The EU’s General Data Protection Regulation (GDPR), Effective May 25, 2018, Will Impact Many United States Businesses

Who: United States businesses that process (i.e., collect, store, or transmit) the personal information of EU residents in connection with offering goods or services in the EU (online or otherwise) are subject to the GDPR, regardless of whether the business has any physical presence in the EU or any payment is made by the EU resident.

What: The GDPR is a comprehensive data-privacy regulation that gives people control over their data in ways that are very different than what US businesses are accustomed to. Businesses must clearly and accurately disclose how they collect and use personal data and be prepared to provide EU residents copies of their data, delete their data, correct their data, and report any data breaches to EU regulatory authorities within 72 hours. Many marketing communications and other data collection will also require “opt-in” consent from EU residents, which is a drastic departure from current/standard US practices.

When: May 25, 2018

Where: Globally. The GDPR has extraterritorial reach, so it will apply to US businesses that offer goods or services to people in the EU, even if those goods or services are only being provided online and the US company has no physical presence in the EU.

Why: Data privacy is a fundamental right in the EU, but EU regulators feel that many businesses, including many US-based companies, are not adequately respecting that right. The GDPR attempts to address this by providing significantly expanded rights to EU residents, putting significantly more obligations on companies that process EU resident data, regardless of their physical location, and increasing liability exposure. The GDPR provides both a private right of action for EU residents (even without any finding of material harm) and companies are subject to enormous regulatory fines; fines may reach the greater of (a) €20 million or (b) four (4) percent of global annual revenue (even if only one (1) percent was earned in the EU).

How: There are steps that US businesses should be taking now to come into compliance by the May 25, 2018 enforcement deadline. These include: Continue Reading

Copyright and Software: Oracle v. Google

In the blockbuster case of Oracle v. Google, the Federal Circuit has once again questioned the role of juries in deciding technical issues, this time in the context of fair use of copyrighted software. Oracle sued Google in 2010 after acquiring Sun Microsystems, alleging that Google’s unauthorized use of 37 packages of Oracle’s Java application programming interface (“API packages”) in its Android operating system infringed Oracle’s copyrights. It is undisputed that Google copied verbatim the declaring code of the 37 Java API packages—11,500 lines of Oracle’s copyrighted code. It also copied the structure, sequence, and organization (SSO) of the Java API packages. Google then wrote its own implementing code, all of which ultimately became part of its ubiquitous Android operating system for mobile devices.

In the first round of litigation, the jury found Google infringed Oracle’s code. The trial court judge vacated that verdict and held that the software code at issue was purely functional and therefore not entitled to copyright protection. But the Federal Circuit reversed, finding that declaring code and the SSO of the Java API packages at issue are entitled to copyright protection. The court remanded the case to back to the lower court to decide issues of fair use and, if appropriate, damages. Google petitioned for Supreme Court review, but the Supreme Court decided not to take the case at that time. Continue Reading

Alicia Bell Published in Modern Restaurant Management: Protecting Your Restaurant’s Intellectual Property Is More Important Than You Think

As the restaurant industry grows, and as customers pay more attention to local and artisan foods and celebrity chefs, there’s an increased interest in protecting recipes, signature dishes, and restaurant brands as intellectual property. In an article for Modern Restaurant Management, Alicia Bell discusses what restaurant owners can do to protect their intellectual property.

To read the full article, click here.

Federal Circuit Strikes Down the Lanham Act’s Ban on Scandalous and Immoral Marks in the Wake of Tam

In the wake of Matal v. Tam, where the Supremes unanimously held that the “disparagement clause” in Section 2(a) of the Lanham Act, 15 U.S.C. § 1052(a), violates the Free Speech Clause of the First Amendment, a three-judge panel of the U.S. Court of Appeals for the Federal Circuit unsurprisingly struck down the Lanham Act’s ban on “scandalous and immoral” marks as unconstitutional in violation of the First Amendment.

In re Brunetti involves a challenge to Section 2(a), which bars registration of marks that consist of or comprise matter that may “disparage. . .persons, living or dead,. . .or bring them into contempt, or disrepute.” This language, which was at issue in Tam, is referred to as the “disparagement provision.” Section 2(a) also bars registration of marks that consist of or comprise “immoral, deceptive, or scandalous matter.” This language is referred to as the “scandalousness provision.” Continue Reading