CYBER LAW

Will penalties from user data lawsuits destroy your online business?

If you own a website that collects user data or simply operates online, take caution!

By Peter Lemire

In June of this year, California enacted the California Consumer Privacy Act (CCPA), becoming the first state in the U.S. to pass its own data privacy law. The CCPA act was enacted just one month after the European’s General Data Protection Regulation (GDPR) officially became enforceable. Any relief felt by U.S. companies for completing the arduous task of bringing their business practices into compliance with the GDPR was short-lived—California has plunged headfirst into the privacy arena, and they’re playing by their own rules.

On the surface, it may seem that companies not doing business with California residents or EU citizens remain unaffected and are free to carry on business as usual. However, the enactment of the CCPA could have broad implications for businesses across the country. The public is demanding corporate accountability for cybersecurity and privacy—just ask Mark Zuckerberg, the creator of Facebook. Companies should start contemplating and formulating compliance strategies sooner rather than later. In the realm of privacy and data security, a proactive approach to the management of cybersecurity and privacy risks is best, and may avoid a costly game of “catch-up.”

In order to understand what privacy and personal data management policies should be in place, it is first important to look at what the CCPA requires for compliance. The CCPA has been largely referred to as California’s version of the GDPR, however, the comparison is slightly misleading as there are quite a few differences between the CCPA and the GDPR.  This means that existing privacy policies tailored for the GDPR will not automatically be fit for purposes of complying the with CCPA, and will likely need to be updated to reflect the disclosures and transparency obligations required by the CCPA.

Of course, the first step is determining whether your business is even affected by the CCPA. The CCPA applies to for-profit businesses that collect and control California residents’ personal information, do business in the State of California, and either (a) have annual gross revenues in excess of $25 million, (b) receive or disclose the personal information of 50,000 or more California residents, households, or devices on an annual basis, or (c) derive 50 percent or more of their annual revenues from selling California residents’ personal information.

Although the CCPA’s directives become operative January 1, 2020, in order to comply with the 12-month look-back period for consumer requests, businesses subject to the CCPA will need to begin mapping data and keeping records of personal information beginning January 1, 2019.

Even if the CCPA does not apply to your business, it is still worth having a basic understanding of the CCPA, as other states are following the EU and California’s lead, which could lead to federal involvement. Essentially, the CCPA gives California residents four basic rights in relation to personal information. First, “the right to know” grants the right to know what personal information is being collected, and the right to know whether personal information is being sold or disclosed and if so, to whom. “The right to opt-out” provides for the right to opt-out of the sale of the collected personal information to third parties. Further, minors under the age of 16 must actually opt-in (meaning the sale of personal information is not permitted until consent is expressly provided), and for minors under the age of 13, the consent must come from a parent or guardian. “The right of access” gives consumers the right to have businesses disclose the information collected, the categories of information collected, the categories of third parties with whom the information is shared, the categories of sources of the information, and the business purpose for collecting or selling personal information. Finally, the CCPA provides for “the right of equal service,” which forbids businesses from discriminating against consumers for exercising their right to privacy afforded under the Act.

California’s law is just the tip of the iceberg of what is happening throughout the United States. The GDPR and CCPA have brought concerns of inconsistent and sometimes conflicting privacy laws to life, and present businesses with unnecessarily burdensome compliance challenges. As a result, attempts to lobby Congress to pass federal omnibus privacy and data protection law that would pre-empt the CCPA and other existing and future state data protection laws are currently underway. The U.S. Chamber of Commerce, the Internet Association, a trade group representing leading Internet companies, and the Interactive Advertising Bureau have already all spoken on the matter.

Businesses that are compliant with the GDPR do have a fairly significant head start on complying with the CCPA. However, because there are material differences between the two regulations, even businesses that are “GDPR-compliant” (if there is such a thing) will have additional work to do to prepare for the CCPA. Absent an act of Congress pre-empting the CCPA, businesses who may have dodged the GDPR bullet must now develop robust data management. However, even businesses who have not been affected by the GDPR or CCPA may want to consider taking a second glance at their privacy practices and policies—one way or another, privacy regulation seems inevitable.

If you have questions about how to update your privacy agreements to avoid costly trouble, we are here to help. Please feel free to contact us at (303) 768-0123 or send us an inquiry here.

By | December 19th, 2018|BLOGGING, BUSINESS LAW, CYBER LAW, INTELLECTUAL PROPERTY, OTHER|Comments Off on Will penalties from user data lawsuits destroy your online business?

The perils of third-party IP policy shifts

Gammers Teach us a lesson on the perils of shifting 3rd Party IP Policies.

 

Before Christmas a client gave me a heads up about some new developments in Youtube’s Content ID System that was causing an uproar in the gamming community and others who monetize their YouTube videos.  The conflict stems from what appears to be overally aggressive actions on YouTube’s part to attempt to deal with copyright infringement on its service.  While YouTube’s actions may not directly affect a lot of mainstream businesses, it can serve as a good lesson for those that use 3rd party providers to host and disseminate content for their business and how a change in policies by these third parties can radically affect one’s business.

 

It all started in early to mid-December when content owners started receiving notices that their vlogs (video blogs) were flagged for violating copyright law.  As a result the content was either removed or all revenue created by the post through the hosting of ads was funneled to the copyright owner (often without the copyright owners request).  The main problem with the system is that it is automated and apparently isn’t triggered by a request from the copyright owner.  Therefore, there have been a lot of questionable flagging, some of which most likely constitute fair use.  One of the more humorous responses (at least in my opinion) was posted by a YouTube user here: http://www.youtube.com/watch?v=JQfHdasuWtI  (Caution NSFW).  Personally, I like the example of a video interviewing representatives from the game Tomb Raider that gets flagged because there are images of the game and sound from the game in the background.  Others that have been flagged are reviews of products that might include a brief clip or a screenshot of a user interface.

 

The YouTube policy once again puts the concept of fair use in the spotlight.  The fair use doctrine, allows for use of copyrighted works without the copyright owners permission in certain circumstances.  In general use for purposes such as criticism, comment, news reporting, teaching, scholarship or research are generally not considered an infringement of a third parties copyright.  The rationale is that the 3rd parties use is not merely to copy but to use limited pieces of the work in a transformative way by incorporating it into a new work.  The trick is, in an age where so much content is being generated how do you separate the truly infringing works from those that would fall under fair use.  With millions and millions of videos on YouTube, it is certainly a daunting task. Often time companies cast a very broad net with the knowledge that some legitimate use will be included.

 

The YouTube situation is another manifestation of the clash between content owners and those who wish to use small amounts of the pre-existing content in an on line context.  For example, an online retailer may want to show screen images of a certain video game to potential customers, or may want to create on-line reviews of the games or computer programs in order to help their customers make purchasing decisions. In the context of a product review, the use of those images or video most likely would fall under the preview of fair use.   If you are a big enough retailer, you may simply host those review on your own website and you most likely would not be affected.  However, smaller enterprises often times rely on YouTube to actually host the content, even if the company includes an embed link to the video on its home page.  Therefore these companies and individuals are at the mercy of YouTube’s intellectual property policies and user agreements, which have and continue to evolve over time.  Essentially, a business that relies on you tube i) exclusively to provide its content based product or ii) uses YouTube essentially as a hosting platform for its content based marketing materials is always subject at some level to YouTube and Google’s (YouTube’s parent company) prevailing views of intellectual property rights.  This can subject businesses to great harm, if the business has not made other preparations.  For companies that provide video product reviews for their customers, they may want to consider hosting the content on their own website as opposed to exclusively on YouTube or Facebook.  Failure to do so can put businesses behind the eight ball in the event the tech company they are relying on has a sudden change in policy.

By | January 29th, 2014|COPYRIGHTS, CYBER LAW, Fair Use, INTELLECTUAL PROPERTY|0 Comments

A fool’s bargain: Part 2 – Think before you sue

In the first part of this article, I discussed what trademarks are, what they protect and what factors courts generally use to determine if a trademark has been infringed.  In this installment I will be discussing how courts have dealt with the rise of keyword advertising and the use of trademarks in keyword advertising.

In the early days of the keyword advertising cases, the courts struggled with some threshold concepts, such as whether bidding on someone else’s trademark was a use in commerce. Some courts said yes, and some said no. After many years, everyone seems to agree that even though the consumer never sees the keyword bidding process, that the act of bidding on another’s trademark as a keyword is a use in commerce.

The next question is whether the company’s actions cause a likelihood of confusion. The situation in which the ad text doesn’t mention the trademark is almost universally accepted as not causing a likelihood of confusion. But what about ads that do mention the trademark?  This situation is a little less cut-and-dry and this is where society’s use and understanding of technology starts to play a role.

Whenever courts are dealing with novel legal questions, they often try to look back to something that is known to compare the current situation to. The legal arguments start to become a battle of analogies. Sometimes they can get quite humorous. In the key word advertising context, several competing analogies have evolved. One is of a driver driving down a desolate highway (picture something on Route 66 in New Mexico) that sees billboard advertising that a store sells a certain product – for example, Coca-Cola.

The driver exits the highway and drives a few miles to the store. When they get to the store, the driver finds out that the store does not sell Coke, but instead sells their own house brand cola.  Tired, dejected and thirsty, the driver buys the house brand cola, turns around and drives back to the highway.

Early courts advocating this analogy often found trademark infringement for use of a trademark in the ad text. The rationale was that just as the driver was duped to exit the highway and drive to the store expecting to buy a Coke, so to are Internet users who type search queries into a search engine expecting to find a certain product and upon landing on a website; they too are so tired, dejected and thirsty that they buy the “house cola” instead of the cold refreshing Coke that they were originally seeking.

While the above analogy works well for misleading billboards and weary interstate travelers, it doesn’t necessarily represent the realities of the Internet world and online advertising, at least not in its current state. It is conceivable that in the early days of the Internet, people just shopped at the first site they came across. But as time has gone on, consumers searching habits have evolved and become more savvy.

As this has happened, the transaction costs of searching on-line have dropped and the billboard example has become less and less appropriate.  In the billboard example the consumer purchases the house brand cola because the transactions costs are too high – they would have to drive back to the highway, go down to another exit and try a different store.

It is much easier to buy the house brand cola, even though it was not what they were looking for. One of the great benefits of the Internet is that it vastly reduces transactions costs. Almost an infinite amount of information is available to users at the click of a button. If someone does a search click on a result and doesn’t get what they are looking for, the remedy is as simple as clicking the back button on their browser.

Consequently, the analogies used by courts have also changed. One of the more prominent ones is that of a consumer at a drug store where the brand name medication sits right next to the generic store brand with its packaging that says “same active ingredient as ____”.  In these cases, the courts rationalize that the use of the competing trademark benefits society in that it gives consumers more options to choose from. Since the consumer is not confused by the presence of the generic medication and understands that it is an alternative to the branded medication, the use of the trademark on the packaging is not considered a trademark infringement.

Our analogy in arguing the General Steel case is that search engine results and keyword advertising are more like a menu, where the possible choices are presented before a consumer and that the consumer can pick or choose the ones that fit their needs. If they click an ad that they think is for the product they want and it leads to a different product, they can easily hit the back button, chose another item off the menu and see if that takes them where they need to be. Courts have come around to this reality and the changing direction in trademark law reflects it.

So what is a company to do?  If you are a trademark owner, it’s best to get used to other companies using your trademark as a keyword. That’s just life in the digital age. As for mentioning the trademark in the ad text, we will have to wait and see. Things seem to indicate that those types of activities will be allowed as well. However, one thing can be guaranteed – trademark owners will not like that sort of activity and will more likely take issue with it and potentially even continue to sue on it. However, the odds are that those trademark holders will continue to lose.

For trademark holders, it is probably wiser to develop other strategies to deal with keyword advertising than to spend massive amounts on litigation and enter into a fool’s bargain. As with any sort of trademark matter, it is always important for business owners to seek out the advice of qualified trademark counsel before embarking on any keyword advertising or other marketing strategy. Failure to do so could end up costing a company in the future.

By | September 25th, 2013|BLOGGING, CYBER LAW, TRADEMARKS|0 Comments

A fool’s bargain: Part 1 – Should you sue over keyword advertising?

A Fools Bargain: Want to Sue Over Keyword Advertising?  Think Again.

 

One thing is guaranteed, the law will always lag technology.  That’s just the way it is.  However, eventually the law catches up and usually comes up with the right result.  Such is the case with paid search advertising such as Google Ad-words.  In case you have been living under a rock for the past decade, paid search advertising is where a company purchases web based advertising that is triggered by users typing certain keywords into a search engine.  When the user types in their query the search engine will display the paid ads in addition to the organic search results.  The ads generally contain a few lines of text and will have a link that directs you to the advertiser’s website.  Advertisers pay per click and the dollar amount paid as well as the order in which the ads are displayed are determined through a bidding system.  One of the most common practices and thus far controversial practices is to bid on competitor’s names as keywords.  Recent decisions have indicated that while this practice may be annoying to trademark holders, such activities are not a violation of trademark law.

 

Before going much further I must disclose that our firm is involved in one of the most recent and broadest reaching decisions in this area in the case of General Steel Domestic Sales, LLC v. Chumley, 2013 WL 1900562 (D.Colo. May 7, 2013).  Since the case is still ongoing with post-trial activities I will not comment specifically on it, but it is available for your reading pleasure at http://digitalcommons.law.scu.edu/cgi/viewcontent.cgi?article=1382&context=historical.  However, the case does represent the continuing evolution in the law and acknowledges that as a society our use and understanding of technology is also an evolutionary process and as consumers in the marketplace our sophistication also increases as technology advances.

 

When dealing with keyword advertising, they basically come in two flavors: 1) cases in which an ad is trigger by keyword that utilizes a competitor’s trademark, but does not mention the trademark in the text and 2) one in which the person is so brazen (insert sarcasm) as to use the trademark as a keyword and mention the trademark in the ad text.  In the past there have been decisions regarding merely using a competitor’s trademark to trigger an ad, but very few cases dealt with using a competitor’s trademark in the ad itself.

 

In recent years there has been a lot of confusion amongst trademark owners about what these rights actually cover.  We have seen an increasing rise in what a commonly called trademark bully’s.  These are individuals or companies that take an overly broad and often time unjustifiable position concerning the breadth of their rights.  A lot of times trademark owners feel as if they “own” words, phrases or symbols and that no one can ever use the same or similar marks– ever.   Contrary to these positions, trademark law does not solely exist for the benefit of the trademark holder.  In fact, the thrust and most important aspect of trademark law (as recited by courts) is to present consumer confusion about the source or sponsorship of goods or services.  Trademarks are an exclusionary right, meaning that a trademark owner can prevent others from using a mark that causes confusion amongst consumers as to the source, sponsorship or endorsement of the goods or services in question.  If there is no confusion or a likelihood of confusion, then there is no trademark infringement.  Therefore as our society changes and evolves so does the concept of what trademark infringement is.

 

In the early days of the keyword advertising cases the courts struggled with some threshold concepts such as was bidding on someone else’s trademark a use in commerce.  Some courts said yes and some said no.  After many years everyone seems to agree that even though the consumer never sees the keyword bidding process, that the act of bidding on another’s trademark as a keyword is a use in commerce.  The next question is whether the company’s actions cause a likelihood of confusion.  The situation in which the ad text doesn’t mention the trademark is almost universally accepted as not causing a likelihood of confusion.  But what about ads that do mention the trademark?  This situation is a little less cut and dry and this is where society’s use and understanding of technology starts to play a role.  Whenever courts are dealing with novel legal questions, they often try to look back to something that is known to compare the current situation to.  The legal arguments start to become a battle of analogies.  Sometimes they can get quite humorous.  In the keyword advertising context several competing analogies have evolved.  One is of a driver driving down a desolate highway (picture something on Route 66 in New Mexico) that sees a billboard advertising that a store sells a certain product, let’s say for example Coca Cola.  The driver exits the highway and drives a few miles to the store.  When they get to the store the driver finds out that the store does not sell Coke, but instead sells their own house brand cola.  Tired, dejected and thirsty the driver buys the house brand cola, turns around and drives back to the highway.  Early courts advocating this analogy often found trademark infringement for use of a trademark in the add text.  The rationale was that just as the driver was duped to exit the highway and drive to the store expecting to buy a Coke, so to are internet users who type search quarries into a search engine expecting to find a certain product and upon landing on a website, they to are so tired, dejected and thirsty that they buy the “house cola” instead of the cold refreshing Coke that they were originally seeking.

 

While the above analogy works well for misleading billboards and weary interstate travelers, it doesn’t necessarily represent the realities of the internet world and online advertising, at least not in its current state.  It is conceivable that in the early days of the internet, people just shopped at the first site they came across.  But as time has gone on, consumers searching habits have evolved and become more savvy.  As this has happened the transaction costs of searching on-line have dropped and the Billboard example has become less and less appropriate.  In the billboard example the consumer purchases the house brand cola because the transactions costs are too high – they would have to drive back to the highway, go down to another exit and try a different store.  It is much easier to buy the house brand cola, even though it was not what they were looking for.  One of the great benefits of the internet is that it vastly reduces transactions costs.  Almost an infinite amount of information is available to users at the click of a button.  If someone does a search clicks on a result and doesn’t get what they are looking for, the remedy is as simple as clicking the back button on their browser.

 

Consequently, the analogies used by courts has also changed.  One of the more prominent ones is that of a consumer at a drug store where the brand name medication sits right next to the generic store brand with its packaging that says “same active ingredient as ____”.  In these case the courts rationalize that the use of the competing trademark benefits society in that it gives consumers more options to choose from.  Since the consumer is not confused by the presence of the generic medication and understands that it is an alternative to the branded medication, the use of the trademark on the packaging is not considered a trademark infringement.  My own analogy that we used in arguing the General Steel case is that search engine results and keyword advertising are more like a menu, where the possible choices are presented before a consumer and that the consumer can pick or choose the ones that fit their needs.  If they click an ad that they think is for the product they want and it leads to a different product they can easily hit the back button, chose another item off the menu and see if that takes them where they need to be.  Courts have come around to this reality and the changing direction in trademark law reflects it.

 

So what is a company to do?  Well if you are a trademark owner, you better get used to other companies using your trademark as a keyword.  That’s just life in the digital age.  I would suggest that you do the same.  As for mentioning the trademark in the ad text, well we will have to wait and see.  Things seem to indicate that those types of activities will be allowed as well.  However, one thing can be guaranteed – trademark owners will not like that sort of activity and will more likely take issue with it and potentially even continue to sue on it.  However, the odds are that those trademark holders will continue to loose.  For trademark holders it is probably wiser to develop other strategies to deal with keyword advertising than to spend massive amounts on litigation and enter into a fool bargain.  As with any sort of trademark matter, it is always important for business owners to seek out the advice of qualified trademark counsel before embarking on any keyword advertising or other marketing strategy.  Failure to do so could end up costing a company in the future.

By | September 11th, 2013|BLOGGING, CYBER LAW, GENERAL INTEREST|0 Comments

Got content for kids? You better get to know the new COPPA

If you say “COPPA” to somebody who works in the business of providing online content to kids, they will instantly know exactly what you are talking about, and it might cause them to have a panic attack. Due to regulations promulgated by the FTC this past December, many more business owners will need to become familiar with the law, the associated regulations and their requirements.

The Child Online Privacy Protection Act (“COPPA”) was passed in 1998. The purpose of the bill was to regulate how online businesses collected and used personal information of children under age 13. The act sets forth requirements for what must be disclosed in privacy policies and mandates that covered businesses seek verified consent from parents prior to obtaining any information from children under 13 years of age.

Originally, the act applied to commercial content providers that focused primarily on delivering  content to children. Therefore, the “Dora The Explorer” website would have to adhere to COPPA, but Facebook, which requires its members to be at least 18, does not. This distinction made determining whether a company was subject to the COPPA regulations relatively easy. Additionally, to add a bit of extra clarity, many companies include a statement in their Terms of Service or Privacy policy that their website is not intended to be used by those under 13. By and large, that would make sure that a company was not subject to COPPA.

In December the FTC announced final regulations that will go into effect on July 1, 2013 that will exponentially expand the reach of COPPA in terms of who and what technologies will be subject to the regulations. The regulations no longer apply just to content providers that derive significant portions of their revenue from providing content to children, but apply if the content is directed at children under 13, regardless if it is 100 percent of the content or just a portion of the content made available by the provider.

In determining whether the content is directed at children, the FTC will look to the subject matter, visual content, use of animated characters, child oriented activities or incentives, the nature of any audio content and other “kid-centered” characteristics.  Furthermore, the FTC will also look at empirical evidence regarding the composition of the actual audience for the material (thereby creating the possibility that a content provider may be inadvertently subject to COPPA just because many under 13-year-olds visit the site, even though the site provider never intended the content to be “directed” to children). Companies can be subject to COPPA even if a small fraction of their overall content is directed at children.

The FTC also broadened the scope of technology that falls under COPPA. Under the new regulations websites, parts of websites and even cell phone and tablet apps are covered under COPPA. The FTC also greatly broadened the definition of what constitutes “personal information,” which triggers an operator’s obligation to first obtain verified parental consent.

Back in the good old days, personal information was pretty much confined to the basics: name, date of birth, social security number, address, etc. Now any data that could be reasonably used to reveal the identity of the child is covered by COPPA, as long as it is not collected and maintained purely for the operation and maintenance of the website.  Basically this covers widely used tracking tools such as cookies, javascript tags, flash cookies and beacons. Additionally, in the cell phone app world, this would mean device IDs and other persistent identifiers. This can have major implications for ad-brokers, ad-networks, social networks and any other company that shares data with third party services.

If a content provider is subject to COPPA, the provider must obtain verified parental consent prior to collecting personal information from anyone under the age of 13. The new regulations include many new technological options, such as scanned signed consent forms, video-conferencing, or sending an email requesting consent with a delayed confirmation of the consent sent to the parent. As one can see, none of these methods are particularly painless, and they require substantial investment and forethought by the content provider.

In the next six months, it will be important for business owners to take stock of the electronic content they are producing and whether that content may subject them to the new COPPA laws. The federal government has been ramping up COPPA law enforcement in recent years. Companies such as Ms. Fields Cookies, Hershey, and Girls Life, Inc. have been slapped with COPPA enforcement actions. UMC Recordings, Inc. was fined $400,000 for COPPA violations in connection with a website that promoted then 13-year-old music star Lil’ Romeo.  As silly as it sounds, under the law Lil’ Romeo had to get his parents’ permission before signing up for his own website.

With the broadening of the regulations, expect enforcement actions to continue and most likely exponentially increase in the years to come. Make sure your company isn’t added to the ever growing list of companies that were bitten by that little known law called COPPA.

By | January 28th, 2013|BUSINESS LAW, CYBER LAW, GENERAL INTEREST|0 Comments

The perils of public-generated content

There is a well-known phrase known to businesses relying on the internet to help drive marketing and sales: “Content is king.”

That phrase has expanded, in the wake of businesses turning to Facebook and YouTube and in the development and use of better consumer digital cameras and video. That new and improved phrase is this: “User-generated content is king.” Soliciting user-generated content (UGC) is often an attractive marketing strategy: It engages customers and cultivates much-desired online content for a business all at the same time.

Some companies have come to regret that marketing move, however, as users who generate content are bringing suit when their material appears in future advertising, marketing or other company collateral, as McDonalds recently found out.

In the McDonald’s case, the wheels were set in motion in 2008 when McDonald’s hosted a “Big Mac Chant” contest on MySpace. Contestants created videos of their chants and uploaded them to the website. One participant, Daniel Calden uploaded a video of him in sunglasses with a sock puppet singing “Big Mac. Big Mac. Big Mac.  Everybody wants to eat a Big Mac.” Nothing came from the entry, although a few days after it was submitted it was removed, and Mr. Calden’s inquiries with McDonald’s and their marketing firm went unanswered.

A year later, McDonald’s launched a commercial involving a fish mounted on a wall singing to a man about wanting a Filet-o Fish sandwich. Three years later, Calden filed suit against McDonald’s and their marketing company for theft of intellectual property, breach of the contest contract, copyright infringement and a host of other theories. (Interestingly, the statute of limitations on a copyright infringement case is three years.) McDonald’s fired back with a motion to dismiss the claims, citing among other reasons, that the works are not similar in the least except that both works contained men, non-human characters, and music about McDonald’s sandwiches.

Probably the McDonald’s case is one where the plaintiff is fishing for a settlement.  However, it serves as a good example of the perils of soliciting UGC. No doubt McDonalds crafted their contest contract in a careful manner, which will definitely help them in the case, however even careful drafting might not prevent a business from being sued. While wanting to be involved with customers on a more interactive basis is an admirable objective, business owners must remember that generally people are passionate about their creations and creative works. They can and often do get very possessive and angry if they feel they have been taken advantage of – even if they assigned their rights to the company in the contest rules. Something that might make good business sense to a marketing professional may leave a customer feeling cheated, taken advantage of, or betrayed.

The worlds of contests and UGC also have a lot of legal issues associated with them.  Contests are subject to state gaming laws and can potentially lead to serious liability for illegal gambling if not structured correctly. Additionally, a business will want to make sure that it owns any UCG submitted and that the contestant is not entitled to any additional compensation other than what is provided for in the contest rules – even if they are not the contest winner.

These contracts need to be tightly drafted. Otherwise a company could wake up with a much-enlarged audience resulting from an online initiative, but simultaneously be subject to not just intellectual property violations, but illegal gaming issues as well.

“Content is King,” still applies, but care and caution could help a company’s online efforts from also becoming costly.

Avoidance: Understandable, but Often Painful

This is about pain — the avoidable kind.

Lawyers can get a bad rap for shark-ism and sometimes, that’s fair. In this case, however, the pain is shared across the board, by both the lawyers and the clients. No one, including a hard-working and ethical attorney, likes seeing people have to spend blood, time and money on heartbreak and angst that is fairly easy and cheap to avoid.

Our firm has been involved in a number of litigations that were very costly to our clients, but which could have been avoided. For the most part, those costs could have been side-stepped if the clients had engaged an IP attorney to help them set up intellectual property policies and procedures; properly protect the intellectual property (IP); and clearly define ownership.

Human nature being what it is and cash always being tight in a young growing company, non-essential tasks and expenditures are often put off as more pressing fires are fought. This short-sightedness, however, can come back to haunt. It can be painful to witness.

The math is simple: An IP attorney review of website content may cost up to $1000, depending on its size. However, if one or more third-party photos are found on the site, an expensive five- or six-figure copyright infringement settlement could be immediately eliminated.

Moreover, seeking the blessing of an IP attorney and filing for trademark registration before settling on a brand for a new product or service might set an enterprise back less than a couple thousand dollars, but could save hundreds of thousands of dollars in litigation when, for example, a well-heeled competitor decides the brand is too close to one of theirs.

Registering copyrights for important materials and images typically cost a few hundred dollars each. It’s money well spent. Doing so can deter competitors from copying all or in part of the fruits of a business’ hard work and expenditures. Infringement could cost $150,000 per instance in statutory damages.

A business that institutes and follows a trade secrets policy that includes non-compete agreements with key employees might cost a few grand, all said and done. However, instituting a trade-secrets policy could prevent employees from being able to take specific knowledge learned while employed to a competitor. Not doing so, can cause a business to lose a competitive advantage worth hundreds of thousands if not millions of dollars over time.

Having clear and concise intellectual property clauses drafted for use in contracts with third party contractors sets an organization back a few saw bucks. Alternatively, the matter often ends up in federal court as the business and the contractor both claim ownership to a valuable piece of IP. If lucky, the experience will settle before trial and a company may only be out a $100,000 or so.

Many a wise business owner understands these warnings, but immediate demands call out.  The phone rings or a colleague comes into the office, or a deliverable needs immediate attention. Several years later, a complaint and the prospect of spending hundreds of thousands of dollars defending the company in court presents itself.

Sometimes an ounce of prevention truly is world’s better than a cure. No one likes to watch money eaten up after-the-fact on avoidable circumstances. IP protective measures can and often are an easy and preventative business strategy — and the truth is that everyone, including good lawyers, feel better about that.

Kurt Leyendecker is a founding member of the intellectual property law boutique, Leyendecker & Lemire. Leyendecker & Lemire specialize in patents, trademarks and related complex civil litigation. Kurt Leyendecker can be reached directly at 303.768.0123 or kurt@coloradoiplaw.com. Visit www.coloradoiplaw.com for further information, including Leyendecker & Lemire’s weekly blog, “Control, Protect & Leverage.” 

Caution: You’ve been hacked—and sued

The newest legal challenge on the horizon for businesses may be the rise of what is known as “The Copyright Troll.”  Copyright Trolls are generally companies formed by attorneys whose sole purpose is to secure the enforcement rights from content providers (usually movies) and then find infringers (using a special software) — wherein those same attorneys sue the infringers in federal district court.

Simply put, these lawyers build a list of people who illegally download things like movies or photographs and when they’ve built a list, they sue them all on behalf of the movie maker.

A few years back, the movies were pretty high brow, usually independent films that were nominated for Academy Awards. The Hurt Locker is an example. The Trolls filed suit naming several hundred John Does, subpoenaed the infringers’ ISP for the account information corresponding to the IP address that downloaded the movie, and sent out a demand letter.

In truth, a lot of the alleged infringers probably downloaded the movie, which is illegal. The amounts to settle were relatively low — $1,500 -$2,500.  The infringers sheepishly paid the money and learned a bit of a lesson to share with their kids: Don’t steal other people’s copyrighted creative work.  It’s a bit of a slick business model:  Everything is geared for economies of scale and the demand was priced low enough that it didn’t make economic sense to fight it.

However, the current iteration of The Troll takes the business model to another level.  The movies are not as high-brow and generally involve pornography. This change has introduced a shift in the demographics of people coming into our offices with demand letters.

Gone were the thirty-somethings that were good with technology and downloaded pirated movies using bit torrent software even though they knew it was wrong. They were replaced with retirees – grandmothers and great-grandmothers who are not so computer savvy.  By and large, these older folks also have unsecured wireless networks, so neighbors or other third parties download the content using their network.

An additional twist: Most consumer wireless routers do not extend back far enough to provide the alleged infringer with the exonerating evidence of who actually downloaded the content. Additionally, the demands are still relatively low when compared to the cost to legally fight the allegations, but also high enough to cause pain to those on a fixed income.

Here’s the ugly, new situation nearly anyone with a computer can face: A client of ours was out of the country with no one home when a download supposedly took place —some allegedly downloaded pornography on their computer. They received a demand letter from a Troll for $8,000.

Does the elderly couple fight the allegation or pay the eight grand? To prevail, the Troll/plaintiff must prove that the defendant (our client) actually infringed the copyrights, so the accuser must work to win. But once named in a federal lawsuit a defendant is going to be spending money regardless – either they settle the case or they have to defend it. Getting you out of the case will costs thousands at a minimum and more realistically will be in the tens of thousands of dollars.

These instances are concerning because they are also beginning to show a sophistication in those committing the infringement – the ability to utilize viruses or hack passwords. Additionally, the demands from the Trolls seem to be going up as well.  We expect to see demands go even higher than $8,000.00.

While most WIFI routers have the ability to have pretty good encryption that would withstand a brute force attack, must businesses do not use strong enough passwords.  A thirteen character password that is made up of random numbers and letters is generally recognized as being sufficient. Anything short of that and you are most likely at risk. Readily available programs can break weak passwords in under an hour.

Moreover, business owners need to make sure their work computers and any machine that connects to its network are free of bit torrent software, as they could be liable for the infringing acts of their employees.

Finally, businesses should always have up-to-date virus software on all of their computers and perform routine scans to minimize the chance that a third party is entering the network through an infected machine. Not only do these precautions prevent the potential theft of your business data, they can help prevent you and your business from landing in the middle of a German pornography copyright infringement lawsuit. And that ain’t pretty — or cheap.

Clash of the tax and retail titans

Since I counsel a lot of online businesses, including online retailers, I am often asked about the sales tax implications of online sales. Generally speaking, the answer is pretty easy: If you are a Colorado business and sell goods to individuals residing in Colorado, then you have to collect Colorado sales tax and the appropriate county and city taxes from the consumers and remit the sales tax to the appropriate taxing authority.

Technically speaking, Colorado consumers are supposed to report and calculate the value of goods purchased from out-of-state business and pay the state government the appropriate tax. Of course, no one does this, and the state has no way of knowing how much each taxpayer purchases and how much tax is owed.

In an attempt to capture all of these unpaid taxes, the state passed what became known as the Amazon Tax in 2010. The Amazon tax required internet retailers to collect the sales tax from Colorado consumers, or in the alternative, notify each Colorado customer and the State in writing that they owed sales tax on their purchases and provide the customer with a list of all goods purchased by the customer and the amounts spent.

The Amazon Tax poses many issues for large and small online businesses alike. In the case of a large retailer such as Amazon, the task of complying with Colorado’s law is mammoth, due to the enormous volume of transactions the company processes. It would force Amazon to specifically set up unique systems just for Colorado customers.

If every state enacted differing laws concerning the collection of sales tax with differing requirements, it could be a nightmare for large nationwide retailers. Likewise, for smaller online retailers, the Amazon Tax potentially poses a large cost burden in acquiring the systems that would allow the collection of the tax, or complying with the notice requirements.

Enter the U.S. Constitution and the commerce clause. The commerce clause is getting a lot of press these days because of “Obamacare,” but it is also intimately connected to online commerce. In this instance, we are concerned with what is called the reverse commerce clause – basically the theory that state laws cannot place an undue burden on interstate commerce (commerce between states).

In March, Federal District Court Judge Robert Blackburn tossed out the law, stating, “I conclude that the veil provided by the words of the act and the regulation is too thin to support the conclusion that the act and the regulations regulate in-state and out-of-state retailers even-handedly,” and that the law and regulations “impose an undue burden on interstate commerce.”

This ruling confirms what scholars and commentators have said for a long time – any sort of taxation on internet sales has to come from a national level. Given the plethora of issues already being debated at the national level, I think online retailers are safe from any additional government involvement – at least for a little while.

A Tip From a Colorado Internet Attorney: Website Owners Beware – What You Promise To Do May Cost You

In general, the federal communications decency act has two provisions that provide very strong liability protections for service providers, to the extent that that protection was once thought to be invincible.  However, recent cases have shown that service may be liable if they promise to take corrective action, but fail to follow through.

The first protection offered by the CDA is that a service provider is not held liable for content published on its website by 3rd parties, even if that content is false or slanderous.  The second protection is that a website operator cannot be held liable for removing 3rd party content it determines is objectionable.  Notwithstanding these protections, two different courts have recently allowed suits to go forward when a website provider promised to remove certain content, but then failed to follow through on the promise.  The first suit involves the posting of false ads on craigslist which falsely identified an individual as openly gay and invited sexual liaisons.   When the aggrieved party contacted Craigslist, Craigslist representatives agreed to take down the posts, which they did, but they also agreed not to allow any future posts with the user’s information without express consent.  1 month later more slanderous posts appeared without the users consent.  The court said that notwithstanding the immunities provided by the CDA, a service provider can be held liable for failing to follow through on its promises (promissory estoppel).  Likewise, in a case against Yahoo, a woman filed suit after an ex-boyfriend posted fraudulent profiles of the woman on Yahoo.  Yahoo had promised to take the profiles down, but failed to do so until after the woman filed suit.  The court once again denied Yahoo’s motion to dismiss based on the theory of promissory estoppel.

The take away from website owners is that if you promise to take material down, you need to follow through – or else the aggrieved party can sue you. Once you agree to remove material you have essentially waived the protections granted to you by the Communications Decency Act.  Website owners will also want to make sure that all of their employees are aware of the ramifications of agreeing to take down material and then not following through.  In fact the course of action with the least amount of risk for a website owner might very well be to never agree to remove any content period.

By | November 3rd, 2010|BUSINESS LAW, CYBER LAW, GENERAL INTEREST, OTHER|0 Comments