Technology Law Source

Archives: Social Media

Subscribe to Social Media RSS Feed

Are you a criminal because you share your Netflix password?

The United States Court of Appeals for the 9th Circuit continues to decide high profile cases that interpret the key provisions of the Computer Fraud and Abuse Act (CFAA). This post summarizes two July decisions from the court—one that sent the internet into a frenzy, and one that somewhat assuaged those fears.

Overview of the CFAA

The CFAA’s deceptively-simple statutory scheme and language have proved difficult to apply in practice some 30 years after it was enacted. The CFAA creates criminal and civil liability for whoever “intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains . . . information from any protected computer.” 18 U.S.C. § 1030(a)(2)(C). “The statute thus provides two ways of committing the crime of improperly accessing a protected computer: (1) obtaining access without authorization; and (2) obtaining access with authorization but then using that access improperly.” Musacchio v. United States, 136 S. Ct. 709, 713 (2016). The CFAA provides a private right of action for “[a]ny person who suffers damage or loss by reason of a violation of this section.” 18 U.S.C. § 1030(g).…

Harmless rap or dangerous threat? The question that has Chief Justice Roberts quoting Eminem.

If I look you in the eye and tell you with a flick of my wrist I will slit your throat, you will likely call the police and have me arrested. If I threaten to kill my co-workers, or plant a bomb in a kindergarten class, or shoot my spouse, I will lose my job, my marriage and my freedom. But, if I make those same egregious threats in the form of a rhyme and post them on Facebook it is “artistic expression” and protected free speech.

That is the basis of the argument Anthony Elonis made to the U.S. Supreme Court in a ground-breaking case that is the Court’s first examination of the limits of free speech on social media. Oral arguments were heard Dec. 3, 2014, and a decision is expected by the end of June. That decision will have far-reaching implications, not just for battered spouses, but for employers who want to fire an employee who uses social media to harass and threaten co-workers.

Not long after his estranged wife persuaded a judge to issue a protective order against him, Elonis posted this message to his Facebook page: “Fold up your PFA (protection-from-abuse order) and put it in your pocket. Is it thick enough to stop a bullet?”…

Court considers the role of social media in class action cases

Our colleagues at the Employer Law Report blog report that Gawker Media LLC has asked a district court to limit plaintiff’s use of social media for providing notice of a class action lawsuit to potential class members. With concerns about maintaining objectivity and the possibility that plaintiff’s complaints could go viral,  the case presents a new frontier for class action notification, and could have an impact on group sizes, public awareness and impartiality. Read the complete article.…

Ad agencies: If you want to say something nice, don’t not say anything at all (about your relationship with the company or product you are praising)

As we discussed previously, the Federal Trade Commission’s Endorsement Guides apply not only to bloggers who receive promotional merchandise, but also to contest promotions and corporate social media advertising. A recent FTC action confirms that advertising agency staffers cannot casually tweet nice things about their clients without disclosing their relationship. The FTC finalized a consent order with Sony Computer Entertainment America LLC (“Sony”) earlier this month regarding charges that it deceived consumers with false advertising claims about the “game changing” technological features of its PlayStation Vita handheld gaming console during its U.S. launch campaign in late 2011 and early 2012. The FTC’s complaint against Sony charges that some of the claims made by Sony regarding the PS Vita’s “cross platform gaming” or “cross-save” feature were misleading. As part of its settlement with the FTC, Sony is barred from making similarly misleading advertising claims in the future, and will provide consumers who bought a PS Vita gaming console before June 1, 2012, either a $25 cash or credit refund, or a $50 merchandise voucher for select video games and/or services.…

Take steps to protect your privacy this shopping season

The holiday season is upon us and by the end of the year, Americans will have spent approximately $600 billion shopping in stores and online. By now, most consumers are aware of a broad range of risks associated with the holidays. We try not to leave packages in our cars in the mall parking lot, and we are careful with our credit card information. We have learned, sadly, how to spot charity scams. And even though it is sometimes tempting, we generally adhere to the warning that “if something looks too good to be true, it probably is.”

In all this — assuming we are not too exhausted from baking cookies, decorating the house and attending countless holiday parties — we may notice that we’re receiving coupons after looking at a company’s website. Or a catalog arrives in the mail after visiting a store, which seems odd because we barely walked through the door and never gave anyone an address. And our favorite social media site keeps showing that purse, watch or power tool we’ve been thinking about buying.…

Privacy law in the U.S. and Europe: University of Amsterdam Summer Course explores current issues

On July 7-11, 2014, a group of 25 privacy lawyers met in a historic building overlooking the Keizersgracht, one of Amsterdam’s most beautiful canals, and spent five days learning about U.S. privacy law, European data protection law, and the complex interactions between them. The setting was the Summer Course on Privacy Law and Policy, presented by the University of Amsterdam’s Institute for Information Law (IViR), one of the largest information law research centers in the world. Course faculty included leading practitioners, regulators and academics from both sides of the Atlantic. Course participants came from an even wider geographic area that included Hungary, Greece, Poland, the Netherlands, Hong Kong, Kyrgyzstan, Switzerland, the UK, Belgium and Canada. I was lucky enough to serve as a co-organizer of, and faculty member in, the course. In this post, I describe presentation highlights and identify some cross-cutting themes that emerged during the week.

Dr. Kristina Irion, Marie Curie Fellow at IViR (and the other course organizer) started the course with “An Update on European Data Protection Law and Policy.” The Summer Course does not try to cover every aspect of privacy law. Instead, it focuses on law and policy related to the Internet, electronic communications, and online and social media. In her presentation, Irion analyzed the latest European legal and policy developments in these areas. The most important such development is the proposed General Data Protection Regulation (GDPR) — a major reform proposal that several of the faculty presenters believe will become law …

LinkedIn class suit proceeds because endorsement (spam) emails might cause users reputational harm

Have you ever received an email from LinkedIn with the invitation: “I’d like to add you to my professional network.”? If you did not respond, did you receive a reminder email a week later? And another one a few weeks after that? If you did, or if you were one of the LinkedIn users who (inadvertently) sent out one of these “endorsement emails,” then Perkins v. LinkedIn (N.D. Ca. June 14, 2014) is a class action lawsuit against LinkedIn you might want to keep an eye on.

The crux of the complaint, which has been brought by nine individual plaintiffs as a class suit, is that LinkedIn violated several state and federal laws by harvesting email addresses from the contact lists of email accounts associated with the class plaintiffs’ LinkedIn accounts and used the contacts to spam their users’ contacts with LinkedIn ads. The class complaint alleged five causes of action:

  1. violation of California’s common law right of publicity;
  2. violation of California’s Unfair Competition Law (“UCL”);
  3. violation of the Stored Communications Act (“SCA”);
  4. violation of the Wiretap Act; and
  5. violation of California’s Comprehensive Data Access and Fraud Act (“CCDAFC”).

The district court is allowing the case to proceed on the California right of publicity claim, but not on any others. Here is how the court came to that decision.…

Hashtag promotions could spell #trouble with FTC Endorsement Guides

The Federal Trade Commission’s Division of Advertising Practices has recently finalized its investigation into Cole Haan’s “Wandering Shoe” contest wherein contestants could enter the contest by creating Pinterest boards titled “Wandering Sole” and including five shoe images from Cole Haan’s Wander Sole Pinterest Board as well as five images of contestants’ “favorite places to wander.” Contestants also were instructed to use #WanderingSole in each pin description. The contestant with the most creative entry would, under the contest rules, be awarded a $1,000 shopping spree from Cole Haan.

In its investigation closing letter, the FTC stated that it believes “that participants’ pins featuring Cole Haan products were endorsements of the Cole Haan products, and the fact that the pins were incentivized by the opportunity to win a $1,000 spree would not reasonably be expected by consumers who saw the pins.” The FTC also stated that “Cole Haan did not instruct contestants to label their pins and Pinterest boards to make it clear that they had pinned Cole Haan products as part of a contest” and that the #WanderingSole hashtag did not adequately communicate “the financial incentive—a material connection—between contestants and Cole Haan.”…

Facebook updates policy regarding remembering loved ones, which begs the question: Is legislation over digital assets necessary or inevitable?

A few days after we posted “Facebook’s ‘Look Back’ videos send reminder: Get digital accounts in order before death,” which provided guidance to digital account users on how to make plans for their digital accounts before death, Facebook announced a policy change regarding how it would maintain the profiles of its users who have passed away in an effort to better preserve their legacies on the site.

As we explained in the post, before the change, when a user’s account was memorialized, the profile was restricted to “friends” only. This precluded anyone who was not a “friend” of the user from seeing or commenting on the profile. With Facebook’s new change, which became effective Feb. 21, 2014, Facebook will now maintain the visibility of the user’s content as-is, which will allow people to view the memorialized profiles in the same manner consistent with the user’s privacy settings.

The reason, as Facebook explained: “We are respecting the choices a person made in life while giving their extended community of family and friends ongoing visibility to the same content they could always see.” This means that if a user’s profile was publicly visible before death, it will remain that way after death. This gives Facebook user another reason to stay on top of Facebook’s privacy settings and adjust accordingly.

Facebook also announced that it will share the Look Back video of a loved one, which it created for users as part of its 10th Anniversary, upon a proper submission …

Facebook’s “Look Back” videos send reminder: Get digital accounts in order before death

To celebrate its 10th anniversary, Facebook created a “Look Back” video for each of its users. A father mourning the loss of his recently-deceased son uploaded a video of himself to YouTube pleading with Mark Zukerberg and Facebook to see his son’s video. The father deemed his request a “shot in the dark,” but Facebook answered and informed the father it was creating a memorial video for his deceased son.

The same day I read about this, I had a reminder on my Facebook homepage reminding me to say “Happy Birthday” to one of my Facebook friends. Unfortunately, that friend passed away a few weeks ago, and the would-be-friendly Facebook reminder ended up being a painful one.

This got me thinking, with well over a million Facebook accounts, not to mention all the other social media accounts, belonging to deceased individuals, it might be a good time to remind digital account users what they can do during their lives to better manage their social media and other digital accounts after death. There is a lot of valuable information on these social media and other digital accounts, some sentimental, some emotional and some even commercial. The digital content ranges from a user’s photographs, videos, credit card information, payroll accounts (like PayPal), and as demonstrated by Facebook’s Look Back video, can be a time capsule of sorts. There are a few things to consider in navigating this area. First, are the terms of use policies of the individual custodians of digital information. …

A Trans-Atlantic exploration of emerging privacy law and policy issues

This past summer, the University of Amsterdam launched a new, week-long Privacy Law and Policy Summer Course related to the Internet, electronic communications, and online and social media. Course faculty included European and U.S. academics, European regulators and the head of the global privacy law practice at an international law firm, among others. Course participants consisted of 25 legal practitioners and post-graduate researchers from the Netherlands, Spain, Italy, Slovakia, the United States, Japan, Brazil, Kenya and other countries. I was lucky enough to serve as a co-organizer and faculty member for the course.

Taken together, the nine mini-seminars that constituted the backbone of the course provide a snapshot of developments in privacy law and policy in Europe and in the United States, and how they relate to one another. This should be of interest to U.S. lawyers and others who work in the areas of privacy law, compliance and management. What follows is a brief description of some key takeaways from the week, and an attempt to pull them together into a broader perspective.

Doing business over the Internet

Daniel Cooper, head of the Global Privacy Practice at Covington & Burling, discussed emerging legal and policy challenges facing European companies that seek to do business over the Internet. Cooper’s comprehensive presentation stressed that companies face a wide array of matters, including privacy issues related to online behavioral advertising and business use of social media, facial recognition technology, mobile apps, and big data. The 1995 Data Protection Directive pre-dates these technological …

Key e-discovery cases in September

Here are my thoughts on key e-discovery cases decided in September, including a decision showing how a company can defensibly delete data that it no longer needs, the recent case “trend” of courts requiring the disclosure of the sources and search terms used to find discoverable ESI, and a couple of cases addressing the issue of “possession, custody and control,” one involving a parent-subsidiary relationship and the other involving the personal computers and electronic devices of former and current employees.


In re Pradaxa (Dabigatran Etexilate) Product Liability Litigation, MDL No. 2385 (S.D. Ill. Sept. 25, 2013). As discussed in more detail here, the trial court denied the plaintiffs’ motion for spoliation of the emails and documents held by the defendant’s former vice president of marketing because the court found that the defendant properly destroyed the emails and documents pursuant to its document retention policies.…

Key e-discovery cases in August

In addition to the posting of the proposed discovery amendments to the Federal Rules of Civil Procedure for public comment, August was packed with a number of interesting e-discovery decisions. Here are my thoughts on key e-discovery cases decided last month, including another spoliation blockbuster from Judge Shira Scheindlin and rulings on e-discovery costs, search terms, proportionality and privacy.


Sekisui American Corp. v. Hart, No. 12 Civ. 3479 (S.D.N.Y. Aug. 15, 2013). Judge Scheindlin considered the “appropriate penalty for a party that — with full knowledge of the likelihood of litigation — intentionally and permanently destroyed the email files of several key players.” Based on Judge Scheindlin’s analysis of the facts, she reversed the magistrate judge’s order declining to award sanctions and instead ordered that an adverse jury instruction be given at trial.

The most notable part of the decision was that it was issued on the same day the public comment period opened for the proposed discovery amendments and Judge Scheindlin included a footnote openly disagreeing with the proposed changes to Rule 37(e). She stated: “I do not agree that the burden to prove prejudice from missing evidence lost as a result of willful or intentional misconduct should fall on the innocent party. Furthermore, imposing sanctions only where evidence is destroyed willfully or in bad faith creates perverse incentives and encourages sloppy behavior. Under the proposed rule, parties who destroy evidence cannot be sanctioned (although they can be subject to ‘remedial curative measures’) even if they were …

Facebook eases requirements for sweeps and contest promotions

For many years, we have been advising our clients that, in addition to the laws addressing sweepstakes and contest promotions, they must also be aware of the Facebook’s promotion guidelines if they wished to link their sweepstakes promotion to the company Facebook presence. While that remains true, Facebook has now made it much easier for companies to run promotions through Facebook. Prior to Facebook changing the terms of their guidelines on Aug. 27, promotions were not allowed to be run directly through Facebook or Facebook’s functionality. Instead, running a contest or sweepstakes promotion required companies to use a third-party (or in-house created) application run on Facebook’s platform. Facebook posted an announcement of the changes which also explained some of the remaining limitations (such as prohibitions in the new guidelines against encouraging inaccurate tagging for purposes of a promotion). The amended guidelines also include certain other requirements with respect to clarifications that Facebook is not a sponsor of and does not endorse the promotion and a release of Facebook from all liability.

Whether a company would be wise to take advantage of this new freedom depends in part on a number of factors — including the nature and complexity of the promotion, the notoriety of the particular company and anticipated participation. It may prove extremely difficult to reasonably and fairly sort through thousands of entries without running them through some kind of application in order to verify, count, review or otherwise manage the entries. Further, running the promotion directly through Facebook …

Subpoenas seeking identifying information and login data associated with email addresses did not violate First Amendment or privacy rights

A federal court in California has held that subpoenas served on Google and Yahoo! seeking the subscriber and usage information associated with 68 email addresses did not infringe on the subscribers’ First Amendment rights or their right to privacy. Chevron Corp v. Donziger, No. 12-mc-80237 (N.D. Cal. Aug. 22, 2013). The subpoenas also did not violate the Stored Communications Act (SCA). According to the court, the subscribers “vastly overestimate[d] the amount of legal protection accorded to the subscriber and usage information associated with their email addresses.” Chevron, slip op. at 32.

The court reasoned that:

Although the [subscribers] may believe that using their email addresses will protect their identities, that belief is simply not reflected by the reality of the world we live in. Email addresses are labels we voluntarily present to the outside world, through which we allow the world to contact us, and in that way identify us.

Id. at 14.

The court’s decision is a reminder of how much information is being collected and stored electronically about a subscriber each time that person establishes and logs into an internet account — whether that account is webmail, a social media site or a customer profile — and how that information may become discoverable and accessed years later during litigation. It also shows how valuable metadata can be not only to internet marketers and service providers but also to litigants.…

Court finds non-public facebook posts are covered by the stored communications act — but not posts produced by a user’s frenemy

As long as there has been Facebook, attorneys have been scratching their heads asking whether Facebook posts fall under the purview of the Federal Stored Communications Act (“SCA”).  In Ehling v. Monmouth-Ocean Hospital Service Corp., No. 2:11-cv-03305 (WJM) (D.N.J. Aug 20, 2013) the District Court for the State of New Jersey gave us its opinion by holding that non-public Facebook posts, which are configured to be private are indeed covered under the SCA because they are:

  •  electronic communications;
  • transmitted via an electronic communication service;
  • in electronic storage; and
  • not accessible to the general public.

Even though the posts were covered under the SCA, the court went on to find that the “authorized user” exception — one of two exceptions to the SCA — applied and held there was no violation of the SCA, or of Facebook user’s privacy, when the Facebook posts were accessed.  Here’s how the case played out in more detail.…

Court denies employer’s access to social media posts in FLSA collective action and sends warning: If you want access to social media, come with both barrels loaded … leave the water gun at home

A federal court has denied a defendant-employer’s request that plaintiffs sift through and turn over all their social media posts made during their work hours in an FLSA collective action in which the plaintiffs claim their employer failed to give them meal breaks. How did that happen? I thought you’d never ask.

By way of background, Jewell v. Aaron’s Inc., is a nationwide,1,700+ FLSA collective action pending in the Northern District of Georgia. In the suit (Complaint accessible here), the class plaintiffs (current and former employees of Aaron’s) claim they were not paid for their 30-minute meal periods. As you might imagine, with that many plaintiffs discovery has been difficult. So with that, the parties got creative. They were able to work together to narrow the issues and determined that of the 1,700+ class members, discovery would only be served and responded to by 87 of the opt-in plaintiffs (the “Discovery Plaintiffs”). I won’t go into all the details about that discovery (you may read the Defendant’s Memorandum in Support of Motion for Court Approval of Discovery Request to a Small Number of Randomly-Selected Opt-In Plaintiffs here), because I want to focus on the social media portion of the discovery dispute.

Specifically, in one request for production, Aaron’s asked the Discovery Plaintiffs to produce:

“All documents, statements, or any activity available that you posted on any internet Web site or Web page, including, but not limited to Facebook, MySpace, LinkedIn, Twitter, or a blog from 2009 to the …

Ohio federal court permits case alleging employer’s accessing of former employee’s personal emails to proceed

When we think about the issues that employers have been struggling with relating to employee use of personal mobile devices for work, thoughts of data security, trade secret protection, record retention, and even FLSA compliance immediately come to mind — or at least my mind. But, I bet you wouldn’t anticipate what allegedly happened in Lazette v. Kulmatycki, a case decided by the federal court in the Northern District of Ohio on June 5, 2013. In Lazette, the plaintiff alleged that, after plaintiff left her employment, she returned her company-issued BlackBerry (which she used and refers to in her complaint as her “phone”), but did not have the phone wiped. The phone apparently ended up in the clutches of her former supervisor, who, during the ensuing 18 months, allegedly read without her knowledge or authorization 48,000 emails sent to her personal Gmail account. In addition, the plaintiff alleged that the supervisor disclosed the contents of some of the emails to others.

Apparently among the contents of the accessed emails were communications about the plaintiff’s family, career, financials, health and other personal matters. Amazingly, according to the decision, the plaintiff’s former employer, who also was sued, admitted that the supervisor was acting within the scope of his employment and in furtherance of the employer’s interests when he accessed plaintiff’s personal emails. The plaintiff filed a complaint raising five claims:…

SEC updates: Staying ahead of the regulatory curve

Our colleagues on the Federal Securities Law Blog have been tracking new and updated SEC regulations that are likely to have an impact on your business now and in the near future. The compilation of articles in their most recent eBook — SEC Updates: Staying Ahead of the Regulatory Curve — discuss three important SEC regulatory changes: whether companies that use social media to communicate with investors are complying with Regulation Fair Disclosure, compensation committee rules, and conflict minerals reporting.

Download the SEC Updates: Staying Ahead of the Regulatory Curve eBook.…

Facebook introduces Instagram video that promises new social media headaches for corporations

Recently our sister blog The Employer Law Report told you about Vine, a mobile video application owned by Twitter that allows users to capture and share short looping six-second videos on Twitter. The app will no doubt cause corporations more social media headaches as employees start recording Vine workplace videos — especially with 13 million users since the app was rolled out five months ago.

Now, Facebook has followed suit and introduced its own short-video service that is built into Instagram, the photo-sharing app that Facebook acquired last year. (Facebook also rolled out support for hashtags, which were pioneered by and are a staple of Twitter.)…

Court uses “Traditional Relevance Analysis” to order production of plaintiff-employee’s social media postings on emotional distress and alternative potential stressors

In an ADA employment discrimination case, a federal court recently denied a defendant’s request to compel the plaintiff to provide authorizations for all of her social media accounts, but still ordered the production of any social media postings relevant to the plaintiff’s claimed emotional distress damages. See Giacchetto-v-Patchogue-MedfordUnion, No. CV 11-6323 (E.D.N.Y. May 6, 2013). The court followed the approach taken in Howell v. Buckeye Ranch, Inc., No. 11-CV-1014 (S.D. Ohio Oct. 2012), and applied a “traditional relevance analysis,” stating “[t]he fact that Defendant is seeking social networking information as opposed to traditional discovery materials does not change the Court’s analysis.” Giacchetto, slip op. at 3.

In reaching its result, the court rejected the approach taken by some federal courts that the private section of a Facebook account is discoverable only if the party seeking the information can make a threshold evidentiary showing that a plaintiff’s public Facebook profile contains information that undermines her claims. According to the court, this approach can be too broad because “a plaintiff should not be required to turn over the private section of his or her Facebook profile (which may or may not contain relevant information) merely because the public section undermines the plaintiff’s claims.” Id. at 3 n. 1. This approach also can be too narrow because “a plaintiff should be required to review the private section and produce any relevant information, regardless of what is reflected in the public section.” Id. “The Federal Rules of Civil Procedure do not require a …

Porter Wright announces four-part seminar series on trending technology, privacy and security issues

On June 19, Porter Wright launches its four-part seminar series covering technology topics at the forefront of today’s businesses. Technology Law Source will continue to cover these topics in future blog posts, including navigating through U.S. and international laws, regulations and standards.

The seminar series comprises:

Social Media in the Law: Learn It and Use It, or Get Out of the Way June 19 Social media has forever altered how we share and collect information about friends and colleagues as well as people outside our professional or personal circles. And this sea change hasn’t applied solely to our personal lives — businesses have been in the mix almost since day one. But have business leaders considered the ramifications of their companies’ social media activity? Porter Wright attorneys Sara Jodka, Colleen Marshall, and Erin Siegfried discuss workplace social media policies that conform with recent NLRB decisions, conducting legally sound social media background checks, termination based on social media activity, ownership of social media content, duty to preserve, and the potential dangers of conducting fair disclosure through social media.…

Benchbook for U.S. District Court judges adds new section on e-discovery and jury instructions for jurors’ use of social media and electronic devices

The Federal Judicial Center recently published the Sixth Edition of the Benchbook for U.S. District Court Judges. For the first time, the Benchbook includes a section on civil case management, including how to address e-discovery issues. The Benchbook also adds new jury instructions regarding the use of social media and electronic devices by jurors during trials.

The updated Benchbook reflects the impact that technology and e-discovery are having on pretrial litigation and trials. Although the current draft amendments to the Federal Rules of Civil Procedure are still a ways off from being approved, the Benchbook has included recommendations for addressing e-discovery issues which incorporate key concepts found in those draft amendments as well as in existing local federal court initiatives.…

Facebook Posts Not “Solicitation” Under Former Employee’s Restrictive Covenant Agreement

Describing it as a “rather novel issue,” a federal court recently held that a former employee’s public posts on his personal Facebook page did not constitute solicitation of his former co-workers under the terms of his non-solicitation agreement with his former employer. [See Pre-Paid Legal Services, Inc. v. Cahill, No. 12-CV-346, Doc. 31 (Jan. 22, 2013), Report and Recommendation affirmed and adopted, Doc. 32 (Feb. 12, 2013)] The court further noted that invitations sent to former co-workers to join Twitter were not solicitations under the agreement because the invitations did not request the co-workers to “follow” the former employee, they did not contain any information about the new employer, and they were sent by Twitter instead of as targeted email blasts by the former employee.

Though the court found that the former employee’s social networking activities did not constitute solicitation under his agreement, it did enter a preliminary injunction against the former employee based on his direct solicitation of one of his former co-workers through a private in-person meeting and follow up text messages sent to the co-worker. The court entered the injunction until the issues could be presented to an arbitrator pursuant to the parties’ arbitration agreement.…