Social Media may be utilized to fund raise for philanthropic causes, to crowd source to help catch criminals, and to help unite family members. Unfortunately, too many people have lost their jobs because of the content they have posted online.
The latest person who appears to have joined the #SocialMediaFail club is now former PayPal Director Rakesh Agrawal. According to The Daily Mail, Mr. Agrawal went on a late night Twitter tirade while in New Orleans. Mr. Agrawal appears to have made some derogatory comments about his co-workers online that became newsworthy very quickly. While there appears to be some dispute as to the timing of Mr. Agrawal's departure from PayPal; there is no denying that soon after his Tweets appeared he stopped being employed by PayPal.
New Orleans is one of the most interesting and exciting cities in the world. I have had the pleasure of visiting the city on many occasions and experiencing some of the fun festivals and events that the city hosts. However, not everything one does in New Orleans is meant for the entire world to see. Unfortunately, what goes on in "Vegas (or in New Orleans or anywhere else) stays in Vegas" may no long apply in the Digital Age.
The bottom line is that everyone, including self described "tech/social media experts", "social media consultants", and the "digerati" need to better understand the ramifications of publicly posting personal thoughts and/or images online. My hope is that those who read about this incident will realize that just because you may have a Twitter account it does not mean you should actively Tweet.
Copyright 2014 by Shear Law, LLC. All rights reserved.
Monday, May 5, 2014
Sunday, May 4, 2014
The NBA, Donald Sterling, and Secretly Recording Professional Athletes, Coaches, and Owners
In the Digital Age, almost everyone has a smartphone that contains a video/audio recording feature. In general, this is a good feature that can be used to tape record your family doing fun things. Many people don't see this as a potential threat to personal privacy. However, if you are a celebrity, professional athlete, politician, billionaire, etc... there is a possibility that your most embarrassing and/or private moments may be recorded for blackmail purposes. This in turn may create tremendous financial and reputational harm.
The Donald Sterling matter demonstrates that even the people whom you may allegedly trust the most, such as your "personal assistant" or your "silly rabbit" may tape your private conversations without your knowledge for personal gain. This is a growing problem in the sports world. For example, according to ESPN former Golden State Warriors assistant coach Darren Erman secretly taped his fellow coaches and players without their knowledge. It appears he may have done this via his smartphone. The motive for Mr. Erman's behavior is not yet known but his actions appear to have been illegal.
In some states such as California, two party consent is required when taping a conversation. I find it hard to believe that Sterling would have consented to being taped making racist and sexist comments to his "personal assistant"/"silly rabbit". However, until all of the facts are available it is only speculation as to whether he consented. In addition, I doubt Mr. Erman's fellow coaches and the players on his team would have consented to having their private conversations recorded.
The bottom line is that while smartphones, apps, and other new digital technologies may help make our lives easier they may also capture unpleasant personal activities and enable them to be easily shared to the entire world in an instant. This is why it is so important to take the precautions necessary to protect yourself in the Digital Age.
Copyright 2014 by Shear Law, LLC. All rights reserved.
The Donald Sterling matter demonstrates that even the people whom you may allegedly trust the most, such as your "personal assistant" or your "silly rabbit" may tape your private conversations without your knowledge for personal gain. This is a growing problem in the sports world. For example, according to ESPN former Golden State Warriors assistant coach Darren Erman secretly taped his fellow coaches and players without their knowledge. It appears he may have done this via his smartphone. The motive for Mr. Erman's behavior is not yet known but his actions appear to have been illegal.
In some states such as California, two party consent is required when taping a conversation. I find it hard to believe that Sterling would have consented to being taped making racist and sexist comments to his "personal assistant"/"silly rabbit". However, until all of the facts are available it is only speculation as to whether he consented. In addition, I doubt Mr. Erman's fellow coaches and the players on his team would have consented to having their private conversations recorded.
The bottom line is that while smartphones, apps, and other new digital technologies may help make our lives easier they may also capture unpleasant personal activities and enable them to be easily shared to the entire world in an instant. This is why it is so important to take the precautions necessary to protect yourself in the Digital Age.
Copyright 2014 by Shear Law, LLC. All rights reserved.
Wednesday, April 30, 2014
Google To Stop Scanning Student Emails, But Troubling Privacy Policies Continue
Google announced earlier today that it will stop automatically scanning student and teacher emails sent through Google Apps for Education and will no longer use the platform to deliver any advertising.
This is a positive development for student privacy and means that if the media questions and reports on troubling and illegal corporate practices positive change may occur. I initially blogged about this issue on January 24, 2014. At that time I stated, "[I]t does not appear that students, parents, and/or teachers have been informed and provided consent that would enable their digital interactions and the content sent and received on school contracted Gmail services to be utilized for advertising purposes."
Soon after I wrote about this tremendous threat to student privacy, I spoke to Education Week about this huge privacy and safety risk to our children. I told Education Week that I saw “major FERPA violations” in Google’s activities and suggested that the Education Department should investigate the company. The Federal Trade Commission, which is responsible for monitoring deceptive business practices, should also take note and....[t]he personal safety of students are at risk when commercial entities obtain access to student data and act upon the information."
While I believe this is a good first step for protecting student privacy, why did it take Google years to make this change? Absent multiple lawsuits and the investigative reporting from Education Week would Google have changed its practices? Will Google also turn off its scanning and behavioral advertising functions for its other services such as YouTube, Google Plus, etc...in a school setting? Will Google also change its Android and Chromebook policies to better protect student privacy? Will Google change its Terms of Service and Privacy Policies that govern all of its education offerings? Will Google revise all of its school contracts to reflect this announcement?
Will Google delete all of the personal and highly monetizable personal information that it has been collecting on students, parents, teachers, and their families? Since Google has been caught misrepresenting its practices once again should we as President Regan stated when describing the Soviet Union trust but verify? Who will do the verifying? The U.S. Department of Education, state departments of education, state attorney generals, the FTC? What about better protecting non-student users such as consumers?
Google's announced impending policy change appears to be an admission that it was violating Article 5 of the FTC Act that bans "unfair and deceptive acts". According to a 2011 FTC Consent Decree related to the Google's Buzz matter, it appears the FTC has wide latitude to investigate what appears to be an intentional privacy violation and fine Google accordingly. Under the consent agreement, it appears that Google may be fined up to $16,000 for each violation. Since Google has publicly stated that it has 30 million users, Google's legal liability may reach into the billions of dollars. For example, 30 million x $16,000 for each violation is a fine of $480,000,000,000. Will the FTC open an investigation to determine if Google violated its consent decree?
Since Google's troubling consumer privacy policy governs almost all of its services, more pressure needs to be exerted onto Google to better protect the personal privacy and safety of all of its users. Multiple EU data protection authorities have already either fined Google for its illegal and inherently dangerous privacy policy that clearly violates data protection laws across Europe and/or opened investigations into its troubling "evil behavior".
While Google creates some great products and services, it has consistently refused to do the right thing when it comes to protecting the personal privacy and safety of its users. Is this announcement being done to ward off an FTC investigation into its privacy practices and to stop more potential litigants from joining the Gmail scanning lawsuit(s)?
My hope is that now that Google plans on changing its student data collection and utilization practices in its Apps For Education platform, it will also do the same for its other school offerings. The bottom line is that Google and other companies that create user/people profiles for advertising and other purposes need to not only become more transparent but stop practices that erode the public's privacy and put them in harm's way.
Copyright 2014 by the Law Office of Bradley S. Shear, LLC. All rights reserved.
This is a positive development for student privacy and means that if the media questions and reports on troubling and illegal corporate practices positive change may occur. I initially blogged about this issue on January 24, 2014. At that time I stated, "[I]t does not appear that students, parents, and/or teachers have been informed and provided consent that would enable their digital interactions and the content sent and received on school contracted Gmail services to be utilized for advertising purposes."
Soon after I wrote about this tremendous threat to student privacy, I spoke to Education Week about this huge privacy and safety risk to our children. I told Education Week that I saw “major FERPA violations” in Google’s activities and suggested that the Education Department should investigate the company. The Federal Trade Commission, which is responsible for monitoring deceptive business practices, should also take note and....[t]he personal safety of students are at risk when commercial entities obtain access to student data and act upon the information."
While I believe this is a good first step for protecting student privacy, why did it take Google years to make this change? Absent multiple lawsuits and the investigative reporting from Education Week would Google have changed its practices? Will Google also turn off its scanning and behavioral advertising functions for its other services such as YouTube, Google Plus, etc...in a school setting? Will Google also change its Android and Chromebook policies to better protect student privacy? Will Google change its Terms of Service and Privacy Policies that govern all of its education offerings? Will Google revise all of its school contracts to reflect this announcement?
Will Google delete all of the personal and highly monetizable personal information that it has been collecting on students, parents, teachers, and their families? Since Google has been caught misrepresenting its practices once again should we as President Regan stated when describing the Soviet Union trust but verify? Who will do the verifying? The U.S. Department of Education, state departments of education, state attorney generals, the FTC? What about better protecting non-student users such as consumers?
Google's announced impending policy change appears to be an admission that it was violating Article 5 of the FTC Act that bans "unfair and deceptive acts". According to a 2011 FTC Consent Decree related to the Google's Buzz matter, it appears the FTC has wide latitude to investigate what appears to be an intentional privacy violation and fine Google accordingly. Under the consent agreement, it appears that Google may be fined up to $16,000 for each violation. Since Google has publicly stated that it has 30 million users, Google's legal liability may reach into the billions of dollars. For example, 30 million x $16,000 for each violation is a fine of $480,000,000,000. Will the FTC open an investigation to determine if Google violated its consent decree?
Since Google's troubling consumer privacy policy governs almost all of its services, more pressure needs to be exerted onto Google to better protect the personal privacy and safety of all of its users. Multiple EU data protection authorities have already either fined Google for its illegal and inherently dangerous privacy policy that clearly violates data protection laws across Europe and/or opened investigations into its troubling "evil behavior".
While Google creates some great products and services, it has consistently refused to do the right thing when it comes to protecting the personal privacy and safety of its users. Is this announcement being done to ward off an FTC investigation into its privacy practices and to stop more potential litigants from joining the Gmail scanning lawsuit(s)?
My hope is that now that Google plans on changing its student data collection and utilization practices in its Apps For Education platform, it will also do the same for its other school offerings. The bottom line is that Google and other companies that create user/people profiles for advertising and other purposes need to not only become more transparent but stop practices that erode the public's privacy and put them in harm's way.
Copyright 2014 by the Law Office of Bradley S. Shear, LLC. All rights reserved.
Wednesday, April 23, 2014
California Introduces Social Media Anti-Disparagement Consumer Protection Bill
California recently introduced AB 2365 which would prohibit businesses and service professionals from contractually silencing customers who may
want to complain online about their experiences. While I am generally not in favor of increased digital regulations, this bill may be a step in the right direction because more businesses are exploring contractually silencing their critics.
Kleargear.com is the poster child for how not to treat consumers in the Social Media Age. It inserted a non-disparagement clause into its online agreements several years ago in order to pursue disgruntled customers who complained about their service. For example, Kleargear.com threatened a former consumer who wasn't even subject to its non-disparagement clause since she made her purchase before the clause was effective. The company demanded $3,500 from this customer because it did not agree with her online review. When this former consumer refused to pay she was reported to multiple credit reporting agencies which caused real world damages.
During the initial media firestorm when Kleargear.com's reprehensible behavior was publicized last year, it removed the non-disparagement clause. However, it appears that it was recently reinstated. Kleargear.com's non-disparagement clause states:
"In an effort to ensure fair and honest public feedback, and to prevent the publishing of libelous content in any form, your acceptance of this sales contract prohibits you from taking any action that negatively impacts KlearGear.com, its reputation, products, services, management or employees.
Should you violate this clause, as determined by KlearGear.com in its sole discretion, you will be provided a seventy-two (72) hour opportunity to retract the content in question. If the content remains, in whole or in part, you will immediately be billed $3,500.00 USD for legal fees and court costs until such complete costs are determined in litigation. Should these charges remain unpaid for 30 calendar days from the billing date, your unpaid invoice will be forwarded to our third party collection firm and will be reported to consumer credit reporting agencies until paid."
Kleargear.com is the poster child for how not to treat consumers in the Social Media Age. It inserted a non-disparagement clause into its online agreements several years ago in order to pursue disgruntled customers who complained about their service. For example, Kleargear.com threatened a former consumer who wasn't even subject to its non-disparagement clause since she made her purchase before the clause was effective. The company demanded $3,500 from this customer because it did not agree with her online review. When this former consumer refused to pay she was reported to multiple credit reporting agencies which caused real world damages.
During the initial media firestorm when Kleargear.com's reprehensible behavior was publicized last year, it removed the non-disparagement clause. However, it appears that it was recently reinstated. Kleargear.com's non-disparagement clause states:
"In an effort to ensure fair and honest public feedback, and to prevent the publishing of libelous content in any form, your acceptance of this sales contract prohibits you from taking any action that negatively impacts KlearGear.com, its reputation, products, services, management or employees.
Should you violate this clause, as determined by KlearGear.com in its sole discretion, you will be provided a seventy-two (72) hour opportunity to retract the content in question. If the content remains, in whole or in part, you will immediately be billed $3,500.00 USD for legal fees and court costs until such complete costs are determined in litigation. Should these charges remain unpaid for 30 calendar days from the billing date, your unpaid invoice will be forwarded to our third party collection firm and will be reported to consumer credit reporting agencies until paid."
Kleargear.com's behavior demonstrates that without robust digital consumer protections some companies will abuse their power and insert very troubling language into their Terms of Use/Sale agreements. Caveat emptor when making online purchases.
Copyright 2014 by the Law Office of Bradley S. Shear, LLC. All rights reserved.
Copyright 2014 by the Law Office of Bradley S. Shear, LLC. All rights reserved.
Thursday, April 10, 2014
Kentucky Takes the Lead To Protect Student Privacy in the Digital Age
According to WHAS11.com in Kentucky, HB 232 was signed into law today by Governor Steve Beshear. This new law states "[a] cloud computing service provider shall not in any case process student data to advertise or facilitate advertising or to create or correct an individual or household profile for any advertisement purpose, and shall not sell, disclose, or otherwise process student data for any commercial purpose." In a nutshell, the new law bans school vendors who provide cloud based services from data mining student digital communications for advertising purposes.
HB 232 received bipartisan support and passed 98-0 in the Kentucky House and 38-0 in the Kentucky Senate. The bill appears to be have been inspired by the Target 2013 holiday data breach and the Gmail data mining lawsuit where Google recently admitted in court documents that its Google Apps For Education platform that it offers for "free" to schools data mines student digital activity for corporate profit.
Kentucky has taken a significant step to protect its students in the Digital Age. This new law demonstrates that in Kentucky children's privacy and safety do not take a back seat to the special interests that believe they have the right to data mine our students' digital activity for commercial gain. Other states such as Oklahoma and New York have enacted or introduced student privacy legislation in the past year; however, Kentucky's new law appears to be the first that offers much greater privacy protection than the Family Educational and Privacy Rights Act (FERPA).
My hope is that other states and eventually Congress follows Kentucky's lead to enact legislation that ensures our children's privacy is better protected in the Digital Age.
Copyright 2014 by the Law Office of Bradley S. Shear, LLC. All rights reserved.
HB 232 received bipartisan support and passed 98-0 in the Kentucky House and 38-0 in the Kentucky Senate. The bill appears to be have been inspired by the Target 2013 holiday data breach and the Gmail data mining lawsuit where Google recently admitted in court documents that its Google Apps For Education platform that it offers for "free" to schools data mines student digital activity for corporate profit.
Kentucky has taken a significant step to protect its students in the Digital Age. This new law demonstrates that in Kentucky children's privacy and safety do not take a back seat to the special interests that believe they have the right to data mine our students' digital activity for commercial gain. Other states such as Oklahoma and New York have enacted or introduced student privacy legislation in the past year; however, Kentucky's new law appears to be the first that offers much greater privacy protection than the Family Educational and Privacy Rights Act (FERPA).
My hope is that other states and eventually Congress follows Kentucky's lead to enact legislation that ensures our children's privacy is better protected in the Digital Age.
Copyright 2014 by the Law Office of Bradley S. Shear, LLC. All rights reserved.
Saturday, April 5, 2014
Facebook Insult About Islam May Lead To Execution in Iran
Be careful about what you say online. For example, if you are a United Kingdom resident and post allegedly derogatory messages about Iran and/or Islam and then visit Iran you may be detained by the Iranian authorities. This appears to have happened to a British resident recently.
According to The Independent, a British woman allegedly posted derogatory comments about Iran's government and Islam on Facebook. It appears that as soon as she landed in Shiraz, Iran to visit family she arrested and was taken to Tehran and charged with "gathering and participation with intent to commit crime against national security" and "insulting Islamic sanctities". These charges may lead to her execution.
This set of facts leads me to believe that Iran is social media monitoring every negative comment online about its government and when it has the opportunity to arrest the alleged speakers it does.
The bottom line is that sometimes it is best to have anonymity online. The Federalist Papers were published anonymously for a reason and that reason was to express political opinions without fear of retribution. Therefore, before making online political comments about certain issues anonymity may be best.
Copyright 2014 by the Law Office of Bradley S. Shear, LLC. All rights reserved.
According to The Independent, a British woman allegedly posted derogatory comments about Iran's government and Islam on Facebook. It appears that as soon as she landed in Shiraz, Iran to visit family she arrested and was taken to Tehran and charged with "gathering and participation with intent to commit crime against national security" and "insulting Islamic sanctities". These charges may lead to her execution.
This set of facts leads me to believe that Iran is social media monitoring every negative comment online about its government and when it has the opportunity to arrest the alleged speakers it does.
The bottom line is that sometimes it is best to have anonymity online. The Federalist Papers were published anonymously for a reason and that reason was to express political opinions without fear of retribution. Therefore, before making online political comments about certain issues anonymity may be best.
Copyright 2014 by the Law Office of Bradley S. Shear, LLC. All rights reserved.
Thursday, April 3, 2014
The Student Privacy Bill of Rights
On March 6, 2014, Khaliah Barnes, the Director of the Electronic Privacy Information Center's (EPIC) Student Privacy Project authored an extremely
important article that was featured in the Washington Post titled, "Why a Student Privacy Bill of Rights is desperately needed". The piece details the digital privacy challenges students encounter and why they need to have stronger legal rights to better protect their personal privacy and safety. I wholeheartedly agree with Ms. Barnes and believe our students need more robust digital privacy protections.
The main federal laws designed to protect student privacy, the Family Educational Rights and Privacy Act (FERPA) and the Protection of Pupil Rights Amendment (PRPA) have not been updated to keep pace with the Digital Age. The lack of legal protections for our students' personal information that is stored in the cloud has made Ms. Barnes' Student Privacy Bill of Rights a necessity. It enumerates six basic rights for students and I believe that in the age of Big Data, students have "certain unalienable Rights" regarding their personal privacy. The Rights are listed below:
Right #4 Security: Students have the right to secure and responsible data practices
Right #5 Transparency: Students have the right to clear and accessible information privacy and security practices.
Transparency is key to fostering successful privacy and security practices. Educational institutions and their contractors need to be required by law to be fully transparent about the type of information they collect, how it is utilized, how long it is archived, and who has access to it. School vendors such as Google who have not been transparent about their privacy and security practices put our students' privacy and personal security at risk. If schools are unable to provide clear and accessible information about their contractors' privacy and security practices, students should have the right to opt-out of participating in a school provided platform that harms their privacy and puts their personal security at risk.
Right #6 Accountability: Students should have the right to hold schools and private companies handling student data accountable for adhering to the Student Privacy Bill of Rights.
The main federal laws designed to protect student privacy, the Family Educational Rights and Privacy Act (FERPA) and the Protection of Pupil Rights Amendment (PRPA) have not been updated to keep pace with the Digital Age. The lack of legal protections for our students' personal information that is stored in the cloud has made Ms. Barnes' Student Privacy Bill of Rights a necessity. It enumerates six basic rights for students and I believe that in the age of Big Data, students have "certain unalienable Rights" regarding their personal privacy. The Rights are listed below:
Right
#1 Access and Amendment: Students have the right to access and amend
their erroneous, misleading, or otherwise inappropriate records, regardless of
who collects or maintains the information.
While growing up in the 1980's, I didn't have to worry that everything I said to my classmates and/or teachers would be on my permanent record forever. When I attended elementary, middle, and high school, the primary form of communication was in person, on the phone, and handwritten/typed letters. In college, I recall sending out my first email and then in law school email began to gain traction.
While growing up in the 1980's, I didn't have to worry that everything I said to my classmates and/or teachers would be on my permanent record forever. When I attended elementary, middle, and high school, the primary form of communication was in person, on the phone, and handwritten/typed letters. In college, I recall sending out my first email and then in law school email began to gain traction.
As an adjunct professor at a major
international university, I have noticed that students prefer email as their
primary form of communication outside of class.
Students sometimes make inappropriate remarks in class and/or email. However, students attend school to learn how
to communicate and I believe the content of their school work and their school related
communications should be protected and off limits from data mining. My students and children should be afforded
the same privacy protections I experienced in school without fear that every
single student-teacher and student-student
digital interaction may be used against them in the future.
Right
#2 Focused collection: Students have the right to reasonably limit
student data that companies and schools collect and retain.
Schools, along with their vendors,
and sub-contractors should be limited to what type of data they are able to
collect and retain about students. For
example, some schools require student-athletes to install cyber-monitoring
software onto their personal computers and personal digital media accounts so all
of their online postings may be captured and archived indefinitely. One school vendor was caught a couple years
ago by Time Magazine
abusing its access to personal student data and utilizing their content for advertising
purposes. Therefore, it is imperative
that students have the right to reasonably limit the type of personal
information that is collected and retained about them by companies that
contract with schools.
Right
#3 Respect for Context: Students have the right to expect that companies
and schools will collect, use, and disclose student information solely in ways
that are compatible with the context in which students provide data.
Unfortunately, some companies have
not been honest about the manner in which they collect and utilize personal student
information. Education Week
recently reported that Google is abusing its privilege as a school learning platform
provider because it is using its Apps For Education offering to surreptitiously
data mine student emails for potential advertising.
Whether its through cloud computing,
mobile communication devices, apps, or old school personal computer networks, a
tremendous amount of information is being collected by third parties and this
data is not under the direct control of our schools. Therefore, schools and their vendors must be
required to disclose exactly what is happening to student information that is
stored digitally.
Right #4 Security: Students have the right to secure and responsible data practices
Secure data practices do not happen
overnight and requires cooperation from both schools and their vendors. Professor Dan Solove of George Washington
University has been advocating for years that schools hire chief privacy
officers to educate and provide leadership on these issues. Earlier this year, Prof. Solove told USA Today, “[w]ithout
a privacy officer in schools, there will be no one looking out for privacy
issues,”
Recent high profile data breaches at the University of Maryland
and Indiana University
demonstrates the need for educational institutions to implement policies and
practices that better protect our students' privacy.
Right #5 Transparency: Students have the right to clear and accessible information privacy and security practices.
Transparency is key to fostering successful privacy and security practices. Educational institutions and their contractors need to be required by law to be fully transparent about the type of information they collect, how it is utilized, how long it is archived, and who has access to it. School vendors such as Google who have not been transparent about their privacy and security practices put our students' privacy and personal security at risk. If schools are unable to provide clear and accessible information about their contractors' privacy and security practices, students should have the right to opt-out of participating in a school provided platform that harms their privacy and puts their personal security at risk.
Right #6 Accountability: Students should have the right to hold schools and private companies handling student data accountable for adhering to the Student Privacy Bill of Rights.
FERPA has no private right of action against school vendors. This is a huge
loophole that puts the burden of protecting our children's privacy squarely on
academic institutions even though many schools are ill equipped and
under-funded to do so. New state and/or
federal laws/regulations are needed to hold school contractors accountable for
violating the privacy of our students.
A
recently released report on Big Data and "alternative
credit scoring" by the World Privacy Forum
reinforces the need for greater regulation to protect our privacy. The report discusses unfairness and
discrimination issues that may soon become widespread because our current legal
and regulatory privacy framework was designed before email, apps, and the cloud
became ubiquitous. Students shouldn't
have to worry about whether their school related research, questions, communications, and/or
projects on disabilities, HIV, personal sexuality, pregnancy, sexually transmitted diseases, etc... will be data mined
and/or sold to the highest bidder.
If third party vendors mislead schools,
parents, or students about their data handling or protection practices, they need
to be held legally and financially responsible for privacy violations.
For example, students who utilize Google Apps For Education through their
schools should be able to hold Google legally and financially accountable for data mining their school digital interactions, content, work etc...for non-educational purposes.
Soon after the Education Week article that uncovered Google's very troubling student data mining practices was published, I reached
out to Ms. Barnes and asked her to comment about these new revelations. In an email Ms. Barnes stated, "Google's data
mining admissions underscore the importance of the Student Privacy Bill of
Rights. Here's a situation where students lost total control over their
information. The students first lost control when the schools made a choice on
behalf of students, without first adequately vetting Google's data practices
and ensuring that those practices don't put students at risk. Second, students
lost control when Google decided to read students' emails. Google's practices
contravene the Student Privacy Bill of Rights by repurposing student data for
commercial use. Google should be held accountable to students, the Education
Department, and the Federal Trade Commission for violating student trust."
As
a society, we need to do more to protect our children's privacy in the Digital
Age. A first step would be to adopt the
principles advocated by Ms. Barnes' in her Student Privacy Bill of Rights.
Copyright 2014 by the Law Office of Bradley S. Shear, LLC. All rights reserved.
Thursday, March 27, 2014
Minnesota School District To Pay $70,000 For Accessing Student's Facebook Account
With access comes responsibility and financial liability. A student recently won a $70,000 settlement against a Minnesota school district after she was required to provide access to her personal digital accounts. I initially wrote about this issue on March 10, 2012, and stated, "This behavior is a clear 1st and 4th Amendment and possibly a 5th Amendment violation of the U.S. Constitution." On September 15, 2012, I wrote, "Public schools that require any of their students to register their social media usernames, or to provide access to their password protected digital content via required Facebook Friending or the installation of a third-party software application for any reason are in clear violation of the 1st and 4th Amendment."
This settlement along with the recent NLRB ruling that referenced Northwestern's illegal student-athlete social media policy demonstrates that K-12 schools and post-secondary institutions need to better understand their legal liabilities in the Digital Age. Drafting and enforcing a legal and reasonable social media policy is extremely important since almost every student of a certain age and employee owns or has access to a digital device/account. Students still have a right to privacy despite what some technology companies may claim.
For years, I have been publicly discussing the legal liability issues schools will encounter if they require access to their student's personal digital accounts. Schools that refuse to understand and properly address these issues will (not may) have tremendous legal liability and financial obligations. If a school wants access to their students' personal digital accounts they may need to pay $70,000 per student. There are other options available and my hope is that schools become better educated about them.
Copyright 2014 by the Law Office of Bradley S. Shear, LLC. All rights reserved.
This settlement along with the recent NLRB ruling that referenced Northwestern's illegal student-athlete social media policy demonstrates that K-12 schools and post-secondary institutions need to better understand their legal liabilities in the Digital Age. Drafting and enforcing a legal and reasonable social media policy is extremely important since almost every student of a certain age and employee owns or has access to a digital device/account. Students still have a right to privacy despite what some technology companies may claim.
For years, I have been publicly discussing the legal liability issues schools will encounter if they require access to their student's personal digital accounts. Schools that refuse to understand and properly address these issues will (not may) have tremendous legal liability and financial obligations. If a school wants access to their students' personal digital accounts they may need to pay $70,000 per student. There are other options available and my hope is that schools become better educated about them.
Copyright 2014 by the Law Office of Bradley S. Shear, LLC. All rights reserved.
Wednesday, March 26, 2014
NLRB Refers To Northwestern's Illegal Social Media Policy in Ruling Student Athletes May Unionize
In a ground breaking ruling earlier today, the regional director of the National Labor Relations Board ruled today that Northwestern University scholarship football players are employees of the school and are eligible to form the nation's first college athletes' union. According to ESPN's Lester Munson, the ruling is very well-reasoned.
As part of the rationale as to why Northwestern's scholarship football players are to be considered employees rather than student-athletes the ruling mentions Northwestern's illegal student-athlete social networking policy. On page 5 it states, "[t]he players must also abide by a social media policy, which restricts what they can post on the Internet, including Twitter, Facebook, and Instagram. In fact, the players are prohibited from denying a coach's "friend" request and the former's posting are monitored."
Northwestern's student-athlete social networking policy is in clear violation of Illinois Public Act 098-0129. This act states, "It is unlawful for a post-secondary school to request or require a student or his or her parent or guardian to provide a password or other related account information in order to gain access to the student's account or profile on a social networking website or to demand access in any manner to a student's account or profile on a social networking website."
On August 14, 2013, I wrote that Northwestern will be required to change its student-athlete social media policy before 1/1/2014 because of Illinois' new social media privacy law. Unfortunately, this did not occur and its illegal policy was utilized against them in analyzing that a student-athlete is an employee and not a student.
While this ruling may eventually be overturned, it should serve as a wake up call to NCAA schools that highly regulate their student-athletes' digital usage. Athletic departments that enforce strict social media policies and/or utilize social media monitoring companies may soon have more legal and financial issues to confront than anticipated. Continuing to deploy social media monitoring companies to watch student-athletes online may encourage other administrative and/or judicial bodies to conclude that student-athletes are not students but employees.
NCAA athletic departments should be careful for what they wish for. With access comes responsibility. Strictly regulating student-athletes' personal digital lives will create tremendous legal and financial problems.
Copyright 2014 by the Law Office of Bradley S. Shear, LLC All rights reserved.
As part of the rationale as to why Northwestern's scholarship football players are to be considered employees rather than student-athletes the ruling mentions Northwestern's illegal student-athlete social networking policy. On page 5 it states, "[t]he players must also abide by a social media policy, which restricts what they can post on the Internet, including Twitter, Facebook, and Instagram. In fact, the players are prohibited from denying a coach's "friend" request and the former's posting are monitored."
Northwestern's student-athlete social networking policy is in clear violation of Illinois Public Act 098-0129. This act states, "It is unlawful for a post-secondary school to request or require a student or his or her parent or guardian to provide a password or other related account information in order to gain access to the student's account or profile on a social networking website or to demand access in any manner to a student's account or profile on a social networking website."
On August 14, 2013, I wrote that Northwestern will be required to change its student-athlete social media policy before 1/1/2014 because of Illinois' new social media privacy law. Unfortunately, this did not occur and its illegal policy was utilized against them in analyzing that a student-athlete is an employee and not a student.
While this ruling may eventually be overturned, it should serve as a wake up call to NCAA schools that highly regulate their student-athletes' digital usage. Athletic departments that enforce strict social media policies and/or utilize social media monitoring companies may soon have more legal and financial issues to confront than anticipated. Continuing to deploy social media monitoring companies to watch student-athletes online may encourage other administrative and/or judicial bodies to conclude that student-athletes are not students but employees.
NCAA athletic departments should be careful for what they wish for. With access comes responsibility. Strictly regulating student-athletes' personal digital lives will create tremendous legal and financial problems.
Copyright 2014 by the Law Office of Bradley S. Shear, LLC All rights reserved.
Saturday, March 22, 2014
NFL Star Roddy White Makes Season Ticket Offer on Twitter If Duke Loses and May Have To Pay Up
Are social media offers legally binding? Yes. R&B artist Ryan Leslie lost a $1 million dollar lawsuit in 2012 over his refusal to honor his YouTube offer. Earlier this week, the Atlanta Falcons' Roddy White Tweeted: @DHoyt77 if mercer beat duke I will give you season tickets 50 yard line first row. Duke lost the game and subsequently White Tweeted: I lost a bet and I will give him tickets to the bears game since he is a bears fan done with this bet
There was an offer by White and an acceptance by @DHoyt77. If White refuses to honor his initial offer and @DHoyt77 decides to sue White for the offer of season tickets I believe @DHoyt77 has a valid claim. The Leslie case may provide a strong precedent for @DHoyt77's position that may be utilized to demonstrate that a social media offer and acceptance is legally binding.
While White's offer may sound reminiscent of the Aaron Rodgers Tweet last year that stated, " @toddsutton ya I'd put my salary next year on it," it is not. Aaron Rodgers didn't state to another Twitter user "I will give you my entire year's salary". There was no clear offer and acceptance in the Rodgers matter. Here, there appears to be a straight forward offer and acceptance. Therefore, I believe White owes for the entire season and @DHoyt77 has a strong claim that is legally enforceable.
The bottom line is that be careful what you Tweet because it may be used against you in the future.
Copyright 2014 by the Law Office of Bradley S. Shear, LLC All rights reserved.
There was an offer by White and an acceptance by @DHoyt77. If White refuses to honor his initial offer and @DHoyt77 decides to sue White for the offer of season tickets I believe @DHoyt77 has a valid claim. The Leslie case may provide a strong precedent for @DHoyt77's position that may be utilized to demonstrate that a social media offer and acceptance is legally binding.
While White's offer may sound reminiscent of the Aaron Rodgers Tweet last year that stated, " @toddsutton ya I'd put my salary next year on it," it is not. Aaron Rodgers didn't state to another Twitter user "I will give you my entire year's salary". There was no clear offer and acceptance in the Rodgers matter. Here, there appears to be a straight forward offer and acceptance. Therefore, I believe White owes for the entire season and @DHoyt77 has a strong claim that is legally enforceable.
The bottom line is that be careful what you Tweet because it may be used against you in the future.
Copyright 2014 by the Law Office of Bradley S. Shear, LLC All rights reserved.
Thursday, March 13, 2014
Roseanne Barr Sued Over Trayvon Martin Case Tweets By George Zimmerman's Parents
I advise my clients to Tweet and utilize other digital platforms only after they have thought about the potential legal consequences that may occur if they share their personal thoughts online. Too many self-described social media consultants preach how great it is to share as much about yourself on electronic platforms as possible to make your personal story "authentic". This feel good "branding" advice that many social media consultants tout is usually worthless and may create tremendous legal liability issues.
Before social media, to have your voice heard was not easy. In the past, a publicist may have been needed to reach out to the media. Social Media has changed the game and increased the potential for major legal liability for those who post online. For example, during the trial of George Zimmerman for the alleged murder of Trayvon Martin, Spike Lee Tweeted out an incorrect address of a couple whom he believed was George Zimmerman's parents. To avoid a potential trial, Spike Lee settled with the couple whose address he incorrectly posted on Twitter.
Spike Lee was not the only celebrity who Tweeted about the George Zimmerman case who may need to pay civil damages because of his Tweets. Actress Roseanne Barr was sued by George Zimmerman's parents for Tweeting out their actual address which they claim required them to live in hiding. According to CNN, the Zimmermans accuse Barr of "intentional infliction of emotional distress" and "invasion of privacy" with the message to her 110,000 Twitter followers on March 29, 2012."
The bottom line is be careful about what you Tweet. Just because you have the ability to comment about a matter of public concern doesn't mean you should say whatever is on your mind. While you may have the right to say whatever you want in our country, almost anyone has the right to sue you for almost whatever you say. Whether the lawsuit will be successful is an entirely different matter.
Copyright 2014 by the Law Office of Bradley S. Shear, LLC All rights reserved.
Before social media, to have your voice heard was not easy. In the past, a publicist may have been needed to reach out to the media. Social Media has changed the game and increased the potential for major legal liability for those who post online. For example, during the trial of George Zimmerman for the alleged murder of Trayvon Martin, Spike Lee Tweeted out an incorrect address of a couple whom he believed was George Zimmerman's parents. To avoid a potential trial, Spike Lee settled with the couple whose address he incorrectly posted on Twitter.
Spike Lee was not the only celebrity who Tweeted about the George Zimmerman case who may need to pay civil damages because of his Tweets. Actress Roseanne Barr was sued by George Zimmerman's parents for Tweeting out their actual address which they claim required them to live in hiding. According to CNN, the Zimmermans accuse Barr of "intentional infliction of emotional distress" and "invasion of privacy" with the message to her 110,000 Twitter followers on March 29, 2012."
The bottom line is be careful about what you Tweet. Just because you have the ability to comment about a matter of public concern doesn't mean you should say whatever is on your mind. While you may have the right to say whatever you want in our country, almost anyone has the right to sue you for almost whatever you say. Whether the lawsuit will be successful is an entirely different matter.
Copyright 2014 by the Law Office of Bradley S. Shear, LLC All rights reserved.
Tuesday, March 11, 2014
Tweets, School Bathrooms, The First Amendment, and The Right To Privacy
What if a student takes a photo of behavior occurring in the common area of a school bathroom during school hours that appears to violate school policy and then Tweets out the image with commentary? Should the photographer who captured and Tweeted out the image be disciplined but those whose behavior allegedly violated school policy not be punished? This is a question that a public high school in Maryland is answering.
Recently, a student Tweeted out a selfie of herself with two other students in the background allegedly engaging in sexual contact. As of this writing, the photo has been re-tweeted over 14,000 times. After school administrators became informed about the situation, the Tweeter was suspended for ten days. The students who appeared in the photo (their faces are not viewable) allegedly engaging in some type of personal interaction that may or may not be of a sexual nature were not disciplined.
I am very protective of free speech rights; especially for students. I strongly believe in the Tinker v. Des Moines decision which ruled that students do not leave their constitutional rights at the school house gate. However, I believe in Griswold v. Connecticut's ruling that we all have a right to privacy. Mobile devices and wearable technology will test the right to privacy versus the first amendment in the Digital Age. This situation demonstrates that their are no easy answers regarding where our first amendment rights end and our right to privacy begins.
Copyright 2014 by the Law Office of Bradley S. Shear, LLC All rights reserved.
Recently, a student Tweeted out a selfie of herself with two other students in the background allegedly engaging in sexual contact. As of this writing, the photo has been re-tweeted over 14,000 times. After school administrators became informed about the situation, the Tweeter was suspended for ten days. The students who appeared in the photo (their faces are not viewable) allegedly engaging in some type of personal interaction that may or may not be of a sexual nature were not disciplined.
I am very protective of free speech rights; especially for students. I strongly believe in the Tinker v. Des Moines decision which ruled that students do not leave their constitutional rights at the school house gate. However, I believe in Griswold v. Connecticut's ruling that we all have a right to privacy. Mobile devices and wearable technology will test the right to privacy versus the first amendment in the Digital Age. This situation demonstrates that their are no easy answers regarding where our first amendment rights end and our right to privacy begins.
Copyright 2014 by the Law Office of Bradley S. Shear, LLC All rights reserved.
Bill Cosby, Gilbert Gottfried, Big Data, and the Right to Privacy
One of my favorite television programs growing up in the 1980's was The Cosby Show. The show was about an upper middle-class African-American family living in Brooklyn, New York. I enjoyed the show because it was funny and the issues it covered were very timely.
Recently, I watched one of my favorite episodes. This particular episode's main theme was negotiating to buy a new car since the old family truckster (i.e. think the Griswald's car in National Lampoon's Vacation) was on its last legs. Bill Cosby's character, Dr. Heathcliff Huxtable does not want the car dealer to know that he is a doctor because he fears he will lose any negotiating power (i.e. he wants to keep his potential financial status anonymous because he believes the dealership will be more flexible with a less financially successful customer; think "price discrimination" based upon ability to pay) if the dealer can size him up financially. He visits the car dealership with his son in an average looking shirt, pants, etc... and avoids telling the salesman his profession.
Dr. Huxtable is downplaying his financial position while the car salesman talks about how expensive it is to raise his children and how one of his kids now needs braces. The bottom line is that the car negotiation is moving along when all of a sudden Gilbert Gottfried shows up. Gilbert Gottfried calls Bill Cosby's character "Dr. Huxtable" (the salesman didn't know he was a doctor) and tells the salesman that Dr. Huxtable's wife was recently made a partner in her law firm and that they have plenty of money. The bottom line is that Gilbert Gottfried's information appeared to alter Dr. Huxtable's ability to negotiate the best possible deal.
Why does this matter? Think of Gilbert Gottfried as a data broker, a digital online advertising network, or an app that sells (i.e. shares, exchanges, etc...) your personal information to others. This information may then be combined so a personal dossier is created that includes both your online and offline activities. According to 60 Minutes, this information may then be sold to governments to spy on you or to entities that may prey on those who are vulnerable to sales pitches.
The more information a seller knows about its buyers the greater the risk that price discrimination may occur. Should a person's race, creed, religion, personal opinions, wants, disabilities, financial position, health status, etc... be available to sellers? Should all Americans be on the same footing when shopping or negotiating for goods and/or services? For example, should a school provider of digital services be able to sell to a data broker or insurance company the lunch purchasing information of students so a corporate entity may then utilize this information for commercial gain?
I believe our country needs to create stronger data protection laws and require data collection companies to become more transparent about their activities. I don't want my children to grow up in a world where everything they do is collected and inserted into their personal digital file and utilized to discriminate them. Shouldn't future generations have the same privacy protections we had while growing up?
Copyright 2014 by the Law Office of Bradley S. Shear, LLC All rights reserved.
Recently, I watched one of my favorite episodes. This particular episode's main theme was negotiating to buy a new car since the old family truckster (i.e. think the Griswald's car in National Lampoon's Vacation) was on its last legs. Bill Cosby's character, Dr. Heathcliff Huxtable does not want the car dealer to know that he is a doctor because he fears he will lose any negotiating power (i.e. he wants to keep his potential financial status anonymous because he believes the dealership will be more flexible with a less financially successful customer; think "price discrimination" based upon ability to pay) if the dealer can size him up financially. He visits the car dealership with his son in an average looking shirt, pants, etc... and avoids telling the salesman his profession.
Dr. Huxtable is downplaying his financial position while the car salesman talks about how expensive it is to raise his children and how one of his kids now needs braces. The bottom line is that the car negotiation is moving along when all of a sudden Gilbert Gottfried shows up. Gilbert Gottfried calls Bill Cosby's character "Dr. Huxtable" (the salesman didn't know he was a doctor) and tells the salesman that Dr. Huxtable's wife was recently made a partner in her law firm and that they have plenty of money. The bottom line is that Gilbert Gottfried's information appeared to alter Dr. Huxtable's ability to negotiate the best possible deal.
Why does this matter? Think of Gilbert Gottfried as a data broker, a digital online advertising network, or an app that sells (i.e. shares, exchanges, etc...) your personal information to others. This information may then be combined so a personal dossier is created that includes both your online and offline activities. According to 60 Minutes, this information may then be sold to governments to spy on you or to entities that may prey on those who are vulnerable to sales pitches.
The more information a seller knows about its buyers the greater the risk that price discrimination may occur. Should a person's race, creed, religion, personal opinions, wants, disabilities, financial position, health status, etc... be available to sellers? Should all Americans be on the same footing when shopping or negotiating for goods and/or services? For example, should a school provider of digital services be able to sell to a data broker or insurance company the lunch purchasing information of students so a corporate entity may then utilize this information for commercial gain?
I believe our country needs to create stronger data protection laws and require data collection companies to become more transparent about their activities. I don't want my children to grow up in a world where everything they do is collected and inserted into their personal digital file and utilized to discriminate them. Shouldn't future generations have the same privacy protections we had while growing up?
Copyright 2014 by the Law Office of Bradley S. Shear, LLC All rights reserved.
Friday, February 28, 2014
EU Asks Apple and Google To Better Police Apps Targeting Children
The European Union is trying to determine how best to protect children from app developers who target them through "Freemium" business models. According to Wikipedia, Freemium is a pricing strategy by which a product or service (typically a digital offering such as software, media, games or web services) is provided free of charge, however, money is required for advanced features, functionality, or virtual goods.
European consumer protection officials are focusing their inquiry on Apple and Google because of their strong market position in the app ecosystem. According to the EU, the 4 main issues that need to be addressed include: 1) Games advertised as “free” should not mislead consumers about the true costs involved; 2) Games should not contain direct exhortations to children to buy items in a game or to persuade an adult to buy items for them; 3) Consumers should be adequately informed about the payment arrangements and purchases should not be debited through default settings without consumers’ explicit consent; 4) Traders should provide an email address so that consumers can contact them in case of queries or complaints.
In a press release regarding this matter, Vice-President Viviane Reding, the EU’s Justice Commissioner stated, "Misleading consumers is clearly the wrong business model and also goes against the spirit of EU rules on consumer protection. The European Commission will expect very concrete answers from the app industry to the concerns raised by citizens and national consumer organizations."
Earlier this year, Apple agreed to an FTC settlement and promised to pay at least $32.5 million dollars to settle a complaint that alleged proper parental permission was not always obtained when children made app purchases on its platform. This was another warning shot to the app ecosystem that it must do a better job of protecting children and families
The bottom line is that regulators around the world are ramping up their investigations and enforcement actions against companies that target children online. Therefore, corporate best practices should ensure that children's interests are protected when interacting with them on digital platforms.
Copyright 2014 by the Law Office of Bradley S. Shear, LLC All rights reserved.
European consumer protection officials are focusing their inquiry on Apple and Google because of their strong market position in the app ecosystem. According to the EU, the 4 main issues that need to be addressed include: 1) Games advertised as “free” should not mislead consumers about the true costs involved; 2) Games should not contain direct exhortations to children to buy items in a game or to persuade an adult to buy items for them; 3) Consumers should be adequately informed about the payment arrangements and purchases should not be debited through default settings without consumers’ explicit consent; 4) Traders should provide an email address so that consumers can contact them in case of queries or complaints.
In a press release regarding this matter, Vice-President Viviane Reding, the EU’s Justice Commissioner stated, "Misleading consumers is clearly the wrong business model and also goes against the spirit of EU rules on consumer protection. The European Commission will expect very concrete answers from the app industry to the concerns raised by citizens and national consumer organizations."
Earlier this year, Apple agreed to an FTC settlement and promised to pay at least $32.5 million dollars to settle a complaint that alleged proper parental permission was not always obtained when children made app purchases on its platform. This was another warning shot to the app ecosystem that it must do a better job of protecting children and families
The bottom line is that regulators around the world are ramping up their investigations and enforcement actions against companies that target children online. Therefore, corporate best practices should ensure that children's interests are protected when interacting with them on digital platforms.
Copyright 2014 by the Law Office of Bradley S. Shear, LLC All rights reserved.
Wednesday, February 19, 2014
Court: Facebook Must Comply With German Data Protection Laws
U.S. companies need to realize that they must follow the laws of the countries that they operate in. Facebook, Google, etc... appear not to understand the proverb, "when in Rome do as the Romans do" should mean that when doing business around the world they must abide by the data protection and privacy laws of the countries where they offer their services.
The Higher Court of Berlin recently confirmed a 2012 verdict that found that Facebook’s Friend Finder violated German law because it was unclear to users that they imported their entire address book into the social network when using it. The court further confirmed that Facebook’s privacy policy and terms of service violate German law.
Facebook and Google appear to believe that EU data protection laws should not apply to them. Both of these companies have been sued multiple times and paid fines and/or entered into judicial settlements in the tens of millions of dollars for privacy violations. Unfortunately, these fines are pocket change to them. Should our personal privacy and cyber-safety be protected and valued in the same way as consumer anti-trust protections?
Copyright 2014 by the Law Office of Bradley S. Shear, LLC All rights reserved.
The Higher Court of Berlin recently confirmed a 2012 verdict that found that Facebook’s Friend Finder violated German law because it was unclear to users that they imported their entire address book into the social network when using it. The court further confirmed that Facebook’s privacy policy and terms of service violate German law.
Facebook and Google appear to believe that EU data protection laws should not apply to them. Both of these companies have been sued multiple times and paid fines and/or entered into judicial settlements in the tens of millions of dollars for privacy violations. Unfortunately, these fines are pocket change to them. Should our personal privacy and cyber-safety be protected and valued in the same way as consumer anti-trust protections?
Copyright 2014 by the Law Office of Bradley S. Shear, LLC All rights reserved.
Subscribe to:
Posts (Atom)