Facebook is being sued in a $15 billion lawsuit alleging that the popular social media company secretly tracked the Internet activity of its users after they log off (the First Amended Complaint is available here).  The case is a consolidation of nearly two dozen lawsuits filed in ten states, including one here in Hawaii (Quinn v. Facebook, Inc., 1:11-cv-00623).  The lawsuit alleges violations of the U.S. Wiretap Act, the Stored Communications Act, and Computer Fraud and Abuse Act.

In July, Facebook filed a motion to dismiss the lawsuit on the ground that the plaintiffs failed to allege sufficient injury.  At the hearing on the motion on October 5, Facebook’s attorneys argued that the plaintiffs haven’t identified the websites they visited, the kind of information that Facebook collected, or whether Facebook disclosed any information to anyone else.  The lawyer representing the subscribers countered that generalized allegations of harm are sufficient at this stage of the case, and that Facebook’s alleged practice of tracking their users’ Internet activity was not disclosed as part of Facebook’s privacy policy.   The court’s ruling on the motion to dismiss is pending.

On September 5, the Federal Trade Commission published its first guide specifically with mobile app developers in mind.  Entitled “Marketing Your Mobile App: Get It Right From the Start,” the guide is not legally binding, but it does set out guidelines to help mobile app developers comply with truth-in-advertising and privacy laws.  In particular, the guide lays out seven principles for complying with federal data privacy requirements under statutes like the Graham-Leach-Bileley Act, the Fair Credit Reporting Act, the Child Online Privacy Protection Act, and the Federal Trade Commission Act.  Click here for the press release and a link to the guide.

In two weeks, the NLRB has issued just as many decisions agreeing with the positions of the NLRB’s Office of General Counsel (OGC) on employee social media use, as stated in the OGC’s well-known guidance memos.  On September 18, the NLRB invalidated Costco’s policy prohibiting employees from making statements on social media that could damage the company or other employees’ reputations.  Yesterday, the NLRB publicly released a decision weighing in on the BMW dealership case that was discussed in the OGC’s August 18, 2011 memo. (The decision and briefing in the case are available here).

Here’s a quick review of the case for those not familiar with it.  A salesperson at a BMW dealership posted photos on Facebook showing a car that a test driver accidentally drove into a pond in front of a Land Rover dealership across the street (who shares a common owner with the BMW dealership).  The employee  included mocking comments about the incident in the post.  That same day, the employee posted photos on Facebook depicting the low-quality food and beverages that the BMW dealership provided at a sales event to promote a new car model.  Again, the employee accompanied the photos with sarcastic remarks.  The employee was discharged for the Facebook posts regarding the Land Rover incident.  The employee claimed that the primary reason for his discharge was the Facebook posts regarding the sales event, which he argued was protected activity.

The NLRB agreed with the findings of the Administrative Law Judge (ALJ) that the discharge was based on the Land Rover posts, which were not concerted or protected activity because they were in no way connected to the terms or conditions of employment.  The ALJ’s decision also stated that the sales event posts could constitute concerted or protected activity because they could be construed as legitimate concerns about compensation.  Salespeople at the dealership were paid partly by commission, which are tied to sales.  Sales could be negatively impacted by damage to the reputation of the dealership due to the low-quality sales event.  The NLRB found it unnecessary to pass on the sales event posts, however, because the discharge was based on the Land Rover posts.

The NLRB also struck down a rule in the dealership’s employee handbook stating:

Courtesy: Courtesy is the responsibility of every employee.  Everyone is expected to be courteous, polite and friendly to our customers, vendors and suppliers, as well as to their fellow employees.  No one should be disrespectful or use profanity or any other language which injures the image or reputation of the Dealership.

The NLRB found the rule overbroad, as it could have the effect of prohibiting employees from making protected statements to other employees about their working conditions.  However, a dissenting member of the NLRB’s three-member panel found that the courtesy rule was “nothing more than a common-sense behavioral guideline for employees” and that “nothing in the rule suggests a restriction on the content of conversations (such as a prohibition against discussion of wages)”.

LegalTXTS Lesson:  Here are three quick takeaways from the decision.

  1. Work rules regulating “offensive” social media activity should be vetted for any connection to concerted or protected activity, such as employee discussions about their compensation or the terms and conditions of their employment.
  2. “Courtesy” work rules similar to the one the NLRB struck down should be revisited to ensure they are specific enough to exclude protected activity.
  3. The positions taken in the OGC guidance memos are gaining credibility as the NLRB increasingly adopts those positions in published decisions.

Employers should clarify ownership and control over social media accounts by which their employees promote the organizationInsynq v. Mann, No. 3:12-cv-05464 RBL, 2012 WL 3763550 (W.D. Wash. Aug. 29, 2012)

Earlier this year, the Phonedog v. Kravitz case attracted buzz on the issue of who owns a social media account that’s started by an employee, purportedly to promote his employer’s organization.  In PhoneDog v. Kravitz, the former editor-in-chief (Kravitz) of an online news service refused to relinquish the Twitter account on which he posted content promoting the company.   Kravitz argued that he owned the Twitter account because he personally opened the account and amassed its sizeable following of approximately 17,000 followers.  PhoneDog sued Kravitz for ownership of the Twitter account.

The issue hasn’t gone away.  The most recent case is Insynq v. Mann.  In that case, the employee (Mann) of an application service provider (Insynq) registered three domain names during her employment and began writing three blogs associated with each domain name.  After Insynq terminated Mann, it claimed ownership of the blogs.  Mann refused to give her former employer the credentials to the blog.  In the lawsuit that followed, Insynq sued Mann for breach of her non-compete agreement, misappropriation of trade secrets, and unfair competition.

Cases like PhoneDog and Insynq are a good reminder that if an organization has its employees managing its social media activity, it needs to clarify who owns the social media account used by the employee and the contents of the account.  Otherwise, an organization might find itself fighting for control over a social media account after the departure of the employee responsible for managing the account.  Not having such control could lead to alienation of a painstakingly developed community of customers or fans, or worse, the inability to exercise editorial discretion over content about the organization being pushed out to the community.

To avoid messy disputes over ownership and control over social media assets, organizations should consider the following guidelines when developing social media policies:

  • Specify that only authorized employees may publish social media content on behalf of the organization, and that employees must use the organization’s official social media accounts when publishing such content.
  • Specify who owns the login credentials to the social media accounts used to promote the organization, as well as the content published on such accounts.
  • Require an employee who is responsible for managing the organization’s social media activity to disclose to his or her manager the login credentials for the accounts used for that purpose.  The employee should also be required to disclose any changes to the login credentials.
  • Prohibit employees from using the organization’s official social media accounts for their personal use.

Court quashes subpoena to discover identity of anonymous bloggers after ruling that the bloggers’ statements are not defamatorySomerset Development, LLC v. “Cleaner Lakewood”, 2012 WL 4370271 (N.J. Super. Ct. App. Div. Sept. 26, 2012)

This case shows how difficult it is to sue for statements made anonymously on the Internet.  The plaintiff (Zucker) is the developer of a real estate project in the New Jersey township of Lakewood.  Zucker learned through discussions with members of the Lakewood community that certain individuals anonymously posted statements on a blog hosted by Google’s Blogspot service.  Zucker sued the blog operator and the anonymous individuals who posted on the blog.  Zucker subpoenaed Google for information that would lead to the identification of the anonymous individuals.

The trial court quashed the subpoena, finding that the anonymous statements were not defamatory.  The Appellate Division upheld the quash order.  The court noted that Section 230 of the Communication Decency Act provides immunity to website operators who republish comments of others or block certain offensive materials.  As for the anonymous posters, the court noted that there is a general, but not absolute, right under the First Amendment to speak anonymously.  To balance the First Amendment right to speak anonymously against an individual’s right to protect its proprietary interests and reputation, the Appellate Division had set up a four-part test in Dendrite International, Inc. v. John Doe No. 3, 775 A.2d 756 (N.J. Super. Ct. App. Div. 2001):

1.  The plaintiff must “undertake efforts to notify the anonymous posters that they are the subject of a subpoena or application for an order of disclosure, and withhold action to afford the fictitiously-named defendants a reasonable opportunity to file and serve opposition to the application.”  Zucker satisfied this requirement by posting the subpoena on the blog under each offending post.

2.  The plaintiff must “identify and set forth the exact statements purportedly made by each anonymous poster that plaintiff alleges constitutes actionable speech.”  Zucker satisfied this requirement by highlighting the specific comments he alleged were defamatory in connection with posting the subpoena on the blog.

3.  The court must determine whether the plaintiff has established a prima facie cause of action against the anonymous defendants.   This is where Zucker’s effort to discover the identity of the anonymous poster gets stop cold.  One of the elements of a defamation claim is that the statements at issue must have “defamatory meaning.”  The anonymous posters had made statements like Zucker “short changed the taxpayers with millions”, “paved the way for the senior vote by stealing 6 million in tax dollars”, and “is behind all the anti hh propaganda going around[.]”  Other commenters called him a “rip off artist” and “under the table crook.”  As much as such comments were strongly-worded, the court ruled that expressions of opinion on matters of public concern and “rhetorical hyperbole” are not actionable.

4.  The plaintiff should file a request for discovery with the court, along with a statement justifying the specific discovery requested and identifying a limited number of persons or entities who are likely to produce identifying information about the anonymous defendant.  The court did not get to this prong of the test because Zucker could not meet the third prong.

The challenge presented by the Dendrite test, or at least in the way it was applied here, is that it pre-judges the merits of a case even before the plaintiff has a chance to serve the complaint on the anonymous defendant.  Take the court’s ruling on defamatory meaning, for example.  Yes, the question of whether a statement is capable of defamatory meaning is a matter of law for the court to decide.  But courts usually rule on the issue in deciding a motion to dismiss or motion for summary judgment.  Here, the court ruled that the plaintiff is a public figure (thus triggering the heavy “actual malice” requirement) and that the statements in question were not defamatory as a matter of law before the complaint was even served.  Under the Dendrite test, the plaintiff would have to successfully litigate those issues just to get the information they need to serve the complaint.  That seems a tad bit backwards.