Barnes & Noble Claims That Public User Names Are Private Info; Refuses To Restore Blog With Comments
from the huh? dept
We’ve linked to the Photography Is Not A Crime (PINAC) blog on Pixiq.com many times in the past. To be honest, I had no idea that the site was actually owned by Barnes and Noble — I had assumed that it was just an independent blogging operation. It turns out, however, that B&N hired Carlos Miller, who had written PINAC as an independent blog, and “moved” the blog to Pixiq two years ago. However, it recently chose not to renew his contract, and agreed to transfer the blog back to being independent. Except… that now it’s claiming that it cannot transfer all of the comments on the site because that would somehow violate B&N’s privacy policies (note that link goes to PINAC at Pixiq… but I have no idea where it will go in a week when the “transfer” takes place). At best, B&N says it can transfer the comments but only as “anonymous.”
At first, Pixiq was asking me to sign a document, which stated that the migration of my blog would not include a single comment because of its privacy policy.
But when I protested, Pixiq attorney Gillian Berman said they would make an exception in my case and migrate the comments, but turn every username into “anonymous,” which would make every single comment over the last two years appear to have been left the same person.
This makes no sense. We’re not talking about handing private info over to a third party, but the actual names that people chose to display publicly. Perhaps B&N would have an argument if there’s concern about transferring email addresses or IP address info with the comments — but even that seems like a stretch. People commented on a blog. Transferring the entire blog to a different site doesn’t change any of that — but it’s especially stupid when it comes to public info like commenters’ chosen display names.
It seems like the only explanation I can figure out is that B&N is being incredibly lazy here, and doesn’t want to do the bare minimum amount of work to return the blog to Carlos. We’ve seen a few other blogs “join” different sites in the past, and it seems worth highlighting how the separation can create ridiculous problems like this when a big company decides to make claims that just don’t make any sense.
Filed Under: blogs, photography is not a crime, private info, public, usernames
Companies: barnes and noble
Comments on “Barnes & Noble Claims That Public User Names Are Private Info; Refuses To Restore Blog With Comments”
so…if you get a B&N line of credit – and stop paying on it – are they going to protect you and your privacy by NOT transferring your personal information to a bill collector?
It’s pretty much like putting a big sign in your front door written “don’t make business with us because we might screw you up at some point”.
Same thing seems to have happened to a blog called TechDirt. Most of the commenters are all of a sudden called “Anonymous Coward”.
From an IT standpoint, I can see B&N’s concerns…
While public usernames are in essence public, they are linked to potentially identifying information on the back end. Due to legal liabilities, this information would have to be transferred with the public usernames.
this is basically another case of a company doing exactly what it wants or doesn’t want to do, because it is fully aware that the chances are it can get away with it. the law and politicians are not in the least bit interested in ensuring the people are treated the same as companies and industries, are not interested in backing ‘the little person’, those that voted them into power’ because there is no cheque attached. all companies seem to be the seem. they want their service/product bought and used as much as possible, provided they can dictate the ways in which it is used.
Personally I’d say fine, do that. I would also replace ‘anonymous’ with ”. If they decide to leave out all comments, in place of the I would put (Comments Censored by Barnes & Noble)
They might be more reasonable
Not So Obviously Stupid
This has some parallels to the Toysmart case in which a bankrupt dot-com went to sell its customer list, which the Federal Trade Commission alleged would violate its privacy policy.
http://www.ftc.gov/opa/2000/07/toysmart.shtm
The Barnes & Noble privacy policy says: “BARNES & NOBLE DOES NOT SELL OR RENT YOUR PERSONAL INFORMATION TO THIRD PARTIES.” It doesn’t limit that to “private” information or “unpublished” information. ALL personal information, which includes names and arguably handles, which can often be linked back to persons and is thus “personal.” A transfer of personal data under contract is arguably a “sale,” even if no money changes hands.
Given the hostility of the FTC to companies transferring data, the B&N lawyer appears to be making the prudent decision.
Not So Obviously Stupid
What Carlos might do instead of arguing with the lawyers is to scrape the comments off the site, then marry them back up with the posts, or just scrape all posts, publicly available post data, comments, and available comment data. Pain in the ass, but then the data won’t have been transferred by B&N.
Not So Obviously Stupid
Aww shucks, don’t go pointing out reality to Mike, he’s in the middle of a good rant. He doesn’t usually let things like the law, rules, or judgement get in his way.
/ sarc
Seriously Mike, you raise all sorts of issues about privacy and stuff, and then you have no problem with B&N selling or giving personally identifiable information to a third party service?
Nice!
Not So Obviously Stupid
I don’t know if that charge sticks to Mike, but there are Internet users who demand strict privacy protections as if they’re cost-free, then bray against inconveniences and lost benefits that those privacy protections require.
Not So Obviously Stupid
I think you missed the point of the article…
Not So Obviously Stupid
So then don’t put anything in the contract about the comments. Then it can’t be a sale. They are already publishing the information, and if they have a single Ad on the the comment page, they are effectively selling the information.
And yet, Twitter is compelled to deliver private information of an OWS protester.
Not So Obviously Stupid
Except no one is asking B&N to sell or rent anything, and certainly there is no ‘transfer under contract’ in this case.
Not So Obviously Stupid
No, I didn’t miss anything. The guy had a blog, he merged it into B&N, and now is leaving and they are giving him back the rights to it. However, during the interim, those people posting on the blog were in fact dealing with B&N. Now that he wants the blog back, the problem is that B&N cannot give back any user information (not even their names) without risking a privacy violation.
What is key here is that, when guys like Mike go off about loss of privacy and all, it’s this sort of thing that results. The rules are so tight, and the FTC is incredibly nervous in this area, that they are doing very much the right thing to protect their users personal data – all of it.
It’s wonderful when it works out that way.
Mike, to be fair, it makes sense from their terms on personal information, and they are doing what is ri9ght for the customer in this case.
In this particular case, I don’t think there’s honestly a simple solution to the problem that will make everyone happy.
Not So Obviously Stupid
Except in this situation, B&N is not selling or renting personal information to a random third party entity. B&N is “splitting-off” 100% of an asset which B&N no longer cares to be the custodian of, to an individual person which was recently under the B&N umbrella.
Not So Obviously Stupid
I disagree.
If the comments are there, fr all to see in the public, and that is all that’s moved over (the text is copied over as you would see it in a browser), I don’t see why doing a literal copy and paste would violate anyones “privacy” since it would still be associated with the same blog.
I don’t associate blog comments to the parent company, only the blog, the brand, the community following the blog.
In order for privacy to be broken, something must have been private first. I agree that any back end info shouldn’t get transfered, but publically displayed usernames? Not so much.
Not So Obviously Stupid
I think the issue is not general privacy, but what B&N promised in its privacy policy.
Re:
Actually the problem is they are stating this for ALL users, when most of the users have been commentators from the original PINAC blog site and were transferred over to B&N meaning they are actually NOT B&N’s property in first place nor are they B&N clients/customers.
I’m one of them and my comment on the aforementioned post that Carl made a few days ago makes my position vis-a-vis B&N and my rights perfectly clear that they cannot hold my data and their EULA is moot in this instance.
As Mike states in this post here on TD it was NOT made public in any reasonable way that B&N actually owned the PIXIQ website and was a surprise to most of us which is further problematic knowing B&N’s history when it comes to customers, marketing, etc.
Re: Re:
“Actually the problem is they are stating this for ALL users, when most of the users have been commentators from the original PINAC blog site and were transferred over to B&N meaning they are actually NOT B&N’s property in first place nor are they B&N clients/customers.”
I think the problem here is that once B&N took over, the users are subject to their terms and conditions. If those changed at any time, users were notified, which creates acceptance of ALL of the terms, like it or not.
The actual funny part here is that the original blog owner may have in some way violated privacy when he merged the blog, although it’s not clear that B&N didn’t buy it outright.
Why is this blogger upset at B&N? This blogger is a complete moron. The one question I have is “do you ever back up your blog, files and whatnot”.
I conduct backups on my site periodically. Anyone who operates a website does the same thing. So, why is this idiot upset at B&N?
Don’t blame B&N because you are so much of a boob that you can’t even be bothered to back up your own website.
Re:
I agree that your position is sensible. I’m saying that there is an incompatibility between what B&N promised via its privacy policy and what is required in order to successfully transfer all the data back into Carlos’ hands, and for that, there isn’t a simple solution.
Privacy
Some people are missing the biggest thing here.. The blog comments were never ‘private’ BN can’t even argue ‘privacy’ – I’m sorry someone please define the word private for me or do we all need to go back to second grade and re-learn the word
Not So Obviously Stupid
“I don’t associate blog comments to the parent company, only the blog, the brand, the community following the blog.”
Legally, that doesn’t really seem to hold water. Your agreement to post is with the site owner, not the current blog name or whatever.
“In order for privacy to be broken, something must have been private first.”
Depending on the terms and conditions, their privacy police, and the prevailing legal winds, it’s likely that even the user name is “private” but used in a public area – of a privately owned board. I don’t think the users have waived that right even, no matter how small.
Just transfer the public name & comment only
They could very easily send the comment-id, parent-comment-id, the public display name… another export with display-name, salt, sha-256(salt+email-address), and the comment text…
This would allow a user to create a new account on the new site, and could then hash the desired username and email address.. if the name & email (hashed) matches the existing entry, you can attach that user… no privacy lost.
This would also allow you to preserve the comments, with display name.. and allow users to re-claim their comments/accounts… That’s a solution off the top of my head that should be easy enough to implement.
Not So Obviously Stupid
I never said anything about the blogs name. Agreement with the site owner, ok, sure. I’m talking about association. That’s why I don’t have a problem, personlly, regardless of what the law says. Apparently the blog was run by the same guy the entire time, if I read it right. I personally would make the association to him, not to B&N. I hink most users weren’t even aware of it. I’m sure some where, but to them they probably thought it was a different host.
Are we honestly going to see someone complain, because the blog comments, and their name with them, are having their ownership transfered?
And I don’t quite think it makes any logical sense that anythin in public is private. If you have to login to see posts, maybe. Even on a private message board. If the world+dog can view it, however privately owned it is does not make that information private, no matter what their privacy policy is. And its just a policy, written down. If your name is visible to the public, no privacy policy has the power to deem that private information after the fact.
Privacy
Just playing devils advocate here, but I think it’s more to do with email addresses that would be linked to the usernames that left the comments.
Hypothetically, all it would take is just one user who signed up and commented when it was a part of B&N, under the impression that they had given their consent to B&N only, to stir up trouble because their ‘private’ email was being handed to a ‘3rd party’.
So possibly B&N should put out some kind of notice to users and give them a deadline to delete their comments/login if they so wish… I doubt any users would bother – I imagine that might be a solution.
We would be wise to remember all the flack that Google caught when they changed their terms of service (some would say deservedly so).
No easy answer – but maybe a lesson for independent bloggers thinking about working with corporates, with their standard EULA’s and blanket T&C’s.
Nice Change
I’m actually pleased to see a big company take their own privacy policy seriously. It may be a first.
I'm the blogger in question
Hey guys, this is a fascinating discussion. I just want to clarify for the record that all I am seeking in this transition are the usernames, not the IP or email addresses, which are obviously private.
I just want to keep my blog as intact as possible and that won’t be the case if B&N turns every comment into “anonymous.”
Also, during the two years I was under B&N’s contract, I never had access to the back-end, so there was no way I could save data bases, something I always did when I ran the blog on WP.
I did speak to B&N’s attorney today by phone and she seemed very accommodating and said they plan to send out emails to every single commenter, giving them the option as to whether they want their comments and usernames transferred, or only their comments transferred or have nothing transferred at all.
They will give these commenters a few days to respond and if they don’t respond, they will take that as if they don’t care whether the comments get transferred and transfer the comments and usernames.
So that means B&N will extend the contract for a few days or maybe a couple of weeks until everything gets sorted out.
This type of situation is very new to all of us. There is really no case law addressing it. And the subject of comments and usernames were never brought up in the contract, so we’re learning as we go.
But I do want to be fair to B&N that they are working with me in this matter in a very fair way.
Re:
I had no access to the back-end of the site to back up the site.
Re:
At no time did B&N ‘own’ this blog. The original owner is still the owner. B&N is nothing more than the hosting company. They are asserting that they cannot allow the owner to hold onto his own property. This is where your arguments confuse me.
I'm the blogger in question
Good news.
Re:
All the guy has to do is pull out his 2 year old backup (he kept a backup, right?) and use that. End of discussion.
Not So Obviously Stupid
There are several problems with that view.
First, is that B&N has a contract with Carlos that promises to do exactly what they are now refusing to do.
Second, the terms of service for Pixiq makes clear that commenters own the rights to their own posts, but by posting on Pixiq they are granting Pixiq an irrevocable, non-exclusive royalty-free license to use and copy.
I am a commenter on PINAC, and I posted on the blog that I granted B&N my permission to share the information of mine that it holds that is necessary for such a transfer with Carlos. I am the copyright holder on my posts there, and the privacy interest in the posts is mine alone. I have granted Carlos the license to use my data and posts to the same degree and in the same manner I have granted to Pixiq…and Pixiq is now refusing to allow me to exercise my rights to my works.
Re:
Would they have to delete the information if the entire parent company was acquired, rather than just the blog?
If they owned a credit card company or an importer or any company with a customer list, or a vendor list, or whatever — complete with addresses and even handwritten notes — and then sold the company, would they have to anonymize the customers as part of the sale?
The sold entity continues to be bound by the implicit contracts made by the old owner, as well as by applicable law concerning privacy.
Of course, you could offer to sell an office building but refuse to provide the documentation (let us say elevator inspections and security logs). But why would you bother?
And if it’s a repurchase after two years — wouldn’t you have to sell it back on the same terms you bought it?
How is a blog different from this?
I'm the blogger in question
It sounds as though it’s being tackled in the most sensible and professional way possible by all parties. Kudos!
Re:
But they are real public domain cowards. Not fake stolen ones.
http://www.youtube.com/watch?v=HPnJM3zWfUo