Legal concepts every social media marketer should know: Part IV - User Generated Content (Content Treasure Trove v. Legal Pandora's Box)

by BakerHostetler

Editor's Note: This blog post was originally published on September 30, 2013, courtesy of iMedia Connection's Blog. It is repurposed with permission.

The most valuable resource in a marketing campaign can often be the very audience you are trying to reach. “User generated content,” or UGC, be it in contests, promotions, sweepstakes, or crowdsourcing, has become an ubiquitous part of online advertising today. Companies are relying on their customers to design their logos, produce their commercials, and even Dub their Dews. In this fourth installment of “Legal concepts every social media marketer should know”, we’ll cover the essentials for online marketers incorporating user generated content in their campaigns. Be sure to also check out “Legal concepts every social media marketer should know: Part I – The Privacy Problem (With Big Data comes Big Responsibility)”, “Part II – Rules of the Road for Online Advertising (The More Things Change, the More They Stay the Same)” and “Part III – Use of Third-Party Images, Graphics, and Content (Something Borrowed, Something New, Something that Just Might Get You Sued)”.

Part Four: User Generated Content (Content Treasure Trove v. Legal Pandora’s Box)

Companies are looking for online interaction with customers, a solid presence on social media, and other dynamic ways to connect with potential consumers. Often, this means campaigns and their websites will rely on some form of “user generated content” or “UGC”. Typical UGC includes videos, photographs, graphics, reviews, and any other commentary posted by a user. There are a few keys areas of law concerning UGC all social media and online marketers should be familiar with:

  • Ownership of User Generated Content—If you’re collecting any form of UGC, exactly how that content may be used and who ultimately owns that content should be set out in clear, easily understandable language in your website or app’s terms of use. Marketers should begin by asking themselves, what types of UGC am I collecting? How do I want to use this content? Where will this content appear? Consumers are more sensitive than ever as to how their content will be exploited by websites. In typical arrangement for websites hosting UGC, the terms of use will allow the poster to retain ownership in their content, but will grant the website a broad license to perpetually use and display the materials. This assures that both the website can benefit from the content and the poster can continue to own and further distribute their work as they wish. Marketers should never assume a particular use of UGC is agreeable with website users, and should make sure any planned use of UGC is clearly set out in the website’s terms. As we covered in Part III discussing Getty and others’ legal troubles after using photography pulled from Twitter, using UGC without permission can be a fast track to an expensive lawsuit.

In addition to complying with platform rules, marketers should ensure to structure their sweepstakes and promotions in a way that does not violate state lottery laws. An illegal lottery exists when there are three things: a prize, chance, and consideration (money or something of value which must be given to participate). You can typically avoid classification as a lottery if all that is required to enter the promotion is a “like” or a “Tweet”—these are generally not considered “consideration.” Alternatively, if the promotion requires some skill (e.g. a “design our logo contest”), this may avoid classification of a lottery because the element of “chance” is removed. That said, see the section on “crowdsourcing” below.

To qualify for the DMCA safe harbor, a company must adopt and implement a termination policy for “repeat infringers.” Although a provider has no duty to monitor for infringing conduct, it must have a procedure in place to identify and remove repeat bad apple offenders. Along those lines, social media entities hosting UGC should have a clear and working “copyright take down policy” in place, meaning that websites must have a system to promptly remove copyrighted material when identified by the copyright holder pursuant to a “takedown notice.” We’ve almost all seen take down policies in action on YouTube—you click a video only to see the ubiquitous “This video has been removed due to copyright infringement” message. This is YouTube enforcing its DMCA takedown policy. As part of a robust take-down policy, companies should have a designated “copyright agent” registered with the Copyright Office to receive the take down notices concerning potentially infringing material.

In addition to taking the basic steps to qualify for the safe harbor, companies should also be careful not to get too involved in the UGC they are storing at the direction of their users. Once a company crosses the line from host to editor, retaining safe harbor status may prove very difficult.

A couple of recent cases provide some additional helpful illustrations of what is and what is not acceptable conduct for websites hosting user reviews if they want to qualify for section 230 protection. In the first case, Seaton v. TripAdvisor LLC, a federal judge in Tennessee ruled that it wasn’t defamation when named the Pigeon Forge Grand Resort as the “Dirtiest Hotel in America” based on an internet survey. In tossing the case, the sticking point for the judge was that the highly un-coveted title of 2011’s Dirtiest Hotel was a matter of subjective opinion and not fact. The website and its users who reported such tidbits as “dirt at least ½” thick in the bathtub” thus couldn’t be liable for defamation. By contrast, in Jones v. Dirty World Entertainment Recordings LLC, the defendant was held liable for comments posted to its site. In this case, gossip site “” was sued by a (now former) Bengals cheerleader after a post went up titled “The Dirty Bengals Cheerleader” and included some user comments that the plaintiff had slept with the entire Bengals football team. The key point for the judge here? The site appeared to be designed to encourage such inflammatory and false content. The owner of the site even participated in posting defamatory comments, in this case, eliciting his own lowbrow comment about the plaintiff’s sex life. Thus, in contrast to the TripAdvisor case, TheDirty was found liable for defamation.

One final point on user reviews that bears reiterating, you should steer clear from any online marketing activity that even comes close to looking like bogus online reviews. As we mentioned in Part II of this series, generating false reviews is a strict no-no and hot button issue for regulators. Just this past week for instance, the New York Attorney General settled for $350,000 with 19 companies accused of “astroturfing” or generating false online reviews for their clients.

  • Promotions and Sweepstakes—A common online marketing strategy is to utilize a sweepstakes or promotion. More often than not, these promotions involve “liking” or “tweeting” a brand for a chance to win a prize. For any promotion you run, the starting point is to check the relevant platforms’ policy on promotions. Facebook, Twitter, YouTube, and many other platforms all have very specific rules on what types of promotions you can run on their website and how exactly they may be conducted. For instance, Facebook forbids promotions that require any activity to enter the promotion other than liking a page, checking into a place, or connecting to a Facebook app.
  • Digital Millennium Copyright Act—If a user uploads copyrighted material to your website, for instance an mp3 or video, your website can be held secondarily liable as a copyright infringer if it is not compliant with the Digital Millennium Copyright Act or “DMCA”. Back in the early days of the Internets, Congress realized that if it did not substantially insulate Internet service providers (ISPs) from liability for the unknowing copyright infringement perpetrated by their online users, ISPs would soon be out of business from the steady stream of lawsuits. To that end, in 1998 Congress passed the DMCA – yes one Y from being a bad joke – to create certain “safe harbors” for ISPs that would help shield them from copyright infringement liability and encourage innovation and entry into the social media space. The DMCA safe harbors significantly limit service providers’ liability for copyright infringement claims stemming from the ISPs’ “passive” activities, i.e., activities where the ISP has no control or interaction with the infringing user-generated material. Each safe harbor represents a typical ISP function that Congress intended to substantially insulate from liability so long as the ISP complies with certain requirements designed to protect the rights of copyrights holders and the ISP does not have actual knowledge of specifically identifiable infringing material or turns a blind eye to evidence of such activity.Since its passage, the DMCA has been a constantly evolving area of law, and cases interpreting the contours of what conduct websites must undertake to fall squarely within its safe harbors remain in flux. Just a few days ago, the Southern District of New York rejected video-sharing service Vimeo's attempt to use the DMCA's safe harbor to dismiss before trial Capitol Records' copyright lawsuit over user-generated videos. The court found that because Vimeo employees posted comments or even “liked” some of the allegedly infringing videos, it was far from clear whether Vimeo knew about the copyright infringement and could therefore fall outside the DMCA's safe harbor protection. And in a few months, the Court of Appeals of the Second Circuit should be weighing in on the latest decision in the seemingly never-ending Viacom v. Yahoo litigation. For those interested in a more detailed summary of the law, you should be sure to check out this author’s recent article examining the DMCA and the latest legal developments. Here are the basics:
  • User Reviews and the Communications Decency Act—The Communications Decency Act of 1996 (CDA), although passed mainly as an attempt to control online pornography, contains another important protection that online marketers and social media companies should be aware of. Under section 230, website owners for the most part cannot be held liable as “publishers” under defamation law. In practice, this means if a website visitor were, for instance, to post a defamatory review of a restaurant on your website (e.g., a false statement that a restaurant served that poster rats), you would be protected from a defamation suit by that restaurant—just that original poster could be sued.There are a couple important caveats to section 230 protection that you should be aware of. First, if you’re contributing to any defamatory speech, you can be held liable despite the protections of the CDA. Second, if you’re encouraging or instigating the defamation, you can be held liable as well.In 2006, for instance, Quiznos ran an ad campaign encouraging users to upload their own viral ad for Quiznos sandwiches. As videos started rolling in, Subway threatened Quiznos with a lawsuit claiming that many of the ads featured false claims about Subway (specifically the amount of meat, or lack thereof, in Subway sandwiches) and that Quiznos should be held accountable for these false ads. Quiznos argued for, but was not granted, section 230 protection at the summary judgment stage of the litigation (meaning tossing the case before trial) because a jury could reasonably conclude that Quiznos was actively involved in the creation of the UGC ads. The two parties ultimately settled after this ruling.
  • Crowdsourcing—Crowdsourcing, a termed coined in 2006, is the practice of taking a task traditionally performed in-house or through an outside agency and turning that job over to the masses on the internet. For instance, Frito Lay’s recent promotion, “Do Us a Flavor”, crowdsourced out to the public the selection of its next potato chip flavor. The public could submit ideas for chip flavors and then ultimately vote on what they wanted (Cheesy Garlic Bread won). Other crowdsourcing examples include Ben and Jerry’s “Do the World a Flavor” promotion, letting the public select the next ice cream flavor, and Ford’s “Random Acts of Fusion” campaign, crowdsourcing a commercial for the Ford Fusion.

    With crowdsourcing, there are a few legal best practices marketers should be aware of. First, make sure there are clear submission rules from the outset. These rules should set out exactly what happens with user submissions. For instance, if you’re running a “choose the next flavor” type promotion, will your company retain rights in just the top winning flavor? Or will it own rights in the top three or four? How will the winner be compensated? Notified? Second, crowdsourcing campaigns should make sure they are protecting themselves from infringing content. The last thing you want is to crowdsource a new slogan, only to find it’s trademarked by someone else. You should expressly prohibit infringing entries in a crowdsourcing campaign, be prepared to comply with the DMCA (see above), and review top entries with legal for infringement risks. Don’t forget that individuals have rights to publicity; so make sure that you will not only have the rights to use crowdsourced ideas, but the likeness of the winner in any advertising or promotions. Finally, if at all possible, try and prevent your campaign from being hijacked by pranksters and have provisions in place letting you back out of a crowdsourced campaign gone wrong. There have been great marketing successes with crowdsourcing, but as Mountain Dew’s recent “Dub the Dew” disaster taught us, crowdsourcing can sometimes take a very bad turn (among the top entries was “Diabeetus”).

“Running it by legal” doesn’t have to be a chore or wet blanket on top of a new online campaign. A little knowledge of what legal is looking for can help facilitate a better dialogue between you and your lawyers and get your marketing or social media campaign rolling faster. Some knowledge on the front end of the common legal pitfalls for marketers can also prevent costly and irksome delays that often can arise. This four part series does not aim to be the end all and be all of the Law of the Internet, but it is a good starting point summary of the laws out there that can affect your bottom-line. Finally, in light of the positive reception we’ve received from readers – turns out some of you do like to hear from law talking guys – we are going to be permanent fixture on the blogging set. So stay tuned in the coming weeks for posts covering everything from cutting-edge topics like native advertising to informative updates on past privacy and online advertising posts.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© BakerHostetler | Attorney Advertising

Written by:


BakerHostetler on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
Privacy Policy (Updated: October 8, 2015):

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.


JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at:

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.