New book on Advertising Law!

Some may think the greatest book ever written is War and Peace, others may think it’s the Great Gatsby… However, they’re wrong because the greatest book of all time is clearly “International Advertising Law: A Practical Global Guide” which was published yesterday by Globe Law & Business.

I helped edit the book and write the UK chapter. The book contains chapters drafted by lawyers from over 30 countries (so there was a lot of editing to do). I haven’t written a blog post in a good few months as I’ve been very busy at work, so apologies that this one is really just a shameless plug.

As many readers of this blog will know, advertising law and regulation is found in a wide variety of sources and overlaps with a diverse range of other areas of law. This made the selection of a finite number of topics to cover in the book a difficult task. When we decided which topics to cover, we considered the questions that in-house advertising and marketing lawyers (and non-lawyers) are likely to encounter most frequently in their day-to-day work, but we also kept private practice lawyers in mind.

Each chapter is written by an expert in the relevant country and begins with an overview of the legal and regulatory regime for advertising in that country, before providing more detail on the following seven topics: (i) comparative advertising; (ii) online behavioural advertising; (iii) sales promotions; (iv) ambush marketing; (v) direct marketing; (vi) product placement; and (vii) certain industry-specific regulation (which includes consideration of the regulation of advertisements for gambling, alcohol, pharmaceuticals, financial products and services, food and tobacco).

More detail about the book can be found on the Globe Law site here. It’s also available on Amazon and all good bookshops (provided they sell legal text books).



2014 Sporting events, social media and UGC

The three big ones this year are of course the Winter Olympics in Sochi (about to come to an end), the Commonwealth Games in Glasgow (23 July – 3 August) and of course the World Cup in Brazil (12 June – 13 July).

I went with some colleagues recently to give a training session to a news organisation about the various news and reporting restrictions and regulations associated with covering these sporting events – in particular the guidelines for “accredited persons” and the news access rules for the accredited media etc.

However, one interesting issue that came up was UGC – i.e. what happens when it’s consumers who are doing the “reporting” as opposed to the accredited media or other accredited persons (such as athletes or coaches etc). As part of my investigation into that point, I came across the ticket purchase T&Cs for each event.

 The ticket purchase T&Cs for Sochi are located here (“Terms and Conditions” link at the bottom). Rule 17.2 of the T&Cs states the following:

…Images, videos and sound recordings of the Games taken by a spectator cannot be used for any purpose other than for private, personal, archival, non-commercial purposes i.e the Spectator may not license, broadcast or publish video and/or sound recordings, including on social networking websites and the internet more generally, and may not exploit images, video and/or sound recordings for commercial purposes under any circumstances, whether on the internet or otherwise, or make them available to third parties.

Fair enough and not particularly surprising, members of the public aren’t allowed to sell photos, video or audio of the Games, and they’re not allowed to upload video or audio of the Games onto social media at all (although it would seem photos are fine).

The ticket purchase T&Cs for Glasgow are located here. They contain a similar restriction to Sochi, Rule 18.1 states the following:

Images, videos and audio recordings taken or made by you in Games venues… may not be used for any purpose other than for personal and non-commercial purposes. You may not sell, license, broadcast (including on social media sites), publish, or commercially exploit in any manner such images, videos or audio recordings, unless expressly authorised by us.

However, have a look at the equivalent rule in the FIFA ticket purchase T&Cs here. Rule 5.2 states the following (my emphasis added):

Ticket Holders may not record or transmit any sound, moving or still image or description of the Match (or any result, data or statistic of the Match) other than for private use. It is strictly forbidden to disseminate any sound, moving or still image, description, data, result or statistic of the Match, in whole or in part, for any sort of public access, irrespective of the transmission form, whether over the internet, radio, television, mobile phone, data accessory or any other current and/or future media (now known or hereinafter invented and/or devised)…

In addition to photos, video and audio, the restriction extends to any “description, data, result or statistic of the Match”… “for any sort of public access…” As far as I can see, this means that if a consumer posts a comment on Facebook or a Tweet saying: “We scored!”, he/she’ll be in breach of the ticket terms and conditions and, strictly speaking, under clause 3.3 of the T&Cs, FIFA have the right to eject him/her from the stadium!


Second Screen Ad Campaigns – the new frontier for keyword litigation?

Last week I went to the incredibly cool Future TV Advertising Forum and, amongst other things, I saw a demonstration of some prototype systems for running synchronised second screen ad campaigns.

By the “second screen”, broadly speaking, I’m referring to a tablet which someone uses on his/her lap whilst sitting on the sofa watching TV (there’s an interesting debate about whether it’s the tablet or in fact the TV which is now the second screen, but that’s another story).

One particular product by Cisco and Innovid caught my eye. At a high level, it involves a system which picks out various keywords spoken during a programme played on TV which could then be used to trigger relevant and targeted ads to the user on his/her tablet. The system is so sophisticated it can even determine the “context” in which the word is being used to determine whether it’s a “positive” or “negative” mention of the word. For example, if someone on the TV was slagging off a brand, you wouldn’t want that to trigger an ad for that brand on the second screen, whereas if someone was watching a cookery programme, that would be a good opportunity to trigger ads for cooking utensils etc. There’s more detail about the Cisco / Innovid solution in this blog post here.

What is particularly interesting about the system from a legal perspective is that it provides the potential for brands to purchase their competitors’ trade marks as trigger keywords, which, if appearing in the broadcast audio stream could trigger an ad on the tablet.

Anyone who knows a bit about trade mark law will know that if there’s one area which has caused an absurd amount of litigation in Europe, it’s the purchasing of competitors’ keywords in order to trigger sponsored search ads on search engines (the most well known of course being Google’s Adwords service).

If you’re reading this blog you’ll probably know how keyword advertising works. If not, in summary, if you want to advertise a website on Google, you can choose certain keywords which are “related” to your business – see Google’s guide here for how it works. More than one advertiser can purchase the same keywords, so advertisers can bid for how high up the list of sponsored ads they want their link to appear.

The problem therefore arises where a third party trade mark is purchased as a keyword and the third party feels this leads to an unfair advantage being taken from its trade mark. It’s these issues which lead to cases such as Google v Louis Vuitton, L’Oreal v eBay, and most recently Interflora v Marks & Spencer, where the High Court held in May this year that the use by M&S of the keyword “INTERFLORA” to advertise its flower-delivery business on Google was an infringement of Interflora’s trade mark.

The outcome from Interflora appears to be that a trade mark owner will struggle to prevent others from using its trade mark in keyword advertising unless the use somehow causes detriment to the trade mark’s distinctive character or reputation, or makes it difficult to determine whether the advertised goods/services originate from the trade mark owner or a third party etc.

It will be really interesting to see whether the type of synchronised second screen ad campaigns described above could prove to be the next battleground for keyword litigation, taking it from the web, to the TV, to the tablet.

Getting over it: New meanings of privacy

On Thursday last week I spoke at the SCL Policy Forum during the “Social Data” session – my talk was about privacy, social media, young people, social norms, regulation and all that kind of thing. Below is a rough transcript of what I said (including links to references etc):

The reference in the title of this presentation to “Getting over it” comes from a now infamous quote by the then CEO of Sun Microsystems, Scott McNealy, who’s reported to have said in an interview in 1999: “You have zero privacy. Get over it!”. When McNealy said that, I was 19 years old. Mark Zuckerberg was only 15 years old and 5 years away from launching Facebook in 2004.

11 years after that McNealy interview, Mark Zuckerberg was interviewed himself in 2010 and he said the following:

People have really gotten comfortable not only sharing more information and different kinds, but more openly and with more people… that social norm is just something that has evolved over time.”

That quote of his has also become quite famous and led to a flurry of media attention about Facebook’s attitude to privacy. In that same interview, Mark Zuckerberg went on to say:

We [Facebook] view it as our role in the system to constantly be innovating and updating what our system is to reflect what the current social norms are”.

It’s this last sentence of his that I think is particularly interesting because it raises various questions about whether it’s social media which drives the development of social norms relating to privacy, or whether the opposite’s the case, and it’s social norms which drive the direction of social media. In reality, we see a symbiotic relationship whereby they influence and are influenced by each other as well as various other factors which I’ll come onto.

By “social norms”, I’m talking about group-held beliefs or societal conventions which specify how individuals should behave in a given context. As a result they create certain expectations regarding that behaviour. Those expectations become significant from a policy or a regulatory perspective when they get used as the basis for legal tests. A relevant one in this case being the “reasonable expectation of privacy” which the English courts have used as a test in the various Article 8 cases around the “misuse of private information”.

Privacy, however, is a nebulous concept. It’s very difficult to pin down an accepted definition. In the late 19th century, the US lawyers Warren and Brandeis came up with their often quoted description of privacy as the “right to be let alone”. In Europe, Article 8 of the ECHR talks about privacy in terms of a right to respect for private and family life, home and correspondence.

So there are various aspects to privacy and they’re protected in different ways. There’s privacy relating to your property, relating to you physically, relating to your communications, and finally there’s “informational” privacy regarding information which relates to you. In this case I’m broadly focusing on informational privacy and its relationship with social media. Of course one of the ways that relationship is regulated is through data protection law which, as we all know, provides rights to data subjects and imposes obligations on data controllers in the context of the automated processing of personal data.

So what’s so special about social media? One of the things people use social media for is to fulfil the same role as a physical social space. So in the same way as people use a cafe to meet up, socialise and communicate, social media acts as an online social space where users socialise and interact. However, whilst these online social spaces may be used for the same purpose as physical social spaces, there are various fundamental differences which affect certain social norms relating to privacy and create certain risks. These are well documented so I won’t go into much detail.

For example, we all know that when you say something in a physical social space, your words remain only in the memory of the person you spoke to. In online social spaces your words stay there. That continuity becomes problematic from a privacy perspective if you say something you might regret later. Particularly if it’s discovered by, say, a university you’re applying to or an employer you’re interviewing with.

That risk is exacerbated by the fact that anything you say can be so easily copied, altered and re-published on a global scale. The potential exposure increases further because online social spaces allow us to be indexed and easily found.

There’s also the issue of audiences. In physical spaces, you can generally see who’s within earshot and so who can hear what you’re saying. In online social spaces, the potential audience for your communications is invisible and potentially vast, and includes the proprietor of the online social space who’s business model is likely to be predicated on you sharing information publicly.

Whilst users of social media may attempt to control this audience with, for example, a selected “friend list” on Facebook, this can create what’s been referred to as the illusion of intimacy” because the notion of “friends” in an online social space may differ significantly from friendship in a physical social space.

Differing social pressures can also lead to an audience in an online social space taking a different form to that of a physical social space. For example, there aren’t yet well established social conventions regarding the acceptability of rejecting or accepting friend requests on Facebook – so the pressure a user may feel to accept a friend request could lead to a broader audience and the sharing of information with people who aren’t in fact your friends.

A key issue here is that in physical social spaces there are various well established physical social conventions people use as a tool to indicate the degree of privacy or publicity they expect to apply to a particular communication. The volume or tone of my voice for example, or my facial expression, or my body language. The difference with an online social space is that none of these physical social conventions are possible and as a result, in the absence of substitute tools to indicate the user’s intention, communications can end up being more “public” than the user wants or expects.

One of the things the regulatory regime seems to have been trying to do, with varying degrees of success, is place an obligation on the proprietor of an online social space to build functionality which provides equivalent tools to users as a substitute for those missing physical social conventions.

However, there’s an inherent tension in the ease with which that can be done for various reasons. Not only because the service provider’s business model is likely to prefer the public sharing of information, but also because, firstly it puts the onus on the consumer to learn, understand and use those tools, and secondly physical social conventions are nuanced and complex and the effectiveness with which they can be simulated online in a natural way is very difficult.

Before I look at some of these issues further, I want to look at it from a user perspective. It’s particularly interesting when you look at younger social media users. That’s because through the use of social media, I’d suggest that young people understand and value their privacy in a different way to when their parents were young (and social media didn’t exist). There’s evidence of this when you look at young people’s motivations for using social media.

A recurrent theme in relation to privacy is “control”. Some interesting studies conducted by the US Researcher danah boyd [sic] have found that whilst adults think of their “home” as private, it’s a different experience for young people who live at home because they don’t exercise the same control over their personal space as their parents do. Young people may not feel they can control who comes into their house or their room for example. As a result online social spaces, where the young person feels he/she has more control, can feel more “private” than their home. So the increased sharing of information online by young people doesn’t necessarily indicate a disinterest in privacy but rather a search for privacy elsewhere.

A particularly well known piece of ongoing research into young people’s use of social media and their attitudes towards privacy is the research by the Pew and Berkman Centers at Harvard University. In May this year, they published a report in which they found that whilst young people are certainly sharing more personal information on their profiles than in the past, they’re still mindful of their privacy.

Interestingly, the focus groups in that study showed that many of the teens had waning enthusiasm for Facebook because they disliked the increasing adult presence and the excessive sharing by other users but they keep using it because it’s such an important part of their social life – so again it’s not that they don’t care about their privacy, it’s that they feel they need to stay on Facebook in order not to miss out, so the perceived social cost of not being on Facebook outweighs their desire for privacy.

Using Facebook as an example, 60% of teens in the study kept their profiles private. What they refer to as “friend curation” was also an important part of the interviewed teens’ perceived privacy management. For example 74% of them had deleted people from their network or friends list.

A particularly interesting aspect of the study was that it showed that many teen social media users acknowledged that their communications on social media were public and as a result exchanged coded messages that only certain of their friends would understand as a way of creating a different sort of privacy.

It’s easy to keep the focus on Facebook because of its dominance and talks about social media often group all the different services together under the heading “social media”. However it’s important to take other sites and services into consideration and the different meanings that privacy has in relation to them because of their perception, functionality and models.

For example, in the Harvard study (referred to above), while those teens with Facebook profiles most often choose private settings, Twitter users, by contrast, were much more likely to have a public account. The fact that people use Twitter to broadcast their tweets to as many followers as possible means that different expectations relating to privacy may arise compared to, say, updates on Facebook which users may anticipate only sharing with their “friends”.

Different social media services provide people with the opportunity to present different personas or to share different aspects of their identities. What someone chooses to share on Facebook, may be different to what they share on Twitter and different still to what they share on LinkedIn. There’s also the issue of different devices and how social media usage varies on PCs, tablets and of course mobiles – but that’s a whole other talk in itself.

So whilst we have all these different conventions evolving on social media, what role can, should or does regulation play in all of this? I said earlier that one of the things the regulatory regime seems to have been trying to do is place an obligation on service providers to build functionality as a substitute for certain missing physical social conventions. I think the Irish Data Protection Commissioner’s audit of Facebook at the end of 2011 was a good example of this. As part of that audit Facebook’s privacy settings and functionality were examined in great detail and various recommendations were made.

However, as I also said earlier, physical social conventions are nuanced and complex and aside from the fact that a service provider’s business model will prefer the public sharing of information, it’s a massive challenge for an online service to try to emulate the sophistication and nuances of our physical social conventions in a way that consumers will understand and be inclined to use.

As a result, a tension’s created whereby Facebook’s privacy settings got increasingly more complex as they were pressurised to provide more options to users to mirror the granularity with which people understand the privacy of their communications in the physical world. Of course, the more complex the privacy settings get, the more the object’s defeated because the less users understand their options – so the privacy settings then have to become simpler. But of course, when you start to simplify the privacy settings, you then lose the sophisticated and granular way in which people attach different levels of privacy to each of their communications depending on the audience and the context etc.

I think that technology can make progress in resolving that tension, whereby the increasing sophistication of technology allows all the complexities and nuances of physical social conventions to be more naturally and intuitively mapped to social media. However, I think that leads to some important questions that I’d like to leave you with.

Firstly, what should the goal of regulating social media be? Do we actually need regulation to oblige service providers to try to map offline social conventions to the online world or should we just accept that they are fundamentally different?

Also, in this context, who should we actually be trying to regulate? Is it the platform or the users? If it’s the users, do we actually need more regulation? What’s the risk here? Perhaps there may already be sufficient protection from existing laws such as defamation, confidentiality or intellectual property?

Voting in online competitions

“Those who vote decide nothing. Those who count the vote decide everything.”

― Joseph Stalin

In July last year I wrote a post about online prize promotions. That post included a brief discussion about voting mechanisms and their potential problems. Following a recent adjudication involving an online competition run by Unilever, I thought it worth writing about this issue in more detail.

The most common mechanism to incorporate a vote into an online competition is where entrants submit something like a photo, picture or video, the entries are then displayed in some kind of online gallery, the public vote for their favourite entry, and the entry with the most votes wins the prize.

The risk with an online vote is that it’s open to abuse in various ways. Under Rules 8.2 and 8.14 of the CAP Code, promoters of prize promotions must conduct them equitably, make adequate resources available to administer them, deal fairly with entrants, avoid causing unnecessary disappointment, and not give consumers justifiable grounds for complaint.

Where the voting mechanic of an online competition is abused somehow, entrants may complain that the promotion has not been run fairly. If the ASA thinks that insufficient security  measures were implemented to ensure the voting system was not abused, it may find that inadequate resources were made available to administer the promotion.

There are various options for promoters regarding the voting rules. For example, voting could be limited to “one vote per household”, “one vote per person”, “one vote per day”, “one vote per email address submitted”, or “one vote per IP address”. A key question to ask is what security measures can be implemented to monitor and enforce these voting restrictions?

Cookie-based voting

Using cookies may seem a simple way to enforce a limit of one vote per day for example. Following a vote, a cookie can be stored on the user’s computer which expires after 24 hours. The system then checks for the cookie each time the user comes back to the site. If the cookie’s there, the user can’t vote and is told to try again later. Elmsleigh Shopping Centre implemented this system in a promotion it ran in 2010 partly because it thought the alternative of a registration or log-in process might deter people from voting.

However, the problem with cookie-based voting restrictions is that it’s quite easy to circumvent them, for example, by deleting your cookies or by running your browser in privacy mode.

In the Elmsleigh promotion referred to above, the ASA thought that, given the simplicity of the cookie-based voting system, the possibility of fraudulent voting should have been anticipated. According to the ASA, the system should have been researched and tested more rigorously before the competition began and safeguards should’ve been implemented to minimise the possibility of participants cheating.

A couple of years later, the Co-op’s use of cookie-based tracking to register votes for a competition was also held to be inadequate by the ASA. In this adjudication, the Co-op had tried to make the voting system more robust by giving people the option to provide an email address with their vote. However, because this was only optional it was insufficient to enable the Co-op to adequately remove duplicate or fraudulent votes.

IP address based voting

Aside from cookies, there are various other solutions for enforcing voting rules. For example, in an adjudication from 2010, Ferrero gave the ASA an account of the various IP address based security measures it used to enforce the voting rules in a promotion. Ferrero’s solutions included recording IP addresses of each voter and  implementing a system which prevented IP addresses from being masked.

Most recently, in an adjudication from May this year, the ASA thought that Unilever and its agency Ogilvy had in fact used sufficiently secure methods to monitor and control voting. In that promotion, the voting rule was “one click, one vote” – i.e. one vote per day per IP address. This seems to be the clearest and most effective voting rule that competition promoters can implement.

Whilst using IP addresses isn’t perfect because entrants are theoretically able to change their  IP address. In the Unilever adjudication, the ASA thought this would require a significant degree of technical competence and programming understanding beyond the average consumer.

The other advantage of “one click, one vote” is that, because it’s based on IP addresses, you don’t need voters to register or leave any data (e.g. name or email) which can easily be fabricated and therefore not particularly helpful to combat fraudulent voting.

Nothing’s perfect

The fact is that no matter how many security measures are implemented, people will always find a way to circumvent them. Also, once a vulnerability has been discovered, the way to crack the voting limit may get revealed in online forums and social media as Elmsleigh Shopping Centre discovered in the promotion referred to above. However, if the voting mechanic does get abused but the promoter has implemented sufficient steps such that it would take considerable effort to circumvent them, there’s a good chance the ASA will find that the promoter has done enough to administer the competition fairly and won’t be in breach of the CAP Code.

On discovering fraudulent voting, the decision may be taken to disqualify an entrant. Likewise, in an adjudication from last year the ASA thought that a digital agency hired by 20th Century Fox, was right to disqualify an entrant due to various irregularities with that person’s votes. In particular, a significant number originated from the same IP address.

It’s important to note that the T&Cs for the 20th Century Fox promotion stated at the outset that no prizes would be awarded as a result of “improper actions” by entrants. The ASA thought this gave a reasonable basis for the entrant to be disqualified. However, the ASA did point out that the T&Cs should have included some examples of what might constitute “improper actions“. In an advice note published by CAP in March this year, CAP commented on this adjudication saying that:

“Generally speaking, promoters should be wary of seeking to rely on such broad terms to disqualify entrants unless they are confident that they have clear evidence of abuse.”

Vote swapping syndicates

Unlike the 20th Century Fox adjudication above, Mercedes was slapped on the wrist by the ASA for disqualifying an entrant from a promotion it ran last year.

Mercedes had discovered that the entrant had been part of an online vote-swapping syndicate (i.e. websites that allow the exchange of votes with people participating in other competitions). Mercedes disqualified her because it thought this reciprocal arrangement was not in the “spirit of the competition”.

The problem was that vote-swapping was not prohibited in the original T&Cs. Mercedes also didn’t help themselves by the fact that the entrant had emailed them to ask whether it was actually ok to do this and didn’t get a response from them until she’d already gone ahead and done it!

118 118 also got a similar wrist slapping last year when they disqualified an entrant because they thought she was participating in a vote-swapping syndicate. However, by mistake 118 118 hadn’t communicated any T&Cs to entrants. The ASA thought that, if 118 118 had intended to disqualify participants based on such activity, this should have been made clear in accompanying T&Cs.

Play by the rules

It’s important not to change the rules (if at all possible) during the campaign because that in itself may be a breach of the CAP Code. However, Promoters may find that, as the competition progresses, more sophisticated attempts at multiple voting appear. If this problem becomes apparent, it may be necessary to deploy further security measures and alter the voting rules.

Provided any changes don’t materially alter the basis on which the winner is selected, there’s a good chance the ASA won’t have a problem with it. In the Ferrero adjudication referred to above, the ASA thought Ferrero had been right to include an additional requirement for voters to provide their email addresses midway through the promotion because this further ensured the security of the voting system.

When Elmsleigh Shopping Centre found there had been fraudulent voting, to improve security, it increased the restriction on voting to one daily vote per e-mail address, instead of per household. However, in the Elmseigh competition, it was not made clear at the outset that the daily vote limit was initially one per household. This meant that when the new T&Cs were published stating that one daily vote per e-mail address was allowed, it would not have been clear to participants that the rule had changed.

In a promotion run by last year, the ASA was similarly unimpressed when, midway through the promotion, removed the voting mechanism altogether and replaced it with a judging panel. The promoter had discovered that some entrants were receiving an unusually high number of votes and that many votes originated from the same IP addresses. The promoter therefore decided it would be better to use a judging panel to decide the winner. Whilst the ASA understood the reasons why Meeeet had changed the rules during the competition, it nonetheless considered that altering the mechanic had put participants at a significant disadvantage because the judging criteria had not been communicated at the outset.

Vote of confidence

If done correctly, including a voting mechanic in an online competition can be an excellent way to maximise engagement. However, there are various pitfalls to be aware of. Promoters should ensure that they implement adequate security measures to control voting, not disadvantage entrants by changing the rules, and most importantly make the rules clear at the outset!