The answer is one that frustrates people the most — it depends. In most circumstances, you run the risk of violating the copyright of the person who took the picture, so the best practice is to seek permission first (more on that in part 3). But, let’s assume you can’t get permission — after all, you are on a deadline. So, let’s look at three different scenarios and the “fair use doctrine.”
The Fair Use Doctrine
The most common response you hear from the journalist is that I’m a reporter so I can use these pictures as a “fair use.”* Fair use is an affirmative defense to a copyright violation meaning, it is the media’s burden to prove the use was fair. The Copyright Act specifically lists “news reporting” as an example of what could be fair use. The Supreme Court, in the one case where it looked at the news reporting fair use angle, ruled that Congress’s inclusion of “news reporting” gives the media a good argument, but there is no presumption that it will always prevail.
Fair use is a factually-specific inquiry and there is no bright line test. Courts consider these four factors:
(1) the purpose and character of the use, including whether such use is of a commercial nature or is for nonprofit educational purposes;
For most commercial news gathering sites and stations, the courts find they are engaged in commercial endeavors – you sell advertising. The media usually loses this argument.
(2) the nature of the copyrighted work;
Was this a professional photographer taking pictures to sell to the public or is this a less “artistic” photo already being freely shared with the public? Most likely, if the photograph is being used for news and it is a simple Facebook photo, this factor will weigh in favor of the media. The issue of whether the image, in and of itself, is newsworthy also comes into play.
(3) the amount and substantiality of the portion used in relation to the copyrighted work as a whole; and
This is more applicable to excerpts of videos, books and music and is usually considered a wash when dealing with images.
(4) the effect of the use upon the potential market for or value of the copyrighted work.
This is why you may have heard that as long as it is an amateur’s photo you can take it. That may help you with this factor, but this fact alone will not give you the green light.
The Picture of the Non-Celebrity
The local schoolteacher is caught in a scandal with a student. Or, let’s be positive for once, the local man wins the lottery. You need a picture of the person so you turn to Facebook or LinkedIn. Why not just grab it? After all, they put it on the site for the world to see.
First, you want to check the terms of service from the social media site where you found the image (that’s #2 in this series). I am not aware of a case where an average citizen has sued the media (as opposed to the school district for using an image in an what not to do presentation) for using their Facebook picture. This is good and bad in that no one has ever ruled you should not use the image, but no one has said it is 100% OK either.
Assuming the license from the social media platform’s terms of service do not give the general public the right to do whatever they want with the image, you should go through the fair use analysis.
Fair Use Factor 1: Media outlets that take advertising are engaged in commercial activities although the primary goal may be to educate the pubic. Unless, you are a public interest group or non-profit, you are likely going to come out on the wrong side with this factor.
Fair Use Factor 2: The more the image itself is newsworthy, the more likely the media will be able to use it. If the image is one of the teacher with the student that is subject of the scandal, then that image is newsworthy and more likely a fair use. If the picture shows the subject engaged in the activity related to the story, then it is more likely a fair use. Also, the further away your purpose of using the image is from the original purpose of the image, the more likely you can use it. For example, in cases where images from a brochure were used in a news story about Oliver North and his new endeavor and nude modeling pictures of a pageant winner distributed prior to her win were both considered fair use because, in part, the media’s use was different from the original purpose and the images were newsworthy.
Fair Use Factor 3: This issue is usually a wash because still images require, for the most part, use of the whole thing or at least the key part of it. The media may be able to say they only used one image out of a large portfolio or album from a social media profile, but this argument has not been made in court to my knowledge.
Fair Use Factor 4: If the image is from a professional or a free lancer, you are going to lose this battle. For example, a local Los Angeles station used video of a beating shot by an independent journalist without permission destroying that independent journalist’s ability to license the video for money. Would the same apply to a Facebook image? If we are talking about the typical profile picture, usually put up by amateurs for as wide dissemination as possible without any thought to the market value, then the media would probably prevail with this part of the argument. If the scandal-ridden teacher has pictures of her and the student she is not able to immediately hide, she could make an argument that because of new events, there is a market for the now sought-after pictures that she could provide on an exclusive basis. On the flip side, someone probably has access to them ruining any “exclusive” commercial value.
As you have probably figured out by now, there are a lot of factors that go into the analysis and you would be foolhardy to have a hard and fast rule. This analysis is simply to give you an idea of what issues come into play. The decision should ultimately be made by the editor/news director, and if there is time, legal.
The Breaking News From Twitter
Almost everyone has phones with cameras and almost everyone has access to social media. Therefore, you will see a lot more “breaking news” caught by everyday citizens who post the images. I even took an image of a fire and posted it to Facebook from my office. Again, assuming you don’t have permission, we have to look at the fair use factors.
Fair Use Factor One: Same as above.
Fair Use Factor Two: By the nature of the hypothetical, this assumes the image is newsworthy which would give the media a slight leg up in the analysis.
Fair Use Factor Three: This is usually going to be a wash.
Fair Use Factor Four: We are assuming these are truly amateurs and not professional who are posting the pictures. If there are 50 other people near the fire/stand-off/crash/revolution taking pictures and posting them, the less likely there is commercial value to the images. If, by some dumb luck, the Average Joe is hiking in the woods and sees the first talking moose, then there may be commercial value to the “exclusive” nature of the images.
As you can see, there is still no bright-line rule.
The Picture, Itself, Is Newsworthy
Unfortunately, the compromising image of the politician (thanks Anthony Weiner) is news in and of itself. The same goes for the nude images of the beauty pageant winner or a news story about an image. The mere existence of these images is the story. You can’t tell the story without them. While this may be the easiest analisys, in can still be perilous. You most likely will be able to use it, unless someone has an exclusive or there is commercial value to the copyright holder.
For a legal article on this topic from 2011, check out Professor Daxton R. “Chip” Stewart’s article, “CAN I USE THIS PHOTO I FOUND ON FACEBOOK? APPLYING COPYRIGHT LAW AND FAIR USE ANALYSIS TO PHOTOGRAPHS ON SOCIAL NETWORKING SITES REPUBLISHED FOR NEWS REPORTING PURPOSES” in the Journal of Telecommunications and High Tech Law.
*The other common excuse is that the pictures are in the public domain because they were posted on Facebook for the world to see. That’s just not legally correct unless the specific social media platform says that is the case. We will examine that in part two.
I think Scottie Pippen is one of the most overrated players in the history of the NBA. My opinion may be soured because I am a Houston Rockets fan and the experiment with him, Olajuwon and Charles Barkley did not end well.
Of course, that’s just my opinion. What if, however, I reported, as fact, Scottie Pippen declared bankruptcy when, in truth, he never did?
According to Graydon Head’s Jack Out of the Box blog, Scottie Pippen sued media outlets because of the erroneous reporting, but the case was dismissed by the Seventh Circuit Court of Appeals. If you are a public figure, take heed — even when the reporting is blatantly wrong, actually recovering may be difficult. The trial court dismissed the lawsuit because the court did not believe Scottie Pippen proved any damages and failed to prove any “actual malice.”
If people were going around claiming I was bankrupt when I wasn’t, I would not be happy. Neither was Pippen. He claimed it defamation per se which means the defamation was of such a nature to be patently harmful to your reputation so that you don’t have to prove any actual damages. Pippen suggested that claiming he filed bankruptcy implied he could not handle his job. The court disagreed noting the ability to handle finances did not impugn his ability to do his commentator or spokesperson work.
When you are a public figure, you have to show the media engaged in actual malice–which means you have to show the reporter knew or really should have known the information was false. Pippen argued a simple web search would have revealed whether or not Pippen had filed bankruptcy. Negligence – or failure to reasonably investigate – does not equal actual malice.
Pippen even proved to some of the media outlets that he did not file bankruptcy and complained that some outlets did not retract the story. Failure to retract does not equal actual malice.
Also of note, the Seventh Circuit determined Illinois law would likely join the majority position of applying the single publication rule to the Internet. This means that the statute of limitations begins to run the first time the defamatory content appeared on the Internet.
What Does It Mean?
Yes, the media outlets won, but the victory did not come cheaply. I am sure they would have preferred to have gotten the facts right then to be dragged through litigation that went to the court of appeals. The end result in Texas would have probably been the same, but there are certain procedural advantages that may have made the process cheaper and quicker such as the Anti-SLAPP dismissal and the new Texas retraction demand requirements.
Then again, maybe Scottie Pippen wasn’t in this case for the money. He seems to have publicized the fact that he never did declare bankruptcy and the reports that he did were just wrong. He may have just wanted to win this one in the court of public opinion. Now, if he can shake that “only because of Michael Jordan” debate although the numbers and this play should give Pippen some cred. Maybe, my original opinion was a little harsh.
Because of an extended working vacation away from Houston’s heat in Colorado, I’ve been away from the blog. Like my kids gearing up to go back to school, I’m getting back to the normal work mode back in the office while recovering from a separated shoulder from a mountain biking incident (riding across on overpass in Houston is apparently different than actual mountain biking). As a warm-up, here are a few quick links to interesting stories from the last couple of weeks.
Another Adwords Trademark Dismissal
From Professor Goldman’s Technology and Marketing Law Blog — another unsuccessful keyword advertising lawsuit. The plaintiff was a collection agency and the defendant was a law firm that bid on the plaintiff’s name that triggered the following ad:
a link titled “Stop Collection Calls—Is Allied Interstate Calling You?” Below the link are two lines of text, the first listing Defendants’ URL, www.creditlaw.com, and the second bearing the slogan “Stop the calls for free!”
Under most circumstances, I would advise clients to avoid using the competitor’s name in the ad copy. But, this is one of those easy exceptions. It is clear the law firm is not trying to confuse consumers into thinking the law firm is the same as the collection agency. It is a pretty easy decision, but a good reminder of how trademark law plays into search engine advertising.
An Eraser Button for Minors on Social Media
We previously mentioned an eraser button for minors on social media. It appears the California Legislature is also back from vacation which, according to Edwards Wildman’s Digilaw Blog, means the law may be a reality soon.
One of the most difficult things to do is help clients deal with IP theft from pirates outside of the U.S. Seyfarth Shaw’s Trade Secret Blog provides some tips on how to deal with these issues–assuming you have enough clout to get your state attorney general involved.
Don’t let your independent contractor use your email.
Evan Brown’s Internet Cases blog discusses a recent Texas opinion regarding the dangers of letting an independent contractor use the company email. An independent contractor cannot usually bind a company to an agreement because they don’t usually have the authority. The company, however, can clothe the independent contractor with the indicia of authority and lead the other party to believe they are dealing with the right person. One way to do that — have the independent contractor send emails from the company account.
Understanding the law and the government’s
To get a good baseline understanding of the law underlying the government’s ability to (store, monitor, read, index, search – you choose the verb) / (phone records/meta data/emails/cell location information — you choose the object of the verb), NPR’s Morning Edition has a good story explaining the 1978 Supreme Court decision that may say all of this is perfectly legal.
What happens when the employee who set up the company’s LinkedIn account leaves? Or, what happens when your outside marketing firm set up your Facebook page but refuses to give it to you because of a fee dispute?
Before we talk about what to do in these situations, let’s talk briefly about how to avoid these situations. Most social media sites allow you to have more than one administrator. You should have, at all times, at least two trusted employees designated as such. When one of them leaves, or is about to be fired, the remaining administrator changes the passwords to lock out the departing administrator and finds another suitable back up. The same thing works with your outside marketer — make sure someone (preferably two of you) are co-administrators so you can always have access to the social media account.
You can also contractually determine who controls and owns the social media account and its followers.
Thanks, you’re an hour late and I need to access my account.
If you are too late to implement some safeguard, the first advice is the same we give our children – ask nicely. This applies to the departed employee and the social media platforms. Obviously, if you can’t locate the employee or they refuse to give up access, you have to approach the social media networks. The problem is, historically, they are not nearly as concerned about your page as you are and are not quick to act.
For example, Facebook tells you what to do here. The problem is Facebook is notoriously slow to react taking about two weeks to respond. If it is a LinkedIn Group (say company alumni) as opposed to a company profile, you may not be able to take control. With regard to groups, LinkedIn takes the position groups are created by individual members and therefore they will not transfer ownership or control of a group. LinkedIn may help you reach out to the group owner or help you protect copyrights or trademarks, but taking control of a Group can be difficult.
In the LinkedIn case, Eagle v. Edcomm, the court threw out the Computer Fraud and Abuse Act and Lanham Act claims, but allowed the common law claims of misappropriation, conversion and invasion of privacy claims to continue which are still pending. In the Twitter case, the claims for misappropriation of trade secrets, intentional interference with prospective economic advantage, negligent interference with prospective economic advantage and conversion are proceeding to trial which is expected to take place this week.
It is clear you can sue, but exactly what causes of action apply and the likely result is not yet clear. As a lawyer, we love to blaze new ground. As a client, blazing new legal ground is expensive and dangerous. You should try to avoid it if you can, but know that you can use the courts to seek control of your accounts if you have to.
TheDirty.com is not exactly deserving of sympathy. Much like Playboy and Hustler pushed the boundaries of the First Amendment in the past, rumor sites like TheDirty.com are pushing the limits of Section 230 immunity for online defamation under the Communications Decency Act.
A judge and jury in Kentucky apparently have had enough. This week, a jury found TheDirty.com “encouraged the development of what is offensive” and was therefore liable for the defamatory posts about former Cincinnati Bengals cheerleader Sarah Jones. The jury awarded Jones $38,000 in actual damages and $300,000 in punitive damages.
As a refresher, Section 230 of the CDA provides: ”[n]o provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.” Because the websites are not the publisher or speaker, the sites can’t be liable for defamation. Most courts immediately dismiss website operators from defamation suits when the claim is based on user generated content known as UGC.
Although subjects of defamatory posts hate the CDA, the law is good. There would be no Google, YouTube, Twitter of Facebook if these sites had to defend, let alone be held liable for, each defamatory post by their users.
Jones sued Dirty World Entertainment Recordings which owns TheDirty.com. The site, as expected, immediately filed a motion to dismiss the complaint because all claims were based on the UGC. The trial judge denied the motion arguing the defendant purposefully seeks out and encourages defamatory content. The court wrote “the very name of the site, the manner in which it is managed, and the personal comments of defendant Richie” shows that the site “specifically encouraged development of what is offensive about the content.” Therefore, the summary judgment was denied. With TheDirty.com as a defendant, it is not surprising the jury ruled in favor of Jones.
If you have had the unfortunate reason to visit TheDirty.com, you know the judge is correct in that they do everything they can to encourage defamatory and offensive content. I have argued before that the CDA should be amended to allow for claims against sites like this that encourage defamation. I always thought the change would come through the legislative process rather than judicial fiat. Not surprisingly, TheDirty.com is appealing. You can read more about the case here.
What does it mean?
If you run Facebook, the local newspaper site, or a community site regarding butterflies, you still have nothing to worry about. If you purposefully run an inflammatory site, you need to pay attention to what the court of appeals does with this case.
TheDirty.com asks people to “submit dirt.” Their submission form has entries for the “dirt,” and provides a link to upload photographs. The court seized on the fact that in response to the post about Jones, the site operator wrote “I love how the Dirty Army has a war mentality.” Facebook and the Christian Science Monitor website don’t do this.
The CDA is usually a slam dunk defense for websites that are sued over UGC. Plaintiffs first tried to argue the sites actually “created” the content. Now, plaintiffs will argue the sites are “encouraging” the defamation. While a good policy, I am not sure it will hold up on appeal without a change to the statute by Congress.
So, what about sites like RipOffReport and PissedConsumer.com? Is the next line of attack that they “encourage” defamatory content? I would not be surprised if a plaintiff is making that argument right now in response to a motion to dismiss.
We will keep our eye on the appeal.
While the second special session is winding down (thank goodness), we will take a look at a couple more new laws impacting online media and technology in Texas. While most of the attention was on social media password protections, service via social media and online “compelled prostitution” legislation, two additional bills made it through to become law.
The Defamation Mitigation Act
The first was HB 1759 called the Defamation Mitigation Act, often referred to as the Retraction Statute, which became law as of June 14, 2013. The purpose of the law is to encourage people who feel they have been defamed to demand a retraction and allow publishers to do it.
Here ‘s how it works. A plaintiff has to notify a publisher about an allegedly defamatory statement within 90 days of learning about it. If a plaintiff fails to do so, they may not be able to seek punitive damages or bring suit until this process takes place. The statute lays out the specifics about what needs to be in the notice including a particular statement identifying the defamatory statement and when and where the publication was made. The publisher then has 30 days to correct the mistake by publishing a correction, an apology or the prospective plaintiff’s own statement.
The retraction must be ”published in the same manner and medium as the original publication or, if that is not possible, with a prominence and in a manner and medium reasonably likely to reach substantially the same audience as the publication complained of.” There is a detailed process about challenging the sufficiency of the correction.
If the plaintiff fails to follow this procedure, or the publisher takes corrective action within 30 days, the plaintiff can still sue, but can no longer seek punitive damages unless the plaintiff can show actual malice. If the plaintiff files suit without sending the notification, there is also a process that would allow the defendant to abate the case and allow for the process to take place.
The law is codified at Texas Civil Practice & Remedies Code, § 73.051–.062.
Data Breach Notification
The Legislature also amended the Texas data breach notification law with SB 1610 so that companies have to notify consumers regardless of state of residence and regardless of whether the state of the consumer has their own breach notification law.
Texas law already required all Texas businesses to notify any individual whose sensitive personal information was, or is reasonably believed to have been, acquired by an unauthorized person pursuant to the state law of the individuals. The amendment makes it easier for businesses to follow the Texas law or to make the notification pursuant to the law of the individual’s state — as long as the business does one or the other. This closed the hole that allowed businesses to avoid the notifications for residents of states who don’t have notification laws and business concerns that they would have to follow and know the laws of 50 states.
To be safe, businesses should make their best effort to comply with the Texas notification requirement for all individuals regardless of residence.
This new law, called the “Notification Required Following Breach of Security of Computerized Data,” is codified at Section 521.053(b-1) of the Texas Business and Commerce Code.
The Tenth Circuit issued a decision yesterday in the 1-800 Contacts v. Lens.com case we discussed several years ago when originally filed. For those of you who simply want the result, the Court of Appeals ruled:
1. There was no evidence of likelihood of confusion – an essential element to a trademark claim.
2. The court also threw out the secondary infringement claims based on the use of the trademarked term by Lens.com’s affiliate marketers because the agents, or sub-agents, lacked authority to include 1-800’s mark in ads for Lens.com.
3. The court of appeals, however, sent the case back to the trial court on the one claim to determine whether Lens.com was liable for contributory infringement because the evidence could support a reasonable finding that Lens.com did not take reasonable steps to halt the display of 1-800’s marks in affiliate ads once it learned of such display.
The trademarked term was 1800CONTACTS. Lens.com itself bid on the following nine terms (the Challenged Keywords) as AdWords keywords: “1-800 contact lenses”; “1800 contact lenses”; “800 contact lenses”; “800comtacts.com”; “800contacta.com”; “800contavts.com”; “800contaxts.com”; “800contzcts.com”; and “800conyacts.com.” Lens.com did not dispute that it bid on the Challenged Keywords, nor does 1-800 contend on appeal that Lens.com ever bid on the 1800CONTACTS mark itself. Additionally, 1-800 did not claim that any impressions created by Lens.com featured the 1800CONTACTS mark in their text.
Discovery revealed, however, that two Lens.com affiliates had bid on the keyword “1800Contacts” and close variations of 1-800’s mark. And at least one of the affiliates published at least one ad for www.JustLenses.com (one of Lens.com’s websites) that featured the phrase “1800 Contacts” in its advertising copy.
The main claims against Lens.com related to the conduct of the affiliates were based on two theories. The first—vicarious infringement—imposes liability on a principal for the infringing acts of its agent. The second—contributory infringement—is analogous to aiding and abetting.
The direct claim against Lens.com argued there was initial interest confusion when the trademarked term triggers the ad. Initial-interest confusion results when a consumer seeks a particular trademark holder’s product and instead is lured to the product of a competitor by the competitor’s use of the same or a similar mark. As the name implies, the improper confusion occurs even if the consumer becomes aware of the defendant’s actual identity before purchasing the product.
The court of appeals cited Lens.com’s expert report to find Lens.com’s use of the nine Challenged Keywords yielded 1,626 impressions for Lens.com or its associated websites over eight months. In only 25 (1.5%) of these 1,626 instances did the user click on the ad for Lens.com. (We do not know how many of the 25 made a purchase from Lens.com.) The users in those 25 instances may have been confused into thinking that Lens.com was affiliated with 1-800, or they may simply have wished to look at the offerings of those whom they knew to be 1-800’s competitors. What we can say, though, is that initial-interest confusion occurred at most 1.5% of the time that a Lens.com ad was generated by a Challenged Keyword in those eight months. This number cannot support an inference that Lens.com’s keyword activity was likely to “lure” consumers away from 1-800.
Finally, the court determined there was no evidence Lens.com instructed their affiliates to the use the 1-800 mark in the ad copy. By doing so, the agents went beyond their scope and Lens.com could not be held vicariously responsible. Lens.com may not have taken sufficient action, however, to stop the affiliates from using the trademarked term when notified about it and therefore, there could be a trial on the issue of contributory infringement.
What did we learn?
2. Don’t use the trademarked term in the copy.
3. Instruct your affiliates on #2 and take action if you are told the affiliates have crossed the line.
4. Finally, although I did not discuss the rejection of the plaintiff’s survey in the case, if you are going to do a survey to help show confusion, read this case and take heed.
Sometimes, when you read the basics of a story, it sounds so incredulous, you think “surely, there has to be more to it.” Enter the story of 19-year-old Texan Justin Carter. The quick headlines usually read – Texas Teen Faces Eight Years for Facebook Comment.
Unfortunately for Justin, the post was about shooting up kindergartners. Hence, he was charged with making “terroristic threats” and was for over three months because of a $500,000 bond that recently got paid by an anonymous supporter.
During an online multi-player game of League of Legends when Justin was 18, he got into an argument with someone on Facebook about it. After someone called him messed up in the head, according to the arrest warrant in the case, Justin wrote:
“I’m f–ked in the head alright, I think Ima SHOOT UP A KINDERGARTEN
“AND WATCH THE BLOOD OF THE INNOCENT RAIN DOWN
“AND EAT THE BEATING HEART OF ONE OF THEM.”
According to Justin’s family, the next two lines were “lol” and “jk.”
Allegedly, a Canadian woman saw the post and called the police. For more on the story, read here. Surprisingly, that’s about it — the whole story. It does not appear Justin was a real threat, had any past issues, meant for any law enforcement to get involved, or took any actions to carry out the alleged threat.
Instead, he has been charged with a violation of Section 22.007 of the Texas Penal Code which reads:
TERRORISTIC THREAT. (a) A person commits an offense if he threatens to commit any offense involving violence to any person or property with intent to:
(1) cause a reaction of any type to his threat by an official or volunteer agency organized to deal with emergencies;
(2) place any person in fear of imminent serious bodily injury;
(3) prevent or interrupt the occupation or use of a building, room, place of assembly, place to which the public has access, place of employment or occupation, aircraft, automobile, or other form of conveyance, or other public place;
(4) cause impairment or interruption of public communications, public transportation, public water, gas, or power supply or other public service;
(5) place the public or a substantial group of the public in fear of serious bodily injury; or
(6) influence the conduct or activities of a branch or agency of the federal government, the state, or a political subdivision of the state.
. . .
(e) An offense under Subsection (a)(4), (a)(5), or (a)(6) is a felony of the third degree.
The main issue in this case is hilited — Intent. It is not clear whether the prosecutor is going to try and prove a violation of 4, 5, or 6 (we know they are pressing for a third degree felony), but does it really matter? Can anyone prove, beyond a reasonable doubt, Justin intended to scare anyone or get law enforcement involved.
There are real threats made on social media and elsewhere. People that make bomb threats or take other actions meant to scare targeted people or waste law enforcement’s time should be prosecuted. People who have bad taste shouldn’t.
We can prove beyond a reasonable doubt, the comment was in bad taste — but the same may hold true for trying to prosecute the man unless there really is more to this story that has not come out yet.
I have not posted in some time because I enjoyed some traveling with the family in Hungary. Some of my cousins – by marriage – are lawyers in Budapest. They mainly peppered me with questions about the NSA and our take on privacy. I can’t repeat the compelling soliloquy I made for all Americans after a few Czech brews, but it was noticeable we had different takes about online privacy. This is not just a matter of good discussion at a ruin pub, your business needs to pay attention to E.U. privacy law, too.
The E.U. already has strict guidelines that apply to all of their member nations. Rather than relying upon protections for only certain types of health, financial data or information related to children like we do here in the U.S., the E.U. looks to protect all personal information regardless of how benign it may appear.
Generally speaking, the E.U. prohibits the transfer of personal data to non-European Union countries that do not meet the European Union “adequacy” standard for privacy protection as directed in the European Union Directive on Data Protection of 1995. The U.S. is not on that list.
Generally, to comply with existing E.U. guidelines you need to:
1. Give a notice of what you collect and what you do with it and how individuals can ask about it.
2. Give individuals the chance to opt-out of disclosure to third parties for reasons outside of the main purpose.
3. Ensure that the company to whom you transfer data also had adequate protections.
4. Provide users access to the data you have about them.
5. Initiate adequate security, data integrity and enforcement procedures.
The Department of Commerce, in consultation with the European Commission, developed a “Safe Harbor” program that qualifies companies to store and transfer personal information on E.U. residents so you don’t have to hire E.U. counsel. You can learn more about the process here at the Department of Commerce website.
Compliance in the Future
While already stricter than U.S. requirements, the E.U. is considering strengthening its laws with changes that may take place as soon as next year.
1. Will you need a forget me button?
Recent proposals have suggested a “right to be forgotten” will have to be implemented requiring companies to erase all information about individuals. You can read more here on this proposal and how U.S. companies may fight it. If it becomes law in the E.U. next year, will you be able to offer this service?
2. Will you need consent to share data?
The E.U. is leaning towards a disclosure and consent process before any of your personal information can be shared. This may require an affirmative opt-in for all cookies with full disclosure of how the information will be used and shared.
As you may imagine, marrying a lawyer can make for some interesting conversations (or dreadful depending on your outlook) at home. The same holds true with an extended family with multiple lawyers working on difference continents with different outlooks.
As the summer arrives in full force, I am watching a lot of my start-up friends take advantage of the unpaid internship to help with some needed coding, design or marketing projects they haven’t gotten to. These kids are smart, hungry, can use the experience and wouldn’t it be nice to have someone pick up coffee and donuts for you once in awhile?
- the training is similar to that which would be given in a vocational school (even though it includes actual operation of the facilities of the employer);
- the training is for the benefit of the trainees;
- the trainees do not displace regular employees, but work under their close observation;
- the employer that provides the training derives no immediate advantage from the activities of the trainees, and on occasion operations may actually be impeded;
- the trainees are not necessarily entitled to a job at the conclusion of the training period; and
- the employer and the trainees understand that the trainees are not entitled to wages for the time spent training.