Attorney General Enforcing Privacy Policies

Texas AG getting out the big guns
According to ARS Technica, Texas Attorney General Gregg Abbott is suing two website owners for violations of the Children's Online Privacy Protection Act (COPPA). COPPA requires the Federal Trade Commissioner to issue and enforce regulations that regulate the ability of online entities to collect personal information from children under the age of 13.

What is COPPA?
Congress passed COPPA on October 21, 1998, to cover any personal information collected online after April 21, 2000. COPPA applies to web sites and online services targeted to or knowingly collecting data from children under 13 years of age. COPPA requires such organizations, such as cereal or toy manufacturers who have an internet site, to post a conspicuous privacy policy, detailing the data collected and its usage. COPPA also requires the officials responsible for the web site to obtaining verifiable consent from a child’s parent before the collection of any data, and to obtaining a new consent upon a change of the collection or usage policy. COPPA also requires an option to revoke the consent and, review the data collected, and as well as policies and procedures to secure the integrity of the collected information.

Excerpt taken from the book Cyber Law.

The laws have not changed, only the enforcement
According to the complaint filed in the Western District of Texas, the Texas Attorney General accuses Future US, Inc. aka Gamesradar.com of several COPPA violations:

a) failing to provide notice on its website of what information it collects from children, how it uses the information and its disclosure practices.
b) (curiously there is no "b" in the pleading; it might be interesting to find out what was removed at the last minute)
c) failing to notice parents as to what informatioin was collected, how the information is used and the disclosure practices.
d) Failing to obtain verifiable parental consent.
e) conditioning use of portions of the website on providing more personal information.

First, but certainly not the last
These lawsuits against Future US and the Doll Palace are the first cases in the United States brought under COPPA. They represent merely the tip of the iceberg with regard to COPPA violations and the inevitable onslaught of federal enforcement of online privacy laws. Merely asking a visitor to confirm their age is not enough. Any website, that collects any type of information from online visitors needs a clearly drafted privacy policy, outlining exactly what information is collected, how it is used and how providers of that information can correct of delete that information.

Put away the cookie cutter
Privacy policies are not cookie cutter templates. Cutting and pasting someone else's privacy policy onto your website can get you in more trouble than if you had no policy at all. Your policy should cover how your website collects and uses information collected online. No two companies collect or use online information in the same manner. If your privacy policy says you hide all personally identifiable information in a coffee can in a deep hole in your back yard, but you actually exchange the information with your affiliate partners, you may find the Attorney General knocking at your door (right before he or she shuts down your entire operation).

Sooner, rather than later
Getting your privacy protocols and policies in proper order is something you need to do sooner, rather than later. By the time you get sued, it is far too late. Your state's Attorney General is the last plaintiff you want to see on the other side of a lawsuit.

Hat tip to Matt Krigbaum for the story.

Brett Trout

COPPA Online Privacy Privacy Policy

The Law of Photography

People are Strange
People have very strange ideas about what constitutes fair use of other people's photographs. What they do not realize is, that by the time they get sued, simply claiming ignorance is no defense.

Recent Cases
Photopreneur.com has just posted an interesting run down of some recent cases involving unauthorized use of third party photography. The cases are not just limited to copyright infringement. Several involve issues you may never have considered when snapping that depantsing of Uncle Lem.

The Law of Photography
Of course, those of you who keep an extra intellectual property attorney in the pantry for those times you wax philosophic on the epistemology of intangible property know these things, but for those of you who don't, here are some of the other, less well known, but no less harrowing, issues to consider when taking or using that next photograph.

Right of Privacy
Right of Publicity
First Amendment
Interference with Official Acts
National Security
Buildings not ordinarily visible to the public
Breach of Contract
Rules of Court
Laws relating to specific subject matter
False Light
Defamation
Common carrier special duty of care
Trespassing
Concealed cameras
For Third Party sexual gratification

If You Get Stopped
If you take a lot of photographs, Attorney Bert Krages II even provides a downloaded "Photographer's Right" pamphlet which you can carry with you if you are ever confronted. I, myself, tend to rely on my winning personality and wry, wide-eyed, sociopathic grin.

Brett Trout

photography laws privacy copyright

Keeping Your Blog Out of Court

This will be the topic of my speech at BlogWorld Expo in Vegas November 8. If you plan on attending, come hear me speak and/or look me up. The first five readers who do, will get a signed copy of my new CyberLaw book.

While we are on the topic of keeping your blog out of court, Rush Nigut and Kevin O'Keefe both wrote excellent posts on a Texas mother suing Verizon for using Flickr ads of her minor daughter in an advertising campaign. While the photographer gave consent to use the photo, the subject did not. Copyright and creative commons guru Lawrence Lessig notes that creative commons licenses are designed to deal with copyright and do not purport to address privacy issues. Lessig notes that without a "model release" issues of publicity and privacy remain a problem.

As an intellectual property attorney since 1992 and a blogger since 2003, I see basically two types of bloggers. The first type, comprising the majority, are not considering copyright issues, let alone privacy or publicity issues when they post images on their blogs. The second group work off a misguided hodgepodge of copyright urban legends they found on the internet.

In my experience, the second group is even more dangerous than the first. At least when the first group gets caught with its hand in the cookie jar, it repents and tries to make amends. They contact their intellectual property attorney immediately and usually avoid huge damages. The second group, however, is so steadfast in its misguided beliefs that it is often headlong into litigation before it realizes the errors of its ways.

I would be interested in finding out how the second group thinks it can determine the absence of any privacy violations with Flickr photos. Do they actually determine the names and addresses of every individual in each photo and get a signed model release from each one authorizing use of the photo?

If you are a Flickr-using blogger and think the Flickr creative commons license insulates you from liability for privacy violations, or even from copyright violations in the event the poster is not really the owner of the photographs, please jot down my name and address. You may be needing it in the near future.

Also, if you could do me one more favor and ignore the cease and desist letter you get from the copyright owner or subject of the photo. Its just that I make a lot more money trying cases than I do having my clients comport with the copyright and privacy laws in the first place. And my kid wants a new Jet Ski for Christmas.

Brett Trout

Flickr blogs photographs copyright privacy