Posted on

Facebook Flap Over Ad Photos (Déjà vu All Over Again)

Last week, rumors started spreading that Facebook had changed its policy and was now allowing third-party advertisers to use your photos (i.e., images users post onto Facebook) without permission. The flap over the use of Facebook user-profile photos in advertising came into the limelight when a man, using a third-party application, saw an advertisement displayed for an online dating website, and much to his surprise—it happened to include a picture of his wife. There’s Good, Bad & Ugly.

Good news: His wife wasn’t out looking for a date. Bad news: The photo emanated from a Facebook profile photo available to companies that use the Facebook platform ad network. Ugly news: You could be next!

So here’s the scoop:

Facebook has not changed its policy and does not allow the use of your photo(s) without permission. Facebook had previously suspended two ad networks from the Facebook platform for deceptive practices and user complaints. Those ad networks were said to be using third-party applications in which these photos were embedded and, according to Facebook, that violates Facebook’s privacy policy; and the ads were misleading since they made it look as if someone’s Facebook friend had taken action when they really had not. Facebook itself issued a statement noting, “We are as concerned as many of you are about any potential threat to your experience on Facebook and the protection of your privacy. That’s why we prohibit ads on Facebook Platform that cause a bad user experience, are misleading, or otherwise violate our policies.” 

Although some Facebook users might not know it, Facebook has been running ads from its own ad system for more than a year—it lets your Facebook friends know of any direct connections you have with products and services. So if you become a "fan" of a Facebook Page, your Facebook friends might see an advertisement showing both the action you took (becoming a fan) and your profile photo along with the ad. According to Facebook, it will only do this when a Facebook user has taken some affirmative action indicating a connection with the product or service being advertised. Facebook also claims no data is shared with third parties in this process.

The best we can determine, Facebook technically only allows any user content to display in or with third-party advertising if the content isn’t being cached. While Facebook likely tries to control these networks, some obviously are not adhering to this policy, with photos then appearing not only on third-party ad networks within Facebook when they haven’t been authorized, but also in some cases outside the Facebook domain itself.

If you are a Facebook user and have actually read (and understood) its Terms and Privacy Policy, which is part of the Facebook Principles, you might know that Facebook ad networks can use these user photos in ads—they just can’t do so in violation of their privacy policy or in a deceptive manner. While clearly Facebook has an interest in keeping users comfortable with the online social media environment it has created, it will likely either do a better job of disclosing and explaining the potential uses that may be made of user information (including images, connections, and the like), or it will need to monitor and control the use of its advertising platform by third-party advertising networks that are allowed to use the platform.

Every user on Facebook is opted-in to allowing the use of their photos as described above, by default, when they sign up. Perhaps part of the flap is the fact that many users may simply have not known this. Or perhaps there’s a disclosure or communication problem within the community. Facebook might also provide more visible or multiple ways of enabling users to opt-out of this feature or create more refined privacy settings so that users are given more options and more information that allows them to control the use of their photos (and other information), certainly outside and potentially inside the Facebook social media community. Most users simply may have had no clue this was the default or that this was happening. Even when they realize this is occurring, many can’t figure out how to change the settings. Currently, the only way to fix the problem is to have users change the privacy settings that are found under “Settings,” “Privacy Settings,” “Newsfeeds and Wall”; looking for the tab that says “Facebook Ads”; and re-setting your “Appearance in Facebook Ads” preference to “No One.”

HOWEVER, just so everyone is clear—this still may not opt you out of Facebook ads displayed to your friends with your photo when you expressly take action within Facebook (e.g., becoming a "fan"), but it will opt you out of third-party network ads. That said, it remains to be seen how Facebook will deal with the delicate reality of handling third-party ad networks that aren’t Facebook affiliates, since these represent a significant source of revenue for creators of Facebook applications. 

To put it more simply, if you provide a third-party application with the right to access your information (which you generally need to do in order to use the application), then technically the advertising networks can access that information, too. That’s why users should pay attention to the applications they add, and get rid of applications they are no longer using. You can do this through the “Settings” menu as well. Head for the “Application Settings” page, and if you see a menu that says “Recently Used,” change it to “Authorized” and you will see the applications you have approved with an “X.” Just click to remove those you no longer wish to have authorization. That way, you won’t wind up as a poster child for some product or service that you did not and would not ever intend to endorse.* 

If you need to know more, please contact Joseph I. Rosenbaum at joseph.rosenbaum@rimonlaw.com, or you can view his bio at rimonlaw.com. Of course, you can always contact your favorite Rimon attorney, who will be more than happy to help you. 

* Speaking of endorsements, Joseph I. Rosenbaum was actually speaking of Endorsements (and Testimonials) at a recent CLE Conference in Ireland, sponsored and hosted by the School of Law at Limerick University and previously featured in Legal Bytes. A copy of Joe’s presentation (without the embedded videos) has been posted in .PDF format in an update to the previous posting.

Posted on

Advertising Industry Collaboration Releases Self-Regulatory Online Behavioral Advertising Principles

A group of the nation’s largest media and marketing trade associations today released self-regulatory principles to protect consumer privacy in ad-supported interactive media that will require advertisers and websites to clearly inform consumers about data collection practices, and enable them to exercise control over that information.

In an extraordinary show of industry cooperation and collaboration, the American Association of Advertising Agencies, the Association of National Advertisers, the Direct Marketing Association, and the Interactive Advertising Bureau last week released a series of self-regulatory principles, intended to be implemented by 2010 and designed to protect consumer privacy in advertising-supported interactive media. As part of the announcement, the Council of Better Business Bureaus along with the DMA, has agreed to implement accountability programs relative to these principles.

These self-regulatory guidelines come on the heels of a recently released study commissioned by the IAB entitled “Economic Value of the Advertising-Supported Internet Ecosystem,” which reported that the advertising-supported Internet represents 2.1 percent of the total U.S. gross domestic product (GDP), contributing $300 billion to the economy, and has created 3.1 million U.S. jobs.

“Guided by the seven Principles we have announced today, the advertising community is developing one of the most comprehensive self-regulatory programs ever undertaken by the business community. The fast-changing online marketing environment is best addressed by a self-regulatory framework that is transparent, flexible and accountable to consumers’ needs and concerns. On behalf of our 360 members, who collectively invest more than $200 billion annually in marketing communications, we look forward to jointly developing a comprehensive business system that respects and honors these Principles,” said Bob Liodice, President and CEO, (ANA).

“This historic collaboration represents businesses and trade associations working together to advance the public interest,” said Randall Rothenberg, President and CEO, IAB. “Although consumers have registered few if any complaints about Internet privacy, surveys show they are concerned about their privacy. We are acting early and aggressively on their concerns, to reinforce their trust in this vital medium that contributes so significantly to the U.S. economy.”

The seven Principles designed to address consumer concerns about use of personal information without wreaking havoc to advertising that subsidizes and supports the vast array of free online content relate to:

  • Education
  • Transparency
  • Consumer Control
  • Data Security
  • Material Changes
  • Sensitive Data
  • Accountability

We will be highlighting each of these principles separately in Legal Bytes over the weeks ahead, but if you would like to read the “Self-Regulatory Principles for Online Behavioral Advertising” report now, in its entirety, just follow the link.

Posted on

Did You Miss Our Seminar: “Facebook Personalized URLs: Titanic Brand Opportunity or Tip of an Iceberg?”

As we reported previously, Facebook announced the availability of a personalized Facebook URLs, raising serious issues — yet another example of technology colliding with traditional intellectual property laws. In this case, laws intended to protect trademarks and brand names. If you followed the news, the promotional momentum created by Facebook’s offer has made every astute brand owner ponder the implications! While you, of course, should look at my previous Legal Bytes post on Personalized URLs, if you missed the informative one-hour seminar on the subject presented by Douglas J. Wood and myself, Co-Chairs of the Rimon Advertising Technology & Media Law Group, you can find it here: “Facebook Personalized URLs: Titanic Brand Opportunity or Tip of an Iceberg?

Posted on

Whatz Gnu? Rimon Teleseminar: Facebook Personalized URLs: Titanic Brand Opportunity or Tip of an Iceberg?

Last week, Facebook announced the availability of a personalized Facebook URLs. This latest offering from Facebook raises serious issues—issues that are typically encountered when technology collides with traditional intellectual property laws intended to protect trademarks and brand names. Much like the confusion and abuse that proliferated when cybersquatting became rampant over the ownership and administration of domain names, we now have social networks and service providers allowing users to generate content and offering customized URLs within their domains in a digital and borderless world. Significantly, the promotional momentum created by Facebook’s offer has caused every astute brand and trademark owner to ponder whether they should be in a rush to register their personalized URL on Facebook, or let it ride and deal with potential infringements when—and if—they occur! You need practical guidance and insightful approaches to these problems.

The Media & Entertainment Industry Team and the Advertising Technology & Media Law Group at Rimon have put together an informative one-hour teleseminar entitled “Facebook Personalized URLs: Titanic Brand Opportunity or Tip of an Iceberg?” airing on Tuesday, June 23 at 12 p.m. EDT with partners Doug Wood and Joe Rosenbaum, to help you understand the issues, formulate an approach and make informed decisions and you are invited to participate. Participation is free, although long-distance telephone charges apply outside of the United States, the UK, France, and Germany, where 800 numbers are used. Don’t miss this call!

Call-in ports are limited, so please click here to register or contact Anna Kazachkov at akazachkov@rimonlaw.com no later than Monday, June 22, to receive a dial-in number and a passcode. If you require additional information, you can contact Anna by telephone directly at +1.212.702.1399.

Posted on

Facebook Adds Personalization & a (Brand) New Dimension?

On Tuesday, June 9, the popular social networking website, Facebook, announced that on Saturday, June 13 at 12:01 a.m. U.S. EDT, it will allow its registered users, subject to certain criteria and qualifications, to create personalized URLs for profiles and pages on Facebook (e.g., http://www.Facebook.com/insertyournamehere.   Currently, a user’s Facebook URL consists of the Facebook.com URL followed by numbers (e.g., http://www.facebook.com/profiles.Php?349485).

Allowing users to register personalized names on the web raises, among other things, infringement issues under federal and state trademark and related intellectual property laws, particularly for owners of well-known brands. Any registration process creates fears of cyber squatting and other attempts to hijack trademarks and brand names. Sometimes these fears are well founded; other times they are not. You may have already received bulletins from law firms and bloggers eager to alert you to the fact that Facebook has also announced it has created an online submission form that allows owners of registered trademarks to notify them of their IP rights. Ostensibly, Facebook intends to use the information submitted to preclude others from attempting to use registered marks in personalizing their URLs on Facebook.

While we applaud advising clients and friends of this development, we believe the matter is considerably more complicated than previous briefs and hasty reports may indicate. As is so often the case, the devil is in the detail, and the information below will give you a deeper look at the issues before racing to submit notifications of your IP rights to Facebook.

Continue reading “Facebook Adds Personalization & a (Brand) New Dimension?”

Posted on

Employees Off-Work, But Online

This post was written by E. David Krulewicz and Cindy Schmitt Minniti.

Facebook, MySpace and Twitter have become household names, a ubiquitous part of the daily lives of many and often a tool for keeping in touch with friends and family. These websites are increasingly being used by individuals to document their daily lives and activities, voice their concerns and post their opinions for the world to read and to respond. The business community has also turned to these “social media” websites as means for marketing their brands and, in some instances, for obtaining information about current employees and prospective job applicants. A series of recent cases reminds us there are significant risks related to the posting and/or use of information discovered on “social media” websites.

For example, in Pietrylo and Marino v. Hillstone Restaurant Group, a case pending in the Unites States District Court for the District of New Jersey, two individuals sued their former employer after they were terminated for posting complaints about their workplace on an invitation-only discussion forum on MySpace.com. Much to the employees’ surprise, managers from Hillstone Restaurant Group were able to access this discussion board (although the parties dispute whether the managers had a right to do so) and were less than pleased with what they read. The employees were quickly terminated and a lawsuit followed. 

In their complaint, the former employees assert their employer not only violated state and federal Wiretap and Stored Communications Acts by accessing the invitation-only forum, but wrongfully terminated them in violation of New Jersey’s public policy favoring free expression and privacy as embodied in the U.S. and the New Jersey Constitutions. Their employer has denied the claims and asserts the plaintiffs were “at-will” employees who could be terminated for any reason or no reason at all.

Ultimately, the question of liability may hinge upon whether the employees had a right to privacy for statements made online and whether the employer has a right to make disciplinary decisions based on an employee’s off-duty conduct.

Although legal commentators and privacy advocates debate how the trial will unfold when the case goes to trial later this summer, they all agree the case highlights real- world issues that can follow an individual’s seemingly innocent decision to post his or her thoughts on a social networking website. This is far from an isolated incident – indeed, the sports media recently reported a similar incident involving the Philadelphia Eagles’ termination of a long-time employee for disparaging the team’s management and its decision to release a prominent player on his Facebook page.  

While it is unclear if any of the companies in the cases above had a policy or provided instruction to their employees on these issues, it should not surprise you that increasingly business employers are finding they must do so. Clearly, before making decisions or taking action against employees for online, but off-duty conduct, employers should seek legal counsel from lawyers who understand these issues and can guide you in this dynamically evolving environment – where federal and state (and sometimes municipal or local) law may apply and little, if any, precedent currently exists. Worried? Need help? Need to understand more? Contact E. David Krulewicz or Cindy Schmitt Minniti or the Rimon lawyer with whom you work. 

Update:  Today, May 20th, after this story was posted, the U.S. House of Representatives also approved the bill regulating some common credit card and gift card industry practices. It is likely President Obama will sign the bill once it arrives on his desk.

Posted on

Better to Lose Face Than Facebook

Facebook, the very informal and ostensibly open social network, hinting at an apology for what its CEO acknowledged were “overly formal and protective” Terms of Service, did an abrupt about-face recently, retracting them and reverting to its old Terms of Service—presumably reacting to a sea of complaints from just about everyone. Complaints? Over legal terms—does anyone still read them? Well, they do, and they didn’t like what they read—particularly the part that claimed unrestricted, perpetual ownership of your personal data, even if you decide to delete your entire account and go away. 

While we respect Facebook’s right to better manage, control, and disclose to consumers how and for what purpose it treats and handles personal data, it highlights a number of things the online world continues to teach us. First, don’t assume those innocuous changes buried somewhere in terms of service, terms of use, privacy policies, codes of conduct, rules of the road, or whatever you choose to call them, aren’t being scrutinized—by consumers, by your customers, by the media and, lest we forget, by regulators and legislators. While Facebook has not admitted it was caught a bit red-faced, it is taking your feedback in a “Facebook Bill of Rights and Responsibilities” group to which you can contribute your thoughts. For those in the know, Facebook’s population has grown to more than 175 million users—does that make it the sixth-largest country in the world? Hmm, I wonder if that country has a growing budget deficit too; we’ll have to wait for the State of the Reunion speech, when results are posted, to find out.

Posted on

Dazed & Confused, Not Shock and Awe

For 2009, here are my predictions:

The economy and strife, regulation and surveillance will dominate the agenda, with the burden of paying for everything from wars to bailouts right in the crosshairs: watch those advertising budgets boys and girls, the taxman cometh.

Privacy and advertising, long separated by passive print, television and radio, will continue to collide—Congress will either pass ineffective and inappropriate legislation because it’s too busy to pay attention, or will defer legislation another year because it’s too busy to pay attention.

Wireless and mobile technology will continue to make us say “wow” and will continue to miniaturize our lives, putting not just communication, but also our wallets, calendars, purchasing, entertainment and working tool kits in our hands, not our laps.

The use of wireless and additional licenses, spectrum and bandwidth will bring the FCC and the FTC colliding in their zeal to regulate, and they will either cooperate because they are too busy to fight or fight because they are too busy to cooperate. In either case, regulation, re-regulation and self-regulation will continue to increase, unregulated.

Marketing, promotions, new media, digital content and distribution platforms will transform gaming and interactive play into entertainment, education and information—giving us more choices, but continuing to blur the lines between advertising, entertainment and information.

Continue reading “Dazed & Confused, Not Shock and Awe”

Posted on

Red Faced or Saving Face. Facebook Faces the Music!

Facebook has built a highly popular business, but it turns out making that popularity profitable appears to depend, in large measure, on advertising. Sound familiar? So Facebook announced a new program, Beacon, an online tracking tool. No, online tracking certainly isn’t new: companies track where your browser has been and your online activity, and routinely serve up ads based on “preferences”—where you have been, what you look for, and what you purchase. But that takes place behind the scenes—you just see the results: relevant, targeted advertising.

Facebook has taken online tracking one step farther: Beacon sends messages telling your Facebook buddies what you are buying and, in some cases, what you are doing. So don’t plan that surprise trip to Puerto Rico just yet—buying a ticket might ruin the surprise. In fact, don’t come back from the trip and rate the hotel—your friends who weren’t invited will know you’ve been there.

Facebook faced criticism last year when its “News Feed” function came under fire. Media and industry pundits and Facebook executives note often schizophrenic and hypocritical marketplace attitudes. Indeed, there is some irony to be considered when the generation that posts profiles, adding everything from drinking, sexual preferences, and religious affiliations, to family videos, in blatantly public web-spaces, complains about privacy. But consumers still distinguish between their choice to share, and allowing a host to decide what, when, where and how to share information about them, or whether to characterize activities as some form of an “endorsement without consent” to their friends.

As usual, privacy and consumer advocacy groups were poised to file complaints with the FTC, right on the heels of investigations already launched by several Attorneys General into Facebook’s privacy practices. The New York Attorney General has issued a subpoena to Facebook for copies of complaints about “inappropriate solicitation of underage users and inappropriate content on the site.” As innovators have learned, success shines a spotlight that creates a glow—and discloses warts; let’s see if they can keep Facebook blemish-free.

Posted on

Content is King, but the Medium Is Still the Message

Recently lawyers have begun to debate the question of just how much control advertisers can exert when paying for product placements or branded entertainment before the line between First Amendment expression by the creative staff putting together the program and the financial subsidies from advertisers is crossed. Now, the Ninth Circuit has dealt with a similar question relating to the immunity that interactive computer service providers have typically enjoyed under the Communications Decency Act (the “CDA”). The CDA insulates service providers from liability so long as the service provider remains a publisher of information and content of others (there are exceptions, so the immunity is not blanket and you should always consult legal advice for specifics that apply to your situation). That said, a company that operates an online web service that specializes in matching roommates based on their preferences has been held in violation of the Fair Housing Act because a questionnaire put together by the company asks for certain demographic information that, when posted on the website, could be used by users and site visitors to discriminate against others. The company, Roommates.com, asked users to disclose information, among other things, about roommate preferences such as age, sex, children, etc. The Ninth Circuit held that although Roommates.com was immune as long as it was simply enabling the distribution or display of information provided by its members, when it became an information content provider, it lost immunity with respect to that activity and information. And by putting together the questionnaires and soliciting their preferences in response, Roommates.com was not simply posting content authored by users, but rather was eliciting specific information that could be abused and that might or might not have been voluntarily posted or disclosed absent the questionnaires.

Hmmmm…user profiles, play lists, segmented marketing, asking consumers to participate in promotions…this is an interesting test of the limitations of the CDA to protect and insulate interactive online service providers from liability. As social networks, virtual worlds and other digital arenas that don’t simply enable but also solicit or encourage certain information to be provided, and as web services become more targeted, focused and segmented to match consumer preferences, the immunity is likely to be tested further. Stay tuned.