Social media law comprises of several different components including free speech, privacy, online advertisement, and intellectual property rights. These issues come up regularly during the course of online transactions between parties. The courts have been inundated with social media litigation and have issued their rulings when faced with complicated problems.

The cases that arise on social media platforms involve state and federal laws such as the Digital Millennium Copyright Act and Communications Decency Act. In essence, these federal statutes were promulgated to protect copyrights and free speech rights.

According to the United States Copyright Office, the Digital Millennium Copyright Act (“DMCA”), which amended federal copyright laws, was passed to address important parts of the relationship between copyright and the internet. The three main updates were: (1) establishing protections for online service providers in certain situations if their users engage in copyright infringement, including by creating the notice-and-takedown system, which allows copyright owners to inform online service providers about infringing material so it can be taken down; (2) encouraging copyright owners to give greater access to their works in digital formats by providing them with legal protections against unauthorized access to their works (for example, hacking passwords or circumventing encryption); and (3) making it unlawful to provide false copyright management information (e.g., names of authors and copyright owners, titles of works) or to remove or alter that type of information in certain circumstances.

Social media litigation can be caused or initiated for various reasons related to privacy violations, online defamation, internet harassment, contractual disputes, and intellectual property violations.

Privacy violations take place when a company does not adhere to its terms of use or privacy policy. The terms of use and privacy policy on a website constitutes a legally-enforceable contract. The terms and conditions should be carefully read by visitors because the continued use of the website may constitute implied consent even if the website doesn’t require clicking on a “I Agree” box. Stated otherwise, if you visit a website, you can be bound by its terms and conditions.

Online defamation takes place when a false factual statement, that is not privileged, is published and damages the victim’s reputation in the community. The statement must be a fact and not an opinion. There are several defenses to defamation such as truth and absolute or qualified privilege. Truth is an absolute defense to defamation. According to Civil Code Section 47(a), a privileged publication or broadcast is one made: (1) in the proper discharge of an official duty; (2) in any legislative proceeding; (3) in any judicial proceeding; (4) in any other official proceeding authorized by law; or (5) in the initiation or course of any other proceeding authorized by law and reviewable by mandamus. The concept of “qualified privilege” applies to employers under the following conditions: Employers can make statements about their employees as long as the statement is not malicious and was made to third parties with a common interest in the subject matter. Malice can be proven by showing ill-will, hatred, or lack of reasonable grounds when the statement was made to a third party.

Social media litigation has become increasingly prevalent for obvious reasons. This is simply because multiple issues come up on social media websites and platforms. The objective of this article is to discuss them.

Business entrepreneurs, owners, and operators, who have an online presence on various social media websites, such as Facebook, Twitter, or Instagram must know the rules and regulations.

The first step any business owner should take to launch the operations is to ensure there are properly drafted contracts with all parties. The contracts should yield the proper provisions to help protect the parties in a fair and reasonable manner.

International service of process involves the formal service of legal documents on foreign litigants. In general, legal documents should be served on the interested parties once the lawsuit is filed with the clerk. The documents usually include a summons and complaint. In most cases, the plaintiff personally serves the defendant with the legal documents. In some cases, the plaintiff can serve the legal documents by substituted service.

Now, for international service of process, the parties should refer to international treaties which outline the delivery parameters of legal documents to foreign litigants. The United States is a signatory to the Hague Service Convention and Inter-American Convention on Letters Rogatory.

The Hague Service Convention allows service of process on parties who reside in countries which are also signatories to this international treaty. In 1969, it became formally effective in the United States. The United States government undertook a reciprocal treaty obligation toward those countries by joining the convention which have also adopted it, to serve in the United States documents issued by foreign judicial authorities. It applies only to foreign documents which are related to civil cases and does not apply to documents related to criminal proceedings. The President has designated the Department of Justice as a “central authority” for these proceedings. The Assistant Attorney General, under 28 C.F.R. 0.49, who is in charge of the Civil Division is able to direct and supervise the functions of the central authority. Moreover, under 28 U.S.C. 1781, the Department of State is authorized to receive requests for service of foreign judicial documents from foreign courts and to transfer them to the proper agency.

Electronic data has been growing in size and proportion for several decades. The sheer amount of electronic files (e.g., emails, pictures, videos) has consumed local and remote databases. The cloud storage facilities have been put together to hold this information for us. Cloud storage facilities have certain obligations towards their customers which include secure storage of electronic files by using industry-approved protocols. The rules for proper storage should not change based on the particular industry. In fact, the cloud storage facilities are supposed to use similar protection measures for all electronic files – e.g., encryption – to ensure safety.

Encryption is a tool or resource that allows the files to be scrambled and hidden from plain sight. The encrypted data is called “ciphertext” which can only be decrypted with the right key. There are two types of encryption. First, is symmetric encryption. Second, is asymmetric encryption. Symmetric encryption uses one key for encryption and decryption. Asymmetric encryption uses two different keys for encryption and decryption – i.e., the private and public key. The public key can be shared with the general public but the private key remains a secret and is only accessible by the right individual. There are various encryption technologies such as AES, Triple DES, RSA, and Blowfish.

Electronic data retention includes collecting, storing, and managing information. Private and public organizations should have the right rules and regulations that help define how electronic information should be located, identified, and stored. There are government regulations, international standards, industry regulations and internal policies. Government regulations are set by state or federal governmental agencies such as the Federal Trade Commission and Internal Revenue Service. International standards are set by the International Organization for Standardization like ISO/IEC 27040, IS 9001, ISO 17068:2017. Industry regulations include the GDPR, PCI-DSS, and CCPA. Finally, internal policies include data version controls and employee record retention.

Data disposal is a key process in a legal entity’s policies and procedures for managing personal and confidential information. In general, private and public entities store data on their servers. This information may include financial and health information which should not fall into the wrong hands. So, there must be a proper procedure for destroying and disposing that information by using industry approved methods.

The Federal Trade Commission has implemented a data disposal rule in relation to consumer reports and records to prevent unauthorized access to or use of that information. In California, several statutes have been promulgated to address this issue. For example, California Civil Code Sections 1798.81, 1798.81.5, and 1798.84 are applicable. In fact, Civil Code 1798.81 states as follows: “A business shall take all reasonable steps to dispose, or arrange for the disposal, of customer records within its custody or control containing personal information when the records are no longer to be retained by the business by (a) shredding, (b) erasing, or (c) otherwise modifying the personal information in those records to make it unreadable or undecipherable through any means.” Therefore, there are standards to follow and implement to avoid unnecessary complications. The state legislature has encouraged the implementation of “reasonable security” for personal information under Civil Code 1798.81.5. Also, Civil Code 1798.84 outlines the legal remedies which include initiating a civil action.

The proper retention of emails is paramount especially if the electronic messages include private, confidential or proprietary information. For example, “email archiving” is one method to retain electronic messages especially if there is the possibility of litigation. The emails should be backed up in a searchable format for practical reasons. Electronic discovery allows the parties to request and obtain electronic documents during litigation. In most cases, the electronic discovery process is time consuming and complicated especially because there is a large volume of data involved in the lawsuit. Also, more importantly, the failure to comply with electronic discovery requests may result in sanctions.

There are no mandatory data retention laws in the United States of America. See https://www.eff.org/issues/mandatory-data-retention; Cf. Anne Cheung & Rolf H. Weber, Internet Governance and the Responsibility of Internet Service Providers, 26 Wis. Int’l L.J. 403 (2008); Christopher Soghoian, An End to Privacy Theater: Exposing and Discouraging Corporate Disclosure of User Data to the Government, 12 Minn. J.L. Sci. & Tech. 191, 209-214 (noting that some ISPs in Sweden have enacted zero data retention policies in response to customer demands, but none of the major American ISPs or telecommunications carriers have made such enactments). There is a probability that service providers will delete the relevant data from their database servers in the near future. So, if the plaintiff or petitioner fails to take timely action, then their database servers may no longer yield the requested basic subscriber information.

In addition, from an international aspect, organizations that are subject to the General Data Protection Regulation (“GDPR”) should know its requirements wherein includes personal data being “kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.” It’s important to note that some states such as California and Virginia have promulgated similar statutes on this topic. The California Privacy Rights Act (“CPRA”) and Virginia’s Consumer Data Protection Act (“CDPA”) have the same or similar provisions in this respect.

The courts have recognized that, absent a court-ordered subpoena, many of ISPs, that qualified as “cable operators” for purposes of state or federal laws (e.g., 47 U.S.C. § 522) were effectively prohibited from disclosing identities of putative defendants to plaintiff. Digital Sin, Inc. v. Does 1-176 (S.D. N.Y. 2012) 279 F.R.D. 229. Thus, Internet service providers should comply with the subpoena pursuant to the rules. Plaintiffs can issue subpoenas to request basic subscriber information from the service provider that yields the identifiable information. Plaintiffs should utilize any and all options to resolve the discovery dispute without judicial intervention. However, if the service provider fails or refuses to comply with the subpoena, then the plaintiff must seek a court order to obtain the necessary information (i.e., basic subscriber information) to identify the anonymous defendants. Our law firm regularly conducts investigations to prove a specific account was used to access our client’s electronic devices, email accounts, or online storage devices.

Neurolaws and privacy rights are still in the development stages. Neurological advances have allowed scientists to connect electrodes to the brain for analytical procedures. These electrodes can be connected in a non-invasive manner so they can download brain data. Now, this brain data can be analyzed to help patients with brain disorders such as epilepsy, depression, Parkinson’s disease or Alzheimer’s disease. Moreover, a human’s brain data may be analyzed to determine the truth and existence of intent.

Neuroscientists have been able to use advanced non-invasive techniques to observe and analyze cerebral neurochemical changes in the human brain. They have access to several technologies including, PET, SPECT, MRI, fMRI, and EEG. In fact, functional MRI (fMRI) is able to measure the brain’s activities under resting and activated conditions. It can be used to identify, investigate and monitor brain tumors, congenital anatomical abnormalities, trauma, strokes, and chronic nervous system disorders (e.g., multiple sclerosis).

Therefore, there is the potential of abuse when it comes to this new technology and that’s why legal scholars are concerned about privacy rights. Accordingly, needless to say, the right of privacy should be protected according to the state or federal rules, including, but not limited to, the Health Insurance Portability and Accountability Act (“HIPAA”) which was passed to address medical privacy concerns.  Scholars have argued that voluntary informed consent must be granted by the individual to use brain information. In other words, this type of confidential medical information cannot be used without the person’s knowledge and permission. The Bill of Rights has granted the right of privacy to citizens under certain terms and conditions. In fact, the Fourth Amendment protects privacy rights against unreasonable searches and seizures by the government. Also, every state has promulgated similar privacy laws which can be more strict than their counterpart federal laws. However, the question is whether our thoughts belong to us.

According to Biomedcentral, the four laws of neurotechnology are as follows: (1) right to cognitive liberty; (2) right to mental privacy; (3) right to mental integrity; and (4) right to psychological continuity. We’ve discussed some of the legal and ethical issues related to neurotechnology laws in previous articles. Today, our plan is to discuss neurolaws and evaluate the legal and ethical issues.

What are neuroscientists doing at this time?

Neurotechnology is on the verge of expansion especially since there more interest on the topic by the medical and technology sectors. Neuroscientists have thought about the possibilities of connecting electronic devices such as electrodes to the brain and analyzing the information. Now, it has become a tangible possibility due to the expansion of science and information technology which allow structural measures, neural activity and connectivity, molecular composition, and genomic variation of the brain. These abilities have been made easier by exponential advances in computational ability, artificial intelligence, machine learning, and development of sophisticated databases. Neurotechnology can predict a person’s danger level, probability to recidivate, evaluate intent, evaluate competence to stand trial, reveal biological mitigating factors that could explain criminal behavior, distinguish chronic pain from malingering, regain lost memory, and differentiate between true and false memories.

Neurotechnology device manufacturers should take legal and ethical issues into consideration when implementing microchips into a patient’s body. There are two methods being used at this time. First, is the “non-invasive” method where electrodes are inserted on the head’s surface as electrode caps which pick up electrical fields from the brain. So, the electrodes are not penetrating the patient’s body. Second, is the “invasive” method where the electrodes are placed inside the brain’s tissue which can be used to diagnose neurological diseases such as epilepsy.

Neurotechnology raises important legal issues since the human brain is connected to an external device such as a computer. For instance, one question is whether the external device changes the human’s brain activity, and if so, what could be the potential consequences. Artificial intelligence will inevitably change the legal framework in the near future especially since it will be used in the human body. So, the issues of privacy and data security will always come up.

What are the major concerns?