PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

Facebook

A few days ago, I posted about Facebook’s new Social Ads and I argued that they might give rise to an action under the appropriation of name or likeness tort. The most common formulation of the appropriation tort is defined in the Restatement (Second) of Torts § 652C: “One who appropriates to his own use or benefit the name or likeness of another is subject to liability to the other for invasion of his privacy.”

A related tort, a spin-off of appropriation, is the “right of publicity” which as defined by the Restatement (Third) of the Law of Unfair Competition § 46: “One who appropriates the commercial value of a person’s identity by using without consent the person’s name, likeness, or other indicia of identity for purpose of trade is subject to liability for [monetary and injunctive] relief.”

These two torts have sometimes been confused with each other, but the basic difference is that appropriation protects one’s dignitary interests in not desiring to have one’s identity exploited and used for another’s benefit whereas the right of publicity protects a person’s property interest in the commercial value of her identity.

Both torts are potentially applicable to Facebook’s Social Ads.

Over at Digital Daily, John Paczkowski discusses my post and adds:

Now Facebook claims no personally identifiable information is shared with an advertiser in creating a Social Ad. “Facebook has always empowered users to make choices about sharing their data, and with Facebook Ads we are extending that to marketing messages that appear on the site,” the company explains. “Facebook users will only see Social Ads to the extent their friends are sharing information with them.” That’s certainly a thoughtful assurance. But it doesn’t exactly address the issue of Facebook appropriating user identities for its own benefit.

At the NYT”s Bits, Saul Hansell discusses the response of Chris Kelly, the chief privacy officer of Facebook:

Mr. Kelly said the advertisements are simply a “representation” of the action users have taken: choosing to link themselves to a product. He added that in many states, consenting to something online is now seen as the equivalent of written consent.

And he argued that it would be difficult for someone used in one of these ads to object because that person had already chosen to publicly identify themselves with the brand doing the advertising.

“We are fairly confident that our operation is well presented to users and that they can make their own choices about whether they want to affiliate with brands that put up Facebook pages,” Mr. Kelly said.

I don’t agree with Kelly’s take on the law. Suppose Michael Jordan says on national TV that he likes Wheaties. Does this allow Wheaties to use his image on its cereal box or in a commercial? The answer is no. The fact that Jordan says he likes Wheaties can be used in a news story; it can be used in a biography of Jordan. But it cannot be used in a commercial advertisement. Comment (c) to the Restatement’s section on appropriation states that “the defendant must have appropriated for his own use or benefit the reputation, prestige, social or commercial standing, public interest or other values of the plaintiff’s name or likeness.” That’s exactly what’s being done with Social Ads. They are not merely reporting facts (which is ok under appropriation and publicity); instead, they are using the reputation and standing of people to promote commercial products and services.

The fact that a person publicly states that she likes a product is not equivalent to that person’s consent to be used in an advertisement. Otherwise, Coca Cola could snap a photo of a celebrity drinking a can of Coke and then use the photo in its ad campaign without paying the celebrity. That celebrity’s lawyers would be licking their chops if that were to happen.


Moreover, the fact that a person publicly indicates liking for a product doesn’t make the appropriation or right of publicity torts inapplicable. There is no element of these torts that requires that the information be private. The torts are designed to rectify the exploitation of a person’s identity, not to remedy the disclosure of secrets.

This doesn’t mean that Facebook users will have an easy case. Proving damages might be difficult. (Professor Bill McGeveran has some thoughts about the problems in establishing damages here.) Facebook might try to argue that users consented to the ads under its terms of service. According to its terms of service:

By posting User Content to any part of the Site, you automatically grant, and you represent and warrant that you have the right to grant, to the Company an irrevocable, perpetual, non-exclusive, transferable, fully paid, worldwide license (with the right to sublicense) to use, copy, publicly perform, publicly display, reformat, translate, excerpt (in whole or in part) and distribute such User Content for any purpose on or in connection with the Site or the promotion thereof, to prepare derivative works of, or incorporate into other works, such User Content, and to grant and authorize sublicenses of the foregoing.

I am not a contracts expert, so I don’t know how broadly this might be interpreted and whether it would extinguish any appropriation or right of publicity claims.

But the reasons offered by Facebook’s privacy counsel don’t strike me as persuasive at all.

Moreover, I’m not sure that this is a wise policy for Facebook. Why piss of users by unwittingly using them in ads when Facebook could readily obtain their consent? Many users would probably be happy to be used in Social Ads. If so, getting them to say yes would be easy. If users aren’t happy with it, then is it really a good idea to use them in these ads? In other words, asking for people’s consent might not just be the law, it might be the wisest policy as well.

Originally Posted at Concurring Opinions

* * * *

This post was authored by Professor Daniel J. Solove, who through TeachPrivacy develops computer-based privacy training, data security training, HIPAA training, and many other forms of awareness training on privacy and security topics. Professor Solove also posts at his blog at LinkedIn. His blog has more than 1 million followers.

Professor Solove is the organizer, along with Paul Schwartz, of the Privacy + Security Forum and International Privacy + Security Forum, annual events designed for seasoned professionals.

If you are interested in privacy and data security issues, there are many great ways Professor Solove can help you stay informed:
*
LinkedIn Influencer blog
*
Twitter
*
Newsletter

TeachPrivacy Ad Privacy Training Security Training 01