Round Up of Developments in Social Media Law

Companies are debating the official use of social media for marketing purposes, social networking privacy has been the subject of recent (failed)  legislation, and the EU has been ratcheting up pressure on prominent social networking sites to enhance privacy protections.  Social media was even a topic of discussion at this May’s "eG8" in Paris, an event blogged about recently by Chris Wolf.

The Hogan Lovells Chronicle of Data Protection have covered social media developments over the past year or so, and provide a summary of our coverage for you here in one place, allowing you to take stock:

• NLRB Increases Enforcement Activity Against Discipline of Employees for Use of Social Media (May 26, 2011):  The National Labor Relations Board (NLRB) has recently expressed an interest in investigating actions taken against employees for their use of social media, including issuing administrative complaints against a car dealer that fired an employee for posting concerns on his Facebook page about the dealer’s handling of a sales event, and against a nonprofit social services organization for terminating five employees that commented on Facebook about the organization’s work load, staffing issues, and commitment to its clients.  These contrast against a memorandum issued by the NLRB that advised that a discharge of a newspaper reporter for posting "unprofessional and inappropriate" social networking messages to a work-related social media account did not violate the law.

• CAN-SPAM Held to Apply to Social Media Messaging (April 1, 2011):  The U.S. District Court for the Northern District of California’s issued an opinion in Facebook v. MaxBounty that held that messages sent through social networking sites must comply with the federal CAN-SPAM law regulating commercial email advertising.

• FTC Announces Proposed Google Buzz Settlement:  First Time FTC Requires Comprehensive Privacy Program (March 30, 2011):  The Federal Trade Commission (FTC) announced a proposed settlement with Google relating to charges that Google used deceptive practices and violated its own privacy policies when it launched its social network Google Buzz.  For the first time ever, the FTC required that a company institute a "comprehensive privacy program" and to receive affirmative consent from consumers to any new or additional uses of previously collected data.

• FTC Enforces Against Obscure Privacy Disclosures in New Consent Decree (December 6, 2010):  The FTC entered into a consent decree with a developer of parental web-monitoring software that, without consent from parents, captured childrens’ website history, chat conversations, and instant messages and incorporated them into a marketing service that provided companies with the ability to access what consumers are saying or thinking by providing aggregate consumer opinions from user-generated social media websites.  Though the company disclosed that information may be used to "improve our services" and "conduct research," the language was in the thirtieth paragraph of a policy that was contained in a small scroll box, and the FTC took the position that the failure to clearly notify parents of the usage of their childrens’ data constituted a deceptive trade practice.

• NLRB Files Complaint for Employer’s Allegedly Overbroad Social Media Policy (November 8, 2010):  The NLRB kicked off its recent flurry of social media activity by issuing an administrative complaint against a company for terminating an employee who, after an incident at work, criticized her supervisor on her Facebook page.  Lafe Solomon, the NLRB’s acting general counsel, said, "This is a fairly straightforward case under the National Labor Relations Act — whether it takes place on Facebook or at the water cooler, it was employees talking jointly about working conditions, in this case about their supervisor, and they have a right to do that."  The case settled early this year.

• Twitter Consent Order Evidences Broader Scope of FTC Information Security Enforcement (July 1, 2010):  The FTC entered into a consent order with social networking service provider Twitter, alleging that lapses in Twitter’s data security practices resulted in unauthorized individuals gaining access to user accounts containing mobile telephone numbers, email addresses, and IP addresses.  Unlike the FTC’s prior data security consent orders under the FTC Act, there was no allegation of any unauthorized access to traditionally identified forms of sensitive personal information, such as Social Security numbers, financial account numbers, government ID numbers, consumer reports, or medical conditions.

• FINRA Issues Guidance on Social Networking Sites (February 9, 2010):  The Financial Industry Regulatory Authority (FINRA), an industry self-regulatory orgnaization, issued guidance to member companies on the use of blogs and social networking sites to engage in company-sponsored communications with the public.  While FINRA exercises oversight of the securities industry, the recommendations are good advice for any business that is considering communicating with or marketing to consumers through social media.

• Two Hogan & Hartson Advisories on the Use of Social Media (September 28, 2009):  We were even covering social media back before we were Hogan Lovells!  We issued an update (PDF), still relevant today, setting forth the considerations that arise when social media is used by three different groups — an entity itself, the employees of that entity, and third parties in reference to the entity.  Also, the FDA in 2009 held a two-day public hearing at the end of that year on how pharmaceutical companies use the web and social media.  Despite it being almost two years since that hearing, the FDA just this March delayed an expected guidance on the use of social media to market pharmaceuticals.  News earlier this week that Facebook will prevent pharmaceutical companies from disabling the comments feature on their pages has caused consternation, as the FDA has implied in past statements that user comments maybe able to be ascribed to pharmaceutical companies for regulatory purposes.  Stay tuned.

Authored by Bret Cohen