Our Top Five stories from 2015 also provide some “lessons learned” or considerations for companies who are considering using social media in 2016:

  1. Know what data you are collecting and where it is being transferred. Like more than 4,000 companies, Facebook had been sending member data of European citizens to the United States pursuant to the EU/US Safe Harbor. In October 2015, the European Court of Justice struck down the EU/US Safe Harbor, leaving companies scrambling to find an alternative way to send personal data from the European Union to the United States. Although the successor to the EU/US Safe Harbor (known as the EU-US Privacy Shield) has been announced, the European data protection authorities have indicated that they will finalize their position on the adequacy of the Privacy Shield in April of 2016 and the issue may return to the courts. In the meantime, if your company is using social media, do you know what data is being collected?  Is any of it personally identifiable?  To which country or countries is it being transferred?  How are you complying the legal requirements to make the transfer?
  2. Know where your content is from, and who is using it. Among the rights granted to a copyright owner is the right to make copies, and to prohibit others from making copies under many circumstances. Our “Top Five” post pointed out that New York artist Richard Prince created a stir by selling canvasses featuring other people’s Instagram photos for around USD100,000 each. On December 30, 2015 photographer Donald Graham filed a complaint against Prince for copyright infringement. Do you know the source of all of the text and images that your company has placed on its social media accounts?  If any of that content is from a third party (such as a photo), does your company have permission to use it in this manner?  If users are posting content on your social media accounts, are you following the United States’ notice and takedown procedure?  Have you registered your agent with the U.S. Copyright Office?  Are you checking to see if anyone has copied your content in an impermissible way?
  3. Monitor how your hashtags are being used. Hashtags were originally used on Twitter as a way to organize Tweets by topics. As our “Top Five” post described, students in South African universities used a hashtag not only to organize Tweets but also to organize protests, some of which became violent, resulting in property damage to university property and a lawsuit. The legal papers cited the hashtag ‘#FeesMustFall’ as the second respondent. Are you monitoring how your hashtags are being used?  What is your plan if your hashtags are being used in a manner that was not intended?
  4. Does your company use social media apps and peer-to-peer networks? Social media apps are used by traditional brick-and-mortar businesses as well as “sharing economy” firms such as Uber and Airbnb. Some businesses also use peer-to-peer networks, which can raise privacy issues because there may be fewer controls in place if personal information resides on several “peer” computers than would be the case with a centralized database on a company’s computer server. Does your company use peer-to-peer networks?  Does it work with companies that do so?  How is personal information gathered by the social media apps being protected?
  5. The line between brand protection and free speech can vary by country. Our “Top Five” post also summarized the social media squabble between two Australian YouTube fitness personalities. The brand owner obtained a court injunction to have the defendants’ YouTube videos criticizing the brand owner taken down. The matter settled when the defendants agreed to remove all YouTube videos criticizing the brand owner and to refrain from speaking about her or her partner in any further videos or other media. In that case, both parties were located in the same country. What would your company do if the defendants were located in a country where your company was unable to obtain an injunction to protect its brand?  Suppose the settlement did not prohibit all speech involving your company but only false or defamatory speech (as would be more common in the United States)—how would you monitor compliance?