social networking : Privacy & Information Security Law Blog

Home > social networking >

Senior Google Executives Sentenced for Violation of Italian Privacy Laws

Posted on February 24, 2010 by Hunton & Williams LLP

In February 24, 2010, an Italian court in Milan found three Google executives guilty of violating applicable Italian privacy laws. The executives were accused of violating Italian law by having allowed a video showing an autistic teenager being bullied to be posted online. The Google executives, Senior Vice President and Chief Legal Officer David Drummond, Chief Privacy Counsel Peter Fleischer and former Chief Financial Officer George Reyes, were fined and received six-month suspended jail sentences.

The case, which is the first of its kind, was brought by a public prosecutor in Milan and did not involve Italy’s data protection authority, the Garante. It calls into question the interpretation of European privacy laws as it appears to suggest that employees of organizations that provide services such as Google Video and YouTube, may be found criminally responsible for content that users upload, even though they have no control over such content. The case also suggests that hosting and social networking providers may no longer rely on the EU safe harbor that absolves them of liability for the content posted on their websites, provided they remove unlawful content as soon as they are notified of its presence.

Concerns also have been expressed with respect to the impact of the ruling on the principles of freedom on which the Internet was founded, including freedom of speech and freedom of information. Arguably, if hosting and social networking providers are required to screen or vet all content uploaded to their websites, such freedoms are jeopardized, as is the very existence of such organizations. In the words of Richard Thomas, the UK’s former Information Commissioner and Senior Global Privacy Advisor to Hunton & Williams, the case is “ridiculous” and “it is unrealistic to expect firms to monitor everything that goes online.”

Canadian Privacy Commissioner Investigates Facebook

Posted on February 4, 2010 by Hunton & Williams LLP

Pursuant to a public complaint, on January 27, 2010, the Privacy Commissioner of Canada announced a new investigation into Facebook. The investigation concerns the social networking site’s introduction of a tool that required its users to review their privacy settings in December 2009. According to the complaint, Facebook’s new default settings allegedly made some users’ information more accessible than previously had been the case. Elizabeth Denham, the Assistant Privacy Commissioner, indicated “[s]ome Facebook users are disappointed by certain changes being made to the site – changes that were supposed to strengthen their privacy and the protection of their personal information.”

The new complaint follows the Commissioner’s July 2009 release of findings resulting from an investigation into Facebook’s privacy policies and practices. The findings highlighted concerns regarding Facebook, including a need for increased transparency and clarity. The Office of the Privacy Commissioner will continue to follow up with Facebook as the company implements changes to its site.

For further information, please see the Office of the Privacy Commissioner's News Release.

Tags: Canada, Elizabeth Denham, Facebook, International, Jennifer Stoddart, Online Privacy, Privacy Commissioner of Canada, complaint, personal information, privacy, privacy policy, social networking, transparency

FINRA Issues Guidance on the Use of Blogs and Social Networking

Posted on January 27, 2010 by Hunton & Williams LLP

On January 25, 2010, the Financial Industry Regulatory Authority (“FINRA”) issued Regulatory Notice 10-06, Guidance on Blogs and Social Networking Web Sites (the “Guidance”) for securities firms, investment advisors and brokers. FINRA, which is the largest non-governmental financial regulator, previously had issued guidance on other issues pertaining to interactive web sites, such as participation by securities firms and their employees in Internet chat rooms discussing stocks or investments. The goals of the Guidance are to “ensure that—as the use of social media sites increases over time—investors are protected from false or misleading claims and representations” as well as “to interpret [the] rules in a flexible manner to allow firms to communicate with clients and investors using” blogs and social networking.

The Guidance sets forth important responsibilities for securities firms, including that they should (i) retain records of communications made through social media sites; (ii) consider adopting policies and procedures governing communications that promote specific investment products; (iii) supervise electronic communications in a manner “reasonably designed” to ensure that they do not violate FINRA rules; (iv) prohibit employees from engaging in business communications on social media web sites that are not subject to the firm’s supervision; and (v) screen third-party content on firm-sponsored blogs or social networking web sites.

Although the Guidance is informal and intended to assist securities firms in establishing their own social media policies and procedures, FINRA may eventually codify the Guidance in a formal rule and thereby enable it to enforce compliance and impose fines for any violations of such a rule.

The full text of the Regulatory Notice is available on FINRA’s website.

Tags: Blog, Enforcement, FINRA, Financial Industry Regulatory Authority, Information Security, Internet, Online Privacy, Workplace Privacy, compliance, guidance, securities, social networking, web site

Privacy Commissioner of Canada Announces Public Consultations on Emerging Technologies

Posted on January 20, 2010 by Hunton & Williams LLP

On January 18, 2010, the Privacy Commissioner of Canada, Jennifer Stoddart, announced a public consultation to examine the privacy issues associated with online tracking, profiling and targeting of consumers. The Commissioner noted that the consultation will “provide a forum for the exploration of the privacy implications related to this modern industry practice, and the protections that Canadians expect.” The consultation marks the first in a series to review emerging technologies that are likely to have a considerable impact on consumer privacy. The announcement of a second consultation on cloud computing is anticipated in the near future.

The Office of the Privacy Commissioner has put out a call for participation and written submissions by interested parties are due by March 15, 2010. For further information on the consultation process, view the Office of the Privacy Commissioner's news release.

Tags: Behavioral Advertising, Canada, Cloud Computing, Events, International, Jennifer Stoddart, Marketing, Online Privacy, behavioral targeting, consultations, consumer, emerging technology, online tracking, privacy, social networking

New FTC Blog Guidelines Affect Companies Without Blogs

Posted on October 12, 2009 by Hunton & Williams LLP

On October 5, 2009, the Federal Trade Commission (“FTC”) issued amendments to its Guides for the Use of Endorsements and Testimonials in Advertising (“Guides”). Reactions to the amendment have primarily focused on the provisions that require bloggers to disclose their relationship with companies whose products they endorse. Largely absent from the commentary, however, have been observations regarding theories articulated in the amendments that demonstrate the risk of enforcement for companies that do not have a blog and that do not use third-party bloggers for promotion.

The Guides address the application of Section 5 of the FTC Act to the use of endorsements and testimonials in advertising. Although the Guides provide a basis for voluntary compliance with the law by advertisers and endorsers, practices inconsistent with them may result in enforcement action by the FTC. The Guides set forth general principles that the FTC intends to use in evaluating endorsements and testimonials, together with examples illustrating the application of those principles.

First issued in 1975 and 1980, these Guides generally require that endorsements reflect the honest opinion of the endorser and not contain representations that would be deceptive if made by the advertiser. In November 2008, the Commission proposed amendments to the Guides, including changes to clarify the obligations of bloggers and other users of new communication technologies and advertising strategies. In the final Guides, as under the pre-amendment Guides, when an expert or celebrity receives payment to endorse a company’s product in advertisements, the company does not need to explicitly disclose the fact of the payment in advertisements, since the public generally understands that experts and celebrities endorse products because they are paid to do so. Conversely, when a non-expert or non-celebrity endorses a product (e.g., a “man-on-the-street” testimonial), any payment must be disclosed, since the public generally does not expect such endorsement to have been influenced by payment. The amended Guides provide a new example of this principle in the online context: an employee of a manufacturer of MP3 players visits an online MP3 discussion board and posts comments promoting her employer’s products without disclosing the employment relationship. As a result, whether or not a company has its own blog or engages third-party bloggers, there may be some risk of enforcement based on employee activities. The amendment explains that the employee should disclose the relationship, since knowledge of the poster’s employment likely would affect the weight or credibility of her endorsement. The scope of the amendments suggest that the FTC’s view on this matter would extend to promotional comments made by persons with such undisclosed material connections to the promoted company in any emerging communications tool, such as online discussion boards, blogs, social networking sites, Twitter, etc.

To mitigate risk given the FTC’s new focus on this sort of activity, businesses may wish to (i) require their employees to disclose the employment relationship when making online comments that promote the employer or its products, (ii) require that such comments be vetted by the business, or (iii) prohibit employees from making online comments. Businesses should also consider training employees on any such policies that the business may establish.

Tags: Blog, Enforcement, FTC, Internet, Marketing, Online Privacy, advertisement, advertising, endorsement, guidelines, online, social networking

FTC Announces Public Roundtables on Consumer Privacy Issues

Posted on September 18, 2009 by Hunton & Williams LLP

On September 15, 2009, the Federal Trade Commission unveiled a series of public roundtables that will focus on the effect of modern technology and business practices on the privacy of consumer information. The goal of the panels is to explore how to best balance the concerns for consumer privacy, beneficial use of consumer information and technological innovation. The discussions will address myriad technologies and practices, such as social networking, cloud computing, behavioral marketing, mobile marketing and, generally, the collection of consumer information for various purposes. The roundtables will also consider the adequacy of existing legal and self-regulatory frameworks. Participants will include academics, privacy experts, consumer advocates, industry representatives, technology experts, legislators, and experts from outside the United States. The Commission has asked individuals and organizations to submit requests to participate as panelists and suggest discussion topics. The Commission also has asked interested parties to submit written comments and research on the issues of (i) risks, concerns and benefits associated with the collection and use of consumer information, (ii) consumer expectations of how their information is used, and (iii) the adequacy of existing legal requirements and self-regulatory regimes in protecting consumer privacy interests.

Click here for more information on the Commission’s news release.

Tags: Behavioral Advertising, Behavioral Marketing, Cloud Computing, Consumer Information, Events, FTC, Roundtable, Technological Innovation, consumer privacy, social networking

German Social Networks Signed Code of Conduct

Posted on March 17, 2009 by Hunton & Williams LLP

On March 11, 2009, the operators of Germany's leading social networks, which include "schuelerVZ," "studiVZ," "lokalisten" and "wer-kennt-wen," signed a 17-page Code of Conduct by the Association for Voluntary Self-Regulation of Multimedia Service Providers (the “Code”) in order to protect children and young people. The Code of Conduct aims to improve data protection and consumer protection in social networks and, in particular, to protect young people against harassment. The Code requires that a privacy notice be displayed directly after the registration process and that restrictive default settings be enabled for users under the age of 14. In addition, it must be possible to lock user profiles from search engines, and to block communication with other users. At prominent locations of the sites, features should be implemented to allow users to report irregular behavior and illegal content. The Code also states that sites may only use personal data for marketing and behavioral advertising if the user has been informed of this use of their data and has consented. Furthermore, any advertising material has to be clearly marked as such in accordance with the principle of separation of advertisement and content. The Code also contains a rule on blacklists and provisions regarding disclosure of data in response to law enforcement requests. The companies operating the aforementioned sites, studiVZ Ltd., Lokalisten Media GmbH and lemon line media Ltd. (wer-kennt-wen.de), have agreed to comply with the Code by the end of July 2009. The Code calls upon other social networks to sign it as well. The full text of the Code (in German) can be found here

Tags: Behavioral Advertising, European Union, FSM, Germany, International, Online Privacy, code of conduct, social networking, social networks

Privacy & Information Security Law Blog

Unless otherwise noted, attorneys not certified by the Texas Board of Legal Specialization.

The Hunton & Williams law firm's Privacy and Information Management practice includes attorneys who provide services related to privacy law and information security. Our lawyers practice in all areas of privacy and information security, including: state and federal privacy law compliance; EU data protection compliance, including global data transfer mechanisms such as the U.S. Safe Harbor program and model clauses; HIPAA compliance, including the Privacy Rule and Safeguards Rule; GLBA compliance, including the Privacy Rule and Safeguards Rule; FCRA compliance, including disclosure of consumer reports, Affiliate Marketing Rule compliance, and Red Flags Rule compliance; e-commerce issues such as CAN-SPAM, TCPA, mobile marketing, other direct marketing and behavioral advertising; response to and preparation for information security breaches, including breach notification; workplace privacy, such as employee monitoring; identity theft; records management, records retention, and records disposal; online privacy such as COPPA compliance and website privacy notices; e-discovery; and FTC or other government enforcement actions.

Privacy & Information Security Law Blog : Privacy Lawyer & Attorney : Hunton & Williams Law Firm : Personal Data, Information Security

Published By
Hunton & Williams

Global privacy and information security law updates and analysis