Posted on

California Consumer Privacy Act (CCPA)

Although amended twice (September 13th and October 11th of 2018) after its initial passage by the California State Legislature and being signed into law by Governor Jerry Brown in June of 2018, the California Consumer Privacy Act (California Civil Code Section 1798.100) (“CCPA”) becomes effective with the new year (January 1, 2020).

Although it is intended to protect and afford California residents with certain rights (in some areas, greater or somewhat different than the European Union’s General Data Protection Directive 2016/679), it affects non-profit entities that do business in California, and that collect personal information of consumers and either has annual gross revenues over $25 million OR buys or sells personal data of 50,000 or more consumers/households OR earns over half its annual revenue from selling consumer personal information.

If your organization fits into any of those categories, you are required to establish, put into place and maintain reasonable security procedures and practices to protect consumer data and to afford California residents the right to know what personal data is being collected about them; to know whether and to whom the consumer’s personal data is sold or disclosed; to refuse to permit the sale of their personal data; to access their personal information; and to ask you to delete personal information collected from them.  The law also prohibits discrimination against any consumer for exercising any of their privacy rights under the CCPA.

While many business have been busily amending their agreements with suppliers, service providers and likely have been presented updated and revised contracts with “CCPA” amendments in order to ensure those in the chain of collection, storage, handling, distribution and use are in compliance, if you do any business in or with California residents, don’t forget to update your privacy policies and any terms of use that apply to your websites, e-commerce and online/mobile presence generally.  Those sites, even those that do not require any registration or input directly from consumers, almost certainly will be collecting information that is covered by the broad definition of “personal information” under the CCPA.

If you would like to know more about the CCPA or have any questions about this post, don’t hesitate to contact me Joe Rosenbaum, or any of the Rimon lawyers with whom you regularly work.

 

Posted on

Krakatoa: East of Java; Google West of Fair Use

Some of you may remember the 1969 disaster film, "Krakatoa: East of Java" (which, coincidentally ties nicely to a recent Useless But Compelling Fact topic). Well today, Legal Bytes is happy to alert you to the results of jury deliberations – yet another copyright law disaster – just unfolding out West (West Coast of the United States, that is). Just hours ago (and providing more evidence that confusion reigns and continues to increase under existing copyright law), the jury has rendered its decision in the copyright phase of yet another intellectual property trial relevant to the online and mobile world. As you may recall, just last month we reported another copyright flip-flop winding its way through the courts in our post entitled, Appeals Court Vacates Summary Judgment in Viacom v. YouTube.

Today, a jury in California, deliberating in a case brought by Oracle against Google and alleging that Google infringed Oracle’s Java copyrights, concluded that Google did use the Java interfaces, but couldn’t reach any conclusion if that was protected use under the copyright "fair use" exception ("fair use" is a defense to copyright infringement). The jury did find separately that Google infringed some of the Java code and used it in developing the mobile phone platform, Android. However, before Oracle celebrates prematurely, Judge William Alsup noted that because only a minimal amount of code was actually used, Oracle’s request for $1 billion in damages or some share of Google’s profits was essentially ridiculous, and that only statutory damages, ostensibly a relatively nominal amount, would likely be applicable.

Indeed, these cases bolster a growing argument that as digital technology and innovation move forward, current copyright law is either inadequate or irrelevant, or both. Legal Bytes will continue to monitor developments in this evolving and convoluted intellectual property dilemma. I encourage you to take a look at an opinion piece I wrote separately entitled, A Contrarian’s View of Copyright: Much Ado About Nothing. But that’s just my opinion; the jury’s verdict is fact!

If you would like further information or need help making sense of the legal issues arising in our digital online and mobile world, feel free to contact me, Joe Rosenbaum, or the Rimon attorney with whom you regularly work.

Posted on

Appeals Court Vacates Summary Judgment in Viacom v. YouTube

Back in December of 2010, after a previous ruling against Viacom in the billion-dollar copyright infringement case brought by Viacom (Viacom Appeals Google/YouTube Ruling) Legal Bytes reported that three legal scholars filed a brief in support of Viacom’s appeal, stating that “the central issue in this case are the legal tests for contributory and vicarious liability for copyright infringement from the use of Internet sites – in this instance, the YouTube site – to reproduce and disseminate large amounts of copyrighted material without authorization from copyright owners.” The U.S. District Court had previously ruled in favor of YouTube and Google, holding them protected against claims of copyright infringement by the safe harbor provisions of the Digital Millennium Copyright Act.

Today, in ruling on the appeal, the U.S. Second Circuit Court of Appeals essentially breathed new life into Viacom’s case, remanding it back to the lower court and instructing the District Court judge to determine whether YouTube had knowledge of specific infringing material and willfully blinded itself to that knowledge.

The ruling vacates the District Court’s summary judgment against Viacom, noting the facts might be interpreted by a reasonable jury in a way that would not exonerate or exculpate YouTube from liability. In his opinion, U.S. Circuit Judge Jose A. Cabranes wrote: "We conclude that the District Court correctly held that the 512(c) safe harbor requires knowledge or awareness of specific infringing activity, but we vacate the order granting summary judgment because a reasonable jury could find that YouTube had actual knowledge or awareness of specific infringing activity on its website."

As we have over the years, Legal Bytes will continue to monitor developments in this complex, high stakes litigation involving significant intellectual property issues in our online and digital world. If you would like further information, feel free to contact me, Joe Rosenbaum, or the Rimon attorney with whom you regularly work.

Posted on

Stealing Limelight from Hollywood, California Shines the Light on Privacy

California’s Shine the Light Act, California Civil Code 1798.83, responded to the perceived need for transparency and provides consumers certain rights in connection with how businesses share information about California residents for purposes related to direct marketing. The regulatory team at Rimon has prepared a Rimon Shine the Light Act Reference Guide; and while the Act doesn’t apply to every business, if it does apply, liability may be as high as $3,000 per violation. You can view the entire blog posting on our sister GRE Law Blog.

As always, if you need guidance from lawyers who have experience and resources aligned to deal with these issues, call me, Joseph I. (“Joe”) Rosenbaum; any of the lawyers highlighted in the posting; or, of course, the Rimon lawyer with whom you regularly work.

Posted on

ICONfusion Creeps Into Interactive Advertising Awareness

Earlier this week, ClickZ reported that the improper use of the Digital Advertising Alliance’s behavioral icon

is threatening to dilute the self-regulatory effectiveness of its campaign to educate consumers on the risks of online behavioral advertising, and enable them to make an informed judgment in seeking to control the use of their browsing behavior across multiple websites. Legal Bytes has previously reported the initial development and launch, as well as the growing acceptance of the industry’s self-regulatory efforts (just search us for “behavioral advertising” or follow the links through any of our prior posts – e.g., Self-Regulatory Ad Industry Effort Continues to Drive Forward). While the icon has gained wide acceptance as part of the advertising industry’s self-regulatory initiative (See Advertising Industry Collaboration Releases Self-Regulatory Online Behavioral Advertising Principles), using it inappropriately or inaccurately may cause consumers to be more confused, rather than educated.

You might be tempted to argue that if advertising that does not involve behavioral information nonetheless includes the DAA icon, what’s the harm? However, if the objective is to educate consumers about the distinctions in how their information is collected and used by advertisers, agencies, network publishers, browser publishers and others in the interactive ecosystem, confusion fuels the concerns already raised by consumer advocacy groups, regulators and lawmakers alike – and that’s counterproductive.

The good news is that the industry campaign to stimulate adoption of the self-regulatory guidelines and the inclusion of the icon in relevant advertising is gaining momentum – a sign the industry can and will police and regulate itself. Innocent mistakes in the name of compliance are certainly better than abuse or ignorance, so let’s not be too quick to throw stones. That said, as consumers increasingly see the icon and begin to appreciate, and take advantage of, the self-regulatory efforts, it behooves the industry to do a better job of making sure the educational component is consistent and not ICONfusing!

As always, if you need more information about the advertising industry’s self-regulatory initiative, advice regarding compliance, or legal help in understanding the dynamic and ever-changing environment of online and mobile interactive advertising, marketing and privacy, call me, Joseph I. (“Joe”) Rosenbaum, or any of the Rimon attorneys with whom you regularly work – our lawyers deal with these issues every day.

Posted on

FTC Launches Mobile App Information Page

Earlier today, the FTC established a web page on its Website entitled, “Facts from the FTC: What You Should Know About Mobile Apps.”

The FTC web page contains a link to the U.S. federal government’s website OnGuardOnline, which provides government and industry-related information about how to protect and secure the information that may be available when you are online (and now when you are "app" happy on your wireless and mobile devices).

Are you in the online or mobile advertising industry? Do you create, use, share or obtain data from "apps"? Expect more, not less, regulatory and government agency activity in this area in the months and years ahead.

If you need help from lawyers with decades of experience, Rimon is the place to look. Feel free to call me, Joseph I. (“Joe”) Rosenbaum, or any of the lawyers within the Advertising Technology & Media law practice group, or any of the Rimon attorneys with whom you regularly work. We will be happy to help you.

Posted on

Friends on Facebook – Hold Them Close, Get Held in Contempt of Court!

Since 2009, Legal Bytes has been blogging off and on about the implications of social media to the legal profession and the legal process. Whether it’s judges being "Friends" with lawyers (see, Florida Judges Can’t Have Friends), or jurors networking about evidence or cases as they deliberate (see, When Pressing Suits, Judges Tell Jurors Neither Social Nor Media is OK), or reporters "tweeting" from the courtroom (see, Freedom of the Press = Freedom to Tweet), social media is a force to be reckoned with—and the legal process also needs to reckon with it.

The latest blip on the radar comes from the UK, where Joanna Fraill, a juror, has been tried and convicted of being in contempt of court in what is being widely reported as the first Internet-related contempt of court prosecution in the UK (and perhaps anywhere). So in addition to judges, prosecutors and plaintiffs’ lawyers being wary about managing their online relationships, and jurors being admonished for searching online for information regarding the facts, parties, or issues in a case, add communication between jurors and parties in the legal proceedings to the list. Ms. Jamie Sewart, a defendant in a trial in Manchester involving billions of BPS’ worth of drugs, was contacted by Ms. Fraill, one of the jurors in the trial, through Facebook while the jury was deliberating.

Ms. Sewart admitted knowing Ms. Fraill was one of the jurors when she "accepted" the request to be friends, and the case collapsed when their communication through the social networking medium was uncovered. Ms. Sewart’s partner was convicted and is currently in prison, but Ms. Sewart was acquitted as a result of this trial. In one exchange between them – the text has now been made public – Ms. Fraill sent a message to Ms. Sewart regarding the jury deliberations stating: "cant get anyone to go either no one budging pleeeeeese don’t say anything cause jamie they could all miss trial and I will get 4cked to0."

Now before everyone rants about the evils of social media, bear in mind that the same result would be obtained if the juror had written a letter, called by phone or sent a coded message by carrier pigeon. The fact that a new means of communication – the Internet – was involved doesn’t change the admonition, the rules, or the consequences of the conduct. Indeed, with Facebook’s user population at approximately 700 million, the relatively lax attitude toward anyone monitoring their millions of followers on Twitter (or who they follow – I generally just automatically reciprocate), isn’t it likely one of you is already "Friends" with a criminal, or you will be, or you are following someone who may be appearing in court any day now?

Communication between participants in legal cases has long been the subject of ethical rules, professional guidelines and rigorous policing. Issues relating to privilege and work product, attorney-client communication, and relationships between lawyers, judges, plaintiffs and defendants, are not new. But jurors wanting to be "friends" with a defendant in the midst of a trial – well that’s one I haven’t heard before.

Rimon has teams of lawyers knowledgeable in digital evidence and discovery, employment and social media, privilege and litigation, in the age of the Internet and mobile communication. So as I’ve said before, keep your browser tuned (or bookmarked) to www.LegalBytes.com for breaking news, and if you do need help, contact me, Joe Rosenbaum, or any of the lawyers at Rimon with whom you work.

OMG B KEWL and call (or SMS) if you need help.
 

Posted on

FTC Proposes to Update Dot Com Disclosure Guide to Online Advertising

"Dot Com Disclosures" [PDF], the Federal Trade Commission’s (FTC) guidance for online advertisers, was issued in May 2000.

Yesterday, the FTC issued an announcement [FTC Staff Invites Comments Regarding "Dot Com Disclosure" Business Guidance Publication [PDF]] asking for comments and suggestions from interested parties regarding updates to the online advertising guidance, based on the fact that when Dot Com Disclosure was first released, social media, mobile marketing, "apps" and similar innovative advertising and content distribution mechanisms either did not exist, or were in their infancy.

The online world and the online and mobile world of advertising has changed radically and continues to evolve dynamically since 2000, and if you want your comments to be considered, the FTC must receive them by July 11, 2011. Comments will generally become matters of public record at http://www.ftc.gov/os/publiccomments.shtm.

Are you in the online or mobile advertising industry? Do you create, use, share or obtain data from "apps"?   Do you want your views to be considered – whether as part of an industry association or individually, or both? Need help crafting your submissions and comments?

If you need help from lawyers with decades of experience, Rimon is the place to look. Feel free to call me, Joseph I. ("Joe") Rosenbaum, or any of the lawyers within the Advertising Technology & Media law practice group, or any of the Rimon attorneys with whom you regularly work. We will be happy to help you.

Posted on

Self-Regulatory Ad Industry Effort Continues to Drive Forward

In a turbo boost for the advertising industry’s self-regulatory initiative (See Advertising Industry Collaboration Releases Self-Regulatory Online Behavioral Advertising Principles), Chrysler has picked Evidon as its exclusive provider for online behavioral advertising compliance services. Both in advertising and through website notifications, Evidon will power the delivery and display of the Ad Choices icon on Chrysler advertising online, and the corresponding disclosures to consumers about how their online behavior is collected and information used – and allowing those consumers to opt-out. Of the U.S. automakers, Chrysler is the first to use the system across its brands; and if a consumer prefers not to allow Chrysler to use behavioral data, he or she can simply click on the blue icon, which opens a pop-up browser window that explains how the advertising is matched with that consumer’s browsing activity and other information—not only to inform the consumer, but also to allow the consumer to opt-out of future behavioral advertising originating from Chrysler ads. We understand that each of the individual brand websites within the Chrysler group will also have notices that give individuals comparable information, and notices regarding how they can opt out as well.

As always, if you need more information about the advertising industry’s self-regulatory initiative; advice regarding compliance; or legal help in understanding the dynamic, ever-changing environment for advertising, marketing and privacy, call me, Joseph I. (“Joe”) Rosenbaum, or any of the Rimon attorneys with whom you regularly work. Our lawyers deal with these issues every day.

Posted on

UK ICO Issues Guidelines for Online Compliance – C is for Cookie

The Information Commissioner’s Office in the United Kingdom, in furtherance of the European Union’s “browser cookie” laws (EU Privacy and Communications Directive), has just published a set of guidelines that commercial enterprises will need to comply with when the new law goes into effect May 26. Because the laws’ requirements relate to technology and marketing, the intention of the new guidelines is to provide guidance on compliance for businesses.

For background, in case you haven’t been following this closely, in November 2009, the European Parliament amended the Directive of Privacy and Electronic Communications 2002/58/EC (sometimes referred to as the e-Privacy Directive) that mandated that websites give consumers the right to opt out of receiving cookies (in most cases by changing settings on their web browsers). The 2009 amendments reversed the requirement, setting the default as “opt in.” Consumers will have to give permission (informed consent) to a website in advance, to allow a cookie to be placed on their computer.

The UK ICO’s guidance makes it clear that all businesses, private and public, will be required to get consent from the user, in advance of having a browser cookie downloaded and installed on the consumer’s computer. In addition, the ICO has amended the UK Privacy and Electronic Communications Regulations to mandate that clear and thorough information – to ensure informed consent – is provided to end users, explaining why their information is being stored and how it will be used by the commercial enterprise. Expect to see consumer-directed information soon, alerting consumers as to what their rights are and what to expect as businesses comply with the new law and regulations.

As you probably know if you are a loyal and longstanding reader, Legal Bytes in 2009 reported that the major players in the online advertising industry had issued self-regulatory principles concerning online behavioral advertising (Advertising Industry Collaboration Releases Self-Regulatory Online Behavioral Advertising Principles), and intended to create an industry self-policing mechanism, as well as disclosures to consumers concerning the use of their personal information. The self-regulatory mechanisms in the United States – these being similar – have followed an “opt out” approach to consumer privacy and the control of personal information. For multinational and international businesses worried about compliance (and that includes all you web browser publishers) – well, it’s complicated.

As always, if you need guidance for your advertising, marketing, privacy or data protection efforts, call me, Joseph I. (“Joe”) Rosenbaum, or any of the Rimon attorneys with whom you regularly work. Our lawyers deal with these issues every day.