Posted on

Facebook Adds Personalization & a (Brand) New Dimension?

On Tuesday, June 9, the popular social networking website, Facebook, announced that on Saturday, June 13 at 12:01 a.m. U.S. EDT, it will allow its registered users, subject to certain criteria and qualifications, to create personalized URLs for profiles and pages on Facebook (e.g., http://www.Facebook.com/insertyournamehere.   Currently, a user’s Facebook URL consists of the Facebook.com URL followed by numbers (e.g., http://www.facebook.com/profiles.Php?349485).

Allowing users to register personalized names on the web raises, among other things, infringement issues under federal and state trademark and related intellectual property laws, particularly for owners of well-known brands. Any registration process creates fears of cyber squatting and other attempts to hijack trademarks and brand names. Sometimes these fears are well founded; other times they are not. You may have already received bulletins from law firms and bloggers eager to alert you to the fact that Facebook has also announced it has created an online submission form that allows owners of registered trademarks to notify them of their IP rights. Ostensibly, Facebook intends to use the information submitted to preclude others from attempting to use registered marks in personalizing their URLs on Facebook.

While we applaud advising clients and friends of this development, we believe the matter is considerably more complicated than previous briefs and hasty reports may indicate. As is so often the case, the devil is in the detail, and the information below will give you a deeper look at the issues before racing to submit notifications of your IP rights to Facebook.

Continue reading “Facebook Adds Personalization & a (Brand) New Dimension?”

Posted on

Gift Cards Tag Along with Credit Card Legislation

We previously reported its progress in Legal Bytes and last week, President Obama signed into law the Credit Card Act of 2009. Although the bulk of the Act (and the bulk of the publicity surrounding its enactment and passage) deals with credit cards, it also amends the Electronic Funds Transfer Act and implements federal regulation of general use pre-paid cards, gift certificates and store (retail) gift cards. The new law is scheduled to take effect Aug. 21, 2010, and substantively deals with dormancy fees (so-called “inactivity” or service fees) and expiration dates. 

In the area of dormancy or inactivity fees, the new law prohibits them unless there has been no activity for 12 months. In addition, in order to impose any such fees, certain disclosures must be made to the consumer prior to purchase. The new law also prohibits expiration dates of less than five years, and requires clear and conspicuous disclosure of the expiration date, if any. In addition, gift certificates issued as part of an award, loyalty or promotional program (i.e., no money or other consideration is given) are, as is the case with many state laws, excluded. And speaking of state laws, the Act specifically does not pre-empt state laws that provide greater consumer protection. 

What else should you know. First, plastic cards and payment code devices used solely for telephone services or that are reloadable, are not marketed or labeled as gift cards or certificates, not marketed to the general public, and issued in paper form only (including those that apply to tickets and events), are not covered by the requirements of the new Act.  Second, the law authorizes the Board of Governors of the Federal Reserve, in consultation with the FTC, to develop requirements concerning the amount of dormancy fees that can be charged (only once each month), and to more carefully seek to define which provisions of the Electronic Fund Transfer Act and Regulation E apply in this context. 

So, for states that have had no, or lesser, consumer protections, the Act clearly establishes a minimum federal threshold for the imposition of dormancy fees and the prohibition of expiration dates earlier than five years. For states that already have or may yet impose more stringent requirements, those requirements are specifically permitted under the Act, so you will still have to keep track of state requirements in this area. 

If you need to know, you need to contact Keri Bruce or Joseph Rosenbaum – or your favorite Rimon attorney – who will be more than happy to help you.

Posted on

Employees Off-Work, But Online

This post was written by E. David Krulewicz and Cindy Schmitt Minniti.

Facebook, MySpace and Twitter have become household names, a ubiquitous part of the daily lives of many and often a tool for keeping in touch with friends and family. These websites are increasingly being used by individuals to document their daily lives and activities, voice their concerns and post their opinions for the world to read and to respond. The business community has also turned to these “social media” websites as means for marketing their brands and, in some instances, for obtaining information about current employees and prospective job applicants. A series of recent cases reminds us there are significant risks related to the posting and/or use of information discovered on “social media” websites.

For example, in Pietrylo and Marino v. Hillstone Restaurant Group, a case pending in the Unites States District Court for the District of New Jersey, two individuals sued their former employer after they were terminated for posting complaints about their workplace on an invitation-only discussion forum on MySpace.com. Much to the employees’ surprise, managers from Hillstone Restaurant Group were able to access this discussion board (although the parties dispute whether the managers had a right to do so) and were less than pleased with what they read. The employees were quickly terminated and a lawsuit followed. 

In their complaint, the former employees assert their employer not only violated state and federal Wiretap and Stored Communications Acts by accessing the invitation-only forum, but wrongfully terminated them in violation of New Jersey’s public policy favoring free expression and privacy as embodied in the U.S. and the New Jersey Constitutions. Their employer has denied the claims and asserts the plaintiffs were “at-will” employees who could be terminated for any reason or no reason at all.

Ultimately, the question of liability may hinge upon whether the employees had a right to privacy for statements made online and whether the employer has a right to make disciplinary decisions based on an employee’s off-duty conduct.

Although legal commentators and privacy advocates debate how the trial will unfold when the case goes to trial later this summer, they all agree the case highlights real- world issues that can follow an individual’s seemingly innocent decision to post his or her thoughts on a social networking website. This is far from an isolated incident – indeed, the sports media recently reported a similar incident involving the Philadelphia Eagles’ termination of a long-time employee for disparaging the team’s management and its decision to release a prominent player on his Facebook page.  

While it is unclear if any of the companies in the cases above had a policy or provided instruction to their employees on these issues, it should not surprise you that increasingly business employers are finding they must do so. Clearly, before making decisions or taking action against employees for online, but off-duty conduct, employers should seek legal counsel from lawyers who understand these issues and can guide you in this dynamically evolving environment – where federal and state (and sometimes municipal or local) law may apply and little, if any, precedent currently exists. Worried? Need help? Need to understand more? Contact E. David Krulewicz or Cindy Schmitt Minniti or the Rimon lawyer with whom you work. 

Update:  Today, May 20th, after this story was posted, the U.S. House of Representatives also approved the bill regulating some common credit card and gift card industry practices. It is likely President Obama will sign the bill once it arrives on his desk.

Posted on

Google To Launch ‘Interest-Based’ Advertising

Rumor has it that Google will be launching its much-publicized "interest-based advertising" in April, allowing advertisers to serve ads based on a user’s prior interactions (e.g., browsing the advertisers’ websites, tracking interests). Google will track categories of web pages that users visit in Google’s content network and if, for example, a user visits motion picture and film pages, Google may add them to a corresponding interest category that might be labeled "motion picture aficionado." As we understand it, Google will enable use of the DoubleClick DART cookie in advertising served on websites with AdSense for content advertising. Thus, when a user browses an AdSense publishers’ site and views or clicks an ad, the user’s browser may have a cookie added.

For you loyal Legal Bytes readers, that means you should review your online terms of use, terms of service, privacy policies and online disclosures to be sure they cover this activity if it applies to your web presence, advertising and marketing activities. If you will need to and you don’t already take third-party ad servers into account, you may have to amend these to do so. 

As you know, Legal Bytes cannot provide legal advice (you have to be a client for that). Nor could we possibly advise without knowing the specifics about you, your situation, your jurisdiction(s), or the facts that apply. But consider the following sample (which assumes only non-personally identifiable information is collected) that illustrates the type of language one might consider:

We or our advertisers use third parties to serve advertising on our website and web pages when you visit or browse, and some of them use cookies or other technology to collect information about your visit. This information may be used to improve the operation of our website and enhance your experience as a visitor and user, and also to serve advertising about goods and services that might be of interest to you. No personally identifiable information (e.g., name, address, email or phone number) is collected this way or in this process.

Of course, you can add links or contact information for those who want more information, and you may even direct them to the applicable Google web page,or any other third-party ad-serving network’s corresponding page to either get more information, or learn how to opt out of or disable cookies.

Now go call the Rimon lawyer you normally deal with for help or contact me (Joseph I. Rosenbaum). We put together and advise companies in connection with their terms of service, privacy policies, and disclosures, and their online, wireless and web presence, all the time. How can we help you?

Posted on

Court Affirms FCC’s Rule Requiring Prior “Opt-In” to Share Customer Data

A U.S. Circuit Court in the District of Columbia has upheld the FCC’s rule that requires telecommunications carriers to obtain prior “opt-in” consent from customers before disclosing their personal information to joint venture partners or independent contractors for marketing purposes. The rule, which was adopted in 2007, covers all Customer Proprietary Network Information (CPNI) and also applies to service providers offering VoIP (Voice Over IP) services to customers. For those who don’t stay updated on what the FCC rules mean by CPNI, it includes information such as the phone numbers called by a consumer, the frequency, duration, and timing of the calls and any additional services the consumer is receiving (e.g., call waiting). Our telecommunications experts expect the FCC to enforce this rule aggressively. If you want to read the case yourself, go to National Cable & Telecommunications Association v. FCC , but if you really want to understand what it means to you, contact Robert H. Jackson or Judith L. Harris in our Washington, DC Office.

Posted on

FCC Issues Parental Controls’ Inquiry for Video and Audio

On March 3, 2009, the Federal Communications Commission (“FCC”) released a Notice of Inquiry to implement the Child Safe Viewing Act of 2007 (“CSVA”), which directs the FCC to examine advanced parental control technologies that would be compatible with various communications devices and platforms.

Click here to read the full alert, written by Amy S. Mushahwar, Judith L. Harris, and John P. Feldman.

Posted on

Better to Lose Face Than Facebook

Facebook, the very informal and ostensibly open social network, hinting at an apology for what its CEO acknowledged were “overly formal and protective” Terms of Service, did an abrupt about-face recently, retracting them and reverting to its old Terms of Service—presumably reacting to a sea of complaints from just about everyone. Complaints? Over legal terms—does anyone still read them? Well, they do, and they didn’t like what they read—particularly the part that claimed unrestricted, perpetual ownership of your personal data, even if you decide to delete your entire account and go away. 

While we respect Facebook’s right to better manage, control, and disclose to consumers how and for what purpose it treats and handles personal data, it highlights a number of things the online world continues to teach us. First, don’t assume those innocuous changes buried somewhere in terms of service, terms of use, privacy policies, codes of conduct, rules of the road, or whatever you choose to call them, aren’t being scrutinized—by consumers, by your customers, by the media and, lest we forget, by regulators and legislators. While Facebook has not admitted it was caught a bit red-faced, it is taking your feedback in a “Facebook Bill of Rights and Responsibilities” group to which you can contribute your thoughts. For those in the know, Facebook’s population has grown to more than 175 million users—does that make it the sixth-largest country in the world? Hmm, I wonder if that country has a growing budget deficit too; we’ll have to wait for the State of the Reunion speech, when results are posted, to find out.

Posted on

Red Faced or Saving Face. Facebook Faces the Music!

Facebook has built a highly popular business, but it turns out making that popularity profitable appears to depend, in large measure, on advertising. Sound familiar? So Facebook announced a new program, Beacon, an online tracking tool. No, online tracking certainly isn’t new: companies track where your browser has been and your online activity, and routinely serve up ads based on “preferences”—where you have been, what you look for, and what you purchase. But that takes place behind the scenes—you just see the results: relevant, targeted advertising.

Facebook has taken online tracking one step farther: Beacon sends messages telling your Facebook buddies what you are buying and, in some cases, what you are doing. So don’t plan that surprise trip to Puerto Rico just yet—buying a ticket might ruin the surprise. In fact, don’t come back from the trip and rate the hotel—your friends who weren’t invited will know you’ve been there.

Facebook faced criticism last year when its “News Feed” function came under fire. Media and industry pundits and Facebook executives note often schizophrenic and hypocritical marketplace attitudes. Indeed, there is some irony to be considered when the generation that posts profiles, adding everything from drinking, sexual preferences, and religious affiliations, to family videos, in blatantly public web-spaces, complains about privacy. But consumers still distinguish between their choice to share, and allowing a host to decide what, when, where and how to share information about them, or whether to characterize activities as some form of an “endorsement without consent” to their friends.

As usual, privacy and consumer advocacy groups were poised to file complaints with the FTC, right on the heels of investigations already launched by several Attorneys General into Facebook’s privacy practices. The New York Attorney General has issued a subpoena to Facebook for copies of complaints about “inappropriate solicitation of underage users and inappropriate content on the site.” As innovators have learned, success shines a spotlight that creates a glow—and discloses warts; let’s see if they can keep Facebook blemish-free.

Posted on

Financial Supermarket? No. Financial Advertising Supermarket? Well, Maybe…

Years ago, a number of companies hoped that by offering to simplify financial record-keeping and collect your financial information in one place, consumers would find it easier than trying to keep track of all of the numbers, codes and IDs they have to contend with in the real world. The concept fizzled, primarily because there was resistance to giving one website all the information—putting all your nest eggs, so to speak, in one basket. Now, some companies are hoping to revive the concept, this time with the lure of education, advertising and sponsorship.

Although the basic idea remains, the new aggregation model uses sponsored links—recommendations based on an analysis of consumer data and financial information—all geared to educating consumers about the availability of financial products and services. Just as search engines accumulate information about browsing—to prioritize and serve advertising believed to be of higher value to the individual—these new sites use the same model to recommend financial services. If you use a credit card to purchase airline tickets, the site might recommend or display an advertisement for an affinity credit card tied to an air carrier or one which offers points for your purchases. Use an overdraft line of credit for your checking account? You might see an advertisement or recommendation to consider a home equity line of credit to potentially lower your tax bill while you borrow.

While advertising-supported revenue models may have greater appeal from an economic viewpoint and may attract financial institution sponsors and advertisers, these sites still have to overcome consumer discomfort with making all—or a significant portion—of their nonpublic financial information available at a single point of aggregation. With the identity theft, data breach and privacy issues front and center in the past few years, one has to wonder if the power of advertising can overcome that anxiety.

Posted on

Disclosures, Decency and Data Security

For the record, privacy, data protection, information security and international law have officially converged with management, compliance and marketing. More than 30 U.S. states have now passed legislation in one form or another that requires businesses to notify consumers if an actual or potential breach of data security may lead to the compromise of personally identifiable information. This comes on the heels of several years of the government tightening its own policies regarding data security breaches and instances of compromised security.

Recently, the Office of Management & Budget, which oversees U.S. federal agencies, announced a tougher policy for government, requiring agencies to follow the security procedures checklist prepared by the National Institute of Standards and Technology (“NIST”) to protect data. An internal OMB memo recommends that data on mobile computers and devices carrying agency data be encrypted, and suggests two-factor authentication (one being separated from the actual computer obtaining access to the data).

As noted in prior issues of Legal Bytes, requirements and compliance obligations for commercial enterprises doing business across state lines and national boundaries vary, although many have common themes. If you are concerned—and you should be—contact us. We can help you sort out your current compliance obligations and help you keep track of the changing privacy and data protection landscape, both domestically and internationally. Even if you choose not to inject your views into the regulatory process, you must keep abreast of developments or risk action by consumers and regulators.

Continue reading “Disclosures, Decency and Data Security”