patchwork of FTC Regulation of “unfair or deceptive practices” and state laws which often conflict and certainly create confusion.
… they rely on us to ask these questions. -- Flurry story -- Patch app -- should be open code, NOT a black box
Small screens challenge clear and conspicuous disclosure of privacy practices. -- California mobile privacy requirements.
News organizations are creating a greater digital (and sometimes physical) presence in countries with comprehensive but inconsistent privacy regimes. The E.U. data authority reasons that a cookie dropped onto the browser of a European user turns that machine into a data processing facility located in the E.U. do French data authorities have jurisdiction over a U.S. website because a French resident accesses that site?
Then again, in an era of cheap and free storage and a data scientist around every corner, just because you can’t use the data now, doesn’t mean you aren’t 6 months from a very real use of that data Not every publisher today has a recommendation engine. But soon, more and more publishers will begin to have the storage, technology, internal expertise and business imperatives to mine troves of user, log files
Click-wrap: you “clicked” Browse-wrap: less certain
Nytlegal #56866-v3-ona 2013-_ds_draft
LEGAL ISSUES IN RUNNING A
Law School for Digital Journalists
October 18, 2013
Dow Lohnes PLLC
The New York Times Company
Your Brand Online: Trademarks and Domain Names
Mastering the Fine Print
Engaging Your Audience
• Native Advertising, Mobile Services & Promotions
Mitigating Your Risks
Your Brand Online:
Trademarks and Domain Names
When should you think about
In the weeks before you launch a new product,
strong, distinctive name and logo
do a knock-out search.
Picking a Name
Distinctive marks are strong marks.
And strong marks are easier to protect.
• Fanciful: Kodak, Exxon
• Arbitrary: Apple, Omega
• Suggestive: Coppertone, Microsoft
To register or not to regi$ter?
You have rights in your trademark without going
through the registration process.
You may not want to register every trademark.
But if you don't register a trademark, it becomes
very difficult (thus expensive) to protect.
Trademark Registration Process
〉Conduct a search on uspto.gov
〉File an Application based on either:
• Intent to Use
• Use in Commerce
〉Use your trademark in commerce.
〉Update your registration with use case samples.
If you expand the products or services covered
by your trademark, update the registration.
What is the "likelihood of confusion" as to the source, sponsorship or
approval of the goods or services?
OK: Using a trademark to identify the true owner’s goods or services, even
if use is unflattering to owner.
Not OK: Using mark to identify goods or services or to falsely imply an
association between the trademark owner and a third party. Infringement!
If you forget all this, ask yourself one question:
How would you like it if your trademark were used this way?
Domain Registration Process
1. Conduct a search online.
2. Register the name through a domain name
registrar, e.g. GoDaddy.com, Register.com.
3. If you are also using it as a trademark, go through
the trademark registration process.
The Basics: PII and Non-PII
In the US, there is no comprehensive legal regime for
PII is regulated.
Non-PII is not. *
〉 Personally Identifiable Information (PII): Information that
on its own or combined with other information can identify an
〉 Non-Personally Identifiable Information (Non-PII):
Anything that is not PII. Non-PII includes cookies information,
clickstream or log file data and, for now at least, IP address.
Consumer Privacy:The Easy Part
Ask yourself: What does your site or app do?
• Examine your four main consumer data activities:
〉Sharing of customer information
Consumer Privacy:The Hard Part
Much more difficult: What do your vendors do?
• Ad networks, ad servers, analytics vendors, push notification
service providers, etc., all rely on putting a tag or pixel on your
page or building some of their software code into your app.
• Ask them about collection, storage, use and sharing.
• Review SDKs (software development kits) carefully before
building it into your app.
When you are using a cheap or free product, your users are
subsidizing your use of the service with their data.
Your Mini Privacy Program:
〉 Build privacy and security into your product roadmap.
〉 Provide users with notice and choice/consent.
• Consent: Allow users to opt-out and control what you
share about them.
〉 Make sure you understand who is on your site and in your
app. Don’t put a tag on your site or an SDK into your app
until you know exactly what it does.
Good Questions: Mobile
〉 Is it really Non-PII when your GPS location is combined with your
〉 Small screens challenge clear and conspicuous disclosure of privacy
〉 Complicated concepts and constantly changing background
technology mean only very broad privacy statements will not become
obsolete with each new version release or software upgrade.
〉 Mobile apps often integrate third party software (software
development kits, or “SDKs”) that we cannot control, and in some
instances, cannot even monitor.
〉 The European Union considers US sites to be
subject to the jurisdiction of the EU.
〉 Unlike the US, the EU regulates both PII and
〉 The EU prohibits transferring information on
“data subjects” outside their boarder unless
you meet certain Safe Harbor requirements.
Big Data and the Deletion
〉 The best practice is to delete data that you don’t
have a business purpose for. But:
〉 What if you don’t know how to use it now, but
can reasonably expect to need it in the future?
〉 What are reasonable uses of Non-PII data? How
much Non-PII can you have on a user before it
actually can identify her? How do you store it?
Who has access? How long can you justify
keeping the information?
Mastering the Fine Print
Terms and conditions for access to and use of a
website, drafted from the website owner's perspective.
The user must have
〉Meaning: click-wrap usually is held as enforceable, but
browse-wrap is less certain.
Enforceability also depends on applicable federal and
〉 Make them modular.
〉 Not everything has to apply to every element of your site.
〉 Include the usual intellectual property statements about your ownership of the
content, as well as restrictions on the use of your content. You're giving a
license to enter the site, not a license to use the content.
〉 Have clear and reasonable rules, especially around UGC. Get a broad license
〉 Make sure you can cease providing “the Service”, change it, or shut it down at
〉 Be clear that you can remove a user at any time in your sole discretion. (You
likely won't be able to enforce this from a tech perspective, but you'll be glad
you have the threat in your pocket). If you have a pay component, the refund
section of your Terms of Purchase should contemplate this instance.
〉 Include age restrictions.
User Generated Content
Take advantage of the DMCA Safe Harbor. If you accept and post third party
materials, including UGC (and who doesn’t?), the DMCA's safe harbor provisions can
protect your site from copyright infringement liability based on the actions of users.
To qualify, a site must:
1.Designate an agent to receive notifications of claimed infringement (copyright.gov)
2.Make the contact information of such designated agent available
• on your site including on its website in a location accessible to the public and
• to the Copyright Office (see above).
• Act promptly and consistently. None of the Section 512 safe harbors are
available unless the service provider has implemented) a policy that provides
for the termination in appropriate circumstances of repeat infringers. Section
〉 You can’t really negotiate if you won’t walk away.
〉 Risk is money. If you're accepting a lot of risk, don't
overpay for it.
〉 Ask. You may have leverage. You may not. You won't
know until you ask.
Intimidated by the contract? Reformat it.
〉 THE LANGUAGE IN ALL-CAPS IS CONFUSING
AND SHRILL BUT IF SOMETHING GOES WRONG
IT WILL PROBABLY BE THE MOST EXPENSIVE PART
OF THE CONTRACT.
You almost certainly have a contract for one of
Google Maps. Gmail. Adsense. Google Analytics.
Facebook. Instagram. Pinterest. Mobile app
development platforms. Flickr. iTunes. Amazon.
What does it say?
Contracts: Business Terms
Three great provisions that provide a lot of
1.Payment upon Acceptance.
2.Termination for Convenience (or a short term).
3.Robust Product or Services description.
Indemnification is “an undertaking by one party to
compensate the other party for certain costs and
expenses.” It protects against claims made by
Contracts: Ad Sales
Whose IO and T&Cs?
• IAB 3.0 is better for publishers than
• …so most agencies will start with 2.0.
Ad Sales and Insertion Orders
Terms to consider:
〉 No liability for failing to complete a campaign other than a make-good.
〉 Advertisers should indemnify for any creative they provide:
• To the extent your team provides creative services, you should
expect to be responsible for your work
• …unless you submit it to them for approval?
〉 Timing on any campaign should be subject to news preemption.
• Advertisers will likely be happy with this: no one wants to run next
to the photo of a plane crash.
〉 Have a data discussion before they send the tags.
• Best practice is to have a posted data policy.
• Expect pushback. Your point of contact probably won't know what
you're talking about: often, the person is two or three degrees away
from your account executive.
Engaging Your Audience
Native Advertising, Mobile Message Programs and
Native Advertising and Sponsored
Content – Rules of the Road
The Past: bright Line Separation between
advertising and editorial (“Bento Box”
But consumers developed “banner
Advertising and Marketing Law Casebook, Tushnet & Goldman, 2012.
Native Advertising – What is it?
Content provided by or created with or for an advertiser.
Integrated with site design and presented within editorial stream.
Has same value to reader as editorial content – and can be experienced,
discovered through search and shared through social media in the same
Integration v. transparency: requires clear labeling of native advertising.
Stricter Liability Standards Govern Sponsored
Stricter liability standards for false or unsubstantiated claims.
As a general rule, publisher cannot be held liable for publication of nondefamatory false statements in editorial content “absent proof of knowing
falsity or reckless disregard for the truth.” Daniel v. Dow Jones, 520 N.Y. S.2d
334, 339 (Civ. Ct. 1987).
By contrast, if a publisher creates sponsored content for an advertiser, both
the publisher and the advertiser would be liable for any misleading or
deceptive statements under FTC Act and State UDAP laws.
Stricter Liability Standards Govern
Sponsored Content (Cont.)
• When creating sponsored content, publishers share the
duty with the advertiser to substantiate factual claims
about the advertiser’s products prior to publication.
• Creating sponsored content can also trigger sectorspecific advertising regulations in highly-regulated
categories (e.g., financial, insurance, automotive).
Endorsers Must Disclose Material
Non-obvious Connections with Advertisers
“When there exists a connection between the endorser and the
seller of the advertised product that might materially affect the
weight or credibility of the endorsement (i.e., the connection is not
reasonably expected by the audience), such connection must be fully
disclosed.” FTC Testimonials and Endorsements Guide § 255.5.
Advertisers and endorsers share duty of disclosure.
An “endorsement” is any advertising message that consumers are
“likely to believe reflects the opinions, beliefs, findings, or
experiences of a party other than the sponsoring advertiser . . . .”
What Counts as an Endorsement?
The FTC investigated Hyundai when an
ad agency gave gift cards to bloggers for
linking to and writing reviews of Hyundai’s
Super Bowl television ads.
FTC said that gifts for posting any
“specific content promoting the
advertiser’s products or services is likely
to constitute a material connection that
would not reasonably be expected by
readers of the blog.”
Testimonial Guidelines & Social Media
Required disclosures should
be made in each social media
post where the author has a
material connection to the
advertiser, and should not be
hidden behind a link.
Disclosures should be
understood by consumers.
For example, the FTC says
“#spon” may not be
understood, and recommends
Third Rule: Don’t Pass off Advertising Content
An advertising message is deceptive if it “represent[s], directly or by
implication, that [it is] something other than paid commercial
advertising.” In re Twin Star Productions, Inc., 1990 FTC LEXIS 87 (Mar.
“Advertorials” that mimicked the structure or format of a news
show or an independent journalism or research website have been
targeted in more than a dozen FTC actions.
For example, it is deceptive to format an advertorial video with
“commercial breaks” because they imply that advertorial itself is
• Marking these ads
not cure deceptive
• Banner ad on
sites, among other
sites, would link to
FTC Action Against Fake News Sites
• The FTC also charged that these affiliates’ failure to
disclose that they received a commission each time a
consumer bought supplements or signed up for a free
trial through their ads was a deceptive omission.
• $5 million paid to settle with the FTC.
Identify Paid Inclusion and Paid
Placement Relationships in Search
Results and Rankings
Paid Placement: But for payment, the merchant’s listing would not appear as
high in search results.
Paid Inclusion: In exchange for payment, the merchant’s listing is guaranteed to
be included in the index for a search engine, and/or its website is spidered more
frequently or reviewed at a deeper level than non-paid sites.
The FTC says that because consumers expect search results to be based on
relevancy or other objective criteria, paid placement listings should be clearly
labeled and segregated from organic results. A search engine that operates a paid
inclusion program should conspicuously disclose the existence of the program if it
Paid Placement Labeling
In addition to labeling
its paid placement
results, Google also
includes the following
explanation in a
Paid Inclusion With Explanation
The explanation suggests that both paid
inclusion and paid placement are at work in
the display of results.
Don’t Use Names, Likenesses or Other
Personal Indicia in
Advertising Without Consent.
The unauthorized use of a person’s identity for commercial
advertising purposes generally violates statutory and common law
rights of publicity.
Very different rules apply for the use of individuals’ names,
likenesses and identities in purely editorial content.
Integrating advertising with editorial photo layouts may also violate
agreements under which photos were licensed – i.e., terms may
restrict use to editorial purposes or require more money for
Rights of Publicity and Prohibition
Against False Endorsements
Whether a publisher can use a plaintiff’s identity without consent often
turns on whether the speech is non-commercial or, in some states, whether
it is in the “public interest” even if it is published to make a profit. These
robust First Amendment defenses that are not available for commercial
Pixazza, now called Luminate,
sells in-image advertising.
Select American Society of Magazine
Editors (ASME) Best Practices for Digital
“Websites should not accept payment from advertisers to place or promote
products in editorial content.”
〉 “Marketing messages should be visually separated from editorial content—by
rules, for example, or background colors—and easily identifiable as
Google Page Rank Policy on Paid Links
Google’s Page Rank factors in the number of external websites
linking to a site to determine its relevance for purposes of
calculating search rank. Calculations exclude paid links.
A publisher or advertiser may drop in Google’s rankings if it
publishes links in exchange for payment and does not tag them with
the required HTML attribute rel="nofollow".
Google recently announced that it dropped a newspaper significantly
in its search rankings for this practice.
〉 Federal law prohibits use of any automated technology
to send text messages to a phone number for a
wireless device without the “prior express permission”
of the wireless subscriber.
〉 Higher “prior express written consent” required for
advertising texts (broadly construed)
〉 Severe FCC penalties (up to $16,000 per violation)
〉 Severe class action risk -- consumers can sue for up to
$1,500 in statutory damages (per message).
〉 Before sending any text messages to a mobile device, document
consumer’s consent using a physical or online form that:
• Identifies your company as the sender by name
• Requires the user to input his or her mobile number
• Describes the content/purpose and frequency of messages that
will be sent
• Discloses that texts may be “autodialed” or sent using
“automatic telephone dialing system”
• Requires user’s affirmative opt-in consent (e.g., by checking an
• For advertising texts (e.g., sponsored news alerts), discloses
that consent is not a condition of making any purchase.
〉 Federal and state criminal laws prohibit private
〉 Lottery = prize + chance + consideration
〉 Must eliminate one of these 3 lottery elements
to run a lawful prize promotion.
〉 Legal sweepstakes = prize + chance (no
〉 Consideration = a payment or purchase, or in
some jurisdictions, substantial time and effort.
• If entry is bundled with purchase, eliminate
consideration by also offering an alternate free
method of entry (e.g., postcard, toll-free call).
〉 AMOE must offer same relative chance of winning.
〉 Beware of:
• Different entry deadlines
• Different limitations on the number of free and paid entries
• Separate prize pools for paid and free entries
〉 AMOE must be clearly and conspicuously disclosed.
〉 AMOE will not cure lottery problem created by a pure “pay to
play” entry channel.
Sweepstakes: Special State Registration
〉 Sweepstakes must be registered and bonded in
Florida and New York if total retail value of all
prizes offered is exceeds $5,000.
〉 Rhode Island requires registration (but not
bonding) for retail sweepstakes with prizes
Media Perils Insurance
〉 What is “media perils insurance”?
• A media perils policy typically covers lawsuits based
on libel, slander, defamation, privacy torts, IP
infringement and newsgathering activities.
〉 Media perils coverage may be less expensive than you
• You can potentially obtain $1 million in coverage for
several thousand dollars as your annual premium.
Media Perils Insurance
〉 Do you need it?
• Not necessary for everyone
〉E.g., if you publish a personal blog about knitting chances of
facing a lawsuit based on your content will be remote.
• But, important to obtain coverage if you operate a
news website, do any kind of investigative journalism
or rely on fair use.
• Ask: Is there a realistic risk of such lawsuits?
Media Perils Insurance
〉 Be a smart shopper. These features should not
increase your premium:
• Coverage for suits based on newsgathering activities
as well as suits based on content.
• Coverage for defense costs.
• Worldwide coverage.
• Coverage that extends to your freelancers, stringers
or other independent contractors.
Media Perils Insurance
〉 Other tips for choosing a policy:
• If you have counsel you would want to use in
litigation, seek to have that counsel pre-approved by
the insurer when buying coverage.
• Try to avoid a “hammer clause” that would allow
insurer to settle claims without your approval.
• Consider separate endorsement for the costs of
fighting third-party subpoenas.