July 2018 Update
Currently, it is unresolved whether a computer program’s copyright protection extends to its output, but such an extension appears unlikely or limited to narrow circumstances. The Ninth Circuit has noted a split in authority regarding this topic: Some courts have created a per se rule saying no, while others grant protection “if the program ‘does the lion’s share of the work’ … and the user’s role is so ‘marginal’ that the output reflects the program’s contents.” Design Data Corp. v Unigate Enter., Inc. (9th Cir 2017) 847 F3d 1169, 1173 (citations omitted). See §1.4C.
Two jurisdictions—New York and Florida—have already determined that their state law does not recognize a public performance right for pre-1972 sound recordings. See Flo & Eddie, Inc. v Sirius XM Radio, Inc. (Fla 2017) 229 So3d 305; Flo & Eddie, Inc. v Sirius XM Radio, Inc. (2016) 28 NY3d 583, 70 NE3d 936. See also Flo & Eddie, Inc. v Sirius XM Radio, Inc. (2d Cir 2017) 849 F3d 14. The Ninth Circuit has certified the question of whether California law recognizes a public performance right in pre-1972 sound recordings to the California Supreme Court, which has granted review. Flo & Eddie, Inc. v Pandora Media, Inc. (9th Cir 2017) 851 F3d 950. See §1.11.
In Goldman v Breitbart News Network, LLC (SD NY, Feb. 15, 2018, No. 17–cv–3144 (KBF)) 2018 US Dist Lexis 25215, the federal district court rejected the Ninth Circuit’s approach and held that HTML instructions do implicate the public display right in some circumstances. This holding is at odds with Ninth Circuit and Seventh Circuit law. See Perfect 10, Inc. v Amazon.com, Inc. (9th Cir 2007) 508 F3d 1146, 1159; Flava Works, Inc. v Gutner (7th Cir 2012) 689 F3d 754, 757. Practitioners are advised to follow Goldman v Breitbart closely, as the Second Circuit may grant interlocutory review. Should the Second Circuit affirm, the Supreme Court will need to intercede to resolve the circuit split. See §1.12.
The issue of ownership of the copyright is one of standing. A plaintiff only has standing if the plaintiff is the “legal owner” or “beneficial owner” of an exclusive right that the defendant has violated. 17 USC §501(b). “The classic example of a beneficial owner is ‘an author who has parted with legal title to the copyright in exchange for percentage royalties based on sales or license fees.’” DRK Photo v McGraw-Hill Global Educ. Holdings, LLC (9th Cir 2017) 870 F3d 978, 988 (citations omitted). “By contrast, an author who receives royalties for a work created under a work-for-hire agreement, and thus who never had ownership of the work, is not a beneficial owner.” 870 F3d at 988. If ownership of an exclusive right is claimed by an assignment, the agreement must be in writing. 17 USC §204. A defendant may not “raise noncompliance with 17 USC §204(a)’s writing requirement as a defense to a copyright transfer where the parties to the transfer do not dispute its existence[.]” 870 F3d at 986. The language of a document that purports to transfer ownership is not conclusive; rather, courts “must consider the substance of the transaction.” 870 F3d at 986. For example, exclusive licensing agent agreements are sufficient to confer standing to sue for copyright infringement, but nonexclusive agreements do not. 870 F3d at 983. See §1.22.
In most cases, direct evidence of copying will not be available. Therefore, a plaintiff may establish copying by showing that (1) the infringer had access to the work and (2) the two works are substantially similar. Narell v Freeman (9th Cir 1989) 872 F2d 907, 910. Courts apply a sliding-scale analysis to the two elements. Access can be proven in three ways: (1) establishing a causal link establishing the defendant’s access to the work; (2) widespread dissemination of the work; or (3) when the allegedly infringing work shares “striking similarity” (i.e., is “virtually identical” to the copyrighted work). Unicolors, Inc. v Urban Outfitters, Inc. (9th Cir 2017) 853 F3d 980, 987; Loomis v Cornish (9th Cir 2016) 836 F3d 991, 995. See §1.22.
In Goldman v Breitbart News Network, LLC (SD NY, Feb. 15, 2018, No. 17–cv–3144(KBF)) 2018 US Dist Lexis 25215, the U.S. District Court for the Southern District of New York rejected the Ninth Circuit’s “server test” to determine infringement of the public display right. In Goldman, the court held that the act of embedding implicates the public display right, regardless of whether the defendant is in possession of the work (i.e., regardless of whether the work resides on the defendant’s servers). The court found that (1) the possession requirement was not supported by the definition of “display” in 17 USC §101; (2) the legislative history did not support a possession requirement; and (3) the U.S. Supreme Court’s decision in American Broad. Cos. v Aereo, Inc. (2014) 573 US ___, 134 S Ct 2498, did not support a possession requirement either. This holding is at odds with Ninth Circuit and Seventh Circuit law. See Perfect 10, Inc. v Amazon.com, Inc. (9th Cir 2007) 508 F3d 1146, 1159; Flava Works, Inc. v Gutner (7th Cir 2012) 689 F3d 754, 757. If the Second Circuit grants interlocutory review and affirms, the U.S. Supreme Court will need to intercede to resolve the circuit split. See §1.23.
The “material contribution” theory of contributory infringement requires a showing that the service provider could take simple measures to prevent infringement but failed to do so. Perfect 10, Inc. v Amazon.com, Inc. (9th Cir 2007) 508 F3d 1146, 1172. These measures must constitute a “reasonable and feasible means” of preventing further damage to the copyrighted work. 508 F3d at 1172. Methods that are “unreliable and burdensome” do not satisfy this requirement. Perfect 10, Inc. v Giganews, Inc. (9th Cir 2017) 847 F3d 657, 671. For example, automated processes aimed at preventing infringement may satisfy this requirement, while manual processes will not. See 847 F3d at 671. See §1.27A.
A key question in fair use analysis is whether “a ‘reasonable copyright owner’ would have consented to the use, i.e., where the ‘custom or public policy’ at the time would have defined the use as reasonable.” Oracle Am., Inc. v Google LLC (Fed Cir 2018) 886 F3d 1179, 1234, citing Wall Data Inc. v Los Angeles County Sheriff’s Dep’t (9th Cir 2006) 447 F3d 769, 778. See §1.39.
A reaction video is a video in which a person reacts to excerpts or the entirety of an audiovisual work. Reaction videos usually involve the person reacting to another work that was posted online or to a film trailer. Often, but not always, the person reacting will provide comment and criticism on what they are watching. The extent of comment and criticism can vary greatly. A federal district court in the Central District of California first analyzed whether reaction videos qualify for fair use in Equals Three, LLC v Jukin Media, Inc. (CD Cal 2015) 139 F Supp 3d 1094. The court denied the copyright holder’s motion for summary judgment on the issue of fair use on 17 out of 18 reaction videos. See §1.45A.
In Oracle Am., Inc. v Google LLC (Fed Cir 2018) 886 F3d 1179, 1197, the court held that the highly commercial and nontransformative nature of Google’s use of Oracle’s Java application programming interface in Google’s Android operating system weighed against a finding of fair use. The court also ruled that the functional as distinct from the creative aspects of the copyrighted software were substantial and important, thus favoring fair use, but this factor was less significant in the overall analysis See §§1.50, 1.51.
In Disney Enters., Inc. v VidAngel, Inc. (9th Cir 2017) 869 F3d 848, the Ninth Circuit held the first sale doctrine was inapplicable to uploading lawful copies of a copyrighted work to a server. 869 F3d at 856. See §1.56.
Digital Millennium Copyright Act
The Family Entertainment and Copyright Act of 2005 (Pub L 109–9, 119 Stat 218) (part of which is known as the Family Home Movie Act) creates a defense for copyright infringement for certain forms of movie filtering and movie filtering technology. See 17 USC §110(11). In Disney Enters., Inc. v VidAngel, Inc. (9th Cir 2017) 869 F3d 848, 857, the Ninth Circuit held that an online service provider that streamed filtered motion pictures was ineligible for the defense. The service provider’s copying infringed the plaintiff’s exclusive reproduction right because the provider did not filter authorized copies of the films. Instead, the provider streamed from a master file copy that it created after circumventing the plaintiff’s technological protection measures in violation of the Copyright Act (17 USC §§101–1332) and the Digital Millennium Copyright Act (Pub L 105–304, 112 Stat 2860). See §1.56A.
To determine whether copyrighted content has been stored at the “direction of a user” under 17 USC §512(c), the critical inquiry is “the service provider’s role in making material stored by a user publicly accessible on its site.” Mavrix Photographs, LLC v Livejournal, Inc. (9th Cir 2017) 873 F3d 1045, 1053. The Ninth Circuit in Mavrix explained (873 F3d at 1056):
Infringing material is stored at the direction of the user if the service provider played no role in making that infringing material accessible on its site or if the service provider carried out activities that were “narrowly directed” towards enhancing the accessibility of the posts. [Citations omitted.] Accesibility-enhancing activities include automatic processes, for example, to reformat posts or perform some technological change.
See also Ventura Content, Ltd. v Motherless, Inc. (9th Cir 2018) 885 F3d 597, 605, in which the court held that the safe harbor protection is not eliminated if the ISP alters the file format to make it accessible before posting, enables users to apply search tags to uploads, or facilitates user access to files posted by other users. The ISP is not required to be merely an electronic storage locker. See §1.75.
In Mavrix Photographs, the Ninth Circuit applied the law of agency to hold that the actions of voluntary moderators may be attributable to the website, and not the user, when the website exerts sufficient control and the moderators review and post user submissions in accordance with the website’s polices. See 873 F3d at 1052. See §1.75.
“Red flag” knowledge occurs when a service provider is “subjectively aware of facts that would have made the specific infringement ‘objectively’ obvious to a reasonable person.” Columbia Pictures Indus., Inc. v Fung (9th Cir 2013) 710 F3d 1020, 1043. The “objective” aspect of this test is defined as “whether infringing activity would have been apparent to a reasonable person operating under the same or similar circumstances.” UMG Recordings, Inc. v Veoh Networks, Inc. (9th Cir 2013) 718 F3d 1006, 1026. Under this standard, the “infringement must be immediately apparent to a non-expert” (i.e., “apparent from even a brief and casual viewing”). Mavrix Photographs, LLC v Livejournal, Inc. (9th Cir 2017) 873 F3d 1045, 1057. See also Ventura Content, Ltd. v Motherless, Inc. (9th Cir 2018) 885 F3d 597, 610 (“for red flag knowledge, infringement must be apparent, not merely suspicious”). “Red flag” knowledge may occur when the website’s agents see a “generic watermark” or a watermark containing identifying information of the copyright holder, such as its website. 873 F3d at 1058. See §1.78.
In Visual Memory LLC v NVIDIA Corp. (Fed Cir 2017) 867 F3d 1253, the patent claims were directed to the nonabstract concept of configuring memory system based on the type of processor connected to it, which the court found to be a technological improvement with multiple benefits and advantages. See §2.18A.
For companies seeking guidance on the application of patent principles to the Internet of Things, the court’s reasoning in the Fitbit case offers some insights. See Fitbit, Inc. v AliphCom (ND Cal 2017) 233 F Supp 3d 799. The patent claims at issue related to pairing a wireless device (such as a wearable activity tracker) through a server to a client (such as a smartphone) when the server regulates the list of eligible devices and the end user validates the connection by “tapping” on the wearable device screen. 233 F Supp 3d at 804. The court in Fitbit found the claims recited significantly more than an abstract idea. First, the court reasoned that the small form of the FitBit wristband could not accommodate a traditional keyboard or buttons, so the tapping method to complete user validation without a keyboard was an inventive concept addressing a real-world problem. 233 F Supp 3d at 812. Second, interposing a server between the wearable and client devices to determine the possible portable devices eligible for pairing was an inventive concept to the traditional pairing steps. 233 F Supp 3d at 813. Companies seeking to patent IoT inventions directed to consumer wearables should take note of the court’s focus on improving the human interface and solving real-world problems, which seemed to be persuasive in the Fitbit case. See §2.19A.
A generic second level domain (SLD) combined with a top level domain suffix such as “.com” or “.biz” (TLD) can create a descriptive mark that is eligible for protection on proof that it has acquired distinctiveness or secondary meaning. See Booking.com v Matal (ED Va 2017) 278 F Supp 3d 891. See §3.45.
A “hashtag” is a form of metadata consisting of a word or phrase prefixed with the symbol “#” (e.g., #chicago, #sewing, and #supremecourtdecisions). Hashtags are often used on social networking sites to identify or facilitate a search for a keyword or topic of interest. See Trademark Manual of Examining Procedure (TMEP) §1202.18. Research conducted by Thomson Reuters CompuMark found that the number of worldwide hashtag trademark applications in 2016 increased by 64 percent over the previous year. It notes that the first hashtag trademark application was filed in 2010, with over 5000 applications since then. Two thousand two hundred of those were filed in 2016 alone. See http://www.compumark.com/insights/hashtag-trademark-applications-rise-64-just-one-year/. The USPTO permits registrations of a hashtag as a trademark, but “only if it functions as an identifier of the source of the applicant’s goods or services.” See TMEP §1202.18. See §3.46A.
In Elliott v Google, Inc. (9th Cir 2017) 860 F3d 1151, the Ninth Circuit rejected a petition for cancellation of the Google trademark based on a “genericide” theory, that the word “google” had become synonymous with the verb “search the Internet,” holding that “a claim of genericide must relate to a particular type of good or service and …verb use does not necessarily constitute generic use.” 860 F3d at 1156. The court stated that the plaintiff would have to show that there was no way to describe Internet search engines without calling them “googles.” Because not a single Google competitor calls its search engine “a google,” and because members of the consuming public recognize and refer to different Internet search engines, the plaintiff did not show that there was “no available substitute for the word ‘google’ as a generic term.” 860 F3d at 1162. See §3.53.
In Tompkins v 23andMe, Inc. (9th Cir 2016) 840 F3d 1016, the court upheld the enforceability of terms of a clickwrap agreement because, during the account creation and registration processes, users were required to click a box near a hyperlink to the terms of service to indicate their acceptance of those terms. See §7.3.
Individuals often use social media to promote themselves, locate new jobs, and connect and network with others. When employees leave an employer, they may have ongoing contractual obligations not to solicit their former employer’s customers or other employees. Courts have looked at the impact an individual’s social media use has on the former employer’s rights. In BTS USA, Inc. v Executive Perspectives, LLC (Conn App 2016) 142 A3d 342, the court held that merely providing a “status update” on social media announcing a new position and contact information did not violate a nonsolicitation obligation in the absence of an express contractual provision restricting communications via social media to the former employer’s customers and staff. See also Bankers Life & Cas. Co. v American Sr. Benefits LLC (Ill App 2017) 83 NE3d 1085 (generic requests to connect with individuals over social media without additional targeted content did not violate nonsolicitation agreement). See §8.35.
In Robins v Spokeo, Inc. (9th Cir 2017) 867 F3d 1108, cert denied (2018) ___ US ___, 138 S Ct 931, the court analyzed the question of Article III standing in the context of the Fair Credit Reporting Act (FCRA) (15 USC §§1681–1681x). Robins alleged that Spokeo (a website that compiles information on consumers) published inaccurate information concerning his age, marital status, educational background, and employment history, but no specific injury. The test for standing articulated by the Ninth Circuit has two prongs: “(1) whether the statutory provisions at issue were established to protect his concrete interests (as opposed to purely procedural rights); and if so, (2) whether the specific procedural violations alleged in this case actually harm, or present a material risk of harm, to such interests.” 867 F3d at 1112. The court found both prongs were met. The inaccuracies created a material risk of harm to Robins’s interest in accurate reporting to potential employers or credit reporting agencies, thus resulting in sufficiently concrete injuries to establish standing. Although this decision appears limited to the FCRA, its rationale could be extended to other privacy statutes. See §9.16A.
California’s Unfair Competition Law (UCL) (Bus & P C §§17200–17210) provides remedies for a wide range of unfair business practices, including, potentially, misrepresentation by a company of its privacy or data collection practices. However, a risk of future harm resulting from a data breach is not sufficient to constitute “lost money or property” under the UCL. In re Yahoo! Inc. Customer Data Sec. Breach Litig. (ND Cal, Aug. 30, 2017, No. 16–MD–02752–LHK) 2017 US Dist Lexis 140212. See §9.27.
The Children’s Online Privacy Protection Act of 1998 (COPPA) (15 USC §§6501–6506) requires that website operators obtain parental consent before collecting “personal information” (see §9.31) from any child. COPPA applies to the growing list of connected devices that make up the Internet of Things, such as connected toys and other products intended for children that collect personal information, e.g., voice recordings or geolocation data. See https://www.ftc.gov/tips-advice/business-center/guidance/childrens-online-privacy-protection-rule-six-step-compliance#step1. See §§9.29, 9.30.
In its first action involving the Internet of Things and Internet-connected toys, the FTC targeted VTech’s electronic learning products when parents registered accounts online both for themselves and their children. Children used the accounts to communicate with contacts established by their parents by text, audio files of the child’s voice, and photographs of the child’s image. At the time of the enforcement action, about 2.25 million parents had registered and created accounts for nearly 3 million children. Among other things, the FTC found that the company did not take reasonable steps to protect the information it collected, did not implement adequate safeguards and security measures, and failed to have intrusion prevention or detection systems to alert the company of an unauthorized intrusion of its network In settlement, VTech agreed to pay $650,000 in civil penalties and implement a data security program subject to audit for the next 20 years. See https://www.ftc.gov/news-events/press-releases/2018/01/electronic-toy-maker-vtech-settles-ftc-allegations-it-violated. See §9.33.
E-Commerce and Taxation
In December 2017, the Securities and Exchange Commission (SEC) issued a public statement concerning the risks associated with cryptocurrency trading and so-called initial coin offerings, available at https://www.sec.gov/news/public-statement/statement-clayton-2017-12-11. See also the SEC’s investor alert, available at https://www.sec.gov/oiea/investor-alerts-and-bulletins/ib_coinofferings, and §10.5C. The Commodity Futures Trading Commission has taken similar action, and a federal district court has ruled that virtual currencies are commodities subject to federal regulation under the Commodity Exchange Act (7 USC §§1–27f). See Commodity Futures Trading Comm’n v McDonnell (ED NY 2018) 287 F Supp 3d 213. See §10.5A.
A discussion of blockchain technology has been added in §10.5B. A discussion of initial coin offerings has been added in §10.5C.
In 2017, the Federal Trade Commission (FTC) settled claims against AdoreMe, an online seller of subscription-based lingerie products, for violating the Federal Trade Commission Act (15 USC §§41–58) by misrepresenting its store credit policy, and the Restore Online Shoppers’ Confidence Act (ROSCA) (15 USC §§8401–8405), by failing to provide consumers with a simple mechanism to stop recurring charges. AdoreMe’s “VIP” membership program was a “negative option” program. Membership cost $39.95 per month unless, in the first 5 days of each month, the member bought something or clicked an online button to “skip” that month. The company’s website stated, “If you do not make a purchase or skip the month by the 5th, you’ll be charged a $39.95 store credit that can be used anytime to buy anything on Adore Me.” However, in practice, AdoreMe forfeited unused credit amounts if a member cancelled the membership or initiated chargebacks with financial institutions to dispute their transactions with the company. The FTC also found that AdoreMe made it hard to cancel memberships, e.g., by limiting how consumers could submit cancellation requests, understaffing its customer service department, and putting consumers through drawn-out cancellation request processes. The FTC’s order required AdoreMe to notify and provide refunds of forfeited store credit to eligible customers, and imposed a $1,378,654 fine to be used to pay refunds to consumers under the order. See https://www.ftc.gov/news-events/press-releases/2017/11/online-lingerie-marketer-prohibited-deceiving-shoppers-about. See §10.16A.
A new discussion of Bus & P C §17602, regulating subscription offers and other automatic renewal offers, has been added in §10.16B. Online businesses that wish to implement automatic renewal or subscription offers should study carefully the requirements of Bus & P C §17602, as well as the requirements of ROSCA discussed in §10.16A, to ensure that their practices conform with these laws. Many lawsuits have been filed recently concerning subscription or automatic renewal programs for failure to comply with federal and state disclosure, consent, and acknowledgment requirements. See §10.16B.
The obligations of California e-businesses to collect sales and use taxes in out-of-state sales are likely to be affected by a pending U.S. Supreme Court case. South Dakota v Wayfair, Inc. (cert granted 2018) ___ US ___, 138 S Ct 735. See §10.23.
Advertising on the Internet
The “unfair or deceptive acts or practices” standard has been applied to find liability for using false “click bait” deceptive practices to drive potential customers to product advertising sites. See FTC v LeadClick Media, LLC (2d Cir 2016) 838 F3d 158. In that case, LeadClick, an affiliate marketing network operator for LeanSpa, lured consumers to LeanSpa’s online store through fake news websites designed to trick consumers into believing that genuine news outlets and real customers, rather than paid advertisers and actors, had reviewed and endorsed LeanSpa’s products. The court found that LeadClick “had the authority to control the deceptive content of these fake news sites, but allowed the deceptive content to be used in LeanSpa advertisements on its network.” 838 F3d at 171. The court thus ruled that LeadClick was liable under 15 USC §45. See §17.4.
In 2017, in the FTC’s first enforcement action against individual social media influencers, two video bloggers owned an online business allowing users to gamble using collectible virtual items as currency. The owners posted YouTube videos of themselves gambling on their website and encouraging others to use the service, but did not disclose their connection to the business. They also had an influencer program that paid others between $2500 and $55,000 to promote the gambling service through social media. The FTC’s order prohibited the owners and the business from misrepresenting that any endorser was an independent user or ordinary consumer of a product or service and required clear and conspicuous disclosures of any material connections with endorsers. See https://www.ftc.gov/news-events/press-releases/2017/09/csgo-lotto-owners-settle-ftcs-first-ever-complaint-against. See §17.7A.
Ransomware is a type of malicious software that infects and locks down access to a computer to deny the owner’s use until a ransom is paid. Ransomware typically infects the host computer through phishing e-mails and exploits unpatched security vulnerabilities in software. See https://www.us-cert.gov/sites/default/files/publications/Ransomware_Executive_One-Pager_and_Technical_Document-FINAL.pdf. In 2017, Microsoft estimated that the “Wanna Cry” ransomware variant was found in over 150 countries and infected over 300,000 computers across 100,000 businesses in multiple industries including retail, manufacturing, transportation, healthcare, and finance. See https://enterprise.microsoft.com/en-us/articles/industries/health/wannacry-ransomware-attack-lessons-learned. See §18.1.
Perhaps the most egregious cyberattack to date was the one against Equifax, one of the three major national consumer credit reporting agencies. On September 7, 2017, the company announced that the Social Security numbers, birth dates, and other personal data of up to 143 million persons in the United States had been accessed without authorization over a period from March through July 2017. In addition, credit card numbers for 209,000 consumers and dispute documents related to 182,000 consumers were accessed. Consumers in Great Britain and Canada were also affected. The company discovered the breach on July 29, 2017, but waited several weeks to disclose it. See http://www.latimes.com/business/technology/la-fi-tn-equifax-data-breach-20170907-story.html. See §18.1.
In In re Facebook Internet Tracking Litig. (ND Cal 2017) 263 F Supp 3d 836, the court dismissed class action litigation accusing Facebook of tracking its users’ Internet activity. Plaintiffs alleged that Facebook’s cookies allowed it to identify users and correlate their identities with their browsing activity even when they were logged out of Facebook. The court held that Title II of the Electronic Communications Privacy Act of 1986 (ECPA) (18 USC §§2701–2712), known as the Stored Communications Act (SCA), did not apply to Facebook’s cookies because they are information in local storage on a user’s computer, rather than information that is temporarily stored “incident to [the] transmission” of a communication.” 263 F Supp 3d at 845. In addition, the court held that personal computers are not “facilities” under the SCA through which an electronic communications service is provided. 263 F Supp 3d at 845. See §18.11.
The National Institute of Standards and Technology (NIST) has provided guidance on security and privacy controls for devices connected to the Internet (the so-called Internet of Things) in both the public and private sectors. It has listed technical and procedural safeguards designed to protect individuals, organizations, and systems when creating or operating “smart” devices. See https://csrc.nist.gov/csrc/media/publications/sp/800-53/rev-5/draft/documents/sp800-53r5-draft.pdf. See §18.14A.
Tort and Criminal Liability
In ZLTechnologies, Inc. v Does 1–7 (2017) 13 CA5th 603, 611, the court held that anonymous online reviews constituted a legally sufficient basis for a defamation claim, supporting discovery of the identities of posters despite First Amendment concerns, because the posts contained provably false statements of fact. See §§20.2, 20.3, 20.24.
In Gonzalez v Google, Inc. (ND Cal 2017) 282 F Supp 3d 1150, 1168, the court held that Google was not liable as a publisher of video content facilitating recruitment and commission of terrorist acts by ISIS agents because it is protected by Communications Decency Act of 1996 (CDA) (47 USC §230). Further, provision of “neutral tools,” such as targeted advertising adjacent to videos, does not equate to content development under §230. See §20.6.
Practitioners faced with the question of how to handle negative reviews of a client’s product or service should carefully review the Consumer Review Fairness Act of 2016 (CFRA) (15 USC §45b). The CRFA protects honest consumer assessments, including online reviews, social media posts, uploaded photos, and videos. See §20.5.
In Yelp Inc. v Superior Court (2017) 17 CA5th 1, 13, the court held that website hosts such as Yelp have standing to assert the First Amendment rights of posters of anonymous online reviews, as against efforts to compel Yelp to identify posters. See §20.24.
A new discussion of cyberinsurance has been added in §20.42.
In Robles v Dominos Pizza LLC (CD Cal, Mar. 20, 2017, No. CV 16–06599 SJO (SPx)) 2017 US Dist Lexis 53133, *16, the court dismissed a website accessibility lawsuit because the U.S. Department of Justice had failed to issue clear guidelines for website accessibility under the Americans with Disabilities Act of 1990 (ADA) (42 USC §§12101–12213); thus, Domino’s due process rights were violated. See §20.25A.
In 2017, the U.S. Department of Justice halted all rulemaking activity concerning website accessibility. The lack of clear rules is likely to lead to more litigation and inconsistent results among jurisdictions. See https://www.reginfo.gov/public/do/eAgendaInactive and Vu, Seyfarth & Shaw, DOJ Places Website Rulemaking on the “Inactive” List (July 21, 2017), available online at https://www.adatitleiii.com/2017/07/doj-places-website-rulemaking-on-the-inactive-list/, referencing inactive list at https://www.reginfo.gov/public/jsp/eAgenda/InactiveRINs_2017_Agenda_Update.pdf. See §20.25A.
The U.S. District Court for the Northern District of California, in U.S. v Votman (ND Cal, Dec. 16, 2016, No. 16–cr–00210–TEH–1) 2016 US Dist Lexis 175235, decided that a governmental request for an “NIT” warrant (Network Investigative Technique), giving the FBI and other agencies the ability to “hack” into websites and other suspect media, was not overbroad, even though it impacted all user accounts of the suspected website, Playpen, which allowed for the exchange of child pornography. See §20A.5.
If a producer of an electronic data production does not object or propose an alternative to the production format specified by the requesting party, California courts have held that the “speak now or forever hold your peace” theory applies and bars the producing party from producing requested materials in a noncompliant format. This is true even if it appears in the eyes of the noncomplying producing party that its preferred format would be more appropriate and lend to better ease of review. See Morgan Hill Concerned Parents Ass’n v California Dep’t of Educ. (ED Cal, Feb. 2, 2017, No. 2:11–cv–3471 KJM AC) 2017 US Dist Lexis 14983, *31 (motion to compel granted; government defendant to produce e-mails in native format with all metadata attached, as requested, subject to valid privilege arguments). See §20A.14.
In Google LLC v Equustek Solutions Inc. (ND Cal, Nov. 2, 2017, No. 5:17–cv–04207–EJD) 2017 US Dist Lexis 182194, the court issued a preliminary injunction (later made permanent; see 2017 US Dist Lexis 206818) against a Canadian Supreme Court ruling that ordered Google to de-index certain search results, not only in Canada but on a global basis. The case began with a complaint from a British Columbia company, Equustek Solutions, that a group of its distributors (Datalink) was selling counterfeit Equustek products online. Datalink continued to sell the goods globally, even after the Canadian court ordered it to stop, which prompted Equustek to ask Google to de-index certain Datalink webpages. Google initially de-indexed several hundred webpages associated with Datalink on google.ca. Equustek then sought and obtained an injunction, which was upheld by the Canadian Supreme Court, to prevent Google from displaying any of the Datalink websites on any of its search results worldwide. In the face of this global injunction, Google asked the U.S. District Court for the Northern District of California to intervene, arguing (among other things) that the order “violates principles of international comity, particularly since the Canadian plaintiffs never established any violation of their rights under U.S. law.” In granting the injunction, the U.S. district court found that the Canadian ruling “undermines the policy goals of Section 230 [of the Communications Decency Act] and threatens free speech on the global internet.” See §21.5.
In its first annual review of the EU-US Privacy Shield, the European Commission concluded that the U.S. provides an adequate level of protection for personal data transferred under the Privacy Shield. See Report from the Commission to the European Parliament and the Council on the First Annual Review of the Functioning of the EU-U.S. Privacy Shield, dated October 18, 2017. See http://ec.europa.eu/newsroom/just/item-detail.cfm?item_id=605619. See §21.11B.