A sample text widget

Etiam pulvinar consectetur dolor sed malesuada. Ut convallis euismod dolor nec pretium. Nunc ut tristique massa.

Nam sodales mi vitae dolor ullamcorper et vulputate enim accumsan. Morbi orci magna, tincidunt vitae molestie nec, molestie at mi. Nulla nulla lorem, suscipit in posuere in, interdum non magna.

Friends With Benefits (How Privacy Law Evolves for Social Media)

A few weeks ago I examined how copyright law — like most legal subjects dealing with technology — is lagging behind the fast-moving and disruptive changes wrought by social media to old legal rules for determining rights to Internet content. Part of my critique was that in deciding ownership of user-generated content (UGC), courts have not yet evaluated the difference between posting content “in the clear” and restricting content to “friends” or some other defined class far smaller than the entire Internet community.

Friends

Things may at last be getting a bit more settled. A New Jersey federal court ruled last Tuesday that non-public Facebook wall posts are covered by the federal Stored Communications Act (18 U.S.C. §§ 2701-12). The SCA, part of the broader Electronic Communications Privacy Act (18 U.S.C. §§ 2510 et seq.) that addresses both “the privacy expectations of citizens and the legitimate needs of law enforcement,” protects confidentiality of the contents of “electronic communication services,” providing criminal penalties and a civil remedy for unauthorized access. It’s a decades-old 1986 law that was enacted well before the commercial Internet and either email or social media had become ubiquitous. Yet by interpreting the statute, in light of its purpose, to apply to new technologies, District Judge William J. Martini has done Internet users, and common sense, a great service.

Plaintiff Deborah Ehling, a registered nurse, paramedic and president of her local EMT union — apparently a thorn in the side of her hospital employer for pursuing EPA and labor complaints as well — posted a comment to her Facebook wall implying that the paramedics who arrived on the scene of a shooting at the D.C. Holocaust museum should have let the shooter die. Unbeknownst to Ehling, a co-worker with whom she was Facebook friends had been taking screenshots of her profile page and sending them to a manager at Ehling’s hospital.

Ehling was temporarily suspended with pay and received a memo stating that the hospital was concerned that her comment reflected a deliberate disregard for patient safety. After an unsuccessful NLRB complaint based on labor law, Ehling’s federal lawsuit alleged that the hospital had violated the SCA by improperly accessing her Facebook wall post about the museum shooting, contending that her Facebook wall posts were covered by the law because she selected privacy settings limiting access to her Facebook page to her Facebook friends.

Judge Martini concluded that the SCA indeed applies to Facebook wall posts when a user has limited his or her privacy settings. He noted that “Facebook has customizable privacy settings that allow users to restrict access to their Facebook content. Access can be limited to the user’s Facebook friends, to particular groups or individuals, or to just the user.” Therefore, because the plaintiff selected privacy settings that limited access to her Facebook wall content only to friends and “did not add any MONOC [hospital] managers as Facebook friends,” she met the criteria for SCA-covered private communications.

Facebook wall posts that are configured to be private are, by definition, not accessible to the general public. The touchstone of the Electronic Communications Privacy Act is that it protects private information. The language of the statute makes clear that the statute’s purpose is to protect information that the communicator took steps to keep private. See 18 U.S.C. § 2511(2)(g)(i) (there is no protection for information that is “configured [to be] readily accessible to the general public”). [The] SCA confirms that information is protectable as long as the communicator actively restricts the public from accessing the information.

That’s a bold move by a jurist sensitive to the constraints on Congress, especially one as polarized as we have in America today. It reflects a willingness to adapt the law to changing technology by application of the basic principles and purposes of legislation, even if the statutory framework is old and its language somewhat archaic. As Judge Martini observed with a bit of consternation, “Despite the rapid evolution of computer and networking technology since the SCA’s adoption, its language has remained surprisingly static.” Thus, the “task of adapting the Act’s language to modern technology has fallen largely upon the courts.”

Continue reading Friends With Benefits (How Privacy Law Evolves for Social Media)

Schizophrenia On SocMedia

No, the title is not meant to imply a post about the privacy implications of mobile medical apps for psychotherapy. Instead, we’re taking a look at how the government acts at cross-purposes to itself when it comes to the oh-so-slow development of rules for new technologies and markets. The last few weeks have seen a couple of remarkable announcements, one from the FTC about digital advertising disclaimers and one from the SEC about corporate financial disclosures. Both were presented by the agencies as ways to enable use of social media by corporations — but instead just make things much harder, if not totally impracticable.

Two weeks ago, the Federal Trade Commission basically said “to heck” with form factor and responsive Web design by concluding that disclaimers, caveats and related mandatory advertising disclosures cannot be put into a popup window and must be in the same “conspicuous” format — font size and all — regardless of the device or medium. FTC .Com DisclosuresThe FDA had already cracked down on trailblazing pharma firms that tried Facebook advertisements on the same grounds. Both enforcement decisions demonstrate a complete lack of familiarity with new media and an inability to flexibly apply the principles of regulatory schemes to changing circumstances.

Even if, unlike advertiser contentions, potential “Do Not Track” mandates for Web browsing would not kill the Internet content industry, the FTC has signaled it is prepared unilaterally to dictate the size of social media ads in the guise of consumer protection. The old guidance allowed for “proximity” of disclosures — that is, disclosures that were “near, and when possible, on the same screen.” The new guidance places heightened emphasis on disclosures being clear and conspicuous to consumers across all platforms. The newly announced principle is that disclosures should be “as close as possible,” with short form disclosures such as hyperlinks or hashtags permitted only when their meaning is understood by consumers.

Check out this remarkable assertion, for instance:

If a disclosure is necessary to prevent an advertisement from being deceptive, unfair or otherwise violative of a Commission rule, and if it is not possible to make the disclosure clear and conspicuous, then either the claim should be modified so the disclosure is not necessary or the ad should not be disseminated. Moreover, if a particular platform does not provide an opportunity to make clear and conspicuous disclosures, it should not be used to disseminate advertisements that require such disclosures.

A second and related announcement came on Tuesday from the Securities & Exchange Commission. The SEC is the federal agency which pioneered use of Facebook and other social media services in the corporate realm by providing 2008 guidance that release of corporate earnings and other “material” financial information can permissibly utilize social media. Yet now the same agency — after a fruitless investigation of Netflix CEO Reed Hastings for an innocuous Facebook post — says that companies may treat social media as legitimate outlets for communication, much like corporate Web sites or the agency’s own public filing system called Edgar, but first have to make clear which Twitter feeds or Facebook pages will serve as potential outlets for announcements.

It is difficult to reconcile these new regulatory positions with the objectives the agencies articulate. The SEC says it believes that “company disclosures should be more readily available to investors in a variety of locations and formats to facilitate investor access to that information,” but its actions only serve to make the choice of location and format more rigid, and with fines a potential consequence for those pursuing flexibility.  Almost any lawyer counseling public company clients today will advise that financial information that in the future could be considered material by the SEC must be constrained to an official, designated Web page. So much for tweets, Facebook and other real-time forums, they’re just too risky — even though Hastings survived unscathed. The correct approach for the vast majority of the 13,000+ public companies in the U.S. is to steer clear of social media, at least for now, because the downside is simply too great.

Coming from a government that professes to want to encourage broader use of these new media, that’s classic bi-polarism, obviously not in a happy phase.

Note: Originally written for and reposted with permission of my law firm’s Information Intersection blog.

 

When World Views Collide: Social Media And the SEC

Yesterday the U.S. Securities & Exchange Commission did something routine. It issued a so-called “Wells-notice” against a company, charging the firm preliminarily with releasing confidential financial information to a select portion of the market, instead of publicly to all investors as required by Reg FD (“fair disclosure”). What is remarkable, and potentially troubling, is that the basis for the charge was a short social media message by Netflix CEO Reed Hastings, reposted on the company’s public Facebook page.

As Law360 explained:

Netflix Inc. and its CEO Reed Hastings could face action by the SEC over Hastings’ July post revealing that Netflix members had watched more than one billion hours that month, the online video service said in a regulatory filing Thursday. Netflix and Hastings received a Wells notice on Wednesday that said the company could face either a cease-and-desist or civil injunctive suit for fair-disclosure violations allegedly prompted by the posting on the social networking site, according to an SEC filing by Netflix.

The juxaposition of a good-intentioned securities regulation and the disruptive impact of new technology could not be clearer. In his post, Hastings congratulated the Netflix team for a job well done in early July, noting the one billion hours of video delivered to subscribers the previous month. The message was just 43 words. In the usual social media fashion, the post was forwarded by his followers. Bloggers picked up on it. Media reports cited it.

So what’s the deal? Technically, Netflix had not filed an “8K” update with that data at the SEC nor issued a traditional press release. But the company had revealed the 1B streaming hours in its public blog well before the CEO’s Facebook post. And in 2008, the SEC became the first federal agency to recognize the growing communications functions of blogs by issuing landmark guidance saying that corporate use of blogs for release of material financial information would satisfy Reg FD.

Reed Hastings Facebook page

In this context, the action against Hastings seems to make little sense. Even if the prior blog post had not disclosed the 1B figure adequately, Hastings’ post was open to more than 200,000 followers of his Facebook page, could be “subscribed” by anyone (“friends” or not) and was widely and immediately disseminated, both in social and traditional media. Had Hastings done this via a Twitter DM (direct message) or a private Facebook message to one or more individual friends, that would be completely different. But his post was public and thoroughly publicized.

That’s the precise purpose of Reg FD. But the SEC’s Wells notice illustrates that even government agencies that “get it” technically are often trapped in outmoded world views. It’s one thing for a public company CEO to post messages about financial performance on financial chat rooms and lists, under a pseudonym, to pump up trading volume artificially. It’s quite another for bureaucrats to decide that unless one uses the obsolescent technology of the past, public disclosures are inadequate. Would the SEC also suggest that a webinar, rather than telephonic conference call, is insufficient under Reg FD when announcing earnings guidance because not all investors have broadband Web access? That is hardly a sensible result.

We’ve written a lot in this blog about social media policies and how to reduce enterprise legal exposure. The irony of the Netflix case is that a company and executive who seem to have had a valid policy and followed the government’s own guidelines for use of social media has been targeted in a possible enforcement action nonetheless. That raises the spectre, which numerous commentators noted in connection with more a recent SEC alert on social media usage by investment advisors, that vague agency guidelines may lead to policy making by criminal complaint, rather than rules of general applicability. If that is the case with regard to blogs and Facebook as mechanisms for Reg FD compliant disclosures, there’s an equally great risk that these new modes of communication and interaction will be rendered impotent for corporate purposes due to the unknown scope of potential SEC exposure. That’s a bad result which everyone should hope we do not reach.


Note:
 Originally written for and reposted with permission of my law firm’s Information Intersection blog.

 

Twitter Digest For Week of 07-02-2012

Twitter

 

Twitter Digest For Week of 06-25-2012

Twitter

 

Twitter Digest For Week of 06-18-2012

Twitter

 

Twitter Digest For Week of 06-11-2012

Twitter

 

Twitter Digest For Week of 06-04-2012

Twitter

 

Twitter Digest For Week of 05-28-2012

Twitter

 

Twitter Digest For Week of 05-21-2012

Twitter