The Federal Trade Commission (FTC) just announced that Snapchat agreed to settle charges that it deceived consumers about how its popular mobile message app worked and what personal user data it collected. (Read the FTC’s press release here). Part of Snapchat’s appeal was a feature enabling users to control how long a message could be seen by the recipient. After the designated time limit expires, the message is destroyed, much like the mission briefings in Mission Impossible. At least that’s what Snapchat told users. According to the FTC, Snapchat misled consumers because the app didn’t exactly work the way it said it did. The FTC’s complaint against Snapchat (read it here) included these allegations:
- Recipients of a “snap” (a Snapchat message) could save the snap using tools outside of the app. Snapchat apparently stored video snaps in a location on the recipient’s mobile device outside of the app’s secure “sandbox.” This enabled recipients to find and save video snaps by connecting their mobile device to a computer and using simple file browsing tools. Another way to bypass the deletion feature was to use apps that connected to Snapchat’s API to download and save snaps.
- Snapchat told users that if a message recipient took a snapshot of the snap, the sender would be notified. In fact, the screenshot detection mention could be bypassed.
- Snapchat collected geolocation data of users when it said it would not.
- Snapchat told users to enter their mobile number to find friends who also use the app, implying that the user’s mobile phone number was the only information it collected. Without the user’s knowledge, Snapchat also collected the names and phone numbers of all contacts in the address book on the user’s phone.
So what’s the significance of the settlement? Here are a few quick takeaways.
- Descriptions of mobile apps in an app marketplace like iTunes App Store or Google Play are product descriptions that could be the basis for false advertising claims.
- Take into account exploits and workarounds when drafting privacy policies and product descriptions. This includes software that uses the app’s API.
- The FTC is getting more active in pursuing false advertising claims against mobile app makers. In December of last year, the FTC settled charges that the developer of the “Brightest Flashlight Free” app deceived consumers about how their geolocation information would be shared with advertising networks and other third parties. The FTC’s interest in suing companies that allow a data breach to occur is also a growing concern, especially after the New Jersey federal district court’s decision in FTC v. Wyndham Worldwide Corp., recognizing the FTC’s authority to prosecute cases where a company is alleged to have failed to maintain “reasonable and appropriate data security for consumers’ sensitive personal information.”
- Information transmitted over the Internet is rarely, if ever, gone forever. Somehow, somewhere, electronic data can be retrieved.
Social media can be risky business. Whether an organization embraces or ignores social media, it or its employees probably already have a presence on a social network. That simple reality can be costly for an organization without proper measures in place to deal with the risks of social media misconduct. Readers of this blog are familiar with cases where business saw their reputations marred by employees who post embarrassing photos online about work mishaps or found themselves in legal trouble for firing an employee who vented on Facebook about a co-worker.
To help organizations manage the risks of social media activity, I’m proud to introduce SM Safety, a new line of services offered by my law firm. The approach of SM Safety can be summarized in three words, each corresponding to a level of service that meets a particular need: checkup, plan, and audit.
A SM Safety Checkup is a low-cost way to ensure that an existing social media policy is legally compliant and effective.
A SM Safety Plan is for organizations who need assistance with preparing a new social media policy or enhancing an existing policy.
A SM Safety Audit is a comprehensive review of an organization’s overall presence in the social media space to identify exposure to legal risks due to social media use.
Each SM Safety service is offered for a flat fee. To learn more about SM Safety or to obtain a quote, visit the SM Safety Services page on this site.
Recent amendments to the Hawaii Rules of Professional Conduct include language allowing lawyers to advertise on social media. The amendments conform the language of Rules 7.2 and 7.3 to their counterparts in the current version of the ABA Model Rules of Professional Conduct. Amended Rule 7.2(a) explicitly includes “electronic communication” as a permissible way to advertise legal services. The comments to the amended Rule are more direct, noting that “electronic media, such as the Internet, can be an important source of information about legal services, and lawful communication by electronic mail is permitted by this Rule.” Although the amended Rules don’t define “electronic communication,” the term appears broad enough to include social media.
The amendments place limits on soliciting clients on social media, however. Rule 7.3 currently prohibits a lawyer from contacting potential clients in person or by telephone to solicit business for personal monetary gain unless the potential client has a family, close personal, or prior professional relationship with the lawyer. Amended Rule 7.3 adds “real-time electronic contact” to the list of forbidden solicitation methods. What “real-time electronic contact” means has yet to be examined in a reported case, but the term could conceivably apply to text messages, instant messages, Skype, and posts on social networks like Facebook, Twitter, or LinkedIn.
Tech-savvy lawyers will also appreciate the deletion of the requirement in current Rule 7.2(b) that a lawyer keep records of every advertisement for two years. Lawyers who promote their services by posting online content frequently could find compliance with the requirement impractical. The amended Rules omit the retention requirement for all forms of legal advertising.
The amended Rules take effect on January 1, 2014.
Disclosure of confidential client information on the Internet by attorney violates Rule 1.6 of the Rules of Professional Conduct – In re Skinner, 740 S.E.2d 171 (Ga. Mar. 18, 2013)
A Georgia attorney recently learned the hard way that the Internet is no place to vent about a client. The attorney (Skinner) received negative comments from a client on consumer review websites. In response, Skinner posted personal and confidential information about the client on the Internet. After a formal complaint was filed against Skinner by the State Bar of Georgia, Skinner filed a petition for voluntary discipline admitting that she violated Rule 1.6 of the Georgia Rules of Professional Conduct. Rule 1.6 requires a lawyer to maintain the confidentiality of all information gained in the professional relationship with a client unless the client consents to disclosure after consultation. The client obviously did not consent to Skinner sharing her private information on cyberspace.
Skinner filed a motion for voluntary discipline in the form of a reprimand, which is the mildest form of discipline authorized for Rule 1.6 violations. The Georgia Supreme Court rejected Skinner’s petition despite recommendations by the Office of General Counsel of the State Bar and a special master to accept it. As a result, Skinner could face stricter disciplinary measures for her violations.
LegalTXT Lesson: Posting confidential information on the Internet is generally a bad idea. Especially if the information concerns somebody else. And you’re a lawyer. If you’re a professional who has an ethical duty to preserve confidences, like a lawyer, sharing confidential information about a client online is an invitation for trouble.
On a related note, responding to negative online comments with more criticism or hurtful actions (like revealing personal information about the commenter) is rarely an effective means of repairing reputation. The meltdown on the Facebook page of Amy’s Baking Company is an extreme example (although the owners claim the page was hacked). As the adage goes, don’t fight fire with fire.
Use of Competitor’s Name in Keyword Advertising Ruled Not a Violation of Publicity Rights – Habush v. Cannon, 2013 WL 627251 (Wis. Ct. App. Feb. 21, 2013)
Can your business competitor use your name to promote itself and never mention your name to the public? Keyword advertising makes that possible. A competitor can bid on keyword search terms consisting of your company name to make links to its website appear whenever a person searches for your name on the Internet. A law firm that fell prey to such an advertising strategy decided to sue its competitor for violating its publicity rights, which is a form of invasion of privacy.
Robert Habush and Daniel Rottier are shareholders in Habush Habush & Rottier, a well-known personal injury law firm in Wisconsin. Another Wisconsin law firm also specializing in personal injury law, Cannon & Dunphy (C&D), bid on the keyword search terms “Habush” and “Rottier” through Google, Yahoo!, and Bing. As a result, when a person searched for “Habush” or “Rottier” in one of the three search engines, links to C&D’s website would appear at the top of the list of “sponsored” results, i.e., those links produced by keywords that been bid on and paid for by advertisers. Sponsored results generally appear above the “organic results” generated by the search engine’s algorithm.
Habush and Rottier sued C&D for violating Wisconsin’s invasion of privacy statute. Under the statute, a person’s privacy could be invaded by “[t]he use, for advertising purposes or for purposes of trade, of the name . . . of any living person, without having first obtained the written consent of the person . . . .” The main question was whether C&D engaged in a “use” of Habush and Rottier’s names.
Habush and Rottier argued that any attempt to benefit from the commercial or other value of a person’s name or image is a “use.” Under this interpretation, C&D “used” the names of Habush and Rottier. C&D countered that the statute covers only “use” that is visible to the public. Under that perspective, bidding on names for keyword advertising purposes is not a “use” because the public does not see the use of the names.
The court found both interpretations reasonable, but adopted C&D’s interpretation. The court held back from ruling that unauthorized use of a name can never be an invasion of privacy unless the use is visible to the public, but it agreed with C&D that bidding on a competitor’s name to get one’s ad placed near links to the competitor’s website in search results is not a violation of the competitor’s publicity rights.
The court analogized competitive keyword advertising to “proximity advertising.” Examples of proximity advertising include: a new car dealership opens across the street from an established car dealership; a business advertises on billboards next to a competitor’s billboards; a lawyer places a Yellow Pages ad near the phone listing of competing lawyers. Although a competitor is trying to take advantage of the name of an established business in each of these scenarios, none involves an impermissible “use”, such as when a competitor puts the name of an established business in its ad or on its product. The court similarly did not see a problem with using a third party—in this case, a search engine—to engage in proximity advertising.
LegalTXTS Notes: This is a pretty novel case because most competitive keyword advertising cases are based on theories of trademark infringement or dilution. Since Habush and Rottier are personal names, they might not have acquired sufficient second secondary meaning to qualify for trademark protection, so publicity rights was invoked as a creative alternative.
Hawai‘i has its own publicity rights statute, so would the outcome have been different had the lawsuit been filed in Hawai‘i? Hawai‘i courts have not had the occasion to interpret the statute, but if you buy the reasoning of the court in Habush, the answer is probably not. The Hawai‘i statute is similar enough to the Wisconsin statute for the logic of Habush to apply.
As a partner in a law firm (and therefore a business owner), I’m not sure how I feel about Habush. I think the court rightly rejected the interpretation that any attempt to benefit from the commercial value of a person’s qualifies as a violation of publicity rights. That’s a pretty broad proposition. But something about the decision makes it hard to swallow. There’s an element of deception the court doesn’t adequately address. I wonder if, instead of claiming violation of publicity rights, Habush and Rottier could have sued under an unfair competition theory.