Sep 1, 2022

Social Media Game Plan: IP and Marketing Law Playbook

For those corporate attorneys that are still waiting for this social media “fad” to fade out, the statistics can no longer be ignored- two thirds of the global internet population visit social media sites. In fact, visiting social media sites is now the fourth most popular online activity, ahead of even personal e-mail. If you believe your company can ignore the Facebook market, it would be akin to ignoring the eighth most populated country in the world. Social networking has exploded in popularity so quickly that it is no longer even thought of as “new media”.

Companies hosting and participating in social media face numerous potential legal minefields – new court decisions come at a dizzying pace, often interpreting relatively new statutes that lack established precedents. Furthermore, as the line between “company time” and “personal time” blurs, companies struggle with the right balance between an employee’s free speech rights and restrictions to protect the company when the employee engages in social media. Protecting company intellectual property is yet another challenge. Whether dealing with “friendly” (fan sites) or “unfriendly” (gripe sites) situations, fashioning appropriate, consistent responses, forging a practical corporate policy, and getting the entire company on board with the policy and consistent responses, can be an arduous task. In a marketplace that no longer relegates social media participation as an option, and with serious challenges posed in engaging in social media, the lawyer’s position is a difficult one. There are, however, a number of measures that can minimize these risks.


Companies that were long content to publish “brochure” type websites now feel compelled to implement social media capabilities on their own websites – giving customers, the general public, and employees the ability to interact, post and respond to messages, receive feedback, and even upload pictures and videos. Given the potential legal pitfalls, it’s critical websiteto ensure there is a strong business justification before implementing these capabilities – hosting social media by definition means losing some control over published content on your website. Negative comments invariably come with positive ones, and some may believe it is better not to engage with social media at all than publish derogatory comments about your own company. Editing out negative comments, while laborious, is possible, but such editorial control may bring cries of censorship and a negative backlash from your own customers. This is the legal, public relations, and philosophical minefield that must be navigated when joining the social media club.

As the website host, your company is the publisher of everything on the site, including user generated content. As the publisher of potentially tortious statements, e.g. from angry consumers, you could be liable (vicariously or contributorily) for defamation. Your company could also face liability for copyright infringement for works uploaded by someone who does not own all rights to the works – as the publisher, you could potentially, under traditional theories, be liable as the publisher of those copyrighted works.

Fortunately, Federal law gives website owners that publish third party content (e.g. user generated content) certain legal “safe harbor” immunities from liability for tort and copyright claims. To gain these immunities, however, the website owner must take certain enumerated steps, based on the particular law at issue. Safe harbor from tort claims is provided by Section 230 of Title 47 of the United States Code,[1] which was passed as part of the Communication Decency Act of 1996 (the “CDA”), while immunity from copyright claims is provided by Section 512 of the Digital Millennium Copyright Act[2] (the “DMCA”).


First, some background. United States common law generally holds the publisher of a tortious statement to the same level of potential liability as the speaker of the tortious statement. The CDA, however, views the website host as merely a distributor of content and not as a traditional publisher, akin to a library providing access to a book, rather than a magazine publisher providing access to articles. The magazine publisher had the chance to review, edit, and decide whether or not to publish the problematic content, as opposed to the library which merely provides access. Thus, as long as the website host does not actively control tortious statements posted on its site by others (e.g. users, consumers), then the safe harbor immunity would apply. Note, though, that this type of immunity applies only to state law civil claims, and does not apply to criminal claims or claims arising out of federal law such as trademark, copyright, and patent law.[3]

Courts have interpreted the scope of the safe harbor immunity under CDA 230 to provide a very strong defense. Decisions consistently hold that websites exercising traditional editorial functions over user generated content, such as deciding whether to publish, remove, or even edit material, is generally immunized under Section 230. The analysis of particular activities, however, gets more difficult the more the website host “interacts” with the user’s statement, such as altering its content, editing its meaning, or even altering similar statements while not altering others. The broad scope of the safe harbor immunity, though, generally is such that as long as the website host does not appear to adopt the tortious statement as its own, or change the meaning of a user comment or statement, generally the immunity will apply. Thus, in practice, the key to preserving safe harbor immunity is to avoid an argument that the company converted a user’s comment or any other content into one which was spoken by, adopted, or arguably attributable to, your company as the website host.

CDA 230 provides safe harbor immunity in any number of situations. Pre-screening content prior to publication, according to court decisions, is immunized activity, even if the content turns out to be defamatory or otherwise tortious. Even after publication, the general rule is that as long as a website host does not change the substance or meaning of a statement, it may actively edit the content and maintain Section 230 immunity. That said, it is difficult in practice to carry out any editing without running a risk of an argument that the meaning was changed, or that the comment was adopted by the host via the edit, so editing should be done in limited circumstances only, if at all. A website may also select particular content for publication, and even pay a third party to create or submit content, without losing immunity, as long as the original writer was not an employee or agent of the site host.

As for soliciting or encouraging users to submit particular content, there is a difference between providing a forum for consumers to provide comments within a social network environment and specifically requesting or inviting user comments about a specific topic or in a specific manner. Generally, soliciting or requesting content or comments from users is acceptable, and a website operator maintains its immunity in most instances. Do not, however, solicit or encourage the submission of illegal content, or design the website to require users to input illegal content. The primary example of a website operator that faced liability when soliciting or requesting information is where a roommate-finding website service included drop down menus for users to specify characteristics such as race, sex, and sexual orientation to assist their users in their search for a roommate. By providing such drop down menus, the court found that the website host may have engaged in discriminatory activity.[4]

In sum, the immunity provisions of the CDA are quite strong. As long as the website host does not appear to be the speaker of the wrongful statement, the immunities are generally preserved.


Computers are interesting machines – they make copies of whatever data they come across. Visualize the internet as a copy-machine on massive steroids. Every time a user views anything on the internet, the user’s computer makes a copy of it, without the user ever realizing that a copy was made. Any lawyer with any notion of copyright law immediately understands the problem with massive amounts of copying taking place. The DMCA was enacted to address specific issues created by the internet, namely, that traditional copyright law would render the mere transmission or displaying of a copyrighted work an automatic infringement. Thus, online service providers and website hosts would otherwise be liable for material transmitted through their computers. The DMCA safe harbor immunity, as distinguished from CDA 230, applies in copyright infringement situations, e.g. where a consumer copies and pastes a copyrighted article to the company’s website, or where a consumer posts a video using a copyrighted popular song, or even simply playing a copyrighted song in the background.

In order to gain and preserve DMCA safe harbor immunities, a website host must take affirmative steps outlined in the statute. Just as with the CDA, though, the DMCA’s safe harbor immunities applies to third party content, not to content posted by the company itself – a company is not protected from copyright infringement claims based on its own infringing actions.

DMCA section 512 outlines the necessary requirements to avoid liability for either permitting access to copyrighted works uploaded by others, or permitting access to copyrighted works by linking or allowing others to link to those works. In order to avoid liability, the website host must: (a) designate a copyright agent with the U.S. Copyright office to receive DMCA takedown notices; (b) adopt, implement, and communicate to the public a copyright infringement policy and “notice and takedown” procedures; (c) promptly remove infringing content after notice; (d) have no actual or effective knowledge that the material in question is infringing; and (e) not directly benefit financially from publishing the material.

In practice, it is critical you promptly respond to take down requests – 48 hours is a good time frame. You should also not take any steps to prevent copyright owners from obtaining information they need to send a proper takedown notice. Moreover, do not tolerate repeat offenders – if a user continues to post infringing works to your site, limit or even block their access to your site.


Difficult questions arise when you place links to third party content on your site. If you intentionally copy and paste copyrighted content on your website, you subject yourself to potential infringement liability. However, if you simply link to the copyrighted works published elsewhere, the risk is limited, although not quite clear. The question depends, in part, on the type of link used.  While the specifics are beyond the scope of this article, the potential for infringement can decrease or increase depending on whether the link is “passive,” meaning one that takes the user to the actual website of a third party, or a link that frames that information within your website. Furthermore, even if the linked content is framed on your own website, an infringement claim could depend on whether the technology you use retrieves the content from the original publisher each time the link is clicked, or if your site actually caches (i.e. copies) the content on your own server and displays the cached copy. Given the difficulties with determining the answer to this question, in practice it is preferable to use passive links that direct the user away from your site to the original third party site where the content is posted.

THIRD PARTY SOCIAL MEDIA (e.g. Facebook, Twitter)

All of the above considers your company as the website publisher or host of user generated content. Obviously, other social media providers exist, including the tremendously popular Facebook and Twitter. In the rush to engage with social media, many companies now host their own Facebook and Twitter pages and accounts, as well as various other third party sites. All of the advice above also applies to engagement with these third party sites. That said, these third party sites have their own legal ‘Terms of Use’, ‘Privacy Policies’, ‘Promotion Guidelines’, and other policies that apply to your pages hosted within their systems. Accordingly, for any third party site with which your company chooses to engage, a thorough review of the website policies is necessary in order to fully understand the ramifications of the relationship.


Drafting comprehensive policies and practices for employee participation in social media confounds even the savviest of companies. Companies continue to struggle to balance regulating an employee’s freedom of expression with having to protect the company from, in the best cases, employees with the best of intentions, and in the worst, “rogue” employees with their own agendas.  Obvious and traditional legal risks arising out of employees’ online dealings can range from disclosure of confidential information to the publication of biased statements that may be used as evidence in a discrimination lawsuit.

We will focus here on the recently revised Federal Trade Commission (“FTC”) guidelines on product endorsements, which reveal a novel, hitherto unforeseen risk: liability under an unfair or deceptive trade practice theory arising from false or misleading statements by employees commenting about their employer’s, or even third parties’, products or services. With consumers turning more and more to blogs and other social media as sources for reviews and testimonials on products and services, the impact of social media cannot be understated for your brand reputation. Be aware, however, that a host of employment law issues in connection with social media exist that are beyond the scope of this article, including hiring, privacy, harassment, wrongful termination, defamation, the “anonymous blogger” scenario, etc.


Section 5 of the FTC Act[5] prohibits businesses form engaging in unfair or deceptive trade acts or practices. Last updated in 1980, the FTC recently issued revised Guides Concerning the Use of Endorsements and Testimonials in Advertising, which now expressly cover advertising through “new media”, such as blogs and social media sites. These guidelines, effective December 1, 2009, define “endorsement” as an advertising message that consumers are likely to believe represents the opinions or experiences of a party other than the sponsoring advertiser.[6] Under the guidelines, a business that pays the endorser or that has an ongoing relationship with the endorser may be held liable for the false or misleading statements of the endorser about the business’s products or services. The business could also be held liable for the endorser’s failure to disclose the relationship between the endorser and the business, even if the business has no control over the content of the endorser’s statements.[7]

If your employee discusses your company’s products or services on a personal blog or on social-networking pages, that could certainly constitute an “endorsement” under the FTC’s guidelines. That is because of the obvious employment relationship between the employee and your company. Under the Guides, even the simple failure to disclose the employment relationship in the endorsement can render an otherwise true and honest statement unlawfully misleading.[8] The rationale is that from the consumer’s or reader’s perspective, disclosure of the relationship impacts the credibility of the employee’s statement/endorsement about the company.

Moreover, if the employer is found to be “sponsoring” the employee endorsements, it may be liable for any false or misleading statements in the employee’s message. Determining “sponsorship” can be a tricky undertaking. Of course, it is not so tricky when an employer directs or encourages its employees or contractors to promote the employer’s products or services on their company websites – in such instances, the FTC would have little difficulty in establishing that the employer is the sponsor of the employee/contractor endorsements. In other situations, the FTC will consider a number of factors, including whether the individual receives compensation from the business, the length of the relationship between the individual and the business, and whether the business has provided the endorsed products or services to the individual free of charge.[9] In the case of an employer and an employee, compensation could be salary or wages, an employment relationship of significant duration will often exist, and, in some cases, the employee may receive the employer’s products or services free of charge or at reduced prices. Thus, an employer could be found to be the sponsor of an employee’s, or even an independent contractor’s, online endorsement of the employer’s products or services, even though the company did not specifically ask the employee or contractor to write about the company and had no direct control over the content.

The FTC has tremendous authority when considering a false or misleading endorsement. FTC power and authority include the ability to: (a) apply to a court for a cease and desist order after filing a complaint and conducting a hearing; (b) seek civil penalties for any violation; and (c) seek enforcement of any other related statutes.

In comments published with the revised Guides, the FTC indicated it would consider the existence of an employer’s policies and procedures governing employee postings on blogs and social-networking sites in determining whether the employer should be held liable for misleading employee endorsements on such sites. The FTC would generally not pursue an enforcement action against an employer based on the actions of a single employee who violated a company policy that “adequately” covered the employee’s inappropriate endorsement.[10]


As discussed, even if an employer did not actively solicit an employee endorsement, the new FTC guidelines suggest that the mere existence of an employment relationship may support a presumption that the employer sponsored the endorsement on an employee’s personal blog or social media page. Thus, the employer is potentially exposed to liability along with the endorsing employee for any unlawful false or misleading statements in the endorsement.

To minimize the risk of liability in this situation, an employer should be pro-active and implement a corporate policy addressing employee statements about the employer’s products or services on personal websites. Such a policy should inform employees about what constitutes an employee/contractor endorsement, what disclosures must be made in connection with such endorsements, and what statements would be inappropriate. In addition, the policy should require employees and contractors to submit proposed endorsements of the employer’s products or services to the employer’s marketing or legal staff for approval before they are posted on the internet.

Such a policy should also address comments and endorsements of another company’s products or services. Employers face potential liability for employees’ online endorsements that relate to a third party’s goods and services when the employer appears to be the endorser. For example, if the employee generated the content on paid working time, distributed the content through the employer’s computers, and the employer permits such activity, these facts could support an argument that the employee was acting on behalf of the employer in issuing the unlawful endorsement. An employer might also appear to be the endorser if the employee displays the employer’s logo on his or her personal web page or has drafted the endorsement in such a way that it appears to be the opinion of the employer or authorized by the employer. To minimize the risk that the employer may become embroiled in false or misleading advertising claims arising from an employee’s online endorsements of a third party’s products or services, a policy on employee endorsements should prohibit employees from using the employer’s trademarks on their personal web pages and should prohibit employees from using the employer’s computer equipment and systems to create or contribute content to a personal web page. The policy should also expressly prohibit employees from inputting information on their personal blog while working on company time.

Although employee endorsements on social media pages can be a valuable marketing tool, exerting an appropriate level of control over such endorsements can mean the difference between successful marketing and a costly lawsuit under the FTC Act.


With the explosion of social media comes the increased burden of protecting your company’s trademarks, copyrights, and related intellectual property. The scope of any company’s ability to protect and police its IP, and conversely, the ability of third parties to use a company’s IP for their own purposes, varies depending on the facts of the particular case. No company can stop all third party uses of company IP, and your company is no different – some third party uses are legally protected and not subject to attack, even if the use might be viewed as potentially harmful to your company. Conversely, not all unauthorized third party uses that may be legally attacked and stopped have the potential to harm your company’s interests. Furthermore, third party social media websites (e.g. Facebook) on which the third party use appears will have ‘Legal Terms of Use’ that may restrict your courses of action and must be considered as well.

Moreover, balanced against taking any legal action against a third party use is the potential impact on your company’s public image for taking action against a third party. Any action a company takes and any communications a company engages in with others, may well be publicized without your knowledge or consent – your dealings are not subject to any confidentiality. Accordingly, you must evaluate not only the strength of a legal argument against an unauthorized third party use of your IP, but also potential public relations costs and benefits involved in taking action.

Your company’s valuable IP rights must be balanced against the costs and expenses involved in taking action against unauthorized third party uses. Essentially, you should take action only in situations where: (a) you have a sound legal basis for objecting to the third party use, (b) the third party use has the genuine potential for doing harm to your company’s reputation, brand, or IP, and (c) the costs and expenses of taking action are justifiable based on the potential harm.


In analyzing a particular unauthorized use and deciding whether to take action, it is often helpful to categorize the use in order to formulate a consistent plan of action depending on how the use may be categorized.

  1. Gripe site/page. Sometimes a dissatisfied customer, consumer advocate, or politically motivated person will start a website or social media page devoted to bashing the company. In light of the First Amendment, there is often little that a company can do to stop legitimate complaints. Also, lawsuits to stop gripe sites often attract media attention and civil liberties groups may rush to defend the free speech rights of the “griper”, thus resulting in more undesired publicity.
  2. Fan site/page. Fan sites are often complimentary, but some fan sites may not be just a non-commercial commentator, but rather a commercial entrepreneur that uses company IP to conduct business. A key issue in evaluating any fan site is the potential for false association or sponsorship with your company. You might consider an outreach program with true fan sites which sets preferred guidelines for their use of your company’s IP and which may provide incentives to be earned if followed (e.g. product samples, special privileges, advance notice of new product announcements), or warns of potential action if the guidelines are disregarded.
  3. “Related Use” sites. Third party companies may be selling products or services related to your company’s products or services. You should evaluate each of these businesses and determine whether they present business opportunities to be exploited or embraced, or are parasites to be attacked and shut down. Among the options to consider: (a) require a clear disclaimer on the site; (b) object to the use of company IP, logo, or slogan; (c) roll out a competing offering; or (d) license or certify the third party use.
  4. Affirmative Statement of Affiliation. If any site advertises that it is an “authorized affiliate” or makes some other affirmative statement of connection with your company, when such a statement is not correct, it is likely problematic.
  5. Use of Company trademark, logo, protected symbol. There can be a big difference between a third party’s simple, text reference to your company and the use of a company trademark or other protected IP to refer to your company. The use of your trademark can often convey a false sense of affiliation, or may dilute the strength of the trademark used. However, a factual, text reference to your company in connection with a political issue will likely not suffer the same problems.

The above list is not intended to be a fully exhaustive recitation of every type of third party use, but rather is provided to assist with evaluating whether or not to take action against a particular third party use.


Generally, the range of potential legal actions to take include:

  1. File a lawsuit to stop use. This is the most aggressive and costly action, and should only be taken in rare instances.
  2. Send a cease and desist letter, demanding the use stop, threatening further action if it does not. Never threaten an action you do not intend to follow through with. Follow up to ensure compliance. Note that in this online age, cease and desist letters are often publicized and posted online next to the offending content, so be anticipate negative public relations that might follow.
  3. License the use. If possible, it may be useful to approach the third party to specifically enter into a license agreement to manage the third party’s use.
  4. Do nothing, but maintain vigilance. In certain instances, taking action draws more attention, including negative attention, to the unauthorized use than if the company did nothing at all. It is often advisable to simply ignore some unauthorized third party uses, in order to not draw attention to the fact that your company is even paying attention to the particular use.

Evaluating whether or not to take action against unauthorized uses of company intellectual property is a difficult task, but should be coordinated to maintain a uniform and coherent policy response. The alternative – a haphazard, reactive approach – is typically both ineffective and expensive. Generally, companies that adopt and abide by a clear, yet flexible, enforcement program not only address the challenges more successfully, but also do so more cost effectively.


It is highly recommended that  any company engaging in social media develop a comprehensive engagement policy. Unfortunately, only about half of employers have a social media policy in place.[11] In connection with putting together and enforcing a social media policy, keep in mind the following suggestions:

  • Develop a social media policy and detail activities in which employees may not engage
  • Define “blogging” and “social networking”
  • Enforce the policy and punish violators
  • Post the policy
  • Determine whether access to social networking sites will be blocked from work
  • Prohibit the disclosure of trade secrets, proprietary and confidential information
  • Time spent blogging or on social networking sites should not interfere with job duties
  • Address the use of company logos
  • Whether/when permissible to discuss company’s competitors, clients, vendors
  • Employees blog at their own risk and are personally responsible for content
  • Require a disclaimer: “The views expressed in this blog are my personal views and they do not necessarily represent the views of my employer.”
  • Designate a contact person to whom questions should be addressed

[1] 47 U.S.C. § 230.

[2] 17 U.S.C. § 512.

[3] 47 U.S.C. § 230(e).

[4] Fair Housing Council of San Fernando Valley v. Roommates.Com, LLC, 521 F.3d 1157 (9th Cir. 2008).

[5] 15 U.S.C. § 45(a)(1) (2006).

[6] Id. at 53138 (to be codified as 16 C.F.R. § 255.0(b)).