taglaw social media presentation · 2015-03-17 · ftc endorsement guidelines • covers...

1

International Conference May 7-9, 2012

SAN FRANCISCO

Social Media: An Overview for

Attorneys and Accountants Larry Drapkin, Mitchell Silberberg & Knupp LLP Nate Garhart, Coblentz, Patch, Duffy & Bass LLP Norman Posner, Samet Robert Reitman, Cornick, Garber & Sandler, LLP Daniel Vaswani, Kagu9

2

How Quickly We Forget…

•  Interaction with consumers through Internet Applications

•  Is it new?

•  “Networking” = a supportive system of sharing information and services among individuals and groups having a common interest

•  What’s new about it?

–  It’s Internet-based –  It’s immediate –  It goes beyond the core community

3

Who Uses Social Media?

Social Media Service Platforms TWITTER – “I am at this place, and check out this blog about it” FACEBOOK – “I like this place” YELP – “Here is my rating and review of this place” FOURSQUARE – “This is where the place is” INSTAGRAM – “Here’s a photo of the place” YOUTUBE – “This is me walking in the place” SPOTIFY – “I’m listening to the song “This Must Be the Place” PINTEREST – “Here are all my favorite places” GROUPON – “I got into this place for ½ price.” LINKEDIN – “My skills include finding places” BLOGS – “I’m an expert on the subject matter related to this place”

Where should you be?

4

Different Platforms for Different Purposes?

Advertising through social media offers more than “spam” emailing:

• Targeted to interests • Consumers “choose” the ads they want to see • Feedback

Quick Popularity Gauge

5

SOCIAL MEDIA:�THE NEW WAY TO �GET IN TROUBLE?

State, Federal & Self Regulation •  State Law�

•  § 43(a) and 43(b) Lanham Act

•  §5 of the FTC Act: False advertising

•  Employment Laws and NLRB Guidance

•  Copyright Act

•  CAN-SPAM: Online ads

•  Privacy issues

•  Rules of Professional Responsibility

•  Terms of Use and Privacy Policies

•  Social Media Policies

User Generated Content IP ISSUES:

•  Copyright Problems: Do you own or license the content?

•  3rd Party Rights infringement

•  Clearance Issues

•  TM Issues: Infringing? Tarnishing?

6

FTC Endorsement Guidelines

•  Covers recommendations, reviews, endorsements, etc.

•  Requires disclosure by the author of any connection� with advertiser/manufacturer, including any benefits, “consideration”� whatsoever received by the author.

•  Advertiser must advise authors that connections need to be disclosed;

•  Advertiser should have processes in place to monitor postings for compliance;

•  Advertiser can be held liable for undisclosed connection, false statements

Forum Rules •  Read them!

Forum Rules •  Read them!

Pay Attention to Your Own “Rules”

•  Terms of Service (Terms of Use) are critically important and should be tailored to your Social Media activity.

•  Cover IP issues concerning the use of your name and content from your site(s)

•  Protect yourself from copyright� and other 3rd party liability (DMCA, � indemnification)

•  Privacy Policy – E.g., Must disclose manner of use of Personally Identifiable Information

7

Employment Issues

•  Use of SM to Investigate/Contact Potential Employees

–  Be careful – you may learn things that you don’t want to know (such as protected characteristics)

–  Must have legitimate access

•  Workplace Environment Issues:�

–  Private vs. work-related activities –  Endorser issues –  Copyright and trademark issues –  Confidential information –  Affiliate/partner/cause relations –  “Friend” relationships with coworkers/subordinates –  Use of information –  Disclosure if monitoring –  The list goes on and on and on and on . . . . . . .

Rules of Professional Responsibility

•  Duty of Confidentiality

•  Duty of Loyalty

•  Regulation of Advertising (e.g., Testimonials)

•  Creation of Attorney-Client Privilege

Social Media Policies •  Social Media is a big part of business

development • Need to understand entity strategy, culture,

and goals before drafting • May run from guidelines to binding policy • Be wary of blanket prohibitions (“You may

not disparage the firm”) • Disclose what information you may be

collecting/monitoring from employee social media activities and what you may be doing with it – privacy issues

8

Informa(on Privacy and Social Media

Copyright © 2012 Kagu9, Inc. All Rights Reserved.

1

Introduc(on

Copyright © 2012 Kagu9, Inc. All Rights Reserved. 2

Daniel Vaswani Corporate Counsel,

Kagu9, Inc.

San Francisco, CA

P: +1.510.371.5009

E: [email protected]

•  Manage data collection, use, and protection policies and procedures

•  Draft data collection, use, and protection policies and procedures

•  Advise corporate management on acceptable data collection and use practices

•  Assist in the development of technology based solutions, protocols, and procedures

Privacy Roles:

Agenda

•  Privacy in a Nutshell •  General ConsideraJons •  Facebook’s Privacy Issues •  Google’s Privacy Issues •  Privacy from a PracJJoner's PerspecJve

–  Data CollecJon –  Data Use –  Data ProtecJon

•  Muddying the Waters – The FTC’s New Report: “ProtecJng Consumer Privacy in an Era of Change”

•  InternaJonal InformaJon Privacy


9

General Considera(ons: Privacy In A Nutshell

2 Relevant Types of Informa(on – Personally Iden(fying Informa(on (PII) & Non-‐PII: PII is online informaJon that can idenJfy someone personally & non-‐PII is informaJon that does not uniquely idenJfy a person, but when used in conjuncJon with other informaJon does idenJfy a specific person (age and address)

2 Dominant Statutes: • Federal Trade Commission Act: generally gives the FTC the power to prohibit unfair and decepJve acts and pracJces that affect commerce • U.S. Safe Web Act: generally gives the FTC a number of tools that assists them in the enforcement of misleading privacy and security pracJces

Your PII and why You Should be Concerned:

When using the internet, your informaJon is constantly being accessed with and without your knowledge and consent. As a result, you are constantly being tracked, and the jusJficaJon frequently given is that companies are seeking to beber serve you. However, companies are not necessarily honest when making that asserJon. Therefore, you should be concerned about the way companies are actually using your informaJon; especially when the informaJon is used in unwanted or unauthorized manner.


General Considera(ons: Prac(cal Privacy

•  Don’t use your Social Networking Page as a Diary or Photo Book: its not a good policy to use Facebook, LinkedIn, Google+, or other sites as your personal diary or photo book

•  Act with Cau(on and Reserva(on: always presume that the party or person you don’t want seeing something will see it if its online

•  The Online Version of Yourself: generally post things that make the online version of yourself the beber version of yourself

•  Informa(on Posted Online is Permanent: social networking, professional networking, and daJng sites usually don’t allow you to permanently delete informaJon

•  Divulging your FB Account Informa(on: states are slowly adopJng legislaJon protecJng employees from employers who ask for social networking login informaJon – you can refuse


Don’t Post Something Now That You May Not Want To Be There Tomorrow


10

Facebook’s Privacy Issues Outline of the FTC’s 8 Count Complaint:

Count 1: DecepJve Privacy Segngs (profile segngs were not effecJve at managing third-‐party access)

Counts 2 & 3: Unfair and DecepJve Privacy Segngs (2009 ediJon) (ineffecJve descripJon of privacy segngs) Count 4: ApplicaJons’ Access to User InformaJon (ApplicaJons accessed more informaJon than explained)

Count 5: Disclosure of User InformaJon to AdverJsers (AdverJsers targeted their ads by using profile informaJon) Count 6: DecepJve “Verified Apps” Program (falsely indicated that Verified Apps had their security procedures screened)

Count 7: Disclosure of User Photos and Videos (media not deleted when account deacJvated or deleted)

Count 8: U.S.-‐E.U. Safe Harbor ViolaJons

Summary: Facebook’s Privacy Policies failed to adequately explain the way Facebook used and collected profile informa(on. In effect, the informa(on that was alleged to be private was in fact public.

SETTLEMENT: No future decep1ve privacy statements will be permi8ed, users must consent before changes to the way informa1on is shared are implemented, and Facebook must submit to assessments by independent auditors.

Conclusion: Companies must clearly explain in plain English the manner in which informa(on is collected and used and the company must s(ck to it. If the company changes its privacy prac(ces, users should be given the opportunity to opt out.


Google’s Privacy Issues Generally, it has been alleged that Google misrepresents the way that it collects, stores, and uses informaJon

Google’s Privacy Issues by Service:

• Google: Places cookies on users’ computers; a combinaJon of Google services allows informaJon to be opJmized for search engines

• Google Street View: can provide direct informaJon about a person’s whereabouts and other “personal” informaJon – users can request that certain things be blurred out of view

• Google Buzz: inadvertently acJvated in Gmail, regardless of user’s preferences

• Gmail: targets users by gathering email content and focuses adverJsing • Google+: idenJfies specific users through search engines • Post Privacy ConsolidaJon (March 2012): the new consolidated privacy policy combines data across various Google services with no opt-‐out opJon—if users want out, they have to stop using Google services

Summary: Google’s Privacy Policies failed to adequately explain the way Google uses and collects profile informa(on.

Conclusion: Companies must clearly explain in plain English the manner in which informa(on is collected and used and the company must s(ck to it. If the company changes its privacy prac(ces, users should be given the opportunity to opt out.


Privacy From A Prac((oner’s Perspec(ve

Privacy is Not a New Concept: Health Insurance Portability and Accountability Act HIPAA (2002); Americans with DisabiliJes Act (1990); Employee Polygraph ProtecJon Act (1988); Electronic CommunicaJons Privacy Act (1986); Freedom of InformaJon Act (1966); FTC ACT (1914); and many other statutes

Considera(ons when Developing your Company’s Privacy Policy (dog and pony show):

• Consider your Services and the InformaJon you Need: what informaJon do I need? do I really need someone’s locaJon, date of birth, social security number, or address?

• Explain in plain English what InformaJon you Collect and How: if your site uses cookies, explain how; if your site collects informaJon about what browser you are using, explain how…

• Explain How you Use and Why you Collect the InformaJon you do: if you use cookies to make it easier for people to login to your site, explain…

• Explain what your InformaJon Security and ProtecJon Procedures are: do you use security cerJficates or encrypJon procedures, if so, explain; does your campus require secure access, explain…

• Opt-‐Outs: If you are a larger company, give users a real opJon to opt out

Keys to Success:

• Work closely with your IT Professionals: your IT professionals are generally responsible for implemenJng these procedures, work with them, tell them what is needed and ask them how to get it done

• Don’t Misrepresent: tell the whole truth, do not misrepresent anything, if something changes, err on the side of cauJon and get the consent of your users before implemenJng the change


11

Muddying the Waters: The FTC’s Final Framework


Applicability & Scope: The FTC’s framework applies to all commercial enJJes that collect or use consumer data that can be reasonably linked to a specific consumer, computer, or other device, unless the enJty collects non-‐sensiJve data from fewer than 5,000 consumers per a year AND does not share informaJon with third parJes.

Privacy by Design:

• DefiniJon: enJJes should promote consumer privacy by implemenJng privacy protecJons at all stages of development

• SubstanJve Principles: enJJes should incorporate substanJve protecJons including data security, reasonable collecJon limits and pracJces, sound retenJon and disposal pracJces, and ensure data accuracy

• Procedural Principles: enJJes should maintain comprehensive data management procedures throughout the life cycle of all products and services

Simplified Consumer Choice: • No Choice Needed: enJJes do not need to provide a choice before collecJng and using data for pracJces that are consistent with the context of the transacJon or the company’s relaJonship with the consumer

• When Choice is Needed: if not in accord with the above, choice should be extended at a Jme AND in a context in which the consumer is making a decision about whether or not to submit their data; and enJJes should obtain affirmaJve express consent before (1) using data differently than claimed when data is collected, or (2) collecJng sensiJve data

10

Muddying the Waters: The FTC’s Final Framework (cont’d)


Transparency:

• EnJJes should increase the transparency of their data pracJces: –  Privacy NoJces –  Access

–  Consumer EducaJon Legisla(ve Recommenda(ons:

• Congress should drat baseline privacy principles The FTC’s Ini(a(ves: (1) Do Not Track: browser vendors have implemented sound procedures for consumers to indicate that they do not want to be tracked and should conJnue to do so

(2) Mobile: enJJes should provide mobile services with improved privacy protecJons, including the development of short meaningful disclosures; the FTC pledges to provide guidance and educaJon to enJJes who collect consumer data

(3) Data Brokers: the FTC calls for targeted legislaJon and requests that data brokers create a website where data brokers (1) idenJfy themselves and explain how they collect and use data; and (2) detail the access rights and other choices they provide with respect to consumer data that they maintain

(4) Large Pladorm Providers: ISP, OS, browsers, and social media raise heightened privacy concerns

(5) Self-‐Regulatory Codes: the Department of Commerce and stakeholders, are undertaking a project to facilitate the development of sector-‐specific codes of conduct

11

Interna(onal Informa(on Privacy


With commerce being a global concept, the transmibal of data across borders is common. Problems arise when the exchange happens between countries with different data collecJon, use, and protecJon pracJces.

UN Guidelines for the Regula(on of Computerized Personal Files (1990):

• Series of Minimum Guarantees: all member states must insJtute the minimum procedures set forth in the Guidelines • Transborder Data Flows: if the policies of both countries are different, then no unduly limitaJons

E.U. Data Protec(on Direc(ve (1995):

• Transfer of Personal Data: only OK if transferred to countries that provide adequate privacy protecJon • Adopted by each EU Country Individually: each state must pass its own laws to follow the direcJve

• Data protec1on is a EU Policy whereas the U.S. uses a self-‐regula1on approach to be adopted individually by companies, therefore, the prac1ces and policies don’t necessarily align

Safe Harbor Arrangement (2000):

• Form of Self-‐RegulaJon: the Safe Harbor seeks to assist U.S. companies in meeJng the E.U. Data ProtecJon DirecJve and a U.S. company has to choose to adopt the procedures and self-‐cerJfy • Some Selected Provisions: noJce about collecJon choice whether PI should be disclosed to third parJes; transfers to third parJes must be authorized; users must have access to their informaJon; there must be adequate security procedures; and collected informaJon must be relevant for the stated purpose

12

12

Q&A

Thank you for your attention!


taglaw social media presentation · 2015-03-17 · ftc endorsement guidelines • covers...

Documents