Posted on

Self-Regulatory Online Behavioral Advertising Principle No. 3: Consumer Control

Last month we promised to provide you with a bit more detail regarding each of the self-regulatory principles that form the basis of the Self-Regulatory Online Behavioral Advertising Principles, announced by the Association of Advertising Agencies, the Association of National Advertisers, the Direct Marketing Association, and the Interactive Advertising Bureau, in concert with the Council of Better Business Bureaus. The principles are intended to provide a framework for industry participants to adopt, implement and adhere to standards of conduct applicable to their online behavioral advertising practices. Seven basic principles are contained in the report, and Legal Bytes is briefly summarizing each one, although we urge you to read the full report.

We previously reported on the Education and Transparency principles; those links in the outline below will take you to the summaries, or you can read the overview posted when we reported on the initial release of the Self-Regulatory Online Behavioral Advertising Principles.

For reference, here are the seven enumerated principles:

Today, Keri S. Bruce highlights the Consumer Control principle that relates to the practice recommended by the report of providing consumers with additional control over whether data is collected about them and whether it is shared with others. The principle applies to third parties that collect or use behavioral advertising data and the websites from which the data is collected. The principle also applies to “service providers” (i.e., parties that provide Internet access services, toolbars, Internet browsers or comparable services, and who are engaged in online behavioral advertising). Through notices that are described under the Transparency principle, with respect to third parties and websites, consumers should be able to control the use and collection of their personally identifiable information by opting-out of having data collected or shared with non-affiliate websites. With respect to service providers, because they potentially can, by the nature of the services they provide, gain access to all or substantially all online behavioral data of a particular user when that user is online with or through the service provider, the Consumer Control principle requires industry participants to follow practices that require consumers to opt-in to data collection for online behavioral advertising purposes by the service provider. Further, even after consent is given, service providers must provide a means for the consumer to withdraw her or his consent.

Thanks to Keri S. Bruce for her analysis. For further information, you can also call me or the Rimon attorney you regularly work with. Stay tuned for summaries of the remaining principles.

Posted on

Self-Regulatory Online Behavioral Advertising Principle No. 2: Transparency

Last month, Legal Bytes reported to you that the Association of Advertising Agencies, the Association of National Advertisers, the Direct Marketing Association, and the Interactive Advertising Bureau, in concert with the Council of Better Business Bureaus, released its Self-Regulatory Online Behavioral Advertising Principles. As reported, the major participants in the online advertising industry have proposed to apply these principles to their practices related to online behavioral advertising: “the collection of data from a particular computer or device regarding Web viewing behaviors over time and across non-Affiliate Web sites for the purpose of using such data to predict user preferences or interests to deliver advertising to that computer or device based on the preferences or interests inferred from such Web viewing behaviors.”

We promised to provide you with a bit more detail regarding each of these principles. We previously reported on Education, and today we summarize Transparency. As we go through each one, we’ll use the outline below to enable you to link to all the prior principles covered in Legal Bytes, while highlighting the one covered today. The seven enumerated principles are:

  • Education
  • Transparency
  • Consumer Control
  • Data Security
  • Material Changes
  • Sensitive Data
  • Accountability

The Transparency principle seeks clear and accessible consumer disclosures regarding the type of data collected and how the data will be used to conduct behavioral advertising. Because behavioral advertising is often conducted by third-party advertising networks that lease space on a website, the principle applies to both third-party entities collecting and/or using the data, and the websites from which such data is being collected. Under this principle, these parties would provide “enhanced notice” on the page where data is collected through links embedded in or around advertisements, or on the web page itself. Customers will have the ability to read these notices and use the information to enable themselves to take control over the use of their personal information, choosing whether they would like to permit their information to be used for online behavioral advertising purposes.

Thanks to Amy S. Mushahwar for her analysis. Stay tuned for summaries of each of the remaining principles.

Posted on

Court Orders Google to Turn Over Blogger Identity Information

Earlier this week, New York State Supreme Court Judge Joan Madden ordered Google to turn over account information about an anonymous blogger to model Liskula Cohen in order to enable her to pursue a claim of defamation. The blogger had used Google’s blogging service to create a blog entitled “Skanks in NYC,” and had posted pictures and references to the model that were anything but flattering, and which, she claimed, lost potential opportunities for her. When Ms. Cohen originally sought to find out who had posted the content, predictably Google resisted, maintaining that its privacy policy does not permit the disclosure of the blogger’s account information.

To put this in perspective, the protection of free speech—especially anonymous speech—is a concept in American jurisprudence and history that traces its roots to Thomas Payne’s pamphlet, Common Sense. First published in 1776, it anonymously challenged the authority of Great Britain in the New World and is widely regarded as the first work to openly ask for independence for the Colonies from Britain.

Since then, state courts have varied on just how wide those rights go and for what purposes protection is appropriate. Although I am hardly a First Amendment lawyer or a Constitutional scholar, the legal issue still seems simple. If the speaker—anonymous or not—is expressing ideas or an opinion or belief, he or she is more likely to enjoy protection. While there are limitations on freedom of expression (e.g., yelling “fire” in a crowded theater), political expression has typically enjoyed greater protection than “commercial” speech—one being fundamental to a society’s encouragement of the free flow of ideas, the other designed to promote a product, service or brand in a free market economy. On the other side of the spectrum and generally not protected, would be public expressions that are clearly and solely intended to hurt someone, where actual harm can be shown from intentional or malicious public expression or, as was determined by the New York court here, where an illegal act was or was likely to have been committed—in this case, defamation.

While it is difficult to pinpoint a single factor that will always favor protection, anonymity is a strong legal shield U.S. jurisprudence holds dear to protect individuals from the potential swords of those in power, or from anyone who might seek to stifle dissent or ideas that might be unpopular. For example, in 2005, a blogger who ranted against a politician, accusing him of “obvious mental deterioration,” was ultimately protected by the Delaware Supreme Court expressing concern over the potential “chilling effect” on anonymous speech. The blogger in this case was referring to a politician, and the court ruled that in order to justify revealing the identity of an anonymous blogger, the plaintiff must provide evidence sufficient to all the elements of the claim if the case were to go to trial. Because the court concluded no reasonable person would believe the blogger’s statements to be factual, no action for defamation could be sustained, and the court dismissed the case. You can read the Delaware Supreme Court’s decision in full right here, but clearly for bloggers, this represented a significant landmark and affirmation of the substantial protection afforded anonymous posting.

In a subsequent 2008 case, a Maryland Court of Appeals decision (Independent Newspapers, Inc. v. Zebulon J. Brodie) similarly concluded that anonymous posts should be protected, and set out an approach first detailed in a New Jersey case (Dendrite Int’l, Inc. v. John Doe No. 3) describing the steps judges should take in deciding whether to compel disclosure of anonymous online speakers in cases that come along in the future.

Unlike the previous cases, and potentially distinguishing this case, is the fact that the blogger here targeted Ms. Cohen intentionally, exclusively, and individually; and while the defendant argued the postings were just “trash talk” and only opinion, Judge Madden noted that if Ms. Cohen could prove the blogger’s statements were factually inaccurate, it would refute the argument that the posts were merely opinion and would support a legal claim of defamation.

As we have previously noted in Legal Bytes in articles describing the FTC’s efforts to regulate the blogosphere, and in presentations we have made, it is clear that online speech is coming under increased scrutiny, and that regulators and courts appear to nibbling away at the virtually complete immunity anonymous bloggers once seemed to enjoy, seeking to define the contours of what is or is not permissible conduct on the web. Does anyone remember the term “netiquette”?

For more information, or for assistance with issues like these or any social media, online, digital content, gaming or matters that meet at the crossroads of advertising, technology & media, look up Joseph I. Rosenbaum, send me an email, or contact the Rimon attorney with whom you regularly work. We are happy to help.

Posted on

Self-Regulatory Online Behavioral Advertising Principle No. 1: Education

Last month, Legal Bytes reported to you that the Association of Advertising Agencies, the Association of National Advertisers, the Direct Marketing Association, and the Interactive Advertising Bureau, in concert with the Council of Better Business Bureaus, released its Self-Regulatory Online Behavioral Advertising Principles. As reported, the major participants in the online advertising industry have proposed to apply these principles to their practices related to online behavioral advertising: “the collection of data from a particular computer or device regarding Web viewing behaviors over time and across non-Affiliate Web sites for the purpose of using such data to predict user preferences or interests to deliver advertising to that computer or device based on the preferences or interests inferred from such Web viewing behaviors.”

Since we promised to provide you with a bit more detail regarding each of these principles, which are listed below, here is our first installment in fulfilling that commitment. The seven enumerated principles are:

  • Education
  • Transparency
  • Consumer Control
  • Data Security
  • Material Changes
  • Sensitive Data
  • Accountability

The Education principle requires everyone in the online behavioral environment to participate in meaningful efforts to educate consumers and businesses about behavioral advertising, the purpose of the Self-Regulatory Online Behavioral Advertising Principles, and the potential benefits and consumer choices that are available when these principles are followed, and to explain to consumers the means and implications of exercising their rights and the choices they may have. While the specifics of all of the proposed educational outreach are yet to be established within the framework of the industry groups that have formulated these principles, the one thing that was agreed on as a tangible, quantitative objective is that through industry-developed website(s) and a major online education campaign, the initial educational outreach would be developed to achieve at least 500,000,000 (yes, that’s five hundred million) impressions over the next 18 months. Thanks to Keri Bruce for her input. Stay tuned for highlights of the six other principles.

Posted on

Landlord Can’t Let Tweet sMOLDer

If you have been wondering what happened to the third grade line “there’s a fungus among us,” we have the answer. It seems a “tweet” made available May 12, 2009 on Twitter contained the following statement: ". . . Who said sleeping in a moldy apartment was bad for you? Horizon realty thinks it’s OK." Since the tweet is alleged to be available publicly for the world to see on Twitter, that didn’t seem particularly humorous to the management of the apartment building in which the Tweeter lives.

So non-humorous in fact, that Horizon Group Management, landlord of the apartment building in question, has filed suit in a Cook County Illinois Court for libel, alleging this was a "malicious and defamatory" tweet about the state of her apartment. The complaint further contends that because the "statement damaged the plaintiff’s reputation in its business, the statement is libel per se." Horizon is seeking a minimum of $50,000 in damages and that isn’t birdseed. You can read a copy of the complaint right here.

Posted on

Facebook Flap Over Ad Photos (Déjà vu All Over Again)

Last week, rumors started spreading that Facebook had changed its policy and was now allowing third-party advertisers to use your photos (i.e., images users post onto Facebook) without permission. The flap over the use of Facebook user-profile photos in advertising came into the limelight when a man, using a third-party application, saw an advertisement displayed for an online dating website, and much to his surprise—it happened to include a picture of his wife. There’s Good, Bad & Ugly.

Good news: His wife wasn’t out looking for a date. Bad news: The photo emanated from a Facebook profile photo available to companies that use the Facebook platform ad network. Ugly news: You could be next!

So here’s the scoop:

Facebook has not changed its policy and does not allow the use of your photo(s) without permission. Facebook had previously suspended two ad networks from the Facebook platform for deceptive practices and user complaints. Those ad networks were said to be using third-party applications in which these photos were embedded and, according to Facebook, that violates Facebook’s privacy policy; and the ads were misleading since they made it look as if someone’s Facebook friend had taken action when they really had not. Facebook itself issued a statement noting, “We are as concerned as many of you are about any potential threat to your experience on Facebook and the protection of your privacy. That’s why we prohibit ads on Facebook Platform that cause a bad user experience, are misleading, or otherwise violate our policies.” 

Although some Facebook users might not know it, Facebook has been running ads from its own ad system for more than a year—it lets your Facebook friends know of any direct connections you have with products and services. So if you become a "fan" of a Facebook Page, your Facebook friends might see an advertisement showing both the action you took (becoming a fan) and your profile photo along with the ad. According to Facebook, it will only do this when a Facebook user has taken some affirmative action indicating a connection with the product or service being advertised. Facebook also claims no data is shared with third parties in this process.

The best we can determine, Facebook technically only allows any user content to display in or with third-party advertising if the content isn’t being cached. While Facebook likely tries to control these networks, some obviously are not adhering to this policy, with photos then appearing not only on third-party ad networks within Facebook when they haven’t been authorized, but also in some cases outside the Facebook domain itself.

If you are a Facebook user and have actually read (and understood) its Terms and Privacy Policy, which is part of the Facebook Principles, you might know that Facebook ad networks can use these user photos in ads—they just can’t do so in violation of their privacy policy or in a deceptive manner. While clearly Facebook has an interest in keeping users comfortable with the online social media environment it has created, it will likely either do a better job of disclosing and explaining the potential uses that may be made of user information (including images, connections, and the like), or it will need to monitor and control the use of its advertising platform by third-party advertising networks that are allowed to use the platform.

Every user on Facebook is opted-in to allowing the use of their photos as described above, by default, when they sign up. Perhaps part of the flap is the fact that many users may simply have not known this. Or perhaps there’s a disclosure or communication problem within the community. Facebook might also provide more visible or multiple ways of enabling users to opt-out of this feature or create more refined privacy settings so that users are given more options and more information that allows them to control the use of their photos (and other information), certainly outside and potentially inside the Facebook social media community. Most users simply may have had no clue this was the default or that this was happening. Even when they realize this is occurring, many can’t figure out how to change the settings. Currently, the only way to fix the problem is to have users change the privacy settings that are found under “Settings,” “Privacy Settings,” “Newsfeeds and Wall”; looking for the tab that says “Facebook Ads”; and re-setting your “Appearance in Facebook Ads” preference to “No One.”

HOWEVER, just so everyone is clear—this still may not opt you out of Facebook ads displayed to your friends with your photo when you expressly take action within Facebook (e.g., becoming a "fan"), but it will opt you out of third-party network ads. That said, it remains to be seen how Facebook will deal with the delicate reality of handling third-party ad networks that aren’t Facebook affiliates, since these represent a significant source of revenue for creators of Facebook applications. 

To put it more simply, if you provide a third-party application with the right to access your information (which you generally need to do in order to use the application), then technically the advertising networks can access that information, too. That’s why users should pay attention to the applications they add, and get rid of applications they are no longer using. You can do this through the “Settings” menu as well. Head for the “Application Settings” page, and if you see a menu that says “Recently Used,” change it to “Authorized” and you will see the applications you have approved with an “X.” Just click to remove those you no longer wish to have authorization. That way, you won’t wind up as a poster child for some product or service that you did not and would not ever intend to endorse.* 

If you need to know more, please contact Joseph I. Rosenbaum at joseph.rosenbaum@rimonlaw.com, or you can view his bio at rimonlaw.com. Of course, you can always contact your favorite Rimon attorney, who will be more than happy to help you. 

* Speaking of endorsements, Joseph I. Rosenbaum was actually speaking of Endorsements (and Testimonials) at a recent CLE Conference in Ireland, sponsored and hosted by the School of Law at Limerick University and previously featured in Legal Bytes. A copy of Joe’s presentation (without the embedded videos) has been posted in .PDF format in an update to the previous posting.

Posted on

Advertising Industry Collaboration Releases Self-Regulatory Online Behavioral Advertising Principles

A group of the nation’s largest media and marketing trade associations today released self-regulatory principles to protect consumer privacy in ad-supported interactive media that will require advertisers and websites to clearly inform consumers about data collection practices, and enable them to exercise control over that information.

In an extraordinary show of industry cooperation and collaboration, the American Association of Advertising Agencies, the Association of National Advertisers, the Direct Marketing Association, and the Interactive Advertising Bureau last week released a series of self-regulatory principles, intended to be implemented by 2010 and designed to protect consumer privacy in advertising-supported interactive media. As part of the announcement, the Council of Better Business Bureaus along with the DMA, has agreed to implement accountability programs relative to these principles.

These self-regulatory guidelines come on the heels of a recently released study commissioned by the IAB entitled “Economic Value of the Advertising-Supported Internet Ecosystem,” which reported that the advertising-supported Internet represents 2.1 percent of the total U.S. gross domestic product (GDP), contributing $300 billion to the economy, and has created 3.1 million U.S. jobs.

“Guided by the seven Principles we have announced today, the advertising community is developing one of the most comprehensive self-regulatory programs ever undertaken by the business community. The fast-changing online marketing environment is best addressed by a self-regulatory framework that is transparent, flexible and accountable to consumers’ needs and concerns. On behalf of our 360 members, who collectively invest more than $200 billion annually in marketing communications, we look forward to jointly developing a comprehensive business system that respects and honors these Principles,” said Bob Liodice, President and CEO, (ANA).

“This historic collaboration represents businesses and trade associations working together to advance the public interest,” said Randall Rothenberg, President and CEO, IAB. “Although consumers have registered few if any complaints about Internet privacy, surveys show they are concerned about their privacy. We are acting early and aggressively on their concerns, to reinforce their trust in this vital medium that contributes so significantly to the U.S. economy.”

The seven Principles designed to address consumer concerns about use of personal information without wreaking havoc to advertising that subsidizes and supports the vast array of free online content relate to:

  • Education
  • Transparency
  • Consumer Control
  • Data Security
  • Material Changes
  • Sensitive Data
  • Accountability

We will be highlighting each of these principles separately in Legal Bytes over the weeks ahead, but if you would like to read the “Self-Regulatory Principles for Online Behavioral Advertising” report now, in its entirety, just follow the link.

Posted on

Did You Miss Our Seminar: “Facebook Personalized URLs: Titanic Brand Opportunity or Tip of an Iceberg?”

As we reported previously, Facebook announced the availability of a personalized Facebook URLs, raising serious issues — yet another example of technology colliding with traditional intellectual property laws. In this case, laws intended to protect trademarks and brand names. If you followed the news, the promotional momentum created by Facebook’s offer has made every astute brand owner ponder the implications! While you, of course, should look at my previous Legal Bytes post on Personalized URLs, if you missed the informative one-hour seminar on the subject presented by Douglas J. Wood and myself, Co-Chairs of the Rimon Advertising Technology & Media Law Group, you can find it here: “Facebook Personalized URLs: Titanic Brand Opportunity or Tip of an Iceberg?

Posted on

Whatz Gnu? Rimon Teleseminar: Facebook Personalized URLs: Titanic Brand Opportunity or Tip of an Iceberg?

Last week, Facebook announced the availability of a personalized Facebook URLs. This latest offering from Facebook raises serious issues—issues that are typically encountered when technology collides with traditional intellectual property laws intended to protect trademarks and brand names. Much like the confusion and abuse that proliferated when cybersquatting became rampant over the ownership and administration of domain names, we now have social networks and service providers allowing users to generate content and offering customized URLs within their domains in a digital and borderless world. Significantly, the promotional momentum created by Facebook’s offer has caused every astute brand and trademark owner to ponder whether they should be in a rush to register their personalized URL on Facebook, or let it ride and deal with potential infringements when—and if—they occur! You need practical guidance and insightful approaches to these problems.

The Media & Entertainment Industry Team and the Advertising Technology & Media Law Group at Rimon have put together an informative one-hour teleseminar entitled “Facebook Personalized URLs: Titanic Brand Opportunity or Tip of an Iceberg?” airing on Tuesday, June 23 at 12 p.m. EDT with partners Doug Wood and Joe Rosenbaum, to help you understand the issues, formulate an approach and make informed decisions and you are invited to participate. Participation is free, although long-distance telephone charges apply outside of the United States, the UK, France, and Germany, where 800 numbers are used. Don’t miss this call!

Call-in ports are limited, so please click here to register or contact Anna Kazachkov at akazachkov@rimonlaw.com no later than Monday, June 22, to receive a dial-in number and a passcode. If you require additional information, you can contact Anna by telephone directly at +1.212.702.1399.

Posted on

Facebook Adds Personalization & a (Brand) New Dimension?

On Tuesday, June 9, the popular social networking website, Facebook, announced that on Saturday, June 13 at 12:01 a.m. U.S. EDT, it will allow its registered users, subject to certain criteria and qualifications, to create personalized URLs for profiles and pages on Facebook (e.g., http://www.Facebook.com/insertyournamehere.   Currently, a user’s Facebook URL consists of the Facebook.com URL followed by numbers (e.g., http://www.facebook.com/profiles.Php?349485).

Allowing users to register personalized names on the web raises, among other things, infringement issues under federal and state trademark and related intellectual property laws, particularly for owners of well-known brands. Any registration process creates fears of cyber squatting and other attempts to hijack trademarks and brand names. Sometimes these fears are well founded; other times they are not. You may have already received bulletins from law firms and bloggers eager to alert you to the fact that Facebook has also announced it has created an online submission form that allows owners of registered trademarks to notify them of their IP rights. Ostensibly, Facebook intends to use the information submitted to preclude others from attempting to use registered marks in personalizing their URLs on Facebook.

While we applaud advising clients and friends of this development, we believe the matter is considerably more complicated than previous briefs and hasty reports may indicate. As is so often the case, the devil is in the detail, and the information below will give you a deeper look at the issues before racing to submit notifications of your IP rights to Facebook.

Continue reading “Facebook Adds Personalization & a (Brand) New Dimension?”