A new Second Circuit decision could change the way some service providers conduct business on the internet, imposing a greater burden to assess specific infringing activity.

In Viacom v. YouTube, Viacom sought $1 billion in damages for direct and secondary copyright infringement based on claims that its users improperly uploaded thousands of Viacom’s videos.  The district previously held that YouTube was protected against claims of copyright infringement under the DMCA safe harbor primarily because it had insufficient notice of the particular infringement at issue.  Essentially, it held that under the DMCA, service providers did not have a responsibility to identify which of its users' postings infringed a copyright.

This week, the Second Circuit vacated that decision.  While the Second Circuit agreed with the district court that the DMCA safe harbor requires knowledge or awareness of specific infringing activity, it vacated the order granting summary judgment because a reasonable jury could find that YouTube had actual knowledge or awareness of specific infringing activity on its website. It instructed the district court to determine on remand whether any specific infringements of which YouTube had knowledge or awareness correspond to the clips-in-suit in these actions.  It also directed the lower court to consider whether YouTube made a "deliberate effort to avoid guilty knowledge" and whether YouTube had the ability to control the infringing activity and received a financial benefit attributable to that activity.

The decision can be viewed at http://www.ca2.uscourts.gov/decisions/isysquery/e4374f0f-1919-4bbf-a411-69c963dc238d/5/doc/10-3270_10-3342_opn.pdf#xml=http://www.ca2.uscourts.gov/decisions/isysquery/e4374f0f-1919-4bbf-a411-69c963dc238d/5/hilite/

Today, the Federal Trade Commission released its final report titled "Protecting Consumer Privacy in an Era of Rapid Change: Recommendations For Businesses and Policymakers."  http://www.ftc.gov/opa/2012/03/privacyframework.shtm

The report details best practices for businesses to protect the privacy of consumers.  Recognizing the burden on small businesses, the FTC says that the framework should not apply to companies that collect and do not transfer only non-sensitive data from fewer than 5,000 consumers a year. 

In the report, the FTC addressed the following:

Do-Not-Track – the FTC will work with various groups to complete implementation of an easy-to-use, persistent, and effective Do Not Track system.

Mobile - the FTC continues to urge companies offering mobile services to work toward improved privacy protections, including disclosures. It will host a workshop on May 30, 2012 to address how mobile privacy disclosures can be short, effective, and accessible to consumers on small screens.

Data Brokers – the FTC called on data brokers to make their operations more transparent by creating a centralized website to identify themselves, and to disclose how they collect and use consumer data.  In addition, the website should detail the choices that data brokers provide consumers about their own information.

Large Platform Providers - The FTC cited heightened privacy concerns about the extent to which platforms, such as ISPs, operating systems, browsers and social media companies, comprehensively track consumers' online activities. It will host a public workshop in the second half of 2012 to explore issues related to comprehensive tracking.

Promoting Enforceable Self-Regulatory Codes - the FTC is working to develop industry-specific codes of conduct.

Just when you thought the state breach notification laws could not get more cumbersome, states continue to amend their breach notification laws in an effort to expand the content and reach of the notice. 

Texas Amendment Requires Notification to Affected Residents in All 50 States

Texas recently amended its data breach notification law by expanding the notification requirements to cover affected non-residents.  Prior to the amendment, Texas required that entities conducting business in Texas notify residents when sensitive personal information was believed to have been acquired by an unauthorized person.  The amended law, which becomes effective September 1, 2012, now requires notification to affected persons residing in all 50 states if affected non-residents live in a state that does not already require notification of the data breach.  The Texas amendment is a novel use of the state breach notification laws, essentially requiring national notification of the breach.  Penalties are incurred if non-residents are not appropriately notified.  The Texas law also expands state health privacy requirements, imposing further notification requirements for a breach of health information

One of the most valuable assets of any company is its intellectual property.  Although technology has led to great efficiencies, it has also created new exposures for businesses, particularly with respect to the protection of valuable trade secrets.  One of the key tools in a litigator’s arsenal in the fight against theft of trade secrets is the Computer Fraud and Abuse Act (CFAA).  It prohibits a person from intentionally accessing a computer without authorization or exceeding authorized access to obtain information, perpetrate a fraud, or cause damage.  Unfortunately, the issues are not always straightforward.  Issues have arisen about the extent to which a business can use the CFAA to protect its information because there are conflicting views among the courts on the meaning of “authorization”. 

Congress is currently considering a bill to prevent the abuse of location data collected by electronic devices.  In the mean time, we all have to question how much privacy are we willing to give up to get the types of services and apps we have come to love?

While it may surprise some, the answer to that question is YES.  As a result of the expanding volume of electronic data that must be produced in litigation, e-discovery costs have been one of the biggest concerns of both clients and lawyers for some time.  Now, clients and lawyers alike have reason to stress about the costs even more.  Recently, a federal court in the Western District of Pennsylvania held that the two prevailing defendants may recover e-discovery costs because such costs are the modern-day equivalent of duplication costs.  While the judge took care to limit the ruling to the "unique" facts associated with this case, it has not stopped lawyers from speculating about what other cases might similarly fall within the purview of this ruling.