Social Media

Just before the Thanksgiving holiday, the Federal Trade Commission (“FTC”) announced the issuance of consent orders involving Creaxion Corporation and Inside Publications, LLC to settle allegations that the companies misrepresented paid endorsements as independent opinions, and misrepresented paid commercial advertising as independent editorial content.  As a result, these companies and their principals are now prohibited from making misrepresentations about the status of their endorsers, required to clearly and conspicuously disclose material connections with such endorsers, and are required to monitor their endorsers.
Continue Reading FTC Settles with PR Firm and Publisher Over Social Media Endorsements

The Article 29 Working Party (WP29) has published long-awaited draft guidance on transparency and consent under the General Data Protection Regulation (“GDPR”).  We are continuing to analyze the lengthy guidance documents, but wanted to highlight some immediate reactions and aspects of the guidance that we think will be of interest to clients and other readers of InsidePrivacy.  The draft guidance is open for consultation until 23 January 2018.
Continue Reading EU Regulators Provide Guidance on Notice and Consent under GDPR

On September 5, 2017, the Grand Chamber of the European Court of Human Rights (“ECtHR”) issued its ruling on appeal in the case of Bărbulescu v. Romania, concerning alleged unlawful workplace monitoring of Mr. Barbulescu’s private communications.

Overturning the ECtHR’s prior ruling in the case (covered by Inside Privacy here), the Grand Chamber held that Romanian courts had not adequately and fairly weighed up the competing interests of Mr Barbulescu and his employer.  That defect of justice meant that Romania had failed to proactively protect Mr Barbulescu’s right to privacy, as required by its membership of the European Convention on Human Rights.

The Grand Chamber held that Mr Barbulescu’s right to privacy extended to his workplace, despite his private use of a work computer constituting a breach of his rules of employment.  The Grand Chamber held that while privacy in the workplace can be restricted “as necessary,” “an employer’s instructions cannot reduce private social life in the workplace to zero,” since the right to privacy does not necessarily depend on an individual’s reasonable expectations, and can be enjoyed in public and in the workplace, notwithstanding prohibitions and warnings given to the individual.  A fulsome balancing exercise was therefore required in cases such as these.

The Grand Chamber underlined that provided national courts undertake an adequate balancing exercise, they have some discretion as to the actual result (i.e. whether the employer’s or employee’s rights prevail in a given case).  Similar discretion is also enjoyed by national legislators and constitutions when setting underlying rules on workplace privacy, provided such rules – and a means to enforce them – are actually in place.

Nevertheless, the ruling states that workplace monitoring must always be limited to what is necessary for a legitimate purpose, and should be accompanied by a range of safeguards, normally including prior notice to employees – particularly when the content of communications is concerned.
Continue Reading New Ruling in European Employee Monitoring Case

The FTC recently announced that it reached a settlement with two social media influencers, Trevor Martin and Thomas Cassell, for deceptively endorsing their owned and operated online gambling service “CSGO Lotto” without disclosing that they were the owners of the site, as well as paying other well-known social media influencers to promote the site without requiring them to disclose the payments in their posts. In addition, the FTC issued warning letters to 21 out of the 90 social media influencers it had sent educational letters to earlier this year, citing specific social media posts that they felt still failed to “clearly and unambiguously” disclose a material connection between the influencers and the brands or products they were promoting. The letters asked them to respond in writing, by September 30th, advising staff of whether they do, in fact, have a material connection with the brands/products cited in the letters and, if so, describing how they will ensure such relationship is clearly disclosed going forward. Finally, the FTC updated its guidance on its official Endorsement Guidelines with additional examples featuring common social media advertising mechanisms such as Instagram, Snapchat, and Facebook.
Continue Reading FTC Reaches Settlement with Influencers; Issues Updated Guidance

Twenty years ago, the Supreme Court was faced with the question of whether a federal statute that imposed a content-based restriction on online speech violated the First Amendment. That case, Reno v. American Civil Liberties Union, marked the first instance in which the Supreme Court weighed in on the role of the Internet in the marketplace of ideas, and decided affirmatively that speech on the Internet is afforded protection under the First Amendment.

Over the course of the twenty years following Reno, the Internet has changed in size, shape, and substance. In 1997, about 40 million people used the Internet and “most colleges and universities,” “many corporations,” “many communities and local libraries,” and “an increasing number of storefront ‘computer coffee shops’” provided the public access to the Internet. Today, at least 280 million Americans use the Internet, 102 million U.S. households have in-home broadband Internet access, and 225 million Americans access the Internet through their mobile device. In 1997, popular uses of the Internet included e-mail, listservs, newsgroups, chatrooms, and the “World Wide Web” (which then consisted of around 100,000 websites), but today, social media dominates, with an estimated 81% percent of Americans participating.

Despite the seismic changes to the Internet since the Reno case was decided, the Court’s views on online speech have remained largely consistent, albeit more tailored to the times. Recently, in Packingham v. North Carolina, the Court struck down a content-neutral state law that restricted sex offenders’ access to “social networking” websites, finding that it violated the First Amendment. The significance of the Packingham opinion, particularly in its partial extension of Reno, goes beyond the four corners of the Court’s holding.Continue Reading Reno at 20: The Packingham Decision and the Supreme Court on Online Speech

On Monday, a panel of the Ninth Circuit unanimously ruled that Section 230 of the Communications Decency Act (“CDA”) protected Yelp from liability relating to an allegedly defamatory user-generated review.  In doing so, the Court rejected several attempts by the Plaintiff to plead around the CDA’s broad immunity provisions by
Continue Reading Ninth Circuit Upholds CDA Immunity Against Plaintiff’s Attempt to “Push[] the Envelope of Creative Pleading”

On May 12, 2016, EU Advocate General (“AG”) Manuel Campus Sanchez-Bordona issued an Opinion in Case C-582/14 Patrick Breyer v Germany, which is pending before the EU’s highest court (the Court of Justice).  The Court is not legally bound by this Opinion, but in practice often follows the opinions of its Advocate Generals in its rulings.  See here for the German language version; an English version is awaited.

The AG essentially considered that dynamic ‘IP’ addresses qualify as personal data, even if the website operator in question cannot identify the user behind the IP address, since the users’ internet access providers have data which, in connection with the IP address, can identify the users in question.

The AG went on to consider that the collection and use of IP address data, for the purpose of ensuring the functioning of the website, might be justified on the basis of the “balancing of legitimate interests” test under the EU Data Protection Directive 95/46/ EC (the “Directive”), notwithstanding more restrictive national rules in Germany.

If followed by the Court of Justice, the Opinion will have broad implications for EU data protection law, even the forthcoming General Data Protection Regulation (the “GDPR”).  In particular, the Opinion will be relevant for any industries that handle de-identified personal data, and re-confirms the limits that national legislators need to respect when deviating from EU-level data protection legislation.Continue Reading EU Advocate General Considers Dynamic IP Addresses To Be Personal Data

Senators Feinstein (D-CA) and Burr (R-NC) introduced legislation today that would impose reporting duties on entities that “obtain[] actual knowledge of any terrorist activity.”  The bill applies to entities “engaged in providing an electronic communication service or a remote computing service to the public,” which includes social media companies.  Those
Continue Reading Senators Introduce Online Terrorist Activity Reporting Bill

Meena Harris, a member of Covington’s Global Privacy and Data Security Practice Group, spoke with LXBN TV about the National Labor Relations Board’s recent ruling that two employees of a sports bar and restaurant were unlawfully discharged for their participation in a Facebook discussion criticizing their employer.  You can
Continue Reading Video: A Conversation with Covington about the Latest NLRB Facebook Case