Photo of Anthony M. Ramirez

Companies that offer services, whether online or offline, to consumers on a subscription or other automatic renewal basis should be aware that such offers are heavily regulated at both the federal and state levels. A recent amendment to Section 17602 of California’s Business and Professions Code provides a good opportunity for businesses that make subscription offers to review their practices. As of July 1, 2018, the obligations under California law will expand in two ways that may require businesses to update those practices.

The first change relates to the information that businesses must provide to consumers regarding the terms of a subscription offer. The current law already requires a business to provide certain information about the renewal process—such as the amount of the recurring charges, the length of the renewal period, and the cancellation policy—both before the consumer accepts the agreement, and afterwards in an acknowledgement. The amendment provides that, as of July 1, 2018, if the offer includes any free trial or gift component, the information provided to consumers must also include a “clear and conspicuous explanation of the price that will be charged after the trial ends or the manner in which the subscription or purchasing agreement pricing will change upon conclusion of the trial.” Continue Reading Amended California Law Expands Requirements for Consumer Subscriptions

ContentGraphic_SmallWe’re in the midst of a seismic shift in how companies interact with user-generated content (UGC).

For years, companies were happy simply to host UGC on their websites, blogs and social media pages and reap the resulting boost to their traffic numbers. And U.S. law—in the form of Section 512(c) of the Digital Millennium Copyright Act (DMCA)—accommodated this passive use of UGC by creating a safe harbor from copyright damages for websites, blogs and social media platform operators that hosted UGC posted without the authorization of the owners of the copyrights in such UGC, so long as such operators complied with the requirements of the safe harbor.

Increasingly, companies are no longer satisfied with passively hosting UGC. Rather, they now want to find creative ways to commercialize such content—by incorporating it into ads (including print, TV and other offline ads), creating new works based on such content and even selling such content. Yet, in moving beyond mere hosting to proactive exploitation of UGC, companies risk losing the benefit of the DMCA Section 512(c) safe harbor, which could result in potentially significant copyright liability exposure.

For example, if a company finds that users are posting potentially valuable UGC to the company’s Facebook page, or on Twitter in connection with one of the company’s hashtags, that company may want to make such UGC available on its own website. The DMCA Section 512(c) safe harbor, however, is unlikely to protect the company in copying such UGC from the Facebook or Twitter platform to its own website.

The reality is that any company seeking to monetize or otherwise exploit UGC needs to proceed with extreme caution. This is true for several reasons:

  • UGC can implicate a wide range of rights . . . As with any content, UGC is almost certainly subject to copyright protection, although certain Tweets and other short, text-only posts could potentially be exempt from copyright protection if they qualify as “short phrases” under the Copyright Act. If any individuals are identifiable in UGC, then rights of publicity and rights of privacy may also be relevant. In addition, UGC may contain visible third-party trademarks or comments that defame or invade the privacy of third parties.
  • . . . and a wide range of rightsholders. Notably, many of the rights necessary to exploit UGC are likely to be held by individuals and corporations other than the posting user. For example, unless a photo is a “selfie,” the photographer and the subject of the photo will be different individuals, with each holding different rights—copyright, for the photographer, and the rights of publicity and privacy, for the subject—that could be relevant to the exploitation of the photo. Moreover, any trademarks, logos and other images contained in a photo could potentially implicate third-party rightsholders, including third-party corporations. Videos also raise the possibility of unauthorized clips or embedded music.
  • If the UGC is hosted by a third-party social network, it may have Terms of Service that help—or hurt—efforts to exploit the UGC. Most social media networks collect broad rights to UGC from their users, although they differ substantially when it comes to passing those rights along to third parties interested in exploiting the content. For example, if a company uses Twitter’s Application Programming Interface (API) to identify and access Tweets that it would like to republish, then Twitter grants to that company a license to “copy a reasonable amount of and display” the Tweets on the company’s own services, subject to certain limitations. (For example, Twitter currently prohibits any display of Tweets that could imply an endorsement of a product or service, absent separate permission from the user.) Instagram also has an API that provides access to UGC, but, in contrast to Twitter, Instagram’s API terms do not appear to grant any license to the UGC and affirmatively require companies to “comply with any requirements or restrictions” imposed by Instagram users on their UGC.

With these risks in mind, we note several emerging best practices for a company to consider if it has decided to exploit UGC in ways that may fall outside the scope of DMCA Section 512(c) and other online safe harbors. Although legal risk can never be eliminated in dealing with UGC, these strategies may help to reduce such risk:

  • Carefully review the Social Media Platform Terms. If the item of UGC at issue has been posted to a social media platform, determine whether the Terms of Service for such platform grants any rights to use such posted UGC off of the platform or imposes any restrictions on such content. Note, however, that any license to UGC granted by a social media platform almost certainly will not include any representations, warranties or indemnities, and so it may not offer any protection against third-party claims arising from the UGC at issue.
  • Seek Permission. If the social media platform’s governing terms don’t provide you with all of the rights needed to exploit the UGC item at issue (or even if they do), seek permission directly from the user who posted the item. Sophisticated brands will often approach a user via the commenting or private messaging features of the applicable social media platform, and will present him or her with a link to a short, user-friendly license agreement. Often, the user will be delighted by the brand’s interest in using his or her content. Of course, be aware that the party posting the content may not be the party that can authorize use of that content, as Agence France Presse learned the hard way in using photos taken from Twitter.
  • Make Available Terms and Conditions for “Promotional” Hashtags. If a company promotes a particular hashtag to its customers, and would like to use content that is posted in conjunction with the hashtag, the company could consider making available a short set of terms alongside its promotion of that hashtag. For example, in any communications promoting the existence of the hashtag and associated marketing campaign, the company could inform customers that their use of the hashtag will constitute permission for the company to use any content posted together with the hashtag. Such an approach could face significant enforceability issues—after all, it is essentially a form of “browsewrap” agreement—but it could provide the company with a potential defense in the event of a subsequent dispute.
  • Adopt a Curation Process. Adopt an internal curation process to identify items of UGC that are especially high risk, which could include videos, photos of celebrities, photos of children, professional-quality content, any content containing copyright notices, watermarks and so forth, and any content containing potentially defamatory, fraudulent or otherwise illegal content. Ensure that the curators are trained and equipped with checklists and other materials approved by the company’s legal department or outside counsel. Ideally, any high-risk content should be subject to the company’s most stringent approach to obtaining permission and clearing rights—or perhaps avoided altogether.
  • Adjust the Approach for High-Risk Uses. Consider the way in which the UGC at issue is expected to be used, and whether the company’s risk tolerance should be adjusted accordingly. For example, if an item of UGC will be used in a high-profile advertisement, the company may want to undertake independent diligence on any questionable aspects of the UGC, even after obtaining the posting user’s permission—or perhaps avoid any questionable UGC altogether.

In a social media age that values authenticity, more and more companies—even big, risk-adverse Fortune 100 companies—are interested in finding ways to leverage UGC relevant to their business, products or services. Yet the shift from merely hosting UGC to actively exploiting it raises very real legal hurdles for companies. The tips above are not a substitute for working closely with experienced social media counsel, but they collectively provide a framework for addressing legal risks in connection with a company’s efforts to commercialize UGC.

*          *        *

For more on the issues related to user-generated content, see New Court Decision Highlights Potential Headache for Companies Hosting User-Generated Content; Court Holds That DMCA Safe Harbor Does Not Extend to Infringement Prior to Designation of Agent; and Thinking About Using Pictures Pulled From Twitter? Think Again, New York Court Warns.

Welcome to New Jersey state concept on road sign

If your company is involved in selling products or services to consumers in New Jersey over the web or through mobile apps, you’ll want to read this blog post.

In what amounts to a feeding frenzy, plaintiffs’ lawyers are working overtime bringing class action suits against e-commerce companies, alleging that their online terms and conditions violate New Jersey’s unusual Truth-in-Consumer Contract, Warranty and Notice Act (“TCCWNA”). Some of the online retailers to have been sued include Victoria’s Secret, Bed Bath & Beyond and TOYS ‘R’ US, with more suits being filed every day.

Unlike most consumer protection laws, the TCCWNA focuses specifically on the contractual terms governing certain transactions with consumers, imposing limitations on such terms even if such contractual terms are governed by the law of a state other than New Jersey—creating a potential gotcha for e-tailers who are based outside of New Jersey and who traditionally have their online terms and conditions reviewed only by lawyers admitted to practice in the state whose laws govern such terms and conditions.

Although the TCCWNA was enacted in 1981, it has only recently achieved notoriety, as more and more plaintiffs’ lawyers have embraced the statute due to its broad scope and its statutory penalty of not less than $100 per violation without the need to prove actual harm.

Overview of the TCCWNA

 New Jersey adopted the TCCWNA over 30 years ago not to create new rights for consumers, but rather to “bolster[] rights and responsibilities established by other laws,” particularly those established by New Jersey’s Consumer Fraud Act (“CFA”). Observers have noted that the number of TCCWNA cases has been increasing in the last few years, particularly since 2013 when the Supreme Court of New Jersey in Shelton v. Restaurant.com, Inc. found that online certificates or coupons were subject to TCCWNA rules and opened the door to TCCWNA class actions stemming from e-commerce.

The TCCWNA applies where a company is a “seller, lessor, creditor, lender or bailee,” offering its services to a “consumer” or “prospective consumer” in New Jersey. A “consumer,” under the TCCWNA, is defined as “any individual who buys, leases, borrows, or bails any money, property or service which is primarily for personal, family or household purposes.” Indeed, courts have emphasized that the TCCWNA is inapplicable unless the plaintiffs are consumers.

The text of the TCCWNA prohibits three types of provisions in consumer contracts, warranties, notices and signs.

First, it prohibits provisions violating “clearly established” legal rights of a consumer or responsibilities of a seller, lessor, creditor, lender or bailee. These rights and responsibilities may arise from federal or state law. For example, one court found that provisions restricting limitations periods for initiating lawsuits, asserting counterclaims or raising affirmative defenses violate consumers’ rights under federal and New Jersey procedural rules.

Second, the TCCWNA prohibits provisions waiving a consumer’s rights under the TCCWNA. In Johnson v. Wynn’s Extended Care, Inc., for example, the U.S Court of Appeals for the Third Circuit held that a provision in a service contract that prevented the recovery of attorneys’ fees and costs constituted a waiver of a consumer’s rights under the TCCWNA, and was therefore prohibited.

Note, however, that at least two cases have found that a claim under the TCCWNA cannot be based merely upon an omission. As one court noted, the statute’s use of the term “includes” suggests that only a statement affirmatively “included” in the consumer contract, warranty, notice or sign should give rise to liability; in addition, the legislative history does not include any examples of an omission triggering liability.

Third, the TCCWNA prohibits blanket “inapplicable in some jurisdictions” savings clauses (e.g., phrased “void where prohibited”)—though, notably, it does not prohibit such savings clauses in any warranty. In order for a savings clause to be acceptable under the TCCWNA, the statute requires the clause to specify which provisions, if any, are unenforceable in New Jersey.

In one recent case, Martinez-Santiago v. Public Storage, the following language was found to be in violation of the TCCWNA’s prohibition against overly broad savings clauses: “If any provision of this [agreement] shall be invalid or prohibited under [the law of the state where the applicable premises are located], such provision shall be ineffective only to the extent of such prohibition or invalidity, without invalidating the remainder of such provision or the remaining provisions.”

Certain courts, however, have refused to find such a violation of the TCCWNA when the consumer contract, notice or sign is only available within New Jersey, or when the clause uses the alternative “to the extent permitted by law” phrasing, as discussed below.

TCCWNA’s Potential Danger to Online Companies

The TCCWNA is potentially dangerous for companies operating online for at least three reasons.

First, plaintiffs’ lawyers are pushing for an extremely broad application of the statute. They argue that the TCCWNA applies to almost every company providing consumer products online that are available to New Jersey residents, and to any “written consumer contract” and “written consumer warranty, notice or sign” made available to these residents—presumably encompassing nearly all material displayed or offered by a company online.

Second, as noted above, the TCCWNA may expose companies located outside of New Jersey (but whose online websites can be accessed within the state) to claims stemming from any applicable “clearly established” federal or New Jersey state right or responsibility, effectively requiring companies based outside of New Jersey to develop expertise on all potentially applicable New Jersey laws (even if their website terms of use purport to be governed by another state’s laws and have been carefully drafted and reviewed by lawyers admitted to practice in such state).

Think about it: If every state had a law similar to the TCCWNA, every e-tailer would need to have its online Terms of Use reviewed by as many as 50 different lawyers. The result would essentially be a full employment act for attorneys across the country.

Third, the TCCWNA is potentially dangerous for companies because it provides an “aggrieved consumer” with the option to seek recovery of a civil penalty of not less than $100. This means the penalties in class actions—especially the penalties in class actions over online terms and conditions—could add up quickly. The text of the statute also allows for actual damages, reasonable attorneys’ fees and court costs in addition to the civil penalty, and further states that such remedies are cumulative and do not preclude recovery available under other laws.

Some Guidance for Online Companies From Emerging TCCWNA Case Law

Because claims arguing that online terms and conditions violate the TCCWNA have been filed only recently, there is only sparse guidance from the courts on how online companies selling into New Jersey can protect against these lawsuits.

Moreover, any such company, if it has not already done so, should promptly contact New Jersey counsel for advice on how to ensure its online terms and conditions are compliant with the TCCWNA.

With those important caveats in mind, recent court decisions applying the TCCWNA do highlight some potential precautionary measures for website operators.

For example, as a first line of defense, it may be prudent for companies to include, and seek to bolster the enforceability of, an arbitration provision and a related class action waiver clause in their online terms and conditions. As an example, in one TCCWNA case, the Supreme Court of New Jersey indicated that an arbitration provision would have been enforceable if it had clearly and unambiguously notified the consumer that she was waiving her statutory right to seek relief in the court of law. While there is no prescribed wording for a valid arbitration provision, one New Jersey court found the following arbitration notice to be acceptable:

The parties to this agreement agree to arbitrate any claim, dispute, or controversy, including all statutory claims and any state or federal claims, that may arise out of or relating to the [subject matter of the agreement]. By agreeing to arbitration, the parties understand and agree that they are waiving their rights to maintain other available resolution processes, such as a court action or administrative proceeding, to settle their disputes.

As a second line of defense, it may be prudent for companies, working with New Jersey counsel, to review and potentially revise their online contracts, warranties and notices in light of TCCWNA cases to date. One approach suggested by existing TCCWNA case law is that businesses can avoid violating the TCCWNA’s prohibition on blanket “inapplicable in some jurisdictions” savings clauses by using different language in their savings clauses to achieve the same result. As noted above, the text of the TCCWNA prohibits savings clauses that state that certain terms “may be void, unenforceable or inapplicable in some jurisdictions” if such clauses do not identify which terms are or are not void, unenforceable or inapplicable in New Jersey. In Kendall v. CubeSmart L.P., however, the United States District Court for the District of New Jersey found that companies could use savings clauses that “attempt…to conform to New Jersey law.” Citing several cases, it held that the phrases “to the extent permitted by law,” “in the manner permitted by applicable law,” “allowed by applicable law” and “or as otherwise permitted by applicable law” were acceptable in savings clauses under the TCCWNA.

Continue Reading Controversial New Jersey Consumer Protection Law Creates a Potential “Gotcha” for E-Commerce Companies

0114_SA_ImageIn this election season, we hear a lot of complaints about laws stifling business innovation. And there is no doubt that some laws have this effect.

But what about laws that spur innovation, that result in the creation of revolutionary new business models?

Section 512(c) of the Digital Millennium Copyright Act (the DMCA) is one such law. Passed by Congress and signed by President Bill Clinton in 1998, Section 512(c) has played an enormous role in the success of YouTube, Facebook and other social media platforms that host user-generated content, by shielding such platforms from monetary damages from copyright infringement claims in connection with such content.

Absent this safe harbor, it is difficult to imagine a company like YouTube thriving as a business. For example, in 2014 alone, YouTube removed over 180 million videos from its platform due to “policy violations,” the vast majority of which likely stemmed from alleged copyright infringement; yet, absent the Section 512(c) safe harbor, YouTube could have been exposed to staggering monetary damages in connection with those videos.

The DMCA’s protection from liability is expansive, but it is not automatic. To qualify, online service providers must affirmatively comply with a number of requirements imposed by the law. While most of those requirements may seem straightforward, a recent case in the Southern District of New York illustrates how even seemingly routine paperwork can pose problems for websites that host user-generated content.

For companies seeking protection under the DMCA, the typical starting point is designating an agent to receive “takedown” notices from copyright owners. If a company is sued for copyright infringement relating to its website, that company will want to show that it has designated a DMCA agent. But what if the designation paperwork was handled by another entity within the defendant’s organizational structure, such as a corporate parent? That was the situation faced by one of the defendants in BWP Media USA Inc., et al. v. Hollywood Fan Sites LLC, et al. (S.D.N.Y. 2015)—and the court held that the defendant was out of luck.

Although the defendant’s corporate parent had filed a registration form with the U.S. Copyright Office under the parent’s name, nothing on the form mentioned the defendant or made any general reference to affiliates. Under those circumstances, the court concluded that the defendant was ineligible for the safe harbor because it had “no presence at all” in the Copyright Office’s directory of DMCA agents. The court reasoned that those searching the Copyright Office directory should not be “expected to have independent knowledge of the corporate structure of a particular service provider.”

Despite lacking a Copyright Office registration, the defendant argued that it did actually post the agent’s information on its own website, and that one of the plaintiffs had successfully used such information to send a takedown notice resulting in removal of the allegedly infringing material. The court found those assertions “irrelevant,” because they did nothing to address the Copyright Office registration requirement. As the court noted, the DMCA requires each service provider to post the agent’s name and contact information on the provider’s website, and submit such information to the Copyright Office.

Would the defendant’s DMCA eligibility have turned out differently if the parent had included the affiliate’s name on the form, or at least made a general reference to the existence of affiliates? The court’s opinion leaves those questions unaddressed, but the preamble to the Copyright Office regulations—cited in passing by the court—appears to reject such an approach. According to the preamble, each designation “may be filed only on behalf of a single service provider[, and] related companies (e.g., parents and subsidiaries) are considered separate service providers who would file separate [designations].”

Following the Hollywood Fan Sites decision, we expect that many companies that host user-generated content will be checking to make sure that all of their legal names are indeed listed in the Copyright Office directory—and, in light of the Copyright Office’s position on this subject, many such companies may also decide to file separate designations for each legal entity within a corporate family. While this process may be cumbersome, it seems a small price to pay for the generous safe harbor benefits offered by the DMCA, especially for companies with business models that depend on user-generated content.

 

MobilePhone_56311774_thumbnailFor corporations, the mobile app is today’s website.

Back in the late 1990s, no self-respecting company, no matter how stodgy and old-fashioned, wanted to be without a website.

Today, the same is true with mobile apps. It doesn’t matter what industry a company is in—it needs to have an app that customers and potential customers can download to their smartphones. Even big, tradition-bound law firms are developing and distributing mobile apps, for crying out loud.

Here at Socially Aware, we have been known to spend our free time downloading and examining mobile apps owned by companies that are new to the software distribution business (after all, a mobile app is just that — distributed software). In doing so, we’ve noticed a number of common missteps by app distributors in connection with the legal terms—or End User License Agreements (EULAs)—governing such apps. Accordingly, here is our list of key issues to address in adopting a EULA for a mobile app.

1.  Adopt Your Own EULA. A EULA is an important part of any company’s strategy to mitigate risks and protect its intellectual property in connection with its mobile apps. Hardly any company would release desktop software without a EULA, and mobile apps—which, as noted above, are software products—warrant the same protection. While a number of other app providers such as Google provide a “default” EULA to govern mobile apps downloaded from their respective app stores, they also permit developers to adopt their own custom EULAs instead—subject to a few caveats, as mentioned in our fifth item below. Because the default EULAs can be quite limited, and can’t possibly address the unique issues that any particular app is likely to raise, a company should ideally adopt its own EULA to best protect its interests in its apps.

2.  Is Your EULA Binding? The best EULA is a binding EULA. U.S. courts have consistently made clear that a “clickwrap”-style agreement has the best chance of being enforceable; although whether an agreement is enforceable in any particular case may depend on how the agreement is actually presented to users, and how users indicate their assent. Having adopted customized EULAs, companies have several opportunities to present their EULAs to users. In most app stores, for example, a dedicated link called “License Agreement” lets companies link to their EULAs. In addition, companies should ideally include language in their apps’ “Description” field making clear to users that, by downloading and using the app, they are accepting the EULA. But it’s still possible in most app stores for users to purchase and download an app without seeing the EULA; accordingly, for apps that may present significant risk issues—such as banking or e-commerce apps—the most conservative approach is to require an affirmative “click-accept” of the EULA when the app is first opened by a user on his or her device.

3.  Which Parties Will Your EULA Bind? If an app is targeted toward businesses, or toward individuals who will use the app in their business capacities, then the EULA should ideally bind both the individual who uses the app and the individual’s employer. Similarly, if minors will be permitted to use the app, then the EULA should require that a parent or guardian consent on the minor’s behalf. (Of course, if minors under 13 will be allowed to use the app, or if the app will be directed toward such minors, you will need to address Children’s Online Privacy Protection Act issues in connection with the app.)

4.  Where Will Your EULA Reside? As a technical matter, a EULA can reside in one of two places: it can be “hard-coded” into the app itself, so that the EULA is downloaded together with the app, or it can reside on a separate web server maintained by the developer. The former approach ensures that the EULA is always accessible to the user, even if the user’s device is offline. Some users may decide not to download the latest updates, however, and, as a result, those users may not be bound by the updated terms. In contrast, under the latter approach, companies can update their EULAs at any time by simply updating the document on their own web servers, although the EULAs won’t available to the user offline. Companies should think about which approach works best for their specific apps and their associated risk issues.

5.  Does Your EULA Incorporate Terms Required by Third Parties? Some app stores, such as the Apple App Store, understandably require that, if a company adopts a custom EULA for its app, such customized EULA must include terms protecting the applicable app store owner. (Other app stores may place such protective terms in their own user-facing agreements, and require developers to acknowledge that such protective terms will govern.) Other third-party terms may also apply, depending on any third-party functionalities or open-source code incorporated into the app. For example, if a company integrates Google Maps into its app, Google requires the integrating company to pass certain terms on to its end users. The licensors of any open-source code used by an app may also require the company to include certain disclaimers, attributions, usage restrictions or other terms in the EULA.

6. Is your EULA clearly written and reasonable? Traditionally, EULAs have been overlong, filled with impenetrable legal jargon and, frankly, hard to read, sometimes even for lawyers. An emerging best practice, especially for B2C apps, is to draft app EULAs that are understandable to consumers, and to minimize unnecessary legalisms such as “null and void,” “including without limitation” and the reflexive prefacing of sentences with “we hereby reserve the right” or “you hereby acknowledge and agree.” Moreover, because space on a mobile device screen can be limited, thought should be given to eliminating repetition in app EULAs wherever possible. Of course, even if a EULA is written in plain English, extremely one-sided provisions—such as a disclaimer of direct damages (rather than a cap on such damages)—may raise concerns with a court in any subsequent litigation involving the EULA. At the same time, the EULA is ultimately a legal document, and an app developer will want to make sure that any slimmed-down or simplified EULA still provides adequate protection for the developer.

IBM has been receiving rave reviews in the media for simplifying its Cloud Services Agreement to a mere two pages in length. And yes, the Agreement also boasts healthy margins and a normal font. But does the Agreement’s reasonable length equate to reasonable terms?

After all, from a customer’s perspective, shorter doesn’t necessarily mean better.

Certainly IBM’s new Agreement was designed to reduce negotiation. According to the International Association for Contract & Commercial Management, which declared IBM a finalist for an award because of the Agreement’s simplified approach, IBM has competitively benchmarked the terms of the new Agreement and IBM apparently feels that the terms will meet the business requirements of most enterprise clients.

Indeed, of the customers presented with IBM’s new Agreement, 80 percent have reportedly signed it without negotiation. The remaining 20 percent, however, still chose to treat the new Agreement – simplified or not – as merely IBM’s opening draft.

Upon review of the new agreement, it becomes clear why these why these “20 percenters” chose to negotiate.

For example, the first section of the Agreement is entitled Service Performance and Commitments, but the 208 words of the section contain little in the way of actual commitments; the Cloud Services are merely “designed” to be available 24/7, and while IBM agrees to provide notice of scheduled maintenance, there are no limits on the timing or duration of such maintenance.

Customers must also review the Service Description — in a separate document — to determine what, if any, license rights, data security obligations, service levels and renewal options will apply to the Agreement.

At times, the Agreement does provide terms that a customer will want to see — such as an indemnity against third-party patent and copyright claims — but the value of these terms is often limited. (Even in the shortest contract, the devil is still in the details.)

Customers must also be careful not to skip over short statements with potentially broad implications. For example, while IBM does not ask the customer to expressly indemnify IBM, the Agreement does contain a very short — and very vague — statement making the customer “responsible for” any “violation of law or any third party rights caused by” by the customer’s content uploaded to the service or other use of the service. Could this statement require that a customer indemnify IBM for claims arising from any such violation? If so, the customer’s liability for such third-party claims could be unlimited, because the Agreement’s limitation-of-liability provision protects only IBM, not the customer.

Service providers are often urged to keep an agreement as “short and simple” as possible, and this is unquestionably an important goal that will help to reduce costs for both parties. At the same time, anyone reviewing such an agreement should bear in mind that it may have been “shortened and simplified” by the omission of key legal protections.

Ultimately, an informed customer wants an agreement that is short, simple and sweet.

Do you still “like” me? Companies with Facebook Pages will find themselves asking that question of their followers over the next few weeks, as Facebook brings an end to the popular practice of offering discounts, exclusive content and other incentives in exchange for liking a Page.

Facebook had previously facilitated this exchange by allowing Page operators to reveal certain content only to users who had liked the Page. This practice was known as “like gating.” The exclusive content might have included coupon codes, contest entry forms, voting buttons for polls and other content that would create an incentive for the user to like the Page. Even altruistic incentives have been offered, such as promises by brands to donate a dollar to charity for each like that their Page receives.

Like gating became a popular—and successful—way for companies to build followers for their Facebook Pages. We won’t know exactly how many of the 4.5 billion likes per day received on Facebook were due to like gating, but the number was certainly significant.

The like gate disappeared earlier this month almost as quickly as it had become widespread. Following a 90-day grace period, a new Facebook rule took effect on November 5, 2014, identifying three—and only three—specific actions on Facebook that users could be incentivized to perform. Companies quickly realized that liking a Page was conspicuously absent from that list of actions. (It remains permissible to provide incentives for users to log into a Facebook app, to enter a promotion on a Facebook app’s Page, and to check into a place.)

In a blog post announcing this change, Facebook made clear that companies “must not incentivize people to use social plugins or to like a Page.” Facebook also provided its behind-the-scenes reasoning on the change. Facebook believes that eliminating the practice of like gating will help “ensure quality connections and help businesses reach the people who matter to them” rather than building relationships on Facebook that are based on “artificial incentives.”

Companies will undoubtedly find ways to continue building their presences on Facebook without using the like gate. Indeed, many marketers had already been advising that like gating was quickly becoming an outdated practice, and that the followers generated by like gating were less valuable than followers generated organically.

The next time you log into Facebook, you may find your favorite brand asking you to engage with the brand in a more substantial way, such as by submitting user-generated content, instead of simply liking its Page. Known as “action gating,” this alternative practice is already being touted by marketers as a way to build a more valuable online fan base through more active types of engagement.

The like gate is dead. Long live the action gate.

Section 512 of the Digital Millennium Copyright Act (“DMCA”) offers various “safe harbors” to online service providers (“OSPs”) for claims of copyright infringement against them arising from certain acts of their subscribers and account holders.  Section 512 provides that in order for an OSP to qualify for the DMCA’s protections, it must satisfy certain requirements.  One threshold requirement is that an OSP must have a policy that, under appropriate circumstances, provides for the termination of subscribers and account holders who are “repeat infringers.”

Until recently, case law construing the repeat infringer policy requirement Section 512’s has interpreted the statute to give OSPs wide latitude in adopting and implementing such policies.  However, in a recent opinion, Flava Works, Inc. v. Gunter, a federal district court in Illinois held that an OSP’s repeat infringer policy was likely insufficient to afford such the protection of the DMCA’s safe harbors because its policy did not consider repeated copyright infringement to be a sufficient basis for termination.

Section 512’s statutory requirement for a repeat infringer policy has four parts:  (1) the OSP must adopt a termination policy; (2) the adopted policy must provide for termination in appropriate circumstances of subscribers and account holders of the OSP’s system or network who are “repeat infringers”; (3) the OSP must inform its subscribers and account holders about the termination policy; and (4) the OSP must “reasonably implement” the policy.

In Flava Works, the court issued a preliminary injunction against the defendants, Marques Rondale Gunter (“Gunter”) and his website, myVidster.com.  myVidster.com allows users to “bookmark” or “post” video files, thereby embedding the video files from other websites on to myVidster.com.  While some of the videos offered on myVidster.com are hosted on its servers, the vast majority are hosted on the servers of third-party websites.  Importantly, regardless of where a video is hosted, when it is embedded on myVidster.com, it is not simply linked-to from the site; rather, when users play an embedded video, they remain on myVidster.com while viewing it.

Flava Works, Inc. (“Flava Works”), a producer and distributor of adult entertainment products and the plaintiff in the case, repeatedly asked defendant Gunter to remove its copyrighted content from myVidster.com.  The evidence indicated that Gunter would only sometimes comply with these requests to remove Flava Works’ content and, further, did not terminate any users’ accounts for repeated postings of Flava Works’ content.

In issuing a preliminary injunction against the defendants, the court held that Gunter and myVidster.com were unlikely to succeed in their argument that they were protected by one of the four safe harbor provisions of Section 512.  In rejecting their argument, the court did not examine every requirement that a defendant must satisfy in order to receive the protection of Section 512’s safe harbors.  Rather, the court focused on Section 512’s repeat infringer policy requirement.  Gunter, in explaining the repeat infringer policy of myVidster.com, stated that he believed the term “infringer” only included those users who posted videos from password protected or private websites.  He stated, in other words, that an infringer under his policy is not one who posts copyrighted works without authorization, but rather, one who posts videos that are not otherwise available on public websites.

In finding that Gunter and myVidster.com’s repeat infringer policy was insufficient to satisfy the requirements of Section 512, the court noted that “[Gunter’s] understanding of the term ‘infringer’ does not encompass the law of copyright.”  Indeed, because myVidster.com’s repeat infringer policy did not actually provide for the termination of repeat copyright infringers, the court held that Gunter and myVidster.com were not eligible for the safe harbor provisions of Section 512.

While Flava Works does not offer much guidance as to what an adequate repeat infringer policy might look like, it does offer insight into at least a necessary requirement for such a policy.  In particular, the case makes clear that a repeat infringer policy must provide for termination of users for repeatedly violating copyright law; a personal determination of what an individual believes to be proper or improper usage is insufficient to satisfy the requirements of Section 512.  If nothing else, Flava Works serves as a reminder to companies operating blogs and websites to confirm that they have adopted and implemented a policy for terminating users engaged in repeated copyright infringement.

Even though Flava Works does not explore other qualities that a repeat infringer policy should possess to satisfy DMCA requirements, previous cases have offered guidance on this issue.  In Perfect 10, Inc. v. Cybernet Ventures, Inc., the court stated that, at minimum, an OSP should terminate users when “given sufficient evidence to create actual knowledge of blatant, repeat infringement from particular users.”

Moreover, the court in Perfect 10, Inc. v. CCBill, LLC stated that a policy would be considered reasonably implemented “if it has a working notification system, a procedure for dealing with DMCA-compliant notifications, and if it does not actively prevent copyright owners from collecting information needed to issue such notifications.”  The court went on to note that implementation is reasonable “if, under ‘appropriate circumstances,’ the service provider terminates users who repeatedly or blatantly infringe copyright.”

In an attempt to standardize the repeat infringer policies across Internet service providers (“ISPs”), various large ISPs as well as representatives from the film, music and television industries recently teamed up to create a model repeat infringer policy.  The policy, which will be administered by the newly created Center for Copyright Information (a partnership of the groups that produced the model policy), creates a “six strikes and you’re out” rule for copyright violations, with each strike having escalating consequences for the user.  While this standardized policy is by no means binding on ISPs, it has received support from the White House.

Consumers often turn to the Internet for reviews before purchasing products or services, and companies are increasingly interested in ensuring that such reviews reflect positively and accurately on their businesses.  When patients post negative or allegedly inaccurate reviews about their doctors on the Internet, however, doctors are often prevented from responding due to ethical obligations such as patient confidentiality.  Moreover, even if such reviews were to constitute defamation, under U.S. law, Section 230 of the Communications Decency Act (“CDA”) would prevent doctors from holding the website operators liable for hosting defamatory statements posted by others, such as reviews posted by site visitors.  Doctors would thus be left with the undesirable option of pursuing action against the patients directly, which often involves additional legal proceedings to determine the authors of anonymous reviews.  As a way to obtain greater control under such circumstances, an organization known as Medical Justice has created controversy by recommending that doctors require patients to sign contracts limiting their rights to publish reviews.

Over time, these contracts have reflected different approaches.  In an earlier version, the patient agreed to “refrain from directly or indirectly publishing or airing commentary regarding Physician and his practice, expertise and/or treatment.” The doctor would presumably be able to seek an injunction against the patient for breaches of the contract, such as the publication of reviews.  The patient’s agreement to such restrictions was described as consideration for the doctor’s treatment and for the doctor’s agreement not to exploit “legal privacy loopholes” that the contract claimed would otherwise be permissible under federal privacy law.

While this initial approach would have imposed liability on the patient for publishing reviews, it would still have allowed websites to continue hosting such reviews under the protection of Section 230 of the CDA.  More recent contracts—possibly revised in response to this problem—do not directly restrain patients from posting reviews, but instead require the patient to prospectively assign to the doctor the copyright in any such reviews.  “[I]f Patient prepares such commentary for publication on web pages, blogs, and/or mass correspondence about Physician, the Patient exclusively assigns all Intellectual Property rights, including copyrights . . . ” to the physician.  If valid, such an assignment would allow doctors to send “take-down” notices under the Digital Millennium Copyright Act (“DMCA”) to websites hosting the patient reviews, thus requiring such websites to remove such reviews or face liability for copyright infringement.  Section 230 of the CDA would not protect websites that receive such DMCA take-down notices, because Section 230 expressly does not provide any defense to infringement of copyright or other intellectual property rights.

As a novel use of copyright law, the Medical Justice approach may raise more problems for doctors than it solves.  The website DoctoredReviews has identified several issues facing doctors who wish to enforce such contracts against patients or to serve take-down notices to websites hosting patient reviews.  For example, such contracts may be unconscionable under state law and thus unenforceable, given the nature of the terms and the superior bargaining power of the doctor.  Doctors may even face liability for attempting to exercise their rights under the DMCA.  For example, if a doctor knows that he has not actually received a copyright assignment from the author of the review, then the doctor is potentially liable under the DMCA for submitting a take-down notice based on misrepresented information.  Because many reviews are published anonymously, some doctors require all patients to sign the contracts, in hopes of establishing that any patient publishing a review must necessarily have assigned the copyright to the doctor.  Even if a doctor does hold copyright assignments from all of her patients, the doctor may still know or suspect that a review had been fictitiously authored by a non-patient, who would not have signed any agreement.  The publication of patient reviews may also constitute noninfringing fair use, and at least one court has found that copyright owners must consider whether fair use applies before sending DMCA take-down notices.

In addition to potential liability under the DMCA, doctors may face problems arising from the legal consideration that they offer to patients in exchange for the copyright assignments.  In certain instances, the U.S. Department of Health & Human Services has prohibited doctors from representing that a patient’s agreement is in consideration for “providing greater privacy protection than required by law” when the law does, in fact, require such greater privacy protection.  Beyond the legal issues, the use of such contracts may also violate a doctor’s ethical obligation to put the patient’s interests before the doctor’s own financial interests.

Other industries have also explored the use of prospective copyright assignments, although with different— and less ambitious—approaches than Medical Justice recommends.  The Burning Man festival, for example obtains a joint ownership interest, together with attendees, in the copyright to any photographs taken at the event.  Attendees also agree to make only “personal use” of such photographs.  The agreement clarifies that, with respect to social networks, a use is only deemed “personal” if the attendee does not upload the images “with the intent to publicly display them beyond one’s immediate network, and if one’s immediate network is not inordinately large.”  The festival’s representatives have stated that these terms are intended to protect the event from commercialization, and to protect the privacy of the attendees.  In another example, the pop singer Lady Gaga reportedly requires a copyright assignment of photographs taken at concerts as a condition to obtaining press credentials.  The photographers receive a limited license to use the photographs in connection with a specific website for a four-month period.

As user-generated review websites such as Yelp continue to grow in popularity, one can anticipate increasingly clever uses of intellectual property law by businesses intent on exercising greater control over their online personae.  Yet, as the Medical Justice situation shows, too clever by half may not be clever enough.  In the end, while social media may provide a company with the world’s largest, most cost-effective platform for promoting its goods and services, that same platform is also available to the company’s detractors.