January 10, 2020 Privacy
“Hey, Google, What Did I Search for Last Year?”
The failure to understand and make use of social media contextualization has been aided and abetted by e-discovery software weaknesses.
William F. Hamilton
Social media discovery is burdened by the myth of the “killer photo.”
Good social media discovery is supposed to find the equivalent of the selfie posted by an allegedly crippled personal injury victim gleefully skiing downhill at Aspen. This mythological quest for a single killer photo reduces social media discovery to a few random screenshots. Social media discovery, however, is best understood as the full panoply of posted pictures, comments, messages, likes, friends, posts, and other information. Social media artifacts are often the connective tissue of the litigation story. Seemingly disparate, innocuous, random comments in workplace emails suddenly take on a clear meaning when placed in the context of vile, discriminatory social media posts.
The failure to understand and make use of social media contextualization has been aided and abetted by e-discovery software weaknesses. Like other electronically stored information, social media data must be collected and then processed. Both steps are fraught with problems.
Social media companies are shielded from most civil discovery by the Stored Communications Act, 18 U.S.C. ch. 121, §§ 2701–2712. Litigants must resort to making formal discovery requests for social media information. The responding party often engages in imperfect client self-collection because much of social media content is locked behind privacy screens. Notwithstanding a few tools on the market, simple and effective social media collection remains elusive. And processing collected social media presents its own problems. There are hundreds of social media platforms. Coding that processes data from one social media platform may not work for other social media platforms.
Collecting and processing software resembles the “Whac-a-Mole” game. As soon as one social media platform is decoded, others emerge. Or perhaps the social media platform modifies its coding, adds new features, or adjusts the complex hierarchy of access permissions.
The net result is that the e-discovery software industry has not zealously embraced social media. Ironically, as the data world exponentially expanded with new forms of important evidence, the e-discovery software industry continues to focus on office documents. The important linking and connective tissue of social media data remained a mere promise.
Happily, however, a solution has emerged, prompted by an unexpected source, the European General Data Protection Regulation (GDPR). Cross-border discovery compliance has been the focus of most e-discovery GDPR commentary. But another important GDPR requirement has received little e-discovery attention. The GDPR requires social media companies to disclose information the platform maintains about the account holder. Under the GDPR, companies must disclose the information held about you. Many companies have attempted to get ahead of this curve by providing data download portals allowing social media users to download “their” information.
The quantity and quality of this information are astounding. For example, in addition to routine posts, pictures, calendars, contacts, and messages, Facebook and Google provide search and location history. Social media platforms actually hold more information than what is routinely available on a platform’s website. Long-gone Google searches are saved by Google and are searchable as part of your downloaded data.
Your account information may be obtained virtually overnight. On Facebook, simply go to Settings -> Your Facebook Information -> Download Your Information. On Google, simply go to Google Takeout. Voilà! The social media data collection problem is largely solved. The information can be viewed directly in the download folder or uploaded to a traditional e-discovery platform.
Unfortunately, the upload may require some basic vendor programming. For example, Google downloads search history in a .json file and with Unix time stamps. Location information is presented in latitude and longitude readings. However, translation of this information into a more readily usable format requires only basic programming. Litigators should be impressed and excited: GDPR has led to an abundant cache of new potential evidence.
That’s the good news. Unfortunately, there are unanticipated consequences. Fifteen years ago, we learned in the groundbreaking Zubulake v. UBS Warburg decisions that litigation attorneys must guide their clients in the preservation of relevant data locations. Virtually overnight, attorneys found themselves studying data maps and network architecture diagrams to ensure the identification of all potential locations of relevant data. Social media data were always within the scope of the Zubulake preservation duty. However, this mandate was honored more in the breach than with the thoroughness afforded to corporate networks and office documents. But such insouciance is now no longer tolerable or excusable.
Thanks to the GDPR, broad and rich social media information is now readily available to frame, punctuate, and accentuate winning stories. Will the profession continue to ignore this evidence at its own peril?
Copyright © 2020, American Bar Association. All rights reserved. This information or any portion thereof may not be copied or disseminated in any form or by any means or downloaded or stored in an electronic database or retrieval system without the express written consent of the American Bar Association. The views expressed in this article are those of the author(s) and do not necessarily reflect the positions or policies of the American Bar Association, the Section of Litigation, this committee, or the employer(s) of the author(s).