Obtaining Legal Advice
The Primer is designed as a reference resource for designing privacy and free speech into your product or service, not as a source of legal advice. In the event that you need an attorney, here are some resources to help find one.
State bar and professional organizations
- California State Bar Lawyer Referral Service
- New York State Bar Association Lawyer Referral and Information Service
- ACLU of Northern California
- Electronic Frontier Foundation
- First Amendment Coalition
- New Media Rights (copyright, trademark, licensing, contracts and First Amendment free speech issues)
Legal clinics specializing in technology law
- Juelsgaard Intellectual Property and Innovation Clinic at Stanford Law School
- Stanford Center for Internet and Society
- Samuelson Law, Technology & Public Policy Clinic at Berkeley Law School
- USC Intellectual Property and Technology Law Clinic
- Information Society Project at Yale Law School
- Cyberlaw Clinic at Harvard Law School
- Berkman Center for Internet & Society at Harvard University
- Tech Policy for Startups: Glossary of Terms & Legislation [Center for Democracy and Technology]
- Policy one-pager for Startups on the Children's Online Privacy Protection Act [CDT]
- Policy one-pager for Startups on the federal Electronic Communications Privacy Act (ECPA) [CDT]
- Policy one-pager for Startups on the Health Information Portability & Accountability Act (HIPPA) [CDT]
Guidance from regulators
- Making Privacy Practices Public [California Attorney General]
- Complying with the Children’s Online Privacy Protection Act (COPPA): Frequently Asked Questions [Federal Trade Commission]
- CAN-SPAM Act: A Compliance Guide for Business [FTC]
- Privacy on the Go: Recommendations for the Mobile Ecosystem [California Attorney General]
Santa Clara Principles 2.0
The Santa Clara Principles 2.0 provide guidance to companies engaged in content moderation on how to provide meaningful due process to users and enforce content guidelines in a manner that is fair, unbiased, proportional, and respectful of users’ rights:
1. Human Rights and Due Process. Ensure that human rights and due process considerations are integrated at all stages of content moderation, and users should have clear and accessible methods of obtaining support when action is taken against their content or account.
2. Understandable Rules and Policies. Publish clear and precise rules and policies around when action will be taken on users’ content or accounts.
3. Cultural Competence. Ensure that their rules and policies, and their enforcement, take into consideration the diversity of cultures and contexts in which their platforms and services are available and used.
4. State Involvement in Content Moderation. Recognize and address the special concerns that are raised by the involvement of the state in the development of company policies and requests to remove or suspend content and accounts.
5. Integrity and Explainability. Ensure that content moderation systems work reliably and effectively by pursuing accuracy and nondiscrimination in detection methods, submitting to regular assessments, and equitably providing notice and appeal mechanisms.
1. Numbers. Publish information about pieces of content and accounts actioned, broken down by country or region, if available, and category of rule violated.
2. Notice. Provide notice to each user whose content is removed, account is suspended, or when some other action is taken due to non-compliance with the service's rules and policies, including the reason for the removal, suspension or action.
3. Appeal. Provide a meaningful opportunity for timely appeal of decisions to remove content, keep content up which had been flagged, suspend an account, or take any other type of action affecting users' human rights, including the right to freedom of expression.
Implementing Security and Encryption
Protecting your users’ privacy requires you to be thoughtful about the data you collect and hold. Security planning and practices are essential to this.
- Start with Security: A Guide for Business [Federal Trade Commission]
- Mobile App Developers: Start with Security [Federal Trade Commission]
- Cybersecurity in the Golden State: How California Businesses Can Protect Against and Respond to Malware, Data Breaches and Other Cyberincidents [California Attorney General]
- Recommended Practices on Notice of Security Breach Involving Personal Information [California Attorney General]
- Lets Encrypt - Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit [Internet Security Research Group (ISRG)]
Copyright and Trademark Issues
If you host user-generated information, you may see demands from copyright or trademark owners seeking to remove that content from your service. This publications can further help you navigate that difficult terrain.
- Who Has Your Back? 2014: When Copyright and Trademark Bullies Threaten Free Speech [Electronic Frontier Foundation]
- One-pager on the Digital Millennium Copyright Act (DMCA) for Startups [CDT]
- List of Service Providers’ Agents to Receive Notification of Claims of Infringement [US Copyright Office]
- Compendium of U.S. Copyright Office Practices, Third Edition [US Copyright Office]
- Text of the Digital Millennium Copyright Act [17 U.S.C. § 512 et seq.]
- Copyright law overview [Stanford Fair Use Project]
- What is Fair Use? [Stanford Fair Use Project]
Your users care about privacy and free speech. In addition to the case studies found in the Primer, here are statistics to help make that case to investors, business partners, and the press.
Internet and device usage, generally
- Pew Research Center Report from 2014: Americans’ Internet Access: 2000-2015
- Pew Research Center Report from 2014: Technology Device Ownership
- Pew Research Center Report from 2013: Internet phone calling is on the rise
- Pew Research Center Report from 2013: Broadband and smartphone adoption demographics
Privacy and surveillance
- Pew Research Center Report from 2015: Americans’ Attitudes About Privacy, Security and Surveillance
- Pew Research Center Report from 2015: Americans’ Privacy Strategies Post-Snowden
- Pew Research Center Report from 2014: The Future of Privacy
- Pew Research Center Report from 2014: What Americans Think About Privacy
- Pew Research Center Report from 2013: Anonymity, Privacy, and Security Online
Social media usage
- Pew Research Center Report from 2015: Social Media and the Cost of Caring
- Pew Research Center Report from 2014: Social Media Usage: 2005-2015
- Pew Research Center Report from 2014: Parents and Social Media
- Pew Research Center Report from 2014: Mobile Messaging and Social Media 2015
Teens and the internet
- Pew Research Center Report from 2015: Teen dating in the digital age
- Pew Research Center Report from 2014: Teens, Technology and Friendships
- Harris Poll from 2015 on behalf of Future of Privacy Forum about student data and privacy
Other polling data
- The Travelers Consumer Risk Index - poll of consumers about top concerns, including on privacy and security issues
- Gallup Risks to Banks From Rise of Digital Banking from 2015
- Pew Research Center Report from 2014: The Internet of Things Will Thrive by 2025
- Tulchin Research Poll from 2015 on behalf of ACLU of Northern California on Californians’ feelings about government surveillance