Legal Basics for Digital Publishers
I am often asked about the primary legal concerns that every digital publisher should be aware of. While this is not fully comprehensive of every area of liability a digital publisher may face, it does provide the prominent areas of regulatory legal concern.
1. Privacy. You should know exactly how you and your vendors use personal information collected from your users. Personal data can be an extremely valuable source for marketing purposes, however, you must ensure that marketing efforts of both you and your advertising partners comply with both state and federal law. A well drafted privacy policy should be posted on all digital platforms. Representations in privacy policies create a legally binding contract between you and your users. Once adopting a policy, abide by that policy and draft agreements with advertising partners and vendors obligating them to also abide with your policy in the collection and use of user data. You should also provide a meaningful “opt out” option for your users. Every digital platform should have a privacy policy. The state of California recently brought action against Delta Airlines for failing to post a privacy policy on its mobile app. Delta now faces a fine of up to $2,200. for EVERY download of the app.
2. COPPA. The Children’s Online Privacy Protection Act was enacted in 1998 to protect children’s privacy online. Since then the Federal Trade Commission has obtained multi-million dollar settlements from digital publishers that collect children’s personal information (“PII”) without satisfying requirements of COPPA. The law provides extra online privacy protection for children under 13 unless parents consent. A website need not neccesarily be directed at children in order for COPPA to apply. In December of 2012, the Federal Trade Commission promulgated new rules interpreting COPPA to be effective as of July 1, 2013. While attorneys and legal commentators complain about ambiguities to the new rules, one thing seems obvious; the new rules will result in more websites and mobile apps falling under COPPA.
3. DMCA and Safe Harbors. The Digital Millennium Copyright Act provides copyright infringement protection from user generated content posted by a user, as long as the publisher qualifies as a “Safe Harbor” under the statute. In order to qualify for protection, publishers should not excercise editorial control over the postings before publication and should diligently follow the “notice and takedown” procedures established by the DMCA. Controls are necessary to ensure that claimed infringing materials are properly disabled, or re-enabled, as required, and that the accounts of repeat offenders are terminated.
4. Liability Protection and Monitoring under the CDA. In addtion to protection under the DMCA, publishers should also refrain from editing user postings for CDA protection. The Communications Decency Act provides protection to publishers for user postings, as long as the publisher did not exercise editorial control. Editorial control is very different from monitoring, however. Although not required, publishers should monitor user postings to protect their image and brand from postings that harass, defame, or are pornographic. Proper controls should be in place to monitor content in line with the publisher’s reputation and goals.
5. Mobile apps and Location Data. Mobile apps are greatly enhanced with location data, but the use of geographic location in marketing is somewhat controversial and addtional regulation is expected. For now, publishers should know how they and their partners use location data and have controls in place for users to “opt out” of location tracking.
6. Security. Digital Publishers that collect and/or use personal information should have robust security protections in place to protect the PII of its users, especially financial and other sensitive data. Third party vendors that process transactions, collect, or store user PII can inflict liability and severly damage a publisher’s reputation. Digital Publishers should take extra care in knowing how their vendors secure such information. Agreements with vendors should be drafted to include security representations and warranties from the vendor, as well as indemnification for the publisher if security is breached.
7. Terms of Service. Just as with a privacy policy, the terms of service for digital platforms creates a binding contract between you and your users. TOS should be direct and broadly drafted. A public outcry and backdown by Instagram after announcement of their new Terms of Service in December of 2012, however, shows how an overreaching TOS can cause problems. The Instagram experience illustrates how publishers should be mindful of what is customary and what their users expect.
This article is not intended as legal advice. Please consult your attorney.