TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
Legal Considerations: 10 Social Media Questions
1. Legal Considerations :
10 things you should know about social media
(and never dared to ask)
Hans Rudolf Trüeb, Andreas Knijpenga
Partner, Walder Wyss Ltd. Senior Manager, Deloitte
Prof. Dr. iur., LL.M. Attorney-at-Law, M.B.L.-HSG
Tel (direct) +41 44 498 95 69 Tel (direct) +41 (0)44 421 61 19
hansrudolf.trueb@walderwyss.com aknijpenga@deloitte.ch
2. Overview
• Recruiting Issues
• Employee Use („social not-working“)
• UGC and Copyrights
• Trademarks and Trade Names
• Libel
• Data Protection
• Informed Consent
• Provider responsibility
• Which remedies?
• Which jurisdiction?
HRT
3. Recruiting Phase
• Electronic Employee Screening
Public available sources:
Interview rules apply to social media (Art. 328b OR)
Right to know vs. Right to lie
Discrimination?
• Privacy Issues
Reasonable expectation of privacy
Prior consent vs. security considerations
Verification of public available information?
• Enforcement of screening restrictions?
AKN
4. Use of Social Media by Employees
• What is at risk?
20 Minuten Online, 10 July 2011
• Which restrictions are allowed?
• Which are wise?
• Sanctions
AKN
5. Social Media Guidelines - Rules of engagement
• Policy aligned with company goals and values
• Differentiate between business and private activities
• Leverage social media in a workplace environment
Social media engagement training (Compliance)
Avoid social „not“-working
Protect company equipment and company secrets
Avoid misuse (data privacy breaches, libel / diffamation, etc.)
IP infringements
Inform users of monitoring and analytical activities (control &
governance)
• Important risk mitigation measure
• Social media contact person
• Approval by employee counselor?
AKN
6. UGC and Copyrights
• Protecting copyright in times of social media: Re-arranging the deck
chairs of the Titanic?
• User Generated Content (UCG): all that glitters is not gold
• When creating corporate pages in social media, beware of:
‒ Authors‘ rights
‒ Performing artists‘ rights
‒ Publishers‘ rights
‒ Collecting societies‘ rights
• Facebook License:
„For content that is covered by intellectual property rights, like photos and videos (IP
content), you specifically give us the following permission, subject to your privacy and
application settings: you grant us a non-exclusive, transferable, sub-licensable,
royalty-free, worldwide license to use any IP content that you post on or in connection
with Facebook (IP License).“
HRT
8. Data Protection responsibilities
• Data privacy statements vs. regulatory standards and legal requirements
Information of data subjects
For limited and specific purposes
Third party recipients transparency
Justified by consent, overriding private or public interests or based on legal provision
• New data protection challenges for website owners?
Data export / Data leakage prevention
Facebook „Like“ Button:
Google +1 Button:
Google Analytics
“The Google Analytics Opt-out Browser Add-on communicates with the Google
Analytics JavaScript (ga.js) to indicate that information about the website visit should
not be sent to Google Analytics. If you want to opt-out, download and install the add-
on for your current web browser.”
AKN
9. Informed Consent (Art. 4 para. 5 Data protection act)
• Example: Google +1 Privacy Policy
“Google processes personal information in the United States of America and in other
countries. In some cases, outside your own country. Google only shares personal
information with others... if we have your consent. We require opt-in consent for the
sharing of any sensitive personal information.”
“Your use of the +1 button may appear to others as an annotation with your profile
name and photo in Google services or elsewhere on websites and ads on the Internet.”
“We may share aggregate statistics related to users’ +1 activity with the public, our
users, and partners, such as publishers, advertisers, or connected sites. For example,
we may tell a publisher that “10% of the people who +1’d this page are in Tacoma,
Washington.”
“Also, be aware that when you share something through Google+, anyone who received
it may share it with others.”
• Validity of consent so given
Free choice or forced consent?
User‘s reasonable expectation of privacy (public/CUG)
Will Swiss courts rely on social media policies and employee handbooks?
AKN
10. Responsibility
User User User User User
Public Platform
Rights
Enforce-
Owners
ment
Hosting Provider Operator Advertiser
HRT
11. Which remedies and jurisdiction?
• Notice and take-down procedures require subscription
• Terms of Use often contain exclusive jurisdiction clause
„You will resolve any claim, cause of action or dispute (claim) you have with us
arising out of or relating to this Statement or Facebook exclusively in a state or
federal court located in Santa Clara County. The laws of the State of California will
govern this Statement, as well as any claim that might arise between you and us,
without regard to conflict of law provisions. You agree to submit to the personal
jurisdiction of the courts located in Santa Clara County, California for the purpose of
litigating all such claims.“
• Basle libel case (facebook)
• Other remedies
Cease and desist order
Damages
Criminal sanctions
• Law in the books and law in action
HRT
13. Conclusion
• New media, no shortage of questions (w/o sufficient answers)
• Technology develops faster than the law
• Substantial commercial interests
• But: No immediate need to regulate social media
• Companies to develop forward-looking social media strategy on
HR issues
Data protection
Libel & harassment
IP infringements
Negligent infringements
• Instruments
Social media terms of engagements
User awareness and training
privacy statements
Enforcement of personal privacy rights?
AKN