The Legal Implications of Social Networking: The Basics (Part One)
We are in the midst of a communications revolution. Use of social media for communication purposes continues to grow, while "old school" messaging media like email is on the decline. Facebook reportedly has reached 700 million users worldwide and is putatively valued at $50 billion dollars. Advertising revenue expected to be generated from social media is estimated to reach $8.3 billion dollars annually by 2015. Significantly, according to one survey, 81% of companies have implemented (or plan to implement) social networking in order to enhance their exposure. Seventy-three percent of small and medium businesses reportedly employ social media for marketing purposes.
Much like the “Cloud computing revolution" there is an almost frenzied excitement around social media, and many companies are stampeding to exploit social networking. The promise of increased intimate customer interactions, input and loyalty, and enhanced sales and expanded market share can result in some organizations overlooking the thorny issues arising out of social networking. Many of these issues are legal in nature and could increase the legal risk and liability potential of an organization employing a social media strategy.
Coming on the heels of a white paper we wrote with ACE USA, in this multi-part series the InfoLawGroup will identify and explore the legal implications of social media. This series will help organizations begin to identify some of the legal risks associated with social media so that they may start addressing and mitigating these risks while maximizing their social media strategy.
In Part One of the series, we will provide a high level overview of the legal risks and issues associated with an organization’s use of social media. In subsequent parts members of the InfoLawGroup team will take a deeper dive into these matters, and provide some practical insight and strategic direction for addressing these issues. As always, we view our series as the beginning of a broader conversation between ourselves and the larger community, and we welcome and strongly encourage comments, concerns, corrections and criticisms.
Continue Reading...California Federal Court Dismisses Bulk of Privacy Suit Against Facebook
In late 2010, David Gould and Mike Robertson filed a class action lawsuit against Facebook for disclosing users’ personal information to third-party advertisers without users’ consent. The Plaintiffs asserted eight causes of action against Facebook, including violations of the Electronic Communications Privacy Act (“ECPA”) and California’s Unfair Competition Law (“UCL”). Expressing skepticism about the actual harm alleged by the Plaintiffs, the United States District Court for the Northern District of California dismissed the claims against Facebook on May 12, 2011.
Continue Reading...What's Next for the FTC's Proposed Privacy Framework?
The December 2010 release of the FTC's much anticipated Privacy Framework (see our coverage here, here, here and the report itself here), included the typical public comment period, which ended in February. We've looked at the 442 separate submitted comments received by the FTC, available here, from individuals and associations, corporations and organizations. The goal was to uncover what themes, trends and thoughts are raised by the FTC's framework, and in turn, to scope what feedback the FTC will be weighing in future changes of the report and ultimately any resulting recommendations for additional legislation and regulation.
Why spend the time now, rather than waiting for future concrete statutes and regulations, particularly in light of the ongoing bills recently proposed at both the state and federal levels (see Speier bill here, Boucher bill here, Washington's PCI law here, Colorado's novel data bill here, etc.)? Because the FTC has a front and center role in the ongoing online privacy debate - one recently joined in earnest by the Department of Commerce and the issuance of its privacy "Greenpaper" report. As such the FTC's opinion, and its effect on industry actions, is outsized. And since IT budgets, plans and implementations have long range time horizons, advance understanding of what may come, in one form or another this year or next, should help avoid the need to embark on costly sudden reactions. With this in mind, what can the public comments tell us?
Continue Reading...Live from the IAPP Global Privacy Summit in Washington, DC, It's Monday Afternoon
This week, I will be providing short updates from the IAPP Global Privacy Summit in Washington, DC. The conference will be in full swing tomorrow, and I will report on various panels and topics of interest. In the meantime, as I prepare to see old and new friends at the Welcome Reception this evening, a few thoughts on what I expect to see and hear a lot over the next few days:
- How can we harmonize the EU Data Protection Directive and EU member country privacy laws with the flow of data in today's global economy? It is unfortunate that a number of IAPP participants from the EU will not make it to DC for the Summit this year due to the Icelandic volcano. Nonetheless, I expect active dialogue regarding cross-border data transfers, safe harbor v. standard contractual clauses v. binding corporate rules, and, in particular, the impact of the growth of cloud computing and other outsourcing arrangements (or, at least, the growth of the hype around cloud computing). It would also be nice to hear more about the EU Cookie Consent law - there is a panel scheduled to take place, but unknown if that will happen in light of the volcano debacle.
- HIPAA/HITECH and Medical Identity Theft: Health care privacy topics are hotter than ever, especially with the growing number of reported security breaches affecting more than 500 individuals under the new HHS breach notification rules promulgated pursuant to the HITECH Act.
- "Reasonable Security": What does Massachusetts think? What does the FTC think? What in the world is it and how in the world can organizations comply?
- On a related note, FTC Enforcement, with a focus on behavioral marketing issues and evolving notions of notice and consent. What trends will we see over the next several years, particularly with the growth of social media and online behavioral advertising?
- Social media: how it affects the workplace, corporate policies and procedures, and "reasonable expectations" of privacy.
- The forecast for federal legislation - not just on breach notification, but security requirements, online behavioral marketing and, getting lots of media attention these days, potential revisions to ECPA (being driven, once again, by the cloud computing explosion).
- Breaches, breaches, and more breaches. Of course.
A few things that appear to be missing from this year's agenda - the FTC's current review of the rules under the Children's Online Privacy Protection Act (COPPA), enforcement of the Red Flags Rule (the FTC will start enforcing the Rule June 1), and the growing number of state laws (Washington, Nevada, Minnesota) requiring compliance with the PCI Standard.
Stay tuned, I will endeavor to post developments on a daily basis.
