Friday, 20 May 2016 12:28

Twists And Turns Of Internet Law & Privacy

By: 

Is everyone’s website illegal?

Your website consists of visible text and graphics, geared to the sighted reader. Its terms and conditions include legal disclaimers and limitations of liability, which, it explains, apply unless they are specifically prohibited by law. As a service to the public, you have posted scores of videos providing useful information for consumers in your industry.
Are these common practices illegal?

Some class action lawyers say so. They’ve been making claims against standard websites that they claim violate the federal Americans with Disabilities Act or a New Jersey consumer protection statute.
Class actions targeting website practices aren’t unusual. In the early days of the commercial Internet, many companies were sloppy with their website terms and privacy policies. Most notably, high flying dot-com companies that promised never to sell their customer data were caught flat-footed when the bubble burst. In liquidation, their customer lists were their most saleable assets, which they then usually sold, in violation of their prior promises.
Cases from that era showed the legal vulnerability of disconnects between website promises and actual business practices.

Similarly, when web technologies ran ahead of website disclosures, as allegedly occurred in some cases with behavioral advertising, customer tracking, and information sharing practices, the class action lawyers pounced then too. On multiple occasions in 2010 and 2011, the Wall Street Journal’s “What They Know” series would run articles about customer tracking on the Internet, and, the very next day, class action suits were filed keyed to the practices revealed by the Journal.

The ADA and New Jersey suits appear to be the newest wave of Internet class actions —ones that have the potential to reach thousands if not millions of website operators.

Is the Internet expanding privacy expectations?

Internet privacy - e-mails
Is the Internet invading privacy, or expanding privacy? The conventional wisdom is that the Internet is eviscerating privacy. But in some ways a heightened focus on privacy in the digital era may be creating new and greater privacy expectations.

Consider the simple matter of lists of addressees and cc’s on emails.
In the ancient days of postal mail, it was never a big deal if a sender revealed, on a letter, the other persons to whom he or she were sending the same letter, or to whom he or she was sending copies of that letter. Lots of letters show multiple addressees or multiple persons copied. That indeed explains the origin of the “cc” field, as a visible list of the persons to whom a “carbon copy” (another ancient term) was being sent.

But an expectation has developed recently that one should never send out a mass email that reveals the email addresses of all of the recipients, unless they previously knew one another. That is why the Federal Trade Commission was so red-faced recently when, in the course of preparation for its first PrivacyCon workshop on privacy research, it sent an email out to all attendees revealing – horrors! – all of their email addresses. The agency “sincerely apologized” for this terrible mistake

The presumed confidentiality of one’s email address is seen in other laws. College professors, for example, are instructed never to communicate with an entire class of students by placing all of their email addresses in the “to” field; rather, they must use the “bcc” field, so that no student receives his or her fellow students’ email addresses, which some of them may have designated as confidential personal information under the Family Educational Rights and Privacy Law.

Though the prohibition against letting strangers see others’ email addresses in group emails now seems to be settled, the presumed harm to be avoided — use of those email addresses for bulk commercial emails — is fairly speculative, and such a misuse, if it occurred, would seem to cause more of an inconvenienced harm than a true privacy invasion. The same goes for concerns about reply-all “catastrophes,” such as the one that hit Thompson Reuters employees in August 2015. The event inconvenienced employees, but its true lasting impact appeared to be a flood of humorous Twitter traffic. (Another reply-all incident struck Time Inc. just this week.)

The best explanation for this new expectation, rather, seems to be an expanding understanding of privacy, at least in certain areas. Contrary to the conventional wisdom, our expectations of privacy are not steadily and uniformly shrinking. In some cases, they are expanding.

Can you be sued for posting your opinions on the Internet?

A restaurant tells customers it may sue them if they post unfavorable reviews on the Internet. A flooring company sues a customer who complained on social media that he had an “absolutely horrible experience” with the company.
Klear-Gear, a gadget company, included in its Internet terms a provision that “your acceptance of this sales contract prohibits you from taking any action that negatively impacts KlearGear.com, its reputation, products, services, management or expenses.” The terms also set damages for a violation: $3,500.

If something seems wrong to you about these cases, you are not alone. While libel law has struggled for years with the dividing line between expressions of actionable fact and constitutionally protected opinion, most laypeople, and judges, believe that statements of opinion should be protected, and broadly construed.
That may be why Grill 225, a restaurant in Charleston, met with such opposition when its scheme for suppressing unfavorable reviews was recently publicized. The restaurant required persons booking online reservations to agree to terms and conditions in which, among other things, the customer agreed “that they may be held legally liable for generating any potential negative, verbal, or written defamation against Grill 225.

Most efforts to prevent or penalize Internet comments and criticism are crushed in the court of public opinion even before they reach the courthouse. Grill 225, for example, is really only stating the obvious when it says that it could sue a customer. It wisely hasn’t done so in the two years that it has posted its terms. The flooring company, in Colorado, did sue its customer, but the case provoked a state legislator to propose stronger protection against suits aimed at chilling free speech.

Indeed, last year California passed a so-called “Yelp Bill” that prohibited businesses from including in their contracts “a provision waiving the consumer’s right to make any statement regarding the seller or lessor or its employees or agents, or concerning the goods or services.” A similar bill, the proposed Consumer Review Freedom Act, has been introduced in Congress.

When cases do get to court, even under existing law, statements of opinion are generally protected. As one example, consider a case involving presidential candidate Donald Trump, back in the early 1980s, when he announced an audacious plan to build the tallest building in the world, a 150-story skyscraper, on landfill just south of downtown Manhattan.

Trump’s plan met opposition in Chicago, then home of the world’s tallest building, the 108-story Sears Tower (now Willis Tower). Specifically, the Chicago Tribune’s architecture critic, Paul Gapp, analyzed Trump’s proposal in a review and deemed it, among other things, “one of the silliest things anyone could inflict on New York or any other city." Gapp’s review was accompanied by a Tribune artist’s rendering of southern Manhattan with a giant new building, a Sears Tower lookalike on steroids, sticking out like a sore thumb below and east of Battery Park.

Trump, no more shy then than he is now, immediately sued the Tribune, seeking damages to the tune of $500 million. I worked for the Tribune’s law firm and had the task of writing the motion to dismiss Trump’s case. There were plenty of good legal authorities on the right of critics to express their opinions, but I decided to prepare our brief a bit differently.

Experts make privacy regulation a serious threat

Now is the time to get smart about privacy and technology, because your government regulators are smart and savvy in those areas.

No, that’s not a misprint. Though government regulators are often far behind on the technology curve, real experts have taken over at several important agencies that regulate conduct on the Internet.
Take Ashkan Soltani, who took over in late 2014 as Chief Technologist for the Federal Trade Commission. Just by hiring a chief technologist, the FTC showed awareness of the need for deep computer expertise to effectively regulate privacy and commercial practices on the Internet. And by hiring Soltani, one of the sharpest computer privacy experts in country, the FTC showed it was serious.

Soltani was one of a handful of computer experts who have been at the forefront of studying privacy on the Internet. Along with his former colleagues at Berkeley, and like-minded researchers, especially at Stanford and Carnegie-Mellon universities, Soltani has identified and publicized many previously unknown ways in which the Internet allows personal information to be collected, used and commercialized.
Soltani and his colleagues haven’t just quietly studied Internet privacy. They’ve been active and savvy in getting the word out on their studies.

To take one example, a few years back, most website operators thought they had satisfied their disclosure obligations if they told their users that they honored users’ instructions with respect to HTTP “cookies” (datasets that identify previous browsing activity). But in an important research report in 2009, Soltani and colleagues reported that even when users deleted HTTP cookies, in an attempt to shield knowledge of their previous browsing activity, some websites, by activating Flash cookies (often tied to web video files) would automatically regenerate those HTTP cookies – a generally unintended result, but one that cast doubt on the company’s privacy promises. Soltani followed this up with reports on other pervasive tracking technologies.

Soltani and his colleagues and co-authors, many of whom, like him, are motivated by their need for more privacy protection, focused their research on exposing technologies (like Flash cookies) that collected or revealed information that consumers thought was private. Many of their research projects became the foundation of class action lawsuits against companies that made privacy promises in ignorance of these technologies.

And it wasn’t a coincidence that Soltani’s research was used in class action cases. He served as technology adviser to the Wall Street Journal for its widely read “What They Know” series that has brought many Internet privacy issues to widespread attention, beginning in 2010. In several instances, a flurry of class action suits followed within days of the Journal’s Soltani-supported articles.

Soltani isn’t the only technology whiz to join the government from the Berkeley-Stanford-Carnegie-Mellon research triad. The Federal Communications Commission recently announced that it was hiring Jonathan Mayer, another member of the group, to act as its Chief Technologist. Like Soltani, his research has focused specifically on web-tracking technologies. And as with Soltani, Mayer’s research has led to major privacy cases, including an FTC consent decree against Google, concerning its use of tracking code on the Safari browser. While privacy isn’t an FCC focus, Mayer’s work on net neutrality could significantly affect many businesses.

Some business people may think that they don’t have to worry much about the FTC, a slimly staffed agency that has the impossible mission of policing “unfair or deceptive acts or practices” all over our huge country. But the FTC has been very active in the Internet privacy area, and its results, usually in the form of consent decrees, are reshaping how business is done on the Internet.

As two privacy experts have pointed out in a law review article titled “The FTC and the New Common Law of Privacy,” the FTC has become the primary regulator of privacy on the Internet, and its large and growing body of consent decrees have an effect far beyond the companies that are directly bound (which, moreover, includes such Internet giants as Google, Microsoft, Facebook, and Linkedin). The authors assert that contrary to the general belief that the United States has weak privacy regulation compared to Europe, that view is “becoming outdated as FTC privacy jurisdiction develops and thickens.”

Source:  http://www.thompsoncoburn.com/news-and-information/internet-law-twists-and-turns.aspx

Leave a comment

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.
Please wait

airs logo

Association of Internet Research Specialists is the world's leading community for the Internet Research Specialist and provide a Unified Platform that delivers, Education, Training and Certification for Online Research.

Newsletter Subscription

Receive Great tips via email, enter your email to Subscribe.
Please wait

Follow Us on Social Media

Book Your Seat for Webinar GET FREE REGISTRATION FOR MEMBERS ONLY      Register Now