& The Law Social Media & The Law
What is Social Media?
Social Media in 2012
Defining Social Media
EU 2012 Data Protection Regulations
Facebook - Regulation & Privacy
Employment Law & Social Media
Touchscreen devices London 2012 - First Social Media Olympics Social Media in Context
Email is 20 years old now
Social media has been popular for less than 5 years
25 Million UK users engaged
78% of total UK online population is engaged in social media "We considered that the Nike reference was not prominent and could be missed, consumers would not have already been aware of Nike's "£makeitcount" campaign and that not all Twitter users would be aware of the footballers' and their teams' sponsorship deal with Nike.
"We considered there was nothing obvious in the tweets to indicate they were Nike marketing communications. In the absence of such an indication, for example £ad, we considered the tweets were not obviously identifiable as Nike marketing communications and therefore concluded they breached the code."
Celebrities often paid to blog or tweet about certain products
Advertising Standards Rules say you can't promote a product if the consumer doesn't know they are being advertised to – Criminal Sanctions if not followed! When EU Data Protection Regulations were adopted in 1995, Mark Zuckerberg was 11...
1% of people had internet access
People didn't have email addresses on Biz Cards
Most Firms didn't have websites
Most internet connections were still dial – up
Mobile phones were analogue
Mobile phones were only used to make calls.... Legal Controls in Context Data Protection Act 1998
EU Data Protection Directive 1995 Definition
A Social Networking Service (“SNS”) is
Web – based service allowing individuals to
Construct a public / semi public profile in a bounded system
Articulate a list of other users to whom they are connected
View and traverse their list of connections and those made by others in system
Facebook, LinkedIn, Bebo, Twitter, Foursquare, Privacy & Risks of Abuse
European Network and Information Security Agency (ENISA) Report 2007
Private attributes accessed by 3rd parties
Operators could use data
Users can't delete data permanently
Targeted “phising attacks” across accounts
Reveal a users location and schedule Privacy Concerns and Risks of Abuse
UK Information Commissioner's Office (ICO) Guidance on SNS
Reveal only certain details
Avoid using passwords that can be guessed
Use separate email
Don't provide details of “real – life” location Data Protection
Pre – Condition for fair data processing is one of the following:
2.Necessary to perform contract with
3.Necessary to comply with legal obligation
4.Necessary for legitimate interests Data sharing by Apps
Facebook has apps from 3rd party developers, eg Zynga
950,000 developers across 180 countries
Best Practice (EU Article 29 working party)
3rd party only uses data necessary for development
3rd party complies with Data protection Directive
Marketing activity complies with Directive
> what if outside EU? There is NO Data Protection regieime in shanghai... Who is a Child?
England and Wales – U18
UN – U18
US – prohibits data collected on U13s
UK ICO - prohibits data collected on U12s
Usage by Children
SNS awareness in Children generally high
49% 8 – 17 year olds have a Profile
37 % of parents thought their child had a profile
15% of parents questioned had a profile
23% of parents with U11s allow their child to go online unsupervised
In EU, 77% of 13 – 16 yr olds use SNS Risks
Focused commercial content
Contact risks (youngster to youngster can be inappropriate)
Conduct Risks – Photos, bullying (inc teachers..)
“Trolling” Retention of User Data
User Data often retained for longer than necessary
Not possible to close user account on certain SNS
“Right to be forgotten” proposed in EU Data Protection Regulations
How effective can this be in practice?
EG Press, Health, Crime, Credit References
SNS – Data passed through to other users/ Facebook response to the proposed EU Regulations
Control – you can control and edit by post – the new “Timeline” even has an “only me” setting. Can close and delete account
Accountability – To users and regulators (Irish DPC – audited in 2011)
Freedom of expression – can it be right to be able to delete anything written about you?
Don't want system so over – regulated that it makes online experience more complex and less enjoyable
Could stifle the creativity of FB App developers 10 Legal Risks on Twitter The test: If a tweet lowers a person's standing "in the estimation of right-thinking members of society" it will breach the law of libel. This may occur where a tweet causes a person to be exposed to "hatred, ridicule, or contempt", encourages exclusion of that person from society or imputes a lack of professional skill or efficiency. 10. Defamation 9. Harrassment
The test: Tweets which the "reasonable person" would conclude cause alarm or distress may amount to harassment
The Protection from Harrassment Act 1997 provides that "if a reasonable person in possession of the same information would think the course of conduct amounted to or involved harassment", it is harassment.
Two or more tweets would be necessary for a claim of harassment to be made, as it involves a 'course of conduct'. Harassing tweets could result in a claim for damages for anxiety or financial loss, fines or imprisonment for up to six months. 8. Malicious Tweets
Tweets made within the intention of damaging another's business, goods or services through false statements, or which are reckless with the truth as to another's business, goods or services will offend the law against malicious falsehood. A maliciously false tweet could result in a claim for damages for loss and for further compensation for causing distress and "hurt feelings".
The test: False tweets with the intent to injure another's commercial interests, or recklessness as to the truth, will amount to malicious falsehood 7. Menacing Tweets
The test: If a tweet could create fear or apprehension in the minds of anyone who may reasonably be expected to see it the tweet could be considered a menace and an offence under the Communications Act
A tweet that is grossly offensive, or of an indecent, obscene or menacing character, will offend the Communications Act 2003. The crown court considered Paul Chambers' tweet "... I am blowing the airport sky high" to be menacing, however the high court overturned its decision.
A tweet that is indecent, obscene or menacing in character could result in a fine or a prison sentence of up to six months. 6. Deceptive & Misrepresentative Tweets
The test: Is the tweet deceptive in nature or likely to deceive?
A tweet containing a false statement that induces another person to act on it may offend laws against deceit and the making of misrepresentations. A duty may also arise for a professional or other skilled person not to make careless tweets. Misleading commercial communications may offend either the Consumer Protection from Unfair Trading Regulations 2008, the Business Protection from Misleading Marketing Regulations 2008 and industry based advertising rules. Untrue tweets in a commercial context can result in damages claims and prison sentences of up to two years. 5. Impersonating Tweets
Test: Misleading or an untrue representation as to a person's identity on twitter could amount to fraud
The Fraud Act 2006 protects against fraudulent activities. An impersonator who opens a Twitter account could be exposed to a claim for fraud if the person who has been impersonated suffers loss or damage as a result of the impersonation. A claim for fraud can result in criminal charges with a penalty of up to 10 years imprisonment and fines. 4. Threatening Tweets
The test: Generally, an intention to cause harm or intimidation may offend either criminal or civil wrong laws.
A tweet could amount to an assault if the person to whom it was directed has a genuine belief that physical harm is imminent. Criminal sanctions would apply in these cases. A tweet could also amount to intimidation if the tweeter makes a threat to engage in unlawful conduct (for example, violence, destroying property or in some circumstances breaching contractual obligations), which coerces another person into doing something for which they suffer loss or damage. The tweet must however be more than "idle abuse" to offend the law of intimidation. An intimidating tweet could result in a claim for compensation for loss or damages suffered. 3. Tweets revealing personal or confidential information
Test: Tweets revealing personal details about another person without their consent may breach data protection laws.
There is a risk that data protection laws may be breached if consent is not obtained before revealing another person's personal information. The penalty for breaching data protection laws vary across Europe. In the UK, a breach of data protection laws may result in fines and criminal convictions.
Particularly in the employer-employee context, a person may be bound to keep information of another confidential. A tweet breaching any such obligation could result in a claim for damages or an account of profits for any income made as resulting from the exposed information. 2. Copied Tweets
The test: A tweet which reproduces the work of another without consent will offend copyright law if that work gives evidence of another's creative choices in arranging words, images or sounds.
A tweet could offend copyright law if it reproduces even part of an isolated sentence from a copyright work.
ECJ - there must be an assessment of whether or not an author has exercised creative choices in the form of intellectual effort in arranging words, images or sounds. Claims for damages for loss suffered and criminal charges with prison sentences of up to two years can result from a tweet that infringes copyright law. 1. Branded Tweets and Hashtags
The test: Does the use of a hashtag create a likelihood of association or confusion with the products or services of a trade mark owner?
Hashtags, marked with the # symbol, are used in order to alert users to relevant conversations taking place on Twitter. There is a risk, however, that combining a hashtag with the trade mark of another person could result in trade mark infringement. Trade mark law generally protects the trade mark owner against use of its trade mark without permission in a way that may create a likelihood of confusion or association with other similar products or services. Use of hashtags in these circumstances potentially could result in a damages claim. Google & Privacy
Widely seen to be in breach of EU Data Protection Legislation
However Google insist it is entirely legal and will be discussing this with EU Commissioner in coming weeks
However still severe privacy concerns regarding use of Google and its products Consumers & Privacy
Do consumers actually care about privacy?
Most consumers aren't aware of user – targeted adverts based on user history and location
80% of people are concerned about data stored online
44% of users don't like having their financial data available online
“Informed Consent” is a fallacy – who actually reads T&Cs before ticking the box? Cookies & Tracking
Cookies & Flash Cookies
Leads to adverts on websites tailored to what you have recently looked at
98% Websites have Flash (yet few state this)
Impossible to remove (& are recreated!)
Massive Privacy Issue EU Position
EU Privacy & Electronic Communications (EC Directive) Regulations 2011
User must have given consent for Cookies to be installed
Came into force 26th May 2011
1 year grace period, hence will be in force and all sites must be compliant as of 26th May 2012
Companies WILL be prosecuted if no action taken by this date Cookies – What should you do?
Train your IT & Marketing department
New version of Adobe Flash 10.3 allows for browser history to be deleted
Check contracts with web – designers and include appropriate liability
ICO Website follows correct approach
www.ico.gov.uk Issues for Businesses in using Social Media
Employees using SNS to bully or harass others
Employer liable if no reasonable steps taken to prevent this – Have a clear policy in place Whitham v Club 24 Ltd
Ms Whitham posted negative comments about her colleagues on her Facebook account after a difficult day at work, including
"I think I work in a nursery and I do not mean working with plants".
Tribunal Decision – Unfair Dismissal Preece v J D Wetherspoon
Bar Staff dismissed for gross misconduct after she made rude comments about customers on her Facebookaccount.
"Sandra and Brian barred ha ha ha!"
"Hope her (Sandra) hip breaks”
Tribunal Upheld dismissal LinkedIn – Who owns the contacts?
Depends on the circumstances in which contacts created
If in course of employment, contacts belong to employer
If activity outside employment led to contact, status of employee may mean contact still belongs to employer
Therefore have a clear SNS policy with guidance for employees and provide training Google Wave, Box.Net
Collaborative working for multiple users on a single document
“Smoking Gun” Legal Issue - US issues - Patriot Act
Telecommunications (Lawful Business Practice) (Interception of Communications) Regs 2000 - Right of employer to monitor communications
Law Practices - Consider very carefully before using Cloud "BYOD"
Susceptible to hacking
Have a policy in place
Ensure Encryption in place
If difficult to police, then ban!
Updating of Accounts..... www.DigitallawUK.com
++ 44 (0) 114 272 1884
Little option but to consent in order to use SNS
Often complex and difficult to follow
Fallacy of “Informed Consent” online
Facebook faced criticism of old system
20 settings and 170 options
New: 1 page, 15 settings
Criticisms – Apps that share data
Needs to be as simple as possible for user
Opt – in vs Opt – out – practical? But.....benefits
Education, Learning, Research
Social benefit (all peers are online, could isolate)
Identity & Social Connection
Stifle benefit is using tools that will be means of connection in future
“The first UK Child Internet Safety strategy”
ISPs, reviewed against UKCISS
“Zip it, Block it, Flag it”
Part of NC from age 5
“Safer Internet Day” 7.2.2012, now in 3rd yearSee the full transcript