IP addresses and basic information, it is not clear whether you need to change your policy. Rather than live with the doubt, it makes sense to go ahead and comply with the new disclosures.
The ambiguity is there because the law only applies to use of personally identifiable information (PII). If you aren’t keeping PII, then no need to worry.
So, what is PII?
The law defines PII as “individually identifiable information about an individual consumer collected online by the operator from that individual and maintained by the operator in an accessible form, including any of the following: (1) A first and last name; (2) A home or other physical address, including street name and name of a city or town; (3) An e-mail address; (4) A telephone number; (5) A social security number; or (6) Any other identifier that permits the physical or online contacting of a specific individual.”
The California Attorney General says she defines PII as “any data linked to a person or persistently linked to a mobile device: data that can identify a person via personal information or a device via a unique identifier. Included are user-entered data, as well as automatically collected data.”
If the AG enforces the law in a way broader than the definition in the statute, an IP address would be covered by the statute. Therefore, we are recommending that almost all websites should add the required disclosures than live with the ambiguity.
What do I have to disclose?
The amendment is about disclosure and not action. You do not have to change your behavior and honor do not track requests — you simply have to disclose what you do about it. It’s a middle ground that requires disclosures, but does not prevent advertisers from tracking or targeting ads or retaining and using any PII.
There is no magic language. Although we recommend a more thorough review, you could add something like, “We do not currently respond or otherwise take any action with regard to Do Not Track requests.”
But I rely upon on my outside marketing firms. . .
The new law also applies if your site allows third parties such as ad networks to collect PII. You have “to disclose whether other parties” collect PII regarding a consumer’s “online activities over time and across different Web sites when a consumer uses the operator’s Web site or service.” It means you also need to know what your marketing firms are doing. If you have Google AdSense ads on your site or use the service yourself to place ads on other sites, you have to make the disclosure–not your outside marketing firm.
So, what if I don’t change?
If you violate CA OPPA, even if you are not based in California, the California Attorney General can bring a civil action against you or someone in California can bring a class action lawsuit against you. Granted, you will receive a notice of noncompliance and have 30 days to fix it, but why wait for the notice of non-compliance? Amend your privacy policies now disclosing what you do, if anything, about do not track requests.
One of our more popular posts of the year was the recent Online Marketers’ Guide to Online Privacy. It focuses mostly on U.S. law with some mention of of the E.U. Safe Harbor issues. The purpose of this post is to host information regarding international online privacy issues. If you know a good resource for a country not listed, let me know and I will update this periodically.
E.U. Regulations and Reforms
Reforms to the transfer of data from the E.U. to the U.S. may be coming. You can also read here.
The importance of E.U. regulations for online business cannot be understated. We will monitor these developments. In the meantime, know the basics and check out the Department of Commerce’s Safe Harbor website.
Other valuable resources
Let me know if I missed something and check back here later for details.
Thankful I didn’t copy images, parody the Beastie Boys, use overbearing TOS or have to stand behind TheDirty
With the short Thanksgiving week, I thought we would touch on a few interesting stories developing over the last couple of weeks.
Photographer gets $1 million+ verdict from AFP and Getty for copied Twitpics
In my three part series on using images from the web for your news stories, we talked about the Morel v. Agence France-Press case. Agence France-Press, the Washington Post and Getty used images of the Haitian earthquake put on Twitter by photographer Daniel Morel. The Washington Post settled, but the case went to trial last week against AFP and Getty. AFP thought they had permission from the photographer to use the images, but they did not get permission from the right person.
Previously, a judge rejected AFP’s argument that it could use the images because they were put up on Twitter. The Twitter terms of service did not provide that the photographer gave his rights in the images away or grant anyone else the right to use the images outside of Twitter. In the trial, it turns out AFP did not follow their internal guidelines on the use of images or take immediate corrective action. The jury awarded the upper end of the statutory damages.
Engineering gift for girls’ video spreads on Facebook – lawsuit follows.
I have a daughter. I liked this commercial.
I assumed they had the Beastie Boys’ permission. Apparently, they did not and the Beastie Boys sent a copyright cease and desist letter. The people at Goldiebox fought back and filed a suit asking the court to declare the parties’ rights. Is it a parody or do the Beastie Boys have to do this to make sure more people don’t use their songs in commercials? You can read more about the case here with some legal analysis from the EFF here. At least Goldiebox will get some more attention with the lawsuit at the beginning of the holiday shopping season.
Want to criticize me, it will cost you!
KlearGear’s terms of service state:
“In an effort to ensure fair and honest public feedback, and to prevent the publishing of libelous content in any form, your acceptance of this sales contract prohibits you from taking any action that negatively impacts KlearGear.com, its reputation, products, services, management or employees.
Should you violate this clause, as determined by KlearGear.com in its sole discretion, you will be provided a seventy-two (72) hour opportunity to retract the content in question. If the content remains, in whole or in part, you will immediately be billed $3,500.00 USD for legal fees and court costs until such complete costs are determined in litigation. Should these charges remain unpaid for 30 calendar days from the billing date, your unpaid invoice will be forwarded to our third party collection firm and will be reported to consumer credit reporting agencies until paid.”
A Utah couple criticized KlearGear on RipOff Report. Soon thereafter, KlearGear sent the couple a bill for $3,500. KlearGear never sued, but did report the couple as delinquent to the credit reporting agencies. We have talked about being proactive, but not too proactive, when it comes to online complaints. Since the news of this broke, KlearGear has shut down its Facebook page and its Twitter feed to hide from the blow back. You can read more here, here and here. This is not the kind of press you want before the shopping season.
Update 11/27/13 - a lawyer is now representing the couple and has sent a demand to KlearGear to remove the notation with the credit agencies or face a Fair Credit Reporting Act lawsuit. Read about it here.
Reputable companies line up to support TheDirty.com
Finally, we update you on the Jones v. TheDirty case we have talked about before. This is the suit by a former Cincinnati Bengals cheerleader against the website TheDirty. A Kentucky judge allowed the case to proceed against the rumor and trash site despite Section 230 of the Communications Decency Act which normally provides immunity for website operators based on user generated content. The jury awarded $380,000 and TheDirty.com appealed.
While some may believe the ends justified the means against this particular defendant, the refusal to dismiss this case flies in the face of almost every other Section 230 case. In this case, the court wrote “the very name of the site, the manner in which it is managed, and the personal comments of defendant Richie” shows that the site “specifically encouraged development of what is offensive about the content.” TheDirty.com asks people to “submit dirt.” Their submission form has entries for the “dirt,” and provides a link to upload photographs. The court seized on the fact that in response to the post about Jones, the site operator wrote “I love how the Dirty Army has a war mentality.” Thus, no dismissal by the judge.
Section 230 has its place. Imagine if Facebook, Google, or YouTube could be sued or had to police all of the user generated content. I don’t think those services would exist. That’s why many of them have filed amicus briefs with the Sixth Court of Appeals urging the court to reverse the ruling and dismiss the claims. You can read more here about how and why the likes of Amazon, Google, LinkedIn, Google and Microsoft are asking for the reversal.