News Roundup: Google, Facebook, LinkedIn Grab Headlines

FTC Calls Unreasonable Security an Unfair Trade Practice

A lawsuit filed by the Federal Trade Commission (FTC) against Accretive Health, Inc. reminds employers to ensure they have a policy in place to manage employee use, access and control over personal data. The FTC investigation began when an Accretive employee’s laptop, storing the sensitive health information of 23,000 patients, was stolen.

While the loss of a laptop alone may not have been viewed as a large problem, the fact that the employee had that much information on the laptop when the information was not necessary for the employee to do his job was viewed as a larger issue. Additionally, the FTC determined that the company created unnecessary risk to consumer information by permitting the transport of sensitive information in unsecure manners, failing to limit access to information, and failing to have proper data removal or destruction processes.

To settle the case, Accretive has agreed to institute a comprehensive data security program and undergo ongoing monitoring. In addition to the security breach, Accretive was also investigated for violations of the Fair Debt Collection Practices Act where it was determined that the company attempted to collect debts from emergency room patients. However, that portion of the case was closed by the FTC due to insufficient evidence of violations across multiple states. For more information, click here.

Google Announces AdSense Direct

Google recently announced the launch of AdSense Direct, a new tool that will permit ad publishes to interact directly with marketers. The service makes it a lot easier for smaller websites and publishers to directly sell advertising. Publishers will not be required to be registered with AdWords to participate. Instead, they can simply provide advertisers with a link to the AdSense Direct pages and the advertisers can then upload their ad and pay.

Report Reveals Consumers’ Most Guarded Information

As recently reported by the International Association of Privacy Professionals, a recent study was conducted by Create with Context, asking 800 consumers what data they would be willing to share in exchange for a 50 percent discount on one of three items, including a gallon of milk, a large-screen television, or a new car. Ninety-seven percent of respondents were willing to share something, but what they would be willing to share varied. Consumers appeared to show less concern over information such as their names or phone numbers, but far more were concerned about information such as a fingerprints and photographs. Additionally, the study’s findings about willingness to share interests were very interesting. It showed that people were twice as willing to share offline interests as they were willing to share online interests. For more information on the study, a full discussion can be found here.

Is That Facebook Ad Eerily Targeted? Plaintiffs Think So.

A recent lawsuit filed against Facebook, Inc. alleges that the company scans private messages sent through Facebook in order to gather information so that it can aggregate data for marketing purposes and user profiling. The suit also alleges that the website follows links shared between users to help to build a profile of the sender’s web activity. Additionally, Facebook counts it as a “Like” when a user shares a link on its site.

According to the suit, which was filed in the Northern District of California, Facebook “misleads users into believing that they have secure, private mechanism of communication — Facebook’s privacy messaging function — when, in fact, Facebook intercepts and scans the content and treats portions of that content no differently than a public ‘Like’ or post, broadcast openly across the Internet.” The complaint alleges that Facebook’s actions violate the federal wiretap law as well as California privacy laws. The plaintiffs are seeking class action status. It will be interesting to watch if the Plaintiffs are able to establish that they have been “harmed,” which is where many of these law suits fail. Campbell et al v. Facebook Inc., No.5:13CV05996 (N.D. Cal. filed Dec. 30, 2013).

LinkedIn Sues John Doe Bots Over Scraping

The LinkedIn v. Does, 1 through 10 inclusive lawsuit is a good example of a company putting their website user agreement to work. In the recently filed suit in the Northern District of California, LinkedIn relied on its online user agreement to challenge unknown users — Does, 1 through 10 inclusive — that used bots to register thousands of fake accounts to mine the data of legitimate users.

According to the company’s complaint, this activity violates the LinkedIn user agreement. Specifically, the complaint sites that LinkedIn’s user agreement specifically excludes the activity of scraping, spidering or crawling from the license and right to access its services. Further, the “Do’s and Don’ts” section of LinkedIn’s user agreement states that members may not “use automated software, devices, scripts, robots, other means or processes to access, ‘scrape,’ ‘crawl’ or ‘spider’ any web pages or other services contained in the site.” The complaint also alleges a violation of copyright law and the Computer Fraud and Abuse Act. Although the company has disabled the false profiles that it has located and implemented additional security features, it is still seeking an injunction against the unknown profile owners to prevent future scraping.

The suit is a reminder to websites and app developers to ensure they have a strong user agreement to rely upon for cases of data theft and/or copyright violations. LinkedIn Corporation v. Does, 1 through 10 inclusive, No. 3:14CV00068 (N.D. Cal. filed Jan. 6, 2014).