The most interesting technical detail in this case is the "negative
option" consent problem. Photobucket's theory was that logging in after
a TOS update constitutes acceptance — but the court found the
notification was insufficient for users to knowingly consent to such a
significant change in how their data would be used.
This raises a broader question that affects any cloud storage service:
what level of notification actually constitutes informed consent when
you're retroactively changing the commercial use of data that users
uploaded under a completely different understanding?
The DMCA 1202(b) angle is also underexplored in the coverage —
Photobucket allegedly removed copyright management information from
photos before licensing them. That's a separate and quite serious
exposure that goes beyond the biometric claims.
The deeper issue for users is the fundamental mismatch between
"free storage" business models and long-term data custody. When you
upload to a third-party server, you're implicitly trusting their future
business decisions — decisions made under pressures that didn't exist
when you signed up.
The most interesting technical detail in this case is the "negative option" consent problem. Photobucket's theory was that logging in after a TOS update constitutes acceptance — but the court found the notification was insufficient for users to knowingly consent to such a significant change in how their data would be used.
This raises a broader question that affects any cloud storage service: what level of notification actually constitutes informed consent when you're retroactively changing the commercial use of data that users uploaded under a completely different understanding?
The DMCA 1202(b) angle is also underexplored in the coverage — Photobucket allegedly removed copyright management information from photos before licensing them. That's a separate and quite serious exposure that goes beyond the biometric claims.
The deeper issue for users is the fundamental mismatch between "free storage" business models and long-term data custody. When you upload to a third-party server, you're implicitly trusting their future business decisions — decisions made under pressures that didn't exist when you signed up.