Woman Sues Blockbuster for Facebook Privacy Violations

Chris Blanc writes "A Texas woman has sued Blockbuster over its activities relating to Facebook's Beacon tool. The movie rental service has been reporting user activity to Facebook since Beacon launched last November, which the plaintiff says is a violation of the Video Privacy Protection Act."

'A Texas Woman'?

[Skyshadow]

We need more info -- can someone please post her name, address, phone number and video rental preferences?

Re:'A Texas Woman'?

I believe her name is Debbie, and she's from Dallas. Google should get you the rest.

More and more problems

[jmpeax]

Social networking sites, and Facebook in particular, seem to be increasingly undesirable.

Apart from not wanting people such as potential employers to gain access to profiles that are by default made openly accessible, security vulnerabilities are particularly worrying, given the fact that social networking accounts often contain detailed personal information in context (i.e. not just a name, but a name connected to a university, email account, other people, images etc.) Add to that advertising schemes that intentionally deliver users' data to third-parties, and you have a dangerous mix, especially considering the average user's lack of awareness regarding safe-guarding personal data.

Re:More and more problems

[Jeff+DeMaagd]

I saw this in part when adding an app means that the app has access to all your profile information. It's either all or nothing, no way to add restrictions.

OK, Facebook has access to my information, but I don't see why third party developers have to have it. I also don't put much information on there. I just have to assume that any information in my profile is going to be available to anyone, even if I put up restrictions and limitations, so I'm careful what I put up there.

Re:More and more problems

[OMNIpotusCOM]

While you have a point, they can be fun if you use them the correct way. It's kind of like creating ghost Amazon.com accounts and searching for really f-ed up stuff, or just opposites (Marilyn Manson/Britney Spears, etc...), then going to your main page to see what they recommend for you. Same thing with FaceBook and the like... except there you have to be careful not to get on a government watch list by watching too many Michael Moore movies and because you're like 30 and have nothing but 13 year olds on your friends list.

Re:More and more problems

[porcupine8]

I just have to assume that any information in my profile is going to be available to anyone, even if I put up restrictions and limitations, so I'm careful what I put up there.

Exactly. My face book is under my real name, with real information. I don't put anything on it that I wouldn't want my professors/bosses to see (because they're on my friends list!), which pretty much means anything I wouldn't want the entire world to see.

I have blogs and accounts on other sites that are less connected to my IRL identity. Sure, people who know me could probably figure out it was me, but my name is not on them, nor is any identify information like what college I went to or what year I graduated from high school. I can be a little more free, but I'm still reasonably careful because I know that if ANYONE can connect that to the real me, they can tell others.

Re:More and more problems

[denmarkw00t]

Social networking sites, and Facebook in particular, seem to be increasingly undesirable.

I concur - and it doesn't help that I haven't had much desire to do any social networking lately, save for a quick check-in if I was expecting something. I cleared my Facebook account of most information and limited my applications to a handful (photos, events, the stuff that isn't so invasive) and tightened my privacy. There were a lot of changes to what was public and how public that I missed in my absence.

Re:More and more problems

[CSMatt]

And what if one of your friends later interns at a company that you plan on working for? If the boss knows that your friend has Facebook access to you, he could demand that it be printed out and given to him. Given the choice between disloyalty and unemployment, I would say most would pick disloyalty, especially in our current economic situation.

Re:More and more problems

[chrispalasz]

I find this article particularly interesting because I had the same problem and complaint.

Less than a month ago I signed up for Blockbuster Online, which I've tried before and liked. Suddenly I'm getting all this Facebook spam from blockbuster asking me to approve their request to tell the world every single movie I'm renting.

I didn't click any check box giving Blockbuster permission to access any of my Facebook information. Not only that, but I had to go to the Blockbuster website and find out HOW they got my information and how to stop it. Finding that information was not obvious. You wouldn't be able to find it by browsing the site. You have to do a search through their help section.

In the end, Blockbuster (from their online store site) told me to use the Facebook option to block their website from accessing my profile if I didn't want their spam.

I definitely see it as a violation of privacy; especially considering they didn't even ask and offered no option of their own for stopping the spam.

Re:More and more problems

[sumdumass]

Two totally different situations. Perhaps a more appropriate comparison would be if his boss asked to photograph the stereo equipment he has or the furniture or something. But taking something from a house isn't the same thing- you are not deprived of property when they print out your drunken orgies posted on the interweb. Even if you attempt to hide them from people that would frown on it.

On another note, it would be no different then asking them what type of person they were. Sort of like with a personal reference even if they didn't list you as one. Obviously, if you have pictures to prove it, you are that type of person. So I guess maybe the question is the same, do you tell and keep your job, or lie to protect your friend and hope you don't lose it when they find out later?

Now if we could only work a car in here somewhere, we could really screw some analogies up.

Blockbuster makes you waive that

[Animats]

Blockbuster's user agreement includes a wavier of your rights under the Video Privacy Protection Act. That's why I don't shop there.

Re:Blockbuster makes you waive that

[Presto+Vivace]

Wow, that is a hell of a waiver.

Re:Blockbuster makes you waive that

Blockbuster's user agreement includes a wavier of your rights under the Video Privacy Protection Act. Boy, that is bad. All my local video rental place makes you sign away is your first-born.

Re:Blockbuster makes you waive that

[ark1]

Just beacause it is in the contract does not mean it is legal.

Re:Blockbuster makes you waive that

Blockbuster's user agreement includes a wavier of your rights under the Video Privacy Protection Act. That's why I don't shop there.

not sure how it works in the U.S.A, but here in New Zealand, you *cannot* contract yourself out of the law. e.g: if an employment contract you sign states you waive the right to opt out of working on public holidays, that clause does not apply. Surely you'd have something similar in the states?

Re:Blockbuster makes you waive that

[TheRedSeven]

Parent is not correct, at least according to the website:

From the privacy policy

Legal Notices--Video Privacy Protection Act of 1988. Blockbuster supports the Video Privacy Protection Act of 1988 and will use reasonable commercial efforts to require employee and business partner compliance with the Act.

Now, that's pretty vague, but if you take it at face value (HAH!), it would imply that they don't have you waive your rights under this law.

However, they do have some pretty crappy privacy when it comes to any comments you post to their website (ratings and such): From the TOS:

Content submitted to blockbuster.com (including your name) will not be confidential and may be published or disclosed in Blockbuster's sole discretion, without any compensation to you.

By submitting Content, you grant Blockbuster the right to use your submitted name in connection with your Content.

I may just be going back to Netflix...

Re:Blockbuster makes you waive that

Very true. Most "good" clickwraps and T&C statements (check any video game manual) will mention that their agreement does not override your individual state's rights like warranty or right to sue.

Government can and does legislate power to the people... as well as taking it away. :-)

And even if something is illegal across the board, you still have to go to court to argue it. I begin to wonder if American parents have to give their children a seperate allowance for laywers' fees.

Re:Blockbuster makes you waive that

[canajin56]

Doesn't slashdot publish your content (including your username) at its sole discression, without any compensation to you?

Re:Blockbuster makes you waive that

[Venner]

In the USA, "freedom to contract" tends to trump. However, you generally can't contract out of criminal laws, nor laws passed under the auspices of a state's general police powers (health, public welfare & safety, etc.) This might be valid as a waiver of a statutorily created right (I mean, you can even waive many constitutional rights), but I'd certainly argue it being unconscionable.
Uneven bargaining power, the reason they ask you to waive it in the first place (entirely to their benefit, against an apparent legislative preference), the relative sophistication of the consumer and the inability to make an informed decision, the conspicuousness of such a clause, etc, etc, etc.

Re:Blockbuster makes you waive that

[sumdumass]

There are limitations to what can and can't be done. Some contracts limit your free speech forbid you to run for public office while employed, demand arbitration instead of lawsuits, limit legal jurisdiction to some far away home office location where they already purchased the judges and so on.

I remember reading about a court case a while back where it said some things in contracts like that become null if it is universal a requirement for employment. This is especially true when there is a law of some sort giving the employee more rights. It seems that they have to allow the rights and then negotiate them away. If they impose a policy or condition for employment that removes those rights, they can't really be enforced. Well, they can as long as you don't get a lawyer and fight it.

I think the case I was reading about had to do with some company who imposed flex time on hourly employees so that any time worked over 40 hours in one week was time off during the next week so they could get out of paying the mandated time and a half for overtime. Apparently the company has a forced overtime rule where they could hold you over your shift for 4 hours at their discretion or tell you your working on the weekends sometime during the work week. It would suck to work two 12 hour shifts and three 8 hour shifts in a week (8 hours of time and a half overtime) to loose half a days pay and get an extra day off the next week.

Welcome to the digital age

I wouldn't expect anything else.

What do you think all this credit card tracking and online accounts and frequent-buyers club bullshit is about?

It is all for companies to be able to direct their advertising more effectively. That is their incentive in providing these tools.

If you don't like this sort of intrusion into your lives, then why not take control of your own governance and change things?

FaceBook is evil.

[v(*_*)vvvv]

These first generation social networks are going to be the source of a lot of regret. We can only hope that the damage is minimal and that the lessons are learned quickly.

Re:FaceBook is evil.

[geekoid]

I hope people realize everyone does stupid shit sometimes and we can get over it.

Re:FaceBook is evil.

[Tony+Hoyle]

That's more likely.

A society where everyone pretty much knows whats going on with their friends/aquantences without all this victorian privacy bullshit sounds much more healthy.. and that's what's happening, slowly.

Re:FaceBook is evil.

[Kingrames]

What?
are you serious?
When I want privacy I'm not talking about people not seeing the legs of the dinner table.

I'm talking about people not being able to track:
how often I go to the bathroom
where I live
What movies I watch
how much gas is left in the tank of my car
how much gas I use driving to work
how much gas I use during the week

And it's not because those things are important.
It's because of powerful mathematical functions and formulas that can derive, from that, exactly where I hang out with friends, and when, and for how long, and the most opportune moment to pop out of the bushes and ninja-kill me.

Seriously. you have no business trying to math-ninja me.

also, I am NOT paranoid, so stop calling me that.

Re:FaceBook is evil.

[pavon]

It's not my friends/acquaintances that I'm worried about. And frankly I think the "more information / better communication will make us will make us more tolerant" line is wishful thinking. There have always been groups on the edge of society that were harshly treated if their (harmless) habits were exposed. Mutually Assured Destruction doesn't help in those cases - the majority may redefine all the sins that the majority commits to be socially acceptable, but not the minority sins.

Furthermore, I don't really buy the idea that lack of privacy is something that is good for society. Your relationship with your customers is not the same as the one with your boss or coworkers or parents or friends or spouse or kids. It's not so much that I want to keep things secret so much as I want them to be presented in context, which is why we tend to only share private aspects of our life when we think someone knows us well enough to understand them. People will always be unduly influenced by first impressions - it's fundamental psychology, not culture - and so I think this compartmentalization of our personal lives will always be valuable to some extent.

Even if this generation becomes more tolerant, the previous generation is still going around for quite some time, and will have disproportionate control of politics and business for that time. Most of the benefits that result from this newfound lack of privacy will take a full generation to come to fruition, whereas the damage it causes can be felt now.

Finally, even if society becomes less judgmental in personal life, there will always be profit/power motive in using your information against you. I don't trust the government or the insurance companies to look the other way when given info they can use against me, and if history is any indication, governments and corporations will aways be untrustworthy.

So, I really don't think this Victorian judgment bullshit is going away anytime soon, and I'll keep my Victorian privacy till then thank-you-very-much :)

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Easy

Oh, hey there, Malicious Link! I almost didn't recognize you without your -1 Troll goatee!

From Blockbuster's TOS

[TheRedSeven]

Parent is not correct, at least according to the website:

From the privacy policy

Legal Notices Video Privacy Protection Act of 1988. Blockbuster supports the Video Privacy Protection Act of 1988 and will use reasonable commercial efforts to require employee and business partner compliance with the Act.

Now, that's pretty vague, but if you take it at face value (HAH!), it would imply that they don't have you waive your rights under this law.

However, they do have some pretty crappy privacy when it comes to any comments you post to their website (ratings and such): From the TOS :

Content submitted to blockbuster.com (including your name) will not be confidential and may be published or disclosed in Blockbuster's sole discretion, without any compensation to you. Blockbuster may, but is not obligated to, respond to any Content.

By submitting Content, you grant Blockbuster the right to use your submitted name in connection with your Content.

Yes but it's illegal.

[goombah99]

Your right to privacy on video rental records used to be dictated by what ever agreement you had or lacked. But then Robert Bork was nominated to the supreme court. At that time a reporter obtained his video rental history and published it. The politically charged backlash created a federal law mandating the privacy of those records.

In otherwords, video rental records have a protected status that is federally recognized. it's not the same as most other information about you. it might even be more protected than your credit history!

Now this is a civil suit ($$$) not a prosecution, so that law is only out there saying what the standard of conduct expected of blockbuster is and is not a direct factor in the trial. I would guess that block busters agreements reasonably allow them to share your data with 3rd party business affiliates or for purposes of debt collection. However, I think the expectation is that your records are not public records.

Facebook might be the loosely defined bussiness affiliate, but most people would probably say it's public. And you did not really intend to direct them to share your borrowing records, nor at the time you agreed with facebook to share certain data could you have anticipated that blockbuster would become a bussiness affiliate. They really needed to negotiate that with you.

finally just because you sign a "wavier" does not mean you cannot sue. As I understand it, you can never sign away your right to sue. The wavier simply makes it hard to win.

I note that recently Netflix ran into a problem too. Their supposedly anonymized rental records used in their contest to improve movie selection turns out to have enough information content that clever googling can re-associate names with a large fraction of the people in the data base. (e.g. they mention movies they watched somewhere on the web and this can be correlated). Some group in texas actually did the reverse calculations and showed it worked.

Re:Yes but it's illegal.

[10101001+10101001]

I imagine the "waiver" you sign as part of your Blockbuster membership (assuming it's in there) would constitute the "express, written consent" required by the Video Privacy Protection Act.

Which would mean you've signed away your right to sue under that law.

2710. Wrongful disclosure of video tape rental or sale records
(b) Video Tape Rental and Sale Records.
(2) A video tape service provider may disclose personally identifiable information concerning any consumer
(B) to any person with the informed, written consent of the consumer given at the time the disclosure is sought;
-- http://www.law.cornell.edu/uscode/18/2710.html

In short, no. Feel free to find text in this law to back up your imagination.

Re:Yes but it's illegal.

[sumdumass]

It took me a minute to see what you were getting at. But right as I was about to ask you which part didn't allow it, I noticed the Informed written consent part of b-2-B would make it illegal to hide it in with a bunch of other junk and it is apparent that it needs to be done when the disclosure is planned to happen.

I guess the question might be how obfuscated could the wording actually be before it isn't an informed consent and how would we define the "time disclosure is sought"? If it means some time before they decided to use your name and information specifically, then there is a lot of problems there. If it means that they could plan on doing it at a later date but with nothing specific in mind, it might not be as clear cut. Although the way I read that, as soon as they single you out, they have to get written permission to disclose anything and make some sort of effort to let you know what they intend to do for each and every time they decide to do it.

Re:How does beacon know who you are?

If you are signed in to your Facebook account, Beacon is running. If you then go to Blockbuster to do anything on their site, Beacon associates your FB account (the specific Abrahamo Lincolni that is you, and none of the other 39 Abe's on FB) with your Blockbuster account, and reports that association to Blockbuster.

If you didn't log out of FB before closing that tab, Beacon is (I'm pretty sure) still running, and will still do the same thing when you log into Blockbuster or any other Beacon merchant.

Anyone up for a boycott of all merchants who use Beacon?

Re:How does beacon know who you are?

Here's how:

Beacon is a cookie.

You log in to Facebook, cookie is placed. You later log out of Facebook, do other stuff on your computer.

Then, you log into Blockbuster.
Beacon stores info about what you do in your Blockbuster account (e.g., rented [movie]).

The next time you log into Facebook, Beacon tells Facebook the information it's stored.

And that's how it knows; no special input needed on the user's part.

Imagine the Repurcussions

[SRA8]

I think people clearly see the danger of this beacon feature abstractly. But like me provide two examples that may show the problems in more context:

Example 1: Man buys book "How to Quit Your Job and get a Better Job for Dummies". His employer sees it on his profile and passes on the man for a job promotion, why promote someone who is looking to quit.
Example 1a: Same as above but man was buying the book for a friend unhappy with job. Man wanted his friend to find a job as enjoyable as his own.

Example 2: Man buys a book "Surviving AIDS" for a college project. His neighbors now think he has AIDS.
Example 2a: Man gets AIDS 10 years later. Denied for treatment by health insurance company as a pre-existing condition, based on his purchasing the book 10 years ago.

Re:More problems...if you want them

I am astonished how otherwise intelligent people never stop to think how easy it is to "anonymize" their Facebook accounts but still have their close friends recognize them. For example, when creating an account:

* Use a nickname instead of your real name.
* Use a disposable email account.
* Don't bother filling out info like, phone numbers, home address, gender, relationship details.
* Don't fill out any other sensitive info, or use fake, or humorous data only your friends would understand.
* Make use of FB's extensive privacy settings to lock out access to non-approved friends.
* Turn off FB's "social ads" feature.
* Use Firefox with Ad Blocker Plus enabled.
* Block suspicious or undesirable apps.

You can still enjoy these social web sites without advertisers or employers getting any useful, real information on you.

Re:Easy

[Kingrames]

In the words of a slashdot user's sig who shall remain anonymous,
"Censorship is always more offensive than that which is censored. Always."

Re:Easy

[sumdumass]

Perhaps instead of a deletion, a {work unfriendly} advisory in brackets could be added.

There is a real problem with some links in some places. Especially when they are presented at a site that is somewhat "work/family safe" oriented. I say safe orented because it is well known that people surf this site at work or in front of the kids. Purposely hiding the true origin of a link to trick people into viewing it is about as stupid as it can get.

And no, it isn't censorship to delete a link that is fed through a proxy in order to obfuscate the origin so that people who wouldn't otherwise click on it could be tricked into doing so. If the point was to post a link to something, then the link to it would be posted and not bounced from a assumed safe domian. In case your wondering, http://rds.yahoo.com/_ylt=A0oGkwkgCAlIK5YAl_5XNyoA/SIG=1hr6qq1f/EXP=1208637856/**http%3A//slashblog.notlong.com/ is the same as going to http://.slashblog.notlong.com/

And yes, I purposely broke both links. The first one can be followed and anyone with half a brain can fix the other after opening it. It you have doubts, you can go up and click on the original to verify.