The most interesting technical detail in this case is the "negative
option" consent problem. Photobucket's theory was that logging in after
a TOS update constitutes acceptance — but the court found the
notification was insufficient for users to knowingly consent to such a
significant change in how their data would be used.
This raises a broader question that affects any cloud storage service:
what level of notification actually constitutes informed consent when
you're retroactively changing the commercial use of data that users
uploaded under a completely different understanding?
The DMCA 1202(b) angle is also underexplored in the coverage —
Photobucket allegedly removed copyright management information from
photos before licensing them. That's a separate and quite serious
exposure that goes beyond the biometric claims.
The deeper issue for users is the fundamental mismatch between
"free storage" business models and long-term data custody. When you
upload to a third-party server, you're implicitly trusting their future
business decisions — decisions made under pressures that didn't exist
when you signed up.
FabienBSDN•1h ago
This raises a broader question that affects any cloud storage service: what level of notification actually constitutes informed consent when you're retroactively changing the commercial use of data that users uploaded under a completely different understanding?
The DMCA 1202(b) angle is also underexplored in the coverage — Photobucket allegedly removed copyright management information from photos before licensing them. That's a separate and quite serious exposure that goes beyond the biometric claims.
The deeper issue for users is the fundamental mismatch between "free storage" business models and long-term data custody. When you upload to a third-party server, you're implicitly trusting their future business decisions — decisions made under pressures that didn't exist when you signed up.