Header graphic for print

Quick Links – August 2013

Rocky Mountain National Park

Because of an extended working vacation away from Houston’s heat in Colorado, I’ve been away from the blog.  Like my kids gearing up to go back to school, I’m getting back to the normal work mode back in the office while recovering from a separated shoulder from a mountain biking incident (riding across on overpass in Houston is apparently different than actual mountain biking).  As a warm-up, here are a few quick links to interesting stories from the last couple of weeks.

Another Adwords Trademark Dismissal

From Professor Goldman’s Technology and Marketing Law Blog — another unsuccessful keyword advertising lawsuit.  The plaintiff was a collection agency and the defendant was a law firm that bid on the plaintiff’s name that triggered the following ad:

a link titled “Stop Collection Calls—Is Allied Interstate Calling You?” Below the link are two lines of text, the first listing Defendants’ URL, www.creditlaw.com, and the second bearing the slogan “Stop the calls for free!”

Under most circumstances, I would advise clients to avoid using the competitor’s name in the ad copy.  But, this is one of those easy exceptions.  It is clear the law firm is not trying to confuse consumers into thinking the law firm is the same as the collection agency.  It is a pretty easy decision, but a good reminder of how trademark law plays into search engine advertising.

An Eraser Button for Minors on Social Media

Charlie bags his first 14′er — sort of because it was Mt. Evans and we drove most of the way.

We previously mentioned an eraser button for minors on social media.  It appears the California Legislature is also back from vacation which, according to Edwards Wildman’s Digilaw Blog, means the law may be a reality soon.

Hi-Jacked Sites

One of the most difficult things to do is help clients deal with IP theft from pirates outside of the U.S.  Seyfarth Shaw’s Trade Secret Blog provides some tips on how to deal with these issues–assuming you have enough clout to get your state attorney general involved.

Cascade Falls

Don’t let your independent contractor use your email.

Evan Brown’s Internet Cases blog discusses a recent Texas opinion regarding the dangers of letting an independent contractor use the company email.  An independent contractor cannot usually bind a company to an agreement because they don’t usually have the authority.  The company, however, can clothe the independent contractor with the indicia of authority and lead the other party to believe they are dealing with the right person.  One way to do that — have the independent contractor send emails from the company account.

Understanding the law and the government’s 

Sunrise in Grand County, Colorado

To get a good baseline understanding of the law underlying the government’s ability to (store, monitor, read, index, search – you choose the verb) / (phone records/meta data/emails/cell location information — you choose the object of the verb), NPR’s Morning Edition has a good story explaining the 1978 Supreme Court decision that may say all of this is perfectly legal.

Taking Legal Control of the Company Social Media Account

What happens when the employee who set up the company’s LinkedIn account leaves? Or, what happens when your outside marketing firm set up your Facebook page but refuses to give it to you because of a fee dispute?

Be Proactive

Before we talk about what to do in these situations, let’s talk briefly about how to avoid these situations.  Most social media sites allow you to have more than one administrator. You should have, at all times, at least two trusted employees designated as such.  When one of them leaves, or is about to be fired, the remaining administrator changes the passwords to lock out the departing administrator and finds another suitable back up.  The same thing works with your outside marketer — make sure someone (preferably two of you) are co-administrators so you can always have access to the social media account.

You can also contractually determine who controls and owns the social media account and its followers.

Thanks, you’re an hour late and I need to access my account.

If you are too late to implement some safeguard, the first advice is the same we give our children – ask nicely.  This applies to the departed employee and the social media platforms.  Obviously, if you can’t locate the employee or they refuse to give up access, you have to approach the social media networks.  The problem is, historically, they are not nearly as concerned about your page as you are and are not quick to act.

For example, Facebook tells you what to do here.  The problem is Facebook is notoriously slow to react taking about two weeks to respond.  If it is a LinkedIn Group (say company alumni) as opposed to a company profile, you may not be able to take control.  With regard to groups, LinkedIn takes the position groups are created by individual members and therefore they will not transfer ownership or control of a group.  LinkedIn may help you reach out to the group owner or help you protect copyrights or trademarks, but taking control of a Group can be difficult.

The step of last resort – the lawsuit

The law is not settled in this area and there have only been a couple of high profile cases involving LinkedIn and Twitter which had more to do with who owns the followers and connections.

In the LinkedIn case, Eagle v. Edcomm, the court threw out the Computer Fraud and Abuse Act and Lanham Act claims, but allowed the common law claims of misappropriation, conversion and invasion of privacy claims to continue which are still pending.  In the Twitter case, the claims for misappropriation of trade secrets, intentional interference with prospective economic advantage, negligent interference with prospective economic advantage and conversion are proceeding to trial which is expected to take place this week.

It is clear you can sue, but exactly what causes of action apply and the likely result is not yet clear.  As a lawyer, we love to blaze new ground.  As a client, blazing new legal ground is expensive and dangerous.   You should try to avoid it if you can, but know that you can use the courts to seek control of your accounts if you have to.

Special thanks to friends Michelle Price and the MMI Agency for helping me help others with some of these issues recently.

TheDirty.com held liable despite Section 230 of the Communications Decency Act

TheDirty.com is not exactly deserving of sympathy.  Much like Playboy and Hustler pushed the boundaries of the First Amendment in the past, rumor sites like TheDirty.com are pushing the limits of Section 230 immunity for online defamation under the Communications Decency Act.

A judge and jury in Kentucky apparently have had enough.  This week, a jury found TheDirty.com “encouraged the development of what is offensive” and was therefore liable for the defamatory posts about former Cincinnati Bengals cheerleader Sarah Jones. The jury awarded Jones $38,000 in actual damages and $300,000 in punitive damages.

As a refresher, Section 230 of the CDA provides:  ”[n]o provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.”  Because the websites are not the publisher or speaker, the sites can’t be liable for defamation.  Most courts immediately dismiss website operators from defamation suits when the claim is based on user generated content known as UGC.

Although subjects of defamatory posts hate the CDA, the law is good.  There would be no Google, YouTube, Twitter of Facebook if these sites had to defend, let alone be held liable for, each defamatory post by their users.

Jones sued Dirty World Entertainment Recordings which owns TheDirty.com.  The site, as expected, immediately filed a motion to dismiss the complaint because all claims were based on the UGC.   The trial judge denied the motion arguing the defendant purposefully seeks out and encourages defamatory content.   The court wrote “the very name of the site, the manner in which it is managed, and the personal comments of defendant Richie” shows that the site “specifically encouraged development of what is offensive about the content.”  Therefore, the summary judgment was denied.  With TheDirty.com as a defendant, it is not surprising the jury ruled in favor of Jones.

If you have had the unfortunate reason to visit TheDirty.com, you know the judge is correct in that they do everything they can to encourage defamatory and offensive content. I have argued before that the CDA should be amended to allow for claims against sites like this that encourage defamation.  I always thought the change would come through the legislative process rather than judicial fiat.  Not surprisingly, TheDirty.com is appealing. You can read more about the case here.

What does it mean?

If you run Facebook, the local newspaper site, or a community site regarding butterflies, you still have nothing to worry about.  If you purposefully run an inflammatory site, you need to pay attention to what the court of appeals does with this case.

TheDirty.com asks people to “submit dirt.”  Their submission form has entries for the “dirt,” and provides a link to upload photographs.  The court seized on the fact that in response to the post about Jones, the site operator wrote “I love how the Dirty Army has a war mentality.”  Facebook and the Christian Science Monitor website don’t do this.

The CDA is usually a slam dunk defense for websites that are sued over UGC.  Plaintiffs first tried to argue the sites actually “created” the content.  Now, plaintiffs will argue the sites are “encouraging” the defamation.  While a good policy, I am not sure it will hold up on appeal without a change to the statute by Congress.

So, what about sites like RipOffReport and PissedConsumer.com?  Is the next line of attack that they “encourage” defamatory content?  I would not be surprised if a plaintiff is making that argument right now in response to a motion to dismiss.

We will keep our eye on the appeal.

2013 Texas Leg Watch: Retracting the defamation and notification after a data breach

While the second special session is winding down (thank goodness), we will take a look at a couple more new laws impacting online media and technology in Texas.  While most of the attention was on social media password protections, service via social media and online “compelled prostitution” legislation,  two additional bills made it through to become law.

The Defamation Mitigation Act

The first was HB 1759 called the Defamation Mitigation Act, often referred to as the Retraction Statute, which became law as of June 14, 2013.  The purpose of the law is to encourage people who feel they have been defamed to demand a retraction and allow publishers to do it.

Here ‘s how it works.  A plaintiff has to notify a publisher about an allegedly defamatory statement within 90 days of learning about it.  If a plaintiff fails to do so, they may not be able to seek punitive damages or bring suit until this process takes place.  The statute lays out the specifics about what needs to be in the notice including a particular statement identifying the defamatory statement and when and where the publication was made.  The publisher then has 30 days to correct the mistake by publishing a correction, an apology or the prospective plaintiff’s own statement.

The retraction must be  ”published in the same manner and medium as the original publication or, if that is not possible, with a prominence and in a manner and medium reasonably likely to reach substantially the same audience as the publication complained of.”  There is a detailed process about challenging the sufficiency of the correction.

If the plaintiff fails to follow this procedure, or the publisher takes corrective action within 30 days, the plaintiff can still sue, but can no longer seek punitive damages unless the plaintiff can show actual malice.  If the plaintiff files suit without sending the notification, there is also a process that would allow the defendant to abate the case and allow for the process to take place.

The law is codified at Texas Civil Practice & Remedies Code, § 73.051–.062.

Data Breach Notification

The Legislature also amended the Texas data breach notification law with SB 1610 so that companies have to notify consumers regardless of state of residence and regardless of whether the state of the consumer has their own breach notification law.

Texas law already required all Texas businesses to notify any individual whose sensitive personal information was, or is reasonably believed to have been, acquired by an unauthorized person pursuant to the state law of the individuals.  The amendment makes it easier for businesses to follow the Texas law or to make the notification pursuant to the law of the individual’s state — as long as the business does one or the other.  This closed the hole that allowed businesses to avoid the notifications for residents of states who don’t have notification laws and business concerns that they would have to follow and know the laws of 50 states.

To be safe, businesses should make their best effort to comply with the Texas notification requirement for all individuals regardless of residence.

This new law, called the “Notification Required Following Breach of Security of Computerized Data,” is codified at Section 521.053(b-1) of the Texas Business and Commerce Code.

Tread Carefully When Using Competitor’s Trademarked Name With Online Advertising

The Tenth Circuit issued a decision yesterday in the 1-800 Contacts v. Lens.com case we discussed several years ago when originally filed.   For those of you who simply want the result, the Court of Appeals ruled:

1.  There was no evidence of likelihood of confusion – an essential element to a trademark claim.

2.  The court also threw out the secondary infringement claims based on the use of the trademarked term by Lens.com’s affiliate marketers because the agents, or sub-agents, lacked authority to include 1-800’s mark in ads for Lens.com.

3.  The court of appeals, however, sent the case back to the trial court on the one claim to determine whether Lens.com was liable for contributory infringement because the evidence could support a reasonable finding that Lens.com did not take reasonable steps to halt the display of 1-800’s marks in affiliate ads once it learned of such display.

The trademarked term was 1800CONTACTS.  Lens.com itself bid on the following nine terms (the Challenged Keywords) as AdWords keywords: “1-800 contact lenses”; “1800 contact lenses”; “800 contact lenses”; “800comtacts.com”; “800contacta.com”; “800contavts.com”; “800contaxts.com”; “800contzcts.com”; and “800conyacts.com.” Lens.com did not dispute that it bid on the Challenged Keywords, nor does 1-800 contend on appeal that Lens.com ever bid on the 1800CONTACTS mark itself. Additionally, 1-800 did not claim that any impressions created by Lens.com featured the 1800CONTACTS mark in their text.

Discovery revealed, however, that two Lens.com affiliates had bid on the keyword “1800Contacts” and close variations of 1-800’s mark. And at least one of the affiliates published at least one ad for www.JustLenses.com (one of Lens.com’s websites) that featured the phrase “1800 Contacts” in its advertising copy.

The main claims against Lens.com related to the conduct of the affiliates were based on two theories.  The first—vicarious infringement—imposes liability on a principal for the infringing acts of its agent.  The second—contributory infringement—is analogous to aiding and abetting.

The direct claim against Lens.com argued there was initial interest confusion when the trademarked term triggers the ad.  Initial-interest confusion results when a consumer seeks a particular trademark holder’s product and instead is lured to the product of a competitor by the competitor’s use of the same or a similar mark.  As the name implies, the improper confusion occurs even if the consumer becomes aware of the defendant’s actual identity before purchasing the product.

The court of appeals cited Lens.com’s expert report to find Lens.com’s use of the nine Challenged Keywords yielded 1,626 impressions for Lens.com or its associated websites over eight months. In only 25 (1.5%) of these 1,626 instances did the user click on the ad for Lens.com. (We do not know how many of the 25 made a purchase from Lens.com.) The users in those 25 instances may have been confused into thinking that Lens.com was affiliated with 1-800, or they may simply have wished to look at the offerings of those whom they knew to be 1-800’s competitors. What we can say, though, is that initial-interest confusion occurred at most 1.5% of the time that a Lens.com ad was generated by a Challenged Keyword in those eight months. This number cannot support an inference that Lens.com’s keyword activity was likely to “lure” consumers away from 1-800.

Finally, the court determined there was no evidence Lens.com instructed their affiliates to the use the 1-800 mark in the ad copy.  By doing so, the agents went beyond their scope and Lens.com could not be held vicariously responsible.  Lens.com may not have taken sufficient action, however, to stop the affiliates from using the trademarked term when notified about it and therefore, there could be a trial on the issue of contributory infringement.

What did we learn?

1.   Initial interest is becoming a difficult weapon for plaintiffs in these cases.  Professor Goldman, who will probably write about this decision soon, will be glad.  Update on 7-19-13 – he is.

2.  Don’t use the trademarked term in the copy.

3.  Instruct your affiliates on #2 and take action if you are told the affiliates have crossed the line.

4.  Finally, although I did not discuss the rejection of the plaintiff’s survey in the case, if you are going to do a survey to help show confusion, read this case and take heed.

 

Zero tolerance gone too far: When does a Facebook comment cross the line into a threat?

Sometimes, when you read the basics of a story, it sounds so incredulous, you think “surely, there has to be more to it.”  Enter the story of 19-year-old Texan Justin Carter.   The quick headlines usually read – Texas Teen Faces Eight Years for Facebook Comment.

Unfortunately for Justin, the post was about shooting up kindergartners.  Hence, he was charged with making “terroristic threats” and was for over three months because of a $500,000 bond that recently got paid by an anonymous supporter.

During an online multi-player game of League of Legends when Justin was 18, he got into an argument with someone on Facebook about it.  After someone called him messed up in the head, according to the arrest warrant in the case, Justin wrote:

“I’m f–ked in the head alright, I think Ima SHOOT UP A KINDERGARTEN

“AND WATCH THE BLOOD OF THE INNOCENT RAIN DOWN

“AND EAT THE BEATING HEART OF ONE OF THEM.”

According to Justin’s family, the next two lines were “lol” and “jk.”

Allegedly, a Canadian woman saw the post and called the police.  For more on the story, read here.  Surprisingly, that’s about it — the whole story.  It does not appear Justin was a real threat, had any past issues, meant for any law enforcement to get involved, or took any actions to carry out the alleged threat.

Instead, he has been charged with a violation of Section 22.007 of the Texas Penal Code which reads:

TERRORISTIC THREAT. (a) A person commits an offense if he threatens to commit any offense involving violence to any person or property with intent to:

(1)  cause a reaction of any type to his threat by an official or volunteer agency organized to deal with emergencies;

(2)  place any person in fear of imminent serious bodily injury;

(3)  prevent or interrupt the occupation or use of a building, room, place of assembly, place to which the public has access, place of employment or occupation, aircraft, automobile, or other form of conveyance, or other public place;

(4)  cause impairment or interruption of public communications, public transportation, public water, gas, or power supply or other public service;

(5)  place the public or a substantial group of the public in fear of serious bodily injury; or

(6)  influence the conduct or activities of a branch or agency of the federal government, the state, or a political subdivision of the state.

. . . 

(e)  An offense under Subsection (a)(4), (a)(5), or (a)(6) is a felony of the third degree.

The main issue in this case is hilited — Intent.  It is not clear whether the prosecutor is going to try and prove a violation of 4, 5, or 6 (we know they are pressing for a third degree felony), but does it really matter?  Can anyone prove, beyond a reasonable doubt, Justin intended to scare anyone or get law enforcement involved.

There are real threats made on social media and elsewhere.  People that make bomb threats or take other actions meant to scare targeted people or waste law enforcement’s time should be prosecuted.  People who have bad taste shouldn’t.

We can prove beyond a reasonable doubt, the comment was in bad taste — but the same may hold true for trying to prosecute the man unless there really is more to this story that has not come out yet.

Do I need to comply with E.U. privacy laws?

I have not posted in some time because I enjoyed some traveling with the family in Hungary.  Some of my cousins – by marriage – are lawyers in Budapest.  They mainly peppered me with questions about the NSA and our take on privacy.  I can’t repeat the compelling soliloquy I made for all Americans after a few Czech brews, but it was noticeable we had different takes about online privacy.   This is not just a matter of good discussion at a ruin pub, your business needs to pay attention to E.U. privacy law, too.

The E.U. already has strict guidelines that apply to all of their member nations.  Rather than relying upon protections for only certain types of health, financial data or information related to children like we do here in the U.S., the E.U. looks to protect all personal information regardless of how benign it may appear.

Compliance Now

Generally speaking, the E.U. prohibits the transfer of personal data to non-European Union countries that do not meet the European Union “adequacy” standard for privacy protection as directed in the European Union Directive on Data Protection of 1995.   The U.S. is not on that list.

Generally, to comply with existing E.U. guidelines you need to:

1.  Give a notice of what you collect and what you do with it and how individuals can ask about it.

2.  Give individuals the chance to opt-out of disclosure to third parties for reasons outside of the main purpose.

3.  Ensure that the company to whom you transfer data also had adequate protections.

4.  Provide users access to the data you have about them.

5.  Initiate adequate security, data integrity and enforcement procedures.

The Department of Commerce, in consultation with the European Commission, developed a “Safe Harbor” program that qualifies companies to store and transfer personal information on E.U. residents so you don’t have to hire E.U. counsel.  You can learn more about the process here at the Department of Commerce website.

 

The children with my father-in-law.

My children with my father-in-law who left Hungary in 1956.

Compliance in the Future

While already stricter than U.S. requirements, the E.U. is considering strengthening its laws with changes that may take place as soon as next year.

1.  Will you need a forget me button?

Recent proposals have suggested a “right to be forgotten” will have to be implemented requiring companies to erase all information about individuals.  You can read more here on this proposal and how U.S. companies may fight it. If it becomes law in the E.U. next year, will you be able to offer this service?

2.  Will you need consent to share data?

The E.U. is leaning towards a disclosure and consent process before any of your personal information can be shared.  This may require an affirmative opt-in for all cookies with full disclosure of how the information will be used and shared.

The whole Hungarian Family (by marriage) including more than one Hungarian lawyer.

You can read more about some the proposals and the reaction by U.S. companies here, here, here and here.

As you may imagine, marrying a lawyer can make for some interesting conversations (or dreadful depending on your outlook) at home.  The same holds true with an extended family with multiple lawyers working on difference continents with different outlooks.

 

GUEST POST: Start-Ups and the Unpaid Internship – The legal balancing act

As the summer arrives in full force, I am watching a lot of my start-up friends take advantage of the unpaid internship to help with some needed coding, design or marketing projects they haven’t gotten to.   These kids are smart, hungry, can use the experience and wouldn’t it be nice to have someone pick up coffee and donuts for you once in awhile?

As my Looper Reed colleague Michael Kelsheimer explains in a prior post on his Texas Employer Handbook blog, you have to be careful when using unpaid labor.

UNPAID INTERNS, VOLUNTEERS AND TRAINEES

Who, What, Why . . .
Who does it apply to: Every employer who has or intends to hire unpaid interns.
When must an intern be paid: All “employees” of a business must be paid at least minimum wage unless they are a “trainee” under the law, regardless of whether they are called an “intern.”  So, what makes a trainee? The United States Department of Labor (DOL) has established a six-factor test couched in terms of – you guessed it – training – to determine whether an unpaid intern should be considered an employee or trainee under the Fair Labor Standards Act (FLSA):
  • the training is similar to that which would be given in a vocational school (even though it includes actual operation of the facilities of the employer);
  • the training is for the benefit of the trainees;
  • the trainees do not displace regular employees, but work under their close observation;
  • the employer that provides the training derives no immediate advantage from the activities of the trainees, and on occasion operations may actually be impeded;
  • the trainees are not necessarily entitled to a job at the conclusion of the training period; and
  • the employer and the trainees understand that the trainees are not entitled to wages for the time spent training.
When can I hire an unpaid intern or volunteer: The six-factor test is primarily used in the, “for profit,” private sector. State and local government agencies and non-profit organizations can generally utilize interns or volunteers without an obligation to pay them under the FLSA. It is important, though, that the volunteers understand they are not to be paid for their time. Volunteer work at non-profit, religious, charitable, and civic organizations have specifically been cleared by the Texas Workforce Commission.
What about true student interns: Student interns are not evaluated differently by the DOL. They should easily meet the trainee test. That said, there are special rules for individuals who have completed a professional degree like physicians, attorneys, and therapists, generally allowing them to volunteer their time as they choose.
What do these factors really mean: The more an internship program can be structured around a classroom or academic type experience the better. It is better if the employer can provide the individuals with skills applicable to various employment settings, not just skills particular to the employer’s business. Essentially, the employer needs to provide the intern or volunteer with valuable training. Ideally, the training would make them more marketable in the open job market. The employer must pay any intern or volunteer that is used as a replacement for a regular employee or to reduce their workload. The intern or volunteer should receive more supervision than a regular employee.  If the employer would have to hire additional employees if the intern or volunteer were not performing certain work, the intern or volunteer would be considered an employee. Don’t rely on unpaid interns to do work of any real significance to your business. The work done by an unpaid intern should be secondary to their training. An intern that is hired by an employer on a trial basis with the expectation that they will eventually be hired full time will likely be considered an employee under the FLSA. Employers should indicate prior to the start of the internship that there is no guarantee or expectation of hiring the interns upon completing the internship. A written agreement indicating this is advisable. Employers should indicate prior to the start of the internship that there is no intention to pay the intern. A written agreement indicating that the intern will not be paid and does not expect to be paid is advisable.
What happens if I don’t follow the test: An employer violating the rule is subject to the same damages available to an employee who is not paid all of the wages they are owed. This may include minimum wage and overtime for all hours worked, plus an equal amount in liquidated damages for all interns over the past two or three years.
What about discrimination laws: It depends on whether the person in question receives “significant remuneration” for their efforts. The EEOC has stated that things like a pension, group life insurance, workers’ compensation, or access to professional certifications constitute significant remuneration. However, Courts have determined that things like academic credit, practical experience, and scholarly research do not constitute significant remuneration. Because this point is subject to interpretation, however it is best to treat all interns and volunteers as though they are employees with respect to discrimination laws.
Common Situations:
Required training: Safety First is ready to hire a new class of security guards.  The company requires that security guard trainees receive 40 hours of training prior to performing any regular work under their service contract.  According to their contract, the training is focused on “company practices, policies, and rules.” Does Safety First have to pay the trainee security guards even though they are not yet performing regular work?  Yes. These trainees would be considered employees because: (1) the employer is directly benefiting from their training, (2) the training is given to security guards who will work on contract, and (3) Safety First can only employ specifically trained guards.
Homegrown hiring: Maverick Finance hires interns each summer.  Maverick’s intern program is structured much like an academic program.  The interns do not do the work of regular employees and are heavily supervised.  The interns are not paid and are aware there is no guaranty of employment.  However, Maverick hires its first year analysts almost exclusively from the unpaid interns it has each summer. Does the FLSA require Maverick to pay these interns at least minimum wage? Probably.  Although Maverick substantially satisfies the six factor test, its practice of hiring analysts from the intern pool is likely enough to tip the balance against the company in the face of a DOL audit.
What should I do:
Good: Paying minimum wage to all interns probably is the safest bet. You avoid the risk of an audit of all your employment practices because of one dissatisfied intern that calls the DOL.  If you go the trainee route, be sure to meet all the factors.
Better: If you have true “trainees” taking into consideration all the factors, it makes sense to put that understanding in writing in a short half-page agreement outlining the factors. If you use volunteers, it makes sense to have them sign a one-paragraph agreement acknowledging their status as a volunteer without expectation of pay or other “significant remuneration” to avoid the possibility of an EEOC complaint.
Best: In addition to the items above, require that the trainees keep track of their hours so you have a record of how much they might be entitled to if the DOL audits and rules them employees. Be sure they do not work more than 40 hours to avoid increasing the risk to include overtime. Have the trainees and their supervisors keep a log of their activities so that there is no confusion regarding the type of work they did.

Will there be an “eraser button” on social media for teens?

There are two bills (SB 568 and SB 501) working their way through the California Legislature that may require social media sites to erase the content of minors.

Oops . . . I shouldn’t have posted that.

California Senate Bill 568, which has already passed the Senate, would allow minors to request websites to remove that picture the teen thought would be awesome to post at 2:30 in the morning, but no longer looks good while you are applying for jobs or a spot at Harvard.  It only applies to content actually posted by the minor and not those pictures posted by the teen’s friends who have less scruples.

Before minors celebrate by temporarily posting offensive jokes or pictures, the bill wisely provides that there is no guarantee removal by the initial website ensures complete elimination of the materials from the entire web.  The law states the removal process:

does not ensure complete or comprehensive removal of the content or information submitted to or posted on the operator’s Internet Web site, service, or application by the user.

The existing federal COPPA regulations provide for a similar removal process of content for children under 13 by the parents, but this law would force websites to add the process for those up to 17 and allow the request to come from the minor.  Considering most social media reputational harm is likely to happen in college (let’s just say I’m glad I went through college before smartphones and social media), I am sure there are some who like this to be law for people of all ages?

And now, a word from our sponsor.

Another interesting part of SB 568 prohibits websites from marketing a product or service to a minor, if the minor cannot legally purchase the product or participate in the service in the State of California.  This prohibition applies to all sites and apps “directed to minors” or if the operators “has actual knowledge that a minor is using its” service.

This “directed to” or “actual knowledge” is also a similar COPPA concept which is why certain sites like Facebook do not allow users under 12, but do allow users 13 and above.  Because Facebook has actual knowledge of its users between 13 and 17, it would not be allowed (or possibly allow others) to market alcohol or possibly even R-rates movies.

Dude, my mom erased my PII!

California SB 501, meanwhile, would require websites to remove personally identifiable information about minors upon the request of the minor OR the parent within 96 hours of the request.

As opposed to the first bill, this one would only apply to a “Social networking Internet Web site” which is defined as:

an Internet Web-based service that allows an individual to construct a public or partly public profile within a bounded system, articulate a list of other users with whom the individual shares a connection, and view and traverse his or her list of connections and those made by others in the system.

Why do I care?

These bills are not likely to become law in the next couple months (S.B. 568 would not go into effect until January 1, 2015).  Even if you are not running Facebook, you should care.  To the extent you advertise on social media adult products or services, you need to pay attention and be prepared for any changes.

If you have a website “directed” to minors or with actual minors using it, the law will require certain disclosures and procedures.  Simply failing to have the listed disclosures can get you in trouble.  You will have to be careful in how you accumulate and store information so that you can respond to requests timely to avoid related civil penalties.  Perhaps, between now and when (or if) these bills become law, you will have to consider what value the 13-17 year old market means to you in light of these changes?

Even if you are so uncool that your site does not want to deal with teens (and won’t be deemed “directed” towards teens based on your content), you should at least adjust your terms of service to prohibit use by anyone under 18 to avoid having to deal with these proposals.

Google and Facebook are fighting this law, so perhaps there will be some changes or they will die.  For more on these bills and the implications, read the Privacy and Security Matters Blog.

 

Texas Leg 2013 Wrap-Up – Texas Does Not Take the Lead on Social Media Issues

Although the Governor called a special session extending the Texas Legislative session, the topics to be addressed are political ones and not the ones we have been tracking.  We can therefore wrap-up our watch of the three bills we were monitoring.

First, bring out your dead!

HB 318/SB 118 social media passwords

A bill that would have prohibited employers from demanding social media passwords from its employees and applicants garnered much attention, was passed by the house, but then died.  Texas will not join about a dozen other states who have passed similar laws to provide what I think is a solution to a non-existent problem.  I seriously doubt that between now and 2015, employers will run amok demanding social media passwords — especially with the pro-employment attention Texas has been getting (shameless plug for my hometown).  The National Conference of State Legislatures has a good page on the efforts by various states.

HB 1989 service by social media

This bill also generated attention, but did not get very far.  It would have allowed judges to authorize service of a lawsuit via social media.   The existing rules allow judges to authorize substituted service when necessary which could include social media assuming certain due process protections are in place.  This bill would have given judges more comfort with the idea, but its death does not mean it can’t still be done.   This Outside Counsel article by Michael Lynch suggests service of process via social media may become more common without extra rules or laws.

The lone survivor

Only SB 94 was passed and will become law on September 1, 2013.  It allows for private civil lawsuits against websites that allow advertisements for what the law calls “compelled prostitution,” better known as sex trafficking.  As explained in my initial post, there is a serious legal question of whether the Texas law would run afoul of Section 230 of the Communications Decency Act which generally shields website operators from liability for user generated content.  Hopefully, it is a purely academic discussion and this law is little used because of the lack of necessity.  If a website is sued, it will make for an interesting defense.

The Legislature now focuses on redistricting – expect some fireworks and perhaps another escape.