3. Minors
The working party suggested several measures for protecting the privacy of minors. These include not asking for sensitive data in subscription forms, prohibiting direct marketing aimed at minors and possible implementation of age-verification software. In April, Viviane Reding, the EU’s Commissioner for Information Society and Media, said she believes that profiles of minors “must be private by default and unavailable to internet search engines.”265
B. Canada Privacy Commissioner Warns Facebook To Tighten Privacy Controls
Canada’s privacy commissioner found that Facebook violates Canadian privacy laws in several respects, particularly by not adequately protecting users’ personal information from applications developers.266 The inquiry was prompted in response to a complaint filed by the Canadian Internet Policy and Public Interest Clinic at the University of Ottawa that alleged Facebook violated provisions of Canada’s Personal Information Protection and Electronic Documents Act. Facebook has about 250 million users worldwide, including 12 million in Canada.267
Canada Privacy Commissioner Jennifer Stoddart released the results of her office’s 13-month investigation on July 16, 2009. Stoddart gave Facebook until Aug. 24, 2009, to bring its policies into compliance. If it failed to do so, Stoddart would consider pursuing a court order that would require Facebook to change its business practices.268 Following the release of the report, Chris Kelly, Facebook’s chief privacy officer, said the company would continue its conversation with Canada as part of its ongoing effort to modify its privacy controls. However, Kelly said, “We have every confidence that there would not be a finding in Canadian law if there were to go to a court, but we’re very comfortable with where things are in our discussion.”269
The report identified privacy concerns in these four areas:
1. Facebook Applications
When users decide to participate in games, quizzes and other diversions on Facebook, they agree to give the application developer access to much of their personal information. Facebook already advises developers to limit their use of personal information to the application, but the report recommends going farther by preventing the release of information other than what is needed to run a specific application. Elizabeth Denham, the assistant Canadian privacy commissioner who prepared the report, wants users to be informed of the specific information an application uses and for what purpose.
2. Deactivated Accounts
Facebook offers users who no longer want to use the site the option of deactivating or deleting their accounts. Deactivation authorizes Facebook to retain personal information in case a user wants to use the account again, while deletion supposedly eliminates all personal data. Facebook acknowledges it is difficult to guarantee that all personal information on a deleted account is actually eliminated. However, the report wants Facebook to set a reasonable time limit on when it will delete content from deactivated accounts.
3. Accounts of Deceased Users
The privacy office wants Facebook to include in its Privacy Policy a notice to users that personal information of deceased users will be retained to keep an account visible as a memorial. The report complimented Facebook for its commitment to allowing a way for friends and family to honor the deceased. However, it found that this nevertheless constitutes an intended use of personal information and should be communicated to users.
4. Information of Non-Users
The report urged Facebook to adopt measures to address concerns about non-users’ lack of consent to being tagged in photographs. When a user tags a non-user in a photo, the user has the option of uploading the non-user’s e-mail address. Facebook then uses the e-mail address to invite the non-user to join the site. The report recommended Facebook require users to obtain consent before providing a non-user’s e-mail address, and that Facebook set a reasonable time limit on the retention of these addresses.
C. Reporters’ Use of Social Networking Sites
Celebrities and other newsmakers have begun using social networking sites (SNS) in increasing numbers. As a result, media outlets often use postings from the sites as a source to break news or provide added commentary to a story. For example, in the days after former Alaska Gov. Sarah Palin announced on July 3, 2009, that she would resign from office, news outlets analyzed and reported her Facebook and Twitter posts in an attempt to more fully understand her decision to step down. Palin’s online chatter appeared at the top of a July 5, 2009, story in the New York Times: “Gov. Sarah Palin of Alaska offered few hints of what her next stage in national politics might be when she unexpectedly announced that she was quitting her job, other than to say on her Facebook page on Saturday that she was ‘now looking ahead and how we can advance this country together.’”270
It is a foregone conclusion that references to Facebook posts or “tweets” will continue to appear in news reports. Use of the sites is too pervasive to ignore and their popularity shows no sign of slowing down. Journalists, media organizations and academic scholars must now consider the proper parameters that should govern reporters’ professional and personal use of what many view as an indispensable reporting tool.
1. Ups and Downs of SNS
SNS provide several advantages to journalists. By joining a Facebook group, reporters can connect with members of the community or experts in a particular field to generate story ideas and expand their list of available sources.271 In instances where newsmakers decline to be interviewed or limit their public comments, posts on SNS may be the default source for providing a needed perspective. In turn, newsmakers may prefer authoring a Facebook post or tweet to dodge difficult questions and limit the filtering that it is an unavoidable part of the reporting process.
Journalists, however, must be wary of potential pitfalls, such as quoting an online post that turns out to be the work of an imposter. Also, those who use Facebook and comment on news events or offer personal political views run the risk of jeopardizing their objectivity by being perceived as biased. J.D. Lasica, founder and editorial director of Socialmedia.biz and a former editor at the Sacramento Bee, believes this view of perceiving of journalists as “blank slates” is an outdated notion and that by participating on Facebook, reporters can help to humanize themselves and lift the veil of secrecy that surrounds the newsgathering process for much of the public.272
2. Spelling Out Ethical Limits
Some news organizations,273 including the Wall Street Journal,274 have altered their ethics policies to include rules on the use of social networking sites.275 Such policies can include guidelines ranging from the tried-and-true reporting mandate to verify the accuracy of facts and the identity of a poster to more modern reminders like recognizing that others may misinterpret a reporter’s intention in accepting or making a “friend” request.
Jane Kirtley, director of the Silha Center and professor of media ethics and law at the University of Minnesota, offered several suggestions for maintaining sound journalistic practices while using Facebook. These include identifying Facebook in a story when used as a reporting tool and never “friending” an unnamed source. “If you’ve promised confidentiality, you shouldn’t do it, even if the friend uses a pseudonym.”276
Twitter is likely to vary in its usefulness for journalists as governments and public and private entities develop policies encouraging or discouraging its use among employees. Several teams in the National Football League, including the Green Bay Packers and Miami Dolphins, have effectively barred players from tweeting over concerns players will reveal sensitive information about game plans or injuries. That attitude is not universal in the sports world. National Basketball Association player Shaquille O’Neal has more than 1.8 million followers on Twitter and cyclist Lance Armstrong tweeted throughout the 2009 Tour de France.277
In the United Kingdom, the government’s Department for Business Innovation & Skills compiled a 20-page report in July 2009 that urged department employees to tweet and suggested the practice be expanded to other areas of government.278 Advantages to tweeting, according to the report, include the opportunity to put a “human voice” to a government department and build relationships with certain audiences, including journalists and bloggers.279
D. Sites Offer a Vehicle for Scams and Viruses
1. Twitter Used for Scams
The Better Business Bureau says that online scammers have begun using Twitter to attract people into “get-rich-quick and work-at-home schemes” similar to those that have proliferated e-mail accounts for years.280 The scams involve companies promising to pay Twitter users hundreds of dollars a day to tweet after they sign up for a free training kit. The result is that users can be fleeced of a large monthly payment if they do not cancel within a certain time. The bureau warns those looking for jobs to be cautious of claims that they can earn paychecks by tweeting from home and to avoid Web sites asking for money upfront for a job tweeting.281
The Web sites began showing up in the spring of 2009 and the Better Business Bureau had not received any consumer complaints as of July, according to Alison Southwick, a spokeswoman for the bureau. “Twitter is the cool thing, the bright, shiny object,” she said. “It’s unbelievable how widespread this is. And with so many people vulnerable and looking for jobs, a scheme like this is going to have people falling for it when they can least afford to.”282
2. Sites Can Attract Viruses
Authors of computer viruses have increasingly targeted social networking sites such as Facebook, MySpace and Twitter. In a July 12 story in the Washington Post, Rob Pegoraro reported that these sites serve as an attractive target because they are premised on the trust established through a network of friends or known entities.283 This makes users more vulnerable because they are less likely to ignore a link to a random Web site when guided there by a friend as opposed to a stranger.
Some free Web sites use blacklists to block links to hazardous pages when creating the abbreviated links that often appear in short messages on social networking sites. However, Pegoraro theorized that the steady stream of updated content on a site such as Twitter may prevent even the best-maintained blacklist from properly identifying all threats. Pegoraro predicts more viruses will begin to plague these sites and, in a slight twist to an old saying, he offers this advice: “If your mother says she loves you on Facebook, check it out.”
E. Court Cases Involving Social Networking Sites
1. Twitter and Defamation
a. La Russa Drops Defamation Suit
Tony La Russa, manager of the St. Louis Cardinals, filed suit against Twitter Inc. on May 6, 2009, for trademark infringement,284 invasion of privacy,285 cyber squatting286 and related claims.287 In what was to be the first legal challenge against Twitter, La Russa claimed that his identity had been hijacked by someone else posting “tweets” on the micro blogging Web site under his name and photo. As a result, he claimed Twitter damaged his trademark rights to his famous name. La Russa has managed Major League Baseball teams for 30 years in what is likely to be a Hall of Fame career. The imposter poked fun at La Russa’s drunk driving arrest and made light of the death of a Cardinals pitcher in a car accident. “Lost 2 out of 3, but we made it out of Chicago without one drunk driving incident or dead pitcher,” one of the disputed posts read. Twitter removed the fake profile after La Russa filed suit.
La Russa dropped the lawsuit on June 26, 2009, in a terse court filing that stated Twitter made no payment to La Russa in exchange for dropping the suit.288 The precise reason for the decision not to pursue the claims was not reported, but it is possible La Russa decided he would not win a legal challenge because Web sites are generally not liable for the postings of their users under the Communications Decency Act, 47 U.S.C. § 230.
b. Landlord Sues Ex-tenant For Defamation
A Chicago apartment leasing and managing company filed a defamation lawsuit against a former resident for a Twitter post that suggested the company condones tenants living in moldy apartments. Horizon Group Management LLC filed the suit against Amanda Bonnen on July 20, 2009, in Cook County Circuit Court in Chicago.289 “Who said sleeping in a moldy apartment was bad for you? Horizon realty thinks it’s okay,” Bonnen posted on Twitter the morning of May 12, 2009.
The suit claims Bonnen “maliciously and wrongfully published the false and defamatory statement, thereby allowing the Tweet to be distributed throughout the world.” Horizon claims the post damaged its reputation and Bonnen is therefore automatically liable. Bonnen had a public Twitter profile at the time of the post, but only 20 registered followers. The lawsuit invited more attention to the post as “Horizon Realty” hit as high as No. 3 on Twitter’s list of trending topics after media outlets reported on the lawsuit.290 Horizon was seeking more than $50,000 in damages.
2. MySpace Post = Publicity in MN
A Minnesota appeals court held that posting private information on a publicly accessible Web site satisfies the publicity element on an invasion of privacy claim. In Yath v. Fairview Clinics, 767 N.W.2d 34, (Minn. Ct. App. 2009), the court also upheld a Minnesota statute that permits a private cause of action for wrongful disclosure of an individual’s medical records, a decision that runs the risk of encouraging health care professionals to take a more guarded attitude toward the Health Insurance Portability and Accountability Act (HIPAA), 42 U.S.C. §§ 1320d-1320d-8 (2006).
The case originated when a clinic employee noticed an acquaintance visit the clinic and out of curiosity decided to look at the patient’s medical file. The employee learned the patient, who is married, wanted to be tested for a sexually transmitted disease because she had a new sexual partner. The employee, who is related to the patient’s husband, revealed the information to friends and other relatives. A page on MySpace.com with the title “Rotten Candy” revealing the information from the patient’s file soon appeared online, prompting the suit.
The court focused on the method used to transmit the private information—a publicly accessible Web site—rather than the number of viewers to decide the publicity element had been satisfied. The court acknowledged the likelihood that only a few friends of the clinic employee saw the page, particularly because the page was only posted for between 24 and 48 hours before it was removed. However, the court found that the number of actual viewers is irrelevant, likening the MySpace page to a newspaper with a small circulation or a radio broadcast in the middle of the night that has a small audience. The court reasoned that the publicity element is triggered “when the communication is made to the public at large, not to a large number of the public.”291
In the same case, the court also held that a Minnesota statute is complementary, not contradictory, to HIPAA because both laws discourage wrongfully disclosing information from a person’s health record. A HIPAA violation exposes a person to criminal penalties while Minn. Stat. § 144.335 (2008) exposes a person to compensatory damages in a civil action. The Hennepin County District Court dismissed claims under the state statute by reasoning that the state law is contrary to HIPAA and is therefore preempted by it. In reversing that decision, the appeals court noted it is possible to comply with both laws, and that the Minnesota statute creates “another disincentive to wrongfully disclose a patient’s health care record.”292 It remains to be seen whether this ruling may have the unintended effect of causing health care professionals to err on the side of caution and be reluctant to release information not protected by HIPAA out of fear of being individually liable in a civil suit.
3. Judge Issues Facebook Gag Order
A Rhode Island family court judge enjoined a woman from posting any information on the Internet about a child custody dispute293 she is not a party to. Kent County Family Court Judge Michael Forte issued the gag order in June 2009 to Michelle Langlois, whose brother is involved in an ongoing custody dispute with his ex-wife, Tracey Martin.294 Forte issued the order in response to Martin filing a “domestic abuse” petition that claimed Langlois’ posts to her Facebook page served as harassment and could psychologically damage the children involved in the dispute.
The American Civil Liberties Union filed a motion to dismiss the order on behalf of Langlois, who said in defense of her postings: “I do not believe the truth was coming out in Family Court. I was simply using the internet to publicize my brother’s plight.”295 A potential battle over Forte’s authority to issue the prior restraint on speech was averted when Forte dismissed the order after Martin voluntarily dismissed her petition.296
4. Liability for Hosting Third Party Content
a. Yahoo! Could Be Liable for Promising, but Failing, to Remove Content
In Barnes v. Yahoo! Inc., 565 F.3d 560 (9th Cir. 2009), amended, 570 F.3d 1096 (9th Cir. 2009), the court allowed a plaintiff to move forward on her promissory estoppel claim against Yahoo after the company failed to follow through on its promise to remove a sexually explicit Web posting. Attorneys advise that the ruling serves as a reminder that despite the wide protections afforded by the Communications Decency Act, 47 U.S.C. § 230(c)(1), there is a risk involved with hosting third-party content on the Web.297
The case arose when the plaintiff, Cecelia Barnes, broke up with her boyfriend and he posted nude photographs of the two of them, without her consent, on a Yahoo Web site along with some sort of invitation to engage in sex. Barnes repeatedly asked Yahoo to take down the profile and the company said it “would take care of it.” However, the profile did not disappear until Barnes filed suit in Oregon state court.
The court determined that Barnes’ promissory estoppel claim did not depend on the status of Yahoo as a “publisher or speaker.” If it did, Yahoo would have been precluded from liability under the Communications Decency Act, which generally precludes courts from treating Internet service providers as publishers. The court found that Yahoo’s contract liability came not from its actions as a publisher, but “from Yahoo’s manifest intention to be legally obligated to do something, which happens to be removal of material from publication.”298 The court noted that a general monitoring policy, or even an attempt to help a specific person, would not be enough to expose an Internet service provider to contract liability.
b. Argentine Judge Holds Google and Yahoo! Liable for Photos on Sex Trade Web Sites
On July 29, 2009, an Argentine judge held Google and Yahoo! liable for pornographic and female escort Web sites that posted pictures of a model and actress without her consent, according to the Bureau of National Affairs Electronic Commerce Report.299 The judge in the National Civil Court No. 75 in Buenos Aires ordered each company to pay $13,124 in damages to Virginia Da Cunha.300 The judge ruled that the companies helped increase the damage to Da Cunha by enhancing the quality of the pictures and that without their participation, accessing the Web sites might have been extremely difficult.301
“Search engines are responsible due to their activities as website-access facilitators,” the judge wrote. They are “enormous tools that help amplify the spread of information and have an equal ability to amplify harm.” BNA reported that Da Cunha’s attorney, Gustavo Tanus, who has handled 120 similar cases against the two companies, said that this was the first successful ruling in Argentina. Tanus said that the actress plans to appeal the ruling because the judge granted her moral, but not economic damages, and that she is “entitled to payment for the use of her photos.”302
5. MySpace Suicide Case Leads to Change in Missouri Law, Prosecution for Cyber-bullying
a. Judge Overturns Conviction
In July 2009, a federal judge in Los Angeles threw out a criminal case against a Missouri woman convicted of computer fraud stemming from a 2006 hoax on MySpace targeting a teenage girl who later committed suicide. Lori Drew, of Dardenne Prairie, Mo., was convicted on Nov. 26, 2008, of three misdemeanor counts of illegally accessing a computer. U.S. District Court Judge George H. Wu issued a direct acquittal on July 2.303
Thom Mrozek, a spokesman for the U.S. attorney’s office in Los Angeles, told CNN ahead of Wu issuing a written order that “Wu said in court if Drew is convicted of illegally accessing computers, the guilty verdict would set a precedent and anyone who has ever violated MySpace’s terms of service could also be found guilty of a misdemeanor.”304 Drew had been accused of participating in a cyber-bullying scheme in Missouri against 13-year-old Megan Meier. Drew created a fictitious profile on MySpace of a young man which she used to contact, flirt with, and later reject and insult Meier, a former friend of Drew’s daughter. Meier hanged herself in her home in October 2006.
MySpace’s user agreement requires registrants to provide, among other things, factual information about themselves, and to refrain from soliciting personal information from minors and using information obtained from MySpace services to harass or harm other people.305 Drew was originally charged with four potential felony counts of unauthorized computer access under the Computer Fraud and Abuse Act, 18 U.S.C. § 1030, and prosecutors claimed that by allegedly violating the “click-to-agree contract,” Drew committed the same crime as any computer hacker. U.S. Attorney Thomas O’Brien said he filed the case in Los Angeles because that is where MySpace is based. At the time, Missouri did not have an online harassment law. Prosecutors said they would wait to review Wu’s written order before deciding whether to appeal.306
b. Woman Charged With Cyber-bullying Under New Missouri Law
In August 2009, a Missouri woman was charged with felony harassment for allegedly posting photos and personal information of a 17-year-old girl on the “Casual Encounters” section of Craigslist. Prosecutors say 40-year-old Elizabeth A. Thrasher posted the girl’s picture, e-mail address and photo on the Web site in a manner that made it appear the girl was seeking a sexual encounter. The girl then received lewd messages and photos from men she did not know. The alleged victim is the daughter of the girlfriend of Thrasher’s ex-husband and Thrasher and the girl had apparently been arguing on MySpace before the post of the girl appeared on Craigslist.307
Thrasher, of St. Peters, Mo., in suburban St. Louis, was the first woman charged with felony harassment under the state’s updated harassment law passed in 2008 in response to the death of 13-year-old Megan Meier, who committed suicide after she was the victim of a cyber-bullying scheme.308 The revised law eliminated the requirement that harassing communication be made “in writing or by telephone” so that now electronic communication, including online postings and text messages, can constitute harassment.309 The crime becomes a felony when committed by someone at least 21 years old against a person 17 years old or younger. Misdemeanor cases have been filed under the law.
Thrasher was freed on $10,000 bond, but a judge prohibited her from having a computer or Internet access at home. Her attorney, Michael Kielty, likened what Thrasher was accused of doing to someone posting a telephone number on a bathroom wall, telling people to “call Jane Doe for a good time.” Kielty believed such action may be “in poor taste” or “inappropriate,” but that it does not amount to a crime.310
Share with your friends: |