Home Data-Driven Thinking The Risk Of Clicking Facebook’s Social Plugin

The Risk Of Clicking Facebook’s Social Plugin

SHARE:

garykibel“Data-Driven Thinking” is written by members of the media community and contains fresh ideas on the digital revolution in media.

Today’s column is written by Gary Kibel, a partner in the technology, digital media and privacy practice group at Davis & Gilbert.

When developing an interactive campaign or product, incorporating social plug-ins is generally a quick and easy no-brainer. However, have you ever asked about what data is being collected by the plug-ins, or if there are any laws on the books that might apply to this activity?

The ad tech world often finds itself forced to resolve the conflict between decades-old laws and new technology. The round peg often does not fit into the square hole. This is precisely the situation in a pending class action lawsuit involving Hulu, the Facebook “like” button and the Video Privacy Protection Act (VPPA).

The VPPA is not some new law enacted to address online video. It was signed by President Ronald Reagan in 1988 in response to outrage over the disclosure of Supreme Court nominee Robert Bork’s video rental history. A reporter obtained the information from a local D.C. video rental store to highlight Justice Bork’s originalist views that the Constitution does not contain a right to privacy. He didn’t rent anything salacious, like “Rochelle, Rochelle,” by the way, but you can imagine why nervous policymakers passed the law in a hurry.

Pending Lawsuit

The plaintiffs assert that Hulu meets the definition of a “video tape service provider” under the VPPA. While the definition includes the word “tape,” it means a party engaged in the rental, sale or delivery of prerecorded audiovisual materials. The court held that the VPPA’s reference to “prerecorded video cassette tapes or similar audio visual materials” covers prerecorded video content in electronic or new formats, and not just hard copies. Therefore, the 1988 definition applies to modern online video services. The law was not just about physical videotapes, but was about preserving the confidentiality of private viewing preferences.

The plaintiffs next claimed that when the “like” button is clicked, it would transmit personally identifiable information to Facebook that was tied to these viewing preferences. Under the VPPA, personally identifiable information is that which “identifies a person as having requested or obtained specific video materials or services from a video tape service provider.” For a time, the referrer URL being used included the title of the video being watched, the user’s IP address and Facebook ID. The court agreed that personally identifiable information does not need to include a name, but can include a Facebook ID transmitted through a “lu” cookie. Taken together, the argument made was that the user’s personal (not anonymous) video viewing habits were being shared without the user’s consent.

Consent for the transfer of such personally identifiable information would satisfy the VPPA, but there is generally no consent process when clicking a social plug-in. The law states that the consent must be “informed.” A site may not understand what data is being transmitted, and the user certainly has no idea what data is involved.

Broader Implications

Due to procedural and factual matters, this particular lawsuit may not go too far but the lessons learned should be clear. When working with another party that collects data on your site or service via a social plug-in, tag or other tracking mechanism, you must first know what is being placed on your service and understand exactly what data is being collected through such mechanisms. You must also understand, and possibly control, how the tracker will use the data and consider any legal implications.

Subscribe

AdExchanger Daily

Get our editors’ roundup delivered to your inbox every weekday.

Netflix managed to have the VPPA amended in 2012, but technology has always moved at a faster pace that the law. The VPPA vs. online video is certainly not the first clash between old law and new technology, and it will unlikely be the last. Persistent identifiers have rich detail and are ubiquitous online. The line between personally identifiable information and non-personally identifiable information is rapidly eroding.

If you liked this article, please click … oh, never mind.

Follow Gary Kibel (@GaryKibel_law), Davis & Gilbert LLP (@dglaw) and AdExchanger (@adexchanger) on Twitter.

Must Read

A comic depicting Judge Leonie Brinkema's view of the her courtroom where the DOJ vs. Google ad tech antitrust trial is about to begin. (Comic: Court Is In Session)

Your Day One Recap: DOJ vs. Google Goes Deep Into The Ad Tech Weeds

It’s not often one gets to hear sworn witnesses in federal court explain the intricacies of header bidding under oath. But that’s what happened during the first day of the Google ad tech-focused antitrust case in Virginia on Monday.

Comic: What Else? (Google, Jedi Blue, Project Bernanke)

Project Cheat Sheet: A Rundown On All Of Google’s Secret Internal Projects, As Revealed By The DOJ

What do Hercule Poirot, Ben Bernanke, Star Wars and C.S. Lewis have in common? If you’re an ad tech nerd, you’ll know the answer immediately.

shopping cart

The Wonderful Brand Discusses Testing OOH And Online Snack Competition

Wonderful hadn’t done an out-of-home (OOH) marketing push in more than 15 years. That is, until a week ago, when it began a campaign across six major markets to promote its new no-shell pistachio packs.

Privacy! Commerce! Connected TV! Read all about it. Subscribe to AdExchanger Newsletters
Google filed a motion to exclude the testimony of any government witnesses who aren’t economists or antitrust experts during the upcoming ad tech antitrust trial starting on September 9.

Google Is Fighting To Keep Ad Tech Execs Off the Stand In Its Upcoming Antitrust Trial

Google doesn’t want AppNexus founder Brian O’Kelley – you know, the godfather of programmatic – to testify during its ad tech antitrust trial starting on September 9.

How HUMAN Uncovered A Scam Serving 2.5 Billion Ads Per Day To Piracy Sites

Publishers trafficking in pirated movies, TV shows and games sold programmatic ads alongside this stolen content, while using domain cloaking to obscure the “cashout sites” where the ads actually ran.

In 2019, Google moved to a first-price auction and also ceded its last look advantage in AdX, in part because it had to. Most exchanges had already moved to first price.

Thanks To The DOJ, We Now Know What Google Really Thought About Header Bidding

Starting last week and into this week, hundreds of court-filed documents have been unsealed in the lead-up to the Google ad tech antitrust trial – and it’s a bonanza.