The FCC is looking into regulations regarding disclosures for product placements and has been soliciting comments on its proposed changes. Should feature films produced for theatrical release and then aired on TV, and which have traditionally enjoyed an exemption from the sponsorship identification required of TV programming—have that exemption removed? should product placements be identified when the product is shown on screen? Should embedded advertising be completely prohibited in children’s programming? Increasing product placement and integration into programming has stimulated concern among consumer advocacy groups and Congressional legislators that the rules, many of which are decades old, do not address the new wave of advertising and promotion that has arisen as DVR technology and marketing has migrated away from the traditional “30-second spot.”
In the aftermath of many well publicized data breaches, in the past few years, more than 40 U.S. states have enacted data breach disclosure laws—“identity theft” statutes—which, among other things, require consumers to be notified when personally identifiable information is or may have been compromised in a database. But recent reports citing ineffectiveness of such legislation (e.g., Carnegie Mellon University researchers found notification laws only reduce identity theft by around 2 percent) and a growing sense that notification laws don’t prevent the problem, have caused some states to examine other approaches. At least two states, Nevada and Massachusetts, have enacted different legislation aimed at prevention, and Washington and Michigan are actively considering new measures.
Last week, Japanese authorities arrested a woman for killing the digital avatar of her online husband—no, we didn’t make this up. Arrested in her home in southern Miyazaki, she was taken to Sapporo in Northern Japan. The woman became angry on learning her online husband divorced her. She used his ID and password to log onto the “Maple Story” interactive game to execute the virtual murder. Although not yet formally charged, she was arrested for suspicion of illegally accessing a computer and manipulating electronic data. Although the police thus far have no reason to believe she was contemplating any real world criminal act, she still could face five years in prison or a fine of as much as $5,000 if she is ultimately charged and convicted of the computer access and manipulation charges. Maple Story, like many interactive, online virtual world games, allow real world participants to create digital characters called “avatars.” While many virtual experiences are essentially sophisticated online interactive games themselves, even non-game based virtual worlds enable avatars to engage in social networking, relationships with other avatars, transactions involving the exchange of value, and the creation or deployment of intellectual property—content ranging from video programs to musical concerts to creating wardrobes for their avatars. Because avatars exist in a virtual, digitally created world, their owners often engage in activities they would never consider in the real world.
Legal Bytes editor Joe Rosenbaum has authored a chapter in a new book, Inside the Minds: Managing Advertising & Marketing Legal Issues, published by Aspatore Publishing. The chapter is entitled “The Tension Between Advertising & Privacy: Whose Information Is It (Déjà vu)?” The text looks back at a Jurimetrics Law Journal article he authored 10 years ago entitled “Privacy on the Internet: Whose Information Is It Anyway?” and examines how the evolution of web-based and mobile advertising continue to have a profound effect on our notions of privacy in the digital world.
This month we would like you tell us a city name that can be found on every continent on Earth. Think you know the answer, send it to me. If you are first with the correct and complete answer, you win.
Last month we asked you to tell us where the expression “passing the buck” or “the buck stops here” came from. This month’s winner comes to us from Australia, where Peter Le Guay, a Partner of Thomson Playford Cutlers and member of the Global Advertising Lawyers Alliance (“GALA”), correctly noted that in the latter half of the 1800s, the game of poker became very popular in the United States, with no shortage of “cheats.” To minimize cheating, the dealer regularly changed and the individual next to deal was given a marker—usually a knife with a handle made from a buck’s horn. The marker became known as a “buck” and “passing the buck” meant card dealing was passed to the next person. There is widespread belief that as time went on, silver dollars were used, and the use of “buck” as slang for a dollar originated.
“Whenever you find you are on the side of the majority, it is time to pause and reflect.”
In what sounds like a James Bond spy caper, an MPAA executive allegedly paid a hacker $15,000 to break into a server and snatch copies of emails. The hacker accomplished the dirty deed and emailed the MPAA dozens of pages of material—ostensibly for use by the MPAA in its copyright infringement action against a company whose servers were involved in file sharing. The MPAA released a statement that “The information was obtained in a legal manner from a confidential informant who we believe obtained the information legally.”
Now a federal appeals court in California is determining if a lower court ruling should re-define online privacy protection by interpreting “intercept” under the 1968 Wiretap Act. The case, Bunnel v. Motion Picture Association of America, revolves around a ruling a year ago that held the hacker didn’t really “intercept” emails because they were in storage—not technically in transit. The lower court ruled the hacker’s “…actions did not halt the transmission of the messages to their intended recipients. As such, under well-settled case law, as well as a reading of the statute and the ordinary meaning of the word ‘intercept,’ Anderson’s acquisitions of the e-mails did not violate the Wiretap Act.” In other words, “grab copies of emails sitting on your server for a nanosecond” and it’s not wiretapping. Stay tuned!
A new provision of the Italian data protection law (Loyalty Cards, issued Feb. 24, 2005), is getting a workout. The Data Protection Authority fined a well-known supermarket chain €54,000 for not giving customers adequate information regarding use of personal data. The retailer issued loyalty cards—for shoppers to obtain discounts and rewards—and gathered customer names, email and cell phone numbers (personally identifiable information) and behavioral marketing information (spending habits and locations). Customer profiles were then evaluated and used to create targeted ad campaigns. The retailer didn’t ask customers for consent for all of these uses—a violation of the data protection law.
In Italy, if customer information is not used solely for operating the loyalty program, but for customer profiling and advertising, the consumer must be told and must give consent. While consent is not needed to carry out contract obligations needed to fulfill the loyalty reward program itself, collecting more information than needed for that purpose or using information for other purposes requires specific consent. Is this true elsewhere? In Europe? The United States? Canada? Latin America? Asia? New Zealand? Call me and find out, or read my bio.
Is a cyber attack an act of war? Analysts reported that while the Russian military was acting against the Georgian republic, Georgian websites were also under attack. Cyber warfare can exploit security gaps to take control of civilian infrastructure, such as power grids, as well as government websites and military command and control operations. It has long been known that cyber-weaponry could supplement (and sometimes replace) traditional military activities. But when does a cyber-attack itself constitute an act of war? (We all appreciate the notion of “war” as a historical concept is and continues to change.) Tactics such as urban warfare, bioterrorism and suicide bombers have caused grave concern, not only over government’s ability to deter violent and damaging non-traditional acts of war, but also how to respond when they occur. A big challenge in the cyber warfare world is identifying who did it. In 2007, Estonia asked NATO to come to its defense when a cyber attack disabled government and bank websites. Apparently in 2008 we didn’t need a cyber attack to bring down some of our financial institutions (sorry, couldn’t resist). Question—how does one respond to a cyber attack—with bullets or chips?