Posted on July 5, 2011 by Bret Cohen

Round Up of Developments in Social Media Law

Social media has been a hot topic of late.  Companies are debating the official use of social media for marketing purposes, social networking privacy has been the subject of recent (failed)  legislation, and the EU has been ratcheting up pressure on prominent social networking sites to enhance privacy protections.  Social media was even a topic of discussion at this May's "eG8" in Paris, an event blogged about recently by Chris Wolf.

The Hogan Lovells Chronicle of Data Protection have covered social media developments over the past year or so, and provide a summary of our coverage for you here in one place, allowing you to take stock:

  • NLRB Increases Enforcement Activity Against Discipline of Employees for Use of Social Media (May 26, 2011):  The National Labor Relations Board (NLRB) has recently expressed an interest in investigating actions taken against employees for their use of social media, including issuing administrative complaints against a car dealer that fired an employee for posting concerns on his Facebook page about the dealer's handling of a sales event, and against a nonprofit social services organization for terminating five employees that commented on Facebook about the organization's work load, staffing issues, and commitment to its clients.  These contrast against a memorandum issued by the NLRB that advised that a discharge of a newspaper reporter for posting "unprofessional and inappropriate" social networking messages to a work-related social media account did not violate the law.
  • CAN-SPAM Held to Apply to Social Media Messaging (April 1, 2011):  The U.S. District Court for the Northern District of California's issued an opinion in Facebook v. MaxBounty that held that messages sent through social networking sites must comply with the federal CAN-SPAM law regulating commercial email advertising.
  • FTC Announces Proposed Google Buzz Settlement:  First Time FTC Requires Comprehensive Privacy Program (March 30, 2011):  The Federal Trade Commission (FTC) announced a proposed settlement with Google relating to charges that Google used deceptive practices and violated its own privacy policies when it launched its social network Google Buzz.  For the first time ever, the FTC required that a company institute a "comprehensive privacy program" and to receive affirmative consent from consumers to any new or additional uses of previously collected data.
  • FTC Enforces Against Obscure Privacy Disclosures in New Consent Decree (December 6, 2010):  The FTC entered into a consent decree with a developer of parental web-monitoring software that, without consent from parents, captured childrens' website history, chat conversations, and instant messages and incorporated them into a marketing service that provided companies with the ability to access what consumers are saying or thinking by providing aggregate consumer opinions from user-generated social media websites.  Though the company disclosed that information may be used to "improve our services" and "conduct research," the language was in the thirtieth paragraph of a policy that was contained in a small scroll box, and the FTC took the position that the failure to clearly notify parents of the usage of their childrens' data constituted a deceptive trade practice.
  • NLRB Files Complaint for Employer's Allegedly Overbroad Social Media Policy (November 8, 2010):  The NLRB kicked off its recent flurry of social media activity by issuing an administrative complaint against a company for terminating an employee who, after an incident at work, criticized her supervisor on her Facebook page.  Lafe Solomon, the NLRB's acting general counsel, said, "This is a fairly straightforward case under the National Labor Relations Act -- whether it takes place on Facebook or at the water cooler, it was employees talking jointly about working conditions, in this case about their supervisor, and they have a right to do that."  The case settled early this year.
  • Twitter Consent Order Evidences Broader Scope of FTC Information Security Enforcement (July 1, 2010):  The FTC entered into a consent order with social networking service provider Twitter, alleging that lapses in Twitter's data security practices resulted in unauthorized individuals gaining access to user accounts containing mobile telephone numbers, email addresses, and IP addresses.  Unlike the FTC's prior data security consent orders under the FTC Act, there was no allegation of any unauthorized access to traditionally identified forms of sensitive personal information, such as Social Security numbers, financial account numbers, government ID numbers, consumer reports, or medical conditions.
  • FINRA Issues Guidance on Social Networking Sites (February 9, 2010):  The Financial Industry Regulatory Authority (FINRA), an industry self-regulatory orgnaization, issued guidance to member companies on the use of blogs and social networking sites to engage in company-sponsored communications with the public.  While FINRA exercises oversight of the securities industry, the recommendations are good advice for any business that is considering communicating with or marketing to consumers through social media.
  • Two Hogan & Hartson Advisories on the Use of Social Media (September 28, 2009):  We were even covering social media back before we were Hogan Lovells!  We issued an update (PDF), still relevant today, setting forth the considerations that arise when social media is used by three different groups -- an entity itself, the employees of that entity, and third parties in reference to the entity.  Also, the FDA in 2009 held a two-day public hearing at the end of that year on how pharmaceutical companies use the web and social media.  Despite it being almost two years since that hearing, the FDA just this March delayed an expected guidance on the use of social media to market pharmaceuticals.  News earlier this week that Facebook will prevent pharmaceutical companies from disabling the comments feature on their pages has caused consternation, as the FDA has implied in past statements that user comments maybe able to be ascribed to pharmaceutical companies for regulatory purposes.  Stay tuned.
Tags: , , , , , , , , , , , ,
Posted on February 9, 2010 by Bret Cohen

FINRA Issues Guidance on Social Networking Sites

The Hogan & Hartson privacy lawyers are counseling clients on the use of social media, as the legal risks are significant -- especially if employees use the shield of anonymity to protect their privacy but make representations on behalf of their employers without disclosing their affiliation.  The FTC and FDA recently have focused on social media.  And on January 25, the Financial Industry Regulatory Authority (FINRA), an industry self-regulatory organization, issued Regulatory Notice 10-6, which gives guidance to member companies on the use of blogs and social networking sites to engage in company-sponsored communications with the public. 

The unique nature of social networking sites and the speed and fluidity with which communications can be made to the public have presented challenges in the implementation of existing FINRA rules.  Some recommendations made in the guidance includes:

  • Supervising interactive communications made through social networking sites in a manner reasonably designed to ensure that they do not violate the content requirements of FINRA's communications rules or other securities laws, and instituting policies and procedures for this supervision
  • Instituting a policy prohibiting business communications by employees through social networking sites that are not subject to the company's supervision
  • Requiring employees posting content to social networking sites to undergo training
  • Establishing appropriate usage guidelines for customers and other third parties that are permitted to post on company-sponsored web sites
  • Adopting disclaimers to help ensure that third-party content posted to blogs or social networking sites is not attributed to the company
  • Monitoring third-party posts to mitigate the perception that the company is adopting the content of the post or to assist compliance with the "Good Samaritan" safe harbor for blocking and screening offensive material under Section 230 of the Communications Decency Act.

While FINRA exercises oversight of the securities industry, the recommendations in Notice 10-6 are good advice for any business that is considering communicating or marketing with consumers through social media, whether hosted by the company or on a third-party social networking site such as MySpace or Twitter.  In addition to the recommendations listed here, businesses seeking to enter the social networking space should also institute policies that ensure that its representatives don't deceive consumers and that the content posted complies with all applicable laws and regulations, such as defamation and intellectual property laws.

The fact that FINRA is looking into this issue -- in September 2009, FINRA organized a Social Networking Task Force from which these guidelines were generated -- highlights the importance of social networking as a marketing tool, along with the accompanying risks.  Other industries are also considering these issues; for example, in November 2009 the FDA held a well-attended public hearing about the use of social media as a marketing tool for FDA-regulated entities.  For more information about legal risks that can arise through business use of social networking sites and how to address these risks, check out Hogan & Hartson's recent guidance on the topic.

Tags: , , ,