–

By Richard Stobbe

The online fine print – those terms and conditions that you agree to when you buy something online – it really does matter where those terms are placed in the checkout process. A recent US case illustrates this point. In Tompkins v. 23andMe, Inc., 2014 WL 2903752 (N.D. Cal. June 25, 2014), the court dealt with an online checkout process for DNA testing kits sold by 23andMe. When completing a purchase, customers were not presented with any mandatory click-through screen for the transaction to complete. There was a passive link at the footer of the transaction page, something the court dismissed as a “browsewrap”, which was ineffective to bind the customers. In other words, the Terms of Service were not effective at that point in the transaction.

In order to obtain test results, however, customers were obliged to register and create an account with 23andMe. In this (post-sale) registration process, a mandatory click-through screen was presented to customers, not once but twice. The court decided that this second step was valid to bind the customers who purchased the DNA testing kits.

While this shows that courts can take a position that is sympathetic to online retailers, this should not be taken as an endorsement of this contracting process. In my view, the better approach would be to push customers through a mandatory click-through screen at both stages. This is particularly so in a case like 23andMe, where the first transaction is for sale of a product (the kit) and the second step relates to a service (processing test results). The two, of course, are intertwined, but the double click-through reduces risk and plugs the holes left by the single click-through. For example, a customer may buy a kit and never create an account, or use a kit without have purchased it. As the court notes: “it is possible for a customer to buy a DNA kit, for example, as a gift for someone else, so that the purchasing customer never needs to create an account or register the kit, and thus is never asked to acknowledge the TOS.”

We can speculate on why the click-through appeared at the second account-creation step, and not the first kit-purchasing step. Sometimes, the purchasing process is modified over time due to changes in marketing or sales strategies. Perhaps the company broke a unified transaction process, which ended with account-creation, into two separate steps after market research or customer feedback. When something like this happens, it is important to repeat the legal review, to ensure compliance with e-commerce best practices.

Calgary – 07:00 MST

Social media is not just a marketing novelty – it has become the essential tool for running a promotional contest. Have a look at any big brand contest and you’re hard pressed to find one without a social media component. Many Canadian businesses also seek to extend their reach into the US market through promotional contests.

If you are in that category, take note of this recent FTC action against shoe-maker Cole Haan. At the conclusion of their investigation, the FTC warned that the structure of the contest was misleading to consumers since it employed contestants to create Pinterest boards using the #wanderingsole tag, which turned these pins into endorsements for Cole Haan products (…which was the whole point of the contest…). However, FTC rules are clear that the connection between endorsers and marketers should be made clear. While no penalty was levied against Cole Haan, this letter has served as notice to the rest of the industry that the FTC will be watching such contests to ensure that these endorsements are made sufficiently clear.

In Canada, the Competition Bureau oversees false and misleading advertisements, including the apparent endorsement of products by paid endorsers.

The business lessons are clear: a successful social media contest can back-fire if you get more publicity from an FTC or Competition Bureau investigation than from the contest. Not to mention potential penalties. Get advice on your social media policy and contest rules before you launch the next campaign.

Calgary – 07:00 MDT

–

Consumers wonder what exactly has changed when they are confronted with a new set of online terms, in a cloud-based service, website terms or software license. We reviewed this issue in an earlier post, which looked at changes to online terms in the middle of the product lifecycle. Amendments are often introduced due to changes in the law or changes in product functionality.

Instagram amended its terms of use in early 2013. In Rodriguez v. Instagram , CGC-13-532875 (San Francisco Sup. Ct. Feb 28, 2014), a US court reviewed a complaint alleging that Instagram’s new terms consituted a breach of good faith and fair dealing. The court noted that: “The New Terms modified the original terms in three allegedly material respects:

1. in the Original Terms, Instagram disclaimed any ownership rights in content users post on Instagram, whereas in the New Terms Instagram disclaimed ownership of content users post on Instagram;
2. in the Original Terms, Instagram was afforded a non-exclusive limited license to use, modify, delete from, add to, publicly perform, publicly display, reproduce, and translate content users posted on Instagram, whereas under the New Terms Instagram has a transferable and sub-licensable license to use the content users post, with the two allegedly material aspects being (i) the addition of sublicensing authority; and (ii) removal of any limitations on the scope of the license; and
3. the New Terms add a liability waiver.”

The New Terms were structured so that users accepted the terms by continuing to use Instagram after the effective date. A user could decline acceptance by ceasing all use of Instagram. The plaintiff in this case did continue use of Instagram after the New Terms were introduced. This opened up the argument for Instagram that this user consented to be bound by the New Terms. The lack of a click-through was not fatal to Instagram’s case. As a result, this decision seems like a bright spot for cloud service providers and software licensors – after all, it seems to permit unilateral amendment clauses in online terms without forcing users into a mandatory click-through screen. The court also seems to accept that the new terms can apply retroactively to user-generated content that pre-dates the New Terms. However, a note of caution should be sounded for cloud computing providers and software vendors:

• unilateral amendments to online terms should always be handled carefully;
• consider in advance whether amendments are permitted under the current terms before imposing new terms;
• due to the facts of this particular plaintiff, the court did not address the question of what would be done with user content if the user had ceased use of the service – i.e. if the user had not impliedly consented by continued use;
• consider how to log or track user consent (either active consent or implied “continued-use” consent) by users.

Calgary – 07:00 MDT

No comments

–

In a recent decision released by the Canadian Privacy Commissioner (PIPEDA Report of Findings #2014-001), the commissioner investigated a complaint that Google pitched ads to an individual based on medical information that he disclosed while surfing various health-related websites. The commissioner’s office took the position that “meaningful consent” is required for the delivery of this kind of targeted advertising. Implied consent might be acceptable in certain circumstances, where the information is limited to “non-sensitive“ information (which would avoid medical, financial or health information).

In this case, the individual who initiated the complaint was using Google to search for information related to a medical device used to treat a specific medical condition. Google used this sensitive personal health information (as the commissioner described it, the “online activities and viewing history of health related websites”) to target ads to that individual. When Google relied on implied consent for the use of this sensitive personal health information, it contravened Principles 4.3 and 4.3.6 of the Act. Express consent is required for use of this kind of sensitive personal information.

Calgary – 07:00 MST

–

In our earlier post (Are Non-Competition Restrictions Enforceable?), we reviewed “restrictive covenants” - these are clauses under which employees are bound by restrictions such as non-competition restrictions, non-solicitation obligations, and other controls on the employee’s behaviour which bind the employee after termination.

In Eagle Professional Resources v. MacMullin, 2013 ONSC 2501, the court considered a dispute between two competitors - Eagle and Maplesoft.

Eagle alleged that its ex-employees took confidential information from Eagle, and began soliciting clients, employees, and contractors of Eagle to work for Maplesoft. The defendant ex-employees argued that they did not use any confidential information to solicit business. They asserted that any contact information that they used was already publicly available through LinkedIn or Facebook accounts.

When reviewing the enforceability of restrictive covenants in the employment context, the court reiterated a three-part test (when in doubt, there is always a handy three-part test ): ï‚·

• Does the employer have a proprietary interest entitled to protection? ï‚·
• Are the temporal and spatial features of the restrictive covenant too broad? (Put another way, are there reasonable limits in time and geographic space?)ï‚·
• Is the covenant unenforceable as being against competition generally, as opposed to a more limited covenant against solicitation of former clients?

The court concluded that “there is no evidence from Eagle, other than a very bald assertion, that it had any proprietary interest entitled to protection. According to the Defendants, the information that they learned at Eagle was all publicly available and obtained from such sources as social media websites.” There are a few take-aways from this decision:

1. When drafting restrictive covenants in the employment context, non-solicitation and confidentiality clauses are more likely to stand up, whereas non-competition clauses are likely to be struck down as unenforceable, as in this case. Make sure to have your agreements reviewed;
2. If a “confidential customer list” is virtually the same as the employee’s LinkedIn or Facebook contacts, then there will be no proprietary interest to protect, since the information will be publicly visible to anyone.
3. The court will assume that the employer will lead with its strongest evidence. Compelling evidence of specific cases of solicitation or competition is critical for success in an application by the employer – as the court quipped “Lead with trump or risk losing”. In this case, the evidence was ambiguous or it fell outside the non-competition period.

Calgary – 7:00 MST

–

It is rare for a case to combine energy drinks, copyright law, DJs, rap and snowboarding in Canada. The court’s decision in Beastie Boys v. Monster Energy Co. is such a case.

In this recent decision of the United States District Court (S.D. New York), Monster Energy defended a copyright infringement claim brought by the rap-group Beastie Boys. The Beastie Boys allegations centred around Monster’s use of a remix track, known as Megamix, originally created by the DJ known as Z-Trip. The remix of well-known Beastie Boys hits was created by Z-Trip with the permission of the band – in fact they had invited the DJ to mix the track in 2011 in order to promote a Beastie Boys album.

At a Canadian snowboarding event in 2012, an executive from Monster approached the DJ to get permission to use the remix for Monster’s promotional video of the event. It was these discussions that became the focus of the Court’s analysis of Monster’s defence that it had obtained a license from the DJ for the use of the remix. After producing the video with the remix included, Monster sent a copy to the DJ who responded “Dope!”, as DJs will. Monster took this exclamation as an affirmation of the terms of a license granting permission to use the song for Monster’s promotional purposes. The DJ testified that this term merely expressed approval for how cool he looked in the video. The Court concluded that no reasonable person would consider the term “Dope!” to constitute “clear, unambiguous and unequivocal” acceptance of license terms for the use of the remix. As a result, there was no valid consent or license granted.

Calgary – 07:00 MST

–

The app economy is, by most estimates, equivalent in size to the GDP of a small country: $15 billion in 2012, projected to mushroom to $74 billion by 2016. All that economic activity inevitably breeds litigation. In what appears to be a case of first impression in the US, a federal court looked at the issue of whether the app store is liable for the apps it distributes, or the app developer.

The case of Evans v. Hewlett-Packard Co., 2013 WL 4426359 (N.D. Cal. Aug. 15, 2013), the court looked at the liability of Hewlett-Packard for a third-party app which allegedly infringed trade-mark rights.

This case hinges on an interpretation of Section 230 of the Communications Decency Act (47 U.S.C. §230), 1996 legislation which provides immunity for providers of an “interactive computer service”, such as ISPs and website operators. The court decided that HP, as the operator of the app store, does qualify for immunity under this legislation, putting the app store into the same category as ISPs.

Remember, the Communications Decency Act  is US legislation, not Canadian. However, Canadian app developers should take note of this decision, as most Canadian developers seek to market and sell their apps in the US.

Other app case are pending, such as this claim (Pirozzi v. Apple, Inc., 12-cv-01529-JST (N.D. Cal. Aug. 3, 2013)) which is proceeding against Apple, for violation of privacy rights. Stay tuned.

Calgary – 07:00 MDT

–

When you upload your pictures to a website, you might click through some terms of use…Did you just transfer ownership of the copyright in your pictures?

In a recent US case (Metropolitan Regional Information Systems, Inc. v. American Home Realty Network, Inc., No. 12-2102, Fourth Circuit Court of Appeals) the court dealt with a copyright infringement claim over photos uploaded to a real estate website. Users were required to click-through the website terms of use (TOU) prior to uploading, and those terms clearly indicated that copyright in the images was transferred to the website owner.

In the course of the infringement lawsuit, this was challenged, so the court had to squarely address the question of whether copyright can be validly transferred via online terms. “The issue we must yet resolve,” said the Court, “is whether a subscriber, who ‘clicks yes’ in response to MRIS’s electronic TOU prior to uploading copyrighted photographs, has signed a written transfer of the exclusive rights of copyright ownership in those photographs consistent with” the Copyrght Act.

In Canada, the equivalent section of the Act says “The owner of the copyright in any work may assign the right, either wholly or partially …but no assignment or grant is valid unless it is in writing signed by the owner of the right…”.

The Court in the Metropolitan Regional case decided that yes, an electronic agreement in this case was effective to transfer copyright for the purposes of the Copyright Act.

Calgary – 07:00 MDT

–

As a follow-up to our earlier post about Revoking an “Implied” Software License, this interesting US case (Davis v. Tampa Bay Arena Ltd.) deals with the use of photographs on Facebook postings. A freelance photographer, Davis, worked for the Tampa Bay Arena, taking photos for various events. The photographer and arena had a verbal agreement since 1996, and then a written agreement since 2000. The written agreement stated that the arena had “rights to reproduce images for newsletter, advertising, display prints, broadcast, and the [Forum] web site.” The agreement was also clear that Davis retained copyright in the images.

That was the language dating from 2000. Fast forward 10 years, and the arena started posting Davis’s photos to its Facebook page, something not contemplated in the scope of the original agreement. However, for months Davis permitted the images to be posted, and even set up a upload site to allow the arena’s marketing department to easily resize images for the Facebook page. By this course of conduct and the email record, the court found that Davis granted an implied nonexclusive license to the arena to make use of the images in this way. Davis countered by saying that if an implied license was granted, it was only granted with certain strings attached – conditions regarding additional payment that were never met. Because these conditions were not met, the use of the photographs was unauthorized, giving rise to a copyright infringement claim.

The court disagreed. On the copyright claim, the court decided that “even assuming that Davis attached conditions to the Forum’s use of his images on Facebook, the record is clear that these conditions were covenants, not conditions precedent to the granting of the implied license. Accordingly, any breach on the Forum’s part of these covenants provides Davis with a breach of contract claim against the Forum, not a copyright infringement claim.” (Emphasis added.)

Lessons?

• A chain of emails can easily establish a contract, such as the implied copyright license in this case;
• For any license – particularly copyright, media or trade-mark licenses – check the original terms of the license. Social media can cause problems when its use is unauthorized by the scope of the original license, even though it seems like a natural extension of what is authorized within the scope of the original license.

Related Reading: Click & Copy: Breach of Online License Agreements & Copyright Infringement

Calgary – 07:00 MDT

–

The criminal defence lawyers have their TV shows and movies. What about those humble lawyers who draft online agreements and terms of use all day long? It’s not every day that this kind of legal fine print gets time on the silver screen. Check out this documentary Terms and Conditions May Apply.

Playing next weekend at the Vancouver International Film Festival and Hot Docs Canadian International Documentary Festival.

Calgary – 07:00 MDT

–

When a user dies, who owns the contents of that user’s account?

In Ajemian v. Yahoo Inc.  (May 7, 2013), a Massachusetts court considered this question. Two brothers, who administered their brother John’s estate, brought a lawsuit against Yahoo for access to email messages of their deceased brother, and a declaration that the email account was property of John’s estate. The court considered the Yahoo Terms of Service, which included this clause: “You agree that your Yahoo! account is non-transferable and any rights to your Yahoo! ID or contents within your account terminate upon your death. Upon receipt of a copy of a death certificate, your account may be terminated and all contents therein permanently deleted.”

The court looked at the central question of whether these terms – in particular, this “No Right of Survivorship and Non-Transferability” clause described above – was reasonably communicated to the user. The terms were amended before the time of death but the evidence was unclear on whether the deceased user had assented to this particular amendment. Because of the weak evidence on this point, the court decided that Yahoo could not rely on the forum selection clause which would have deflected the case to California.

The court took the view that the deceased user was a Massachusetts resident and courts in that state had a strong interest in the outcome of the case as it related to the assets of a deceased resident, as opposed to the nature of Yahoo’s services. The ultimate decision was remanded to the lower court, but we can take away a few important lessons:

1. The method of implementing Terms of Use and (just as important) amendments to those terms should be carefully reviewed by any Canadian company conducting business online. This includes everything from an email service like Yahoo, to cloud-computing service providers, online retailers, ebook sellers and software vendors.
2. Corporate accounts may not impacted by the death of a user, but anyone making consumer sales should review their online terms to address survivorship issues. And there are many cases where even a “corporate” user is signing up as an individual, without any clarity on what happens to that account as an “asset” of the business after death.

Get advice from our licensing and internet law experts in this complex area.

Related Reading: Is There Life After Death for Your Digital Assets?

Calgary – 07:00 MDT

–

When a cloud privacy breach occurs in Canada, what happens? In some cases, businesses are subject to mandatory breach notification requirements. This means that a privacy breach – whether as a result of a hacker, a lost USB or some other human error – must by law be reported to the commissioner and to affected individuals. Ontario has implemented mandatory breach notification under its Personal Health Information Protection Act. In Alberta, organizations subject to the Personal Information Protection Act (PIPA) are required to report a breach to the commissioner “without unreasonable delay” where a “reasonable person would consider that there exists a real risk of significant harm to an individual as a result of the loss or unauthorized access or disclosure”.

The “real risk of significant harm” requires some analysis in the event of a breach and the Alberta commissioner’s Mandatory Breach Reporting Tool (PDF) has been released recently, to assist organizations determine if they are required to report a breach under section 34.1 of PIPA. This area of law may be changing further: a private members bill  was recently introduced in Parliament to implement mandatory data breach reporting in the federal personal information protection law.

Here’s a recent case that illustrates the pitfalls of a cloud privacy breach in Canada:

• In the recently released decision relating to WhatsApp (Report of Findings: Investigation into the personal information handling practices of WhatsApp Inc.), the Canadian and Dutch privacy authorities investigated WhatsApp Inc. a US company operating “WhatsApp Messenger”, a cloud-based cross-platform mobile messaging app allowing the exchange of messages for iOS, BlackBerry, and Android platforms.
• The Commissioner launched an exhaustive review of the privacy aspects of the service after complaints regarding WhatsApp’s information-handling procedures, including the collection of more information than was necessary, the potential for privacy breach, the lack of encryption.
• While the story generated damaging headlines, WhatsApp did work with the Commissioner to resolve many of the privacy concerns.
• This investigation also shows the extent to which international privacy watchdogs will work together to launch an investigation that concerns personal information that crosses international borders.

The privacy lessons are clear: get advice on privacy implications of the cloud-based service, and don’t underestimate the importance of well-drafted privacy policies and user terms. Cloud service providers should also take time to understand the breach notification protocols that would apply in the event of a privacy breach.

Calgary – 07:00 MDT

–

In 2012, LinkedIn made headlines as a result of a significant data breach. The passwords and email addresses of over 6 million LinkedIn users were hacked and posted online. Encryption and security was improved by LinkedIn in the wake of this breach. A class action lawsuit was commenced in the United States based on claims by LinkedIn “premium” users (who paid a monthly or yearly fee for upgraded services). The claim relied on an alleged breach of the terms of LinkedIn’s privacy policy which included fairly standard language about protection of personal information “with industry standard protocols and technology.” In the decision In re LinkedIn User Privacy Litigation , 2013 WL 844291 (N.D. Cal. Mar. 5, 2013), a US court has shut down the claim, deciding the plaintiffs lack standing. The claims were based on a “benefit of the bargain” concept – an argument that the claimants were allegedly entitled to security as paying customers and LinkedIn breached this promise.

The court rejected the claims since there was no indication that the extra service paid for by premium users included enhanced security or encryption, since “paid” users and “free” users received the same level of security. It is clear that claims based on breach of privacy will face a uphill battle in the US, and this decision together with the decision in last year’s iPhone class action claim demonstrate the complexities and difficulties of this class of claims.

Calgary – 7:00 MDT

–

The use of social means to engage in defamation is nothing new. Indeed, defamation requires the very social element of publication. Social media – Facebook pages or posts, tweets, blogs and online comments – merely make defamation easier and more pervasive.

Canadian courts have struggled to balance the interests of free speech with the interests of individuals who wish to challenge and find redress for defamatory statements. A recent Ontario case has framed the issue as follows:

     “There are few things more cowardly and insidious than an anonymous blogger who posts spiteful and defamatory comments about reputable member of the public and then hides behind the electronic curtain provided by the Internet. The Defendant confuses freedom of speech with freedom of defamation. There are, undoubtedly, legitimate anonymous Internet posts: persons critical of autocratic or repressive regimes, for example, or legitimate whistleblowers. The Defendant is not one of those people. The law will afford his posts all the protection that they deserve, which is to say none.”  Manson v. John Doe , 2013 ONSC 628 (CanLII),

The test laid out by the Supreme Court of Canada (Grant v. Torstar Corp., 2009 SCC 61 (CanLII)) is as follows: In order to establish a claim for defamation a plaintiff must establish that:

a)   the impugned words are defamatory, in the sense that they would tend to lower the plaintiff’s reputation in the eyes of a reasonable person;

b)   the words in fact refer to the plaintiff; and

c)   the words were published, i.e., that they were communicated to at least one person other than the plaintiff.

In Manson, the court ordered the defendant to pay damages of $100,000 plus aggravated damages of $50,000 and costs. However, the defenant remains anonymous.

Another recent decision in Baglow v. Smith, 2012 ONCA 407 (CanLII), hints at the court’s willingness to permit parties to engage in a heated online political debate, without crossing the line of defamation. In that case, the court observed: “Commentators engaging in the cut and thrust of political discourse in the internet blogosphere can be fervent, if not florid, in the expression of their views.” In the lower court, the statements made in this “cut and thrust” were determined not to constitute defamation. However, on appeal, the court decided the matter was suitable for a full trial and overturned the lower court findings. This is one case to watch.

Related Reading: ipblog’s Defamation Archive

Calgary – 07:00 MST

–

Here is the next case that illustrates the potential pitfalls when dealing with social media:

This recent US copyright decision involving Agence France Presse (AFP) and photographer Daniel Morel dealt with the rights of a news publisher to publish images posted to Twitter.

Mr. Morel is a photojournalist who took a number of images of the 2010 earthquake in Haiti. He then posted those images to Twitter. Those images were picked up by AFP who “licensed” the images on to Getty Images.

When Morel complained, steps were taken to have the images removed from the AFP / Getty system. But through series of mixups (of the kind that would be familiar to anyone dealing with information technology and complex organizations such as AFP and Getty Images), the pictures were not removed and were picked up and published by The Washington Post under their agreement with AFP/Getty.

The court ultimately had to decide whether Mr. Morel – the photographer – had granted a kind of license to AFP by posting his images to Twitter. This required an analysis of the Twitter Terms of Service. The court decided no, the Twitter Terms of Service do not grant such a license. The court stated that “even if some re-uses of content posted on Twitter may be permissible, this does not necessarily require a general license to use this content as AFP has.” Put another way, a copyright owner who posts content to Twitter is clearly giving up some rights to that content – the right, for example, to re-tweet, which is a fundamental part of Twitter and is contemplated (even encouraged) by Twitter’s Terms of Service. However, merely by posting to Twitter, that copyright owner is not giving others an unrestrained right or license to remove the content, copy it and redistribute it commercially.

The court says “…the Twitter TOS were not intended to confer a benefit on the world-at-large to remove content from Twitter and commercially distribute it…” This is an important reminder.

In the final analysis (and that is 58 pages of analysis if you want to read the judgement) AFP and The Washington Post were liable for copyright infringement for use of Morel’s images.

Lessons for business:

• This case confirms that any re-use of content from Twitter – and by extension, other social media streams – should be handled carefully.
• Re-tweets are clearly contemplated as being within the scope of permitted uses, but copying and republishing for commercial purposes clearly is not.
• Many situations will fall somewhere in the middle between those two ends of the spectrum. Before using or re-using content for commercial purposes, take time to review the specific situation, including the applicable social media terms of service. Before posting your own content to Twitter, be aware that the Twitter terms do contemplate certain re-uses (the scope of which is difficult to define precisely). Once it’s posted, it’s hard to stuff the genie back in the bottle

The case is Agence France Presse v. Morel.

Calgary – 07:00 MST

–

Social media law was not a topic on offer when I went to law school. Now, it’s a subject that’s hard to avoid for any business that has a consumer-facing social media presence. Here are two recent cases that illustrate the potential pitfalls as this area of law becomes more complex and more interesting:

Last week, HMV’s Twitter feed was hijacked by an employee who live-tweeted employee terminations from the company’s official Twitter account. Perhaps “hijacked” isn’t the right word, since the employee apparently had access to the account as part of her employment duties, though that position likely did not involve posting descriptions of firings as “Mass execution of loyal employees”. The next day the ex-employee (“Poppy Rose”) helpfully tweeted a reminder to the company that “you need to go to ‘settings’ and revoke my account access as an admin“. The lessons for business?

• Many companies are slow to grasp the power of social media. Don’t underestimate the viral nature – both good and bad – of this tool. Though the offending tweets were deleted by the company, this became a national story within a few minutes. From the company’s perspective, it required careful handling to avoid any brand damage.
• This highlights the need for a Social Media Policy for employees, to deal with the legal pitfalls of social media and particularly those employees who are engaged directly in social media sphere on behalf of the company. The ownership and control of corproate social media accounts is a simple but important element of such a policy.

Related Reading: Who Owns Social Media Contacts: Employers or Employees?

Calgary – 07:00 MST

–

Several recent stories have highlighted the concerns over personal information, privacy and the reach of mobile apps.  Once again, the law is labouring to keep up with technology.

• So-called Cyber-Stalking Apps provide the means to track the location of a phone through an app that is not visible or easily detectable by the phone’s owner. The cloaked app resides on the phone and essentially reports back to the person who installed the app on the user’s whereabouts. In the US, a proposed law has been drafted to make such apps illegal (The Location Protection Privacy Act). This draft legislation moved out of committee and may become law in 2013.
• A number of mobile apps have been criticized for collecting personal information about kids, and selling that info without parents’ consent. To tackle these problems associated with mobile apps directed at children, privacy advocates have been pushing for changes to the rules under COPPA (Children’s Online Privacy Protection Act). The US Federal Trade Commission (FTC) amended the Children’s Online Privacy Protection Rule in December 2012. The Rule now applies to mobile apps and web-based text messaging programs, and requires app developers to get permission from parents before collecting a child’s photographs, videos and geolocational information. The amended Rules will become effective on July 1, 2013.
• It is worth noting that these are both developments under US law.  In Canada, app developers who target children’s personal information would be caught by Canada’s broad private-sector privacy laws, such as the Personal Information Protection and Electronic Documents Act (PIPEDA) at the federal level, or one of the provincial-level privacy laws, such as the Personal Information Protection Act in Alberta.  Cloaked “cyber-stalking” apps could constitute an invasion of privacy  contrary to Canadian law. However, that would apply to the person who surreptitiously loaded the stalking app, rather than the app developer.

App developers: Make sure you get advice on a properly-drafted privacy policy, terms of use or end-user license, and that you understand the implications of privacy laws when launching mobile apps.

Calgary – 07:00 MST

Update: January 29, 2013: see comment below regarding WhatsApp privacy issues.

 

Who owns the IP rights to a Twitter account?  We associate such accounts with social media tools such as Facebook, which are deeply personal in nature. But is it really any different from any online account that you would use in the course of employment, such as a workplace subscription to a data library, or a collaboration tool such as Salesforce.com? An employer based in South Carolina puts their ex-employee’s Twitter account into this category, (Link to Article) claiming that when he left the job, the employee should have left behind the login, the Twitter account, and the account’s 17,000 followers.  In its lawsuit against the former employee (Update: Phonedog v. Kravitz – Amended Complaint), Phonedog has valued the account at $340,000 ($2.50 per follower per month).  

In Eagle v. Morgan the defendant employer claims that a former employee misappropriated (among other things) a LinkedIn account and its connections.

The law is not clear in this interesting area, which overlaps with IP law, employment law, and the law of trade secrets. One of the problems with a trade secrets claim is that Twitter followers and LinkedIn connections are not secret, and it’s questionable whether competitors could derive any value from knowing the information even if it was secret. Followers and connections are just that, they aren’t paying customers. US litigation should provide some clarity on these issues as this emerges more regularly. To date, there do not appear to be any Canadian cases that consider this point.

Related Reading: Who Owns Social Media Contacts: Employers or Employees?

Calgary – 07:00 MST

 

This post is the first in our 3-part employment law series.  Recent cases have again focused the spotlight on this vexing issue: when an employee leaves, do they take their social media contacts with them, or check them at the door?  Once upon a time, social media was something that employers asked you not to do while on the job. Now, Facebook, LinkedIn, Twitter, YouTube and Instagram feeds are not just idle time-burners, they might be part of your job description. In the UK case of Hays Specialist Recruitment (Holdings) Ltd. v. Ions, an employee was ordered to disclose his LinkedIn contacts when he left his employer, and a 2011 case in the US (PhoneDog v. Kravitz, 2011 WL 5415612 (N.D. Ca.; Nov. 8, 2011)) is grappling with this issue, where an employer claims $340,000 in damages from an ex-employee.  Lessons for business?

• Check your own employment policies to see whether this is covered, and if not, consider introducing effective policies to manage social media issues;
• Employees who are hired specifically for social media marketing are the obvious ones to look at, but salespeople, managers or executives should also be considered;
• Theft of trade-secrets is often claimed, but commonly fails on the grounds that the social media contacts are often available for all to see.

Calgary – 07:00 MST

Call it the “Facebook Factor”.  The way people use the internet and social media is colliding with litigation in ways that couldn’t have been foreseen even a few years ago:

• In a recent Nova Scotia case, a judge considered evidence of a plaintiff’s Facebook page in a personal injury lawsuit, and the evidence contradicted the plaintiff’s claim;
• In Murphy v Perger [2007] OJ No. 5511 (QL), a defence lawyer successfully forced production of post-accident Facebook pictures showing the plaintiff engaging in various social activities – pictures that were located on a private portion of the Facebook site;
• In Leduc v. Roman, 2009 CanLII 6838 (ON S.C.), the court permitted cross-examination of the plaintiff on the content he posted on his Facebook profile;
• In Australia and New Zealand, the courts have approved service of documents via a Facebook account (story: here and here);
• In the US, there have been a rash of similar cases (see links here, here, and here) leading to a mistrial in a drug-trafficking case (when jurors admitted that they researched the case via their iPhones and BlackBerrys), chaos in the federal corruption trial of a former state senator (jurors had posted updates on the case on Twitter and Facebook), and problems in a criminal case (a juror tried to “Friend” one of the witnesses).

Related content: free online webcast summit on “Copyright War,” June 9, 2009, including “Online Legal Issues: Facebook, MySpace, Twitter, YouTube, Blogs” 

Calgary – 10:30 MST