This second post in the series entitled “Your own or your organisation’s sites” addresses some of the legal issues that can arise in the context of content creation.
Depending on the context of one’s social media site, there are potentially a number of issues relevant to the creation of content on the site which ought to be considered prior to launch, including:
- an appropriate privacy statement; and
- if the site is an organisation’s site, the appropriateness of staff contributions to the site and whether staff contribution guidelines are desirable.
- registration obligations if there is be registration and authentication of users (e.g., obligations as to accuracy of information and security of logon credentials);
- copyright and licensing of the organisation’s own content on the site;
- warranties on the part of site users contributing third party copyright content that they have the right to use such material;
- indemnities in favour of your organisation to protect it against loss if such warranties are breached;
- ownership or licensing of users’ contributions (or “user generated content”);
- unacceptable use and the organisation’s right to remove offending material;
- co-operation with authorities in the event that material breaching other parties’ rights, or that is otherwise unlawful, is posted to the site;
- for public sector organisation staff, a reminder of, or a term requiring compliance with, the Standards of Integrity and Conduct for the State Services;
- moderation and banning of abusive commenters;
- disclaimers of liability (to the extent appropriate); and
Notably absent from this list is a clause governing deep linking. It may be the case that deep linking on commercial, e-commerce sites has ramifications for site owners that depend on advertising on the site’s home page and who may therefore have legitimate reasons for wishing to prohibit deep linking. However, usually the same does not apply to social media sites, certainly not those of public sector organisations that are unlikely to carry any advertising. As such, there is no need for a prohibition on deep-linking. Further, there is a strong argument that such prohibitions are, in any event, counter-productive because links are a key determinant of good search engine rankings. Social media sites that wish to appear high up in search engine results will want a high number of incoming links. Why potentially reduce the number of such links through a prohibition on deep linking?
- the same effect can be achieved by requiring users to request logon credentials by email (e.g., through a form on the site) and then making written or email acceptance of the terms a condition of receiving a logon;
The appropriateness of the means is likely to depend on factors such as the nature of the site, its likely audience, the level of risk and usability considerations.
In the words of the Privacy Commissioner’s website, “[g]iving notice to website visitors about how you collect and use personal information is good privacy practice”. As noted earlier in this series of posts, for government departments it is mandatory (Standard 16.7 of the NZ Government Web Standards and Recommendations).
At the same time, there is much wisdom in the following words of the former Privacy Commissioner, Bruce Slane:
“It is important that web privacy statements not only give effect to the letter of a law or policy, but to its spirit as well. I have seen too many purported privacy statements in small print, containing all-encompassing weasel words. These statements do not fool people but act as a beacon that flashes “this business has something to hide”, even where the business has merely acted on cautious advice.”
A good privacy statement covers:
- the scope of the statement (e.g., “This privacy notice applies to personal information collected on [organisation's] website: www.organisation.co.nz”);
- the circumstances in which personal information is collected, by whom it is held and any choices users may have as to whether such information is collected in the first place;
- the collection and use of statistical information, including users’ IP addresses;
- a statement that cookies are used if that is the case and relevant implications of that (if any);
- the uses to which the information may be put by the collecting agency and the circumstances in which it may be disclosed;
- users’ rights to request access to or correction of personal information held by the website’s owning agency; and
- contact details for such purposes.
If an organisation is developing a social media site, it may need to consider the appropriateness of staff contributions to the site and whether staff contribution guidelines would be helpful. The purpose of such guidelines is not to be draconian. To the contrary, it is to recognise that:
- online platforms on which people can communicate to the world at large may be fairly novel for some staff;
- staff may need guidance on eligibility to contribute (where relevant), how the platform works and who they can approach for help;
- staff may need assistance in understanding the reach of the platform, the potential permanence of what they say online and the privacy and security implications of revealing personal information online about themselves or their family and friends;
- staff may need guidance on the range of appropriate contributions and what would be considered inappropriate by reference to the nature of their employment, the nature of the organisation’s business and any confidentiality or other contractual obligations to which they are subject;
- staff may need some basic understanding of copyright and defamation law, as well as of the potential perils of using multimedia files from the likes of YouTube and Flickr when, in fact, the relevant files were uploaded to such sites without the true copyright owners’ consent or full copyright in those files has otherwise been reserved; and
- staff in the public sector may need to be informed or reminded of any relevant administrative law obligations (whether statutory or common law) and of their obligations under the Standards of Integrity and Conduct.
As regards educating staff on the basics of copyright law, one approach might be to disabuse them of commonly held copyright myths in the online world. For example, the following are all myths:
- one can use any content that does not have a copyright notice beside it;
- if content is online, it’s already been released to the public and can be used by anyone for any purpose;
- it’s permissible to use any content provided the use is non-commercial;
- a non-profit organisation can use any content it wishes;
- one can copy content provided the source is acknowledged;
- one can copy content if the original author’s copyright notice is also reproduced;
- one can copy content as long as it’s taken down when the copyright owner objects;
- one can use copyright content if the copyright owner cannot be found; and
- one can use copyright content if the copyright owner is contacted by does not respond (see, in the US context, K Biehl Bloggers Beware: Debunking Nine Copyright Myths of the Online World – Updated (7 February 2006)).
Just to be clear, none of the above statements is true.