On Wednesday, December 14, 2016, President Obama signed the Consumer Review Fairness Act of 2016 (the “Act”) into law. The Act makes void certain clauses of a form contract that prohibit or restrict an individual from engaging in a review of a seller’s goods, services, or conduct. The Act follows California’s enactment of Assembly Bill 2365 in September 2014 (codified at Civil Code section 1670.8) which similarly bars consumer contract provisions that purport to waive consumers’ right to make disparaging comments about goods or services.
Subject to enumerated exceptions, the Act makes a provision of a form contract void from the inception if it: (1) prohibits or restricts an individual who is a party to such a contract from engaging in written, oral, or pictorial reviews, or other similar performance assessments or analyses of, including by electronic means, the goods, services, or conduct of a person that is also a party to the contract; (2) imposes penalties or fees against individuals who engage in such communications; or (3) transfers or requires the individual to transfer intellectual property rights in review or feedback content (with the exception of a nonexclusive license to use the content) in any otherwise lawful communications about such person or the goods or services provided by such person.
A “form contract” is a contract with standardized terms: (1) used by a person in the course of selling or leasing the person’s goods or services, and (2) imposed on an individual without a meaningful opportunity to negotiate the standardized terms. The definition excludes an employer-employee or independent contractor contract.
Enforcement authority is provided to the Federal Trade Commission (FTC) and states, and the Act requires the FTC to provide businesses with nonbinding best practices for compliance.
A link to the legislation may be found here.
On Wednesday, December 14, 2016, President Obama signed the “Better Online Ticket Sales Act of 2016” (the “BOTS Act” or the “Act”) into law. The Act prohibits the circumvention of a security measure, access control system, or other technological measure on an Internet website or online service of a ticket issuer that is used to enforce posted event ticket purchasing limits or to maintain the integrity of posted online ticket purchasing order rules for a public event with an attendance capacity exceeding 200 persons. The Act also prohibits the sale of or offers to sell an event ticket in interstate commerce obtained through such a circumvention violation if the seller participated in, had the ability to control, or should have known about the violation.
It shall not be unlawful under the BOTS Act to create or use software or systems to: (1) investigate, or further the enforcement or defense of, alleged violations; or (2) identify and analyze flaws and vulnerabilities of security measures to advance the state of knowledge in the field of computer system security or to assist in the development of computer security products.
Violations shall be treated as unfair or deceptive acts or practices under the Federal Trade Commission Act. The Act provides authority to the Federal Trade Commission and states to enforce against such violations.
A link to the legislation may be found here.
On or before December 31, 2017, online service providers that have previously registered DMCA designated agents with the U.S. Copyright Office must re-register through its new online registration system. Otherwise, the online service provider will not be eligible for the safe harbor protections of the Digital Millennium Copyright Act (the “DMCA”). The notification of this new regulation can be found here.
The safe harbor provisions of the DMCA provide a shield against copyright infringement liability based upon content posted by internet users. Without the safe harbor protections, an online service provider can be exposed to copyright infringement without its knowledge when the content underlying the infringement is posted by an internet user. Online service providers include, for example, website hosting, blogs, email services, chat rooms or other venues in which user-generated content may be posted online.
This shield requires that the online service provider comply with all of the requirements of the DMCA, which beginning December 1, 2016 will include the online registration of a designated agent for the online service provider. The new registration system is accessible at https://dmca.copyright.gov/osp/login.html.
Designated agent registrations must be renewed every three years.
The New Jersey Truth-in-Consumer Contract, Warranty and Notice Act (“TCCWNA”), enacted nearly 35 years ago, has over the past 7 years become increasingly popular with class action attorneys. Cases generally target retailers’ online terms and conditions that include provisions that purport to limit rights or remedies under other state or Federal laws. The TCCWNA prohibits a:
seller, lessor, creditor, lender or bailee…in the course of his business offer to any consumer or prospective consumer or enter into any written consumer contract or give or display any written consumer warranty, notice or sign…which includes any provision that violates any clearly established legal right of a consumer or responsibility of a seller, lessor, creditor, lender or bailee as established by State or Federal law at the time the offer is made or the consumer contract is signed or the warranty, notice or sign is given or displayed.
N.J.S.A. § 56:12-15.
Several recent federal district court decisions question whether plaintiffs have suffered harm sufficient to satisfy Article III standing requirements articulated by the Supreme Court in Spokeo, Inc. v. Robins, 136 S. Ct. 1540, 1548 (2016). In Candelario v. Rip Curl, Inc., 2016 U.S. Dist. LEXIS 163019 (C.D. Cal. Sept. 7, 2016), the court dismissed plaintiff’s complaint alleging that defendant Rip Curl’s online terms and conditions contained impermissible limitations on defendant’s liability. The court found that plaintiff had not pled any injury-in-fact by virtue of having read the terms after being disappointed by an item of clothing she purchased from defendant’s website.
A link to the opinion may be found here.
Long, supra, at 13. The court goes on to quote the following “bright line rule for determining the validity of browsewrap agreements” as announced in Nguyen:
Id. at 17 (quoting Nguyen, supra, at pp. 1178-1179.) “Typically that ‘something more’ had taken the form of an explicit textual notice warning users to ‘Review terms’ or admonishing users that by clicking a button to complete the transaction ‘you agree to the terms and conditions in the [agreement].’” Id. at 16-17. In this case no such explicit textual notice was provided.
The court’s opinion may be found at the following link:
CALIFORNIA DISTRICT COURT RULES THAT 47 U.S.C. § 230(c)(1) BARS DISCRIMINATION LAWSUIT BASED ON REMOVAL OF SOCIAL MEDIA CONTENT
On November 13, 2015, the United States District Court for the Northern District of California dismissed a lawsuit by Sikhs for Justice Inc. (“SFJ”) asserting several causes of action against Facebook, Inc., including a federal claim of racial discrimination, for having allegedly blocked SFJ’s Facebook page in India without notice or explanation. Sikhs for Justice “SFJ”, Inc. v. Facebook, Inc., 2015 U.S. Dist. LEXIS 154716 (N.D. Cal. Nov. 13, 2015). According to SFJ, Facebook acted “on its own or on the behest of the Government of India” because of discrimination against SFJ and its members on the grounds of race, religion, ancestry, and national origin.
The court denied the claim pursuant to 47 U.S.C. 230, the federal Communications Decency Act. Its subsection (c)(1) states in pertinent part that “[n]o provider or user of an interactive computer service [“ICS”] shall be treated as the publisher or speaker of any information provided by another information content provider.” The court relied upon Ninth Circuit precedent for the proposition that subsection (c)(1) immunizes ICS removal of user content.
Notably, the court did not reference 47 U.S.C. 230, subsection (c)(2), which provides that “[n]o provider or user of an interactive computer service shall be held liable on account of– (A) any action voluntarily taken in good faith to restrict access to or availability of material…” By relying upon subsection (c)(1), which does not require a finding of good faith, the court granted Facebook’s FRCP 12(b)(6) motion.
On October 6, 2015, the European Union’s highest court (the “ECJ”) issued an order (the “Order”) invalidating the 15-year-old U.S.-EU Safe Harbor Program (the “Program”). Schrems v. Data Prot. Comm’r, E.C.J., No. C-362/14. The Program allowed U.S. companies to transfer EU citizens’ data to the U.S. by self-certifying to the U.S. Department of Commerce privacy principles similar to those contained in the EU Data Protection Directive (95/46/EC). The basis for the Order was that the Program didn’t safeguard personal data against surveillance by the U.S. government and didn’t allow sufficient redress to EU citizens whose privacy had been breached by such surveillance. The case was initiated by Austrian law student Max Schrems against Facebook in Ireland where Facebook’s European operations are headquartered. The case was referred to the ECJ by Ireland’s High Court after the Irish Office of the Data Protection Commissioner said it didn’t need to examine the complaint about data transfers made by Facebook Ireland Inc. because the transfers were done in accordance with the Program. The ECJ found that U.S. authorities could ignore the privacy protections of the Program and could “access the personal data transferred from the member states to the United States and process it in a way incompatible, in particular, with the purposes for which it was transferred, beyond what was strictly necessary and proportionate to the protection of national security.” The European Commission has stated publicly that any transfer of data from European Economic Area in the last 15 years that relied on the Safe Harbor Program may be subject to legal challenge. While approximately 4,400 U.S. companies are certified under the Program, the Order would not prevent the continued transfer of data by those with alternative means for data transfers in place, such as binding corporate rules or model contracts.
NINTH CIRCUIT HOLDS NETFLIX’S VIEWING HISTORY DISCLOSURES ON SUBSCRIBERS’ TELEVISIONS DO NOT VIOLATE VIDEO PRIVACY PROTECTION ACT
On July 31, 2015, in Mollett v. Netflix, Inc., No. 12-17045, the Court of Appeals for the Ninth Circuit affirmed the order of the United States District Court for the Northern District of California dismissing claims brought under the Video Privacy Protection Act (“VPPA”), 18 U.S.C. § 2710, and California Civil Code § 1799.3 by two plaintiffs on behalf of themselves and other similarly-situated Netflix subscribers. Plaintiffs allege that Netflix violated the statutes by permitting certain disclosures about their viewing history to third-parties, namely, subscribers’ family, friends and guests. The claims were directed at Netflix’s display of a subscriber’s video queue and “recently watched” video titles on a subscriber’s television when Netflix is activated. Netflix brought a motion to dismiss for failure to state a claim on the grounds that, inter alia, disclosures of personal information are made to subscribers themselves and therefore permissible. The Ninth Circuit stated that:
“The interpretation of this section of the VPPA is an issue of first impression for this Circuit. The VPPA was enacted in 1988 in response to the Washington City Paper’s publication of then-Supreme Court nominee Robert Bork’s video rental history. [citation omitted] The paper had obtained (without Judge Bork’s knowledge or consent) a list of the 146 films that the Bork family had rented from a Washington, D.C.-area video store. Id. Members of the Judiciary Committee “denounced the disclosure” and Congress acted swiftly to enact the VPPA . . . ‘[t]o preserve personal privacy with respect to the rental, purchase or delivery of video tapes or similar audio visual materials.’ Id. at *7.”
The Ninth Circuit dismissed plaintiffs’ claims. “The VPPA prohibits a ‘video tape service provider’ from knowingly disclosing ‘personally identifiable information’ about one of its consumers ‘to any person,’ and provides for liquidated damages in the amount of $2,500 for violation of its provisions.’ . . . The Act provides several exceptions to the disclosure prohibition, [including] allowing disclosure of a consumer’s video rental history to the consumer himself. . .” Id. at *8. The Ninth Circuit held that the disclosure alleged by the plaintiffs is a disclosure “to the consumer” that is permitted by the Act. Id. at *9:
“The fact that a subscriber may permit third parties to access her account, thereby allowing third parties to view Netflix’s disclosures, does not alter the legal status of those disclosures. No matter the particular circumstances at a subscriber’s residence, Netflix’s actions remain the same; it transmits information automatically to the device that a subscriber connected to her Netflix account. The lawfulness of this disclosure cannot depend on circumstances outside of Netflix’s control.”
Id. at *12. The Ninth Circuit applied the same analysis to dismiss the claims under California’s video privacy statute, Civil Code § 1799.3.
The Ninth Circuit’s opinion may be found at the following link: http://cdn.ca9.uscourts.gov/datastore/opinions/2015/06/15/13-55666.pdf