Header graphic for print

Socially Aware Blog

The Law and Business of Social Media

Social Links: Appeals court opinions show reach of anti-hacking law; a virtual reality sickness cure; intrigue at Vine

Posted in IP, Litigation, Livestreaming, Patent, Privacy, UK

The UK wants to use the blockchain to track the spending of welfare recipients.

Some believe that a recent Ninth Circuit holding could turn sharing passwords into a federal crime under the Computer Fraud and Abuse Act.

And another Ninth Circuit opinion sided with Facebook in a closely-watched case interpreting the same federal law, this time involving unauthorized access to Facebook’s website.

The fashion world is embroiled in a rocky romance with social media.

Snapchat filed a patent application for image-recognition technology that may help the platform’s ad sales.

Scientists think they’ve found a way to tackle virtual reality sickness.

What’s going on at Vine? First a bunch of influencers cut ties with the platform. Now a group of its top executives have jumped ship.

Livestreaming services are giving cable TV networks a run for their money.

You didn’t think we’d ignore the Pokémon Go craze, did you? Here’s advice on how to protect your privacy when you’re using the app. We’re also preparing an article describing the game and the business and legal issues that are arising from it. Stay tuned.

Are Online Trolls Ruining Social Media Marketing?

Posted in Cyberbullying, First Amendment, Free Speech, Infographic, Marketing

Earlier this year, I helped moderate a lively panel discussion on social media business and legal trends. The panelists, who represented well-known brands, didn’t agree on anything. One panelist would make an observation, only to be immediately challenged by another panelist. Hoping to generate even more sparks, I asked each panelist to identify the issue that most frustrated him or her about social media marketing. To my surprise, the panelists all agreed that online trolls were among the biggest source of headaches.

This contentious group proceeded to unanimously bemoan the fact that the comments sections on their companies’ social media pages often devolve into depressing cesspools of invective and hate speech, scaring off customers who otherwise would be interested in engaging with brands online.

And it isn’t just our panelists who feel this way. Many online publishers have eliminated the comments sections on their websites as, over time, those sections became rife with off-topic, inflammatory and even downright scary messages.

For example, Above the Law, perhaps the most widely read website within the legal profession, recently canned its comments section, citing a change in the comments’ “number and quality.”

The technology news website Wired even put together a timeline chronicling other media companies’ moves to make the same decision, saying the change was possibly a result of the fact that, “as online audiences have grown, the pain of moderating conversations on the web has grown, too.”

Both brands and publishers are right to be concerned. Unlike consumers who visit an online branded community to voice a legitimate concern or share an invaluable insight, trolls “aren’t interested in a productive outcome.” Their main goal is harassment, and, as a columnist at The Daily Dot has observed, “People are generally less likely to use a service if harassment is part of the experience.” That’s especially true of online branded customer communities, which consumers mainly visit to get information about a brand (50%) and to engage with consumers like themselves (21%).

Of course, it’s easy for a brand to eliminate the comments section on its own website or blog. But, increasingly, brands are not engaging with consumers on their own online properties; they’re doing it on Facebook, Instagram, Twitter and other third-party social media platforms, where they typically do not have an ability to shut down user comments. Some of these platforms, however, are taking steps to rein in trolls or eliminate their opportunities to post disruptive comments altogether.

The blog comment hosting service Disqus, for example, recently unveiled a new platform feature that will allow users to “block profiles of commenters that are distracting from their online discussion experience.” The live video streaming app Periscope also recently took measures to rein in trolls, enabling users to flag what they consider to be inappropriate comments during a broadcast. If a majority of randomly selected viewers vote that the flagged comment is spam or abusive, the commenter’s ability to post is temporarily disabled. And even Facebook, Instagram and Twitter have stepped up their efforts to help users deal with harassment and unwanted messages.

Brands, however, are seeking a greater degree of control over user comments than what is being offered even by Disqus and Periscope. Given that branded content and advertising are crucial components of many social media platforms’ business models, we can expect to see platforms becoming more willing to provide brands with tools to address their troll concerns.

In fact, the user-generated content site Reddit has already taken steps in this direction. Because of its notorious trolling problem, Reddit has had trouble leveraging its large and passionate user base. Last year, in an effort to capitalize on the platform’s ability to identify trending content and create a space where brands wouldn’t be afraid to advertise, Reddit launched Upvote, and passionate user base. A site that culls news stories from Reddit’s popular subgroups and doesn’t allow comments.

Other platforms will presumably follow Reddit’s lead in creating comment-free spaces for brands. Although this may prove to be good news for many brands, one can’t help to feel that this inevitable development undermines—just as trolls have undermined—the single most exciting and revolutionary aspect of social media for companies: the ability to truly engage one-on-one with customers across the entire customer base.

*    *    *

This post is a version of an op-ed piece that originally appeared in MarketWatch.

For other Socially Aware posts addressing online marketing issues, please see the following:  Influencer Marketing: Tips for a Successful (and Legal) Advertising Campaign; Innovative Social Media Marketing Cannot Overlook Old-Fashioned Compliance; and Will Ad Blockers Kill Online Publishing?  Also, check out our Social Media Marketing infographic.


Now Available: The July Issue of Our Socially Aware Newsletter

Posted in Advertising, Copyright, Digital Content, Employment Law, Online Promotions

CaptureThe latest issue of our Socially Aware newsletter is now available here.

In this issue of Socially Aware, our Burton Award winning guide to the law and business of social media. In this edition, we take a look at courts’ efforts to evaluate emoticons and emojis entered into evidence; we describe the novel way one court addressed whether counsel may conduct Internet research on jurors; we examine a recent decision finding that an employee handbook provision requiring employees to maintain a positive work environment violates the National Labor Relations Act; we discuss an FTC settlement highlighting legal risks in using social media “influencers” to promote products and services; we explore the threat ad blockers pose to the online publishing industry; we review a decision holding that counsel may face discipline for accessing opposing parties’ private social media accounts; we discuss a federal court opinion holding that the online posting of copyrighted material alone is insufficient to support personal jurisdiction under New York’s long-arm statute; and we summarize regulatory guidance applicable to social media competitions in the UK.

All this—plus an infographic illustrating the growing popularity of emoticons and emojis.

Read our newsletter.

Social Links: Kids roll eyes as parents embrace Snapchat; teen sues Snapchat over sexual content; Snapchat to become less ephemeral with new “Memories” feature (plus some other news not involving Snapchat)

Posted in Asia, Disappearing Content, E-Commerce, Litigation, Livestreaming, Marketing, Privacy

Snapchat has caught on with “oldies” (that’s people 35 and older, FYI).

Facebook Messenger is testing “Secret” mode, a feature that allows some messages to be read only by the recipient.

A South Korean copy of Snapchat has taken off in Asia.

Using social media to help promote your brand? Here’s a list of top Facebook marketers and some advice on how to get your customers to make social platforms their point of purchase.

Meet MikMak, the mobile shopping network that sells via video.

A 14-year-old and his mother are suing Snapchat, claiming the app regularly exposes him to sexually explicit content.

Dieters are flocking to Instagram.

Twitter is looking to ink more NFL-style streaming deals.

Young performers are trying to achieve stardom by broadcasting on apps, such as YouNow. Perhaps they should go old school, and follow this advice on building the perfect YouTube channel.

The Wall Street Journal profiles Instagram’s founder, Kevin Systrom.

China is reportedly launching a crackdown on “fake news” spread on social media sites.

Snapchat’s new feature, “Memories,” will allow users to retain some content.

Europe’s Right to Be Forgotten Spreads to Asia

Posted in Free Speech, Privacy

iStock_000042592376_IllustrationIn May 2014, in a decision attracting worldwide attention, the European Court of Justice (ECJ) held that a European individual’s privacy rights include the “right to be forgotten,” requiring Internet search engine providers to honor an individual’s request to remove certain search results relating to him or her. Specifically, individuals may request deletion of links to information that is “inadequate, irrelevant or no longer relevant, or excessive in relation to the purposes for which they were processed and in the light of the time that has elapsed.”

Since the ECJ’s 2014 decision, initiatives to curtail the Internet’s long memory about individuals’ histories have arisen in other continents. In Asia, South Korea has recently embraced a limited form of the right to be forgotten, while a court in China struggled with whether to recognize the right.

South Korea’s Guidelines on Requests for Access Restrictions on Internet Self-Postings

As of June 2016, website operators and Internet search engine providers in South Korea are expected to voluntarily cooperate with guidelines issued by the Korea Communications Commission (KCC) on a form of the right to be forgotten. The KCC released the non-binding “Guidelines on Requests for Access Restrictions on Internet Self-Postings” on April 29, 2016, in response to intense interest in the matter within the country following the ECJ ruling. Operators of websites with user-contributed content and operators of web search engines may receive requests to remove or exclude information relating to individuals.

The KCC indicated its intent to strike a balance in the guidelines between protecting an individual’s privacy rights and protecting freedom of expression. The guidelines are meant to address a gap that is not covered by existing remedies (e.g., under copyright law for unlawful reproduction of information, the Press Arbitration Law for erroneous reporting or the Information Network Act for posts infringing a third party’s rights). The specific concern that the guidelines seek to address is the situation where an individual has “lost control” over content that he or she posted to an Internet site (“self-postings”), such as when a user of a service has cancelled his or her membership to the service but the content remains available on the service.

Under the guidelines, an individual who would like to remove online self-postings should first attempt to delete the content. If he or she is unable to delete the content, the individual may request that the site administrator restrict access to the materials. The request to remove or exclude content should include the URL of the material to be removed, proof that the requestor posted the content and the reason for removing the content. The site operator may request additional information if the request contains insufficient proof to determine that the requestor posted the content, and the site operator may thereafter deny the request if the additional information provided is still insufficient.

Upon removal of the content, the site operator should inform third parties of the removal by publishing a note in place of the removed content that access to the content has been restricted. A third party may appeal the removal of content by providing the website operator with both evidence that he or she authored the content and a reason for reinstating it. Additionally, a requestor who misrepresents another person’s post as his or her own in order to have it removed may be subject to civil and criminal penalties.

The individual may also request Internet search engine operators to exclude the content from search results, although it is unclear whether the individual must have originally published the content to be excluded. As a result, the rights afforded to individuals under the KCC guidelines appear to be more limited in scope than the broad rights recognized under the ECJ’s decision.

The KCC’s press release and a copy of the guidelines are available (in Korean) can be found here.

China Rejects the Right to Be Forgotten, at Least for Now

In contrast to the formal—albeit voluntary—regime that has just taken effect in South Korea, the right to be forgotten does not yet appear to be recognized in China. This is so notwithstanding the recent efforts of a plaintiff seeking to convince a Chinese court to import the right from Europe into China. Indeed, a summary of the case posted by the Haidian District People’s Court in Beijing expressly acknowledges the ECJ’s May 2014 ruling.

The case involved a plaintiff seeking to compel a search engine to remove results that related to him. In its ruling, the court concluded the plaintiff had no right to be forgotten. The plaintiff, Ren Jiayu, sued the search engine Baidu after a search on his name pulled—in the “related searches” section on the bottom of the results page—various references to Ren and Taoshi Education Company. Ren was apparently associated with this company in the past, but the company was in ill repute (“many people believed that Taoshi Education was a dishonest company, with some going so far as to claim it was an evil cult,” explained the Beijing court of first instance in its ruling, according to a recent report on these developments). Ren’s employment with Beijing Daoyaxuan Commercial Trading Company Limited was terminated as a result of the association, and he then sued Baidu seeking lost wages and the elimination of a number of keywords from search results for “Ren Jiayu,” including “Taoshi Education Ren Jiayu.”

In other words, Ren sought a ruling that a Chinese individual’s privacy rights include a right to be forgotten, similar to that of European individuals, which would require Baidu to honor his request to remove search results information relating to him.

Ren argued that the “related searches” terms should be removed in part because he had no prior relationship with the offending company. The court, however, found that he did, and thus concluded that there was no infringement of Ren’s right to his reputation. The court also rejected any claim that Baidu had infringed on Ren’s right to his name. Then, the court turned to whether there could be a new right to be forgotten within the framework of the “general right of personhood” under Chinese law.

The court first noted that, even though there was a right to be forgotten in other countries, including countries of the European Union, that jurisprudence would not inform the court’s decision.

The court then identified three criteria for the right to be forgotten under Chinese law: the personal interest at issue must (1) encompass a right not already categorized; (2) be legitimate; and (3) require the protection of law.

The court acknowledged that Ren had an interest in having the information “forgotten”—it had an adverse impact on his employment prospects—but this interest was not “legitimate and requiring the protection of law.” As the court put it, the search results “relat[e] to very recent events, and [Ren] continues to work in the business administration education profession. This information happens to form a portion of his professional history, and his current individual professional credibility is both of directly relevant and of ongoing concern.”

In short, while the Chinese court appears to have concluded that there is no such thing as a right to be forgotten, the case could also be read to suggest that there was no such right based on the facts of this case but that it is plausible that some other individual’s interest in having search results removed could be found to be legitimate and require the protection of the law.

An article (in English) describing the case and providing links to the rulings (in Chinese) can be found here.

Although the right to be forgotten has not yet taken force in any way in China, the door remains open for further efforts to establish the right. And although the right currently exists only in nonbinding guidance in South Korea, this guidance highlights the growing interest in Asia in what could ultimately become one of Europe’s hottest exports.


*          *        *

For other Socially Aware blog posts regarding the right to be forgotten, please see the following:

A Right to Be Forgotten Update

European Court of Justice Strengthens Right to Be Forgotten

App Developer Prevails in Class Action Lawsuit Challenging Shift to New Business Model

Posted in Litigation, Mobile

75090977_thumbnailIf you make available a service through a free app, and you subsequently decide to migrate users of that app to a paid subscription model, that shouldn’t create any problems, right?

Well, app developer LogMeIn did just that, and became the target of a class action lawsuit filed in the Eastern District of California. Although the claims against LogMeIn were recently dismissed, the case, Handy v. LogMeIn, Inc., highlights the potential legal risks in seeking to transition app customers from a “no charge” (or a “one-time only charge”) business model to another business model, especially where the new business model will require those customers to pay ongoing subscriptions fees.

LogMeIn’s Products

LogMeIn made available a free app, LogMeIn Free, which allowed users to use a laptop or desktop computer to access remotely a separate desktop computer. The company also offered, for $29.99, a second app, Ignition, which provided the same remote access but from a tablet or smartphone.

In 2014, LogMeIn notified its customers that it would no longer offer LogMeIn Free, and that it was planning to migrate all users of that app and the Ignition app to a paid subscription service, which offered a few extra features. The plaintiff—a user of LogMeIn Free and a purchaser of Ignition—brought suit under California’s False Advertising Law (FAL) and Unfair Competition Law (UCL), alleging that the company had failed to properly notify users that it would discontinue these products and that, had he known LogMeIn would do so, he would not have purchased Ignition.

LogMeIn filed a motion to dismiss the plaintiff’s claims and a motion for summary judgment. Because the court considered evidence outside the pleadings, it applied summary judgment standards and ruled in favor of LogMeIn.

Failure to Identify Any Affirmative Misrepresentation

 The plaintiff claimed the following: (1) LogMeIn had misled consumers to believe that LogMeIn Free and Ignition apps were both being discontinued and that, in order to continue to receive the services provided through these apps, users had to pay for an annual subscription; and (2) LogMeIn had led users to believe that the free app and the paid subscription were “companion services” and, as such, had failed to inform users that the discontinuation of the free app would make the subscription app less valuable. The court rejected both theories.

First, the court held that LogMeIn had not misrepresented its intention to discontinue its free app and the Ignition product. LogMeIn explained its migration plan and offered consumers a six-month free subscription to the new subscription-based service. It further explained that, regardless of whether users accepted the complementary subscription, they could continue to use Ignition until it was discontinued. This is exactly what the plaintiff did: he continued to use the Ignition product throughout 2014 and 2015. Because the plaintiff was not “tricked” by LogMeIn’s statement and did not buy the new subscription-based product because of any alleged misrepresentation, he could not base a claim on LogMeIn’s statement of its migration plan. The court noted:

While [the plaintiff] may be outraged by what he feels occurred to others, the Court is not clear why he believed that this outrage makes him aggrieved such that he can vindicate this grievance in this litigation.

Second, the court held that the plaintiff failed to show that the free app and Ignition were “companion services” such that Ignition was less valuable without the free app. It noted that the plaintiff used the free app for more than a year before buying Ignition and then used Ignition for more than a year after the free app had been discontinued. The products, therefore, were not dependent on one another.

Further, the court noted that, prior to receiving access to the LogMeIn Free app, the plaintiff and other customers had been required to “click accept” the terms and conditions governing use of that app and the Ignition app, and, in such terms and conditions, LogMeIn had made clear that it reserved “the right to modify or discontinue” either LogMeIn Free or Ignition “for any reason or no reason,” thereby undercutting the plaintiff’s position that use of one was dependent on the other.


App developers (and other companies, for that matter) should take note that, even though LogMeIn ultimately prevailed, migrating users off of a free app or a “one-time only charge” app to a paid subscription model can spark unwanted and costly litigation, no matter how baseless that litigation might be; accordingly, app developer will want to proceed with caution and ideally consult experienced counsel before undertaking such an initiative.

That being said, the Handy decision highlights some of the challenges that a plaintiff will have in pursuing any such litigation. As the Handy plaintiff learned, fraud-based claims under the FAL and UCL are subject to heightened pleading requirements. Moreover, plaintiffs must allege reliance on specific statements and injury in fact as a result. Further, courts are increasingly dismissing claims that fail to allege such individualized reliance and injury.

Finally, Handy shows how a carefully drafted set of terms and conditions governing app usage can help to bolster an app developer’s defenses to FAL, UCL and other claims arising out of a shift to a new business model. Such terms and conditions of use ideally should provide notice to users that the app (including any associated services) may be modified or discontinued, and that the app developer reserves the right to charge fees or to increase fees in connection with the app. Moreover, as in Handy, app developers can further strengthen the impact in litigation of an app’s terms and conditions of use by requiring customers to affirmative consent to such terms and conditions.


*          *        *

For other Socially Aware blog posts on legal issues relating to mobile apps, please see the following:

Mobile App Legal Terms & Conditions: Six Key Considerations

 New California Privacy Law Revisions Will Impact Website and Mobile App Operators With Users Under Age 18

California Court of Appeal Rules That State Attorney General’s Privacy Suit Over Fly Delta Mobile App Is Preempted

For in-depth coverage of class action law developments, please check out our sister blog, Class Dismissed.

Social Links: Implications of Facebook’s algorithm change; branded emoji; free travel apps

Posted in Cyberbullying, Data Security, Employment Law, Litigation, Marketing

The Internet is abuzz over the Facebook algorithm change. Here are the implications for marketers and publishers and for regular users.

U.S. Customs wants to start collecting the social media accounts for foreign travelers.

Court: Woman fired for posting to her Facebook page that she would quit her job before doing “something stupid like bash in” her co-worker’s “brains with a baseball bat” is entitled to unemployment benefits.

Does artificial intelligence have a “white guy” problem?

It appears consumers have an appetite for branded emoji: Harper’s Bazaars emoji keyboard was downloaded 30,000 times in 24 hours.

Meet YesJulz, Snapchat royalty.

And here’s a list of several more impossibly popular social media celebs who you’ve likely never heard of.

Seven things everyone should know about cybersecurity and social media.

Do anonymity and social mix? An interesting Q&A with the founder of Secret, an anonymous social messaging platform that was valued at $100 million before it shuttered as a result of bullying.

Hitting the Tarmac this holiday weekend? Here’s a list of free or cheap travel apps worth downloading.

Brexit: Data Protection Implications

Posted in Data Security, European Union, Privacy, UK

iStock_91726351_600pxAs the entire world knows, the United Kingdom has voted by a narrow majority to leave the European Union (“Brexit”). But the Brexit process will take time, and the implications for businesses will also unfold over time. In this blog post, we take a look at the potential privacy and data security implications of Brexit.

No Changes in the Short Term

For the time being, the UK remains a member of the EU; and the Data Protection Directive (“Directive”) and e-Privacy Directive as currently implemented in UK law continue to apply. The Directive will be replaced by the EU General Data Protection Regulation (GDPR) in May 2018, and in the coming period the e-Privacy Directive will be updated to reflect the changes that the GDPR will bring. Given the time that will elapse before Brexit actually occurs, it may well be the case that the GDPR will come into force before the UK formally exits the EU.

As the GDPR has the form of an EU regulation, it will be directly applicable in all EU Member States, and no steps need to be taken by the UK for it to be implemented in the national law of the UK. Further, it may well be the case that the UK will have to implement the amended e-Privacy Directive into UK law before Brexit takes place. Until the UK formally exits the EU, data transfers between the UK and the other countries in the EU may continue to occur because the EU data transfer rules do not apply to transfers of personal data within the EU.

Changes After Brexit

The situation will change when UK leaves the EU. From that moment on, the GDPR will no longer be applicable in the UK. The national laws implementing EU directives (including the e-Privacy Directive) will, however, remain in force until they are amended or repealed. Thus, the UK will become a “third country” under the data transfer rules in the GDPR. In this case, personal data can only be exported by a business established in the EU to a third country, such as the UK, if there is an “adequate level of protection” for such data, unless certain conditions have been met.

There are three options under which the UK may obtain the required “adequacy status,” with the third being the most likely:

Becoming an EEA member: The UK may (like Norway, Liechtenstein and Iceland) become a member of the European Economic Area by becoming a signatory to the EEA Agreement. Under Article 7 of the EEA Agreement, the UK would still need to accept being bound directly by relevant EU laws relating to the four freedoms, including the GDPR. This option is unlikely to be pursued by the UK government in the form adopted by Norway, Liechtenstein and Iceland, in view of the fact that the UK would need to agree to be bound by many of the rules of the EU that have been unpopular with Brexit supporters, including the free movement of people.

The Swiss solution: Switzerland is not part of the EU or EEA (although it has bilateral agreements with the EU allowing access to the single market). Although not bound by it, Switzerland has fully implemented the Directive into its domestic legislation and, on that basis, has received an “adequacy finding” from the European Commission. Switzerland has already indicated its wish to update Swiss legislation to reflect the application of the GDPR and retain its adequacy status. Also, although Switzerland is not subject to the jurisdiction of the European Court of Justice (ECJ), the ECJ’s case law has had a significant influence on Swiss legislation.

For instance, after the ECJ struck down the EU-US Safe Harbor Decision of the Commission, the Swiss also declared that the Swiss-US Safe Harbor did not provide a sufficient legal basis for exporting data from Switzerland to the U.S. As with becoming a member of the EEA, the Swiss model would require the UK to adopt the GDPR as it stands now and any further EU legislation on data protection, without having any right to participate in EU rule-making. This option is unlikely to be pursued by the UK government in the form adopted by Switzerland because it would entail the UK agreeing to be bound by many of the rules of the EU which have been unpopular with Brexit supporters, including the free movement of people.

Full adequacy finding: Under this option, he UK would implement its own data protection laws and would then request the Commission to issue a decision that its legal regime is “adequate” when assessed against the standard set by EU data protection law. At first glance, this seems to be the preferred option because it enables the UK to relax some of the rules in order to facilitate trade (as it advocated in the negotiations over the GDPR). However, if the UK wishes to obtain a quick adequacy decision to continue to facilitate data transfers between the UK and the EU also upon exit, it will likely have to implement provisions that are close to the GDPR. Any other approach could set the UK back in getting a quick adequacy decision.

The EU may well be averse to any softening of the rules that would give the UK an advantage over EU Member States, or enable some sort of forum shopping. It is therefore not surprising that the UK Information Commissioner’s Office (ICO) has already issued a statement that UK data protection standards would have to be equivalent to the GDPR. We note that the UK has been a long-standing advocate of data protection (e.g., it had a law more than 10 years before the Directive was adopted) and there is solid public awareness of privacy laws. The UK has further ratified Convention 108 (which sets core principles for data protection) as well as the European Convention on Human Rights (“ECHR” – which, in article 8, provides for the right to privacy), and the UK is subject to the European Court of Human Right’s competence. The ICO is a member of the Global Privacy Enforcement Network (GPEN), intended to strengthen cross-border information sharing and co-operation in cross-border enforcement among privacy authorities around the world. This all seems to point into the direction of adequacy.

We highlight, however, that the recent Schrems judgment of the ECJ may also have implications for the UK. In the Schrems judgment, the ECJ invalidated the decision of the Commission that approved the Safe Harbor Framework facilitating data transfer to U.S. companies that adhered to this framework, because the privacy of European citizens was not considered to be adequately protected (in short) because the powers of the U.S. intelligence services went beyond what was strictly necessary and proportionate to the protection of national security and individuals did not have adequate means of judicial redress to protect their privacy. The concern that the intelligence services have overly broad surveillance powers may well also apply to the UK intelligence services. More clarity may come from three cases pending before the European Court of Human Rights, which were instigated by the UK Bureau of Investigative Journalism and a number of civil rights organizations, and claim that the generic surveillance powers of the UK intelligence services violate Article 8 of the European Convention on Human Rights.


In the short term, until the UK ceases to be a member of the EU, nothing changes and data transfers may continue as they currently do.

Whichever of the three options the UK ultimately follows to obtain adequacy status, the end result will be UK data protection legislation that is very much aligned with the upcoming GDPR and other EU privacy rules.

Next Steps for Businesses

• While it is expected that the Commission will eventually confirm “adequacy status” for whatever data protection laws the UK puts in place post-Brexit, it is possible that this may not have been done at the precise time of exit. This situation would require businesses to put in place alternative data transfer arrangements for transfers from within the EU to the UK, such as the entering into of standard contractual clauses (SCCs). Controllers and processors can also “adduce appropriate safeguards” for their intra-group transfers by adopting binding corporate rules (“BCRs”). In any case, in the aftermath of the Schrems judgement, we see a trend of companies moving to implement BCRs in order to be less dependent on the adequacy decisions of the Commission and the negotiations of the EU and US in respect of the terms of the new Privacy Shield.

• Given the lead time it takes to implement the GDPR requirements into business processes, businesses in the UK should continue their GDPR readiness programs. As indicated above, the rules that the UK will ultimately implement in all likelihood will closely resemble the GDPR. Note further that the GDPR may continue to apply to the data processing activities of UK companies where they offer goods or services to citizens in other EU countries, or otherwise monitor their behavior. The same will apply to UK companies with offices in other EU countries operating central data processing systems.

• The ICO has acted as the lead data protection authority (“DPA”) in approving BCRs in many instances. After the exit, the ICO will no longer be authorized to act as lead DPA. Companies with BCRs where the ICO is lead DPA will therefore have to approach another EU DPA to act as their lead DPA. Businesses applying for BCRs and having to select a lead DPA and co-leads should consider taking this into account.


*          *        *

For more insights regarding the potential legal implications of the recent Brexit vote, please see our MoFo Brexit Briefings page on the Morrison & Foerster website.






Social Links: Livestreaming goes mainstream; social-media-use guidance for judges; three years in jail for trolling?

Posted in Ethics, Livestreaming, Marketing, Protected Speech

Facebook signs more than $50 million worth of deals with media firms and celebrities to create videos for its live-streaming service.

Tumblr is jumping on the live video bandwagon, too—but via live-streaming platform partners, not through its own service.

C-Span picked up live feeds of the Democratic sit-in over gun-control legislation that representatives shot on Periscope, Facebook Live and other social platforms.

Twitter will now let you see when tweets are from a specific place, like a business, sports stadium, or music festival.

Is Snapchat on its way to becoming the first “social augmented reality platform”?

An Orlando prosecutor was fired for posting offensive statements about the city on social media shortly after the Pulse nightclub shooting.

A guy in Australia faces three years in jail for “criminal trolling.

After a judge running for re-election commented on a case he was presiding over on his campaign page on Facebook, the New Mexico Supreme Court issued guidance for judges on social media use.

Social Times explains why Lego’s social media marketing efforts are worth emulating.

Twitter launched a standalone app designed to help famous people interact with their fans and build a bigger following.

Speaking of celebrities, here’s a list of seven movie stars who refuse to participate in social media.

The Kirtsaeng Opinion: Supreme Court Guidance on Attorneys’ Fees Awards in Copyright Cases

Posted in Copyright, Litigation

Recently, in Kirtsaeng v. John Wiley & Sons, Inc., the U.S. Supreme Court provided substantial guidance in an unsettled area of law by holding that, when deciding whether to award attorneys’ fees under 17 U.S.C. §505, the Copyright Act’s fee-shifting provision, a court should give substantial weight to the objective reasonableness of the losing party’s position while still taking into account all other circumstances relevant to granting fees.


This story begins with an enterprising college student buying foreign textbooks on the cheap to sell in the United States for a profit. Petitioner Supap Kirtsaeng came to the United States from Thailand to study math at Cornell University. Respondent John Wiley & Sons (“Wiley”), an academic publishing company, sells textbooks to students in U.S. and foreign markets. Kirtsaeng noticed an arbitrage opportunity: Wiley’s textbooks sold in Thailand were virtually identical to their
American counterparts, but much cheaper. Kirtsaeng asked family and friends to buy the foreign editions so that he could sell them to his fellow students for a profit.

Wiley discovered what Kirtsaeng was doing and sued him for copyright infringement, claiming that his activities violated Wiley’s exclusive right to distribute its copyrighted textbooks. Kirtsaeng invoked the first-sale doctrine as a defense. Under that doctrine, the lawful owner of a book or other copyrighted work is able to resell or otherwise dispose of the work as he sees fit. In short, Kirtsaeng argued that if he bought the book lawfully, he could sell it to whomever he wished.

But at the time Kirtsaeng raised the defense, lower courts were conflicted as to whether the first-sale doctrine applied to foreign-made books, and the Supreme Court ultimately divided four to four the first time it addressed the issue in Costco Wholesale Corp. v. Omega, S.A. in 2010. To settle the continuing conflict, the Court granted Kirtsaeng’s petition for certiorari on the issue and established that the first-sale doctrine allows the resale of foreign-made books, just as it does domestic ones. Kirtsaeng thus prevailed in defending against Wiley’s infringement claim.

To the Victor Goes the Spoils?

Returning victorious to the district court, Kirtsaeng invoked 17 U.S.C. §505 to seek more than $2 million in attorneys’ fees from Wiley. The district court denied his motion, and the Second Circuit affirmed. The Supreme Court granted certiorari because lower federal courts had followed a variety of different approaches when determining whether to award attorneys’ fees.

The Copyright Act’s fee-shifting provision states that a district court “may . . . award a reasonable attorney’s fee to the prevailing party.” It authorizes attorney fee-shifting but without specifying what standards or guideposts the courts should adopt in determining when such awards are appropriate. Quoting the Supreme Court’s 1994 opinion Fogerty v. Fantasy, Inc., the Court explained that the statutory language “connotes discretion” and lacks any “precise rule or formula” for awarding fees.

The Court acknowledged the limits that it has placed on a court’s discretion: A district court may not award attorneys’ fees as a matter of course but must instead make a case-by-case determination, and may not treat prevailing plaintiffs and prevailing defendants differently; litigants should be encouraged to litigate to the same extent whether they are plaintiffs or defendants. Additionally, several nonexclusive factors should inform a court’s decision: “frivolousness, motivation, objective unreasonableness[,] and the need in particular circumstances to advance considerations of compensation and deterrence.” But the Court recognized that there was “a need for some additional guidance” for lower courts.

The Supreme Court agreed with Wiley that, in deciding whether to award fees, a district court should give “substantial weight to the objective (un)reasonableness of a losing party’s litigating position.” In so ruling, the Court rejected Kirtsaeng’s argument that district courts should give special consideration to whether a lawsuit resolved an important and close legal issue and thus meaningfully clarified copyright law.

The Court reasoned that the objective-reasonableness approach advances the Copyright Act’s goals because it both encourages parties with strong legal positions to stand on their rights and deters ones from weak legal positions from proceeding with litigation. According to the Court, when a litigant is clearly correct, the likelihood that he or she will recover fees gives him or her an incentive to litigate all the way, even if the damages at stake are small.

The Court also explained that the objective-reasonableness approach is more administrable than the “important and close legal issue” approach supported by Kirtsaeng because it would be difficult for a court to know at the end of a case whether a newly decided issue will have critical, broad legal significance.

The Court made clear, however, that objective reasonableness, while an important factor, is not always controlling. In any given case, even when a party’s position is objectively reasonable, a court may still award attorneys’ fees based on other relevant factors; and it may deny fees even though the losing party made unreasonable arguments. “Although objective reasonableness carries significant weight, courts must view all the circumstances of a case on their own terms, in light of the Copyright Act’s essential goals.”

Wiley Seems Reasonable

Lower courts had concluded that Wiley’s position on the first sale doctrine was objectively reasonable, especially considering that several courts of appeals and four Justices of the Supreme Court had agreed that the first-sale doctrine did not apply to foreign-made works. The Court nevertheless remanded the case so the district court could again review Kirstaeng’s fee application—giving substantial weight to the reasonableness of Wiley’s litigating position but also taking into account all relevant factors.

*      *      *

For other Socially Aware blog posts regarding U.S. Supreme Court decisions addressing important issues of copyright law, please see the following:

Supreme Court Finds Laches Does Not Bar Copyright Infringement Claim: Petrella v. Metro-Goldwyn-Mayer, Inc.

Supreme Court Holds That “First Sale” Doctrine Applies to Copies of a Copyrighted Work Lawfully Made Abroad

Supreme Court Stifles Aereo, but Tries to Keep the Cloud Away