HHR New Media, Entertainment and Technology Group

In the wake of the recently publicized data breach involving Sony’s PlayStation and Online Entertainment networks, Congress appears ready to accelerate its efforts to enact legislation to implement regulations intended to prevent future breaches and provide a framework for enforcement in the event of a breach.  The data breaches at Sony, which occurred on two separate occasions (at the end of April and then again at the beginning of May), involved more than 100 million accounts. The data that was leaked included information about PlayStation subscribers such as names, addresses, emails, passwords, usernames, birthdays, phone numbers and purchase histories.   Continue Reading »

The recent Wall Street Journal report revealing that some of Facebook’s most popular applications have been leaking user information has brought attention to a little-known corner of the Web advertising business.  And that attention may ultimately lead to substantial changes in the way companies do business both with Facebook and throughout the wider Web. 

The Facebook disclosures were the result of a common Web standard called a referer.  As web users navigate from site to site, the referer tells the new site which page the user is coming from.  Most of the time, this is an innocuous tool used to help websites track the source of their traffic flow and customize user experience.  However, when user IDs are included in web addresses, as is the case with Facebook and other social networking sites, this practice could potentially expose the browser’s identity.  The user IDs can be used to look up public information on the user’s Facebook profile, which, depending on the selected privacy settings, could include anything from the user’s name to his age, hometown, or even photos. Continue Reading »

Over the last year, social networking sites, most notably those with a developer platform such as Facebook, have become hotbeds for virtual goods purchases, social gaming, sweepstakes and advertising-based promotions.  Many of these are based on custom-designed and developed third party applications and widgets, which are veritable revenue drivers for the platform operators.  Several months ago Apple modified the terms for its iPhone application development agreement (via an amendment to the iPhone SDK terms)  to specifically permit app-based contests and sweepstakes.  Specifically, Apple added the following language: “Your Application may include promotional sweepstakes or contest functionality provided that You are the sole sponsor of the promotion and that You and Your Application comply with any applicable laws.” However, questions have arisen regarding the legality of running these games and promotions via such applications and platforms.  At their core, these questions focus on the legal distinctions between lotteries, contests and sweepstakes, distinctions that could mean the difference between a highly successful promotion and a high-profile legal headache. Continue Reading »

Transparency into how websites use, protect and disclose the personally identifiable information of its end users has been an especially hot topic over the past few years as the use of social networking and social utility sites have grown exponentially in popularity.  So it’s no surprise that end users’ control (or lack thereof) over how their personally identifiable information is used, and the extent of that control, has been giving many in our industry “heart burn” and raising the eyebrows of legislators and governments globally.

  Continue Reading »

Since Facebook launched its Facebook Usernames initiative in mid-June, over 6 million unique individuals have registered usernames for their personal profiles, and over 15,000 usernames have been registered for Facebook Pages as well, which are commonly used by businesses and other organizations.  In many ways, the program looks like a proprietary domain name registration system.  However, when we read that Facebook is claiming ownership over every username, an assertion attributed to a company spokesman, we realized that Facebook is not acting like a domain name registrar.  We also wondered about the legal basis of such a claim.

Continue Reading »