Copyright Privacy

Guest Post: Deconstructing the Facebook Privacy Notice – Copyright and Privacy Protection


In case you’ve ever wondered about Facebook’s terms of use regarding content you put on it, this guest post by Thomas J. Vallianeth will be of interest to you. This is Thomas’ second entry to our SpicyIP Fellowship applicant series. You can view his first entry here.

Deconstructing the Facebook Privacy Notice – Copyright and Privacy Protection

fb privacy notice

Image from here

Among the many “urban legends” that go viral on Facebook, there is one of particular interest to the IP community. A few years ago when the Facebook privacy concerns first started, a couple of people decided to rid themselves of such threats by passing a declaration to the effect that the content posted on their profiles were under copyright protection and that Facebook had no authority to give out this content without their permission. This notice was posted on their profiles and was filled with legalese that didn’t have any effect at all. The internet was quick to pounce on this and point out the folly in posting such a declaration. The number of posts reduced with time and had nearly vanished, when all of a sudden Facebook decided to go public with its company. Troll mills on the internet began weaving another notice. The notice read like this:

“…. I declare, to whom it may concern, and in particular to the administrator of the company Facebook, my author rights which are related to all my personal information, comments, texts, articles, illustrations, comics, paintings, photos, professional videos and other publications in electronic format that I spread on this site under my signature. The above on the basis of the principle enshrined in the Berne Convention for the protection of literary and artistic works, as well as with regard to the respective national copyright law. For commercial use of the aforementioned items, always must be by my written consent. By this statement, I give notice to Facebook it is strictly forbidden to disclose, copy, distribute, or take any other action against me based on this profile and/or its contents. These prohibited actions also apply to employees, students, agents or members of any team, under the direction or control of Facebook. The content of this profile is private and confidential information. The violation of privacy can be punished by law (UCC 1-308 – 1 1 308-103 and the Rome Statute). Note: Facebook is now a public entity….”

This was a post in July of 2013. There have been a number of similar posts on Facebook which can be found here.

Breaking it down

The internet was at it again. Quick to debunk the notice as nothing but a lot of legalese with no effect. Despite the obvious flaws in the notice, the premise behind the notice however, is quite interesting and is worth observing. The effects of such a strategy in the implementation of copyright law to achieve privacy protection is quite ingenious indeed. The implications of this would be that any transfer of information on the part of Facebook that was not authorised by the user would amount to actionable infringement on the part of Facebook.

However, this might not work in practice. This is for a number of reasons. First, the carefully worded Statement of Rights and Responsibilities, available as the Terms of Use of Facebook grants it a “non-exclusive, transferable, sub-licensable, royalty-free, worldwide license to use any IP content” that is posted. The Sign Up page on Facebook clearly requires you to agree to these terms before you start using the service. This makes the terms of use a click wrap contract and clearly enforceable (see for example, the Second Circuit’s opinion in Schnabel v. Trilegiant Corp.). Second, considering the nature of contract itself, in that it governs a series of continuing transactions, where the usage of the website is provided as consideration in return for the IP license, it implies that each act of uploading of content on Facebook is governed by the same license as agreed upon initially in the Terms of Service. Third, the signing requirement in S.30 of the Indian Copyright Act for the grant of a license has been dispensed with by the 2012 amendment making it easier to grant licenses online and ensuring a broader validity of these agreements.

The only factor limiting the use of this information by Facebook appears to be their Data Use policy. Even this data use policy merely specifies that information that is shared publicly will be available publicly and not any other information. However, this does not really limit the ability of Facebook to process this data. Consider also the definition that is provided in the Terms of Use of Facebook for the phrase “use”. It has been defined in clause 18.7 as “use, run, copy, publicly perform or display, distribute, modify, translate, and create derivative works of” which is a fairly expansive license that Facebook grants itself, which also does not limit the sharing of this data or its processing. Therefore the processing of this information would be authorised under the license and would not be an act of infringement.

In my opinion, the only argument that can be raised is that such a declaration amounts to a material alteration in the contract of license between Facebook and the user. However, the effect of this would be to terminate the original agreement (S. 62 of the Indian Contract Act) rendering the user liable to have his Facebook account removed as it was only provided with a valid agreement in place.

In short, don’t bother posting the notice to protect your privacy on Facebook.

Swaraj Paul Barooah

Swaraj Paul Barooah

Follow @swarajpb Swaraj has a deep interest in IP, Innovation and Information policy, especially when they involve issues relating to Access to Knowledge, Innovation incentive mechanisms, Digital Freedoms, Open Access, Education, Health and Development. After his BA, LLB (hons) from Nalsar Univ of Law, Hyderabad, he went on to do his LLM from UC Berkeley in 2010. He is now pursuing his J.S.D. degree from UC Berkeley where he is focusing on Drug Innovation Policy and Access to Medicines. Aside from SpicyIP, he is also engaged as a consultant on various IP matters, and is a visiting faculty member at Nalsar Univ of Law. He is also in the process of starting up a New Delhi based "IP, Innovation & Information Policy" focused think-tank.

2 comments.

  1. AvatarKumar

    So, what is your view on the legality of Facebook reading your short (SMS and MMS) messages?

    I’m referring to this:
    http://www.dailymail.co.uk/sciencetech/article-2547326/Is-Facebook-reading-TEXTS-Android-app-update-lets-app-access-written-picture-messages.html

    There has been a clarification why Facebook technically needs to read your SMS and MMS but my question is whether any violation of contract is involved ?

    And if Facebook could function reasonably well without reading your SMS and MMS, would it be incumbent upon them to provide an acceptable level of service without reading your SMS and MMS ?

    Reply
  2. AvatarThomas

    Thank you for your questions. It throws to light some very important concerns regarding Facebook’s manner of operation.
    First things first, regarding Facebook reading SMS and MMS messages, there are two things to be noted here. The Terms of Use that an App requires you to accept before download fits the classic definition of a click wrap contract. A click wrap contract is (also) a contract that a software user must accept before downloading the software onto their device, failing which the manufacturer has the right to deny installation or download. Courts have, as a matter of practice found these contracts to be valid and enforceable. For a discussion please see: http://www.hklaw.com/digitaltechblog/Enforceability-of-Clickwrap-Agreement-Called-into-Question—-Checklist-for-Best-Practices-in-Electronic-Contracting-11-07-2012/
    In addition, a service (the Facebook App in this case) that is downloaded on the App store exists independent of the website that it is connected to. Therefore, the terms of use of the Android app that Facebook has released will be independent (and in this case, additional to) the terms of use of the website Facebook. Please see: https://m.facebook.com/terms.php?_rdr (Read from the phrase: “When you use an application…” under the head sharing your content and information. This implies that the terms of use of the App itself is different from the Terms of Use of the website).
    Therefore, despite the fact that the Data Use Policy of Facebook virtually allows it to give away this information to advertisers and for provision of “other services”, often without removing personally identifiable information, legally speaking, Facebook seems to have covered all its bases.
    However, morally speaking, this is quite another issue altogether. While they claim that they use the permission to merely read the confirmation message, they have not issued statements to the effect that they only read that message. In a statement that the Daily Mirror quotes (http://www.dailymail.co.uk/sciencetech/article-2547326/Is-Facebook-reading-TEXTS-Android-app-update-lets-app-access-written-picture-messages.html), Facebook seems to continuously monitor messages for login SMSs and therefore seems to monitor every single message. Now while the use seems to be ostensibly valid, the extent of this seems to be a little too stretched. The only remedy that I see in such a situation is to probably challenge the standard form contract under provisions similar to Unfair Terms Act of the UK.
    The Data Use Policy of Facebook now allows them to give away this information without having to remove Personally Identifiable Information (again some very careful, evil drafting). So we seem to have written away a little bit of our lives by our dependance on Facebook.

    Coming to your question regarding breach of contract, I would think that they are not bound to provide the App to you, unless you agree to the Terms. The Facebook Terms of use merely assures you the provision of Facebook as a service and not enhanced access. In my opinion the App and its services (by virtue of its Terms of Use) are severable from the website itself. If however, somebody can make the argument that its not severable, then we are still left with a fairly inclusive Data Use Policy with regards to information they may collect. So I don’t believe the remedy lies in Contract Law as India knows it under the Contract Act, probably a UK approach under their Unfair Terms Act seems like a good option. This is considering the present pervasiveness of Facebook.
    Additionally, Facebook can simply choose not to process this other information and unequivocally state so, but hey, will they ever let go of their money?

    Reply

Leave a Reply

Your email address will not be published.