Online Privacy

Subscribe to Online Privacy via RSS

According to a new, partially-published California Court of Appeal decision, there is no cause of action for invasion of privacy under the California Constitution where a plaintiff’s myspace.com posting is republished in a newspaper.   In Moreno et al. v. Hanford Sentinel, Inc., et al., F054138, slip op. (Cal. Ct. App.

The Electronic Privacy Information Center (“EPIC”) recently filed a complaint with the Federal Trade Commission (“FTC”) accusing Google of failing to implement adequate privacy and data security safeguards and engaging in unfair and deceptive trade practices related to its “cloud computing” services.

More and more companies have been considering engaging in marketing campaigns that involve “address book scraping,”  in which a user is asked to import his contacts (i.e., the e-mail addresses he has stored in his e-mail account address book) into his social networking Web site or other online service so that a message can be sent to those contacts inviting them to join the social network or to participate in a joint offering of the company and its partner.  In some cases, the user is asked to provide the username and password for his e-mail account so that the import can be done transparently.

There are a number of things to look out for in connection with these campaigns:

Behavioral tracking of consumers online in order to deliver relevant advertising is a privacy issue that is receiving a lot of attention, and one that has been the focus of Federal Trade Commission and consumer group scrutiny. On September 25th, the United States Senate Commerce Committee held a hearing on online privacy and received commitments from the three industry representatives (from AT&T, Verizon and Time Warner Cable) that if they do deploy technologies that are able to track consumer online behavior in order to tailor advertising, that consumers will have clear notice and a full opportunity to provide affirmative consent. None of the companies currently use such technologies in their roles as Internet Service Providers. The broadband providers challenged the rest of the online industry, including web site operators and application providers such as Google, to provide the same protections to consumers. Essentially, the witnesses called for an end to “opt out” when it comes to online advertising.

On July 17, 2008, the House Telecommunications and Internet Subcommittee examined the practice of deep packet inspection (DPI), a method for networks and third parties to determine what information users (identified by IP addresses or random ID numbers) are searching for and accessing on the Internet in order to tailor more relevant advertising based on an individual’s interests. DPI is often cookie-based and does not link personally identifiable information with user surfer behavior.

The House Subcommittee’s hearing focused on whether the online advertising industry should be required to use opt-in systems, or whether current opt-out systems adequately protect consumers’ privacy. The July 17 hearing is the latest in a series of efforts by regulators and legislators to better understand behavioral targeting.

State governments and federal prosecutors are cracking down on individuals who use the internet to harass or threaten others.  On June 30, Missouri Governor Matt Blount signed into law a measure that criminalizes online harassment.  This new law represents a marked change in the legal treatment of this form of harassment, also known as “cyber-bullying.”  Other states have enacted legislation to help stop cyber-bullies, but none has gone so far as to impose jail sentences on violators.  The Missouri law, however, criminalizes the transmission of an electronic communication for the purpose of frightening or disturbing another.  V.A.M.S. 565.091 (not yet chaptered).  Adult violators of this new law face up to 4 years in prison if they perpetrate the offense against a child.

The legislation responds to the 2006 death of 13-year old Megan Meier, who committed suicide after being harassed repeatedly on MySpace.  The harassment was allegedly perpetrated by Lori Drew, a 47-year old woman who falsely assumed the identity of a fictitious teenage boy on MySpace and posed as this character to develop an online relationship with Meier.  The girl’s suicide was allegedly prompted by disparaging comments made by Ms. Drew disguised as the teenage boy.  The tragedy outraged the Missouri community in which it occurred, but local authorities were unable to prosecute Ms. Drew because cyber-bullying was not illegal.

The ongoing debate over online behavioral targeting is significant not only because such targeting enables consumers to receive ads that are more relevant and useful to them, but as the FTC has recognized, restrictions that inhibit companies’ ability to obtain advertising revenue may fundamentally affect the ability of the Internet to continue to offer valuable content for free.