Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Privacy The Courts The Internet Your Rights Online

FTC Warns Site Not To Sell Personal Data 120

itwbennett writes "The US Federal Trade Commission has warned two people associated with a now-defunct magazine and Web site for gay teens and young men that they would violate the privacy promises the publication made to subscribers by selling their personal information during a bankruptcy proceeding. The FTC, in a letter sent earlier this month, also suggested that the owners of XY Magazine and XY.com would be violating the privacy standards the company had in place before shutting down if they used the subscribers' personal information in a relaunch of the magazine or website. The personal information is listed as part of the debtor's estate in a New Jersey bankruptcy proceeding for Peter Ian Cummings, editor and founder of the magazine. Before the magazine's demise, many of the subscribers lived at home with parents."
This discussion has been archived. No new comments can be posted.

FTC Warns Site Not To Sell Personal Data

Comments Filter:
  • Mr Cummings (Score:4, Funny)

    by Anonymous Coward on Tuesday July 13, 2010 @04:21AM (#32884726)
    Is that a stage name ;-)?
    • Re:Mr Cummings (Score:4, Informative)

      by cappp ( 1822388 ) on Tuesday July 13, 2010 @05:12AM (#32884904)
      To put the ruling into scale:

      The magazine, published from 1996 to 2007, collected the names and street addresses of about 100,000 subscribers and photographs and articles submitted by about 3,000 former readers, the FTC letter says. In addition, XY.com, which closed in 2009, collected the names, street addresses, e-mail addresses, personal photos and online personal profiles of between 500,000 and 1 million users, the letter said.

      . The original FTC letter [ftc.gov] also makes for an interesting read. They seem to rely both upon the original privacy statements and a broader sense of "fair play" in making their judgement.

      In this situation, however, the continued use of the XY PI, even by the existing owner, would not necessarily be consistent with the original purpose for which the data was provided. Indeed, due to the nature of the information, the passage of time, and the closure of the magazine and website in 2007 and 2009, respectively, the continued use of the data may pose privacy risks not reasonably contemplated by subscribers when they provided the data, and not consistent with their course of dealing with the company.

    • by mcgrew ( 92797 ) *

      Even funnier, his name is Peter Cummings!

  • Funny how they cannot sell data, but the US Selective Service "ie draft" seemed to like buying and using data when they wanted it :)
    http://en.wikipedia.org/wiki/Farrell's_Ice_Cream_Parlour [wikipedia.org]
    The data an American ice cream parlor chain was used to warn young men to register for the draft before their 18th birthday in the early 1980's.
    It was all a big Google (mistake) when exposed.
    • Bad Comparison (Score:5, Interesting)

      by dreamchaser ( 49529 ) on Tuesday July 13, 2010 @04:37AM (#32884784) Homepage Journal

      Even the submission says it's because the company in question had privacy policies in place prior to going bankrupt. They would be violatinig said policies if they give away or sell the data. Listing it as 'assets' in bankrupcy court when they weren't supposed to sell it in the first place was a mistake by them.

      The Selective Service has no such polcies.

      • Re:Bad Comparison (Score:4, Informative)

        by Anonymous Coward on Tuesday July 13, 2010 @04:44AM (#32884804)

        It's pretty typical for any and all contractual obligations over an asset to be tossed in a bankruptcy court. E.g. say you had a patent which you'd sold thousands of covenants not to sue for, in bankruptcy ownership of the patent may be transferred without the obligation not to sue.

        The FTC's recommendation is unusual and surprising and I'd expect it to be ignored or fail if challenged in court.

        • Re:Bad Comparison (Score:5, Insightful)

          by MadKeithV ( 102058 ) on Tuesday July 13, 2010 @05:07AM (#32884880)

          The FTC's recommendation is unusual and surprising and I'd expect it to be ignored or fail if challenged in court.

          It's going to be a pretty interesting storm if this fails if challenged in court, because it creates a semi-legal avenue for personal information harvesting, bypassing just about all privacy laws (barring perhaps things like HIPAA).
          In slashdot terms:

          1. 1. Set up facebook-like site with really good privacy rules.
          2. 2. Let site grow with lots of safe personal details
          3. 3. Go bankrupt.
          4. 4. Sell personal information legally for profit.
          • by Alsee ( 515537 )

            1. Set up facebook-like site with really good privacy rules.
            2. Let site grow with lots of safe personal details
            3. ???Don't go bankrupt???
            4. PROFIT!

            -

          • by Myopic ( 18616 )

            It's hard to go bankrupt and then go to step 4 profit. Those are sort of exclusive steps.

            • Re: (Score:3, Insightful)

              by Dishevel ( 1105119 )
              Not if your major debit holder is a shell corporation owned by you.
            • Re: (Score:3, Insightful)

              by sjames ( 1099 )

              Not really, set up service provider A and client company B. B does all the public work while racking up a huge debt to A. B goes bankrupt and sells off private data in order to pay A. A makes a huge profit.

              • You're assuming a bankruptcy judge won't see through that. Possible, but I wouldn't bet a lot of money on it.
                • by sjames ( 1099 )

                  Or that he won't really care about the privacy concerns. Other than that, as long as the bankruptcy isn't a premeditated way to rip off creditors, he won't likely care.

                  Now, if B goes bankrupt owing a lot of other creditors, he would likely see through it as a fraud and and make sure the other creditors are paid first. He'd still probably allow the sale of the personal data.

              • by Myopic ( 18616 )

                I would call that "hard", but I agree that could be done.

          • Re: (Score:3, Interesting)

            Should datamining be a criminal offense?

            I mean, there is this big effort building laws and international standards surrounding and protecting the copyright on databases - perhaps the act of accumulating and correlating personal information in the first place needs to be examined and attached to the same infrastructure?

            If you value privacy, then it seems to me that legal restrictions are the logical endgame - as more and more databases of aliases are interconnected and more of our lives moves to online servi

            • by sjames ( 1099 )

              Perhaps we should just recognize that personal data is the property of the person it's about. The same corporations that buy and sell personal data routinely claim things like price lists and vendor contacts as proprietary and even threaten to sue over disclosures.

        • So we can expect a Microsoft bankruptcy at any moment then?

        • Re:Bad Comparison (Score:5, Insightful)

          by rollingcalf ( 605357 ) on Tuesday July 13, 2010 @06:45AM (#32885280)

          "It's pretty typical for any and all contractual obligations over an asset to be tossed in a bankruptcy court."

          However, it's not so simple when an asset held by the bankrupt company wasn't really theirs to sell in the first place. Suppose they had a fleet of cars which were leased. If they go bankrupt during the lease, they have to give the cars back, and cannot sell them.

          In a sense, the personal information was leased to company; it was never theirs to sell and shouldn't become theirs to sell just because of bankruptcy.

          • Re: (Score:1, Insightful)

            by Anonymous Coward

            However, it's not so simple when an asset held by the bankrupt company wasn't really theirs to sell in the first place. Suppose they had a fleet of cars which were leased. If they go bankrupt during the lease, they have to give the cars back, and cannot sell them.

            Ok, but the company can (depending on the lease terms) sell the lease to someone else.

            In a sense, the personal information was leased to company; it was never theirs to sell and shouldn't become theirs to sell just because of bankruptcy.

            No. Persona

            • "Ok, but the company can (depending on the lease terms) sell the lease to someone else."

              And in this case, the terms did not include the right to sell.

              "No. Personal information is data, it isn't subject to lease. Little bits of personal information aren't even subject to copyright."

              Ever heard of the word "analogy"? Of course it's not an actual lease. The point is if the company didn't have the right to sell or distribute a given asset, contract, patent, copyright, or whatever before going bankrupt, bankrup

            • Re:Bad Comparison (Score:4, Informative)

              by tverbeek ( 457094 ) on Tuesday July 13, 2010 @11:55AM (#32889394) Homepage

              "The moral of the story is DON'T GIVE YOUR PERSONAL INFORMATION TO OTHERS."

              It's rather difficult to have things delivered to you without giving them your name and address. They tend to want credit card info as well.

          • Re: (Score:3, Interesting)

            by wowbagger ( 69688 )

            "In a sense, the personal information was leased to company...."

            In a sense, I am levitating on a force-field right now - of course, that "force field" is created by the atoms of the chair.

            In a sense the data was leased; unfortunately that "sense" is not in the sense of the law, or the sense of GAAP, or any "sense" that is legally binding on the company or the bankruptcy court.

            What is needed is for companies that collect your data to EXPLICITLY state, as a part of the contract you enter into prior to them co

          • Re:Bad Comparison (Score:4, Interesting)

            by Artifakt ( 700173 ) on Tuesday July 13, 2010 @09:36AM (#32887166)

            One of the things I noticed re. Copyright law (a favorite subject for Slashdot, of course): I ran across the copyright indexes of several authors, such as H. P. Lovecraft, who were big on only giving magazines first publication rights, not the standard 'all rights' clause in contracts. Lovecraft was part of the amateur press scene of his time and actually wrote articles about it, aimed at new authors, plus he metioned it in several letters to fellow authors. HPL also died during the depression, and if you look at the copyright history of his work, a lot of stories pass from a single magazine such as Weird Tales, through many different small companies' hands, before the rights ended up being purchased by August Derleth and Donald Wandrei after the depression ended.
                  It looks like a bunch of small presses bought republication rights from magazines such as Weird Tales that the magazine may not have actually owned to sell, and passed these around in one standard contract after another. It looks very strange to see four stories published in the same magazine the same year, all passing through different small press owners hands, with a bunch of corporate names that are all swiftly out of existence, have little or no actual publication history, or seem to maybe be nothing but shell corporations. You have to wonder, if Lovecraft is any indicator, if Weird Tales actually took the time to sell off rights to thousands of old stories one at a time, to literally hundreds of separate companies, instead of bundling them somehow. The explanation seems to be that at least some of these contracts came out of bankruptcy courts, which were working overtime in that era. Unfortunately, only a few of these documents have good paper trails, and it's hard to really prove one way or another.
                    Given the middle of the Great Depression connection, I've wondered if this was because bankruptcy courts were distributing these assets as part of big pools of similar fluff, without taking the time to check all the details on items they doubtless felt were of little real worth. Probably they were focusing on the physical assets of the companies, where those existed, and didn't expect these 'IP' assets to ever come back into print.
                    This may bear out what the OP wrote. In practice, the bankruptcy courts seem to sometimes ignore restrictions in contract whether that's really what the law says to do or not, particularly if the asset is perceived as having little value compared to the rest of what the court has to deal with.

        • This shouldn't be surprising at all. At least not if you understanding the concept of responsbility. Yes, the names and addresses of the magazine's subscribers and the sites users are an "asset"... but with that asset come responsibilities. There are strings attached to this data, and those strings are the terms under which it was originally gathered.

      • Indeed which makes it so rotten that they can require men to sign up for it. Especially since the recruiters don't seem to have any meaningful sense of integrity. I'm still getting harassed after a decade of not wanting into the Navy for reasons related to their renowned bigotry. Since I didn't give them my information, I should never have been contacted, let alone repeatedly called. The post cards these days are pretty trivial comparatively speaking.

        Lists of this sort are a very serious responsibility a
    • by Anonymous Coward on Tuesday July 13, 2010 @05:03AM (#32884870)

      It was all a big Google (mistake) when exposed.

      Bah. Stop trying to invent a new /. meme. It's not even funny.

    • Re: (Score:2, Funny)

      by pla ( 258480 )
      It was all a big Google (mistake) when exposed.

      Uh, Mr. Balmer? You misspelled "Bing".
    • Re: (Score:1, Interesting)

      by Anonymous Coward
      During the early to mid 1980s the Selective Service grabbed data from all over the place. In particular, for me, they grabbed information from the high school honor roll that was published. Unfortunately, the school made a typo on my information and had mine entered as middle name, last name, first name (my real names, but in that order). "I" got several notes from Selective Service indicating that "I" (by the incorrect name) was a draft dodger. It took awhile to get that sorted out and make them understand
    • by Eryq ( 313869 )

      It was all a big Google (mistake) when exposed

      I see what you did there.

      Wow, I've never heard of a Bing (stupid) fanboy before. How much does Bing (stupid) pay for Google-bombing these days? Clearly, Bing (stupid) is getting desperate...

      • by AHuxley ( 892839 )
        Eryq, just trying to advance linguistics and have a new definition added to Oxford English Dictionary.
    • Re: (Score:2, Funny)

      by Anonymous Coward

      I remember that. My friend and I made up a fictitious friend so we could get an extra birthday sundae each year. Boy were we shocked when we got a Selective Service letter for our "friend" when he "turned 18."

      I think that was a couple of years before I tried to use a $2 bill at Taco Bell.

  • by Anonymous Coward on Tuesday July 13, 2010 @04:36AM (#32884780)

    Most teenagers shouldn't have anything to worry about because responsible parents will have programs like Cyber Patrol and CYBERsitter installed to prevent their children and teenagers from accessing these sexually oriented sites. It's funny because under the Australian Internet filter this type of situation wouldn't even be an issue.

    [I'll spell this out early on here. I am not a Troll, just offering some political sarcasm, thank you very much. Remember, your Nanny loves you and only wants what's best for YOU].

    • Re: (Score:3, Informative)

      [Remember, your Nanny loves you and only wants what's best for YOU].

      The last cyber-nanny who wanted What's Best For Me was working for SHODAN, and tried to rip me apart with lasers for trying to hurt the egg pods of The Many. Hilarity ensued.

  • by Chrisq ( 894406 ) on Tuesday July 13, 2010 @05:29AM (#32884970)
    I'll be buggered if I enter my personal details on a gay teens website!
  • by YeeHaW_Jelte ( 451855 ) on Tuesday July 13, 2010 @05:39AM (#32885024) Homepage

    "Before the magazine's demise, many of the subscribers lived at home with parents."

    And this changed how exactly after the bankrupcy of the magazine?

    Maybe a bankrupcy of slashdot would be a good thing for the readers too ...

    • Re: (Score:3, Informative)

      by Skapare ( 16644 )

      "Before the magazine's demise, many of the subscribers lived at home with parents."

      And this changed how exactly after the bankrupcy of the magazine?

      While the subscriber was regularly getting the magazine in its black shrink wrapped form, they knew to look out for it, about what time it would arrive, etc. That ended when the magazine folded, and the subscriber is no longer expecting it to arrive. Or the subscriber has moved on, to college and/or their own place. Suddenly, without expectation, a new mailing arrives. Even if it has the black shrink wrap, the original subscriber is now not there, or even if there, might not be acting in a timely manner

    • by Lugae ( 88858 )

      "Before the magazine's demise, many of the subscribers lived at home with parents."

      And this changed how exactly after the bankrupcy of the magazine?

      That's just it: it has probably changed a decent amount. If the original subscribers are not living with their parents, they are considering selling the subscribers' parents' addresses now. It could happen with any data sale, but I think that's the reason that the OP pointed out that the subscribers lived with their parents at that time.

  • Promises (Score:3, Informative)

    by Hognoxious ( 631665 ) on Tuesday July 13, 2010 @05:46AM (#32885050) Homepage Journal

    My understanding was that the US doesn't have anything like the UK Data Protection Act [wikipedia.org] so the company wouldn't actually be doing anything illegal.

    Are these promises worth anything? Would it even constitute a breach of contract, i.e. be grounds for a civil action?

    • Re:Promises (Score:4, Informative)

      by grantus ( 261016 ) on Tuesday July 13, 2010 @06:06AM (#32885124)

      The FTC has actually filed civil lawsuits against multiple companies that the agency thought didn't live up to their privacy promises. The FTC sees the act of breaking privacy promises as a deceptive trade practice that's outlawed in the FTC Act.

      • But the point is, the buyers need not promise anything. So nobody violates a promise: the original company ceased to exists and the new owner did not make the promise. So this is more a responsibility issue and an issue whether personal data can be transferred or sold at all.
        • Re:Promises (Score:4, Interesting)

          by Skapare ( 16644 ) on Tuesday July 13, 2010 @07:07AM (#32885408) Homepage

          The data is still in the hands of the original owners. By filing this with the BK court, the FTC has established that it is illegal (unless another party's argument can prevail, and this would most likely have to be litigated in a separate venue, not in BK) for the sale to be made. Effectively, the subscribers have a lien on the data, which amounts to an ownership of the right sale, held by the subscribers themselves, in absence. Selling it might then be considered no different than the sale of stolen goods (which even a BK court cannot do).

          • by sconeu ( 64226 )

            Selling it might then be considered no different than the sale of stolen goods (which even a BK court cannot do).

            Tell that to SCO and Judge Gross

        • by s73v3r ( 963317 )
          But one could definitely argue that selling the data in the first place represents a breach of privacy, and goes against the privacy policy.
    • by xaxa ( 988988 )

      Interesting [bbc.co.uk]:

      Mr Davies said that the UK Information Commissioner had an obligation to protect any British citizens who may be on the database.

      "I would argue that this is a case where the Information Commissioner should write directly to the US and ensure action is taken."

      • Right. We know that justice - or rather the law - can reach across the Atlantic. But from what I've seen, it's somewhat a one-way street, and it runs the other way.

  • by Anonymous Coward

    There is nothing preventing a company from changing its privacy policy after it has obtained your private information. Hell, there's no law requiring that they even adhere to their own privacy policy.

    Nothing to see here. Move along.

    • Re: (Score:2, Informative)

      by grantus ( 261016 )

      Nothing except the threat of a lawsuit filed by the FTC. The agency has brought several similar cases.

    • Re: (Score:3, Insightful)

      by hedwards ( 940851 )
      Yes, there is. Privacy policy is a part of the ToS in most cases, and should they change it they are required to give those that are subject to it the opportunity to cancel the contract. Which is one of the reasons why companies like MS and Sony are such a joke, because they regularly change their terms, but offer limited ability to opt out, and definitely don't offer the ability to get a full and complete refund for the product affected.
      • Surely that means the FTC are a joke since they let them (and you can add most telcos to the list) get away with it.

  • I can't recall any other case where government forced enforcement of privacy policy on third parties like bankruptcy courts. Even here, it is not clear if FTC is threatening action or just bluffing.

    I remember the case of a hospital that stored medical records in a warehouse. They stopped paying rent and the landlord sold the file cabinets including contents to help recover his losses. The cabinets, folders and paper are physical property and property laws govern them. The information on the papers had

    • Re: (Score:1, Informative)

      by Anonymous Coward

      I remember the case of a hospital that stored medical records in a warehouse. They stopped paying rent and the landlord sold the file cabinets including contents to help recover his losses. The cabinets, folders and paper are physical property and property laws govern them. The information on the papers had no legal standing at all.

      Even HIPPA laws do not apply to parties who are not heath care providers or their agents but who have possesion of patient data nevertheless.

      It's the hospital that would be buste

  • by Anonymous Coward

    Such subscriber information is *not* just a list of NAW data. By its origin a quite important private piece of information is tagged to each-and-every of those peoples records : They are homosexual.

    If-and-when the list is used for its *by the subscribers* intended purpose (to be able to send the magazine and subscription-fee invoices to their subscribers) there is no problem.

    But if this list is *not* used for that purpose it should fall faul of the current rules regarding the aggregation of peoples data :

  • FormerMember (Score:1, Informative)

    by Anonymous Coward

    First off, I used to be a member of that website, until it rolled downhill and everyone started using other social networks.

    The magazines were non pornographic and aimed at gay youth. They didn't feature nudity and were sold at stores like chapters.

    It had TONS of subscribers and at one point I would have believed it to be the largest gay social network. Not everyone would have their financial information or true information on the site, although it did end up possessing a ton of information about users.

  • Another day, another Kosian post on Slashdot.

    You can't sell what isn't yours to sell. Period.

    No story here. Oh, it's about gays or computers or ...

    This is the year 2010. The novelty of being gay or involving computers is so Carter administration.

    • by grantus ( 261016 )

      One of the targets of the FTC letter is the majority owner of the company that published XY (as the story says). The other target of the letter was an investor in XY. The assert ownership of the data.

      • Hmmm...well...that's more interesting than I first thought. One way to view this is the FTC is trying to prevent selling of assets because there was a privacy clause? I guess they'd pursue this as fraud?

    • You can't sell what isn't yours to sell. Period.

      Yes, but is it your information they're holding for a particular purpose (sending you a magazine), and thus your property or is it their information simply about you, and thus their property?

      • That's irrelevant. The information is an asset and they aren't free to dispose of the assets.

        Addresses are not private property, even if the road and all surrounding land are private property. Addresses are a function of license to use the road which comes from the government.

        It's similar to the way a font can be copyrihted but IP ownership of letters, themselves, is impossible.

  • It's interesting how government upholds private contracts when it wants to, and violates them when it wants to, as in the bankruptcies of GM and Chrysler, which involved overturning longstanding, traditional contracts with lenders to give certain lenders a larger share of the cut-up pie upon dissolution.

  • This is a very important legal issue, much broader than its narrow “gay” context, and the FTC is right! Some bankruptcy courts have permitted companies in Chapter 7 or 11 bankruptcy to sell the private information their members or customers have shared with them, in reliance upon privacy policies and guarantees, free and clear of those privacy guarantees to raise money for administrative expenses and to pay creditors. This is not that new an issue, but is one calling for such attention. It is

The truth of a proposition has nothing to do with its credibility. And vice versa.

Working...