Your own or your organisation’s sites: Content creation

Introduction

This second post in the series entitled “Your own or your organisation’s sites” addresses some of the legal issues that can arise in the context of content creation.

Depending on the context of one’s social media site, there are potentially a number of issues relevant to the creation of content on the site which ought to be considered prior to launch, including:

  • terms of use;
  • an appropriate privacy statement; and
  • if the site is an organisation’s site, the appropriateness of staff contributions to the site and whether staff contribution guidelines are desirable.

While the area of placement of terms of use and privacy statement may also be relevant at the site design stage, they are discussed under the heading of content creation because, in legal terms, they are more closely related to the creation and use of content.

Terms of use

Depending on the nature of one’s site, terms of use may need to deal with the likes of:

  • registration obligations if there is be registration and authentication of users (e.g., obligations as to accuracy of information and security of logon credentials);
  • copyright and licensing of the organisation’s own content on the site;
  • warranties on the part of site users contributing third party copyright content that they have the right to use such material;
  • indemnities in favour of your organisation to protect it against loss if such warranties are breached;
  • ownership or licensing of users’ contributions (or “user generated content”);
  • unacceptable use and the organisation’s right to remove offending material;
  • co-operation with authorities in the event that material breaching other parties’ rights, or that is otherwise unlawful, is posted to the site;
  • for public sector organisation staff, a reminder of, or a term requiring compliance with, the Standards of Integrity and Conduct for the State Services;
  • moderation and banning of abusive commenters;
  • disclaimers of liability (to the extent appropriate); and
  • the right to amend the terms of use.

Notably absent from this list is a clause governing deep linking. It may be the case that deep linking on commercial, e-commerce sites has ramifications for site owners that depend on advertising on the site’s home page and who may therefore have legitimate reasons for wishing to prohibit deep linking. However, usually the same does not apply to social media sites, certainly not those of public sector organisations that are unlikely to carry any advertising. As such, there is no need for a prohibition on deep-linking. Further, there is a strong argument that such prohibitions are, in any event, counter-productive because links are a key determinant of good search engine rankings. Social media sites that wish to appear high up in search engine results will want a high number of incoming links. Why potentially reduce the number of such links through a prohibition on deep linking?

Thought will also need to be given to the means by which a site’s terms of use are to be made binding on all or a material subset of site users. While it is common practice for website terms of use to simply reside in a web page that is linked to in the footer at the bottom of the site, that approach runs a real risk of the terms being held to be unenforceable because users may not be aware of them and may not have agreed to them, whether in writing or by conduct. While that may not be particularly problematic for a “read only” or “Web 1.0″ brochure site with low liability risk and minimal terms, it is likely to be a riskier proposition for “read/write” or “Web 2.0″ social media sites which, for example, seek warranties and even indemnities from users.

There are various means by which terms of use can be made binding on users or a material subset of users. Some of them affect site design, some do not. The various means include:

  • where the site requires registration and authentication of users, requiring online acceptance of the terms of use as a condition of registration (this is the so-called “clickwrap” form of agreement); for an example, see the Digg registration process;
  • the same effect can be achieved by requiring users to request logon credentials by email (e.g., through a form on the site) and then making written or email acceptance of the terms a condition of receiving a logon;
  • links to the terms of use can be placed immediately beside any content entry form or box (the so-called “browsewrap” form of agreement) or, better still, a click to accept box beside such form or box which must be clicked before a user can add content (again, a “clickwrap” form of agreement); see, for example, the approach taken on the Stuff.co.nz blogs (scroll down to the bottom of this post);

The appropriateness of the means is likely to depend on factors such as the nature of the site, its likely audience, the level of risk and usability considerations.

Privacy statement

In the words of the Privacy Commissioner’s website, “[g]iving notice to website visitors about how you collect and use personal information is good privacy practice”. As noted earlier in this series of posts, for government departments it is mandatory (Standard 16.7 of the NZ Government Web Standards and Recommendations).

At the same time, there is much wisdom in the following words of the former Privacy Commissioner, Bruce Slane:

“It is important that web privacy statements not only give effect to the letter of a law or policy, but to its spirit as well. I have seen too many purported privacy statements in small print, containing all-encompassing weasel words. These statements do not fool people but act as a beacon that flashes “this business has something to hide”, even where the business has merely acted on cautious advice.”

A good privacy statement covers:

  • the scope of the statement (e.g., “This privacy notice applies to personal information collected on [organisation's] website: www.organisation.co.nz”);
  • the circumstances in which personal information is collected, by whom it is held and any choices users may have as to whether such information is collected in the first place;
  • the collection and use of statistical information, including users’ IP addresses;
  • a statement that cookies are used if that is the case and relevant implications of that (if any);
  • the uses to which the information may be put by the collecting agency and the circumstances in which it may be disclosed;
  • users’ rights to request access to or correction of personal information held by the website’s owning agency; and
  • contact details for such purposes.

There are countless examples of compliant privacy statements out there for guidance, such as those on the websites of the Privacy Commissioner, Bell Gully and InsideoutLegal.

Staff contributions

If an organisation is developing a social media site, it may need to consider the appropriateness of staff contributions to the site and whether staff contribution guidelines would be helpful. The purpose of such guidelines is not to be draconian. To the contrary, it is to recognise that:

  • online platforms on which people can communicate to the world at large may be fairly novel for some staff;
  • staff may need guidance on eligibility to contribute (where relevant), how the platform works and who they can approach for help;
  • staff may need assistance in understanding the reach of the platform, the potential permanence of what they say online and the privacy and security implications of revealing personal information online about themselves or their family and friends;
  • staff may need guidance on the range of appropriate contributions and what would be considered inappropriate by reference to the nature of their employment, the nature of the organisation’s business and any confidentiality or other contractual obligations to which they are subject;
  • staff may need some basic understanding of copyright and defamation law, as well as of the potential perils of using multimedia files from the likes of YouTube and Flickr when, in fact, the relevant files were uploaded to such sites without the true copyright owners’ consent or full copyright in those files has otherwise been reserved; and
  • staff in the public sector may need to be informed or reminded of any relevant administrative law obligations (whether statutory or common law) and of their obligations under the Standards of Integrity and Conduct.

As regards educating staff on the basics of copyright law, one approach might be to disabuse them of commonly held copyright myths in the online world. For example, the following are all myths:

  • one can use any content that does not have a copyright notice beside it;
  • if content is online, it’s already been released to the public and can be used by anyone for any purpose;
  • it’s permissible to use any content provided the use is non-commercial;
  • a non-profit organisation can use any content it wishes;
  • one can copy content provided the source is acknowledged;
  • one can copy content if the original author’s copyright notice is also reproduced;
  • one can copy content as long as it’s taken down when the copyright owner objects;
  • one can use copyright content if the copyright owner cannot be found; and
  • one can use copyright content if the copyright owner is contacted by does not respond (see, in the US context, K Biehl Bloggers Beware: Debunking Nine Copyright Myths of the Online World – Updated (7 February 2006)).

Just to be clear, none of the above statements is true.

Leave a Reply

If you'd like to get to know us or discuss something over coffee, drop us a line.