Monday, October 12, 2009

ISPs Ordered to Pay $32 Million to Louis Vuitton for Contributory Trademark and Copyright Infringement

A federal jury in California has found two Internet service providers, Akanoc Solutions, Inc., and Managed Solutions Group, Inc. ("MSGI"), and their owner, Steven Chen, guilty of contributing to trademark and copyright infringement for hosting websites selling counterfeit Louis Vuitton goods, and has awarded Louis Vuitton $32 million in damages. As we previously reported, Louis Vuitton sued Akanoc, MSGI and Chen for "knowingly allow[ing] and encourag[ing] certain websites to use" their Internet hosting services to infringe Louis Vuitton's "valid trademarks and copyrights." Louis Vuitton successfully demonstrated that both ISPs knew of the infringing websites but failed to take "simple measures" to shut them down.

© Copyright 2009 Steptoe & Johnson LLP

Monday, September 28, 2009

Keyword advertising vs. trade mark infringement

Advocate General (AG) Poiares Madura has provided a detailed opinion concerning Google's keyword advertising system, following references to the ECJ from France in three sets of proceedings brought by trade mark owners against Google. The AG considered (among other things) that Google, by displaying advertisements in response to keywords corresponding to trade marks, established a link between those keywords and the sites advertised, which sold goods or services. However, such a link did not constitute trade mark infringement as the mere display of relevant sites in response to key words was not enough to lead to confusion. The AG's opinion provides some much-needed clarification of trade mark law in relation to keyword advertising, although it remains to be seen whether it will be followed by the ECJ when it gives its decision. Brand owners will doubtless be disappointed with the opinion, but the references only concerned the use of keywords which corresponded to trade marks, not the use of the trade marks in advertisements, or in the products sold via the sites advertised. The AG also considered that the liability exemption for hosts in Article 14 of the E-Commerce Directive (2000/31/EC) should not apply to the content featured in Google's AdWords. Case: Google France and Google Inc. v Louis Vuitton Malletier, Google France v Viaticum Luteciel, and Google France v CNRRH and others, Joined Cases C???236/08, C???237/08 and C???238/08, 22 September 2009.

©Legal & Commercial Publishing Limited

Friday, September 11, 2009

Facebook Capitulates in Privacy Law Face-Off

Facebook, Inc. has reached agreement with the Office of the Privacy Commissioner of Canada regarding privacy controls on the social networking website. As we previously reported, the Office found that several of Facebook's practices violated Canada's Personal Information Protection and Electronic Documents Act. The Office gave Facebook 30 days to address the concerns or face court action. Facebook has now consented to several significant changes, including a more forthcoming description of its Privacy Policy; more granular privacy settings; a permissions-based model for third-party applications (e.g., games and quizzes) that allows users to select the information they share with third parties; and the clear option to either "deactivate" or entirely "delete" an account.

© Copyright 2009 Steptoe & Johnson LLP.

Friday, August 28, 2009

Information Commissior Office (UK) publishes guidance on changes to notification fee

The Information Commissioner's Office (ICO) has published a guidance note, which will come into effect on 1 October 2009, on changes to the notification fee system for data controllers under the Data Protection Act 1998. Under the two-tier notification fee system for data controllers due to be introduced under the Data Protection (Notification and Notification Fees) (Amendment) Regulations 2009 (SI 2009/1677), a data controller with an annual turnover of £25.9 million and 250 or more members of staff, and public authorities with 250 or more members of staff, will have to pay initial and annual renewal notification fees of £500, while other data controllers will continue to pay a £35 fee (see Legal update, New data protection regulations introduce two-tier notification fee structure). Among other things, the ICO's guidance explains the criteria used to determine which tier a data controller is in; provides details of certain organisations, such as charities, which will always be deemed fall into the lower tier, regardless of their size or turnover; and explains the rationale for the fee changes.

Source: ICO guidance, Notification fee changes.

IPO rejects opposition to YOU CAN'T BE A VIRGIN ALL YOUR LIFE ITS TIME mark for telecoms

A hearing officer of the Intellectual Property Office has dismissed Virgin Enterprises Limited's opposition to an application to register YOU CAN'T BE A VIRGIN ALL YOUR LIFE ITS TIME for, among other things, telecommunications in class 38. Virgin Enterprises relied on its earlier registrations of VIRGIN for identical services in class 38 to oppose the mark under section 5(2)(b) of the Trade Marks Act 1994 (TMA). The hearing officer held that there was very little similarity between the marks, and that the average consumer would not assume that there was an economic association between the parties so as to give rise to a likelihood of confusion. The hearing officer also dismissed Virgin Enterprises' opposition under section 5(3) of the TMA, which was based on its earlier mark VIRGIN MOBILE in classes 9 and 38. He held that, although the name VIRGIN MOBILE had acquired a reputation as a trade mark in relation to mobile phones and telecoms, the relevant public would not make a link between the respective marks on account of their lack of similarity. The hearing officer did not consider that the applicant's ordinary English-language use of the word "virgin" amounted to taking advantage of the VIRGIN mark. Case: Application no. 2466095 to register the trade mark YOU CAN'T BE A VIRGIN ALL YOUR LIFE ITS TIME and opposition no. 96472, BL 0-216-09, 23 July 2009.

©Legal & Commercial Publishing Limited; Practical Law Company Limited 2009

High Court upholds claim for misuse of confidential information, breach of database right and passing off against ex-employee

The High Court has held that an ex-employee who copied and retained various documents and information belonging to his ex-employer, including thousands of contact details and sales figures, had acted in breach of confidence. Peter Smith J said that the claimant's database was an important tool as it provided an immediate base which the ex-employee could use to start up his rival business of organising conferences. He held that the ex-employee's activities amounted to a classic springboard operation. The judge also held that the ex-employee's acts in extracting a large amount of information from the claimant's database was a breach of article 16(1) of the Copyright and Rights in Database Regulations 1997, as it was clear that the database had been created with substantial investment in obtaining, verifying and presenting its contents. The judge also upheld a claim in passing off as the ex-employee had suggested that the conference his company was organising was a follow-up to the conference the claimants had held the previous year. Case: First Conferences Services Limited & another v Richard Bracchi & another [2009] EWHC 2176 (Ch), 26 August 2009.

Thursday, August 20, 2009

Argentine Court Holds Yahoo!, Google Liable for Defamatory Third-Party Content

They say a picture is worth a thousand words, but an Argentine court recently ruled that a picture can also be worth thousands of dollars in damages. Virginia Da Cunha sued Yahoo! and Google for damages after photos of her that were posted on sex-trade websites, without her consent, appeared in the results of Internet searches for her name. A civil court in Buenos Aires ruled for Da Cunha and awarded her $26,248 in damages, finding that the search engines actively amplified the harm of the defamatory third-party postings by making the sex-trade websites more accessible than they would otherwise be. The court also held that neither company was doing enough to guard against such harm to individuals.

© Copyright 2009 Steptoe & Johnson LLP

Friday, August 14, 2009

District Court “Backs Up” from Ninth Circuit’s Ruling on Access to Stored Email

A district court in Illinois recently determined that opened, web-based emails held by an Internet Service Provider are not in “electronic storage” within the meaning of the Stored Communications Act (SCA). Accordingly, the government could obtain such emails with a mere subpoena rather than a search warrant. The district court came to this conclusion despite the Ninth Circuit’s contrary ruling in Theofel v. Farey-Jones which, as we previously reported, reached a broader interpretation of “electronic storage” and thus affords greater privacy protection for emails.

© Copyright 2009 Steptoe & Johnson LLP

Payment Card Industry Issues Data Security Guidance for Wireless Networks

The Payment Card Industry Security Standards Council released a new set of recommendations on how organizations subject to the PCI Data Security Standard (DSS) should address the data security concerns raised by wireless networks. The DSS requires all participating “merchants, banks, [and] POS [point of sale] vendors” -- as well as their service providers and other contractors -- to implement six sets of security requirements: build and maintain a secure network, protect card holder data, maintain a vulnerability management program, implement strong access control measures, regularly monitor and test networks, and maintain an information security policy. As we have previously reported, the latest version of the DSS added a requirement that covered entities ensure that "wireless networks transmitting cardholder data or connected to the cardholder data environment [CDE] ... use industry best practices (for example, IEEE 802.11i) to implement strong encryption for authentication and transmission." The guidance issued last month by the Standards Council offers suggestions on how to comply this requirement.

Is There Such a Thing as an Honest Hacker?

According to the Second Circuit, there just might be. In reviewing a district court’s denial of a preliminary injunction against an alleged computer hacker accused of insider trading, the court drew a distinction between two types of hackers: one who misrepresents her identity to gain access to a computer, and another who takes advantage of a security glitch to achieve the same end. The court suggested that the latter conduct might not be “deceptive” within the meaning of section 10(b) of the Securities and Exchange Act of 1934.

Friday, July 31, 2009

British Court Finds Google Not Liable for Defamatory Search Results

A court in the United Kingdom ruled that Google is not liable for defamatory material that appears in its search results because it is not a "publisher" of such material. The court equated Google to a library catalogue, which would not be held liable for the content of the books it lists. The UK has traditionally been friendly to libel claimants, so this decision -- though consistent with rulings in the US and EU -- is an important precedent for search engines.

© Copyright 2009 Steptoe & Johnson LLP

Canada Joins Europe In Scrutinizing Social Networking Sites' Privacy Practices

The Office of the Privacy Commissioner of Canada has found that some of Facebook's most popular features -- including third-party applications and the tagging of photos with names and email addresses -- violate the data protection principles of Canada's Personal Information Protection and Electronic Documents Act (PIPEDA). Those principles require organizations that use the personal information of Canadians to, inter alia, implement procedures to protect such information; identify the purposes for which it is collected; collect and retain it only where necessary for these purposes; and obtain the data subject's consent prior to its "collection, use, or disclosure." In its report, the Privacy Office found that Facebook failed to abide by these principles, citing several unresolved violations of PIPEDA. The Office stated that it would reassess Facebook's compliance with PIPEDA and the report's recommendations in 30 days. Along with a recent EU Article 29 Data Protection Working Party opinion (on which we previously reported) advising all social networking sites that handle the personal data of EU residents that they must comply with the EU Data Protection Directive, this report indicates that the increasing scrutiny of social networking sites' data protection policies around the world could force significant changes in the way such sites operate.

© Copyright 2009 Steptoe & Johnson LLP

Friday, July 24, 2009

Court fines owner of construction-worker database

The Information Commissioner's Office (ICO) has issued a press release indicating that Ian Kerr, owner of a firm trading as the Consulting Association, has been fined £5,000 by Knutsford Crown Court for breaching the Data Protection Act 1998 (DPA), and has been ordered to pay costs of £1,187. Mr Kerr had pleaded guilty to failing to notify as a data controller at Macclesfield Magistrates Court, which transferred the case for sentencing to the Crown Court (see Legal update, Owner of construction-worker database pleads guilty to data protection offences). An ICO investigation revealed that Mr Kerr had been operating a database for over 15 years containing details on 3,213 construction workers, including information about their trade union activity and employment history, which was used by over 40 construction companies to vet individuals for employment. The ICO also indicated in its press release that it intends to serve enforcement notices on 17 construction companies who were involved in using the database maintained by Mr Kerr. It said preliminary enforcement notices had been sent out, with formal enforcement action to follow shortly, subject to any representations made by the companies. Source: ICO press release, 16 July 2009.

©Legal & Commercial Publishing Limited

Friday, July 17, 2009

MySpace Wins CDA Immunity in Assault Cases

A California Court of Appeal recently upheld a lower court's ruling that the Communications Decency Act (CDA) immunized MySpace against claims stemming from "its decision not to implement reasonable, basic safety precautions with regard to protecting young children from sexual predators." In four consolidated cases, several girls aged 13 to 15 who were sexually assaulted by men they met through MySpace (the Julie Does) and their parents or guardians sued MySpace for negligence, gross negligence, and strict product liability. The appellate court held that these claims were barred by section 230(c)(1) of the CDA, which states that "[n]o provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider" and has generally been interpreted as immunizing websites against claims stemming from information posted by third parties. Finding that it was "undeniable that appellants s[ought] to hold MySpace responsible for the communications between the Julie Does and their assailants," the appellate court concluded that "section 230 immunity shields MySpace" from liability. Along with the Lori Drew ruling discussed above, the court’s dismissal of these claims against MySpace suggests that both users and providers of social networking websites may be able to skirt liability for some of the sites' more unsavory uses – at least for now. But if courts continue to throw out cases where social networking websites have been involved in incidents of stalking, bullying, or assault, the public backlash could lead Congress to narrow the scope of CDA immunity.

© Copyright 2009 Steptoe & Johnson LLP

UK: High Court considers role of search engine operator as publisher

The High Court has held that Google Inc. could not be regarded as the publisher of words alleged to be defamatory which appeared in search results. The search engine operator had been joined in proceedings for defamation because internet searches on certain terms, including one of the claimant's trading names (Train2Game), brought up a thread "Train2Game new SCAM for Scheidegger" from a bulletin board which the claimant said was defamatory of it. Eady J found that, given that the search results were generated automatically, and that Google Inc. had blocked access to specific URLs identified by the claimant, but had no control over formulating search terms, so that it could not otherwise remove offending material, it was unrealistic to attribute responsibility for publication to Google Inc., whether on the basis of authorship or acquiescence. Eady J also considered various arguments regarding the application of section 1 of the Defamation Act 1996 to the facts, and the potential relevance of the Electronic Commerce (EC Directive) Regulations 2002 (SI 2002/2013) to providers of search engine services. Case: Metropolitan International Schools Limited v (1) Designtechnica Corporation, (2) Google UK Limited, (3) Google Inc. [2009] EWHC 1765 (QB), 16 July 2009.

(source: practical law)

WIPO proposes paperless UDRP proceedings

ICANN has launched a 30-day consultation on a proposal from WIPO to allow for paperless UDRP proceedings by amending the UDRP implementation rules. In its proposal, WIPO explains that abolishing the requirement for hard-copy pleadings, in its view, will result in significant time and costs savings. However, it is proposing that notification of the proceedings is still sent by post to a respondent in case its e-mail address is incorrect or inactive. WIPO does not propose any changes to the UDRP itself. The consultation closes on 12 August 2009. Source: ICANN announcement, 13 July 2009

(source: practicallaw)

Wednesday, January 21, 2009

IP crime data for 2007 published

The Intellectual Property Office (IPO) has published an interim report covering intellectual property (IP) crime data for 2007. The last IP crime report, which was published in December 2007, included IP crime data from 2006 (see Legal update, Government publishes 2007 intellectual property crime report). The IPO is to change the reporting period for the annual crime report from a calendar year basis to April to March, to follow the financial year, and this interim report will be included as an annex to the 2008/09 report. The interim report contains data from a number of sources, including a UK survey on film and television piracy, a study on the amount of unlicensed software in the EU, UK court statistics on IP cases, and data from a European Commission report on customs activities in relation to counterfeiting and piracy. Source: IPO press release, 9 January 2009.

EDPS issues second opinion on amendment of E-Privacy Directive

The European Data Protection Supervisor (EDPS) has published a second opinion on the proposed amendments to the E-Privacy Directive (2002/58/EC). The opinion analyses and compares the positions put forward by the European Council, the European Parliament and the European Commission, and includes a number of recommendations. Among other things, the EDPS continues to support the adoption of a security breach notification scheme under which national regulators and individuals will be notified when individuals' personal data has been compromised. He also reiterates many of the suggestions made in his first opinion relating to the scope of the Directive and the right of legal persons (including consumer associations) to bring legal action against service providers for infringement of the Directive. Compared to his original opinion, the EDPS has taken great care to spell out in more detail the specific reasons for his original recommendations, taking on board many of the points that have been made by the three European legislators since the first opinion was published. Read more.

PLC IPIT&Communications weekly