Affiliate Marketers: Want to learn best practices, strategies, and tactics from a seasoned legal professional who works with businesses and regulators at the federal and state levels?
David Adler takes clients through the ins-and-outs of providing advertisers, merchants, agencies and affiliates the tools they need for running a trustworthy and successful business.
On May 25, 2022 David Adler is presenting Trafficking in Trust: How to Enhance Affiliate Engagement an AMDays Workshop at Affiliate Summit East 22. In case you can’t make the presentation, here’s an excerpt of one of the topics covered:
The 3 C’s of Affiliate Marketing Disclosures: Clear Conspicuous Content.
Clients often seek my counsel on issues related to Affiliate Marketing legal disclaimers and disclosures. For example, this might require guidance on the substance and placement of legal disclaimers for a consumer-oriented, product review and ratings website. This type of website needs to include at least two different, but related, disclosures. First, it must disclose that it is compensated when a user clicks on a link. Second, it must disclose certain material connections.
Affiliate Disclosure Content
There are several factors to the affiliate commission disclosure. Appropriate disclosures have both the necessary content and the correct placement within a specified context.
What needs to be in your affiliate commission disclosure?
The disclosure must make clear that you earn a commission if a user buys something after clicking on a link on your site.
Affiliate Disclosure Context
Where is the optimal location for the disclosure?
Although there is a general practice of putting disclosures on the bottom of the website pages, it can be somewhat obscured and less effective. A location at the bottom of the page, in the same font style, font color, size, and placement as the rest of the text on the bottom of the page, does not help it “stand out.”
The key to proper affiliate link disclosures is making sure the disclosure is “clear and conspicuous.” This depends on both context (placement and proximity to the relevant content) as well as the content of the disclosure itself. The general rule is that the closer the disclosure is placed next to the relevant message, the better.
Although not required, it is recommended to add the affiliate link disclosure on the home page, above the fold. While there is no explicit requirement, FTC disclosure cases and guidelines suggest that, in their view, this is required for adequate disclosures.
What should I do now? Always seek experienced counsel. A seasoned lawyer will help you address other considerations including prominence, distractions, industry vertical (i.e. healthcare, financial services) requirements, and language.
Perhaps you’ve seen them, those television and radio ads that talk about the “creepy” nature of some adverting on the Internet that follows consumers across their social media. According to Pew Research, most Americans believe their online activities are being tracked and monitored.
The fact is, most companies can and do share data with social media platforms to ensure targeted advertising reaches receptive audiences. As more tools become available and the variety of data sources grows globally, platforms and advertisers are re-examining their rights and obligations when it comes to something as simple as matching customers’ email addresses with their Facebook accounts.
Facebook’s Customer List Custom Audiences (“Custom Audiences”) tool is one such tool that has the potential to expand an advertiser’s liability for unauthorized use of customer data. For EU customers, a German Data Protection Authority ruling requires a individual’s explicit consent to such sharing.
The Facebook Custom Audiences tool enables advertisers to create targeted advertisements to Facebook users by combining Facebook data with the advertiser’s data such as email addresses and phone numbers. To use marketing tool the advertiser must comply with the consent and privacy expectations of individuals who have provided email addresses.
Consent to Use Email Addresses
While the use and disclosure of email addresses is regulated in some countries, the U.S. does not have a uniform data privacy protection scheme. U.S. privacy rights are protected through a patchwork of laws addressed to specific types of harm, such as unauthorized access and disclosure of financial (Fair Credit Reporting Act (FCRA), 15 U.S.C. § 1681) or healthcare-related (Health Insurance Portability and Accountability Act of 1996 (HIPAA) 42 U.S.C. § 1320d–2) data. While the CAN SPAM Act (15. U.S.C. § 7701 et seq.) specifically regulates email, the Act excludes communications based on a previously existing relationship.
Importantly, for most purposes, permission of the e-mail recipient is not required. However, messages MUST contain a mechanism to request to opt-out of future email messages. If email addresses are acquired from third-party sources, such as marketing databases or social media, ensure users are given reasonable notice and choice about the use of such data.
The Federal Trade Commission endorses a market-style model of ensuring the fair use of information that allows individuals to participate in decisions on the disclosure and use of their personal information. As articulated by the FTC, the elements of this approach are notice, choice, access, security and enforcement.
Contractual Requirements of Facebook Custom Audiences
In order to use the Custom Audiences tool, the advertiser must agree to additional terms and conditions. Facebook’s Custom Audiences terms require that the advertiser have both “all necessary rights and permissions” as well as a lawful basis to disclose and use the email addresses “in compliance with all applicable laws, regulations, and industry guidelines.”
Widespread distribution of digital communications technology (phone, tablets, ultra-portable laptops, gaming devices) has changed the nature of marketing. However, medical practices and other healthcare providers are reluctant to use digital marketing techniques. While most industries move away from the distribution of massive, shotgun-style email and snail-mail campaigns and toward targeted, social media and demographic-driven efforts healthcare marketing is falling behind.
Digital marketing execs face many challenges getting the message and media mix right. Early adopters provide a look into the changing nature of marketing. From a pragmatic perspective, there are barriers to entry for digital healthcare marketing efforts (privacy, regulatory), the growing use of content marketing (native, branded), social marketing, and electronic marketing strategies (email marketing, online scheduling, etc.) in the healthcare field and customer-oriented services that can be a strategic use of the Internet for marketing to providers, patients and third-party service providers.
The evolution of healthcare marketing toward greater use of “native,” sharable and relevant content provides both obstacles and opportunities in acquisition and use of third-party media content.
Use of content marketing is increasing.
On average, 35% of all marketers use print magazines, but 47% of healthcare marketers use them. In print, 28% of marketers use print newsletters compared to 43% of healthcare marketers, and 26% of marketers use print for annual reporting compared to 36% in healthcare. When it comes to using blogs, 74% of all marketers use blogs compared to only 58% in the healthcare industry. The situation is similar for social networks, with an interesting exception – 71% of healthcare marketers make use of YouTube, more than the average of 63%. This is likely because healthcare professionals use YouTube to televise procedures and interview doctors.
By now marketers should be accustomed to using their own creative content. However, focusing on owned assets like a website and email won’t move the needle enough to impact the bottom line. As a result, healthcare marketers are integrating new content (in the form or “advertorials” or “native” content). This in turn is developed alongside a long-term SEO strategy.
Native advertising distributes “sponsored” content on relevant pages, delivering relevant content to the right audience in a way that is non-intrusive and integrates with the user experience.
Native Content often involves use of product/service reviews and endorsements. It is important to include proper disclosures when using native content. The FTC will initiate enforcement actions against marketers that deceive consumers.
In the Matter of Son Le and Bao Le, the FTC charged that the two brothers deceived consumers by directing them to review websites that claimed to be independent but were not, and by failing to disclose that one of the brothers posted online product endorsements without disclosing his financial interest in the sale of the products.
Media Creation & Consumption is Challenging Traditional Legal Notions.
At a time when #media creation & consumption has transformed, two recent cases, both involving Fox News Network on opposite sides of the “fair use” defense to copyright infringement, highlights the evolving and dynamic legal challenges facing business and content creators. In each case, Fox News loses on Summary Judgment.
Photographs, Fair Use & Social Media
The first case, North Jersey Media Group, Inc. v. Jeanine Pirro and Fox News Network, LLC, involves what many recognize as the “now iconic photograph of the firefighters raising the American flag on the ruins of the World Trade Center on September 11, 2001.” The photograph – which bears a striking resemblance to Joe Rosenthal’s World War II photograph of the Iwo Jima flag-raising – has become a similarly striking symbol of American patriotism.
That similarity was not lost on a production assistant for a Fox News program “Justice with Judge Jeanine” who posted the two images, unaltered, on the show’s Facebook Page, along with the phrase “#neverforget,” allegedly to commemorate the twelfth anniversary of the attack.
The case is noteworthy for its analysis of the “fair use” defense in a social media context. While the Copyright Act grants authors certain exclusive rights, including the rights to reproduce the copyrighted work and to distribute those copies to the public (17 U.S.C. § 106(1), (3)) one often quoted and widely misunderstood limit to those rights is the doctrine of “fair use,” which allows the public to draw upon copyrighted materials without the permission of the copyright holder in certain circumstances. The fair use doctrine is an after-the-fact defense to infringement, not a pre-emptive justification to use another’s work without permission.
Educated in journalism and media studies, the production assistant acknowledged that she understood a copyright to be something that is owned by someone else although she had no training in copyright law either in college or during her tenure at Fox News. She had been working at Fox News for approximately three years, had previously sought legal advice regarding use of photographs on the broadcast, but never in connection with posting images to the program’s Facebook page.
The key take-away for businesses and digital marketers alike is the need for vigilance when using third-party content on social media. Employee education and training on what copyright protects, what it doesn’t, and how it works may help prevent your business form facing a similar situation.
Media Monitoring, Digital Content & Copyright Fair Use
The second case, Fox News Network, LLC v. TVEyes, Inc., involves a company that monitors and records all broadcasts by more than 1,400 television and radio stations twenty-four hours per day, seven days per week. This content is indexed and organized in a searchable database that allows subscribers to search terms, determine when, where, and how those search terms have been used, and obtain transcripts and video clips of the portions of the television show that used the search term.
Fox News Network, LLC sued to enjoin TVEyes from copying and distributing clips of Fox News programs. TVEyes asserted that its system and services are permitted under the doctrine of “fair use.”
The court found that TVEyes service was a fair use. Unlike other services that simply “crawl” the Internet, culling existing content available to anyone willing to perform enough searches to gather it, the indexing and excerpting of news articles, where the printed word conveys the same meaning no matter the forum or medium in which it is viewed, the service provided by TVEyes is transformative. By indexing and excerpting all content appearing in television, every hour of the day and every day of the week, month, and year, TVEyes provides a service that no content provider provides. Subscribers to TVEyes gain access, not only to the news that is presented, but to the presentations themselves, as colored, processed, and criticized by commentators, and as abridged, modified, and enlarged by news broadcasts.
The key take away for technology companies that rely on content is what the court says about features of the Services (as opposed to the technology itself, e.g. the software/platform): the issue of fair use is for the full extent of the service, TVEyes provides features that allow subscribers to save, archive, download, email, and share clips of Fox News’ television programs. The parties have not presented sufficient evidence showing that these features either are integral to the transformative purpose of indexing and providing clips and snippets of transcript to subscribers, or threatening to Fox News’ derivative businesses.”
In other words, evidence that certain features are essential to the use of a service, may be sufficient to show how the features (service) exist above- and-beyond what stale or static content can show.
You Don’t Have to Muddle Through
When it comes to understating evolving technology legal risks, your business can’t simply muddle through. The professionals at the Adler Law Group can help you adopt conduct risk assessments, provide employee training and methodologies for approaching these challenges by setting objectives, determining scope, allocating resources, and developing practices that will efficiently and effective manage risks, while keeping pace with the business.
Oklahoma and Louisiana join Wisconsin and Tennessee in recent laws restricting access to applicants’ and employees’ personal online content by prospective and current employers. Adoption of Social Media platforms continues to grow as do new legal and business risks arise as well as state legislatures provide new rules, regulations and guidance. As state by state compliance requirements develop, businesses need to review frequently overlooked elements of key social media guidance, such as how to approach specific areas like Monitoring, Content Approval, Training and Information Security.
This latest round of bandwagon-jumping follows efforts by most other states that have addressed the issue. The key take-away is that business need to take a state-by-state approach to social media legal compliance.
Generally, most of these types of laws prohibit employers from requesting or requiring that applicants or employees disclose a username, password, or other means of authentication for their online accounts.
Employers should be on the lookout for laws that address whether an applicant or employee must accept a “friend” request, change privacy settings to permit access by the employer, or otherwise divulge personal online content.
Another area of concern is the definition of “personal,” “social media” and “account. ” these definitions vary and often cover far more than common notions of social media.
Some laws apply to any online account, including e-mail, instant messaging and media-sharing accounts. Some laws address the scope of use such as “exclusively for personal communications” as opposed to “business purposes of the employer” or “business-related communications.” This carve-out further narrows the scope of the Oklahoma and Louisiana laws.
While these laws generally prohibit adverse actions based based on a refusal to provide user name, password or other authentication information, each law should be scrutinized for broader prohibitions, such as those against penalizing or threatening to penalize an employee or applicant for refusing such requests.
Technology continues to evolve and so does the legal and regulatory environment. Businesses need to continually assess and address the risks created by new laws and new uses of tech in the workplace.
Contact us for a free consultation to learn what we can do to help your business navigate the ever-changing regulatory minefield. What you don’t know can hurt you. We are here to help you avoid getting hurt.
Disclosures must explain:
1. If a web site operator allows other parties to use tracking technologies in connection with the site or service to collect certain user data over time and across sites and services; and
2. How it responds to browser “do not track” signals or other mechanisms designed to give consumers choice as to the collection of certain of their data over time and across sites and services
In addition, the “California Shine the Light Act” requires that companies (except non-profits and businesses with less than 20 employees) collecting broadly defined personal information from California consumers on or offline either: (a) give consumers a choice as to the sharing of that information with third parties (including affiliates) for direct marketing purposes; or (b) provide notice of, and maintain, a method by which consumers can annually obtain information on the categories of information disclosed the names and addresses of the recipients of that data, and a description of the recipients’ business.
If an e-commerce service offers tangible goods or services, or vouchers for them, to California consumers, it must give certain notices to consumers, including how they can file a complaint with the CA Department of Consumer Affairs.
Are you concerned about how to disclose how your service responds to “Do Not Track” signals or similar tools and settings, and whether third parties are permitted to collect personally identifiable information about consumer online activities over time and across different websites when a consumer uses that online service? We may be able to help. We can review your policies, your information gathering and sharing practices, and advise on whether there is room for improvement.
AUSTIN, Texas — A divided House vote provides momentum for Texas employees who wish to shield personal text messages, email passwords under a bill backed by Democratic State Rep. Hellen Giddings and given preliminary approval Thursday.
Proponents say Texas workers need the same social media protections provided in several other states. The bill prohibits employers from asking job applicants or employees for passwords to access their Facebook, Twitter or other personal accounts. Opponents argue it will provide “safe harbor” for employees to steal proprietary information at the workplace through their personal accounts.
No specific penalties are spelled out for employers who would violate the law.
The Texas law is another reminder of the ongoing evolution of Social Media law and regulation as legislators and private businesses struggle to understand how these technologies affect everyone’s rights, obligations and remedies.
If you or your business is concerned about social media legal and regulatory compliance, contact David Adler at Leavens, Strand, Glover & Adler. 866-734-2568 email@example.com.
I just returned from RSAConference 2013 where I had the privilege and honor of giving a presentation of the legal risks caused by social media in the workplace. As a speaker-attendee, I had the priceless benefit of access to all the other speakers and programs held during the conference.
One such program I attended was “We Were Hacked: Here’s What You Should Know”. The speakers, Matthew Prince (@eastdakota) CEO of CloudFlare, and Mat Honan (@mat) writer for Wired Magazine, shared their common experience as targets of high profile hacks. Hearing the details from them first hand, including information from interviews with the hackers themselves, I learned how easy it is to be the victim of hacking and how it’s the little things that create exploitable seams in our information security barriers.
Rather than rewrite their stories, I thought I would share three simple lessons I learned that I’ve already implemented and you should too. Besides, Matt does a better job telling his own story which can be found here.
Here are the three things I learned about how you can protect yourself and others in your organization.
First, security attacks go after the “low hanging fruit” and that often means figuring out a way to exploit your personal email address. With so many web-based services and so much login information to remember, many of us use our personal email as our username for everything from the web sites on which we comment, to our online photo gallery, to our online banking service. Unfortunately, this is probably the address we use for password recovery if we forget. Given that our digital lives are easily mapped, hackers already have one piece of the two-piece login puzzle: they know your user name.
TIP NO. 1: Use a private, obscure email address for your more sensitive information.
Second, once a hacker has accessed your accounts, your computer and your files, the fun has just begun for them. As Matt Honan described, these often adolescent script kiddies simply don’t understand the value of your stored memories and other information. In his case, all the photos of his children were permanently deleted. Regardless of a hacker attack, stuff happens and you don’t want to lose everything because you we’re too lazy to back up.
TIP NO. 2: Back Up your digital life, early and often.
Third, today’s’ Internet is an interdependent ecosystem. Just because you or your organization takes security seriously, doesn’t mean that other do as well. Your internal systems are not enough. Like it or not, the seams of your security perimeter are intertwined and permeated by the services and systems of customers and vendors. For most consumers, the there is a Hobbesian choice of Security v. Convenience. Multiple login usernames and super long passwords are difficult to remember and tedious to use. As a result, most people choose the least secure means of authentication on the assumption that using astringent password is enough. Unfortunately, some people don’t even bothers with that. A recent ZoneAlarm study found that “password” was the fourth most commonly used password by consumers.
Google, Facebook and others have started using two-factor authentication. Two-factor authentication requires that one enter a code after entering the username/password combo. The code is sent via, text message, voice call or email. This greatly reduces the chances of unauthorized access because hackers would need to have your phone, in addition to your username/password combo.
TIP NO. 3: Whenever possible enable two-factor authentication.
Please understand that there is no “magic bullet” when it comes to Cybersecurity. Taking these precautions does not guarantee that you won’t be attached or that your account information won’t be accessed. However, these are important and easy steps that you can take to improve your personal data security.
Affiliate marketing is one of the most cost-effective techniques for monetizing web site traffic and driving sales. Unfortunately, it has a reputation for high risk. While the industry is unlikely to ever be risk-free, it is possible to manage risk by: (1) understanding how techniques like behavioral and contextual targeting affect consumers, affiliates and merchants, (2) understanding the legal and regulatory environment, (3) understating risks involved with prospective marketing partners, (4) using and maintaining proper contracts that allocate risk and provide appropriate indemnifications, and (5) keeping informed about the changes in technology, marketing practices and the regulatory environment. Attendees will learn how to identify these issues and develop policies and procedures to keep informed about the current technology, marketing strategies and regulatory compliance.
As a result of the rapid shift in marketing from unilateral one-to-many communications, to the multilateral, many-to-many or many-to-one conversations enabled by Social Media, employees and employers are struggling to manage accounts that are used for both work and personal purposes.
This new phenomenon has benefits, but it also creates a number of legal challenges. For employees, it may result in greater efficiency, more opportunities for authentic customers engagement and the ability to stay on top of the most current grands and business issues. For employers, it presents opportunity to reap substantial benefits from lower communications and customer support costs. For in-house counsel, it raises a host of legal and practical issues with few easy solutions and significant liability and regulatory risks.
First, there are hardware issues. Smartphones, tablets and other personal electronics often have social networking capabilities built in. in addition, they contain contain both personal and business data. Because these devices are always on and always connected, they are more than just personal property. They have become essential business tools. For both sides of the workplace equation, employers and employees must understand where the privacy lines fall between personal versus work-related information.
Second, there are data issues. Employers must balance their needs to monitor employee usage, employees’ privacy concerns, and the risk of liability for theft or exposure of data if a device is lost or stolen, or from lack of proper safeguards on account usage. For in-house counsel tasked with drafting policies to address these risks, , Prior to implementation of any policy, the legal team needs to educate front line employees and management on reasonable expectations of privacy and security and the harms that the organization seeks to prevent.
Lastly, recent cases such as the Cristou v. Beatport litigation, highlight the struggle to define and control the beginning and end of employee social media accounts, ownership and protection of intellectual property and the post termination risks that arise from the absence of appropriate policies.
As we prepare to start a new year, the time is ripe to establish security and privacy policies governing creation, maintenance and use of employees’ social media accounts for work functions. In-house counsel must lead the charge to educate, inform and train employees about privacy, security and evidence-recovery implications associated with use of social media.