Dealing with Copyright Trolls

This post was originally published on this site

The ease of sharing pictures online has made it both lucrative for legitimate artists to monetize their works and simpler for opportunists (“copyright trolls”) to victimize unprepared websites with extortion schemes disguised as legitimate copyright enforcement practices. To escape being targeted by the latter, websites that host user-generated content can utilize the “safe harbor” provisions (Section 512) of the Digital Millennium Copyright Act (“DMCA”) to shield them from copyright infringement committed by users. In return, the DMCA “safe harbor” requires the website to adopt “notice and takedown” procedures allowing the copyright holder a streamlined way to report infringement and have the infringing content taken down.


Copyright holders who send a copyright notice to a website to remove the copyright-infringing material must include certain information to the website. The copyright notice must (i) identify the infringing material, (ii) provide the location of the original material, (iii) include the submitter’s contact information, (iv) state that the notice is entered in good faith, (iv) confirm that all information in the notice is factual, (v) state that the person sending the notice, under penalty of perjury, has the authority to act on behalf of the copyright holder, and (vi) sign the notice. Before sending the notice, the owner must also consider whether the use of the work is protected by fair use.


Copyright trolls abuse the DMCA requirements in search of easy money – big money. Copyright holders with registered U.S. works can seek statutory damages—up to $150,000 per work for willful infringement—for copyright infringement. For U.S. works, the Supreme Court has provided that a copyright owner cannot sue for copyright infringement until they have registered the work with the U.S. Copyright Office. For foreign works, copyright holders may file suit without registration per the Berne Convention (however, foreign works may not be awarded statutory damages or attorneys’ fees unless the foreign work is first registered with the U.S. Copyright Office). While these sometimes substantial damages seem harsh for a website merely hosting content posted by users, full compliance with the “safe harbor” provision of the DMCA can negate liability.


Additionally, the DMCA provides a means to fight back against overly aggressive copyright trolls (albeit through a sparingly used provision). Section 512(f) of the DMCA allows the website owner to file a lawsuit seeking costs and attorneys’ fees against any copyright notice sender who knowingly misrepresents information in a DMCA notice. The caveat is that the website must prove their harm as a result of relying upon the misrepresentation. While Section 512(f) lawsuits are scarce, one hopeful lawsuit on Section 512(f) was filed in August 2019 by YouTube against a copyright troll. Unfortunately, YouTube settled the lawsuit out of court with the copyright troll apologizing for his conduct and admitting to sending dozens of false takedowns. Thus, whether Section 512(f) is an effective means to deter DMCA takedown abuses is not yet a settled issue.


In any case, because of how easy it is for potentially infringing material to end up on a website, copyright trolling will persist. While the settlement fees copyright trolls request might seem reasonable relative to the costs of a potential copyright infringement lawsuit, websites should seek out help to evaluate the claim and strategize the most efficient way to handle the situation.


Written By: Stan Sater and David H. Pierce

Protecting Your Hemp and CBD Brand Through Trademarks

The 2018 Farm Bill was passed on December 20, 2018, and, among other things, removed hemp from the definition of marijuana under the Controlled Substances Act (“CSA”). Prior to the passage of this Farm Bill, the U.S. Patent and Trademark Office (“USPTO”) could refuse any cannabis or cannabis-related trademark application, on its face, because the identified goods and/or services were unlawful under the CSA. In other words, because the good or service for which the trademark was being sought was not in lawful use in interstate commerce, the USPTO would not grant federal trademark protection. With the passage of the Farm Bill, the USPTO is having to change its review practices to handle the confusion that the Bill created as to the trademark rights of cannabis or cannabis-related businesses.

 On May 2, 2019, the USPTO issued new guidance addressed to its trademark examiners on how to handle trademark applications for cannabis-related products. The guidance reiterates that a product ‘must first be in lawful use’ to receive a federal trademark. As it relates to cannabis or cannabis-related trademarks filed on or after December 20, 2018, a lawful use determination “requires consultation of several different federal laws” including the CSA and the Federal Food Drug and Cosmetic Act (“FDCA”). The FDCA, which is overseen by the Food and Drug Administration (“FDA”), makes it unlawful to introduce hemp-derived foods, beverages, dietary supplements, or pet treats unless approved by the FDA. Additionally, under the FDCA, “any product intended to have a therapeutic or medical use intended to affect the structure or function of the body” is a drug. Drugs cannot be distributed or sold in interstate commerce unless approved by the FDA. At present, other than Epidiolex, a plant-derived CBD product used to treat two pediatric epilepsy disorders, no cannabis-derived drug products have been approved by the FDA. The FDA recently restated its viewpoint on the market for CBD products in a revised consumer update and is carefully monitoring the space, having issued 15 warning letters to cannabis-related companies selling products in violation of the FDCA.

  For trademark applications filed before December 20, 2018, the examiners may allow applicants to amend their applications to claim a December 20, 2018 filing date to overcome a refusal based on the CSA. As the trademark can still be denied for the other reasons as discussed above, examiners may also allow applicants to amend the original filing basis to an “intent-to-use” basis. With the date change and the “intent to use” change, the examiner will conduct a new search of conflicting trademarks in the USPTO’s records. If applicants choose not to amend their application, they can abandon the application and re-file or respond to the examiner’s office action with evidence to oppose the examiner’s determination. As it relates to hemp cultivation or production services, the examiners will investigate the applicant’s legal ability to cultivate and produce hemp. Per the 2018 Farm Bill, hemp must be produced “under license or authorization by a state, territory, or tribal government in accordance with a plan approved by the U.S. Department of Agriculture (USDA) for the commercial production of hemp.” However, the USDA has not approved any state, territory, or tribal government hemp production plan. Therefore, hemp cultivation or production services trademark applications could still be denied despite the 2018 Farm Bill.

While there is still uncertainty about the future for granting federal cannabis or cannabis-related trademarks, applicants can seek state trademark registration or protect their rights against copiers at common law. Each trademark strategy must be tailored to the applicant’s business and products.

Written by: Stan Sater and David H. Pierce

Should My Company Have a Privacy Shield Certification?

This post was originally published on this site

We are now two months into Europe’s new General Data Protection Regulation (“GDPR”), which extends the jurisdictional scope of European data protection law. As a result, GDPR applies extraterritorially to any organization that can be reached by an EU citizen. GDPR imposes harsher data protection requirements that give way to substantial penalties for non-compliance, which include administrative fines up to 4% of annual worldwide revenue. These steep fines have forced businesses across the U.S. (and the world) to reconsider their EU business strategy. Additionally, many companies are compelled by their clients or partners to comply with GDPR. Fortunately, and for the time being, there is an alternative regulatory mechanism that allows U.S. businesses to conform to EU data transfer laws.

The EU-U.S. and Swiss-U.S. Privacy Shield

In July 2016, the U.S. Department of Commerce and the European Commission approved the EU-U.S. Privacy Shield Framework while the Swiss Administration approved the Swiss-U.S. Privacy Shield in July 2017 (collectively, the “Privacy Shield”). The Privacy Shield, which serves as an adequacy decision under GDPR, is a data protection framework that allows companies on both sides of the Atlantic to transfer personal data from the EU to the U.S. The Privacy Shield replaced the U.S.-EU Safe Harbor Framework (the “Safe Harbor”) after the Safe Harbor was struck down by the Court of Justice of the European Union in October 2015. The Privacy Shield’s purpose is to bridge the different privacy protections afforded to U.S. and EU citizens. The Privacy Shield Principles include the data subject’s right to be informed; limitations on the use of the data subject’s data for different purposes; obligations to secure the data subject’s data; obligations to protect the data subject’s data if transferred to another company; the data subject’s right to access and correct their data; the data subject’s right to file a complaint and obtain a remedy; and redress in case of access by U.S. public authorities. Companies may undertake Self-Certification (often with the assistance of counsel) and the U.S. Department of Commerce is in charge of issuing Self-Certification determinations. U.S. Participants in the Privacy Shield are subject to the Federal Trade Commission’s broad jurisdiction.

Should I Get Self-Certified?

In light of the stricter regulation of European data transfers to the U.S., not complying with the necessary data protection laws may impact your ability to adequately cater to European customers, or to partner with or provide services to other US entities that are subject to GDPR. Accordingly, for many businesses, there are significant motivators to comply.

A company may be eligible to certify to the Privacy Shield if it transfers EU or Swiss personal data to the U.S., or receives or accesses EU or Swiss personal data. At the core, seeking Privacy Shield Self-Certification is a business decision requiring an understanding of how and at what frequency your business interacts with EU data.

While thousands of companies are enjoying the benefits of the Privacy Shield, it is worth noting that on July 5, 2018, the members of European Parliament called for a suspension of the Privacy Shield unless the U.S. fully complies with GDPR by September. All eyes will be on the European Commission as the September Privacy Shield annual review approaches.

Compliance is a moving target. The regulatory framework for privacy worldwide is evolving. Numerous government and consumer agencies, as well as public advocacy groups, have called for new regulation coupled with changes in industry practices. Further, new laws and regulations will be adopted in and around the United States, as most recently seen in California, and existing laws and regulations may be interpreted in new ways. Navigating the data privacy regulatory landscape is complex and requires continual monitoring.

Contact the Authors at [email protected] and [email protected] to discuss these and other issued related to data privacy, intellectual property, and technology law.