FDA has previously included claims made on Facebook or other social media platforms along with broader allegations of misbranding using a variety of sources in its enforcement letters . . . [b]y contrast, the present untitled letter focuses solely on a single statement on a Facebook page, and does not take issue with any statements outside the Facebook page.
Continue Reading FDA Issues Untitled Letter Focused On Promotional Claims On Facebook

On January 13, 2014, FDA issued a draft guidance document entitled “Fulfilling Regulatory Requirements for Postmarketing Submissions of Interactive Promotional Media for Prescription Human and Animal Drugs and Biologics.” This draft guidance addresses the procedural topic of submitting Forms FDA 2253 and 2301 when firms use social media such as blogs, microblogs, social

The FTC has denied AssertID’s request to recognize a new method for obtaining verifiable parental consent for the online collection, use, and disclosure of personal information from children under 13.  The application was the first of its kind to be filed since the FTC added a voluntary parental consent approval process to its revised rule implementing

Last week, dating website PlentyOfFish withdrew its offer to buy bankrupt rival True.com, citing concerns raised by Texas Attorney General Greg Abbott that the sale would violate True.com’s privacy policy and expose its members to unexpected privacy risks.  Two weeks ago, Abbott filed an objection in U.S. Bankruptcy Court to block the proposed transfer of True.com’s membership database, which contains personal information about the website’s 43 million subscribers.  True.com has been in Chapter 11 bankruptcy proceedings since 2012.

The Texas Attorney General objected to the proposed sale on the grounds that that it was inconsistent with True.com’s privacy policy, which Abbott argued “contains ambiguities as to whether Customers will have a right to opt-out or opt-in to consent to the transfer of their [personal information].”  As part of the bankruptcy proceeding, True.com had entered into an Asset Purchase Agreement with PlentyOfFish, another popular dating website, under which PlentyOfFish would gain access to True.com’s extensive database of members’ personal information.  But last week, PlentyOfFish withdrew from the Asset Purchase Agreement, citing the Texas Attorney General’s objection.  In a letter filed with the court on October 23, PlentyOfFish stated that the transfer of True.com’s customer information “do[es] not appear to be legal, valid and effective,” and that the sale “appears to violate Seller’s privacy policy which affects and binds Seller’s assets.”  Markus Frind, the CEO and founder of PlentyOfFish, addressed the problem candidly in his blog, asking “Who in their right mind is going to buy a dating site with 43 million members if you are not allowed access to those members?” 


Continue Reading Texas AG Objections To Transfer of Personal Data Demonstrate Significance of Privacy Policy Disclosures

Earlier this month, we blogged about the California Senate’s passage of the bill titled “Privacy Rights for California Minors in the Digital World”, which prohibits certain targeted advertising to California minors and requires that minors be allowed to delete materials they have posted online.  Yesterday, California Governor Jerry Brown signed the legislation, and it

New Jersey has enacted restrictions on the ability of employers to access employees’ social media accounts, becoming the twelfth state to enact such legislation. More than 30 state legislatures have considered bills on the topic in 2013, according to the National Conference of State Legislatures.

New Restrictions in New Jersey

New Jersey’s new law, signed by Governor Chris Christie on August 29 and effective December 1, generally prohibits employers from requiring or requesting that employees or prospective employees “provide or disclose any user name or password, or in any way provide the employer access to, a personal account through an electronic communications device.” Employers also may not require individuals to waive the law’s protections or retaliate against individuals who refuse prohibited requests or file complaints with the Commissioner of Labor and Workforce Development about violations of the law. An earlier version of the law, passed by the legislature but vetoed by Gov. Christie, also would have allowed aggrieved individuals to file civil suits for injunctions, damages, and reasonable attorneys’ fees and court costs.


Continue Reading New Jersey Restricts Employer Access to Employees’ Personal Online Accounts

Last Friday the California Senate unanimously passed legislation titled, “Privacy Rights for California Minors in the Digital World,” which prohibits certain types of marketing to minors (defined as a natural person under the age of 18 residing in California) and allows minors to delete materials they have posted online.  The bill, which already cleared the California Assembly, now has been sent to Governor Jerry Brown for approval.  If signed into law, the legislation would be effective beginning January 1, 2015. 

The bill, S.B. 365, which was introduced by Senator Darrell Steinberg, adds two new sections to the California Business & Professions Code.

Section 22580 would:

  • Prohibit an operator of a website, online service or application, or mobile application that is directed to minors from marketing or advertising on the service or application certain enumerated products or services that minors cannot otherwise legally purchase or use.  While some of these products and services may be obvious—e.g., alcohol, firearms, tobacco, and obscene materials—others—e.g., tanning and etching cream that is capable of defacing property—may be less so.  
  • Prohibit an operator of a website, online service or application, or mobile application from marketing or advertising the enumerated products or services where the operator has actual knowledge a minor is using its service or application, if the marketing or advertising is directed to that minor based on information specific to the minor such as profile, activity, address, or location, but excluding IP addresses and product identification numbers.  The operator shall be deemed in compliance with this provision if it takes reasonable actions in good faith designed to avoid marketing or advertising under these circumstances.
  • Prohibit an operator of a website, online service or application, or mobile application that is directed to minors or who has actual knowledge that a minor is using its service or application from knowingly using, disclosing, or compiling the personal information of a minor (or allowing a third party to do so) with actual knowledge that such activity is for purposes of marketing or advertising the enumerated products or services to that minor. 
  • These prohibitions do not apply, however, to the incidental placement of products or services embedded in content, if the content is not distributed by or at the direction of the operator primarily for the purposes of marketing and advertising the enumerated products or services.
  • Additionally, “marketing or advertising” is defined to require an “exchange for monetary compensation” in order “to make a communication to one or more individuals, or to arrange for the dissemination to the public of a communication, about a product or service the primary purpose of which is to encourage recipients of the communication to purchase or use the product or service.”  Thus, social media content or applications that only promote an enumerated product or service without paid placement would not fall within the scope of the bill. 


Continue Reading CA Legislature Passes Bill Establishing Online Protections for Minors

A New Jersey federal court recently held that an employee’s Facebook wall posts were protected by the Stored Communications Act (“SCA”), 18 U.S.C. § 2701 et seq., in one of the first cases to analyze the SCA’s application to the Facebook wall.  Ehling v. Monmouth-Ocean Hospital Service Corp.., No. 2:11-cv-3305 (WMJ) (D.N.J. Aug. 20, 2013).  An important factor in the court’s ruling was the fact that the employee had configured her privacy settings to restrict her posts to her Facebook “friends.”

The court found that the employer had not violated the SCA by viewing the employee’s wall, however, because a co-worker, who was one of her Facebook friends, showed the post to their employer without any prior prompting by the employer.  

This ruling provides further reason for employers to avoid unauthorized access to an employee’s social media activities.  The court’s holding is consistent with the passage by 11 states of laws prohibiting employers from demanding social media passwords from employees.  But employers that learn of social media activity by employees through passive means may still be able to take action based on that information.


Continue Reading Federal Court Finds Stored Communications Act Applies to Facebook Wall Posts

Many employers have been surprised by recent rulings that two common employment policies run afoul of the National Labor Relations Act (“NLRA”) even if their employees are not union members.  Based on a legitimate interest in preserving confidentiality and privacy, many employers have adopted social media policies limiting what employees may post on Facebook or Twitter about their employer or co-workers.  Based on similar privacy considerations, employer procedures for investigating sexual harassment and other complaints often place restrictions on what employees may reveal to their co-workers or others about the allegations.  According to recent decisions, however, both policies may violate Section 7 of the NLRA, which permits employees to engage in “concerted activity” for “mutual aid and protection.”

Section 7.  It is well established under the NLRA that employees may confer with one another about their wages and other terms of employment and may take  “concerted” action in an effort to improve their working conditions.  Employees (but not managers) are protected by Section 7 of the NLRA, whether or not they are members of a union. But employers rarely face Section 7 issues since claims under Section 7 must be asserted in charges filed with the National Labor Relations Board (“NLRB”), and few employees do so.   

Confidentiality of Complaint Investigations.  Enforcement Guidance issued by the EEOC directs employers conducting investigations of workplace harassment to assure complainants that they “will protect the confidentiality of harassment complaints to the extent possible.”  Employers routinely adopt policies asking employees who are part of workplace investigations, either as complainant or witness, to keep such investigations confidential.  Such policies help ensure the integrity of investigations, prevent workplace retaliation for participation in investigations, protect the privacy of complainants, and foster an environment where employees will readily report harassment concerns.


Continue Reading The NLRB Strikes Down Employer Policies on Social Media and the Confidentiality of Complaint Investigations

Twitter recently released its bi-annual transparency report, detailing the number of requests that the company has received from governments for user information or to take down content.  According to the report, the company received 1,157 requests for user information in the first six months of 2013, the highest amount since Twitter began releasing its report.  Twitter reports that 78% of the requests came from United States sources, and globally the company provided some or all information requested in 55% of cases. 


Continue Reading Twitter Releases Bi-Annual Transparency Report