In the latter portion of 2017, announcements from both business and government have drawn renewed attention to the gradually increasing focus being paid by the Chinese government to protection of foreign intellectual property rights. In early August, U.S. sportswear giant Under Armour generated press from a favorable ruling out of a Chinese court in a trademark infringement lawsuit with Uncle Martian, a Chinese company. A few days later, it was reported that the Trump Administration was eyeing another aspect of China’s policies towards intellectual property protection – those requiring joint ventures and other mechanisms to increase the flow of intellectual property from U.S. and other foreign companies into business entities and computer servers on the Chinese mainland. For a non-Chinese company looking to enter the Chinese market, expand an existing presence there, launch R&D facilities in China or otherwise, how should these developments affect those strategy decisions? (more…)
On July 1, 2017, an important grace period terminated for Canada’s Anti-Spam Law (CASL), which initially took effect on July 1, 2014. The beginning of this month marked the end of the two-year grace period for entities to rely on “implied consent” as a basis for sending commercial electronic messages to potential customers, donors, clients or the like. Going forward, entities will need to obtain express consent from all email recipients, or expunge “stale” contacts to avoid potential violations of CASL. A private right of action against offenders that was also set to become available on July 1, 2017 has been put on hold indefinitely subject to Canadian government review. (more…)
The U.S. Copyright Office announced yesterday its new online registration system for designated agents. Online service providers designate agents to receive notifications of claimed copyright infringement. As of December 1, 2016, the Copyright Office no longer accepts paper applications for agent designation. Service providers who previously designated agents in the existing directory have until December 31, 2017 to register in the new online directory.
Online service providers, including websites and online platforms that allow users to store material on their systems, risk liability for direct or contributory copyright infringement from third party materials posted by users without permission. Since users often do not understand or care about copyright law, an unwary service provider (who often appears to have deeper pockets) may have a rude awakening when it finds itself the sole defendant in a copyright litigation over unauthorized photos or other user generated content posted on its website by a user.
On September 25, 2014, the Internet Corporation for the Assigned Names and Numbers (ICANN) granted the application of fTLD Registry Services (FRS) to operate a new Top Level Domain (TLD) exclusively for the banking industry: .bank. When general registration for the new TLD opens next year, banks and other members of the banking community will be able to operate through custom websites such as Local.bank, as opposed to the traditional LocalBank.com. To avoid the internet land rush for .bank extensions expected during the general registration window, banks with federally registered trademarks can get a 30-day head start towards TheirTrademark.bank by applying (and paying) for a spot on ICANN’s Trademark Clearinghouse registry. (more…)
Last year I posted about how even small and midsized companies can use the Madrid system to extend protection of their U.S. trademark registrations overseas. To recap, the Madrid System allows trademark owners to file a single application seeking an International Registration with the World Intellectual Property Organization (“WIPO”) and then enables registrants to designate other member countries in which they want protection for their brand. The system is administrative in as much as the trademark authority in each member country still reviews and grants (or more likely simply doesn’t reject) each application. Still the cost savings can be significant as compared to filing and obtaining protection in each country individually and the system has been a success in the international community. Perhaps indicative of our increasingly global economy, 2011 saw 42,270 international trademark applications filed under the Madrid system, highest number ever filed in a single year and a 6.5 % increase over 2010.
One drawback has been that South and Central American Nations have, until now, been entirely absent. This may be changing as, on June 11, Columbia became the 87th member country of the international trademark system and the first in South America. Beginning on August 29, 2012, U.S. trademark registrants will be able to designate Columbia under the Madrid Protocol in order to obtain protection there. Mexico also recently completed the domestic legislative processes necessary to pave the way to accession to the agreement, as did India and New Zealand.
With summer around the corner, it is only natural that our thoughts and attention start to shift to the shore. If you are from Mid-Atlantic, you are likely familiar with Seacrets (http://seacrets.com/), one of Ocean City, Maryland’s premiere entertainment destinations. Seacrets, which has nicknamed itself “Jamaica, USA”, started in 1988 as a single cabana type bar and has exploded over the last couple of decades into a huge entertainment complex, complete with 18 separate bars, six stages, a hotel, a private beach, and its own radio station!
During this explosive growth, Seacrets obtained a trademark registration for its name with the United States Patent and Trademark Office. Seacrets did so with the thought that it might expand out of Ocean City and establish franchises throughout the United States and, possibly, in Mexico and the Caribbean. Seacrets was sued for trademark infringement by the Coryn Group, which operates a chain of luxury resorts in Mexico and the Caribbean called “Secrets”. Seacrets countersued for trademark infringement and unfair competition.
The Baltimore Sun’s reported yesterday that, following an 8 day jury trial in the federal district court located in Baltimore, the jury returned a verdict for Ocean City’s Seacrets and awarded it $1 in compensatory damages, $265,000 in punitive damages and, most importantly, a permanent injunction that the Coryn Group could not use the trademark “Secrets” in the United States. Recently, to avoid a re-trial on the punitive damages aspect of the verdict, Seacrets agreed to reduce the damages award to $50,000, but retained the permanent injunction against the Coryn Group.
With this recent victory, Seacrets expansion is even more likely. So, if you are not from the Mid-Atlantic area, watch out — a Seacrets may be coming soon to an area near you!
Cookies are one of my favorite things. Usually, this refers to the oatmeal raisin variety rather than those tiny bits of computer code that empower websites to remember a user’s login, keep items in a shopping cart and greet the user by name when she returns. Warm and fuzzy, right?
Sometimes, not so much. I once shopped for a friend on a website that she loves but is not my taste. So years later continuting to be served display ads from that website is irritating. Another friend tweeted that “it’s creepy” when a product she was reading about on one website appears later in a display ad on a different website. It seemed someone was spying on her. Uncanny! “Creepy” is a term borrowed from robotics to refer to a use of personal information that does not legally invade your privacy but is frightening because of the “stalker-like” appearance that a website knows everything about the user.
In 1890, another new technology was changing the media. Then as now, legal scholars were concerned that existing law would not protect consumers from the heretofore unheard of technology. In The Right to Privacy inspired by the invention of “instantaneous photographs”, Justices Samuel D. Warren and Louis D. Brandeis identified privacy as the right of an individual to be left alone. William Prosser further developed Invasion of Privacy into a set of four torts (legal remedy for an injury): False Light, Appropriation of Name or Likeness, Intrusion into Seclusion and Public Disclosure of Private Facts. The body of law that developed from Warren and Brandeis’ article served to protect privacy through the 20th Century until the proliferation of electronic information in the Internet age allowed websites to identify users without using their names or likenesses.
Today it is important to understand and take steps to control the personal information tracked by websites and online technology. Much of the technology is used to provide an internet visitor with a consistent experience across Internet Platforms. Here are descriptions of common types of technology websites use to track users:
- Cookie. A cookie is a small file containing a string of characters that is sent to a user’s computer when the user requests a website address. When that user later returns to the website, the cookie allows that site to recognize the user’s browser. Cookies are usually discarded when the person ends the session and closes the browser.
- Persistent Cookie. Cookies that include an expiration date will persist until the arrival of the expiration date, potentially long in the future. Cookies may store user preferences and other information. A user can reset her browser to refuse all cookies or to indicate when a cookie is being sent.
- Pixel Tag. A pixel tag, sometimes called a web beacon, is a tiny graphic file placed on a website, in an ad or within the body of an email for the purpose of tracking activity on websites, or notifying a sender when emails are opened or accessed, and often used in combination with cookies to connect an ad to an interested consumer.
- Server Log. Website servers automatically record the page requests made by visitors to the website in log files. Server logs typically record web requests, Internet Protocol addresses, browser type, browser language, the date and time of a request and one or more cookies that uniquely identify the user’s browser.
- IP Address. Computers connected to the Internet are assigned a unique number known as an Internet protocol (IP) address. Since these numbers are usually assigned in country-based blocks, an IP address can often be used to identify the country from which a computer is connecting to the Internet. Depending on how a user connects to the internet, the IP Address may identify one computer or may change each time the user connects to the internet.
- Anonymous Identifier. An anonymous identifier is a random string of characters that is used for the same purposes as a cookie on platforms, including those for mobile devices, where cookie technology is not available.
While each of these technologies may be used for administrative purposes such as noting whether a user is a return visitor, remembering the user’s preferences or providing confirmation that the correct ad was served to a particular website to allow a publisher to correctly charge the advertiser for an ad the user clicked, the same technologies may also be used by third parties to quantify and predict consumer behavior. Aggregating non-personally identifiable information stored on user’s browsers allows third party ad servers to accurately predict when a user will purchase a particular product. These third parties use web beacons to find a likely buyer and scan her cookie and log file information to analyze the value of serving a particular ad to that user. Advertiser can then bid on the value of the ad to be served to the user.
Although the third party ad server cannot identify the human, it knows many details about the user’s browsing history and product preferences. That’s when things start to feel creepy. This practice is not an invasion of privacy recognized by Warren, Brandeis or Prosser, but it may be actionable as a deceptive practice under the Federal Trade Commission Act.
Less than one might think. Online privacy focuses on the use of personal information and how it is contributed, collected, shared and used by the user and other people and companies providing web services. “Personally Identifiable Information” (a.k.a. “PII”) is protected by a web of laws – but non-personally identifiable information collected by many websites is largely unregulated.
Not all personal information is protected either. A person’s name alone is not privateor protected. A name with a corresponding social security number, driver’s license number, credit/debit card account number or other financial account number is protected as “Personal Information” under a variety of U.S. state data breach notification laws. Unauthorized disclosure, theft or breach of unencrypted personal information triggers notification requirements, and imposes liability for penalties and/or damages on the company whose data was breached. Credit card numbers alone (or when stored with expiration dates) are often not protected as PII under many state data breach notification laws. No notification to the holder of the account is required despite the ability of criminals to clone fake but functional credit cards with a credit card number and expiration date alone.
Websites collect both PII and non-personally identifiable information about their users. PII is collected from website visitors when they fill out forms to register for website services or to make purchases from online retail stores. Non-personally identifiable information is anonymous data about a visitor detected and used by the website for various purposes, such as to remember if a user is a return visitor, or to remember a visitor’s login information or preferences, to operate shopping carts, and serve ads relevant to the consumer’s interests as determined by tracking the user’s browsing habits. In some cases non-personally identifiable information is collected from a user as she browses across multiple sites and provides a detailed picture of the consumer’s habits. Non-personally identifiable information about a consumer is stored by the website in cookies and log files on the consumer’s own hard drive.
Only a few state laws address protection of privacy online. California’s 2003 Online Privacy Protection Act (OPPA) was one of the first laws to require that websites used by California residents have policies that notify users how the website collects, uses, shares and protects PII collected from visitors and to notify users how to opt-out of collection of PII. OPPA’s definition of PII includes: first and last name, home or other physical address, email address, telephone number, social security number and other identifiers that could permit physical or online contact with the identified user.
There are numerousU.S.federal laws and federal agency regulations that govern the use of PII and non-personally identifiable information. How personal information is protected online varies by industry and the financial or reputational risk presented by use of personal information. For online activities, including digital advertising, several federal laws apply including:
- Children’s Online Privacy Protection Act (COPPA) that requires websites collecting personal information from children under age 13 (whether intentional or not) to provide notice and obtain verifiable consent from parents to the website’s collection and use of a child’s PII.
- The CAN-SPAM Act seeks to protect consumers from unsolicited “junk” email by limiting businesses to emailing only those consumers with whom the company has a business relationship.
- The Gramm-Leach-Bliley Act requires financial institutions to explain their information-sharing practices to their customers and protect sensitive financial information about their customers.
- The HIPAA Privacy Rule requires healthcare providers to protect the privacy of individually identifiable health information by mandating security standards for the collection and storage of sensitive health information.
As online technology continues its rapid development, experts and government regulators (US and foreign) are calling for changes in privacy laws to protect consumers from invasive collection of non-personally identifiable information. The FTC issued a report in 2010 calling for “Do Not Track” mechanisms to facilitate consumer choice about online tracking. The U.S. White House recently released its Consumer Privacy Bill of Rights.
Collection of data about users visiting websites is commonplace online. Digital advertising supports the free web and mobile services people enjoy. Determined to ensurethat privacy concerns not halt technological advances in digital advertising, the industry formed the Digital Advertising Coalition and developed a self-regulatory program, a consumer education program and PII opt-out program and icon to be embedded in ads that collect multi-site data. The FTC and US White House recently commended the industry for its self-regulatory program.
Rupert Murdock’s tweets do not seem to have convinced Google or anyone else in the tech community to support SOPA and/or ProtectIP. Last night however, FBI agents working with New Zealand authorities claim to have “shutdown” Megaupload.com. Despite cyberattacks by Anonymous that briefly took down the DOJ, MPAA, RIAA and Universal Music Group websites last night, megaupload.com still can’t resolve to a website today. If the SOPA Blackout didn’t work to stop SOPA, USA-NZ team work appears to have clinched the win for the Internet. Representative Lamar Smith delayed vote on SOPA last night and Senator Harry Reid just announced that he would delaying consideration of ProtectIP.
Baltimore Sun technology guru Gus Sentementes reports that the NFL Ravens are pushing to shut down websites in China selling knock-off Ravens gear as the team prepares to face and hopefully shut down Houston in the play-offs this weekend. Sentementes’ article mentions that the NFL supports SOPA (the House bill to stop online piracy). This time it’s not a foreign website illegally streaming NFL games… (more…)