EU’s New Standard Contractual Clauses Go into Effect This Week

A year ago, the Court of Justice of the European Union invalidated the U.S. Privacy Shield framework as an adequate safeguard under the General Data Protection Regulation (GDPR), which had previously been a popular safeguard mechanism to cover the export of personal data from the EU to the U.S. While the same decision also held that another GDPR-sanctioned cross-border transfer safeguard mechanism – Standard Contractual Clauses (SCCs) – remained valid, the Court took the opportunity to note in its decision that the then-current SCCs may not go far enough to safeguard the rights of European data subjects.

SCCs are pre-approved contractual terms between an EU controller or processor to a non-EU processor or sub-processor. By adopting them into a contractual arrangement where an EU party is transferring personal information to another country, the international transfer is said to have adopted “adequate safeguards” under Article 46 and should avoid running afoul of the GDPR’s restriction on such transfers. The SCCs the Court opined on pre-dated the GDPR, and there has been a push to update them since the GDPR went into effect on May 25, 2018. On June 4, 2021, the European Commission announced it had finally approved new versions … Keep reading

Supreme Court Ruling Limits CFAA Application for “Insider” Authorization Misuse

Does the Computer Fraud and Abuse Act (CFAA) and its harsh penalties apply to employees who exceed their authorized access to computer systems for personal reasons? The Supreme Court has now said no.

The Supreme Court issued a 6-3 decision this week limiting the application of the CFAA against company “insiders” who exceed the scope of their authorization to access company data. The CFAA, generally speaking, provides both civil relief and criminal penalties against individuals who “access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter.” Prior to this decision, there was a circuit split where some courts interpreted “unauthorized access” as including access to data that exceeded a limited scope of authorization provided to an individual, and other courts interpreted “unauthorized access” more narrowly to mean that the CFAA only applied to individuals who had no scope of authorized access.

In Van Buren vs. U.S., police sergeant Nathan Van Buren accessed a law enforcement database through his police-issued laptop to provide license plate information to a third-party for non-law enforcement purposes for money. The transaction was part of a … Keep reading

Spilling the Tea on Lawful Use According to the Trademark Office

Does a trademark applicant’s belief that the cannabis goods specified in its trademark application will become federally lawful in the future provide a sufficient basis upon which to predicate its claimed  “intent to use” the mark in lawful U.S. commerce? This was the question recently presented at the Trademark Trial and Appeal Board (TTAB) – the administrative body tasked with hearing appeals of refusal to register marks by the U.S. Patent and Trademark Office (USPTO).

Overview of Federal Trademark Lawful “Use” Requirement

In general, federal trademark rights provide the owner with national, exclusive rights to use a mark in connection with a specific set of goods and services. Unlike most other countries, the USPTO has a “use based” trademark system, meaning it requires trademark owners to demonstrate actual use of their marks in lawful U.S. commerce in order to register and/or maintain their trademark rights.

A federal trademark application must include a description of goods and services described with sufficient particularity to be understandable to the average person. The application can be based either on current use of the trademark in connection with the claimed goods and services in U.S. commerce or based on its future intent … Keep reading

Florida Gone Wild: Back-to-Back “Breaking News” on Privacy Law Leads to No News

Breaking news out of Florida: On April 21, 2021, the Florida House, in a near unanimous vote, passed the Florida Privacy Protection Act (FPPA). Largely modeled after the California Consumer Privacy Act (CCPA), the FPPA would have made Florida the third state to pass a comprehensive privacy and data security law, following Virginia’s passage of its Consumer Data Protection Act (CDPA).

Just as quickly as it passed the Florida House, though, it was killed by the Senate on April 30, 2021, after disagreement between the House and Senate as to whether the bill should give individuals a private right of action to sue companies that violate their privacy rights under the FPPA. The pro-private-right-of-action camp believes a privacy act without a private right of action is an impotent law, while the anti-private-right-of-action camp believes the right unduly burdens businesses with costly compliance obligations.

Washington’s version of the CCPA, the Washington Privacy Act, suffered a similar fate a month ago after a similar fallout over the same private right of action question.

The failure of both Washington and Florida to pass comprehensive privacy laws – along with California’s and Virginia’s passage of comprehensive privacy laws that include a private right … Keep reading

Our Top 5 Copyright Misconceptions DEBUNKED!

Copyright is a form of intellectual property rights providing owners of creative content with the exclusive right to reproduce, prepare derivative works, distribute copies, publicly perform, publicly display, and publicly transmit their work. These rights vest automatically at creation; however, generally, registration is required in order to enforce a copyright in court. Copyright protects “…original works of authorship fixed in any tangible medium of expression…” but the threshold for both creativity and originality has been interpreted as being very low – requiring only a minimal degree of creativity.

Unlike patent and trademark applications, copyright applications are low cost and subject to less vigorous examination, making them arguably one of the most user-friendly forms of intellectual property registrations for creators to seek without an attorney. However, misconceptions about copyright protection are pervasive. Below are our top five myths on copyright protection, debunked for your reading pleasure:

  1. “As long as I include a credit to the author, I do not need to ask for permission.”

Failing to credit an author of a work is considered “plagiarism” and can be a violation of someone’s copyright rights. However, the reverse – crediting the author to mitigate against a copyright infringement claim – is … Keep reading

Fixated on “Affixation”: Navigating the US’s Tricky “Use” Requirement

Unlike most of the world, the United States Patent and Trademark Office (USPTO) requires trademark owners to demonstrate actual evidence of use of their marks in order to register and/or maintain their trademark rights. For domestic trademark owners, this “use” requirement is raised at the application stage as U.S. trademark owners are required to file evidence of use before the office will issue a registration. Non-U.S. filers who seek registration in the U.S. may be able to bypass this initial evidence of use requirement at the initial application stage if the U.S. application is based on an extension of the trademark owner’s foreign trademark rights. However, both domestic and foreign trademark owners are required to file evidence of use at both the maintenance deadline – between the fifth and sixth year after registration – and renewal deadlines – file every 10 years after registration.

What exactly is “evidence of use” in the U.S.? The answer is likely far more specific than you may think. The short answer is the USPTO only recognizes current marketplace evidence showing the applied for or registered mark affixed to the goods and services claimed in the application or registration. But what qualifies as “affixation” … Keep reading

IP & Cybersecurity: Critical Points on Data Misuse

What strategies should businesses employ to circumvent “insider” cyber threats? Attorneys Howard Susser and Brooke Penrose will discuss the best practices to manage and prevent data misuse and the claims to consider when threats arise. Learn about the Computer Fraud and Abuse Act, trade secrets and other intellectual property claims, and breaches of agreements.

Click here to view the full webinar.… Keep reading

Available vs. Allowed: The Pitfalls in Grabbing Domain Names That Incorporate Well-Known Brands

“Available” is not the same as “lawful to own” when registering a domain name. Domain registrars – such as GoDaddy, Bluehost and Domain.com – are just marketplaces for available domain names. A registrar’s willingness to allow someone to purchase a domain name does not necessarily come with any assurances that the purchaser has the right to use that domain name. In fact, reputable registrars – and all of those that are accredited by the Internet Corporation for Assigned Names and Numbers (ICANN) – generally require the purchaser to represent that its purchase of the domain name does not infringe on others’ intellectual property rights.

If a trademark owner believes a domain owner has acquired a domain name that incorporates its trademark – or something confusingly similar to its trademark – without permission, it may be able to grab the domain name from the original purchaser by instituting a “UDRP” proceeding. Under the Uniform Domain Name Dispute Resolution Policy (UDRP), a trademark owner can initiate an arbitration-like proceeding against a domain owner which will determine whether the domain owner can keep its domain or if it will be transferred to the trademark owner. Typical providers of UDRP arbitration services are … Keep reading

Top Tips for Drafting Privacy Notices

If your website collects information about its visitors, whether by name or anonymously, you are almost certainly required to make specific public disclosures about your treatment of this data and offer visitors information on what rights may be available to them. This information is typically reflected in a privacy policy or privacy notice – for simplicity, we will use the term “privacy notice” – posted to your company’s website. The granularity and type of disclosures required, along with the scope of rights you must provide to visitors under applicable law, largely depends on the geographic areas where your visitors reside. It also depends on whether you are collecting “garden variety” information, like names and contact information, or highly regulated data, like children’s, health or financial data.

The United States remains one of the few developed countries without a central, comprehensive federal privacy and data security law. Accordingly, websites that only collect information from U.S. residents have some of the loosest requirements with respect to disclosures and rights. However, most U.S. states have some sort of data security and privacy law requiring websites to post a privacy notice. The Federal Trademark Commission (FTC) has broad authority to regulate activities deemed … Keep reading

Top 5 Legal Considerations When Selecting a New Trademark

Companies often leave decisions on the new company name or the name of a new product for “another day,” believing that finding the right word is just a matter of internal consensus building or exercising a relatively minor amount of creative thought. But choosing a new name can be a time-consuming, emotionally draining, and resource-intensive task that is rarely accomplished in short order.

Part of the complication with choosing names and trademarks derives from internal company issues. Choosing names involves understanding the mission and marketing plans of the company. Often these criteria are ill-defined or not agreed upon before the naming process begins. Another common misstep is that the task of naming is given to a business unit that works independently of or external to other management-level employees. This leads to the clearance and selection of names that another business unit or manager may dislike or refuse to accept.

A fundamental key to success in choosing names and trademarks is putting in place an internal process that involves agreement on who will be involved and how the name should be selected. In particular, if at all possible, company personnel should decide what the new name or mark is intended … Keep reading