Internet Law, Social Media, and Privacy- Business Law

E-mails, tweets, posts, and every sort of online communication can form the basis for almost any type of tort.

In addition to defamation, suits related to online conduct may involve allegations of wrongful interference or infliction of emotional distress

Meta tags

•Meta tags are key words that give Internet browsers specific information about a Web page. •Meta tags can be used to increase the likelihood that a site will be included in search engine results, even if the site has nothing to do with the key words. •Using another's trademark in a meta tag without the owner's permission normally constitutes trademark infringement.

US Federal Laws on Data privacy

•Not a single, nationwide privacy law in the United States •Examples of federal laws that govern certain elements of Privacy Policies: •The Fair Information Principles

Key aspects of GDPR include

1. lawfulness, fairness and transparency 2. Purpose limitation 3. Data minimization 4. Accuracy 5. Storage limitation 6. Integrity and confidentiality

The Anti cybersquatting Consumer Protection Act (ACPA) makes cybersquatting illegal when both of the following are true

1.The domain name is identical or confusingly similar to the trademark of another. 2.The one registering, trafficking in, or using the domain name has a "bad faith intent" to profit from that trademark.

accuracy

Ecommerce companies must keep personal data accurate and up to date.

Cybersquatting

Registering a domain name that is the same as, or confusingly similar to, the trademark of another and then offering to sell that domain name back to the trademark owner.

accountability

The data controller is responsible for being able to demonstrate GDPR compliance.

Major social media and Internet sites have been accused of violating users' privacy rights.

The right to privacy is guaranteed implicitly by the Supreme Court's interpretation of the Bill of Rights and explicitly by some state constitutions.

General Data Protection Regulation (GDPR)

• As noted above, governments have made data privacy a priority in recent years. •The paramount example of the this is seen in "General Data Protection Regulation 2016/679", commonly known as "GDPR", which was enacted by the European Union (EU) just a few years ago. •At the time it was adopted, the EU's GDPR established the most comprehensive and consumer-friendly privacy laws in the world.

The Fair Information Principles 4 critical issues

•(1) notice - information practices must be disclosed before personal information is collected; • (2) choice - consumers must be given options as to how collected personal information can be used beyond the purpose for which it was provided; • (3) access - consumers should be able to check the accuracy and completeness of personal information collected; and • (4) security - reasonable steps must be taken to assure consumers that the personal information collected is secure from unauthorized use. .

•The Fair Information Principles. In order to conform with the Fair Information Principles, a Privacy Policy generally includes statements regarding the following:

•(1) the sources from which personal information is collected; • (2) specifically how the collected personal information is used; • (3) with whom the collected personal information is shared; • (4) an option allowing consumers to opt out of the disclosure of personal information to third parties; and • (5) the steps taken to protect the collected personal information.

cookie

•A small file from a website and stored in a user's Web browser to track the user's Web browsing activities. •Cookies provide detailed information to marketers about an individual's online behavior and preferences, which is then used to personalize online services.

Liability of Internet Service Providers: exceptions

•Although the courts generally have construed the CDA as providing a broad shield to protect ISPs from liability from third party content, some courts have started establishing limits to this immunity.

Identifying the Author of Online Defamation

•Because postings on online forums are anonymous, an initial issue raised by online defamation is simply discovering who is committing it. •An ISP can disclose personal information about its customers only when ordered to do so by a court. -Consequently, businesses and individuals are increasingly bringing lawsuits against "John Does" (fictitious names used in lawsuits when the identity of a party is not known or when a party wishes to conceal his or her name for privacy reasons) and using the authority of the courts to order I S Ps to divulge the identity of the persons responsible for the defamatory remarks.

A number of laws specifically address issues that arise only on the Internet. These issues include:

•Cybersquatting •Trademark infringement •Trademark dilution

Ecommerce companies serving or employing California residents may find these CCPA requirements have the biggest impact on their business plans:

•Data inventory and mapping of in-scope personal data and instances of "selling" data •New individual rights to data access and erasure •New individual right to opt-out of data selling •Updating service-level agreements with third-party data processors •Remediation of information security gaps and system vulnerabilities

Much like the reach of GDPR extends beyond the EU

•Ecommerce businesses don't have to be based on California to become subject to CCPA. Any data collected from California companies or citizens could implicate CCPA's provisions.

storage limitation

•Ecommerce companies may only store personally identifying data for as long as necessary for the specified purpose.

purpose limitation

•Ecommerce companies must process data for the legitimate purposes specified explicitly to the data subject when you collected it.

data minimization

•Ecommerce companies should collect and process only as much data as absolutely necessary for the purposes specified.

The Digital Millennium Copyright Act (DMCA):

•Established civil and criminal penalties for anyone who circumvents (bypasses) encryption software or other technological antipiracy protection •Prohibits the manufacture, import, sale, and distribution of devices or services for circumvention

social media legal issues: administrative agency investigations

•Federal regulators use social media posts in their investigations into illegal activities. •An administrative law judge can base her or his decision on the content of social media posts.

Online businesses data privacy

•For many years, online businesses would create a privacy policy that was very one-sided and typically granted the company a broad range of rights with respect to how and what data they collected, and how they chose to use it. •Since these policies were buried in a link somewhere on the site, most users never even read the policy. By using the site and services, the users would effectively have consented to the policy.

Social media

•Forms of communication through which users create and share information, ideas, messages, and other content via the Internet. Examples: Facebook, YouTube, Twitter

social media legal issues: criminal investigations

•Law enforcement uses social media to detect and prosecute criminals. •A surprising number of criminals boast about their illegal activities on social media.

social media legal issues: Employers' Social Media Policies

•Many large corporations have established specific guidelines on using social media in the workplace. •Employees who violate these policies may be disciplined or fired from their jobs.

The Fair Information Principles

•published by the Federal Trade Commission, provides a set of non-binding governing principles for the commercial use of personal information. •These principles offer guidance to draft policies that encompass existing privacy concerns.

What must businesses do about data privacy

•Old approach will no longer work. •Consumers are more sensitive than ever to how their data is collected and used by the sites they visit and have been pushing back on Ecommerce businesses and demanding more transparency and control of their data. •Government regulators and legislators have enacted a host of data privacy laws to govern the collection and use of user data. •These new rules require more than a one-sided privacy policy granting broad privileges to the Ecommerce providers. •Ecommerce businesses must disclose in clear language how and what data they collect, provide the ability for users to review the data that has been collected, and must give users the right to have data deleted upon request.

•To maintain a suit for the invasion of privacy, a person must have a reasonable expectation of privacy in the particular situation.

•People clearly have a reasonable expectation of privacy when they enter personal financial information online. •People also have a reasonable expectation of privacy that online companies will follow their own privacy policies. •But it is probably not reasonable to expect privacy when making statements or posting photos on social media sites.

Data privacy concerns for consumers and businesses

•Privacy concerns arise in any situation where personal information is collected and stored. •No single definition for what constitutes "personally identifying information", typically covers any information that could possibly identify a person or information about them. •Ecommerce businesses that collect financial information such as bank accounts, credit cards or social security numbers must be hyper-protective of this data. •For Ecommerce businesses, data privacy and security are critical aspects of operations. •Failure can subject companies to regulatory penalties, lawsuits, as well as loss of business associated with their site being deemed "unsafe".

Integrity and confidentiality

•Processing must be done in such a way as to ensure appropriate security, integrity, and confidentiality (e.g. by using encryption).

social media legal issues: impact on litigation

•Social media posts are routinely included in discovery in litigation because they can provide damaging information that establishes a person's intent or what she or he knew at a particular time. •Social media posts can be used to reduce damages awards.

social media legal issues: impact on settlement agreements

•Social media posts have been used to invalidate settlement agreements that contain confidentiality clauses.

Numerous other states have implemented regulations for Privacy Policies.

•Texas requires that "persons who require disclosure of a social security number adopt, make available, and strictly follow a Privacy Policy." •Nebraska and Pennsylvania have laws treating misleading statements in Privacy Policies published on Web sites as deceptive or fraudulent business practices. •Other states, such as Virginia, are in process of enacting their own CCPA-like comprehensive data privacy laws.

DCMA Allows Fair Use

•The D M C A does not restrict the "fair use" of circumvention methods for educational and other noncommercial purposes, such as to test computer security and to enable parents to monitor their children's use of the Internet.

The emergence of social networking sites has created a number of legal and ethical issues for businesses.

•The content of social media may play a role in various parts of the legal process.

Frequent Changes in Domain Name Ownership Facilitate Cybersquatting

•The speed at which domain names change hands and the difficulty in tracking mass automated registrations have created an environment in which cybersquatting can flourish.

Liability of Internet Service Providers: general rule

•Under Section 230 of the Communications Decency Act (CDA), ISPs usually are treated differently from publishers in print and other media and are not liable for publishing defamatory statements that come from a third party.

DCMA Limits Liability of Internet Service Providers

•Under the D M C A, an I S P is not liable for copyright infringement by its customer unless the I S P is aware of the subscriber's violation. •An ISP may be held liable only if it fails to take action to shut down the subscriber after learning of the violation.

Privacy policy overall considerations

•What type of information is collected and from what sources? •Do you use cookies or beacons? •Are you in compliance with COPPA? •Specifically, how is the collected information used? •Is the collected information shared with third parties and with whom? •What steps are taken to ensure the security of collected information? •How can a user access and/or change their information? •Is there an opt-out arrangement provided for customers? •In the event of a business transition, what will happen to collected information? •Is the Privacy Policy, or a link thereto, in a conspicuous and easily accessible location? •Is the Privacy Policy clear, concise and reasonably understandable? •Is the Privacy Policy consistent with your actual practices? •How will material changes to your website's collection, use and disclosure practices be addressed in your Privacy Policy?

data collection and cookies

•Whenever a consumer purchases items online from a retailer, the retailer collects information about the consumer. •Many people feel that the use of cookies and data collecting by retailers violate consumers' rights to privacy.

Why should US companies be particularly cautious with ecommerce?

•because the EU has far stricter privacy regulations, which can affect U.S. companies to the extent US Companies interact with EU companies or individuals. •Maximum penalties for violations of up to 4% of a company's global annual revenues

Lawfulness, fairness and transparency

•data processing must be lawful, fair, and transparent to the data subject.

Children's Online Privacy Protection Act (COPPA)

•mandates that commercial websites, which direct online services to children under 13, or that knowingly collect information from them, inform parents of their information practices, and obtain verifiable parental consent before collecting, using, or disclosing personal information from children. •In addition to posting a privacy policy, these websites must also adhere to enumerated information-sharing restrictions.

Health Insurance Portability and Accountability Act (HIPAA)

•requires notice in writing of the privacy practices of health care services. •HIPPA protect how an individual's health information is used by organizations and disclosed to others. •All health care providers, insurance companies, employer-sponsored health plans and HMOs are the covered entities, which must comply with this privacy rule's guidelines. •The covered entities of HIPAA are one of the most extensively regulated niches, regarding information privacy.

California recently passed the California Consumer Privacy Act (CCPA)

•which established the most stringent consumer privacy laws in the United States. •The CCPA has been referred to as "America's GDPR." •Similar to the GDPR, the CCPA requires organizations to focus on user data and provide transparency in how they're collecting, sharing and using such data. •Violators of CCPA face penalties up to $7,500 per violation.