July 2019 Update
Unlike facts and raw data, a compilation of facts may be protected in part, to the extent that it features an original selection or arrangement, displaying some minimal level of creativity beyond mere collection of the data. Feist Publications, Inc. v Rural Tel. Serv. Co. (1991) 499 US 340, 358, 111 S Ct 1282; Experian Info. Solutions v Nationwide Marketing Servs. Inc. (9th Cir 2018) 893 F3d 1176. Such creativity can be demonstrated when “the compiler makes choices independently to select information from numerous and sometimes conflicting sources.” Experian Info. Solutions, 893 F3d at 1185. See §1.2A
The term “phonorecord” is used in many places in the Copyright Act to refer to a medium for sound recordings. As the court in Capitol Records, LLC v ReDigi Inc. (2d Cir 2018) 910 F3d 649, 657, explained, the Copyright Act defines “phonorecord” as a “material object in which sounds … are fixed by any method now known or later developed, and from which the sounds can be perceived, reproduced, or otherwise communicated, either directly or with the aid of a machine or device.” 17 USC §101. Thus, the term includes nontransitory digital music files, including the digital music file created on the original creator’s server or hard drive. “[W]hen the purchaser of a digital music file from iTunes possesses that file, embodied ‘for a period of more than transitory duration’ in a computer or other physical storage device, [citations omitted], that device—or at least the portion of it in which the digital music file is fixed (e.g., the location on the hard drive)—becomes a phonorecord.” 910 F3d at 657. See §1.3.
Before October 11, 2018, only sound recordings that were fixed before February 15, 1972, were entitled to federal copyright protection. Sound recordings fixed before that date were protected by state law. After the passage of the Music Modernization Act (Pub L 115–264, 132 Stat 3676), effective October 11, 2018, all sound recordings that are still entitled to copyright protection receive federal copyright protection and all state laws governing copyright in sound recordings are generally preempted. See 17 USC §301. See §1.3.
As of October 11, 2018, digital music downloads are subject to the compulsory blanket licensing regime inaugurated by the Music Modernization Act (Pub L 115–264, 132 Stat 3676). See 17 USC §115. See §1.11.
As of October 11, 2018, with the enactment of the Music Modernization Act (MMA) (Pub L 115–264, 132 Stat 3676), sound recordings fixed both before and after February 15, 1972, are afforded the same protections under the Copyright Act. See 17 USC §§102(7), 1401. The MMA preempts state copyright laws. See 17 USC §301(c). Previously, federal copyright protection only vested in sound recordings fixed after February 15, 1972. The rights to sound recordings fixed before that date were governed by state law. This topic is important because there has been much litigation on whether the laws of various states recognized a public performance right. Because the MMA only applies prospectively, the interpretation of these state laws is important to resolution of disputes over infringements occurring before October 11, 2018, the date of the MMA’s enactment. See §1.11B.
In general, a certificate of registration issued by the Copyright Office is a precondition to the filing of a copyright infringement suit. 17 USC §411(a); Fourth Estate Pub. Benefit Corp. v Wall-Street.com, LLC (2019) ___ US ___, 139 S Ct 881. In Fourth Estate, the U.S. Supreme Court resolved a circuit split on the issue of whether a plaintiff copyright owner has standing to sue in situations when the Copyright Office has received the application but has not yet issued a certificate of registration. Compare Apple Barrel Prods., Inc. v Beard (5th Cir 1984) 730 F2d 384, 386 (application approach), with La Resolana Architects PA v Clay Realtors Angel Fire (10th Cir 2005) 416 F3d 1195 (registration approach). The Supreme Court’s holding in Fourth Estate effectively overruled the Ninth Circuit’s rule, which was an application approach. See Cosmetic Ideas, Inc. v IAC/Interactivecorp. (9th Cir 2010) 606 F3d 612, 621, cert denied (2010) 562 US 1062. See §§1.15, 1.16.
A variation of the “striking similarity” test has emerged in the digital context: “striking compatibility.” Ticketmaster LLC v Prestige Entertainment W. (CD Cal 2018) 315 F Supp 3d 1147, 1162. In that case, Ticketmaster alleged that the defendants’ bots were highly capable of purchasing large quantities of tickets at inhuman speed and, to do so, required reproducing Ticketmaster’s website and mobile app—which contained multiple layers of protection and security measures. These allegations proved sufficient to demonstrate access in the form of “striking compatibility” on a motion to dismiss. See §1.22.
To establish direct infringement liability by a service provider for infringing postings and unauthorized uses by users, there must be a direct volitional act on the part of the service provider. VHT, Inc. v Zillow Group, Inc. (9th Cir 2019) 918 F3d 723 (volitional act prerequisite is of greater importance in cases involving automated systems, such as Zillow website); Perfect 10, Inc. v Giganews, Inc. (9th Cir 2017) 847 F3d 657, 666 (volition requires direct causal role in alleged infringement). In VHT, Inc. v Zillow Group, Inc., supra, the Ninth Circuit explained that, to demonstrate a website operator’s volitional conduct, the plaintiff must furnish some evidence showing that the operator exercised control over the works at issue (other than by general operation of its website); that it selected material for uploading, downloading, transmission, or storage; or that it initiated “copying, storage, or distribution” of the works. 918 F3d at 732. See §§1.24–1.25.
The remedy of statutory damages becomes trickier in the context of compilations. Registering works such as websites or a collection of photographs as a compilation may serve as an efficient and cost-effective means of securing copyright registration. However, statutory damages are available per work and the Copyright Act explicitly states that “all the parts of a compilation … constitute one work.” 17 USC §504(c). A compilation may be treated as a single work for purposes of statutory damages if its individual components are related and lack individual economic value. Adams v Agrusa (9th Cir 2017) 693 Fed Appx 563. See §1.35.
In Rimini St., Inc. v Oracle USA, Inc. (2019) ___ US ___, 139 S Ct 873, the Supreme Court held that the term “full costs” in 17 USC §505 refers to the costs specified in the general costs statutes, 28 USC §§1821, 1920. See §1.35.
The Ninth Circuit has clarified that, although the district court has great discretion in awarding attorney fees, there are limits. First, in determining the degree of a plaintiff’s success, courts should not confuse “actual success with the determination of a reasonable fee award.” Glacier Films (USA), Inc. v Turchin (9th Cir 2018) 896 F3d 1033, 1038. The focus must be on the degree of success and not the award. Second, there is no “presumptive entitlement” to fees for the prevailing party in which the “monetary stakes are small.” 896 F3d at 1039. Further, mere disapproval of BitTorrent cases in general is not a valid consideration for denying fees to a successful copyright plaintiff in a BitTorrent case. 896 F3d at 1042. See §1.35.
An issue arises when an owner of a legal copy of a copyrighted work, such as a photograph or a painting, creates a thumbnail of a copyrighted work in order to sell the legal copy on an e-commerce website, such as eBay or Amazon. Courts in both the Central District of California and the Southern District of New York have found such use to be transformative because the secondary use is “to provide information to legitimate purchasers under the first sale doctrine, not for the artistic purpose of the creator’s original images.” Stern v Lavender (SD NY 2018) 319 F Supp 3d 650, 681 (quoting Rosen v eBay, Inc. (CD Cal, Jan. 16, 2015, No. CV 13–6801 MWF (Ex)) 2015 US Dist Lexis 49999). See §1.45B.
The term “meme” does not lend itself well to definition. Usually, it refers to a copyrighted work, such as an image or series of images, that has been altered—usually with a caption added—and circulated online. The degree of alteration can vary drastically. Given that fair use is a context-sensitive inquiry, it is difficult to arrive at a per se rule regarding memes. However, the issue of whether a meme was transformative as a matter of law was addressed in Philpot v Alternet Media, Inc. (ND Cal, Nov. 30, 2018, No. 18–cv–04479–TSH) 2018 US Dist Lexis 203500. Alternet posted on Facebook an image of Willie Nelson, without permission of the copyright holder, with the quote: “Rednecks, hippies, misfits – we’re all the same. Gay or straight? So what? It doesn’t matter to me. We have to be concerned about other people, regardless. I don’t like seeing anybody treated unfairly. It sticks in my craw. I hold on to the values from my childhood.” Below the image was the comment, “We need more values like this.” The federal district court denied the motion to dismiss, because at the pleading stage, the court could not determine whether Alternet’s purpose in its use of the photo was to identify Willie Nelson’s connection to the quote or to transform the photo into a political poster. See §1.45C.
In VHT, Inc. v Zillow Group, Inc. (9th Cir 2019) 918 F3d 723, 740, the Ninth Circuit commented that “[S]earch engines have emerged as a significant technology that may qualify as a transformative fair use, making images and information that would otherwise be protected by copyright searchable on the web.” However, some courts, particularly courts in the Second Circuit, have begun to demarcate the outer boundaries of when a search engine constitutes transformative and fair use. Even the Ninth Circuit in VHT, Inc. v Zillow Group, Inc., cautioned that the label “search engine” is not a talisman for a finding of fair use. Search engines that are publicly accessible (i.e., free to the public) and provide limited access to the original work (which is medium-specific) are more likely to constitute transformative and fair use that serves the public interest. Conversely, search engines that require subscription fees and provide access to large portions or the heart of a work are less likely to be considered a transformative fair use. See Fox News Network, LLC v TVEyes, Inc. (2d Cir 2018) 883 F3d 169. See §1.47.
Fox News Network, LLC v TVEyes, Inc. (2d Cir 2018) 883 F3d 169 addressed a search engine that allowed paying subscribers to search by search term and view 10-minute video clips that were broadcast on television. The Second Circuit found the service to be slightly transformative only insofar as it increased the subscriber’s efficiency to view the clips instead of having to watch hours of content to find the specific coverage that the subscriber sought. However, the viewing function did not alter the content in any way and was commercial, which militated against a finding of transformative use. 883 F3d at 177. Ultimately, given other fair use factors that weighed against the search engine (namely, the amount and substantiality of the works used and the market harm), the Second Circuit did not find that the search engine constituted fair use. See §1.47.
In Capitol Records, LLC v ReDigi Inc. (2d Cir 2018) 910 F3d 649, 656, the court held that a digital music file did not qualify for the first sale doctrine because the file had been reproduced in a manner that violated the plaintiffs’ exclusive control over reproduction under 17 USC §106(1). See §1.56.
Discussion of the status of the California Resale Royalties Act (CRRA) (CC §986) is relevant to the resale of fine art over the Internet. The CRRA required sellers of fine art to withhold 5 percent of the sale price and pay it to the artist. CC §986(a). The Ninth Circuit held that the CRRA was preempted by the Copyright Act of 1976 (17 USC §301(a)) because it conflicted with the distribution right (codified in 17 USC §106(3)) and the first sale doctrine (codified in 17 USC §109(a)). See Close v Sotheby’s, Inc. (9th Cir 2018) 894 F3d 1061, 1069. However, the Ninth Circuit also held that the CRRA was not preempted by the Copyright Act of 1909. 894 F3d at 1072. Therefore, claims arising from January 1, 1977 (the effective date of the CRRA), to January 1, 1978 (the effective date of the Copyright Act of 1976), were not preempted. See §1.56.
Digital Millennium Copyright Act
The Digital Millennium Copyright Act (DMCA) protects the integrity of copyright management information (CMI), which includes the title of the work, the name of the author, copyright owner or performer, the terms and conditions for use of the work, and “identifying numbers or symbols referring to such information or links to such information.” 17 USC §1202(c). The first category of prohibited conduct is conduct involving false CMI. The prohibition has specific mental state requirements and a conduct requirement. It requires proof of (1) providing, distributing, or importing for distribution false CMI; (2) knowledge that the CMI is false; and (3) doing so with the intent to induce, enable, facilitate, or conceal copyright infringement. 17 USC §1202(a). The second category of prohibited conduct involves removal or alternation of CMI. The prohibition has multiple mental state and conduct requirements. The conduct requirements are either (1) intentional removal or alteration of CMI; (2) distributing or importing for distribution removed or altered CMI; or (3) distributing, importing for distribution, or publicly performing copies or sound recordings of copyrighted works with removed or altered CMI. The mental state requirements are that the prohibited conduct must be done with (1) knowledge that it was done without authorization of the copyright owner and (2) the intent to induce, enable, facilitate, or conceal infringement. The Ninth Circuit has interpreted the second mental state requirement as pertaining to a future act of infringement (i.e., the defendant’s intent to induce, enable, facilitate, or conceal a future act of infringement after the conduct is committed). See Stevens v Corelogic, Inc. (9th Cir 2018) 899 F3d 666. The future act need not be concrete—it is sufficient to prove that the defendant had a “pattern of conduct” or “modus operandi” such that “the defendant was aware or had reasonable grounds to be aware … [that] the probable future impact of its actions” would lead to infringement. 899 F3d at 674. See §1.60.
Whether a company needs an written internal policy depends on the size of the company. For small companies, in which the individuals who formulate the policies are the ones who execute them, a writing might not be required (but is advisable). For large companies, a written policy is necessary because those who formulate the policies are different from those who execute the policies. The details of the policy need not be written; rather, the website only need inform its subscribers of a policy of terminating repeat infringers in appropriate circumstances. Ventura Content, Ltd. v Motherless, Inc. (9th Cir 2018) 885 F3d 597, 615. See §§1.66–1.67.
The Ninth Circuit has articulated a number of factors to determine whether a service provider reasonably implemented a repeat infringer policy. See Ventura Content, Ltd. v Motherless, Inc. (9th Cir 2018) 885 F3d 597, 617. Factors that favor a service provider are (1) a DMCA logbook; (2) blocking a subscriber’s name and e-mail address for uploads; (3) putting e-mail addresses from terminated accounts on a banned list; and (4) prohibiting banned users from reopening a terminated account. In Ventura Content, the Ninth Circuit noted that, although the DMCA does not require that these factors be present, evidence demonstrating the existence of these factors generally shows that a repeat infringer policy was reasonably implemented. Conversely, the following factors cut against the service provider: (1) changing the e-mail address to which takedown notices are sent without providing notice of the change; (2) participating in copyright infringement; (3) allowing terminated users to rejoin the site; and (4) refusing to terminate known repeat infringers. See §1.68.
Protection is not stripped away because the service provider does police or monitor the website. In Ventura Content, Ltd. v Motherless, Inc. (9th Cir 2018) 885 F3d 597, 605, the owner of a pornographic website screened out child pornography, bestiality, and copyright infringement that he spotted on the website. The Ninth Circuit held that a service provider who does police or monitor a website does not lose protection under 17 USC §512(c). See §1.71.
Offers for sale, product announcements, product demonstrations at trade shows, disclosure of the invention in articles, magazines, or social media, and similar activities that take place before the statutory period may result in rejection of a patent application or invalidation of an issued patent. Even secret sales and “sales of an invention to a third party who is obligated to keep the invention confidential” can trigger the on-sale statutory time bar. Helsinn Healthcare S.A. v Teva Pharms. USA, Inc. (2019) 586 US ___, 139 S Ct 628. See §2.13.
A discussion of alternatives to patent litigation has been added in §2.16B.
A recent example of a business method patent is a patent held by Uber Technologies, Inc. for providing transportation services. U.S. Patent No. 10,163,139, issued December 25, 2018, is entitled “Selecting Vehicle Type for Providing Transport” and its abstract reads as follows:
A transport arrangement system operates to receive a transport request from a user, and to make a selection of a vehicle type for the user based at least in part on a set of criteria associated with the transport request or user information. For example, the determination of whether an autonomous vehicle is to be provided can be based at least in part on the destination specified with the transport request.
Uber currently utilizes an app that allows its customers to summon a driver at will by indicating on the app the customer’s desired destination. Uber appears to be taking its current transportation service to the next level by having this service performed by autonomous vehicles, i.e., self-driving vehicles. See §2.17. The USPTO has updated its instructions to its examiners concerning the first step of the Alice/Mayo test described in §2.17B. See https://www.govinfo.gov/content/pkg/FR-2019-01-07/pdf/2018-28282.pdf. The first step of the Alice/Mayo test asks whether the claimed subject matter is directed toward a judicially recognized exception to patentable subject matter, such as an abstract idea, law of nature, or natural phenomenon. The 2019 revised instructions break the first step of the Alice/Mayo test into two prongs. The first prong is to identify the judicial exception. The second prong is to determine whether the judicial exception has been implemented into a practical application (referred to below as the “judicial exception” test). See §§2.17B–2.17C.
In Visual Memory LLC v Nvidia Corp. (Fed Cir 2017) 876 F3d 1253, 1259, the Federal Circuit found the use of “programmable operational characteristics that are configurable based on the type of processor” to be patent-eligible subject matter because the claims were directed toward the improvement of computer memory systems. The court specifically distinguished previous cases in which computers were merely used to carry out claimed method steps, which were deemed patent-ineligible. 876 F3d at 1260. See §2.18.
A recurring theme in finding a subject matter patent-eligible appears to be the unconventional application of computer-implemented techniques. In Thales Visionix Inc. v U.S. (Fed Cir 2017) 850 F3d 1343, the Federal Circuit found that claims that “specify a particular configuration of inertial sensors and a particular method of using the raw data from the sensors in order to more accurately calculate the position and orientation of an object on a moving platform” were not directed toward an abstract idea because “the claims are directed to systems and methods that use inertial sensors in a non-conventional manner to reduce errors in measuring the relative position and orientation of a moving object on a moving reference frame.” 850 F3d at 1348. See §2.18.
Although general claims of trademark infringement are governed by the multi-factor test of AMF Inc. v Sleekcraft Boats (9th Cir 1979) 599 F2d 341, if the allegedly infringing use is in the title of an expressive work, the Ninth Circuit applies the test developed in Rogers v Grimaldi (2d Cir 1989) 875 F2d 994. This test takes into account the First Amendment’s right of free speech and balances it against the public interest in avoiding consumer confusion. Under the test in Rogers, the title of an expressive work does not violate the Lanham Act (1) “unless the title has no artistic relevance to the underlying work whatsoever” or (2) if the work has some artistic relevance, “unless the title explicitly misleads as to the source or the content of the work.” Twentieth Century Fox Television v Empire Distribution, Inc. (9th Cir 2017) 875 F3d 1192, 1196 (quoting Rogers, 875 F2d at 999) (internal quotation marks omitted). See §3.60.
In Adidas Am., Inc. v Skechers USA, Inc. (9th Cir 2018) 890 F3d 747, the court reversed a preliminary injunction because there was no record evidence supporting the likelihood of irreparable harm to the plaintiff. See §3.63.
In Moldex-Metric, Inc. v McKeon Prods., Inc. (9th Cir 2018) 891 F3d 878, the Ninth Circuit reversed a grant of summary judgment in favor of the defendant because the green color of an earplug may not be functional and thus protectable as trade dress. See §3.81.
Companies should also be aware of the California Supreme Court’s landmark decision in Dynamex Operations W., Inc. v Superior Court (2018) 4 C5th 903. In that case, for purposes of claims asserted under California’s wage orders, the court essentially scrapped the nearly 30-year-old common law right-to-control test, articulated by the court in S.G. Borello & Sons, Inc. v Department of Indus. Relations (1989) 48 C3d 341, for determining whether a worker is an employee or an independent contractor. The Borello test applied multiple factors to determine whether a worker qualifies as an independent contractor (see §4.15). In its place, the court adopted the “ABC” test (see §4.16) used in various other jurisdictions around the country, including Massachusetts and New Jersey. The court interpreted California’s wage precedents and policy as placing the burden on the business to prove that a worker is an independent contractor rather than an employee; otherwise, the worker will be presumed to be an employee. See §4.13.
Dynamex applies only to claims based on wage orders, i.e., claims relating to minimum wage, meal and rest periods, overtime, reporting time pay, payments for required uniforms, and rules relating to meals and lodging. See Dynamex, 4 C5th at 948 (noting that worker may be considered an employee under one statute but not under another). Thus, Dynamex is limited in applicability to so-called nonexempt employees. The Borello right-to-control test remains applicable to exempt employees. See §§4.14–4.17 for further discussion. See §4.13.
A discussion of the distinction between exempt and nonexempt employees has been added to §4.14.
As noted in §§4.13–4.14, the California Supreme Court’s decision in Dynamex Operations W., Inc. v Superior Court (2018) 4 C5th 903 does not apply to workers who would be classified as exempt employees if they do not qualify as independent contractors. To determine the proper classification of these workers, the common law right-to-control test articulated by the court in S.G. Borello & Sons, Inc. v Department of Indus. Relations (1989) 48 C3d 341 still generally applies, although both the Internal Revenue Service (IRS) and the California Employment Development Department (EDD) have issued specific guidance on the issue, as discussed below. As stated by the Borello court, “[t]he principal test of an employment relationship is whether the person to whom service is rendered has the right to control the manner and means of accomplishing the result desired.” 48 C3d at 350 (citations omitted). See §4.15.
Under the ABC test, a worker is considered an independent contractor only if the hiring entity shows (4 C5th at 916)
(A) that the worker is free from the control and direction of the hirer in connection with the performance of the work, both under the contract for the performance of the work and in fact;
(B) that the worker performs work that is outside the usual course of the hiring entity’s business; and
(C) that the worker is customarily engaged in an independently established trade, occupation, or business of the same nature as the work performed for the hiring entity.
The burden of proof is on the hiring entity. The ABC test presumes that all workers are employees and permits workers to be classified as independent contractors only if the hiring entity demonstrates that the worker in question satisfies each of the above conditions. See §4.16.
On May 2, 2019, the Ninth Circuit Court of Appeals issued its opinion in the closely watched case of Vazquez v Jan-Pro Franchising Int’l, Inc. (9th Cir 2019) 23 F3d 575. The court held that, under California law, the California Supreme Court’s decision in Dynamex should be applied retroactively. In remanding the case, the court ruled that the district court should consider all three prongs of the ABC test and that the franchise context should not change the analysis. See §4.16.
As of May 3, 2019, a bill is pending in the California State Assembly (AB 5 (Gonzales)) that would codify the Dynamex decision and clarify its application. The bill would also provide exemptions for specified professions that are not subject to wage orders of the Industrial Welfare Commission or the ruling in the Dynamex case. See §4.17.
A recommended procedure for analysis of whether a worker should be classified as an employee or an independent contractor is set forth in §4.17.
Ninth Circuit cases have uniformly held that websites that are not connected to an actual physical place are not places of “public accommodation” and therefore are not subject to the ADA. See, e.g., Robles v Domino’s Pizza, LLC (9th Cir 2019) 913 F3d 898, 905; Weyer v Twentieth Century Fox Film Corp. (9th Cir 2000) 198 F3d 1104, 1114; Young v Facebook, Inc. (ND Cal 2011) 790 F Supp 2d 1110 (ADA inapplicable to Facebook because Facebook is website, not physical place). These cases reflect the Ninth Circuit’s consistent interpretation of the term “public accommodation” as requiring “some connection between the good or service complained of and an actual physical place.” Weyer v Twentieth Century Fox Film Corp., supra. However, if a business does have a physical location as well as a website and mobile app, the Ninth Circuit has squarely held that the ADA applies to the website and app. Robles v Domino’s Pizza, LLC (9th Cir 2019) 913 F3d 898, 904. See §5.28.
A sample form of data protection addendum has been added to the form of cloud computing agreement, which is intended to secure commitments from the cloud provider regarding data and infrastructure security, data breach response, and security audits. See §6.64.
In Rushing v Viacom, Inc. (ND Cal, Oct. 15, 2018, No. 17–cv–04492–JD) 2018 US Dist Lexis 176988, relying on Nguyen v Barnes & Noble Inc. (9th Cir 2014) 763 F3d 1171, the court held that the arbitration provision in Viacom’s browsewrap agreement in a gaming app was unenforceable. Plaintiffs alleged that Viacom violated the Children’s Online Privacy Protection Act (COPPA) (15 USC §§6501–6506) by tracking and selling children’s personally identifying information as they played the mobile game, Llama Spit Spit. (COPPA is discussed further in §§9.29–9.34A.) Viacom argued that the matter should be referred to arbitration under the terms of Viacom’s End User License Agreement. The court found that there was no evidence of actual or constructive notice of the arbitration provision because users had to click on a hyperlink titled “more” to see it and clicking on the hyperlink was not required to download the app. See §7.4.
The European Union’s General Data Protection Regulation (GDPR) has significant implications on the structure of online agreements. A browsewrap agreement is not compliant with GDPR requirements to confirm the unambiguous consent of users as a clear affirmative action before collecting any personal information from them. Article 4(11) of the GDPR defines consent as “any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or clear affirmative action, signifies agreement to the processing of personal data relating to him or her.” Because the GDPR will apply to and be enforced against all businesses that collect data from EU residents, practitioners will need to take care to avoid the potentially large fines and penalties implicated by a violation of the GDPR. See §7.4.
In a 2017 enforcement action, the FTC alleged that a company named Vizio failed to provide adequate notice and obtain proper consent from consumers for the collection and sharing of their viewing data through the company’s “smart” televisions. Vizio and the FTC entered into a settlement in which Vizio agreed to pay $2.2 million and was required to delete previously collected consumer data, implement a comprehensive data privacy program, prominently disclose to consumers its data collection and sharing practices, and obtain affirmative consent for those practices. See FTC v Vizio, Inc. (Feb. 6, 2017) FTC File No. 162 3024, available at https://www.ftc.gov/enforcement/cases-proceedings/162-3024/vizio-inc-vizio-inscape-services-llc). See §9.9.
The consent agreement in In re Uber Technols., Inc. (Oct. 25, 2018) FTC File No. 152 3054 resulted from a company’s failure to disclose a data breach. In that case, the FTC brought an action against Uber for a data breach in 2014, alleging that (a) employees were improperly accessing consumer data due to Uber’s insecure automated system and failure to monitor internal access of records and (b) an intruder was able to access personal information stored in plain text because Uber used only a single key to grant administrative access rather than multi-factor authentication. While negotiating a settlement for the 2014 breach, the FTC learned that Uber experienced a similar breach in 2016, which it had failed to disclose. In that situation, one of the company’s engineers posted an access code online, which an intruder used to access cloud storage where nonpublic information was stored in plain text. Rather than notify the FTC, Uber paid the intruder $100,000 to remain silent. When the FTC learned of this second breach, it withdrew its proposed consent agreement and issued a revised settlement prohibiting Uber from failing to disclose future incidents to the FTC or misrepresenting how it monitors internal access to consumers’ personal information, and mandating that the company implement a comprehensive information security program including biennial third party monitoring assessment. See §9.9A.
Some of the FTC’s powers to bring actions against companies for failure to maintain reasonable security measures have been curtailed by the Eleventh Circuit’s decision in LabMD v FTC (11th Cir 2018) 894 F3d 1221. In that case, the Eleventh Circuit held that an FTC cease and desist order was unenforceable because the FTC did not enjoin a specific act or practice, and instead mandated a complete overhaul of LabMD’s data security program without specifying how that was to be done. However, the decision is narrow because the Eleventh Circuit did not rule on the actual ability of the FTC to bring data security actions under §5 of the FTC Act. See §9.9B.
Internet of Things (IoT) companies should be aware of state and sectoral laws governing IoT devices. For example, California’s law on the security of connected devices (CC §§1798.91.04–1798.91.06) requires manufacturers of connected devices to equip devices with appropriate security. The Children’s Online Privacy Protection Act of 1998 (COPPA) (15 USC §§6501–6506) (see §§9.29–9.34A) also applies to IoT devices. See https://www.ftc.gov/tips-advice/business-center/guidance/childrens-online-privacy-protection-rule-six-step-compliance#step1. See §9.9D.
In May 2018, Congress passed the Economic Growth, Regulatory Relief, and Consumer Protection Act (Pub L 115–174, 132 Stat 1296), which amended the Fair Credit Reporting Act. The amendments increase the length of time a consumer reporting agency must include a fraud alert in a consumer’s file to one year and to require consumer reporting agencies to provide consumers with free credit freezes, notify consumers of their availability, establish provisions related to the placement and removal of fees, and create requirements related to the protection of credit records of minors. See 15 USC §1681c–1. See §9.15B.
The California Consumer Privacy Act of 2018 (CCPA) (CC §§1798.100–1798.199) takes effect January 1, 2020. It provides consumers with new rights regarding their personal information that is collected by businesses and creates disclosure obligations and potential penalties for businesses collecting, using, sharing, or selling that information. For these purposes, the Act defines a “consumer” as any natural person who is a California resident. CC §1798.140(g). The Act also includes a limited private right of action, discussed below. See CC §1798.150(a)(1). A business that violates the CCPA may be subject to an injunction and civil penalties of up to $2500 per violation or $7500 per intentional violation. CC §1798.155(b). The California Attorney General is responsible for enforcing the CCPA, although amendments made to it in September 2018 delay enforcement until July 1, 2020, or six months after the Attorney General publishes implementing regulations, whichever is earlier. CC §1798.185(c). Chapter 9 includes a lengthy summary of the CCPA. See §9.18A.
Under COPPA, a state attorney general may also bring civil enforcement actions against a website operator for any failure to comply with it or the Children’s Online Privacy Protection Rule (COPPA Rule) (16 CFR §§312.1–312.13). 15 USC §6504. See §9.33A.
Although less common, state actions have become an increasingly important enforcement mechanism. In 2018, for example, the largest-ever civil penalty under COPPA was levied by the New York Attorney General. There, Oath (formerly known as AOL) agreed to pay $4.95 million to settle allegations of improper tracking and targeting of children in violation of COPPA. See https://ag.ny.gov/press-release/ag-underwood-announces-record-coppa-settlement-oath-formerly-aol-violating-childrens. In another example, the State of New Mexico Office of the Attorney General filed a civil complaint against several tech companies, alleging that the companies extracted personal information from children as they played mobile apps and games. The New Mexico Attorney General alleged that the children’s information was then used to build profiles about the children and target advertising to them, in violation of COPPA. See https://int.nyt.com/data/documenthelper/295-new-mexico-kid-apps-complaint/206d4ea39896e264fe3a/optimized/full.pdf#page=1?action=click&module=Intentional&pgtype=Article. See §9.33A.
Initial Coin Offerings
On April 3, 2019, the SEC issued formal guidance in its report, Division of Corporation Finance, Framework for “Investment Contract” Analysis of Digital Assets (Apr. 3, 2019), available at https://www.sec.gov/corpfin/framework-investment-contract-analysis-digital-assets, to assist sponsors of ICOs in determining whether a digital asset proposed to be issued is a security. The SEC reiterated its reliance on Howey and subsequent cases and set forth the analytical steps for application of the Howey test to digital assets. Most notably, the SEC also set forth factors to be considered in determining whether and when a digital asset may no longer be a security, thus providing a preliminary roadmap for avoiding SEC regulation. At the same time, the SEC cautioned that the factors identified were not intended to be exhaustive and that no single factor is determinative. See §10.5C.
Taxation of Internet Transactions
In South Dakota v Wayfair, Inc. (2018) 585 US ___, 138 S Ct 2080, the U.S. Supreme Court acknowledged recent estimates that states were losing from $8 billion to $33 billion in revenues annually on account of their inability to collect sales taxes on sales made online by out-of-state retailers to in-state residents. Overruling prior Supreme Court precedent, the Court held that a retailer may have a substantial nexus with a state without having a physical presence in that state. At issue in Wayfair was South Dakota legislation that required retailers to collect sales and use tax if the retailer either (1) delivered more than $100,000 of goods or services into the state or (2) engaged in 200 or more separate transactions for the delivery of goods or services into the state. The Court ruled that the legislation afforded a reasonable degree of protection for small businesses and that the nexus was constitutionally sufficient. The Court also noted that the legislation was not retroactive. See §§10.17, 10.23.
Beginning April 1, 2019, retailers located outside California are required to register with the California Department of Tax and Fee Administration (CDTFA), collect the California use tax, and pay the tax to the CDTFA based on the amount of their sales into California, even if they do not have a physical presence in the state. The collection requirement applies to a retailer if, during the preceding or current calendar year, combined sales by the retailer and related parties of tangible personal property for delivery in California exceed $500,000, regardless of the number of separate transactions. Rev & T C §6203(c)(4), as amended by AB 147 (Stats 2019, ch 5). See §§10.24–10.25.
Advertising on the Internet
In In re 1-800 Contacts, Inc. (Nov. 7, 2018) FTC Docket No. 9372, the FTC determined that trademark settlement agreements prohibiting a settling competitor from using 1-800 Contacts’ trademark in its bids for online advertisements were anticompetitive. There existed less anticompetitive alternatives to prevent trademark infringement. The FTC ordered 1-800 Contacts to cease and desist from enforcing those provisions or entering into any similar agreements in the future. See §17.7.
Effective as of July 1, 2019, it is “unlawful for any person to use a bot to communicate or interact with another person in California online, with the intent to mislead the other person about its artificial identity for the purpose of knowingly deceiving the person about the content of the communication in order to incentivize a purchase or sale of goods or services in a commercial transaction.” Bus & P C §17940. If a business chooses to communicate using a bot, the disclosure about the nature of the bot “shall be clear, conspicuous, and reasonably designed to inform persons with whom the bot communicates or interacts that it is a bot.” Bus & P C §17941. A “bot” is an “automated online account where all or substantially all of the actions or posts of that account are not the result of a person.” Bus & P C §17940. This bot law applies to public-facing Internet websites, web applications, and digital applications that have had 10 million or more unique monthly United States visitors or users for a majority of the preceding 12 months. It does not apply to companies such as Internet service providers. Bus & P C §§17940, 17942. See §17.10B.
Many companies are using automated texts to drive engagement with their brands. These automated texts may be regulated by the Telephone Consumer Protection Act (TCPA), codified at 47 USC §227. See also Satterfield v Simon & Schuster, Inc. (9th Cir 2009) 569 F3d 946, 953 (explaining that TCPA also applies to texts). “As originally enacted, the TCPA placed restrictions on the use of automated telephone equipment, including automatic telephone dialing systems and telephone facsimile machines.” Marks v Crunch San Diego, LLC (9th Cir 2018) 904 F3d 1041, 1044. The Ninth Circuit has held that an automatic telephone dialing system (ATDS) “means equipment which has the capacity—(1) to store numbers to be called or (2) to produce numbers to be called, using a random or sequential number generator—and to dial such numbers automatically (even if the system must be turned on or triggered by a person).” 904 F3d at 1053. See §17.29A.
A checklist for cybersecurity preparedness has been added to §18.10.
In Freestream Aircraft (Berm.) Ltd. v Aero Law Group (9th Cir 2018) 905 F3d 597, the court explained that it generally conducts a three-part inquiry into the defendant’s contacts with the plaintiff’s chosen forum to determine whether those contacts are sufficient to warrant the court’s exercise of jurisdiction. The test is as follows (905 F3d at 603):
The nonresident defendant must purposefully direct its activities or consummate some transaction with the forum or resident thereof, or perform some act by which it purposefully avails itself of the privilege of conducting activities in the forum, thereby invoking the benefits and protections of its laws;
The claim must be one that arises out of or relates to the defendant’s forum-related activities; and
The exercise of jurisdiction must comport with fair play and substantial justice, i.e., it must be reasonable.
The Internet has leveraged exponentially the speech and speech-related activities of individuals and businesses. As a consequence, potential liability for speech-related activities has increased. Online speech can result in state tort liability (such as defamation, invasion of privacy, fraud, and unfair business practices) or federal tort liability (such as copyright and trademark infringement). At the same time, important protections have emerged, including protections under First Amendment jurisprudence, §230 of the Communications Decency Act (CDA), and California’s anti-SLAPP statute (CCP §425.16). Chapter 20 has been substantially expanded to address liability related to the First Amendment and speech-related activities. See chap 20.
In U.S. v Ackell (1st Cir 2018) 907 F3d 67, the defendant, an adult male who had been convicted of violating the federal anti-stalking statute (18 USC §2261A), challenged the statute on First Amendment grounds. The defendant had been communicating with an adolescent female through an Internet chat room. The court highlighted the exceptions to protected speech for “true threats” (see Virginia v Black (2003) 538 US 343, 359, 123 S Ct 1536) and “speech integral to criminal conduct” (see U.S. v Alvarez (2012) 567 US 709, 717, 132 S Ct 2537). The exception for “‘true threats’ encompass[es] those statements where the speaker means to communicate a serious expression of an intent to commit an act of unlawful violence to a particular individual or group of individuals.” Ackell, 907 F3d at 75, citing Black, 538 US at 359. See §20.9.
The Ninth Circuit allows defendants to bring anti-SLAPP motions to strike state law claims in federal court. Planned Parenthood Fed’n v Center for Med. Progress (9th Cir 2018) 890 F3d 828, amended (9th Cir 2018) 897 F3d 1224. However, the Ninth Circuit has applied the anti-SLAPP statute differently in some key respects. See §20.92. Not all federal courts have allowed anti-SLAPP motions, on the grounds that they conflict with the Federal Rules of Civil Procedure. See Los Lobos Renewable Power, LLC v Americulture, Inc. (10th Cir 2018) 885 F3d 659, 672. See §20.77.
The “connection” element requires examining the specific nature of the statement and whether it concerns or is about the asserted public interest. Rand Resources, LLC v City of Carson (2019) 6 C5th 610. See §20.89.
In 2018, the Communications Decency Act of 1996 (47 USC §230) was amended to provide that §230 does not immunize Internet service providers and other providers of interactive computer services (see §20.104) against enforcement of federal and state criminal and civil laws prohibiting sexual exploitation of children, sex trafficking, or promotion or facilitation of prostitution (in jurisdictions where prostitution is illegal). 47 USC §230(e)(5). In Congress’s view, §230 was never intended to provide legal protection to websites that unlawfully promote and facilitate prostitution or websites that facilitate traffickers by advertising the sale of unlawful sex acts with sex trafficking victims. See Allow States and Victims to Fight Online Sex Trafficking Act of 2017 (Pub L 115–164, 132 Stat 1253). See §20.112.
The role of a “publisher” is broader than merely providing a forum for the third party content to be posted. Under the Communications Decency Act of 1996 (47 USC §230), “lawsuits seeking to hold a service provider liable for its exercise of a publisher’s traditional editorial functions – such as deciding whether to publish, withdraw, postpone or alter content – are barred.” Hassell v Bird (2018) 5 C5th 522, 541. See §20.115.
A plaintiff cannot seek to enforce an injunction against a person or entity protected by the Communications Decency Act of 1996 (47 USC §230). Hassell v Bird (2018) 5 C5th 522, 540. In Hassell, the plaintiff sued his former client for defamation and related torts based on a review posted on Yelp!. The plaintiff deliberately omitted Yelp! from his complaint, knowing that it would otherwise be immune under §230. After obtaining a default judgment and injunctive relief against the defendant and her “agents,” plaintiff sought to enforce the injunction against Yelp!, which was granted by the trial court and upheld by the court of appeal. The California Supreme Court reversed, holding that the injunction sought to hold Yelp! liable for being the speaker and publisher of the post, which was barred by §230. See §20.118.
In Facebook, Inc. v Superior Court (2018) 4 C5th 1245, the California Supreme Court balanced the due process rights of criminal defendants with the privacy rights of witnesses. The defendant filed motions to subpoena public and private Facebook posts from an adverse witness. Facebook filed motions to quash the subpoenas on privacy grounds. The court held that the subpoenas were unenforceable with respect to communications addressed to specific persons and communications that were and have remained configured by the registered user to be restricted. However, under the lawful consent exception of 18 USC §2702(b)(3), social media providers must disclose communications that were configured by the registered user to be public and that remained so configured at the time the subpoenas were issued in accordance with state law. See §20A.5.
Courts have held that when a party fails to produce nonprivileged, nonprotected, and relevant electronic evidence based on the producing party’s good faith yet legally incorrect claims that the evidence is privileged, the producing party may be forced to produce the documents but would be, at most, subject to sanctions under Fed R Civ P 37(e)(1) for failure to produce without an intent to deprive the requesting party of its rightful discovery (i.e., mere negligence). The harsher Fed R Civ P 37(e)(2), which carries more severe penalties such as adverse inferences, adverse jury instructions, or outright dismissal of the action, would not be imposed if ill intent appears absent. See Schmalz v Village of N. Riverside (ND Ill, Mar. 23, 2018, No. 13 C 8012) 2018 US Dist Lexis 216011. Yet, in 2018, courts have imposed monetary sanctions with record disproportionality to the amount in controversy when bad faith rather than mere negligence is found. For example, in Klipsch Group, Inc. v ePRO E-Commerce Ltd. (2d Cir 2018) 880 F3d 620, the Second Circuit upheld a trial court discovery sanction of $2.7 million in a case in which the amount in dispute did not exceed $25,000. The defendant intentionally did not comply with its legal hold requirements and was also found to have willfully despoiled relevant and discoverable electronic evidence. Similarly, in 2018, a Nevada federal judge awarded nearly $820,000 in sanctions for serial discovery violations and evidence destruction in an ongoing wage-and-hour class action when the defendant failed to produce e-mail and text messages and other electronically stored information. See Small v University Med. Ctr. (D Nev, July 31, 2018, No. 2:13–cv–0298–APG–PAL) 2018 US Dist Lexis 127803. See §20A.8.
Recently, harsh sanctions have been upheld for intentional alteration of digital evidence. In 2018, a court issued terminating sanctions after finding that a party knowingly and intentionally fabricated e-mail messages to bolster its case in chief while knowingly deleting damaging ESI for that same reason. See ComLab, Corp. v Kal Tire & Kal Tire Mining Tire Group (SD NY, Sept. 11, 2018, No. 17–cv–1907 (KBF)) 2018 US Dist Lexis 154983. See §20A.19.
U.S. v Henderson (9th Cir 2018) 906 F3d 1109 involved a Network Investigative Technique (NIT) search warrant issued by a federal court magistrate in the Eastern District of Virginia to search a computer located at a residence in California that was tied to a suspect IP address communicating with a server in Virginia. The police were investigating child pornography file transfer activity between the two computers. The Ninth Circuit affirmed the federal district court’s denial of a motion to suppress, including the evidence seized in California. The Ninth Circuit held that the NIT warrant violated Fed R Crim P 41(b) by authorizing a search outside the issuing magistrate judge’s territorial authority, rejecting the government’s contention that the NIT mechanism was a “tracking device” for which out-of-district warrants are authorized by Fed R Crim P 41(b)(4), and that the Rule 41 violation was a fundamental, constitutional error. However, the panel concluded that the good faith exception to the exclusionary rule applied to prevent suppression of the evidence obtained against the defendant through the NIT warrant. The court found that there was no evidence that the officers executing the NIT warrant acted in bad faith. See §20A.30.
Although geo-filtering software is typically effective under most circumstances, in recent years a variety of methods to circumvent these measures have become easily accessible to the public, including virtual private networks (VPNs), Domain Name System (DNS) proxies, and browser plug-ins. See Edelman, The Thrill of Anticipation: Why the Circumvention of Geoblocks Should Be Illegal, 15 Va Sports & Ent LJ 110 (2015–16). In essence, each of these circumvention methods works by making the location of the user appear to be in the same country as the content provider. To combat these tactics, recent Regulation (EU) 2018/302 was passed in the EU to address unjustified geo-blocking and other forms of discrimination. See http://data.europa.eu/eli/reg/2018/302/oj. Although these services may seem nefarious from the perspective of intellectual property right owners, proponents of these services contend that they are vital to protecting anonymous free speech and privacy rights. See §21.7.
The recent popularization of cryptocurrency has also introduced the possibility of using so-called “smart contracts” in cross-border transactions when enforcement may otherwise be difficult. In general, a smart contract is a computer program designed to execute the terms of a contract on the occurrence of a pre-programmed triggering event. Smart contracts are discussed further in California Law of Contracts §4.67 (Cal CEB). Because smart contracts are self-executing, they tend to reduce the risk of breach and thus the possibility of having to adjudicate a claim in a foreign jurisdiction. Despite their promising potential, however, and depending on the structure of the smart contract, they may be vulnerable to hacks and other cybersecurity threats. Thus, the chance that smart contracts will become ubiquitous remains far from clear. See §21.8.
Despite harmonization efforts, variations in the scope of intellectual property protection available may differ significantly from country to country. Even when countries enter into an agreement, its provisions are not equally enforced by all parties. As a result, e-commerce businesses, among others, face substantial challenges in protecting their intellectual property, regardless of whether they conduct business in foreign markets or limit their sales to the United States. Although the issue is not new, the development of e-commerce infrastructure has brought certain kinds of infringement to unprecedented levels. One of the most pervasive examples of this phenomenon is the counterfeiting epidemic faced by online retailers. Popular products quickly become targets for counterfeiting and other forms of copying. When those counterfeit products are then shipped into the United States, manufacturers and retailers of the genuine goods not only lose profits based on those sales, but the typically inferior quality of the counterfeit goods harms the brand’s reputation, while also potentially posing health and safety hazards to consumers. See, e.g., https://www.duanemorris.com/articles/counterfeit_cosmetics_fake_beauty_real_danger_0418.html. According to a major report released by the International Trademark Association (INTA), the total value of international and domestic trade in counterfeit and pirated goods in 2013 was estimated at $710 billion to $917 billion, with projections of $1.9 trillion to $2.8 trillion by 2022. See Frontier Economics, The Economic Impacts of Counterfeiting and Piracy (BASCAP and INTA, 2017), available at https://www.inta.org/communications/documents/2017_frontier_report.pdf. See §21.9.