This is the second in a series of blog articles relating to the topics to be discussed at the 30th Annual Media and the Law Seminar in Kansas City, Missouri on May 45, 2017. Blaine C. Kimrey and Bryan K. Clark of Vedder Price are on the planning committee for the conference. In this article, we discuss a recent Ninth Circuit decision relating to the summary judgment standard for a Digital Millennium Copyright Act (“DMCA”) affirmative defense. The ins and outs of the DMCA will be among of the topics at the 2017 seminar.

Earlier this month, the Ninth Circuit issued a ruling that will make it more difficult for Internet service providers to rely on the DMCA safe harbor to prevail at the summary judgment stage. In Mavrix Photographs, LLC v. LiveJournal, Inc., Case No. 14-56596 (9th Cir. April 7, 2017), the court overturned the district court’s summary judgment finding for the defendant, ruling that the common law of agency applied and there was a genuine issue of material fact as to whether the moderators at issue in this case were “agents” of the defendant. This finding will make summary judgment harder to achieve for Internet service providers and may make them rethink the roles that moderators play in assessing content on their Web sites.
Continue Reading

The symbol of copyright protection. Seal and imprintAs of December 1, 2016, the Copyright Office requires that each online service provider designate an agent to receive notifications of claimed infringement as required under the Digital Millennium Copyright Act (“DMCA”) by the Office’s new online system, located here: https://dmca.copyright.gov/osp/p1.html. This online registration system and corresponding electronically generated directory replace the Office’s old paper-based system and directory. As a result, the Office will no longer accept paper designations, and service providers that appointed agents under the old paper-based system must submit a new designation under the new online system by December 31, 2017 in order to maintain its safe harbor1 from copyright infringement.

The DMCA includes provisions directed to copyright infringement on the Internet, notice and takedown procedures for copyright owners to report claimed infringement and safe harbors from copyright infringement liability for online service providers. Generally, online service providers are considered to be any provider of online services or network access, such as, Internet service providers, websites, hosting companies, mobile app publishers, others that allow users to post or store material on their systems, and search engines, directories, and other information location tools, etc.
Continue Reading

After nine months of intense negotiations and uncertainty, and despite ongoing criticisms from powerful data protection regulators, the new EU-U.S. Privacy Shield program went into effect this week as the U.S. Department of Commerce began accepting applications online. Some companies that are self-certifying their compliance have already submitted their documentation and many more are expected to do so in the coming days and weeks as they seek shelter under the replacement for the long-standing EU-U.S. Safe Harbor arrangement that was invalidated by the European Court of Justice last year.

Companies can now “sign up” for the Privacy Shield list, but they should not expect a rubber stamp from the Commerce Department just because they have self-certified. To ensure that their applications are approved, companies should take the following steps:

  • Confirm that they are eligible to participate—not all organizations are. Only companies subject to the jurisdiction of the FTC or the DOT may participate at this time
  • Develop a Privacy Shield-compliant privacy policy statement
  • Identify their independent recourse mechanism—under the new framework, self-certifying organizations must provide an independent recourse mechanism available to investigate unresolved complaints at no cost to the individual
  • Ensure that they have compliance verification mechanisms in place
  • Designate contacts within their organizations to serve as liaisons regarding the Privacy Shield
  • Review the information required to self-certify
  • Go online to www.privacyshield.gov to self-certify


Continue Reading

Politicians in both the European Union and United States touted Tuesday’s agreement on a new “Privacy Shield” for EU-U.S. data transfers as a resolution to the data transfer quagmire that has faced companies since the EU-U.S. Safe Harbor was invalidated in October. While this new deal is a promising step in the right direction for companies that transfer data from the EU to the United States, there are still many questions about exactly what the requirements of the new Privacy Shield will be, how an American company can ensure compliance with those requirements and (perhaps most importantly) whether the European Court of Justice will validate the new rules.

Indeed, the deal heralded by politicians on both sides of the Atlantic appears to be only a high-level agreement—they expect to document the actual terms over the next few weeks (the Article 29 Working Party (WP29), the body made up of representatives of individual European Member States’ data protection authorities, has called for it to be fully documented by the end of February). Thus, we anticipate quite a bit more negotiation on the precise scope and language of the requirements. Meanwhile, WP29, which had been assessing data transfer mechanisms like standard contractual clauses and model contracts for possible flaws that would lead to enforcement actions, announced that it will not take enforcement actions based on its concerns about these mechanisms while it awaits the details of the new transfer deal.
Continue Reading

For the last 15 years, we have advised companies doing business in the United States and the European Union about the importance of the U.S.-EU Safe Harbor—the framework designed to ensure that U.S. companies are providing “adequate” privacy protection under the EU’s Data Protection Directive (Directive 95/46/EC). But the game has now changed. On Tuesday, the EU’s highest court suspended the agreement between the EU and the U.S., sending many businesses that had relied on the Safe Harbor’s self-certification approach scrambling for a new way to avoid interruptions in their transatlantic business dealings and/or avoid prosecution by EU member state authorities enforcing EU member state privacy laws that are more stringent than U.S. laws.
Continue Reading