Lex Indicium

information · ip · privacy

Neil Young’s Suit Illustrates Music Licensing Issues


On August 4, iconic guitarist Neil Young sued the Trump Campaign, claiming that Trump’s unauthorized use of his songs Rockin’ in the Free World and Devil’s Sidewalk at various rallies, including at the Tulsa rally on July 20, violated Young’s copyrights in those songs.  In filing his complaint, Young joins an elite crowd of artists who have complained about the purported unauthorized use of songs when the artist and the writer were not otherwise aligned politically.  Reagan, GW Bush, and McCain (among others) have all had to defend claims brought by, respectively, Bruce Springsteen, John Mellencamp, and Heart suggesting that use of their songs were unauthorized violations of their copyrights (and other rights) in those songs.

Fundamentally, Young claims that he owns the copyrights in the songs used by the campaign and the campaign used them without authorization.  Accordingly, he argues that he should be awarded an injunction against continued use, and damages for the prior violations.

These claims have a simple elegance and on their face.  But anyone who has dealt with music performance rights and licensing knows that there is almost nothing simple about those concepts.  Indeed, the world of music licensing is among the … Keep reading

Privacy Shield Struck Down by EU Court as Acceptable Mechanism to Transfer EU Personal Data to U.S.


One of the more operationally challenging components of the General Data Protection Regulation (GDPR), was the restriction on transferring European personal data to recipients outside of the European Economic Area (EEA).  Essentially, unless an exception or some additional GDPR-approved mechanism applies, European personal data cannot be transferred to non-EEA countries unless the data is being transferred:

  • within a related multinational group of companies who have adopted an internal code of conduct (called “binding corporate rules”) that applies to restricted transfers of personal data from the group’s EEA entities to non-EEA group that has been approved by an EEA supervisory authority;
  • between an EEA-based data exporter and a non-EEA-based data importer who have entered into a contractual agreement that adopts a set of “standard contractual clauses” adopted by the European Commission; or
  • to a jurisdiction that the European Commission has issued an “adequacy decision,” finding that such jurisdiction has adopted “adequate” data protection safeguards. As of the writing of this article, this list of jurisdictions was limited to Andorra, Argentina, commercial organizations in Canada, Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Switzerland, and Uruguay. Importantly, up until last week, U.S.
Keep reading
When Paying for It Doesn’t Mean You Own It


The Conundrum of Works for Hire.

You are a small business.  You’ve hired a web developer to create your website, a marketing expert to author critical passages about your products and services, and you’ve hired a graphics person to design your business cards and signage.  You paid everyone, took delivery of and launched your beautiful new website.  The problem is, you don’t have any paper that confirms your developer, marketing guru, and graphic designer transferred the rights to the work to you.  “But wait,” you protest, “they cashed my checks and I have possession of the files.  Doesn’t that mean I own it?”

It’s natural to assume that if you engaged a service provider to create something for you, and you paid for it, it’s yours.  But that’s not what the law says, at least with respect to works that are eligible for copyright protection.  In fact, even if you have a writing that says the work shall be considered a “work made for hire,” that might not be sufficient to ensure that the work belongs to you.

What Does Copyright Protect?

Copyright protects original, creative works that are set out in a “tangible medium,” meaning they are written … Keep reading

Trademark Audits: What Registrants Should Expect


In 2017, the USPTO initiated an aggressive auditing program of U.S. trademark registrations at the time of maintenance filings. The goal of the program is to ensure the accuracy and integrity of the U.S. register by removing or narrowing registrations that include claims beyond the scope of the registrant’s actual use of its mark in U.S. commerce. The Office is on pace to audit 5000 registrations in 2020 so registrants who have not been tagged as yet should be prepared for an audit in the future.

By way of background, the U.S. system of protection for trademarks, unlike many non-U.S. systems, requires the trademark owner to actually use its mark in U.S. commerce with all the goods or services specified in the registration. Accordingly, to maintain an issued registration the registrant must declare, under oath, that all of the specified goods or services claimed in registration are being provided under the mark to U.S. customers at the time of filing registrant’s Section 8 Declaration of Continued Use (due between the 5th and 6th and years after registration) and Renewal (due every 10 years after registration) filings are due. This “actual use” requirement applies regardless of the original … Keep reading

Supreme Court Helps Trademark Owners: Proof of “Willfulness” Is Not Required To Recover Infringer’s Profits


In April 2020, the U.S. Supreme Court ruled that trademark infringers can be required to hand over their profits to a brand owner even if their conduct was not “willful.” The case was Romag Fasteners v. Fossil Group, Inc., 590 U.S. (2020). It is an important case for trademark owners because it lowers the plaintiff’s burden to recover a defendant’s ill-gotten profits.  In fact, after Romag, the defendant’s deliberate and intentional state of mind is no longer the critical factor that courts must consider in order to award profits in a trademark infringement case. Romag can be an important weapon for trademark owners against, for example, infringers that use their mark on goods or services that do not directly compete with the trademark owner, where the trademark owner did not necessarily lose a sale and may have no actual damages in that regard. Profit disgorgement by the infringer allows for monetary compensation even if the trademark owner has not been directly damaged in that way.

Fossil is a large and well-known distributor of fashion accessories.  Romag sells magnetic snap fasteners for leather goods. For years, Romag and Fossil had an agreement whereby Fossil used Romag fasteners in … Keep reading

The Communications Decency Act Suddenly Is Center Stage Again


Today’s internet users who might not be familiar with the Wild West that was the early internet might wonder how social media and other online service providers (and their users) “get away with” saying or publishing all manner of content on the web, including incendiary, defamatory, or just plain false information. The administration’s recent suggestion that it might assert executive power over social platforms has brought this issue back to the fire in an interesting way. This post is not meant to be a deep dive into the evolution of the law around expression on the web – but is intended to provide some guideposts for those who are watching this space.

Constitutional Freedom of Expression

Under the first amendment to the U.S. Constitution, everyone gets to say whatever they want, right? That’s more or less correct, but over the years courts have also limited your rights of expression with what are called “time,” “place,” and “manner” restrictions.  So you can’t go into a movie theatre and yell “fire,” because doing so might endanger the lives of others.  Analogously, when you express yourself in a public forum, including on the web, your freedom of speech doesn’t mean you are … Keep reading

Consumer Rights and an Organization’s Responsibilities Under the CCPA


As we’ve previously blogged about, the California Consumer Privacy Act (“CCPA”) is an exhaustive piece of legislation requiring organizations to heed and defend consumer rights relating to access to, sharing of, and deletion of personal information that is collected by businesses. In particular, the CCPA requires organizations to notify California consumers of the rights newly afforded to them under the CCPA. These rights are summarized in the graphic below.

Summary of Consumer Rights and Organization’s Related Responsibilities:

In addition to notifying California residents of their consumer rights, organizations need to provide at least two methods– including a toll-free phone number—for consumers to submit requests to exercise their rights.  If the organization maintains a website, one of those methods needs to be a website address.  If an organization operates exclusively online and has a direct relationship with the consumer, it does not need to provide a toll-free number and only needs to provide an email address as a designated method for submitting requests.

Response Requirements When Consumer Exercises a CCPA Right

Once an organization obligated to comply with the CCPA receives a California consumer request to exercise a CCPA right, it must disclose and deliver the information free of charge … Keep reading

CCPA Enforcement Begins July 1, 2020: Do You Need to Comply?


Prior to the unique data security and privacy challenges unexpectedly presented as a result of a mass movement to remote working earlier this year, the California Consumer Privacy Act (“CCPA”) was one of the most highly anticipated regulation organizations were (or, should have been) preparing to comply with.  Despite industry pressure to delay enforcement of the CCPA so organizations could continue to focus on mitigating further disruptions and damage to their operations caused by the COVID-19 pandemic, the California Attorney General has maintained his commitment to begin enforcement of the CCPA on July 1, 2020.

In preparation for the enforcement date, Burns & Levinson will be doing a series detailing some of the highlights of the CCPA, which technically went into effect on January 1, 2020.  If the CCPA applies to your organization and you had not previously taken steps to bring your organization into compliance with Europe’s General Data Protection Regulation (“GDPR”), you may have significant work to do in order to bring your organization into compliance with the CCPA.  If your organization has previously engaged in GDPR compliance, you may still have work to do.  While there is some overlap between the regulatory and statutory requirements of … Keep reading

Domain Name Offer: Helpful Service, or Marketing Scam?


In 2013, I blogged about a common deceptive technique used by some publishers around the world that send apparently official invoices to trademark applicants in the hopes that people will reflexively pay outrageous sums for a listing of their brand in a catalog few will read. I wanted to follow up on that post and summarize another common scam that befalls trademark owners and applicants.  I get an inquiry from a client at least 2-3 times per month: “Is This Domain Name Email Legitimate?”The ruse works like this: Trademark owner applies for a trademark in the U.S. or with another office in another country.  Information about the mark and the owner is publicly available to scammers through simple searches. The scammer sends an email to the trademark owner purporting to warn the mark owner of the ill behavior of a potential domain name squatter. Below is an actual email received recently by a client.  I have changed the names in the email to avoid any embarrassment of the recipient, but I otherwise have left the text, including the grammatical errors of the original, intact.

Dear CEO/Principal,

We are the department of [Domain Name] Service in China. Here I Keep reading
How Many Website Privacy Policies to Maintain in Preparation for GDPR?


Under the GDPR, data controllers are tasked with communicating to data subjects how their data is processed in a way that is both concise and transparent. From a consumer-protection perspective, this is undoubtedly one of the regulation’s more commendable requirements; as many who have drafted website privacy policies understand, there is often tension between the twin goals of concision and transparency. Providing fully transparent disclosure about data-processing activities, while keeping such disclosures brief and easily readable, can be a tricky balance to strike.

One question the GDPR may prompt is whether it makes sense for an organization to maintain separate residency-dependent privacy policies, or a single, all-encompassing policy. There are pros and cons to each, and what works best for a particular organization will often depend on the operational impact of each, as well as the usability of each by the relevant data subjects.

The Multiple Privacy Policies Approach

Organizations that treat data-subject information differently depending on its origination point, or that opt not to extend the enhanced protections offered under the GDPR to non-European data subjects, may prefer to maintain separate residency-dependent privacy policies.

In this instance, the benefit is that each policy can be tailored, … Keep reading