Wednesday, September 17, 2014

Dr. Selfie, Joan Rivers, Social Media Privacy, and HIPAA Violations

CNN is reporting that while the late comedian Joan Rivers was under anesthesia during the procedure that led to her death one of the doctors took a selfie with her without her consent.  If this allegation is true this is a blatant violation of the Health Insurance Portability and Accountability Act.

This is not the first time a doctor has been accused of inappropriate digital behavior.  Earlier this year, a Seattle doctor was accused of sexting during surgery.  Last year, a doctor was accused of posting photos of a drunk emergency room patient online.  There is no excuse for this type of behavior.   Inappropriate digital interactions is not just a problem in the medical profession.  An Arkansas judge recently was disbarred for leaking confidential information online about an adoption involving actress Charlize Theron.

Was Ms. Rivers' doctor so focused on getting the perfect selfie that the appropriate standard of care not followed?  If it is proven that a doctor took an unauthorized selfie of Joan Rivers during a medical procedure the doctor should lose his medical license.  Regardless of the medical examiners findings on the cause of death, the act of taking a selfie with a patient without consent who is being operated on may in and of itself create significant legal liability.  There is no room in the medical profession for this troubling behavior.

Copyright 2014 by Shear Law, LLC All rights reserved.

Thursday, September 11, 2014

California Enacts Yelp Bill To Protect Consumers Freedom of Speech

Earlier this week, California enacted a law that protects consumers from businesses that want to ban them from providing truthful negative online reviews.  Yelp supported AB 2365 and stated, "AB 2365 makes it explicitly clear that non-disparagement clauses in consumer contracts for goods or services in the state of California are void and unenforceable. What this means is that individuals writing online reviews in California are now further protected from those bad actors who hide jargon in consumer contracts in attempts to prohibit you from posting reviews -- positive or negative -- online."

I wrote about this legislation on April 23, 2014 and then again on August 30, 2014 because it is an important digital freedom of speech issue.  According to the Digital Media Law Project, 28 states have Anti-SLAPP (Strategic Lawsuits Against Public Participation) statutes.  States that have enacted Anti-SLAPP laws and/or recognized Anti-SLAPP protections via case law may provide some protections for their citizens. 

While I believe Anti-SLAPP laws may help to ensure that citizens aren't silenced for publicizing unpopular opinions, they may not always protect consumers from sneaky terms of service that companies such as may slip into their agreements with customers.  Therefore, it wouldn't surprise me if more states enact similar "Yelp" inspired laws.

Copyright 2014 by Shear Law, LLC All rights reserved.

Saturday, August 30, 2014

California Passes Non-Disparagement Consumer Contract Clause Ban

California's AB 2365 which prohibits businesses and service professionals from contractually silencing customers who may want to complain about their experiences has been passed by California's legislature and is awaiting the approval of Gov. Brown.  In layman's terms, the legislation generally prohibits a business from inserting into its adhesion contracts and terms of service language that requires a consumer to waive their right to publicly comment about their customer experience on websites such as Yelp, Ripoff Report, etc...

At first glance, this bill may sound like the government passing legislation that is looking for a problem.  Unfortunately, this legislation is needed because some dishonest retailers, service professionals, etc.... are including in their agreements clauses that ban their customers/clients from truthfully telling the world about their negative experiences.  

Earlier this year,  I discussed the case.  In short, the retailer failed to deliver on its promise and the customer complained online about it on Ripoff Report.  Sometime after the customer complaint was posted, inserted these clauses into their terms of service:

"In an effort to ensure fair and honest public feedback, and to prevent the publishing of libelous content in any form, your acceptance of this sales contract prohibits you from taking any action that negatively impacts, its reputation, products, services, management or employees. 

Should you violate this clause, as determined by in its sole discretion, you will be provided a seventy-two (72) hour opportunity to retract the content in question. If the content remains, in whole or in part, you will immediately be billed $3,500.00 USD for legal fees and court costs until such complete costs are determined in litigation. Should these charges remain unpaid for 30 calendar days from the billing date, your unpaid invoice will be forwarded to our third party collection firm and will be reported to consumer credit reporting agencies until paid." sent the customer a bill for $3,500 for allegedly violating the above terms.  After the customer refused to pay, reported the matter to credit rating agencies, claimed the terms were in effect at the time of the customer interaction and this negatively affected the customer's credit report.  In response, the customer sued and was awarded more than $300,000 in compensatory and punitive damages

For those who may not believe this is a growing trend, another recent example demonstrates the need for this legislation.  The New York Post earlier this month exposed a hotel that inserted into its agreements the ability to fine its guests $500 for negative online reviews.  I am also aware of multiple non-publicized similar matters where people have publicly complained about a service provider and when the business became aware of the complaint they threatened the reviewer with a lawsuit. 

In America, we have fought multiple wars for the right to complain freely about bad politicians, governments, etc... so I believe we should have the right to also complain freely about bad private sector service.  While I wish this bill wasn't needed, the insertion of non-disparagement clauses into legally binding agreements appears to be a growing trend.  From a public policy perspective, since we live in a free and democratic society it makes sense to protect consumers from repugnant restrictions on publicizing personal opinions.    

Copyright 2014 by Shear Law, LLC All rights reserved.

Friday, August 29, 2014

California Bill To Regulate Student Social Media Monitoring Services

California's legislation that would regulate social media monitoring of secondary students is one step away from becoming law.  AB-1442 is now on the governor's desk and awaiting his signature or veto.  The bill appears to compliment SB 1349 that protects the social media privacy of students.  While I believe this bill is a good first step, it should be expanded to include post-secondary students.

AB-1442 is greatly needed because companies are approaching secondary and post-secondary schools to social media monitor students.  In secondary schools, these companies generally claim their services help prevent bullying and youth suicide.  In post-secondary schools, these companies generally claim their services help protect the brand of the school and "educate" students. 

Several years ago, social media consultants/their companies focused on monitoring student-athletes in colleges.  They approached school athletic departments and told them to require student-athletes to provide access to their personal social media accounts via disclosing/authenticating user names/passwords and/or installing cyber monitoring software via apps and/or other means.  For approximately $10,000 per year, these services claimed they would help protect a school's athletic brand by monitoring their student-athletes social media activity.  

Since this issue first gained national attention, dozens of states and Congress have introduced and/or enacted legislation that protects students, schools, and taxpayers from these troubling social media consultants and their services.  Our children need to be protected from some of these companies because the founders of these services may lie about the legality of their services and/or intentionally misrepresent their background/experience.  Some of these companies have also been caught re-purposing personal student social media posts for advertising purposes. 

For years, I have warned about the dangers of wide spread social media monitoring of students.  These services may lead to tens of millions of dollars in legal liability for schools along with undemocratic censorship (either self-imposed or government created) by stifling our students' free thought process.  When I read George Orwell's 1984 in high school, I never imagined that U.S. schools would consider implementing these troubling monitoring services.

Absent stronger laws to regulate social media monitoring of students, I am afraid we may become Airstrip One (the location of 1984) and our children will not experience the same privacy protections that previous generations enjoyed.

Shouldn't our children be able to learn from their digital mistakes without fear that they will follow them for the rest of their lives?  Instead of spending money to social media monitor our students why not instead use the same resources to educate them?  Have some school districts forgotten about the phrase, "give a man a fish and you feed him for a day; teach a man how to fish and you feed him for a lifetime?  

Carpe Diem. O Captain My Captain fight for liberty, privacy, and freedom

Copyright 2014 by Shear Law, LLC All rights reserved.

Monday, August 25, 2014

Google's Plan To Offer Accounts to Kids Under 13 May Harm Their Privacy

Recently, multiple media outlets reported that Google plans to offer accounts for their wide array of services to children under 13 years of age.  While the details regarding this alleged plan have not been publicized, it has already created a lot of concern with multiple privacy advocates.  In response to these reports, the Center For Digital Democracy stated, " [a]nyone who knows how Google really conducts its business should be alarmed about its plans to make money off of kids."

There are many unanswered questions about this proposal.  For example, how does Google plan on implementing this new offering?  How will these accounts become compliant with the Children's Online Privacy Protection Act (COPPA)?  Will accounts for children under the age of 13 (the age range that COPPA covers) be governed by a new Privacy Policy that actually protects the personal privacy of children rather than the standard Google consumer privacy policy that is in reality a data use policy? 

Will the default privacy option for children be no data collection of personally identifiable information (i.e. opt in required instead of opt-out)?  If a child who is under 13 years old keeps his Google account past the age of 13 will the default be for Google to automatically delete the data it has collected (i.e. opt in required to keep the pre-13 data instead of opt-out)? 

Will informed consent be via a small check box like the one parodied in this South Park HUMANCENiPAD episode that fictitiously enabled Apple to do whatever it wanted to its users; or, will parents be provided clear and concise warnings about how their children's personal information may be utilized?  The documentary Terms and Conditions May Apply thoroughly discussed some of the troubling issues inherent with Google's terms and privacy policy.

Why is Google really opening up its services to those under 13 and allegedly willing to jump through extra compliance hurdles to comply with COPPA?  According to The Tech Blog of the Mercury News, "[w]hile YouTube is profitable, it may not make as much money as some analysts thought, according to an article in The Information blog (subscription required)." 

According to the Center For Digital Democracy, "Google has a problem.  In order to continue to be the global digital marketing leader, it has to expand its monetizing (the industry term for making cash off us and our data) practices.  Kids are the last nearly untouched market, since COPPA's opt-in and informed parental consent privacy requirements are a serious problem for Google and others who really don't want to respect our privacy online.  Kids (so called "Generation Z" by marketers) are a very lucrative market, spending and influencing billions of dollars each year, including for games, apps and other products.  Companies want to "brand" early and develop lifelong loyalty and, of course, ongoing spending."

Can Google, the most profitable advertising company in the history of the world be trusted to protect our kids' personal and most sensitive information?  Since a company's past actions are generally an excellent indicator of future behavior it would be prudent to examine some of Google's recent history regarding online privacy.  

In 2011, the FTC's groundbreaking agreement with Google banned the company from making future privacy misrepresentations because its Buzz social network had deceptive privacy practices.  Unfortunately for users, Google violated this agreement soon after the ink was dry because in 2012 Google paid a $22.5 million dollar fine for misleading users about its privacy practices.  In 2013, Google entered into a multi-million dollar privacy violation settlement regarding its Street View Project's data collection practices.  Earlier this year, Education Week caught Google scanning student emails in its Google Apps For Education platform for advertising purposes despite denying the practice for years.          

Time Magazine's Jacob Davidson made a very keen observation about why Google wants to offer its services to kids under 13 when he stated, "[a]nother reason for kid-centric services could be a desire by Google to break into the lucrative education market. The company’s Chromebooks are low-cost laptops that might be attractive to schools, but the products are entirely based around Google services." 

If Google officially offers its services to children under 13 years of age, it is almost certain that Facebook, Instagram, Yahoo, etc... will follow.  My concern is that I don't believe most people regardless of their age truly understand how these companies are repurposing the information they are collecting. 

Do Google users know that their search history is being tied to the videos they watch on YouTube and the content in their Gmail accounts and this information is being utilized for behavioral advertising and other non-transparent purposes?  Do Facebook account holders realize that every "Like" and status update is being sent directly to data brokers and this information may be combined with offline behavior which may negatively affect credit scores which may lead to less favorable home and/or auto loan rates?  Do people know that some companies may utilize their personal data for scientific experiments that may emotionally harm them? 
In general, a teenager needs to be sixteen before obtaining a restricted drivers license, minors may void contracts entered into before the age of majority (which is usually 18), and in almost every jurisdiction young people may not legally purchase and/or imbibe alcoholic beverages until they become twenty one years old.  These laws are in place because as a society we have deemed them important to reach certain public policy goals. 

Since children are increasingly utilizing digital platforms for not just leisure activities but also for educational purposes why should they be required to waive their personal privacy rights to utilize a particular service?  Why shouldn't digital providers be required to change their privacy policies and data collection practices if they want to cater to children?

Google creates some exciting products and services that may be beneficial to kids.  However, until it changes its troubling privacy policy and demonstrates it won't act "evil" when it comes to safeguarding our children's personal information I don't believe it can be trusted to protect their privacy.  I hope I am wrong but as the famous philosopher George Santayana stated, "those who cannot learn from history are doomed to repeat it".

Copyright 2014 by Shear Law, LLC All rights reserved.

Saturday, August 16, 2014

Online Bullies Target Robin Williams Daugther

I grew up watching Robin Williams and loved his work.  When I ran into him in New York City late one night with a friend of mine about 11 years ago he was gracious and funny and even said, "nano nano".  My condolences go out to his family. 

It saddened me to read in the New York Daily News that Robin Williams daughter Zelda Williams was tormented and harassed online for the sole reason she is Robin Williams daughter.  Due to disgusting and hateful things people said about her and/or her father, she stated that she will not utilize her public digital accounts for the near future.  While Twitter "vows to improve" it policies after this incident, what does this really mean?

Ms. Williams just shockingly lost her famous father and within 24 hours was hounded so relentlessly online that it led her to stop posting publicly.  What is wrong with our society?  Ms. Williams has tried to accommodate her father's fans by sharing some intimate details of her personal life with him and is instead criticized for her actions.  Instead of just thanking Ms. Williams for sharing some private moments with her dad and/or sending her condolences some people are tormenting her.          

In the Digital Age, I still believe that "sticks and stones may break my bones but names can never hurt me" applies.  While it may difficult to sometimes see the value of this adage it is more important than ever.  The United States was built upon the foundation of free speech and what may be considered vitriol by one may be nothing more than a personal political opinion.  Even though I find many anonymous online comments to be worthless, I still believe as our founding fathers did that one should have the right to publicly voice their opinions anonymously.      

Copyright 2014 by Shear Law, LLC All rights reserved.

Wednesday, August 6, 2014

Foursquare App Update Harms User Privacy

According to the Wall Street Journal, as of 8/6/2014, "users who download or update the Foursquare app will automatically let the company track their GPS coordinates any time their phone is powered on. Foursquare previously required users to give the app permission to turn on location-tracking.....Foursquare’s app goes beyond location-tracking features offered by competitors. Social apps like Twitter collect GPS coordinates to give users the option of sharing their location with friends, but don’t collect this data when the app is off."

To justify Foursquare's privacy changes, founder Dennis Crowley stated "more users will be willing to share their location because they’re getting a more valuable service in return."  Has Mr. Crowley read about the NSA Edward Snowden leaks?  According to Wired, "[t]he data you share with Foursquare today could conceivably end up in the hands of the NSA, hackers, or private data brokers tomorrow."

The bottom line is that if you value your personal privacy and safety I would not recommend using the "new and improved" Foursquare.  Do you want to share more personal information with data brokers, insurance companies, colleges, landlords, and future employers who may discriminate against you based upon your Foursquare usage?  If so, Foursquare may be for you. 

Copyright 2014 by Shear Law, LLC All rights reserved.

Monday, August 4, 2014

Union Street Guest House Social Media Wedding Agreement Failure

Many companies still don't understand  social media and the viral nature of the Internet.  The latest corporate social media failure appears to have been brought to you by the hotel Union Street Guest House in Hudson, New York.

According to the New York Post, the Union Street Guest House allegedly inserts into its wedding agreements the phrase:  “If you have booked the inn for a wedding or other type of event . . . and given us a deposit of any kind . . . there will be a $500 fine that will be deducted from your deposit for every negative review . . . placed on any internet site by anyone in your party.”

This is an outrageous clause for any hotel or business to put into their agreements.  How is this clause being enforced?  How does Union Street Guest House know if a negative poster is from your wedding/event party?  What if an imposter makes multiple fake posts to cause the person who booked the party to incur multiple $500 fines?  Does Union Street Guest House troll Yelp, Facebook, Twitter and try to match up their hotel guests with their social media accounts?

This situation reminds me of the matter. fined a customer $3,500 for a what appears to be a clearly deserved negative review.  The company claimed that its terms of service allowed it to fine customers under its disparagement clause section.  The customer sued and won $306,000.

The bottom line is that companies should not be in the business of trying to silence their customers via required non-disparagement clauses in their agreements.  This is a very troubling trend that I believe will increase in the near future.  Within minutes of the New York Post publishing its article about this matter, the Internet made an example out of Union Street Guest House.  In less than 24 hours, the hotel received hundreds of negative reviews and then changed its policy. 

Copyright 2014 by Shear Law, LLC All rights reserved.

Thursday, July 31, 2014

U.S. Protecting Student Privacy Act Needs More Teeth

The bipartisan "Protecting Student Privacy Act" was introduced yesterday by Senators Edward J. Markey (D-Mass.) and Orrin Hatch (R-Utah) and according to the bill's press release, it "would help safeguard the educational records of students" because, "[r]ecent changes to the Family Educational Rights and Privacy Act (FERPA) have allowed for increased sharing and use of student data in the private sector."  As part of the rationale behind the need for the legislation it is mentioned that, "one survey found only 25 percent of districts inform parents of their use of cloud services and 20 percent of districts fail to have policies governing the use of online services."

FERPA needs to be updated to account for the technological advancements that have occurred in the Digital Age.  The law was enacted in 1974 when student educational records were mostly created by pen and paper and/or typewriter and stored in a school administration filing cabinet or in a teacher's notebook or classroom closet.  At that time, in general, only teachers and school administrators had access to a student's educational records. 

Since the 1970's, advancements in technology have changed the way teachers interact with students, parents, and legal guardians. When I was attending elementary, middle, and high school throughout the 1980's, the primary form of communication between teachers and students/parents was via in-person meetings, paper letters, and/or phone calls.  In contrast, the primary form of communication between my children's teachers and my wife and I occurs via digital platforms. 

As a parent, I watch my children play and learn with electronic devices on a regular basis.  Even though my children watch television as I did at their age, they are becoming more interested in utilizing educational websites and digital device apps.  Some of these platforms have helped them learn language skills, math, geography, history, etc....With more school districts beginning to provide students digital devices, the privacy and cyber safety issues inherent with the usage of these electronic platforms are becoming more apparent. 

According to Politico, "[m]any of the latest digital tools (i.e. email, apps, cloud services, online textbooks, etc...) collect vast amounts of “metadata” as students work online; the sites track academic progress and log information about the child’s location, computer equipment and browsing habits. Most of that data never finds its way into official school files and thus is unlikely to be considered an “educational record.” That means private companies are free to do what they want with it."  This is very alarming considering that when Kathleen Styles, the Chief Privacy Officer of the Department of Education was questioned about these issues she stated that "[a]lot of metadata won't fit as an educational record."    

Due to all of the personally identifiable student information included in emails, apps, online textbooks, web browsing history and other digital activities (i.e. metadata) students may create while utilizing school provided digital services and learning tools, it is imperative that FERPA is updated to ensure that our children and future generations receive the same privacy protections we enjoyed while we attended school.  Should colleges, potential employers, insurance companies, etc... be allowed to access student scholastic digital communications and make hiring, firing, and policy decisions based on this information?  Should advertisers be allowed to prey upon (via behavioral advertising) students based upon their student-teacher and/or student-student digital communications?

It is very troubling that the Software & Information Industry Association (SIIA) continues to refuse to acknowledge the dire need for stronger digital privacy laws to protect our students despite clear and convincing evidence that FERPA does not properly protect our children's privacy in the Digital Age.  During a June 25, 2014 hearing on Capitol Hill Professor Joel Reidenberg presented Fordham Law School's Center on Law and Information Policy's seminal cloud computing study findings that demonstrated some cloud computing vendors are negotiating agreements with schools that put our students personal privacy at risk.

In addition to Prof. Reidenberg's study, Education Week and Politico performed recent in-depth investigative reports regarding the need for FERPA to be updated to better protect student privacy. These investigations found that when provided the opportunity some educational technology vendors will abuse their access to student data for profit.  For example, Education Week exposed Google's practice of scanning student emails for behavioral advertising purposes and Politico found multiple other educational technology companies that had similar troubling privacy practices and/or policies (or none at all) that enabled similar abuses of personal student data.  

Since Congress has not addressed these issues until now, states across the country have introduced and enacted more robust student data protection laws to address the privacy concerns that FERPA was not designed to protect.  For example, Kentucky and Rhode Island are some of the states that have acted to better protect our children from entities that may abuse their access to student educational digital data.     

While it is a very positive development that states are acting to better protect student privacy, it may be most efficient if robust federal legislation is enacted.  I commend Senators Markey and Hatch for introducing the Protecting Student Privacy Act and making student privacy an important bipartisan issue during these very partisan times on Capitol Hill.

The introduction of the Protecting Student Privacy Act is a good first step; however, it needs to be amended to have the intended effect of updating FERPA to account for the Digital Age.  For example, the bill needs to expand the definition of educational records to include student emails and digital metadata created on school provided services, platforms, and equipment.  Under FERPA, there is no private right of action against companies that utilize student data for non-educational purposes. To be truly effective, the legislation must hold vendors legally accountable and allow for a private right of action against those entities that violate the law. 

To paraphrase Hilary Clinton, it takes a village to protect our students' personal privacy.  Absent more robust federal student privacy laws, parents may soon come out in force against utilizing innovative digital learning tools and services.  It is imperative that Congress pass stronger student privacy laws that have strong enforcement mechanisms so students, parents, and teachers feel safe utilizing new learning tools that will help our students compete in the global economy.    

Copyright 2014 by Shear Law, LLC All rights reserved.

Friday, July 18, 2014

Social Media Evidence May Determine Who Shot Down Malaysian Plane

It appears that a Malaysian passenger jet may have been mistakenly shot down in the skies above territory that is in dispute between Ukraine and Russia.  USA Today is reporting that rebels who may be backed by Russia may have arms capable of downing a passenger jet that is flying 20,000+ feet in the sky.

Photos of the tragedy have appeared online and it leads me to believe that the crash site may become contaminated. In this hyper-sensitive and viral world everything posted online about this tragedy is put under a microscope.  For example, American Pie actor Jason Biggs Tweet “Anyone wanna buy my Malaysian Airlines frequent flier miles?” was deemed so offensive by the Internet community that he ended up issuing an apology after it went viral. 

Entertainers and politicians do not have a monopoly on regretting their online posts.  According to AFP, it appears that some Pro-Russian insurgents may also have itchy social media fingers because some of their online postings boasting about downing an airplane around the same time/place that the Malaysian jet went down have now been deleted.  Since the crash site may become contaminated will social media become crucial evidence in determining who shot down the Malaysian passenger jet? 

Copyright 2014 by Shear Law, LLC.  All rights reserved.

Wednesday, July 9, 2014

Porky's Fan? VA Prosecutor Requests Warrant To Photo Sexting Teen's Erect Penis

An article in the Washington Post alleges that Manassas City police and Prince William County prosecutors want to take photos of a teenage suspect's erect penis as evidence to prosecute him for sexting with his girlfriend.  In order to photograph the suspect's erect penis he may be required to go to a hospital and receive an injection to create an erection.

It appears that the case began when the suspect's (he is 17 years old) 15 year old girlfriend sent photos of herself to the 17 year old, who responded by sending the 15 year old girl allegedly pornographic images of himself.  The family of the girl notified authorities about the matter.  Interestingly, prosecutors did not file charges against the girl.   

This case reminds me of the movie Porky's when physical education teacher Ms. Balbricker asks the high school principal if he would sanction a penis (tallywacker) lineup of several students so she can identify which student stuck his penis through a peep hole in the girl's bathroom.  Ms. Balbricker claims she can identify the offending student's penis because it contains a distinctive mole.  In the movie, the request for the penis line up was denied. 

Was the prosecutor's troubling request inspired by Porky's?  As a parent of two young children, I am outraged by the actions of the police and prosecutors in this matter.  What happened to educating our kids about the dangers of sexting?  Why are prosecutors utilizing public resources to try to photograph a teenager's erect penis? 

My hope is that prosecutors and judges across the country realize that this is the wrong way to deal with sexting by teenagers.

Copyright 2014 by Shear Law, LLC.  All rights reserved.

Monday, July 7, 2014

Social Media Posts Lead To Firing of TV and Radio Personalities

Last month, Travel Channel personality Adam Richman made some very disturbing posts that led to his upcoming new show being postponed indefinitely.  Talk show host Anthony Cumia of Sirius was fired from his radio show last week for a series of allegedly racists Tweets.  Both of these incidents occurred "off the air" during personal time but they had negative employment consequences.

Social Media is not the panacea that some business consultants claim.  Too many self styled "social media consultants" advise their clients to pump out content on multiple platforms 24/7.  On a regular basis, clients ask me about the legal, business, and reputation related issues surrounding disturbing social media posts.  Unfortunately, I am usually contacted after a "social media consultant" has already provided career killing advice or inadequate training.

If one feels the need to respond to Tweets (or other types of posts) or get into a Facebook discussion with others, the amount of information/content posted should be limited since it may be utilized against you forever.  Yes, forever!  Any postings may be submitted as evidence in a court of law or may be used in the court of public opinion to destroy your career so less is usually more.  I have never had a client tell me he or she regretted not Tweeting more or posting a longer Facebook response.

Copyright 2014 by Shear Law, LLC.  All rights reserved.

Sunday, July 6, 2014

EPIC Files FTC Complaint over Facebook's Emotion Study

The Electronic Information Privacy Center (EPIC), a privacy advocacy group that has been performing great work for 20 years filed a complaint with the FTC alleging that Facebook's emotion study "deceived its users and violated the terms of a 2012 FTC consent decree."  The complaint was filed right before the July 4th holiday weekend. 

Facebook's refusal to issue an immediate apology regarding this issue demonstrates once again that the company is tone deaf when it comes to user privacy.  I have documented Facebook's troubling position regarding digital privacy time and time and time, etc...again. 

When I initially stated that Facebook's emotion study may have violated Facebook's FTC consent agreement early in the day on 6/30/14, I didn't see any other published articles mentioning this possibility.  Soon after I posted my article, Forbes reported that Facebook changed its terms to allegedly allow user data to be utilized for "research" purposes 4 months after the study was completed.

There are many users, technologists, and members of the media who are drinking the Silicon Valley Cool-Aid and defending Facebook's (and other companies) troubling practices because privacy policies, along with terms of use, and data use policies are written so broadly in the hopes that the language allows for any type of data usage and/or manipulation.  Just because one agrees to a troubling privacy policy/terms of use/data use policy clause in an agreement, that doesn't mean a court of law will automatically rule that the policy is legal and enforceable.   

The common law blue pencil doctrine is utilized when contract clauses are ruled to be unreasonable and violate public policy.  This doctrine enables courts to strike troubling clauses from executed agreements.  Is it time for the courts to start "blue penciling" unreasonable privacy policies, terms of use, data use policies, etc...? 

If some Silicon Valley companies don't start changing their data collection and usage practices it would not surprise me if the courts start flexing their blue pencil muscles to protect the personal privacy and safety of citizens in the Digital Age. 

Copyright 2014 by Shear Law, LLC.  All rights reserved.

Monday, June 30, 2014

Facebook's Unethical Experiment May Have Violated FTC Order

Facebook has proven once again that it does not care about its users' privacy and that it may manipulate their users' emotional well-being for corporate profit.   In an explosive article in The Atlantic it is alleged that Facebook intentionally manipulated the news feeds of almost 700,000 users as part of an experiment about emotional contagion on social networks

In the past, it appears Facebook related research was focused on analyzing the information users upload.  In contrast, this appears to be the first time Facebook has publicly acknowledged that it was intentionally manipulating its users' news feeds for psychological experimentation.  Is this the first time this has occurred?  If not, is Facebook prepared to come clean about this matter and all similar user experiments? 

According to the New York Times, "[t]he company [Facebook] says users consent to this kind of manipulation when they agree to its terms of service. But in the quick judgment of the Internet, that argument was not universally accepted."  I have reviewed Facebook's Terms of Service and it appears it may be a legal super hero Plastic Man stretch (think South Park Humancentipad episode about terms of service) that users agreed to psychological experimentation by agreeing to Facebook's terms of service.

The National Institutes of Health (NIH) which is located about a mile from my office has a very detailed history about the laws relating to the protection of human subjects who are part of an experiment.  Did Facebook violate the spirit or the letter of any of these laws?

It would not surprise me if Facebook and/or other digital platforms update their terms of service to clearly state they are able to perform this type of troubling psychological testing on users.  While it is too soon to speculate on whether the experiment abided by Facebook's terms of service and traditional subject informed consent rules, this should be a wake up call to regulators to look more closely at the data collection and usage practices of the digital ecosystem.  

Did Facebook inform the FTC about this experiment during its 2012 investigation that culminated in the 2012 FTC Consent Order that alleged Facebook violated its users' privacy.  Does performing psychological experiments on users without expressed informed consent violate this order?

The bottom line is that this should be a wake up call to those who post on Facebook and utilize platforms that use your personal information for behavioral advertising purposes and/or sell it to data brokers.  As I stated on June, 12, 2014, "I don't advise anyone who values their privacy to post personal information to Facebook because it has an abysmal record when it comes to protecting user privacy."  Facebook's latest actions demonstrate that it believes its users are nothing more than lab rats who give up all of their rights when agreeing to Facebook's Terms of Service and Privacy Policy.

Copyright 2014 by Shear Law, LLC.  All rights reserved.

Saturday, June 28, 2014

Supreme Court: 9-0 We Have The Right To Privacy In The Digital Age

In a 9-0 decision earlier this week in Riley v. California and U.S. v. Wurie, the U.S. Supreme Court ruled that the police generally need a warrant to search cell phones and personal electronic devices of those who are arrested.  I agree wholeheartedly with Adam Liptak's assertion that its "a sweeping victory for privacy rights in the digital age."  

This decision appears to have been built upon the U.S. v. Jones decision in 2012 which ruled 9-0 that a warrant is required to place a GPS tracker on a suspect's vehicle. I believe that when reviewed together U.S. v. Jones,  Riley v. California, and U.S. v. Wurie, provides strong evidence that the 1979 Smith v. Maryland decision that use of a pen register by law enforcement is not a search within the meaning of the Fourth Amendment may be jeopardy. 

The bottom line is that the U.S. Supreme Court has clearly recognized that we have an expectation of privacy in the digital age.  Law enforcement appears now to need a warrant to not only search personal cell phones and digital devices, but also personal digital accounts such as email accounts, social media accounts, cloud computing accounts, app accounts, and other connected devices/accounts that may be referred to the "Internet of Things", etc... of the people whom they arrest.

Does this ruling strengthen the Electronic Communications Privacy Act by now requiring law enforcement to obtain a warrant for all emails regardless of their age during an investigation?  While it is still too early to determine all of the ramifications of this decision, it demonstrates that the U.S. Supreme Court believes we still have a right to privacy despite the changing nature and usage of technology.

Copyright 2014 by Shear Law, LLC.  All rights reserved.