Friday, December 02, 2011

IP Address is protected personal data

The Court of Justice of the European Union (CJEU) clarified that IP addresses are 'protected personal data', on 24 November 2011, in Scarlet v SABAM (Case C-70/10), while ruling that internet service providers (ISPs) cannot be legally compelled to monitor the online activities of their customers.

Thursday, November 24, 2011

Jurisdiction: Home Is Where The Money Is

Following a ruling last month by the European Court of Justice in eDate Advertising GmbH v. X and Olivier Martinez, Robert Martinez v. MGN Limited, plaintiffs who want to sue online publishers in Europe for damaging content are now in a better position than those going after offline media. In both the offline and online contexts, a plaintiff may sue publishers in any and all of the EU member states where the publication was distributed, but can recover only for the damage caused in the jurisdiction where suit is brought. Alternatively, plaintiffs in either context may sue in the state where the publisher is established, and can recover for all the damage caused by the publication in any jurisdiction. As a result of the ECJ’s ruling, plaintiffs in cases involving online content now have a third option: suing in the place where the plaintiff has her “centre of interests,” and recovering for all the damage caused anywhere. The plaintiff’s “centre of interests” may include not only where the plaintiff resides but also any other place to which the plaintiff has “a particularly close link,” such as where she pursues professional activity. This decision makes suing online publishers more convenient for plaintiffs, and thus may lead to more defamation suits against website operators.

© Copyright 2011 Steptoe & Johnson LLP

Privacy Law is No Excuse for Spoliation of Evidence...!!

European Union requirements to delete personal data once it is “no longer necessary” for business purposes do not excuse a company from U.S. law regarding spoliation of evidence. A decision last month by the U.S. District Court for the Northern District of California in IO Group Inc., et al. v. GLBT Ltd., et al., rejected a British website operator’s argument that its intentional destruction of emails relevant to copyright infringement litigation could not be considered spoliation of evidence because it was done per the requirements of the U.K. Data Protection Act 1998. This decision highlights the fact that U.S. courts often will not excuse noncompliance with U.S. law on grounds that complying would result in a violation of foreign law – a conundrum that is increasingly faced by companies that have data stored abroad but are subject to U.S. jurisdiction.

© Copyright 2011 Steptoe & Johnson LLP



Friday, July 22, 2011

eBay Can Be Liable for Trademark Infringements

The European Court of Justice (ECJ) has ruled that eBay can be held liable for the offer for sale by third parties of trademark-infringing goods on its site if it took steps to actively assist those third parties or if it knew or should have known of the infringing activity and did nothing. It also held that eBay could be liable for its own use of trademarks as keyword search terms to generate ads on search engines, if those ads do not allow an Internet user to easily determine whether the goods referred to in the ads are offered by the mark owner or someone else. And perhaps most importantly, the court held that national courts can issue injunctions requiring an online marketplace like eBay to alter their sites to make it easier to identify sellers in order to deter future infringements and give trademark owners an effective remedy. Though the courts of each member state will have to determine how to apply these principles in particular cases, it seems almost certain that Internet marketplaces may be exposed to significant potential liability unless they alter their approach to policing trademark infringements.

© Copyright 2011 Steptoe & Johnson LLP

Friday, April 29, 2011

Friends Don't Let Friends Eat Spam

US Law: Ask your average teenager if Facebook messages or wall postings are emails, and you will probably get a fair amount of eye-rolling. But according to a recent federal district court decision in Facebook v. MaxBounty, such communications may indeed be considered “electronic mail messages” within the meaning of the CAN-SPAM Act. The court’s interpretation of what constitutes email may mean that other forms of Internet advertisements directed at particular individuals may be subject to the Act.

© Copyright 2011 Steptoe & Johnson LLP


Friday, March 04, 2011

HHS Gets Serious About Privacy

The Department of Health and Human Services is getting serious about its privacy enforcement responsibilities, announcing that it has imposed big penalties on two medical centers that violated the Health Insurance Portability and Accountability Act (HIPAA). HHS imposed a fine of $4.3 million on Cignet Health Center for ignoring the requests of patients who wanted access to their medical records and then failing to cooperate with an investigation into the incident by HHS's Office of Civil Rights. And Mass General agreed to pay $1,000,000 to settle charges that it had violated the HIPAA Privacy Rule when an employee accidentally left on the subway documents containing protected health information of 192 patients.

© Copyright 2011 Steptoe & Johnson LLP

Generic Website Coding Does Not Remove CDA Immunity

A federal district court in Georgia, in Herman v. Xcentric Ventures, LLC, has granted summary judgment to a website in a case that emphasizes the “robust immunity” provided by the Communications Decency Act (CDA). Defendant Xcentric Ventures operates www.ripoffreport.com, which allegedly displayed an anonymous defamatory post about the plaintiff’s law firm. As we have previously reported, courts have interpreted Section 230(c)(1) of the CDA as providing broad immunity for websites that display third-party content, as long as the websites do not contribute to the content. The plaintiffs argued that the website had added “original content” by providing a title for the third-party report, metatags, and new content on the website itself, thus acting as an information content provider and voiding any immunity under the CDA. The court determined, however, that any content contributed by the website was “generic” and common to all the user-generated comments on the site, and that the website had not created any content specifically about the plaintiff.

© Copyright 2011 Steptoe & Johnson LLP


Friday, February 25, 2011

Denmark Says "Nej!" To Cloud Computing, For Now

Denmark’s Data Protection Agency (DPA) has rejected a Danish city’s request to use cloud computing to store sensitive information, citing “important security issues.” The DPA's opinion letter, which will be sent to other EU data protection officials for their information, may become an important precedent for public and private entities that are considering storing information in the cloud, as well as for cloud providers. Still, the DPA left open the possibility of allowing storage in the cloud if the cloud provider offers adequate assurances about security.

© Copyright 2011 Steptoe & Johnson LLP

Friday, January 14, 2011

Canada Introduces Anti-Spam and Computer Crime Legislation

Canadians may enjoy their poutine, but spam is another matter. Canada has finally passed national anti-spam legislation (Bill C-28) that, in addition to prohibiting the sending of unsolicited electronic messages, prohibits the unauthorized alteration of a message’s transmission data and the unauthorized installation of computer programs. It also introduces monetary penalties and a private right of action against spammers, as well as extended liability which will allow plaintiffs to “follow the money” to the responsible party. And the law amends Canada’s Personal Information Protection and Electronic Documents Act to crack down on the collection or compiling of unlawfully obtained personal information. The new legislation will be enforced by the Canadian Radio-television and Telecommunications Commission, the Competition Bureau, and the Office of the Privacy Commissioner.

© Copyright 2011 Steptoe & Johnson LLP