Barnes & Noble Claims That Public User Names Are Private Info; Refuses To Restore Blog With Comments

from the huh? dept

We’ve linked to the Photography Is Not A Crime (PINAC) blog on Pixiq.com many times in the past. To be honest, I had no idea that the site was actually owned by Barnes and Noble — I had assumed that it was just an independent blogging operation. It turns out, however, that B&N hired Carlos Miller, who had written PINAC as an independent blog, and “moved” the blog to Pixiq two years ago. However, it recently chose not to renew his contract, and agreed to transfer the blog back to being independent. Except… that now it’s claiming that it cannot transfer all of the comments on the site because that would somehow violate B&N’s privacy policies (note that link goes to PINAC at Pixiq… but I have no idea where it will go in a week when the “transfer” takes place). At best, B&N says it can transfer the comments but only as “anonymous.”

At first, Pixiq was asking me to sign a document, which stated that the migration of my blog would not include a single comment because of its privacy policy.

But when I protested, Pixiq attorney Gillian Berman said they would make an exception in my case and migrate the comments, but turn every username into “anonymous,” which would make every single comment over the last two years appear to have been left the same person.

This makes no sense. We’re not talking about handing private info over to a third party, but the actual names that people chose to display publicly. Perhaps B&N would have an argument if there’s concern about transferring email addresses or IP address info with the comments — but even that seems like a stretch. People commented on a blog. Transferring the entire blog to a different site doesn’t change any of that — but it’s especially stupid when it comes to public info like commenters’ chosen display names.

It seems like the only explanation I can figure out is that B&N is being incredibly lazy here, and doesn’t want to do the bare minimum amount of work to return the blog to Carlos. We’ve seen a few other blogs “join” different sites in the past, and it seems worth highlighting how the separation can create ridiculous problems like this when a big company decides to make claims that just don’t make any sense.

Filed Under: , , , ,
Companies: barnes and noble

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Barnes & Noble Claims That Public User Names Are Private Info; Refuses To Restore Blog With Comments”

Subscribe: RSS Leave a comment
38 Comments
Anonymous Coward says:

this is basically another case of a company doing exactly what it wants or doesn’t want to do, because it is fully aware that the chances are it can get away with it. the law and politicians are not in the least bit interested in ensuring the people are treated the same as companies and industries, are not interested in backing ‘the little person’, those that voted them into power’ because there is no cheque attached. all companies seem to be the seem. they want their service/product bought and used as much as possible, provided they can dictate the ways in which it is used.

Jim Harper (profile) says:

Not So Obviously Stupid

This has some parallels to the Toysmart case in which a bankrupt dot-com went to sell its customer list, which the Federal Trade Commission alleged would violate its privacy policy.

http://www.ftc.gov/opa/2000/07/toysmart.shtm

The Barnes & Noble privacy policy says: “BARNES & NOBLE DOES NOT SELL OR RENT YOUR PERSONAL INFORMATION TO THIRD PARTIES.” It doesn’t limit that to “private” information or “unpublished” information. ALL personal information, which includes names and arguably handles, which can often be linked back to persons and is thus “personal.” A transfer of personal data under contract is arguably a “sale,” even if no money changes hands.

Given the hostility of the FTC to companies transferring data, the B&N lawyer appears to be making the prudent decision.

Anonymous Coward says:

Not So Obviously Stupid

Aww shucks, don’t go pointing out reality to Mike, he’s in the middle of a good rant. He doesn’t usually let things like the law, rules, or judgement get in his way.

/ sarc

Seriously Mike, you raise all sorts of issues about privacy and stuff, and then you have no problem with B&N selling or giving personally identifiable information to a third party service?

Nice!

Anonymous Coward says:

Not So Obviously Stupid

No, I didn’t miss anything. The guy had a blog, he merged it into B&N, and now is leaving and they are giving him back the rights to it. However, during the interim, those people posting on the blog were in fact dealing with B&N. Now that he wants the blog back, the problem is that B&N cannot give back any user information (not even their names) without risking a privacy violation.

What is key here is that, when guys like Mike go off about loss of privacy and all, it’s this sort of thing that results. The rules are so tight, and the FTC is incredibly nervous in this area, that they are doing very much the right thing to protect their users personal data – all of it.

It’s wonderful when it works out that way.

Anonymous Coward says:

Not So Obviously Stupid

I disagree.

If the comments are there, fr all to see in the public, and that is all that’s moved over (the text is copied over as you would see it in a browser), I don’t see why doing a literal copy and paste would violate anyones “privacy” since it would still be associated with the same blog.

I don’t associate blog comments to the parent company, only the blog, the brand, the community following the blog.

In order for privacy to be broken, something must have been private first. I agree that any back end info shouldn’t get transfered, but publically displayed usernames? Not so much.

G Thompson (profile) says:

Re:

Actually the problem is they are stating this for ALL users, when most of the users have been commentators from the original PINAC blog site and were transferred over to B&N meaning they are actually NOT B&N’s property in first place nor are they B&N clients/customers.

I’m one of them and my comment on the aforementioned post that Carl made a few days ago makes my position vis-a-vis B&N and my rights perfectly clear that they cannot hold my data and their EULA is moot in this instance.

As Mike states in this post here on TD it was NOT made public in any reasonable way that B&N actually owned the PIXIQ website and was a surprise to most of us which is further problematic knowing B&N’s history when it comes to customers, marketing, etc.

Anonymous Coward says:

Re: Re:

“Actually the problem is they are stating this for ALL users, when most of the users have been commentators from the original PINAC blog site and were transferred over to B&N meaning they are actually NOT B&N’s property in first place nor are they B&N clients/customers.”

I think the problem here is that once B&N took over, the users are subject to their terms and conditions. If those changed at any time, users were notified, which creates acceptance of ALL of the terms, like it or not.

The actual funny part here is that the original blog owner may have in some way violated privacy when he merged the blog, although it’s not clear that B&N didn’t buy it outright.

kenichi tanaka says:

Why is this blogger upset at B&N? This blogger is a complete moron. The one question I have is “do you ever back up your blog, files and whatnot”.

I conduct backups on my site periodically. Anyone who operates a website does the same thing. So, why is this idiot upset at B&N?

Don’t blame B&N because you are so much of a boob that you can’t even be bothered to back up your own website.

Anonymous Coward says:

Not So Obviously Stupid

“I don’t associate blog comments to the parent company, only the blog, the brand, the community following the blog.”

Legally, that doesn’t really seem to hold water. Your agreement to post is with the site owner, not the current blog name or whatever.

“In order for privacy to be broken, something must have been private first.”

Depending on the terms and conditions, their privacy police, and the prevailing legal winds, it’s likely that even the user name is “private” but used in a public area – of a privately owned board. I don’t think the users have waived that right even, no matter how small.

tracker1 (profile) says:

Just transfer the public name & comment only

They could very easily send the comment-id, parent-comment-id, the public display name… another export with display-name, salt, sha-256(salt+email-address), and the comment text…

This would allow a user to create a new account on the new site, and could then hash the desired username and email address.. if the name & email (hashed) matches the existing entry, you can attach that user… no privacy lost.

This would also allow you to preserve the comments, with display name.. and allow users to re-claim their comments/accounts… That’s a solution off the top of my head that should be easy enough to implement.

Anonymous Coward says:

Not So Obviously Stupid

I never said anything about the blogs name. Agreement with the site owner, ok, sure. I’m talking about association. That’s why I don’t have a problem, personlly, regardless of what the law says. Apparently the blog was run by the same guy the entire time, if I read it right. I personally would make the association to him, not to B&N. I hink most users weren’t even aware of it. I’m sure some where, but to them they probably thought it was a different host.

Are we honestly going to see someone complain, because the blog comments, and their name with them, are having their ownership transfered?

And I don’t quite think it makes any logical sense that anythin in public is private. If you have to login to see posts, maybe. Even on a private message board. If the world+dog can view it, however privately owned it is does not make that information private, no matter what their privacy policy is. And its just a policy, written down. If your name is visible to the public, no privacy policy has the power to deem that private information after the fact.

nospacesorspecialcharacters (profile) says:

Privacy

Just playing devils advocate here, but I think it’s more to do with email addresses that would be linked to the usernames that left the comments.

Hypothetically, all it would take is just one user who signed up and commented when it was a part of B&N, under the impression that they had given their consent to B&N only, to stir up trouble because their ‘private’ email was being handed to a ‘3rd party’.

So possibly B&N should put out some kind of notice to users and give them a deadline to delete their comments/login if they so wish… I doubt any users would bother – I imagine that might be a solution.

We would be wise to remember all the flack that Google caught when they changed their terms of service (some would say deservedly so).

No easy answer – but maybe a lesson for independent bloggers thinking about working with corporates, with their standard EULA’s and blanket T&C’s.

Carlos Miller (profile) says:

I'm the blogger in question

Hey guys, this is a fascinating discussion. I just want to clarify for the record that all I am seeking in this transition are the usernames, not the IP or email addresses, which are obviously private.

I just want to keep my blog as intact as possible and that won’t be the case if B&N turns every comment into “anonymous.”

Also, during the two years I was under B&N’s contract, I never had access to the back-end, so there was no way I could save data bases, something I always did when I ran the blog on WP.

I did speak to B&N’s attorney today by phone and she seemed very accommodating and said they plan to send out emails to every single commenter, giving them the option as to whether they want their comments and usernames transferred, or only their comments transferred or have nothing transferred at all.

They will give these commenters a few days to respond and if they don’t respond, they will take that as if they don’t care whether the comments get transferred and transfer the comments and usernames.

So that means B&N will extend the contract for a few days or maybe a couple of weeks until everything gets sorted out.

This type of situation is very new to all of us. There is really no case law addressing it. And the subject of comments and usernames were never brought up in the contract, so we’re learning as we go.

But I do want to be fair to B&N that they are working with me in this matter in a very fair way.

Bergman (profile) says:

Not So Obviously Stupid

There are several problems with that view.

First, is that B&N has a contract with Carlos that promises to do exactly what they are now refusing to do.

Second, the terms of service for Pixiq makes clear that commenters own the rights to their own posts, but by posting on Pixiq they are granting Pixiq an irrevocable, non-exclusive royalty-free license to use and copy.

I am a commenter on PINAC, and I posted on the blog that I granted B&N my permission to share the information of mine that it holds that is necessary for such a transfer with Carlos. I am the copyright holder on my posts there, and the privacy interest in the posts is mine alone. I have granted Carlos the license to use my data and posts to the same degree and in the same manner I have granted to Pixiq…and Pixiq is now refusing to allow me to exercise my rights to my works.

Anonymous Coward says:

Re:

Would they have to delete the information if the entire parent company was acquired, rather than just the blog?

If they owned a credit card company or an importer or any company with a customer list, or a vendor list, or whatever — complete with addresses and even handwritten notes — and then sold the company, would they have to anonymize the customers as part of the sale?

The sold entity continues to be bound by the implicit contracts made by the old owner, as well as by applicable law concerning privacy.

Of course, you could offer to sell an office building but refuse to provide the documentation (let us say elevator inspections and security logs). But why would you bother?

And if it’s a repurchase after two years — wouldn’t you have to sell it back on the same terms you bought it?

How is a blog different from this?

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...