Wednesday, April 23, 2014

California Introduces Social Media Anti-Disparagement Consumer Protection Bill

California recently introduced AB 2365 which would prohibit businesses and service professionals from contractually silencing customers who may want to complain online about their experiences.  While I am generally not in favor of increased digital regulations, this bill may be a step in the right direction because more businesses are exploring contractually silencing their critics.

Kleargear.com is the poster child for how not to treat consumers in the Social Media Age.  It inserted a non-disparagement clause into its online agreements several years ago in order to pursue disgruntled customers who complained about their service.  For example, Kleargear.com threatened a former consumer who wasn't even subject to its non-disparagement clause since she made her purchase before the clause was effective.  The company demanded $3,500 from this customer because it did not agree with her online review.  When this former consumer refused to pay she was reported to multiple credit reporting agencies which caused real world damages.    

During the initial media firestorm when Kleargear.com's reprehensible behavior was publicized last year, it removed the non-disparagement clause.  However, it appears that it was recently reinstated.  Kleargear.com's non-disparagement clause states:

"In an effort to ensure fair and honest public feedback, and to prevent the publishing of libelous content in any form, your acceptance of this sales contract prohibits you from taking any action that negatively impacts KlearGear.com, its reputation, products, services, management or employees. 

Should you violate this clause, as determined by KlearGear.com in its sole discretion, you will be provided a seventy-two (72) hour opportunity to retract the content in question. If the content remains, in whole or in part, you will immediately be billed $3,500.00 USD for legal fees and court costs until such complete costs are determined in litigation. Should these charges remain unpaid for 30 calendar days from the billing date, your unpaid invoice will be forwarded to our third party collection firm and will be reported to consumer credit reporting agencies until paid."

Kleargear.com's behavior demonstrates that without robust digital consumer protections some companies will abuse their power and insert very troubling language into their Terms of Use/Sale agreements.  Caveat emptor when making online purchases.  

Copyright 2014 by the Law Office of Bradley S. Shear, LLC. All rights reserved.

Thursday, April 10, 2014

Kentucky Takes the Lead To Protect Student Privacy in the Digital Age

According to WHAS11.com in Kentucky, HB 232 was signed into law today by Governor Steve Beshear.  This new law states "[a] cloud computing service provider shall not in any case process student data to advertise or facilitate advertising or to create or correct an individual or household profile for any advertisement purpose, and shall not sell, disclose, or otherwise process student data for any commercial purpose."  In a nutshell, the new law bans school vendors who provide cloud based services from data mining student digital communications for advertising purposes. 

HB 232 received bipartisan support and passed 98-0 in the Kentucky House and 38-0 in the Kentucky Senate.  The bill appears to be have been inspired by the Target 2013 holiday data breach and the Gmail data mining lawsuit where Google recently admitted in court documents that its Google Apps For Education platform that it offers for "free" to schools data mines student digital activity for corporate profit.   

Kentucky has taken a significant step to protect its students in the Digital Age.  This new law demonstrates that in Kentucky children's privacy and safety do not take a back seat to the special interests that believe they have the right to data mine our students' digital activity for commercial gain.  Other states such as Oklahoma and New York have enacted or introduced student privacy legislation in the past year; however, Kentucky's new law appears to be the first that offers much greater privacy protection than the Family Educational and Privacy Rights Act (FERPA).

My hope is that other states and eventually Congress follows Kentucky's lead to enact legislation that ensures our children's privacy is better protected in the Digital Age.

Copyright 2014 by the Law Office of Bradley S. Shear, LLC. All rights reserved.

Saturday, April 5, 2014

Facebook Insult About Islam May Lead To Execution in Iran

Be careful about what you say online.  For example, if you are a United Kingdom resident and post allegedly derogatory messages about Iran and/or Islam and then visit Iran you may be detained by the Iranian authorities.  This appears to have happened to a British resident recently.

According to The Independent, a British woman allegedly posted derogatory comments about Iran's government and Islam on Facebook.  It appears that as soon as she landed in Shiraz, Iran to visit family she arrested and was taken to Tehran and charged with "gathering and participation with intent to commit crime against national security" and "insulting Islamic sanctities".  These charges may lead to her execution. 

This set of facts leads me to believe that Iran is social media monitoring every negative comment online about its government and when it has the opportunity to arrest the alleged speakers it does.

The bottom line is that sometimes it is best to have anonymity online.  The Federalist Papers were published anonymously for a reason and that reason was to express political opinions without fear of retribution.  Therefore, before making online political comments about certain issues anonymity may be best. 

Copyright 2014 by the Law Office of Bradley S. Shear, LLC. All rights reserved.

Thursday, April 3, 2014

The Student Privacy Bill of Rights

On March 6, 2014, Khaliah Barnes, the Director of the Electronic Privacy Information Center's (EPIC) Student Privacy Project authored an extremely important article that was featured in the Washington Post titled, "Why a Student Privacy Bill of Rights is desperately needed".  The piece details the digital privacy challenges students encounter and why they need to have stronger legal rights to better protect their personal privacy and safety.  I wholeheartedly agree with Ms. Barnes and believe our students need more robust digital privacy protections.

The main federal laws designed to protect student privacy, the Family Educational Rights and Privacy Act (FERPA) and the Protection of Pupil Rights Amendment (PRPA) have not been updated to keep pace with the Digital Age.  The lack of legal protections for our students' personal information that is stored in the cloud has made Ms. Barnes' Student Privacy Bill of Rights a necessity.  It enumerates six basic rights for students and I believe that in the age of Big Data, students have "certain unalienable Rights" regarding their personal privacy.  The Rights are listed below:

Right #1 Access and Amendment:  Students have the right to access and amend their erroneous, misleading, or otherwise inappropriate records, regardless of who collects or maintains the information.

While growing up in the 1980's, I didn't have to worry that everything I said to my classmates and/or teachers would be on my permanent record forever.  When I attended elementary, middle, and high school, the primary form of communication was in person, on the phone, and handwritten/typed letters.  In college, I recall sending out my first email and then in law school  email began to gain traction. 

As an adjunct professor at a major international university, I have noticed that students prefer email as their primary form of communication outside of class.  Students sometimes make inappropriate remarks in class and/or email.  However, students attend school to learn how to communicate and I believe the content of their school work and their school related communications should be protected and off limits from data mining.  My students and children should be afforded the same privacy protections I experienced in school without fear that every single student-teacher and  student-student digital interaction may be used against them in the future.     

Right #2 Focused collection:  Students have the right to reasonably limit student data that companies and schools collect and retain.

Schools, along with their vendors, and sub-contractors should be limited to what type of data they are able to collect and retain about students.  For example, some schools require student-athletes to install cyber-monitoring software onto their personal computers and personal digital media accounts so all of their online postings may be captured and archived indefinitely.  One school vendor was caught a couple years ago by Time Magazine abusing its access to personal student data and utilizing their content for advertising purposes.  Therefore, it is imperative that students have the right to reasonably limit the type of personal information that is collected and retained about them by companies that contract with schools.    

Right #3 Respect for Context:  Students have the right to expect that companies and schools will collect, use, and disclose student information solely in ways that are compatible with the context in which students provide data.

Unfortunately, some companies have not been honest about the manner in which they collect and utilize personal student information.  Education Week recently reported that Google is abusing its privilege as a school learning platform provider because it is using its Apps For Education offering to surreptitiously data mine student emails for potential advertising. 

Whether its through cloud computing, mobile communication devices, apps, or old school personal computer networks, a tremendous amount of information is being collected by third parties and this data is not under the direct control of our schools.  Therefore, schools and their vendors must be required to disclose exactly what is happening to student information that is stored digitally. 

Right #4 Security: Students have the right to secure and responsible data practices

Secure data practices do not happen overnight and requires cooperation from both schools and their vendors.  Professor Dan Solove of George Washington University has been advocating for years that schools hire chief privacy officers to educate and provide leadership on these issues.  Earlier this year, Prof. Solove told USA Today, “[w]ithout a privacy officer in schools, there will be no one looking out for privacy issues,”  Recent high profile data breaches at the University of Maryland and Indiana University demonstrates the need for educational institutions to implement policies and practices that better protect our students' privacy.    

Right #5  Transparency:  Students have the right to clear and accessible information privacy and security practices.
 
Transparency is key to fostering successful privacy and security practices.  Educational institutions and their contractors need to be required by law to be fully transparent about the type of information they collect, how it is utilized, how long it is archived, and who has access to it.  School vendors such as
Google who have not been transparent about their privacy and security practices put our students' privacy and personal security at risk.  If schools are unable to provide clear and accessible information about their contractors' privacy and security practices, students should have the right to opt-out of participating in a school provided platform that harms their privacy and puts their personal security at risk.        

Right #6  Accountability:  Students should have the right to hold schools and private companies handling student data accountable for adhering to the Student Privacy Bill of Rights. 

FERPA has no private right of action against school vendors.  This is a huge loophole that puts the burden of protecting our children's privacy squarely on academic institutions even though many schools are ill equipped and under-funded to do so.  New state and/or federal laws/regulations are needed to hold school contractors accountable for violating the privacy of our students.   

A recently released report on Big Data and "alternative credit scoring" by the World Privacy Forum reinforces the need for greater regulation to protect our privacy.  The report discusses unfairness and discrimination issues that may soon become widespread because our current legal and regulatory privacy framework was designed before email, apps, and the cloud became ubiquitous.  Students shouldn't have to worry about whether their school related research, questions, communications, and/or projects on disabilities, HIV, personal sexuality, pregnancy, sexually transmitted diseases, etc... will be data mined and/or sold to the highest bidder. 
 
 If third party vendors mislead schools, parents, or students about their data handling or protection practices, they need to be held legally and financially responsible for privacy violations.  For example, students who utilize Google Apps For Education through their schools should be able to hold Google legally and financially accountable for data mining their school digital interactions, content, work etc...for non-educational purposes.  

Soon after the Education Week article that uncovered Google's very troubling student data mining practices was published, I reached out to Ms. Barnes and asked her to comment about these new revelations.  In an email Ms. Barnes stated, "Google's data mining admissions underscore the importance of the Student Privacy Bill of Rights. Here's a situation where students lost total control over their information. The students first lost control when the schools made a choice on behalf of students, without first adequately vetting Google's data practices and ensuring that those practices don't put students at risk. Second, students lost control when Google decided to read students' emails. Google's practices contravene the Student Privacy Bill of Rights by repurposing student data for commercial use. Google should be held accountable to students, the Education Department, and the Federal Trade Commission for violating student trust."

As a society, we need to do more to protect our children's privacy in the Digital Age.  A first step would be to adopt the principles advocated by Ms. Barnes' in her Student Privacy Bill of Rights. 

Copyright 2014 by the Law Office of Bradley S. Shear, LLC. All rights reserved.

Thursday, March 27, 2014

Minnesota School District To Pay $70,000 For Accessing Student's Facebook Account

With access comes responsibility and financial liability.  A student recently won a $70,000 settlement against a Minnesota school district after she was required to give up her digital media user names and passwords.  I initially wrote about this issue on March 10, 2012, and stated, "This behavior is a clear 1st and 4th Amendment and possibly a 5th Amendment violation of the U.S. Constitution."  On September 15, 2012, I wrote, "Public schools that require any of their students to register their social media usernames, or to provide access to their password protected digital content via required Facebook Friending or the installation of a third-party software application for any reason are in clear violation of the 1st and 4th Amendment."

This settlement along with the recent NLRB ruling that referenced Northwestern's illegal student-athlete social media policy demonstrates that K-12 schools and post-secondary institutions need to better understand their legal liabilities in the Digital Age.  Drafting and enforcing a legal and reasonable social media policy is extremely important since almost every student of a certain age and employee owns or has access to a digital device/account.  Students still have a right to privacy despite what some technology companies may claim.

For years, I have been publicly discussing the legal liability issues schools will encounter if they require access to their student's personal digital accounts.  Schools that refuse to understand and properly address these issues will (not may) have tremendous legal liability and financial obligations.  If a school wants access to their students' personal digital accounts they may need to pay $70,000 per student.  There are other options available and my hope is that schools become better educated about them.  

Copyright 2014 by the Law Office of Bradley S. Shear, LLC. All rights reserved.