by FMC Legal Intern Satie Munn
The issue of user privacy and digital technology has never been more present in people’s minds. Recent headlines have told alarming stories of governments becoming involved with the technology sector for the purposes of intelligence gathering. But many are also concerned about how private companies use personal data for profit, as when Instagram seemed to give itself permission to use its customers’ photos for whatever purpose it wanted, and was forced to adjust its policy after widespread outcry.
Here at FMC, we think about data a lot — whether its accurate metadata for the purposes of paying artists or informational databases to aid in copyright ownership identification. We’ve also paid attention to developments around privacy and the music community. In fact, back in 2011 we published an overview of current laws and regulations, with an eye towards music and the mobile app marketplace.
While policy has remained much the same, there have been some interesting developments, raising questions about the types of private data that are collected and shared by different companies and who benefits from that process.
Jay-Z Enters The Wild Wild West
Jay-Z’s newest album, Magna Carta Holy Grail, with its momentous and self-aggrandizing title, suggests that the album is going to be a big deal. Indeed, the album has received substantial attention from consumers, critics, and journalists in connection with its release, but much of this attention has focused less on the music itself and more on privacy concerns related to the album’s distribution.
Samsung bought a million copies of Magna Carta Holy Grail for $5 each, and the company made the album available to subscribers for free via a dedicated app five days before its official release. However, when fans went to download the Android app, many balked at the amount of personal data they were asked to reveal. To receive the album, Samsung required users to allow the application to track their phone location, identity (i.e. who they’re talking to on voice calls), email addresses, and social media data connected to the phone. Additionally, users could “unlock” the lyrics, but only after posting on Facebook or Twitter something like “I just unlocked a new lyric ‘Crown’ in the JAY Z Magna Carta app. See them first. http://smsng.us/MCHG2 #MagnaCarta,” for each individual song. Some of Jay-Z’s peers were unimpressed; rapper Killer Mike tweeted a picture of the agreement with the caption, “I read this and……. ‘Naw I’m cool.”
In a three minute advertising spot, Jay-Z hypes the innovative form of distribution, saying, “We don’t have any rules, everyone is trying to figure it out. That’s why the Internet is like the Wild West. The Wild Wild West. We need to write the new rules.” When it comes to Internet data privacy, Jay-Z is partially correct; while the FTC lists several core privacy objectives, there are few substantive laws on the books. The general privacy framework encourages industries to employ “best practices,” which are essentially suggestions for self-regulation, not actual legal rules. As long as companies (both online and offline) disclose to all interested customers, in writing, the data they collect and share, and the customer agrees to their policy, consumer protection is limited to whatever that company is willing to offer. So, although Samsung has endured considerable backlash for the seemingly over-broad agreement associated with the Magna Carta Holy Grail release, the company has done nothing illegal.
Should Streaming Services Share User Data?
Beats Audio’s forthcoming service Daisy is a music subscription service similar to Rdio, Rhapsody or Spotify that is set to debut later in 2013. Backed by industry vet Jimmy Iovine and headed by Topspin CEO Ian Rogers with creative input from Nine Inch Nails frontman Trent Reznor the service will be built upon the MOG music service, which Beats acquired last summer.
Daisy is already making news after the company announced that it would tell artists which people are using the service to access their music, so that those artists can contact fans directly. Both Rogers through his work with Topspin and Nine Inch Nails frontman Trent Reznor have demonstrated the unique ability to understand the needs of the consumer while simultaneously taking care of the artists; a sensibility they aim to bring to Beats Audio. So far, there are not many details about the service, but the initial announcement claimed that it would use Topspin’s Go-Direct platform to “provide the service with photos, videos, and products from artists – like merchandise and concert tickets – without leaving [Beats’] ecosystem. Artists will also be able to see where their fans reside and where their music is most popular.”
It’s easy to understand why access to user data can be an attractive proposition for artists. Recently, a number of artists have expressed concern about whether or not interactive services like Spotify and non-interactive Pandora, are worth it, as payouts can be meager and these services do not currently allow artists to connect directly with fans. Certain artists, most notably Zoe Keating, have suggested that data (such as location data about listeners) might prove to be more useful than typically meager streaming royalty payments. Cue the artist-facing tools and programs – an olive branch of sorts.
Of course, in the context of heated royalty battles, this raises questions about intentions, as well as questions about which artists this data-driven approach works for and which it leaves behind. But setting those questions aside, the prospect of services sharing data has spawned more debates regarding Internet privacy. Jimmy Iovine told Walt Mossberg in an interview that before using the Daisy music service, all subscribers will need to “opt in,” to allow data sharing. So far, it is not clear exactly what kind of data will be shared, or who (artists? labels? Beats?) will have access to that information. And, as with Jay-Z and Samsung, privacy questions get even thornier when wireless carriers get involved; recent reports indicate that Daisy is looking to partner with AT&T wireless. In an environment dictated by business “best practices” the question becomes whether or not giving artists this data will offend the user in such a way that violates consumer norms or reasonable expectations of Internet privacy.
It’s important to understand that not all user data is the same. Consumers are perhaps more likely to accept the simple use of anonymized and aggregate data that allows artists to see where their music is popular, than individualized data about their contacts, location, or access to their Facebook or Twitter account info. And giving users the option of sharing email addresses with artists they enjoy on a case-by-case basis to enable these artists to share tour dates and merchandise info has clear benefits for artists.
In February the FTC released a report titled “Mobile Privacy Disclosures: Building Trust Through Transparency,” which examines consumer awareness and understanding of mobile privacy agreements and provides recommendations to app designers. The report indicates that users are often surprised to discover the extent to which apps collect personal data, even when the developers disclose this information. Even though users sign off on many agreements, they are not “meaningful” because users often do not understand them. Taking into consideration the limitations of a small screen on a mobile device, the FTC suggests that disclosing privacy information at the appropriate time (even multiple points of disclosure), standardizing shorthand agreements across apps, and consistency among app designers are fundamental for making disclosure agreements meaningful for the consumer.
Still, as consumers’ personal and private lives become increasingly integrated online, advertisers will rely more on mobile advertising to reach consumers, and customized data will become more valuable. That is why mobile and online companies are increasingly creating new opportunities to mine data that track how, where, and why consumers operate in the online realm. Without federal regulation, the continually evolving user expectation of privacy will dictate how much access to private data is considered reasonable.
In the absence of regulation, increasing public awareness is essential to creating pushback to companies that are becoming more adept in mining their data. Companies are likely to continue to push the boundaries of Internet privacy to collect this valuable data until they experience substantial resistance from users. Is it worth divulging large quantities of private data in exchange for access to Jay-Z’s album five days before it is released to the general public? Individuals must evaluate these risks and rewards for themselves.
What do you feel comfortable sharing? What would you prefer to keep private?