To our Social Media Law Bulletin subscribers

Our Social Media Law Bulletin team has been contributing articles on legal issues in social media since 2012.

The blog has gained a reputation for timely and substantive content. We appreciate your interest and the topical discussions that have resulted from the blog. As of March 6, 2015, however, the social media blog will become inactive.

The blog will remain searchable and our writers will continue to cover social media on our other popular blogs in Norton Rose Fulbright’s blog network.

We encourage you to visit and subscribe to any of these blogs for continued social media updates:

Best regards,

Sue Ross, Chief Editor

UK MPs consider social media terms & conditions too complex

A recent report by the Science and Technology Committee (a UK parliamentary select committee) on the Responsible Use of Data (the Report) concludes that online terms and conditions for the use of social media platforms are unnecessarily complex and may not serve their intended purpose of obtaining informed consent from a user for the right to process personal data.

While the Report focuses on the UK, the Committee’s observations have relevance globally because the requirement for informed consent to process personal data features in the privacy regimes of many jurisdictions.

In the UK, the Data Protection Act 1998 provides that businesses may process personal data if they have obtained the informed consent of the user (Data Protection Act 1998, Schedule 2). “Consent” is not defined in the Data Protection Act 1998 so the term is interpreted by reference to the EU Data Protection Directive (95/46/EC) to which the Data Protection Act 1998 gives effect. The EU Data Protection Directive (95/46/EC)   defines consent as “ . . .  any freely given specific and informed indication of [the data subject’s] wishes by which the data subject signifies his agreement to personal data relating to him being processed (EU Data Protection Directive (95/46/EC), Article 2).” Typically, a social media platform business will seek to obtain this consent by requiring the user to accept a set of terms and conditions in order to access and use the platform.

The Report questions the efficacy of this practice. It notes that making acceptance of the terms of conditions the basis for permission to use a social media platform does not necessarily correlate to having obtained informed consent, as such terms and conditions are rarely read in detail or understood by the user.  They are often far too long, contain jargon and use complex language.

The Committee observes that the opaque, legalistic style of terms and conditions makes them unsuitable for explaining to a user how a business intends to use its data.  It emphasises that businesses need to communicate effectively how they intend to use the data they collect, and if the terms and conditions do not achieve this then businesses will need to spell out separately what the data is going to be used for.

The implications of such an approach for most businesses are immediately apparent.  It means that a separate way of drawing the attention of the user to what uses will be made of its data would need to be developed if the terms and conditions are not effective in obtaining informed consent.  This in turn would require changes to the way information is presented to a user on a website when he/she first accesses a social media platform.

The Report suggests that the widespread adoption of an effective means of communicating the intended use of collected personal data could be achieved through the development of a set of information standards that businesses can sign up to.  Such standards would commit them to explaining to their customers their plans for using personal data in clear, concise and simple terms.

Observing that, when users sign up to access social media services, businesses often require them to provide personal information without any explanation justifying the requirement, the Committee notes that some of the requested information may simply not be necessary.  For example, the Committee queried why an app supplier needs to know a user’s location for a service that is not location-dependent.

The Committee concludes that businesses ought to draw a distinction between information required to access a service and information that is merely requested but not required as such.  The Committee considers that businesses have a greater responsibility to explain to the user their need for required information than would be the case for merely requested information.

Finally, the Committee recommends that the UK government should work towards the development of an internationally recognised “kitemark” system to grade the contents of social media platform terms and conditions. According to the Committee, such a system would provide users with an easy and immediate identification of those terms and conditions that have achieved a high kitemark rating, as well as incentivise businesses to review their terms and conditions to obtain a good kitemark rating.


Jane Berry ( / 44 20 7444 2298 ) is a lawyer in Norton Rose Fulbright’s London technology and sourcing practice.

Who owns your Instagram content?

You do (at least as between you and Instagram—your employer may have ownership rights in certain situations)!  Instagram does not claim ownership of any content that you post.

You do grant Instagram very broad license rights:  a non-exclusive, fully-paid and royalty-free, transferable, sub-licensable, worldwide license to use content that you post. This license grant means that you have given Instagram the right to use any of your photos for free, for any reason, anywhere in the world. Instagram can also give those rights to a third party.

Under Instagram’s terms, you must ensure that you own the content that you post or at least have the right to grant Instagram these rights and licenses to the content. You are also responsible to pay any royalties, fees or money owed for the content that you post.

If someone is infringing your copyright on Instagram, you can report copyright abuse. Instagram may remove infringing content or disable the accounts of repeat copyright infringers. It is common practice to re-share content of other users of Instagram, if the source of the content is acknowledged.

You should also bear the following in mind when using Instagram:


  • You must be at least 13 years old to use the app. You are responsible for any activity that occurs through your account, for your conduct and for the content you post. You agree not to assign your account or any rights to your account to another person.
  • You may deactivate your account by completing this form. Once deactivated, your content will no longer be accessible through your account but may continue to appear if, for example, it has been re-shared by others. If your account has been hacked, Instagram allows you to report it.
  • You must comply with Instagram’s community guidelines. In short, Instagram explains the guidelines as follows:
    • Post your own photos and videos.
    • Keep your clothes on.
    • Be respectful.
    • Don’t spam.
    • Have fun!


  • You are prohibited from creating an account for anyone other than yourself unless you (or your business) is expressly authorised to create accounts on behalf of your employer (or clients).
  • You may not post violent, nude, partially nude, discriminatory, unlawful, infringing, hateful, pornographic or sexually suggestive photos or other content.
  • You must not defame, stalk, bully, abuse, harass, threaten, impersonate or intimidate people or entities and you must not post private or confidential information.


  • Under Instagram’s terms, Instagram may modify or terminate your access at any time and for any reason without notice and liability. Instagram is not liable to you for any losses you may suffer through use of the app but if they are, liability is limited to USD100,00 (if a limit to liability is lawful in your jurisdiction).
  • Instagram is not liable for any interaction you may have with a third party app and your interaction with apps connected to Instagram is at your own discretion and risk. See our previous blog on APIs.
  • You (and any third party you operate an account for) agree to defend, indemnify and hold Instagram harmless from any liabilities arising as a result of your direct activities or those conducted on your behalf. If you are using Instagram on behalf of another legal entity you must have the authority to enter into the Instagram terms on their behalf.

If you want to know more see our previous blog dealing with sharing pictures on social media sites.

[Terms as at 26 January 2015]

Nerushka Deosaran ( / +27 11 685 8691) is a lawyer in Norton Rose Fulbright’s Johannesburg Intellectual Property practice.

The “Uber” rise of peer-to-peer sharing

Social media has changed the way we do business by connecting us online to buy goods and services from each other. This has resulted in the rise of “peer-to-peer” sharing apps and websites that connect people to share goods and services, such as transportation and accommodation, among other things. Companies that create these apps – such as Uber and Airbnb – have recently attracted considerable attention worldwide. Just last month Uber reported a valuation of $40 billion, which is more than the current annual revenue of the taxi and limousine market. Airbnb’s reported valuation is expected to exceed $10 billion. It is no surprise that these high price tag “sharing economy” firms are gaining international recognition.

The emergence of sharing economy firms is beginning to raise legal issues as the law attempts to keep up with advancements in technology. One of the important legal issues facing peer-to-peer businesses is consumer privacy. The protection of personal information is heavily regulated in many countries, including Canada and the United States. The ability to track users and retain consumer information therefore requires data collection procedures that can withstand legal scrutiny. This can be especially difficult when the parameters within which sharing economy firms are beginning to operate are not heavily regulated themselves.

Sharing economy firms can also run the risk of falling victim to industry-specific regulations not yet in place. For example, just last week China’s Ministry of Transport ordered that all taxi apps exclude private vehicles from their platforms. Therefore, firms using peer-to-peer business models intending to operate transportation services in China need to be aware of changes to the legal landscape that can affect the manner in which they provide their services.

These are just a few of the legal issues that sharing economy firms will continue to face as courts and jurisdictions determine how to regulate them. Companies looking to take advantage of these “uber” investment opportunities need to be mindful of the risks posed by the underdeveloped legal framework surrounding peer-to-peer sharing. Developing a robust business model that operates within the current regulatory framework and that can adapt to new changes in the law is important to the growth and success of these new apps.


Daniel Daniele ( / +1 416 216 2317) an attorney in Norton Rose Fulbright Canada’s Intellectual property practice.

Guidelines relating to social media

In addition to laws and regulations, as well as the terms and conditions posted by the social media sites themselves, regulators and trade associations sometimes offer companies guidance to help them comply with requirements, best practices, and principles.

Norton Rose Fulbright’s Social Media Law Bulletin is proud to offer a Glossary of Guidance documents listing various references attributed to social media issues. Some are general guidance by subject matter (such as the FTC’s guidelines on the use of endorsements) and others can be very industry-specific (the FDA, FINRA, and the SEC have each issued social media guidance).  The Glossary includes links to our respective blog posts on the documents.

Take a look at our Glossary of guidance section for more information and topics of these document.


Sue Ross ( +1 212 318 3280) is a lawyer in Norton Rose Fulbright’s US commercial disputes practice.

Legal blogs and protected speech

In Huon v. Breaking Media, LLC, the US District Court for the Northern District of Illinois held that federal law protects internet publishers from defamation claims based on content posted by commenters to online news stories (See Memorandum Opinion and Order, No. 1:11-cv-03054 (Dec. 4, 2014)).

In Huon, the plaintiff sued the popular online legal blog Above the Law (among other internet publishers). Above the Law had posted an article concerning the plaintiff’s arrest and trial related to sexual assault charges. The article generated over 100 comments, some of which the plaintiff claimed were defamatory, and the plaintiff sought to hold Above the Law liable for publishing those comments.

The court dismissed the claims based on the commenters’ alleged defamation pursuant to the Communications Decency Act (the “CDA”), 47 U.S.C. § 230(c)(1). As we have previously written, Section 230(c)(1) states, “No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider” (47 U.S.C. § 230(c)(1)).

An interactive computer service is “any information service, system, or access software provider that provides or enables computer access by multiple users to a computer server, including specifically a service or system that provides access to the Internet and such systems operated or services offered by libraries or educational institutions” (Id. § 230(f)(2)). And an information content provider is “any person or entity that is responsible, in whole or in part, for the creation or development of information provided through the Internet or any other interactive computer service” (Id. § 230(f)(3)).

As the court described the CDA, “In essence, the CDA says that ‘an online information system must not ‘be treated as the publisher or speaker of any information provided by someone else’” (Huon, No. 1:11-cv-03054 (quoting Chi. Lawyers’ Comm. for Civil Rights Under Law, Inc. v. Craigslist, Inc., 519 F.3d 666, 671 (7th Cir. 2008), available here)).

In this case, the court held there were two reasons for dismissal under the CDA. “First, a website does not incite the posting of unlawful content merely by providing a forum for that content . . . even where the forum is likely to or frequently does contain postings of an unlawful nature” (Huon at 10). The court then looked to evidence that Above the Law was attempting to prohibit unlawful postings, noting Above the Law’s policy that prohibits the posting of defamatory material or other unlawful material. Second, the court noted that other cases had applied the CDA even where a web publisher “edits third-party content or manipulates such content to make it more prominent” (Id.). Accordingly, determining the order of comments or editing them did not transform Above the Law into “providers” of the comments under the CDA.

Huon demonstrates the broad scope of protection given to internet publishers under the CDA. Even where a website frequently contains postings of an unlawful nature or the website manipulates those comments to make them more prominent, U.S. courts will typically not hold the website liable for any defamatory statements made by its commentators.


This article was prepared by James V. Leito IV ( / +1 214 855 8004), an associate in Norton Rose Fulbright’s litigation practice group.

Legal considerations for social network application programming interfaces

An application programming interface (A.P.I.) is a library or structured set of software tools that provides an interface to a backend software platform, such as a social networking platform, without providing direct access to the underlying source code of the platform. For example, Facebook™, Twitter™, Instagram™, LinkedIn™, Google Plus™, and Tumblr™ offer A.P.I.s so that developers can interface with their social networking platforms, resulting in widespread development of various social network based software applications. For example, social gaming applications use social network APIs to access social connections and profile page data, and publish activities to user news feeds and profile pages. Using the social network API, a developer can add social features to a software application with profile, friend, status, photo, video, event, and group data from the social network platform. The software application may exchange data with the social network platform through API software tools.

A software application built using a social network application API is often tightly connected and dependent on the underlying social network platform, which gives rise to practical legal considerations.

Generally, terms of use govern how the API software tools may be legally used by the software application. Any breach of the terms of use generally provides the social network platform with the ability to deny use of the API and effectively shut down operation of the software application. A careful review of such terms of use is critical prior to any development using the API for the social network to ensure any contemplated use is in line with those terms.

Commonly, social network API terms of use require representation that the developer owns the intellectual property (IP) rights in its software and that its software does not infringe on the IP rights of others. This may require extra IP diligence by the developer. In the event of an IP dispute involving the software application, a social network platform may give deference to the IP owner pending resolution of the dispute even if a legitimate defense exists, and block the software application from interfacing with the social network platform using the API as a violation of terms of use.

Branding of the software application built using the API requires careful consideration of any third party trade-marks, including the social network trade-mark. Generally, the owner has exclusive of use of its trade-mark. Any software application branding may not be permitted to refer to the social network brand or another third party brand in a way that causes confusion as to the owner. Again, even if a trademark dispute is unfounded or uncertain, the social network can effectively shut down operation of the software application pending its resolution.

Copyright protects computer programs as literary works. Copying sections of software code when developing the software application may violate copyright, which in turn may violate terms of use of the API. Even if the copying is considered a fair use or fair dealing, the terms of use may require ownership of the intellectual property. In some cases, copyright protection may also extend to the library or structure set of the API. Accordingly, even developers of the social network API itself must be careful not to copy another social network API library or structured set of software tools.

Finally, patent protection may extend to particular forms of software. Independent creation may not be a defense to patent infringement so even if the developer did not intentionally copy any third party intellectual property they may be unknowingly infringing on patent rights and violating the terms of use.

Accordingly, while using an API for a social network may facilitate software development, the dependency of the software application on the underlying social network requires additional legal diligence.

Maya Medeiros (  / 416.216.4823) is a lawyer, Patent Agent, and Trade-mark Agent in the Toronto office of Norton Rose Fulbright Canada.

Consumer confusion with marketing on social media

Social media often serves as a powerful mechanism that trademark owners can employ to promote and expand their brands, but a case currently pending in the Southern District of California illustrates just how easily social media can also be used to spread consumer confusion.

In Faegin v. LivingSocial, Inc., No. 14CV00418-WQH-KSC, 2014 WL 5307186, at *1 (S.D. Cal. Oct. 15, 2014), the plaintiffs operated a residential and commercial cleaning service in San Diego called A.T. Your Service Cleaning and Janitorial. They enlisted the services of defendant LivingSocial, an online marketing company, to promote their business with online advertising and discounts through the LivingSocial website and social media channels. The parties signed an agreement for a two-month promotional period that involved the sale of discounted vouchers.

But months after the promotional period had ended, the plaintiffs were startled to receive additional phone calls from potential customers trying to redeem vouchers. An investigation revealed that LivingSocial had been promoting the services of another company in San Diego, At Your Service Housekeeping. LivingSocial’s omission of contact information on the vouchers led to confusion and numerous negative reviews about the plaintiffs’ business on Yelp and Facebook, according to the Complaint in which the plaintiffs alleged federal and federal claims for trademark infringement and false advertising against LivingSocial and the owners of At Your Service Housekeeping.

The district court recently denied LivingSocial’s motion to compel arbitration under the marketing agreement, holding that the original agreement did not contemplate rights or obligations regarding the plaintiffs’ mark or other companies with similar names. Consequently, the dispute did not arise from or relate to the agreement.

The case demonstrates how easily actual consumer confusion can spread through social media and serves as a reminder of the importance of monitoring the Internet and social media for infringing users.

When conducting the likelihood of confusion analysis, courts often consider whether the two opposing parties use or are likely to use similar marketing and advertising channels. Notably, the parties in this case had both turned to the same social media marketer. Though social media access can facilitate would-be infringers, it may also help trademark owners to develop strong trademark infringement claims—in addition to promoting their marks.

Andrea Shannon ( / +1 512 536 3088) is a lawyer in Norton Rose Fulbright’s Austin intellectual property practice.

WhatsApp your contract

“This post discusses an interesting case in South Africa involving contract amendments via e-mail and other electronic platforms.”

A recent court decision (Spring Forest Trading v Ecowash) potentially allows contracting parties to sign their contracts by way of a data message (which includes emails and other communication platforms such as WhatsApp, BBM and social media) by typing their name at the end of a message. In the case, the contract was subject to a non-variation clause stating that no variation or consensual cancellation would be valid unless reduced to writing and signed by both parties. An email signed “Greg” was held to be a signed document.

Electronic communications = writing

The Electronic Communications and Transactions Act, 2002 (ECTA) gives communications via data messages the same effect as non-electronic documents. This means that if there is a requirement to have a document in writing, the ECTA gives the same legal effect to that document in electronic format.

Email signature = electronic signature

If a signature is required by law (i.e. statute), ECTA requires an electronic communication to contain an advanced electronic signature from an accredited authority (for example, ante nuptial contracts and sale of immovable property). But an agreement between private parties to sign a document, such as a non-variation clause in a contract, does not amount to a legal requirement for a signature and therefore an advanced electronic signature is not required.

If private parties require a signature in order to conclude or amend a contract, but have not agreed the type of signature to be used when transacting electronically, the “signature” requirement is met if the method used:

  1. identifies the person;
  2. indicates the person’s approval of the information communicated; and
  3. is reliable and appropriate for the purposes for which the information was communicated, having regard to the circumstances.

In this case, a person’s name at the end of an email satisfied these requirements.