Are social media companies based in the United States subject to European data privacy laws? Two recent judicial decisions – one in France and the other in Germany – arrived at different answers. The Civil Court of Paris held that Twitter, based in California, was obligated under the French Code of Civil Procedure to reveal the identity of its users in France who posted racist tweets. In Germany, on the other hand, an administrative court held that Facebook, also based in California, was not subject to a German law that would have prohibited Facebook from requiring users to register under their real names.
Facebook and Netflix now “in a Relationship”; Obama Signs Bill Updating Video Privacy Law
On January 10, 2013, President Obama signed into law H.R. 6671, an amendment to the Video Privacy Protection Act of 1988 (VPPA) codified at 18 U.S.C. § 2710, which will permit companies, such as Netflix, to obtain advance consent from consumers to automatically share their movie viewing history…
New California Law Protects Employee Use of Social Media
California Governor Jerry Brown has signed a new law protecting employee use of social media by prohibiting an employer from requiring or requesting an employee or applicant for employment to disclose a username or password for the purpose of accessing the employee’s personal social media.
Friend Request Rejected: Maryland Bans Employers from Asking Employees for their Social Media Passwords
Maryland became the first state to pass legislation that prohibits employers from asking employees and job applicants for their social media passwords.
…
Katharine Parker Discusses Employer Access to Employee Social Media Accounts with the Christian Science Monitor
On April 11, 2012, Katharine Parker, a partner in Proskauer’s Labor & Employment Law Department, discussed privacy concerns that arise when an employer demands access to its employees’ social media accounts.
…
Do I really have to obtain consent from all my customers to make a change to my privacy policy?
"Do I really have to obtain consent from all my customers to make a change to my privacy policy? No one else seems to be following that rule."
We get this question all the time. It is understandable, given that we often watch Web-based companies expand their usage of consumer data without the affirmative consent of their users. (In other words, they add a new offering to their service that expands their use or sharing of consumer data, and they default their users into the new offering.) Sometimes they back off temporarily when faced with media backlash or Congressional or regulatory scrutiny, but the pattern nonetheless persists in the long term. Sometimes we scratch our heads in wonder, since the FTC has taken the position in countless actions for over a decade that if you make a material, adverse, retroactive change to your privacy policy, you need to obtain consent from consumers to apply your new policy to the data you collected under your old policy.
Facebook Accedes to the FTC’s Poke, Settles FTC’s Charges
Facebook recently agreed to settle charges by the Federal Trade Commission (FTC) that Facebook violated the FTC Act. The FTC-Facebook settlement, which is still subject to final FTC approval, prohibits Facebook from making misrepresentations about the privacy or security of its users’ personal information, requires Facebook to obtain users’ affirmative consent before enacting changes that override the users’ privacy preferences, and requires Facebook to prevent anyone from accessing material posted by a user more than 30 days after such user deleted his or her account. Similar to the March 2011 FTC-Google settlement, the Facebook settlement requires that Facebook enact a comprehensive privacy program and not misrepresent its compliance with the US-EU Safe Harbor Principles. As we previously reported, these two requirements are relatively new FTC settlement terms, which were first used in March 2011.
…
CAN of Worms?: New Decision Opens CAN-SPAM Private Right of Action to Non-ISPs
A recent decision in the Western District of Washington broadly defines the reach of the private right of action under the federal CAN-SPAM statute. In that case, Haselton v. Quicken Loans Inc., W.D. Wash., C-07-1777, 10/14/08, the court held that a company had standing to sue alleged spammers even though it is not an Internet service provider (ISP) and does not provide e-mail accounts to its customers.
…