P: 310.849.3134 F:877.867.3303

9595 Wilshire Boulevard

Suite 900

Beverly Hills, CA 90212

Friday, March 11, 2016

From Safe Harbor to Privacy Shield: Making order from chaos on data protection

Cross-post from IP Watchdog.  http://www.ipwatchdog.com/2016/03/06/privacy-shield-making-order-from-chaos-data-protection/id=66805/

I want you to picture a long, complicated ant trail. They are marching along, in line, minding their everyday business. Now I want you to picture someone putting up a barrier in the middle of that trail. You know what, let’s picture a few barriers… what happens to the trail? Chaos, disorganization, stress, etc. (Do ants even feel stress?)

You may be asking why I am talking about ants. Well, it turns out ants walk in a straight line because they are all following one another. When something happens to that chain of command, all hell breaks loose. Which is exactly what happened on October 5, 2015, when the European Court of Justice declared the US-EU Safe Harbor Framework invalid in the landmark case Schrems v. Data Protection Commissioner. Since then, US and EU officials have been scrambling to implement a new mechanism for transatlantic data transfers.

What was Safe Harbor?

The Safe Harbor arrangement was established in 2000 to facilitate data flows specifically between the United States and European Union Member States. The arrangement came as a result of the EU’s Data Protection Directive, which allowed transfers of personal data of a citizen within the EU to an outside country only if that country ensured an adequate level of data protection. Under the arrangement, participating US companies could send and receive European personal data if they self-assessed and self-certified that their data transfer measures were “secure.”
What happened in Schrems v. Data Protection Commissioner?

Fast-forward to Edward Snowden’s big reveal. In light revelations made concerning the activities of US intelligence services, Austrian citizen Max Schrems lodged a complaint with the Irish data protection authority claiming that the US offered no real protection against national security surveillance of data transferred to the US. The particular data in question was information that Schrems provided to Facebook. Facebook transfers data from its Irish subsidiary to servers located in the US. Schrems argued that while measures were in place to protect data when dealing with US companies, there were no protections from the US government.

The result? The European Court of Justice – stressing the fundamental right to protection of personal data – invalidated the Safe Harbor framework for failing to protect the privacy of European citizens. (Think of those ants scattering, here.)

Post-Schrems Effects: A New Privacy Shield

To replace the now-defunct Safe Harbor agreement, last week the European Commission published the first details of its transatlantic Privacy Shield. The Privacy Shield is meant to strengthen obligations on US companies to protect European personal data, and improve regulations regarding data monitoring by US government agencies. The new arrangement will include the following elements:
  • Greater obligations on companies to publish their commitment to protecting Europeans’ personal data with robust monitoring by the Department of Commerce and enforcement by the Federal Trade Commission.
  • Companies will have to promise not to collect more personal information than needed for their services.
  • Clearer safeguards and transparency obligations on US government access by disallowing indiscriminate mass surveillance on personal data and implementing an annual joint review to regularly monitor the functioning of the arrangement.
  • Providing EU citizens with avenues for redress if their data protection rights become compromised. US companies may be directly liable for violations, and European Data Protection Authorities can refer complaints to the Department of Commerce and the Federal Trade Commission. For complaints regarding possible access by national intelligence authorities, an Ombudsperson will be created to address the concerns.
Most importantly, according to the commission, “for the first time, the US government has given the EU written assurance from the Office of the Director of National Intelligence that any access of public authorities for national security purposes will be subject to clear limitations, safeguards and oversight mechanisms.” That said, it does appear that the NSA will still have plenty of access to data, which is unlikely to be well received and may lead to another challenge.

Next Steps for the Privacy Shield

Last week, the Article 29 Working Party, a group of EU Member State data protection representatives, released a draft agreement for review. After the Working Party offers their comments, approval will be required, which is not guaranteed. This complex process will take some time and is vulnerable to disruption each step of the way. But, the EU and the US hope to formally adopt a working agreement by August.

Further Action by the US to Support the Privacy Shield

While the both parties wait for approval of the new Privacy Shield, the US began implementation of a new framework for monitoring government surveillance actions and created a new Ombudsperson. On February 24, 2016, President Obama signed the Judicial Redress Act into law. The Act is important to assist final approval of the Privacy Shield, and provides EU Member States with limited rights to review, copy, and request amendments to records kept by federal agencies. We currently have the same rights under the Privacy Act of 1974. Under the Judicial Redress Act, the US Department of Justice will also designate countries whose citizens will have access to US federal courts for bringing specified claims against US government agencies for violating data protection rights.

Time to Get Back in Line

With the release of the draft Privacy Shield, many are skeptical that it will ensure proper privacy protection and some believe that it may be challenged after implementation; but for now, there is a strong probability that the Privacy Shield will be the next data transfer mechanism.


ALG is staying well-informed of these and other Internet law and Intellectual Property law related matters to make sure we can properly counsel our clients. If you have any questions regarding this or any other Internet law or business law related matters, please contact Antoine Law Group, APC.
LEGAL DISCLAIMER: Materials on this web site are for informational purposes only. These materials do not constitute legal advice, should not be considered as legal authority, and do not create an attorney-client relationship. You should not act or rely upon these materials without seeking professional counsel. Please contact our office so we may evaluate the specific needs and discuss the facts and issues you may be experiencing. Sending e-mail also does not establish an attorney-client relationship. An attorney-client relationship can only be established by mutual written consent with an attorney. Unless and until an attorney-client relationship is established, e-mail and other communications sent may not be privileged. This site and the content herein may be considered an advertisement under regulations of the California State Bar.

Monday, February 22, 2016

Online Subscription Providers Beware of California’s Automatic-Renewal Law

The development of online subscription services and free trials have given rise to agreements with automatic renewal provisions. Originally, once a free trial to a subscription ended, the consumer would have to formally “opt in” to continue receiving the service or product. More recently, service providers have begun moving towards an “opt out” model where the service extends beyond the free trial window and charges begin automatically unless the consumer opts out. As a result, venders frequently receive payments simply because consumers accidentally miss the deadline to opt out and become aware of the charge only when they check their credit card statement. Consumers complained that auto-renewal terms were not fully spelled out in agreements.  

In 2010, California passed the Auto-Renewal Law, which requires subscription providers that use automatic renewals to disclose their subscription terms in a clear and conspicuous manner. Cal. Bus. & Prof. Code § 17600 et seq. The law applies to any subscription service, including those procured online, through paper, or by telephone. The statute’s purpose is to end the practice of ongoing credit or debit charges for ongoing services without the consumers’ explicit consent.  With a recent rash of class action suits, I thought it would be a good time to revisit the topic. 

Requirements under the Auto-Renewal Law
California’s Auto-Renewal Law lays out what businesses must do to have compliant automatic renewal agreements:

  • The automatic renewal service must offer terms in a clear and conspicuous manner before the purchasing agreement is fulfilled, and terms must be in visual proximity to the request for consent to the offer;
  • The automatic renewal service must obtain affirmative consent from the consumers;
  • Subscription providers must include the automatic renewal offer terms, cancellation policy, and information regarding how to cancel; and
  • Subscription providers must provide a toll-free number or other cost-effective, accessible mechanism for cancellation.
The statute additionally requires that all the above provisions be satisfied prior to completing the initial order for the automatic renewal service. However, if the offer includes a free trial, then the business must disclose cancellation information and allow the consumer to cancel before the consumer pays for the goods or services.

For material changes to automatic renewal terms that consumers have already accepted, the law requires that the business provide the consumer with clear and conspicuous notice of the material change and provide information on how to cancel. Such notice must be fulfilled prior to implementing the material change.  

The Meaning of Clear and Conspicuous
The Auto-Renewal Law details what constitutes clear and conspicuous. Written disclosures must be “in a manner that clearly calls attention to the language” as follows:

  • In larger type than the surrounding text, or
  • In contrasting type, font, or color to the surrounding text of the same size, or
  • Set off from the surrounding text of the same size by symbols or other marks
For disclosures via telephone, clear and conspicuous means “in a volume and cadence sufficient to be readily audible and understandable.”

Penalties
Companies that violate the provisions listed above are subject to all available civil remedies. Detrimental to businesses, the statute also provides that services or goods delivered without obtaining the receiver’s affirmative consent are considered an unconditional gift. Thus, consumers may keep the services rendered and receive a refund. Non-compliance can lead to restitution of all revenues collected from California customers via the automatic renewal service, creating substantive regulatory, economic, and risk to a companies' reputation.

Conclusion

Since the statute’s passing, an increasing amount of class action lawsuits have been brought against automatic renewal agreements. As cases continue being filed, the application and practical effects of California’s Auto-Renewal Law on businesses will undoubtedly increase.

ALG is staying well-informed of these and other Internet law and Intellectual Property law related matters to make sure we can properly counsel our clients. If you have any questions regarding this or any other Internet law or business law related matters, please contact Antoine Law Group, APC.
LEGAL DISCLAIMER: Materials on this web site are for informational purposes only. These materials do not constitute legal advice, should not be considered as legal authority, and do not create an attorney-client relationship. You should not act or rely upon these materials without seeking professional counsel. Please contact our office so we may evaluate the specific needs and discuss the facts and issues you may be experiencing. Sending e-mail also does not establish an attorney-client relationship. An attorney-client relationship can only be established by mutual written consent with an attorney. Unless and until an attorney-client relationship is established, e-mail and other communications sent may not be privileged. This site and the content herein may be considered an advertisement under regulations of the California State Bar.

Tuesday, August 18, 2015

eBay Removes Spin Bike Listings Because ‘Spin’ is Apparently Trademarked

CrossPost - IP Watchdog: eBay Removes Spin Bike Listings Because Spin is Apparently Trademarked

Have you ever gone spinning? I have. Actually, I love it. Schedule permitting, I spin a few times a week. Or at least I thought I was spinning. That was until last week when a client of mine, an online products distributor, sent an email that VeRO removed a “spin” bike they were selling on ebay.com. VeRO is ebay’s Verified Rights Owner program. VeRO allows a right’s owner (someone who has a verified trademark, copyright, etc.) to request removal of an item. This action, of course, is not without controversy. Business owners have claimed that this process is often abused and overreaching. I will leave that discussion for another day. For now, you should know that a company by the name of Mad Dogg Athletics, Inc. (MDA) is a member of the eBay VeRO Program and uses this program to enforce the nearly one hundred trademarks it owns, which include: spin, spinning, spinner, spin yoga, spinfitness, and spin daddy. With that said, only MDA’s Spin® bike can be called that, and so my client’s “spin bike” listing was removed due to use of the word spin.

Pursuant to 15 U.S. Code § 1064(3), “… If the registered mark becomes the generic name for less than all of the goods or services for which it is registered, a petition to cancel the registration for only those goods or services may be filed. A registered mark shall not be deemed to be the generic name of goods or services solely because such mark is also used as a name of or to identify a unique product or service. The primary significance of the registered mark to the relevant public rather than purchaser motivation shall be the test for determining whether the registered mark has become the generic name of goods or services on or in connection with which it has been used.”

This is how Apple lost their trademark registration for the term “app.” Plenty of famous registrations were lost because they became generic: asprin, escalator, thermos, photoshop, dry ice, trampoline, and yes, even heroin. Google, however, recently won a battle against Plaintiffs who were claiming that the verb “to google” has become generic. In Elliot, et al. v. Google, Inc., No. 12-cv-1072 (PHX)(SMM) (D.Ariz., Sept. 10, 2014), the Court held that even though consumers use “google” as a verb to mean using any Internet search engine, GOOGLE® is a valid trademark because the “primary significance” of the mark to consumers is the use of Google.com.

That said, Google is one of the largest companies in the world. I know I am not a professional cycler by any stretch, but as someone who at least recreationally partakes in indoor cycling, I had never even heard of the MDA. I bet you if I polled the people at my class, most haven’t either. It’s also important mention that on its page for “indoor cycling,” Wikipedia states, “[i]t is commonly called spinning.” Yelp allows you to search for “spin” and “spinning studio.” ABC News refers to SoulCycle as a spin studio. For the record, they are not. I dare you to search any cycling studio’s reviews for the word “spin.” Almost every review I found seemed to use the word interchangeably.

For their part, MDA has taken every opportunity to enforce their marks. This is extremely important. They aggressively go after any and every infringer. They have sued Amazon and Walmart, and even went after a gym in Denmark. It’s CEO, John Baudhuin, has stated, “We spend almost a million dollars a year protecting our brand because it’s our responsibility to make sure everyone understands what our brand means.” They even have a specific landing page on their website dealing with use of their mark. In part, they explain, “the Spin®, Spinner®, Spinning®, Spin Fitness® and the Spinning logo ® trademarks are important business assets to Mad Dogg Athletics, Inc. and should be treated with the care and respect. We rely on our trademarks to identify our products, services, activities and programs to distinguish them from those of our competitors.”

But, is all of this enough? In 2000, the Southern District of New York held that the “Pilates” trademark was a generic term for a type of fitness method, similar to “yoga” or “karate.” The court ruled that “Pilates” was no longer capable of functioning as a source identifier. Since “consumers identify the word ‘Pilates’ as a particular method of exercise,” the Court found that the plaintiff could not monopolize it. The court acknowledged that everyone associated the term “Pilates” with the form of exercise in general rather than as an origin of services.

“Bikram Yoga” is currently involved in a similar dispute.

We will have to wait and see what happens there. But, I’m curious, what makes “spin” any different from “Pilates,” “yoga,” or “karate?”

Thursday, June 4, 2015

Bankruptcy Court Deems Social Media Accounts Property of the Estate


Social media accounts have become powerful marketing and public relations tools for businesses promoting their products or services.  In this tech era, companies can rely on Twitter and Facebook to connect with their target market, promote their products, build a brand name, and shape the public’s opinion.  But social media as an asset in a bankruptcy proceeding… yes, apparently that’s happening too.

In Texas, the United States Bankruptcy Court held that the former majority member had to relinquish control of the business’ social media accounts.  In In re CTLI, LLC (Bankr. S.D. Tex. Apr. 3, 2015), the court concluded that business social media accounts, even when there is some intermingling of personal content, can become property of an estate.  Jeremy Alcede, the majority shareholder of Tactical Firearms, a gun store and shooting range, had been posting personal and business content to Facebook and Twitter.   However, when the company entered into Chapter 11 reorganization, Alcede lost control and ownership of the company.  He then refused to relinquish the Facebook and Twitter accounts and even changed the accounts’ names to reflect his own name, arguing that that turning over these accounts would violate his individual privacy rights.  

The court began by asking whether a debtor’s social media accounts constituted property under Section 541 of the Bankruptcy Code. Section 541 defines “property of estate” to include “all legal or equitable interests of the debtor in property as of commencement of the case.” Although no Texas court had ruled on such issue, the court found that social media accounts are property interests under Texas law, as they provide "valuable access to customers and potential customers" similar to a subscriber or customer list. 

The court then looked to determine whether the Facebook and Twitter accounts were Alcede’s personal or business property.  The court explained that only business accounts are deemed property of an estate, ultimately deciding that they were business accounts. 

The court’s reasoning was that the Facebook account was not a “profile” but in fact a “page,” specifically designed for business use.  The fact that Alcede posted on behalf of the company was immaterial because his posts were targeted at promoting the business.  Additionally, other factors pointed to a business account: the Facebook page had a link to Tactical Firearms website, other employees of the company were granted access to post status updates promoting the business, and it was created in the name of the business, regardless if he later changed the name.

Similarly, the court found that the Twitter account was named after the business, included a link to the official webpage, included a description of the Tactical Firearms business in the account’s description, and was used almost exclusively to promote the business. 

The court also rejected Alcede’s privacy contentions by analogizing to cases where an employee waives privacy rights when emailing on an employer’s computer system.  The court ruled because the social media accounts were for the benefit of the business, Alcede lost any personal privacy right in his content. 

Lesson learned.

ALG is staying well-informed of these and other Internet law and Intellectual Property law related matters to make sure we can properly counsel our clients. If you have any questions regarding this or any other Internet law or business law related matters, please contact Antoine Law Group, APC.

LEGAL DISCLAIMER: Materials on this web site are for informational purposes only. These materials do not constitute legal advice, should not be considered as legal authority, and do not create an attorney-client relationship. You should not act or rely upon these materials without seeking professional counsel. Please contact our office so we may evaluate the specific needs and discuss the facts and issues you may be experiencing. Sending e-mail also does not establish an attorney-client relationship. An attorney-client relationship can only be established by mutual written consent with an attorney. Unless and until an attorney-client relationship is established, e-mail and other communications sent may not be privileged. This site and the content herein may be considered an advertisement under regulations of the California State Bar.

Tuesday, March 31, 2015

A Picture is Worth a Thousand Words

Facebook users beware! Social media lovers should think twice before posting their favorite hiking picture, post-marathon photo, or any picture that might compromise a case in a pending litigation.  In Nucci v. Target Corp., a recently decided case in Florida, the Court of Appeals held that your social media posts and photographs may be relevant evidence, admissible during litigation. 

Judges are becoming increasingly willing to order disclosure of social media content for litigation purposes.  In Nucci, the plaintiff, Maria Nucci was involved in a slip and fall inside a Target store.  Nucci claimed damages for personal injuries and emotional distress.  

Before deposing Nucci, Target’s attorney noted that her Facebook profile listed 1,285 photographs, but these photos could not be viewed since she had her profile set to “private.”  Since her emotional and physical condition were at issue in the case, Target requested access to her Facebook photos. During the deposition, Target requested Nucci disclose these photographs, but she denied the request.  Soon after the deposition, Target’s attorney noticed that the number of photographs listed dropped to 1,249.  Target sought a court order directing Nucci produce all Facebook photographs from two years prior to the date of incident through present day.  The court granted the order and Nucci appealed. 

Florida’s legal standard for discovery requests states any information that “appears reasonably calculated to lead to the discovery of admissible evidence,” should be granted, including electronically stored information.  The Court of Appeals explained that since Nucci was seeking intangible damages, it was important to determine her quality of life before and after the accident to reach a true determination losses suffered.  The court stated:

            It would take a great novelist, a Tolstoy, a Dickens, or a Hemingway, to use words to
summarize the totality of a prior life. If a photograph is worth a thousand words, there
is no better portrayal of what an individual’s life was like than those photographs the
individual has chosen to share through social media before the occurrence of an
accident causing injury. Such photographs are the equivalent of a “day in the life” slide
show produced by the plaintiff before the existence of any motive to manipulate
reality.”

Therefore, the court ruled that the photographs were “powerfully relevant” to the damages portion of the case. Also, the court stated the requested time frame was sufficiently limited and not a “fishing expedition” – where relevant evidence might accidently be discovered in an overly broad discovery request. 

As to Nucci’s privacy interests, the court ruled that the relevance of her photographs greatly outweighed Nucci’s minimal privacy interest.   Nucci argued that she had a legitimate expectation of privacy in her photographs since her Facebook profile was set to “private.”  However, the court was not convinced and explained that photographs posted on a social media site are neither privileged or protected by any right of privacy, regardless of the privacy settings established by the user.  After all, the court pointed out that the very nature of these social media sites is to share photographs with others, and so a user cannot later claim a legitimate expectation of privacy. 

While this case was heard in Florida, it is important to be cautious with social media postings, especially photos, which may have a damaging impact on pending or future litigation.  Remember, a picture is worth a thousand words!

ALG is staying well-informed of these and other Internet law and Intellectual Property law related matters to make sure we can properly counsel our clients. If you have any questions regarding this or any other Internet law or business law related matters, please contact Antoine Law Group, APC.

LEGAL DISCLAIMER: Materials on this web site are for informational purposes only. These materials do not constitute legal advice, should not be considered as legal authority, and do not create an attorney-client relationship. You should not act or rely upon these materials without seeking professional counsel. Please contact our office so we may evaluate the specific needs and discuss the facts and issues you may be experiencing. Sending e-mail also does not establish an attorney-client relationship. An attorney-client relationship can only be established by mutual written consent with an attorney. Unless and until an attorney-client relationship is established, e-mail and other communications sent may not be privileged. This site and the content herein may be considered an advertisement under regulations of the California State Bar.