Though apparently not when it comes to suing for copyright infringement. Earlier this week, the Ninth Circuit issued a ruling in a case involving photographs taken by a monkey on a camera left unattended by a nature photographer in Indonesia—aptly deemed the “Monkey Selfies.” The copyright infringement case was filed by People for the Ethical Treatment of Animals, Inc. (PETA) as “Next Friends” of the monkey named Naruto against the photographer and entity that published the Monkey Selfies in a book that identified themselves as the copyright owners (although also noting that Naruto took the photographs). After a lengthy dispute, the Ninth Circuit affirmed the district court’s ruling and held that animals like Naruto cannot sue for copyright infringement because, as nonhumans, they lack the required standing under the Copyright Act, which does not expressly authorize animals to sue.
There are over 330 million domain names supporting over 1.8 billion websites having a unique hostname on the internet right now. But who owns each of these? There are many reasons one may want to identify the owner or operator of a particular domain or website. In addition to law enforcement and cyber security, owners of IP need to be able to enforce their rights against illegal use of their IP or bad faith domain name registration and use. For example, if your trademark is being infringed by its use on a particular website, you would want to be able to identify the owner, send a cease and desist, and/or sue. Somewhat similar to registering a home or motor vehicle, domains or websites are typically registered and information useful to identifying the individual responsible for the domain or website has, historically, been publically available.
WHOIS is a system established in the 1980s, as the modern internet was emerging. It is used to look up domain registrations in databases that store the registered users or assignees of, e.g., a domain name or IP address. Currently, the name, mailing address, phone number, and administrative and technical contacts of those owning or administering a domain name must be made publicly available through WHOIS, pursuant to the Internet Corporation for Assigned Names and Numbers, or ICANN. WHOIS is not an independent database, but rather relies on third-party accredited entities to manage data and registration. According to ICANN, it is “committed to implementing measures to maintain timely, unrestricted and public access to accurate and complete WHOIS information, subject to applicable laws.” Id.
Enter the General Data Protection Regulation, or GDPR, which is a European Union data protection regulation that will apply to any company that transacts with EU citizens, regardless of the location of the business. The GDPR requires any business that collects any personal data to request explicit permission from the subject before using that data. Personal data is defined as any information that can be used to directly or indirectly identify that person, e.g., a name, photo, email, computer IP address, etc. Under the GDPR, enterprises must limit access to personal data to only authorized individuals that specifically require access to that data. The penalties for violations are significant – up to 20 million Euros or more – and there are no exceptions for enterprise size or scope. Id. The GDPR goes into effect May 25, 2018.
ICANN has been struggling to identify a proposal that bridges the gap between the requirements of the GDPR and the access to WHOIS information. The proposals, thus far, do not do enough to assuage the fears of the third party entities that manage WHOIS data that their actions of publishing information to WHOIS are sufficient and justifiable. On the other hand, brand owners and other WHOIS users are concerned that the proposal takes an unjustifiably conservative approach. Thus, ICANN expects a WHOIS blackout period starting May 25, 2018. Going forward, there may be significantly less publicly available information to conduct enforcement investigations, send cease and desist letters, or prepare and file suit.
Online brand enforcement is about to become much more difficult if not, in some cases, nearly impossible.
The Copyright Act grants the owner of a copyright certain rights, including the right to reproduce, to distribute, and to perform and display the copyrighted work. 17 U.S.C. § 106. However, these rights are limited by other sections of the statute. One such limitation to the distribution right is known as the “first sale doctrine,” which states, “the owner of a particular copy or phonorecord lawfully made  is entitled, without the authority of the copyright owner, to sell or otherwise dispose of the possession of that copy or phonorecord. Id. at § 109(a). For example, if you purchase a DVD at the store, you own a particular copy of a copyrighted work. You can resale the DVD, give it away, or destroy it without infringing the copyright owner’s right of distribution. The same is true for any number of copyrighted works fixed in a variety of mediums, e.g., a CD, cassette, vinyl record, book, photograph, art print, etc. But what about digital content? That is, can you resell a song or movie you lawfully purchase and download?
The United States Copyright Office (“USCO”) has acknowledged digital content differs from traditional physical copies of works. In 2001, the USCO stated that with traditional physical copies, the natural degradation of works (e.g., scratches, fading, etc.) and “the need to transport physical copies of the works” “act as a natural brake on the effect of resales on the copyright owner’s market.” The USCO further stated that these limitations no longer exist with digital transmissions. “Digital information does not degrade…. [and] time, space, effort and cost no longer act as barriers to the movement of copies, since digital copies can be transmitted nearly instantaneously anywhere in the world with minimal effort and negligible cost.” In addition, the USCO recognized the product of a digital transmission “is a new copy in the possession of a new person” and thus the recipient “obtains a new copy, not the same one with which the sender began.” For example, when we email or text a photo, we retain our “particular” copy while the recipient receives a new copy.
In Capitol Records, LLC v. ReDigi Inc., the court, relying in part on the USCO’s report, found that it was impossible to digitally transfer the “particular” copy purchased; any digital transfer creates a new copy of the work, even if the original file is deleted during the transfer. First, the court found the new copy violates the copyright owner’s reproduction rights, to which the first sale doctrine is not a defense. Second, because the thing being sold is an unlawful reproduction and not the “particular” copy originally purchased, the first sale doctrine does not protect such a distribution. In another recent case, the court held that the first sale doctrine was inapplicable until a particular physical copy of copyrighted work was downloaded. Disney Enterprises, Inc. v. Redbox, Automated Retail, LLC (declining to extend the first sale doctrine to the reselling of a digital code that would allow a user to download a copy of the copyrighted work). That is, in order for the first sale doctrine to likely apply the copyrighted work must physically exist as a digital copy but once downloaded, it probably cannot be digitally transferred without creating an unlawful reproduction.
The court in Capital Records also held the owner of a copyrighted work may sell, gift, or otherwise dispose of the hard drive, iPod, or other memory device onto which the digital file was originally downloaded. This solution may alleviate the numerous concerns expressed by the USCO in 2001. However, by forcing the user to dispose of their digital content in this manner it forces the user to dispose of at least part of their electronic device, which in all likelihood includes digital copies of multiple copyrighted works. In other words, in order to be protected by the first sale doctrine the owner of the copyrighted work must dispose of significantly more than he or she initially bargained for.
As digital downloads increase in popularity, the importance of this issue will continue to grow. The Second Circuit, where the Capital Records case is currently on appeal, is poised to give us further guidance by creating the first circuit level case law on digital first sale. However, when the Digital Millennium Copyright act was introduced nearly 20 years ago, it was acknowledged that this was “only the beginning of Congress’ evaluation of the impact of the digital age on copyrighted works.” Ultimately, it may again be time for Congress to evaluate this impact.
Today is International Women’s Day. As a way to celebrate, McDonald’s has flipped their iconic golden arches upside-down. The arches, one of the most recognizable logos, have been physically flipped in one California location but can be seen on McDonald’s social media channels. Putting aside the effort to flip the California sign, by simply rotating its logo on social media McDonald’s was able, whether intended or not, to accomplish several marketing and advertising objectives. First, the move helped bring further awareness to an inspiring campaign; a great way to enhance brand identity and perception. Second, it created plenty of buzz and free publicity with news outlets in the U.S. and around the world picking up the story. Third, while the change was significant enough for people to take notice, it was not significant enough to cause any brand confusion. That is, consumers could still quickly identify the source.
This move serves as a great reminder that companies can use their brand identity, including their logos and other trademarks, in creative new ways to accomplish a variety of goals. Today, McDonald’s has helped to make sure that International Women’s Day and its objectives are a part of our global conversation. I’m loving it and I’m sure McDonald’s is too.
Earlier this week, the Federal Trade Commission (“FTC”) announced a settlement with PayPal, Inc. over allegations that Venmo, a PayPal-owned mobile payment and social networking application, misled customers on issues relating to account transfers and privacy settings and enabled fraud through inadequate security practices.
Founded in 2009, Venmo lets users easily transfer money to one another and share information regarding such payments through a social network feed. From a user perspective, Venmo operates a lot like any other major social media network, letting users “pay” each other in the same way you “tag” a friend in an Instagram post. Thanks to its familiar social media-style interface and the ease with which it lets users split everyday expenses like bar tabs and rent payments, Venmo quickly became a favorite among millennials and college students.
According to the FTC, however, Venmo’s perceived simplicity was deceptive. In a complaint originally filed against Venmo-parent PayPal in 2016, the FTC alleged that Venmo’s notification policy misled consumers and constituted a “deceptive or unfair practice” under Section 5(a) of the Federal Trade Commission Act. Under the policy, Venmo notified users that funds were credited to their account before Venmo had reviewed and verified the underlying transaction. According to the complaint, this practice resulting in unexpected delays and reversals. It also created an ideal environment for fraud. By falsely conveying to sellers that transactions had cleared, scammers were able to buy goods and services with fake or fraudulent information, leaving sellers with nothing when the transactions were ultimately reversed.
The FTC further charged that Venmo misled consumers about the privacy of information about their transactions. Under the application’s default settings, whenever a user pays or is paid through the application, a description of the transaction and its participants is shared with all of the user’s “friends” in a social networking feed. While Venmo offers privacy settings that let users limit who can view their transactions, it failed to accurately explain to users how those privacy settings actually work.
Additional charges alleged that Venmo misrepresented the extent to which consumers’ accounts were protected by “bank grade security systems” and violated the Gramm-Leach-Bliley Act’s Safeguards and Privacy Rules.
“This case sends a strong message that financial institutions like Venmo need to focus on privacy and security from day one,” acting FTC chairman Maureen Ohlhausen said in a statement. “Consumers suffered real harm when Venmo did not live up to the promises it made to users about the availability of their money.”
For businesses dealing directly with consumers, this case underscores the importance of taking your duty to educate consumers about your product seriously, especially when it comes to how customer information will be used. Such businesses should regularly review disclosures and other consumer-facing messages to ensure they are not only accurate but also consistent with reasonable consumer expectations. And whenever costumers are given options as to how their information will be used, make sure those options are clearly conveyed and, perhaps most importantly, honor their choices.
If anyone was still unsure, Kylie Jenner recently proved that a tweet or post from a social media influencer can have a profound impact. Accordingly, companies are increasingly collaborating with social media influencers to promote their brand. This partnership has become quite lucrative for both parties. For example, a recent Forbes article found that influencers could charge $3,000 to $5,000 per post, while some more sought-after influencers were commanding upwards of $25,000. Influencers could also charge anywhere from $20,000 to $300,000 for a campaign or partnership, depending on the number of followers and the social media platform used. Likewise, a 2015 survey by Tomoson found that, on average, “[b]usinesses are making $6.50 for every $1 spent on influencer marketing.” Influencer campaigns have even resulted in products immediately selling-out.
But what happens when an influencer’s post infringers on the intellectual property rights of another?
The relationship between influencers and a business can vary widely. In some instances, businesses oversee and orchestrate the social media posting, almost akin to directing a commercial. In other scenarios, businesses request final approval before the posting is made public. In still other scenarios, the influencer is not given concrete direction or required to get approval for the posting, i.e., the influencer is free to promote the brand as they wish. Business and influencers should be aware of different liability concerns in each scenario.
One of the first cases in this arena was a suit brought by Ultra Records against influencer Michelle Phan for allegedly using background music in her postings without prior permission. While the case eventually settled, it raised the real concern of copyright infringement concerns in influencer advertising and marketing campaigns. As this emerging avenue of advertising and marketing grows in scope and profitability so will the lawsuits. When contracting in any scenario, parties should make sure to address liability concerns for any potential IP infringement. Businesses and influencers should think twice before making their next post and make sure the works and rights of others are not being used without permission. Perhaps more importantly, the parties should take proactive steps to address who will be liable in the event infringement does occur.
Social media bots may seem like a futuristic phenomenon or something belonging only in the TV series “Homeland,” but they’re already here affecting businesses and individuals online.
Last month, the New York Times reported on its investigation into the selling of fake Twitter followers and retweets by an American company named Devumi, which it estimates has at least 3.5 million automated Twitter accounts and at least 55,000 of which that impersonate real people. These individuals probably have no idea that Devumi purportedly uses their names, profile pictures, etc. to create automated accounts to sell to celebrities, politicians, businesses, and others looking to boost their following online.
According to a related New York Times article, there have been a number of both federal and state inquiries into fake social media account practices such as these, including an investigation that the New York Attorney General’s office opened last month into Devumi’s practice of using stolen identities to sell fake accounts, which it believes would constitute illegal impersonation and deception. Social media companies, on the other hand, appear to be grappling with how to best enforce their policies and handle fake user accounts, which can have a significant influence on businesses, politics, and consumer behavior. And influencers themselves, who may believe they are buying legitimate followers, are likely left with questions of their own.
Today’s presence of social media bots requires companies to be even more cognizant of certain practices online. Although social media can be a powerful tool in any company’s advertising or marketing plan, companies need to be careful for example when considering whether and how to purchase social media followers. And, as always, companies should avoid any online practices that appear illegal or fraudulent.
It was that time of year again—when everyone looks forward to watching commercials and debating which companies hit and which companies missed. Yes, Super Bowl LII happened yesterday and there was no shortage of funny, sad, strange, and intriguing ads during the commercial breaks. What those of us in Minnesota also learned was that advertising surrounding the Super Bowl is not limited to those made-for-tv commercials. Indeed, the Minnesota Super Bowl Host Committee planned a 10-day extravaganza in downtown Minneapolis that featured not only NFL and Super Bowl-related advertising, but a number of company-sponsored ads, tents/booths, and activities. The Host Committee also created the “Bold North” tagline, which was featured all over downtown and on various types of merchandise. According to a recent article in the Twin Cities Pioneer Press, a small group of Host Committee members came up with the tag line three years ago and it stuck. To see how the Host Committee utilized this tag line as a brand, take a look at the Minnesota Super Bowl website.
This post follows up on my prior blog post regarding the case pending at the United States Supreme Court involving the question of when a copyright holder can properly file a copyright infringement lawsuit. The petitioner, Fourth Estate Public Benefit Corp., has framed the issue in its petition for certiorari as follows: “Whether ‘registration of [a] copyright claim has been made’ within the meaning of § 411(a) when the copyright holder delivers the required application, deposit, and fee to the Copyright Office, as the Fifth and Ninth Circuits have held, or only once the Copyright Office acts on that application, as the Tenth Circuit and, in the decision below, the Eleventh Circuit have held.”
Following the parties’ respective briefing as to whether the Supreme Court should grant certiorari and thus review the case, the Supreme Court has now invited the United States Solicitor General to submit a brief as well. In other words, the Supreme Court is interested in the Solicitor General’s view on the issue. A recent American Bar Association article explains that the Supreme Court has increasingly requested the views of the Solicitor General in order to assess how the United States’ interests are being affected by a lower court’s decision and to determine whether the case is important enough or a circuit split is developed enough to warrant the Supreme Court’s review. This may mean that the Supreme Court is considering granting certiorari in this case, but it will likely be some time before we learn of that.
Only a few days ago, my colleague Elizabeth Patton posted about the Federal Trade Commission’s release of its annual Data Book outlining the most recent statistical data about uses of the National Do Not Call Registry, a national database maintained by the FTC listing the telephone numbers of individuals and families who have requested that telemarketers not contact them.
Today, the FTC followed that up by issuing its biennial report to Congress on the Registry. The FTC reports that many businesses and organizations have attempted to exploit exceptions to the Telemarketing Sales Rule (TSR), and that these organizations have occasionally faced stiff civil penalties as a result. As such, companies engaged in telemarketing tactics should take the time to understand the TSR and its exceptions and make sure their practices are in compliance.
Among other things, the TSR makes it illegal for a business or individual taking part in “telemarketing” — defined as “a plan, program, or campaign . . . to induce the purchase of goods or services or a charitable contribution” involving more than one interstate telephone call — to call any phone number listed in the Registry. There is an exception, however, for calls to consumers with whom the company has an “established business relationship.” This exception allows sellers and their telemarketers to call customers who have recently made purchases or made payments, and to return calls to prospective customers who have made inquiries, even if their telephone numbers are on the Registry.
To fall within the “established business relationship” exception, the call must be to a person with whom the seller has an existing relationship based on: (1) the consumer’s purchase, rental, or lease of the seller’s goods or services or a financial transaction between the consumer and seller, within the eighteen months immediately preceding the date of a telemarketing call; or (2) the consumer’s inquiry or application regarding a product or service offered by the seller, within the three months immediately preceding the date of a telemarketing call.
According to the FTC, businesses routinely abuse this exception by engaging in calls in which the seller identified in the telemarketing call and the seller with whom the consumer has a relationship are technically part of the same legal entity, but are perceived by consumers to be different because they use different names or market different products.
Whether calls by or on behalf of sellers who are affiliates or subsidiaries of an entity with which a consumer has an established business relationship fall within the exception depends on consumer expectations. In other words, the question is whether the consumer likely be surprised by the call and find it inconsistent with having placed their phone number on the Registry. The greater the similarity between the seller and the subsidiary or affiliate in the eyes of the consumer, the more likely it is that the call will fall within the established business relationship exception.
Another issue arises when businesses place telemarketing calls to consumers after acquiring the consumers’ telephone numbers from others — so-called “lead generators” — without screening the numbers to remove those listed on the Registry. Such calls generally do not fall within the established business relationship exception because, while consumers may have a relationship with the lead generator, they do not have an established business relationship with the seller who has purchased the leads. Thus, a single sales pitch can produce multiple illegal calls, generating one or more calls from both the lead generators and the telemarketer.
The report also clarifies that the submission of a sweepstakes entry form does not create an “established business relationship” between the consumer and the company administering the sweepstakes, and notes several enforcement actions that have been brought against companies for making illegal calls that relied upon sweepstake entry forms as a basis for making telemarketing calls.
Recent actions by the FTC indicate that businesses and other organizations that use or rely on telemarketing tactics would be well-advised to review their telemarketing practices and ensure they are in compliance with the TSR and related federal regulations.