In the late 1990s it was a truism in European technology circles to say that where the U.S. leads Europe follows. With the growing impact of technology however the legal world has become truly smaller. Nowadays new Internet plays are often launched simultaneously worldwide and many of the most talked about Internet phenomena like KaZaa, Skype and the World Wide Web itself were born outside of the U.S.
One of the oldest areas of Internet litigation, yet also one which seems to be growing the most is online reputation. Since the popularization of the Internet, major corporations who value their brands have been monitoring the Internet to look for people profiting from their goodwill or just simply out to get them. Tricksters and protesters alike have used the medium to disseminate inaccurate information about their targets leading astute corporations to set up websites dedicated to correcting the mass of inaccurate information about them. A good example is Coca-Cola's Myths & Rumours site (http://www.thecoca-colacompany.com/contactus/ myths_rumors/index.html) which definitively quashes a number of Coke's urban myths including the "fact" that the drink was originally green.
In the last few years however with the evolution of search engine technology, highlighted by the inexorable rise of Google, everyone wants to play at being an online detective. Searching has gotten personal. Neighbors now use the Internet to search each other's background, potential tenants are researched for apartment blocks and employers are compiling dossiers on what the Internet says about a candidate that the resume does not. Technology circles are awash with talk of so-called semantic web searches - sites which have the ability to look at context not just content. But unsurprisingly, their use is not without legal issues.
Many of the new breed of personal search engines exist to allow corporate research and former colleagues, college classmates and even prom dates to catch up with one another. One of the leaders, ZoomInfo claims that it has profiles on just under 38 million people and around 3.8 million companies - including over 118,000 lawyers. ZoomInfo also powers a number of other sites who use its data for their own search tools including Amazon and Business Week. The site operates like a conventional search engine, allowing users to type in a name and then searching its database to find matches. However, it is the accuracy of the matches it provides which could cause issues with mistaken identity, and may lead to a need for legal action. For example a search against new UK Prime Minister 'Gordon Brown' suggests 82 possible people including a gutter fitter in Oregon, Program Director of Precision Hoops Basketball Academy and a chimney sweep. Strangely a search for 'George Bush' reveals only the current U.S. President but his profile has only been viewed around 100 times despite 8,000 web references having been pinpointed. But ZoomInfo is not the only company attacking this market - a newer personal search engine spock.com launched in August this year with $7 million of venture capital funding claims 100 million personal profiles have already been indexed. By comparison spock claims it has over 2,000 different profiles of people called George Bush.
On both sides of the Atlantic there is already evidence that employers are using tools like ZoomInfo to check candidates' employment records. In August a temporary judge in Las Vegas was sacked over a posting on his personal MySpace page that included amongst his hobbies "breaking my foot off in a prosecutor's ass." The judge said his comment was intended to provoke discussion rather than to be taken at face value. In the UK we have seen similar reports at two universities of staff logging onto social networking sites and using evidence they find on student profiles to discipline students. In one a student was questioned over photographs which seemed to show her celebrating the end of exams by throwing dead octopus parts over other students.
But these new search techniques have caused even more concern in Europe with questions being asked in particular about the U.S. Government's use of aggressive data aggregating techniques in the response to 9/11. In particular the so-called 'no-fly' list maintained by the Department of Homeland Security has led to the European Court of Justice ruling as unlawful the European Commission's deal with the U.S. to transfer data to help compile the list after the European Parliament raised objections. It is said that just 16 names appeared on the U.S. list in 2001 compared with 44,000 in 2006 as semantic web technology is used to aid the collection of names. Whilst in the U.S. these techniques have caused public consternation with the reported seizure of U.S. Senator Ted Kennedy when he was mistakenly identified on a terror watch list in the U.S., we have followed the refusal to admit into the country the artist formerly known as Cat Stevens and the subsequent BBC interviews with a once-forgotten rock band who happened to be on the same flight. In September this year, according to siliconvalley.com, DHS shut down a $42 million semantic web program linked to the no-fly list after Congress's Government Accountability Office said that its search results were not sufficiently reliable. It had been claimed in 2004 that the same program could analyze more than 1 billion pieces of data per hour. European authorities have felt the same criticism at home when the European Commission announced similar plans in 2005 with detailed plans being left to the 27 Member States which make up the EU. This summer Gordon Brown faced critical press complaints when he announced that the UK Government would introduce its database with trials already having taken place on 22 million passengers who had travelled through the UK.
Those in business clearly need to monitor their own reputation by monitoring the information about them which is out there. However exercising self help is not without its own risks. In August this year a former hacker built some software which he says allows him to detect companies whose computers have been used to alter their entries on Internet encyclopaedia Wikipedia. Organisations which he says could have deleted information about them include the two main UK political parties, the Vatican, the Portuguese government, Amnesty International, the United Nations and the CIA. Some of those accused have embarassingly admitted their employees have tried to alter the site, including some of the news organisations who first broke the story.
So how can the law in Europe help companies and individuals who fall victim to online inaccuracies? So far few cases have reached the courts, but in most of Europe privacy law is likely to be the first port of call. Broadly speaking privacy law in Europe could open up a possible cause of action to any living individual who is resident in or a citizen of a European country with privacy law in place. Around 33 jurisdictions in Europe currently have some form of legislation providing that information on individuals needs to be accurate and some countries have private rights of action for those who are damaged by inaccurate data. An extreme example of regulatory action is the $1.5 million fine in Spain for the leaking of personal profiles of the Spanish Big Brother contestants upheld by the Supreme Court in Spain earlier this year. Whilst in much of Europe action by the local privacy authority to correct a website is unlikely to be high on their list of priorities, a civil action for damages could bring results. In some countries a specific cause of action and specific remedies are laid down in the legislation. In Austria, for example, under the Bundesgesetz ber den Schutz Personenbezogener Daten (Datenschutzgesetz 2000 - DSG 2000) an individual can ask for rectification or removal of inaccurate personal data and can bring proceedings for compensation for damage caused by a breach of the law. Similar powers exist in other countries including Belgium, Finland, Germany, Italy, Portugal and the UK.
Additionally defamation law might be an avenue open to those maligned online. In one of the first Internet defamation cases in the UK in 1999 - Godfrey v. Demon Internet Ltd - the court in an interim application decided that those responsible for maintaining content on the Internet could be held liable for the truth of statements they host. In 2002 Irish politician David Trimble brought a similar case against bookseller Amazon for allegations made against him on a review of a book they offered for sale on their site. Another Irish case in 2001 shows just how damaging allegations like this can be. That case concerned a war of words between two sandwich shop owners in Castelrea, Co Mayo. One posted the other's details on an escort site under the name 'Exclusive Maureen' leading to more than 100 calls to her in the first two days alone and damages in excess of 10,000 pounds. Just a month or so ago a 15-year-old Finnish schoolboy was fined for posting a video on YouTube showing a karaoke performance of his teacher and for claiming she was insane. He also was ordered to pay 800 euros in damages for "causing harm and suffering." Traditionally some courts in Europe have been happy to entertain Internet libel cases with little real connection with the U.S. Whilst damages might be less than a successful action in the U.S. in some cases remedy will be available in Europe where it would be denied by a U.S. court.
Whilst name calling and malicious rumours are not new, what has changed in the last year or so is the increased appetite of those using the Internet for information and tools like ZoomInfo to consolidate the information which is out there and the ever-increased globalization of the information sources. Just as the information gets global, a reputation management strategy needs to get global too. It is clear that every professional needs to conduct regular searches of their own identity on the Internet. Companies have grown used to doing this but it is clear that individuals must do it too - reputation management has moved out of the boardroom and into the back bedroom.
Published October 1, 2007.
