Virtual World Law Blog

A weekly wrap up of interesting news about virtual worlds, virtual goods and other social media.

Piracy battle goes to CES, Wikipedia may join SOPA protest, Google social search faces privacy concerns

A contentious battle over Internet anti-piracy legislation shifted from Washington to the Consumer Electronics Show, The Washington Post reported. The Consumer Electronics Association, which is behind the show, has been a vocal opponent of the two bills circulating in Congress that would help Hollywood titans, record labels and pharmaceutical firms enforce copyright infringement laws online.

Mobile virtual currency market to hit $4.8bn by 2016

In fact, a study released yesterday from Juniper Research predicts that the amount of money being spent on virtual currency in mobile apps is going to more than double in the next four years, going from $2.1bn last year to $4.8bn by 2016.

Bethesda Buys Interplay's 'Fallout' Rights, Ends IP Suit

Interplay Entertainment Corp., original developer of the "Fallout" line of video games, on Monday forfeited its rights to continue work on the series -- resolving a trademark dispute with former business partner Bethesda Softworks LLC.

Domino's Pizza uses augmented reality offers to boost food sales

Domino's Pizza, which has already been testing the waters of mobile marketing for some time now, has started a new campaign that includes the use of augmented reality, to add a whole new dimension to its latest 555 pizza offer.

CES: Better augmented reality with high-tech contact lenses

Augmented reality has made progress on smartphones, with apps letting people layer information and graphics over a view of the real world. A startup from the Seattle region is looking to take the next step toward an AR future with special contact lenses that make it possible to view objects projected onto glasses a short distance away from the eye.

Banks start playing games with your money

A new video game has gotten its hooks into Brian Kealer, a 26-year-old San Francisco software engineer. He's not killing birds or using his vocabulary to impress his friends. No, Kealer is after real prizes, like the iPad2 he just scored. And he's playing with his bank account. 

8K69Q43F7MWC

Will 2012 be the year of virtual worlds?

What got me thinking about this was a blog post by Maria Korlova over at the HyperGrid Business Blog. In it, she maintains her firm conviction that businesses will soon come around to using these virtual worlds as business tools. Just as the nay-sayers were wrong about the Internet, Software as a Service, and Lady Gaga, we will eventually integrate this technology into how we work.

Courts, Sports And Videogames: What's In A Game?

Although one of the clearest legal thinkers, Louis Brandeis, conceived the modern right of publicity,[1] "unclear" would be an adjective all lawyers would apply to the current state of right of publicity law, regardless of which side of the issue they usually argue. Indeed, although the right of publicity concept was further developed by another very clear legal thinker, William Prosser,[2] he himself alluded to it as the concept "that launched a thousand lawsuits,"[3] few of which can be reconciled with one another.

Insurers Can't Join Coverage Suit Over Athlete Image Use

A Georgia federal judge said Wednesday that four insurers can't intervene in a coverage suit in California over underlying antitrust class actions concerning the use of college athletes' likenesses in video games.

What the Copycat Saw: Creative Theft in Mobile and Social Games

The distinction between theft and inspiration is often unclear in video games. Traditions are formed, broken down, and remade every few years. The most successful ideas are eagerly absorbed by others, from regenerative health in first person shooters to the subdivision of platformer levels into world and stage.

Virtual worlds training for federal cyber pros in the works

Virtual Justice

Rutgers University law professor Greg Lastowka looks at whether players can and should be granted legal ownership of virtual items, whether or not there's any existing legal precedent and how the virtual item landscape may change in the near future.

Italian court: Online editors not responsible for reader comments

Online commentators Wednesday welcomed a ruling by Italy's highest court that the editors of online publications cannot be held legally responsible for defamatory comments posted by their readers. In a ruling handed down at the end of October, the Court of Cassation acquitted a former online editor of L'Espresso news magazine of the crime of failing to prevent defamation committed by one of her readers.

OUII Seeks Clarity On 'Process Of Establishment' Claims

The U.S. International Trade Commission should review a recent finding in a video game patent infringement case and clarify how to determine if a domestic industry is in the process of being established in Section 337 cases, the ITC's Office of Unfair Import Investigations said in a petition publicized Tuesday.

Germany's Merck wants Facebook page back

Germany's Merck KGaA has threatened legal action after it said it lost its Facebook page apparently to rival Merck & Co. in the U.S., though it has yet to identify defendants in the case.

Virtual World Startups Seek Refuge From Patent Attacks

The developers behind the next evolution of the Internet -- linked, immersive, 3D environments -- are trying to think of ways to minimize the adverse impact of software patents on their industry.

Social media in for worse cyber attacks in 2012

Social media sites and cellphones will prove to be fertile grounds for cyber criminals to exploit globally important events in 2012 to steal personal information and data and make financial gains, cyber security firm Websense has said. The Websense document, " 2012 Cyber Security Threats," has said identity information posted by users of sites such as Facebook, Twitter or LinkedIn may prove more valuable to cybercriminals than even credit cards.

Facebook recently filed a Patent Application that Triggered a Congressional inquiry.  The patent application, which describes technology for tracking users on other websites, resulted in a letter from Reps. Edward Markey, D- Mass., and Joe Barton, R-Texas, seeking information on its current privacy practices and future intentions for tracking user activity and data. Markey and Barton co-chair the Congressional Bipartisan Privacy Caucus.

The application was published on Sept. 22, 2011 and describes a method "for tracking information about the activities of users of a social networking system while on another domain."

In the letter to facebook CEO Mark Zuckerberg, Markey and Barton sought clarification on the purpose of the patent and how Facebook intends to use it. They also inquired about how Facebook intends to integrate the location data of its users into its targeted advertising system, noting that Facebook has previously stated that it does not track people across the Internet.

It is important to note that just because Facebook has filed a patent does not necessarily mean that they have commercially implemented what the patent discloses. However,  this action is just one of the latest from Washington focusing on privacy. There seems to be a very focused effort by legislators and regulators to ensure that companies only collect user information needed for legitimate business purposes and that the information collected is not retained indefinitely. 

As with many other aspects of social media, the laws and regulatory climate are continuing to evolve.  If you have not recently reviewed your data collection, privacy practices and privacy policies, now is a good time to do so. 

Given the great interest in "the cloud" from a business perspective, as well as Microsoft's popularization of the concept with its "To the Cloud!" advertising campaign, it's no wonder that many game providers are looking to the cloud as the next viable and profitable gaming platform. The cloud movement not only provides economic incentives through various subscription and pay-to-play models, but also helps defeat piracy by locking down game code and other intellectual property from potential thieves.

Cloud game providers have a lot to gain from virtualization, but moving to a cloud-based framework raises potential legal issues that should be considered.

Latency

The first big issue for gaming providers considering moving to the cloud is both a practical one and a legal one - latency. Unlike digital downloads, streaming games require both down and upstream communications. Further, gaming often demands instant, real-time action, so any material latency will be noticed, especially for multi-player, FPS-type or other real-time games. Currently, some game providers have tried to satisfy gamers' demand for real-time, low-latency play by operating in data centers that are physically close to the gamer. From a technical perspective, cloud gaming may present an issue because it could involve moving the game servers much farther away from the gamer, thus having the potential to lead to increased, or even significant latency. Another technical fix may be to use "tricks" similar to those used in non-cloud gaming to compensate for latency issues.

From a legal perspective, however, the move to the cloud could bring such "tricks" into the realm of patents held by the gaming company OnLive--patents which cover "twitch gameplay" over a cloud-based system. When porting a game from client-server or mobile-based platforms to a cloud-based platform, game providers should be sure to investigate whether the conversion will expose them to potential infringement liability, including the OnLive patent portfolio. This is especially important because most game providers are not the actual game developer, so game providers should also review their agreements with the game developer to understand whether indemnification or re-development are options. Further, if the agreement is with a small game developer, the developer may not have the financial resources to indemnify the game provider, and thus the game provider should be aware of the potential risks before embarking on a cloud-based venture.

To read this publication in its entirety, click here.

Enter at Your Own Rift: How gold farming really hurts the economy

Recently, Trion Worlds CCO and RIFT Executive Producer Scott Hartsman talked to Gamasutra about how gold farming is a much bigger threat than we assume, particularly because of the large amount of credit card fraud. Those who played RIFT at launch probably recall the large wave of hacked accounts early on. According to Hartsman, the hacking attempts were so quick and so intense that the game could have been "denial-of-serviced off the internet" when it launched.

Gamification, that buzz word panned as hype by some, has increasingly won over companies, investors and even research firms like Gartner, which now predicts half of all companies will use gamification by 2015. So what's next? How about gamification certification.

Facebook Ramps Up Lobbying Over Privacy

Facebook Inc. has beefed up its public policy efforts with an eye to shaping federal privacy legislation, sharply increasing its lobbying expenditures and expanding its roster of Washington insiders, disclosure records show.

NYPD Looks to Mine Social Networks for Infor on Criminal Activity

Privacy is something most people worry about and try to protect, but on social networking giants like Facebook, it's almost impossible to protect all of your information despite privacy settings. Now, the New York Police Department (NYPD) is data mining Facebook, Twitter and MySpace to track hooligans who have committed or are planning to commit crimes.

Registration Opens for Game::Business::Law 2012

Registration is now open for the 4^th Annual Game::Business::Law Summit on January 25 - January 26, 2012. The event will be held at Southern Methodist University, Dedman School of Law and is hosted by The Guildhall at SMU, SMU's Dedman School of Law and The Center for American and International Law.

A Guide to Controlling Privacy, Info on Google+

Google+is the new social networking kid on the block, and one of the main reasons so many people are interested in the service over Facebook is Google+'s proclaimed focus on protecting users' privacy. Whether you're a new Google+ user or you're already a pro, understanding how to control your information on the site can make you feel much more at ease on the social network. Here's the lowdown on Google+'s privacy controls, including a few of the more buried settings you'll want to know about.

EBay Rings Up Mobile Payment Outfit For $240M

EBay Inc. unit PayPal will beef up its position in the online payment market with the $240 million purchase of mobile phone payment specialist Zong, as big online merchants continue to snap up upstarts in the world of virtual commerce.

The Metrics Are the Message: How Analytics is Shaping Social Games

The freemium gaming business is expanding rapidly. We all know about the Facebook behemoth Zynga, which now claims over 250 million monthly players, and is valued at anywhere between $5-10bn. But online, there are dozens of global companies hawking a range of in-depth gaming experiences.

Online Consumers Willing to Pay Premium for Net Privacy

Online consumers thought to be motivated primarily by savings are, in fact, often willing to pay a premium for purchases from online vendors with clear, protective privacy policies, according to a new study in the current issue of a journal of the Institute for Operations Research and the Management Sciences.

Could Google+ Be the Best Social Network for Your Career?

Barely two weeks old, Google's new social network, Google+, is already scrambling the social media hierarchy. One of its key features -- that your professional and personal lives can go their separate ways -- helps solve a key Facebook drawback.

BizRocket.com, Inc., projects $50 Million Revenue

According to eMarketer worldwide social network spending is expected to reach $6 billion this year. The social networking market for kids age 13 and under is estimated at over one billion ($1,000,000,000) dollars per year and rapidly growing. BizRocket.com, Inc., is committed to earn a significant share of that revenue stream for shareholders and provide a safe Internet experience for pre-teens. BizRocket.com, Inc., projects annual revenues to exceed $50 million by third year of full operations.

Electronic Arts To Pay $750M for PopCap Games

Electronic Arts Inc. said Tuesday that it will buy PopCap Games for at least $750 million in a bid to snag a larger piece of the rapidly growing market for games on cell phones and social networks.

Badgeville Raises $12M to Lead the Way in Gamification

On June 21, Canada's Federal Office of Privacy Commissioner released its 2010 annual report on Canada's data privacy law, the Personal Information Protection and Electronic Documents Act (known as "PIPEDA"). According to the report, in 2010 the Office of the Privacy Commissioner:

Among other things, the Report states, "Social media networks, which some research suggests now link together more than half of all Canadian Internet users, were of particularly pressing interest to our Office." This is consistent with similar statements that have been made by the UK Information Commissioner's Office, and should indicate to any game or social media company with global ambitions that the days of flying under the radar of data protection authorities are coming to an end.

The Report includes discussion of the Office of Privacy Commissioner's investigations into the privacy practices of Facebook and issues around the launch of Google Buzz and Google's well-known street-view wifi data collection practice. The Report also covers a previously unreported investigation of online dating site eHarmony's privacy practices. The investigation was prompted by a complaint by an eHarmony member. According to the Report, when she requested to delete her online account after her membership ended, eHarmony's response was to tell her that her account was inaccessible to other members, but that the personal information could not be entirely removed.

The Privacy Commissioner found that the option to "close" an account was not readily accessible on the eHarmony website, and that the website did not provide a clear explanation of what eHarmony meant by the term "close the account." Based on recommendations from the Office of Privacy Commissioner, eHarmony is establishing a two-year retention period for personal information collected from its users, providing a "clear and efficient process" for users to request removal of their personal information, and providing users with "clear information" on the difference between deactivating and deleting an account and on its personal information retention policy.

It's important to note that the Report stressed that the office's interest in the privacy practices of online dating sites is not restricted to eHarmony. The Report noted that other dating sites do not have privacy policies at all and others have policies but do not specify how they handle personal information after a user is no longer active.

The fact that the Privacy Commissioner felt the need to note that some websites do not have privacy policies is somewhat shocking. Since July 1, 2004, it has been a violation of the California Online Privacy Protection Act (OPPA) of 2003 to fail to post a conspicuous privacy policy on any commercial website that collects personal information about California residents.

The 132-page 2010 annual report is available at http://www.priv.gc.ca/information/ar/201011/2010_pipeda_e.pdf.

As we discussed here, the EU "Cookie Rule," which requires companies with European customers to get informed consent from visitors to their websites in order to use most cookies (other than those "strictly necessary" for the service requested by the consumer), went into effect on May 25. As an example of how they wanted websites to behave, the UK Information Commissioner's Office put the following banner on their website:

Thanks to a Freedom of Information request from Vicky Brock, we can see the effect of the opt-in cookie requirement on tracked traffic to the ICO website:

Vicky has also made the underlying data available in a Google Docs spreadsheet.

While this does seem to pose a challenge for marketers, there are a couple of things about this data to keep in mind:

1)         The UK ICO implemented the opt-in via a banner on the top of the page. People have grown so used to ignoring banners that they might not have even looked at the option being provided. Thus, another method for requesting consent might have a greater opt-in rate.  Guidance from the UK ICO states that consent can be obtained via the following methods:

•          Pop-ups. A website operator could ask a user directly if they agree to a website operator putting something on their computer and if they click "yes", this would constitute consent.

•          Terms and conditions. A website operator could alternatively make users aware of the use of cookies via the terms and conditions, asking a user to tick a box to indicate that they consent to the new terms.

•          Settings-led consent. Consent could also be gained as part of the process by which the user confirms what they want to do or how they want the website to work, e.g., some websites "remember" which language version of a website a user prefers. If this feature is enabled by the storage of a cookie, then the website operator could explain this to the user and that it will not ask the user every time they visit the website.

It is worth noting, however, that the guidance does not purport to be exhaustive. The ICO states that they will consider supplementing the advice with further examples of how to gain consent for particular types of cookies in the future. It goes on to say that the examples listed are not intended to be a prescriptive list on how to comply, rather, that a website operator is best placed to work out how to get information to users and what users will understand.  Each case will be facts-specific.

2)         Even for those who did see the banner, there isn't really any incentive to opting-in. If a website makes a case for the opt-in by pointing out additional functionality or other benefits to opting-in, that may increase the opt-in rate.

Another issue for websites is that it is not yet clear whether the Cookie Rule applies to non-cookie tracking technologies like web beacons. Technically, the Cookie Rule applies to "the storing of information, or the gaining of access to information already stored, in the terminal equipment of a subscriber or user." However, given the assertive position that many European Data Protection Authorities take towards the protection of personal information, it may be prudent to assume that anything that lets a website track users could require consent. In the case of web beacons, as well, since they could disclose a users IP address, which could be personally indentifying information, they might be subject to the general obligation to obtain user consent before collecting personal information, anyway.

A UK charity recently did a survey to look at how people deal with idea of death and digital music, photography and online bank accounts. Their research found that although 80% of those surveyed have such things, fewer than 10% have given any thought about what should happen to those assets when they die. More than half also said their computers contained important domestic and personal information which could not be accessed by family members.

This issue has been gaining importance as our online life becomes an increasing portion of our activity and consumption. People used to keep photos in albums - now they're scattered among devices, memory cards and online services. Personal diaries are now protected with a password instead of a physical lock - and might even be stored on Blogger or LiveJournal or another online service rather than on a hard drive.  Family financial information or even personal recipes might be stored in Google Docs.  Most of the services we use on a regular basis have little-to-no provisions in place for a family member or an executor to transfer account information. Few companies and even fewer users are thinking about end of life issues when it comes to their online lives.

In some cases it takes legal action to gain access to an email account because of the privacy issues involved with messages to and from others who are still living. After the case of Lance Corporal Justin Ellsworth in 2004, the US Army began counseling deploying soldiers on this issue,

Legal Assistance attorneys can counsel deploying soldiers about the merits and consequences of giving a letter that contains the user ID and password to their e-mail to someone they trust. The merits include comforting their loved ones by enabling them to piece together his or her life "down range." The consequences include that access is not selective and the soldier may want to protect his or her privacy even after their death. In the alternative, LA attorneys may advise deploying soldiers to draft a letter specifically telling their loved ones to respect his or her privacy and not attempt to access his or her e-mail account posthumously. LA attorneys providing this counseling should also instruct deploying soldiers to keep the contents of his or her letter secret from the person intended to deliver it to the soldier's loved ones.

Following up on the US Army's approach, companies like Legacy Locker are providing people with the ability to create an archive of userids and passwords as part of a "digital will." Going beyond the sentimental value of photographs and correspondence, 80% of those responding to the UK charity survey thought their collections of virtual goods (music, iPhone apps and other virtual goods) were financially valuable. Yet only 9% had considered including them among assets to be distributed after their death.  Companies like Confidant are providing users with the ability to create a single online repository of important information and designate specific individuals who have access to some or all of the information.

As demonstrated by the UK charity's study, the digital assets we acquire during life have value that is not just sentimental.  The US IRS Taxpayer Advocate recognized this in 2008 in her annual report to Congress.  The relevant portions of the report were extracted and posted here.  So when you die, your heirs would theoretically have to pay an estate tax on all of the digital assets you collected in your years of virtual asset collecting and building. As long as it has a real-world value, it can be taxed for that real-world amount just like a piece of art or a valuable stamp collection.

Any consumer who collects digital assets - whether through playing games ranging from Kingdom of Loathing to World of Warcraft, participating in a virtual world, simply purchasing music or other digital goods, or just saving important pictures and files - should consider what should and will happen to those files when the consumer dies.  Consumers should consider whether the terms of use for relevant services permits those assets to be transferred to a third party or whether the service has policies and procedures for dealing with the death of a user.  In addition, the heirs of consumers with significant, valuable collections of digital assets may need to deal with estate tax issues related to the value of those digital assets.  Similarly, providers of online services need to consider how they will deal with the death of users, whether they will permit accounts and/or specific assets to be transferred to third parties and what levels of evidence they will require to verify the death.  In many cases, where a service provides a virtual currency, laws may regulate the manner in which such online currency accounts must be maintained and/or transferred.  Providers of online role-playing games and other virtual worlds may need to create systems to notify other users of the death of a member and, perhaps, even hold online memorial services.

There are a number of people out there who are warning us that there needs to be more awareness of how much information we're disclosing via social networks. Some of them, like the now-shuttered PleaseRobMe.com, were doing it intentionally. Others, like Facebook Breakup Notifier (FBN), do it by implication. FBN lets users pick certain friends whose relationship status they'd like to monitor. If one of those relationships changes, the user gets notified by e-mail. Every tweet, update, video and blog post is a micro-chapter of your public profile that anyone can access. Although the information that is created is for friends, family and colleagues, people seem to rely on the scale of the internet to keep them anonymous without realizing that the information they post is also available to people with less virtuous interests. According to a study reported in The Telegraph, 36% of users who responded to a survey do not limit access to their social media profiles.

The latest tool for would-be stalkers is the aptly-named "Creepy."  Its creator describes it as a 'geolocation information aggregator.' Creepy is an application for Linux or Windows -- with a Mac OS X port in the works -- that gathers public information on a selected individual via social networking services to map their travel patterns. Right now it only works through Twitter and Flickr, but it's already pretty impressive. Creepy uses the services' APIs to download every photo or tweet the target user has ever published, analyzing each for the user's location at the time.  Although Twitter's geolocation setting is optional, images shared via sites like Twitpic and Yfrog are usually taken using a smartphone - which, usually unbeknownst to the user, records the location information in the EXIF data of the image. Creepy finds these photos, downloads them, and extracts the location data.

Disney Buys Social Networking site Togetherville

Togetherville, designed for children under 10, adds to Disney's stable of Internet properties including social gaming company Playdom and mobile application developer Tapulous.

Gamification and Avoiding the Fate of ARGs

Supposedly, there's much that can be done with gamification to build deep engagement with users. Games can enhance lives. Everything can become a game, from work to social causes, education and art.

Virtual Reality Technology at City Tech Lab

New York City College of Technology (City Tech) yesterday inaugurated a new state-of-the-art psychology research laboratory, the first such facility in the college's history.

There's a Bigger Mistake You Could Make Than Offending the SEC

Opinions on how advisors and their vendors should approach social media abound. It's an interesting topic. But, perhaps because of the focus on compliance, some basic issues haven't been addressed in-depth. You might wonder: "Why the heck did Twitter get popular? What can it actually do for me? Should I just pipe my regular marketing materials into these new networks?"

Snooping on Social Networks to Vet Jurors and Hire Employees

While attorneys use Facebook and social media to vet jurors, some government agencies are demanding social network passwords from potential employees. Sometimes social networking comes back to bite you with privacy invasion.

Mobile Social Gaming Goes Mainstream

Sometimes it seems like the only thing that's permanent in the mobile industry is impermanence--the pace of innovation guarantees that nothing stays the same for very long. One exception is the enduring popularity of mobile gaming: From BlackBerry staple Brick Breaker to blockbuster du jour Angry Birds, the titles may change, but consumer interest in gaming remains intact.

hi5 Announces "Sociopay" Advanced Monetization Platform

hi5, one of the world's leading platforms for social games, today announced the launch of the SocioPay monetization platform designed to maximize revenue for social games. SocioPay

dynamically determines the optimal monetization solution for every commerce opportunity, including identifying players who are less likely to purchase and offering advertising as an alternative to traditional payment options.

MocoSpace Launches $1M Mobile Game Developer Fund

According to a recent study by OpenDNS (available here), Facebook is both the most widely blocked site in enterprises today and the second most widely allowed site in enterprises today. The study goes on to report that more than 14 percent of all enterprises that block websites on their networks choose to block Facebook, and MySpace and YouTube round out the top three most commonly blocked websites for business users.

The OpenDNS findings are consistent with those reported in ProofPoint's 7th Annual Survey on Outbound Messaging and Content Security (available here), which broke the blocking statistics down by company size:

And there's a good reason for companies to be blocking that access. According to the ProofPoint report, in 2010:

• 25% of US companies investigated exposure of confidential/proprietary info via blogs/message boards
• 24% disciplined employee for violation of blog policy w/in last 12 months
• 11% terminated employee for violation

• 20% of US companies investigated exposure of confidential/proprietary info via social networks
• 20% disciplined employee for violation of social network policy w/in last 12 months
• 7% terminated employee for violation

• 18% of US companies investigated exposure of confidential/proprietary info via video/audio sharing services
• 21% disciplined employee for violation of media sharing/posting policy w/in last 12  months
• 9% terminated employee for violation

• 18% of US companies investigated exposure of confidential/proprietary info via SMS/web-based messaging

So what should your company be doing?

First, have a social media policy. Talk to employees and solicit ideas for the corporate social media policy. You want to encourage all personnel to think and act like an official company spokesperson, but make sure they know they are not an official company spokesperson and cannot claim to be. The company should designate social media representatives and give them limitations what they are and aren't supposed to do.

Identify off-limit subjects ahead of time and share that with your company's social media representatives. Employee training and communication are key to compliance.

Second, have a monitoring policy. From a company perspective, the policy should state that all use of company-provided equipment or services can be monitored, but limit searches of communications/devices to where there is suspicion of misconduct, and limit those searches so that they are consistent with the purpose of the investigation.

In the real world (at least in the US), the 5th Amendment to the Constitution states, "No person shall ... be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation." A host of jurisprudence has determined what the government is, and is not, allowed to do affecting property owned by private citizens. With an announcement from Linden Labs that the Teen Grid in Second Life will be shutting down on Dec. 31, a number of users are discovering that there's no such protection in a privately owned virtual world.

According to this article, those who have invested in developing content and educational tools for use in Second Life Teen are faced with the question of whether to transfer to another platform or give up using the tools they've developed. The situation illustrates the catch-22 facing those who want to invest significant time, energy and resources into developing virtual world real estate when the owner of the platform has the right to take away that real estate without compensating the members of the community for "taking" their property rights in the virtual world away.

As discussed further in this post, Linden Research Inc. and its CEO Philip Rosedale have already been named as defendants in a class action lawsuit relating to the ownership status of virtual property in Second Life. Interestingly, the home page for Teen Second Life still includes, "Click here for a FREE Lifetime Basic account." It isn't clear what Linden plans to do with all of its teen members, since Second Life includes more adult interactions and content and currently requires users to be over 18. The Teen Second Life page also still advertises the monthly rental pricing for virtual land on the Teen Second Life grid.

A German data protection official has initiated action against Facebook for its use and storage of information about people who are not members. The actions result in part from the ability for registered users to use a tool provided by Facebook that scans a user's existing email contacts and retrieves and stores that contact information, including information about non-user contacts.

Facebook faces potential fines for storing personal information of people who don't use the site and have not granted Facebook permission to access or store their details.

Facebook has until Aug. 11 to respond to the legal complaint.

This is another example of how certain technology, which may be useful to users of a social media site may adversely affect the rights of non-users.

The Federal Trade Commission has extended until July 12, 2010, the deadline for public comments on its review of the Children's Online Privacy Protection Act (COPPA) Rule. The request for comments was originally published in the Federal Register on April 5, 2010.

As stated on the FTC website:

The primary goal of the Children's Online Privacy Protection Act (COPPA) Rule is to give parents control over what information is collected from their children online and how such information may be used.

The Rule applies to:

* Operators of commercial Web sites and online services directed to children under 13 that collect personal information from them;

* Operators of general audience sites that knowingly collect personal information from children under 13; and

* Operators of general audience sites that have a separate children's area and that collect personal information from children under 13.

The Rule requires operators to:

* Post a privacy policy on the homepage of the Web site and link to the privacy policy on every page where personal information is collected.

* Provide notice about the site's information collection practices to parents and obtain verifiable parental consent before collecting personal information from children.

* Give parents a choice as to whether their child's personal information will be disclosed to third parties.

* Provide parents access to their child's personal information and the opportunity to delete the child's personal information and opt-out of future collection or use of the information.

* Not condition a child's participation in a game, contest or other activity on the child's disclosing more personal information than is reasonably necessary to participate in that activity.

* Maintain the confidentiality, security and integrity of personal information collected from children.

Many in the industry have complained that the FTC has not provided clear enough guidance on how to comply with COPPA.

However, in order to encourage active industry self-regulation, COPPA also includes a safe harbor provision allowing industry groups and others to request Commission approval of self-regulatory guidelines to govern participating Web sites' compliance with the Rule.

One of the few companies to have received Safe Harbor status is Pillsbury client Privo, Inc.

The FTC recently posted a press release (FTC Press Release) on their settlement with Twitter, Inc. over charges that the company failed to protect users' private information. The charges against Twitter stem from several high-profile incidences where hackers were able to gain administrative control of Twitter to: view nonpublic user information; gain access to direct messages and protected tweets; reset any user's password; and send authorized tweets from any user account.

The FTC made it a point to remind companies that a promise to keep user personal information secure must be kept. Furthermore, even when social networking users choose to share information with others, they still have a right to expect that their personal information will be kept private and secure. The press release outlines the reasonable steps Twitter failed to take and serves as a useful guideline for companies that want to make sure their user information security practices do not run afoul of FTC expectations.