This section of the Journal looks at marketing, data protection, technology and e-commerce issues, providing an overview of recent key legal developments in these areas.
QUESTION 1
Lizzie Mead
Journal of Direct, Data and Digital Marketing Practice (2008) 9, 298-300.
doi:10.1057/palgrave.dddmp.4350093
QUESTION I
'In recent months these issues have arisen related to social networking sites, in particular Facebook and MySpace. Some companies are trying to stop staff accessing the sites- unscrupulous use of the details in individual's profiles - groups of individuals using the sites to put pressure on companies to change their policies. What are the legal issues that companies need to understand about social networking sites, particularly when used by their staff?'
ANSWER
Time wasting v goodwill
Like the introduction of email, the use of social networking sites has prompted a series of headline-grabbing reports about the amount of time wasted by employees during the working day. Peninsula estimates this cost at around 130m [pounds sterling] per day in wasted hours.
However, despite the impressive statistics, the problem is not a new one for employers, as the recent TUC briefing asserts, 'Facebook is just another way of using the web to organise your social life--it isn't the first and it won't be the last'.
Just like drawing the line between an acceptable amount of chit-chat at the coffee machine and a level of coffee-time banter that becomes detrimental to productivity, companies should have in place an internet and email policy that extends to social networking sites, online business networking and blogging. This policy should make it clear if employees are allowed to use the internet for personal use and to what extent.
While some companies such as British Gas, Bloomberg and Credit Suisse are banning use of the sites altogether, such a strict approach may not be applicable in all organisations and can lead to an erosion of goodwill. A complete ban may be easier in some sectors but will be difficult where networking is an integral part of the job. Indeed, a city law firm recently did a u-turn on its Facebook ban when its employees argued they used it for business networking.
If use of sites for business networking is legitimate, organisations should remind employees that they are representing the company and consider whether staff should be required to record any useful contacts acquired through this method of networking to ensure the activity can benefit the business in the longer term.
An alternative approach is to restrict access to such sites to lunchtimes or after work. In any event, guidelines about access should be clear and stress that any use that interferes with employees' work will be considered as a disciplinary offence.
Recruitment and cyber vetting
The use of social networking sites for recruitment purposes have divided opinion. While HR teams have honed application forms and recruitment policies over time to cut down the risk of decision makers being influenced by irrelevant factors, a quick search of social networking sites can potentially reveal marital status, sexuality and age. Although some say that this means that a search is inappropriate and raises issues of privacy as well as discrimination, it is open to an individual to limit the public access to his or her profile to avoid access by anyone other than invited friends.
On the other hand, a search could reveal dishonesty such as information about job history that contradicts statements on an application form, or inappropriate postings about the business of a former employer. The key thing for companies to remember is that if they decide to search for a candidate's profile they should verify any information they find and ensure they take up proper references to assess suitability in addition to the search.
Brand damage and cyber bullying
Like the wider issue of blogging, postings and group discussions on social networking sites can result in employees making derogatory comments about their employers or disclosing confidential information. They may also criticise colleagues that could result in discrimination, harassment and constructive dismissal claims by the victim.
Organisations from Argos to the Conservative party have suffered embarrassment because of Facebook forums and postings by employees. The Argos employee who set up a thread entitled 'I work at Argos and can't wait to leave because it's sh*t' and the 118 118 employees who created a page called 'The Survivors of 118 118' to slag off the users of the system have been widely publicised and caused unknown damage to the companies' reputations.
An employer should therefore ensure that their policy makes it clear that any offensive, defamatory or discriminatory comments on any social network site or blog and any disclosure of confidential information about the company, its staff or customers will result in disciplinary action that may lead to dismissal.
Summary
In summary, companies should:
--clearly establish rules of use
--set out consequences of misuse
--publicise the policies
--seek advice if in doubt.
Lizzie Mead, Associate, Employment Pensions and Incentives Group, Berwin Leighton Paisner LLP
lizzie.mead@blplaw.com
QUESTION 2
Ian De Freitas
Journal of Direct, Data and Digital Marketing Practice (2008) 9, 300-301.
doi: 10.1057/palgrave.dddmp.4350092
QUESTION 2
'Video sharing web sites, in particular YouTube, contain a lot of illegally copied materials. What are the legal issues if this material is then in advertently used by a company (ie on the blog of an employee)?'
ANSWER
The answer is straightforward. If the person who copies the material does not have the agreement of the copyright owner to do this then it is copyright infringement.
However, when it comes to the responsibility of the employer for this, it is a little more complicated. Whether the employer is responsible depends upon concepts of vicarious liability. In simple terms, if the employee creating the blog is acting in the course of his or her employment then the employer will be vicariously liable.
If the employee is using the employer's assets (communication systems) to set up a personal blog, then the position is less clear. At one end of the spectrum it could be argued that the employer is allowing its facilities to be used much like a telephone system and the employer would not be responsible if, for example, the employee in a personal telephone call said something defamatory about someone else.
On the other hand, where the employer knows that employees are using its communications systems to set up blogs which use material in infringement of third-party copyright, then an argument can be made that the employer is authorising the infringement. As such, this would mean that the employer is a primary infringer of copyright or could be a secondary infringer on the basis that they are possessing or dealing with infringing copies in the course of a business with knowledge. These questions are undetermined in English law.
Peer-to-peer software and infringement
Questions about authorising infringement have been looked at in the context of companies selling peer-to-peer software in the United States and Australia (in the Grokster and Kazaa litigation, respectively), which was subsequently used by individuals to infringe third-party copyright. Those decisions have gone in favour of the copyright holders. But this was on the basis that there was evidence that the software suppliers were actively encouraging infringement and sharing in the profits generated.
Ian De Freitas, Partner, Intellectual Property, Berwin Leighton
Paisner LLP
ian.defreitas@blplaw.com
QUESTION 3
Paul Langford and Ian De Freitas
Journal of Direct, Data and Digital Marketing Practice (2008) 9, 301-303. doi: 10.1057/palgrave.dddmp.4350095
QUESTION 3
Regurgitated content and liability
'Social networking sites are all about use generated content. Much of this content is regurgitated from other sources. What are the legal issues if this material appears on a company's website (i.e. if the company is using some type of social networking functionality)?'
ANSWER
The answer to this is clear. If the company has set up the site then it is likely to face the risk of liability in the following respects:
Defamation
If the material is defamatory then the company could be responsible for each fresh publication on its site. There are defences available under Section 1 of the Defamation Act for 'innocent' publication, but if the company takes an active part in monitoring, editing or participating in the site then that defence is unlikely to be available.
Copyright infringement
If the company has set up the system it is more likely to be vicariously liable for the infringing acts of its employees or for authorising infringements than in the situation described in the answer to the previous question.
Other criminal laws
There are also criminal laws relating to obscenity and pornography to consider as well as issues of the material exposing the company to discrimination claims.
Privacy laws
From a privacy perspective, there are also concerns.
The Data Protection Act (DPA) places obligations on how organisations can use and disclose 'personal data' and gives individuals a number of privacy rights to control how their data is used. A key question is whether photographs posted on social networking sites qualify as 'personal data' so as to be covered by the DPA. While the scope of what is 'personal data' is currently in a state of flux in the UK, there is no doubt that a photograph of an identifiable individual qualifies. False information about an individual and opinions are also 'personal data' and are covered by the DPA (a recent EU Working Party opinion confirms this).
Under the DPA, the key obligation on businesses who collect personal data is to inform individuals at the outset (eg via a website privacy policy) of all the likely uses and disclosures of their data. Where data is being disclosed, consent is usually required.
--The problems in practice of social networking sites
Social networking sites generally present a number of potential issues.
The first issue is control. A user can upload photos of himself and his colleagues or friends to his profile page on a social networking site, without being required by the website to ask the permission of those friends to the uploading of their images. As a result, the friends have no control over what the user may decide to post on his profile page. Clearly this could lead to problems: for example, if an embarrassing photograph posted by a friend is viewed by other members of the community an individual could easily consider that his privacy has been infringed. A simple request as between friends may not, unfortunately, lead to the photo being removed; and in most cases such sites currently do no offer a mechanism by which an aggrieved individual can protect his privacy by requiring the 'friend' to take the photo down.
The second issue is the posting of false information, as there is nothing to stop users posting incorrect items about third parties on their profile pages. This may cause concerns over possible legal claims of 'false privacy' or defamation by the person who is a victim of a third party publishing something untrue. The other concern is that prospective employers may well look at a job applicant's profile on social networking sites as part of the recruitment process--clearly, there is also potential for damage to an individual's career prospects.
--Whose legal responsibility is it?
Is the legal responsibility on the service provider or service user? This is a difficult and as yet untested legal issue. To be regarded as the party subject to the DPA, the provider would have to be controlling the 'purpose and the manner' in which personal information is processed on the site. It would seem that it is the user, rather than the service provider, who is controlling what data is being posted on the profile pages, the broad purpose of the posting and the manner in which it is being published.
If this is correct, it is the user who has responsibility under the DPA, and the Web 2.0 provider could theoretically be regarded as inducing a breach of the DPA by encouraging users to post photographs without a mechanism for obtaining the consent of the third parties involved.
--How to achieve compliance
To ensure overall compliance, site owners should consider the following:
--ensure users are informed during sign-up of all the different ways in which their personal data could be used or disclosed by other users
--encourage users to obtain friends' permission prior to posting photos about them
--encourage users to take down photos where friends object to their publication.
Whether an aggrieved individual could successfully bring a claim and against whom is another matter--we await with interest a test case in this area. In the meantime, if you use these services, think about what you post and be aware of the privacy pitfalls.
Summary
In short, if a company is setting up an internal social networking site it should approach this on the same basis as if it were a publisher and seek advice accordingly.
Ian De Freitas, Partner, Intellectual Property, ian.defreitas@blplaw.com & Paul Langford, Professional Support Lawyer, Business & Technology Services, Berwin Leighton Paisner LLP paul.longford@blplaw.com
[c] Berwin Leighton Paisner LLP
Berwin Leighton Paisner's Business and Technology Services group is one of the largest dedicated commercial contracts teams in the City. For further information on any of the topics covered in the Legal Update, please email Paul Langford at Berwin Leighton Paisner LLP (paul. langford@blplaw.com, 020 7760 4911).
Paul Langford Berwin Leighton Paisner LLP Adelaide House London Bridge London EC4R 9HA, UK Tel: +44 020 7760 4911 E-mail: paul.langfordeblplaw.com
Комментариев нет:
Отправить комментарий