Read Mark Quist’s post on Massachusetts data privacy legislation on our sister blog, Technology Law Dispatch.
Douglas Wood, Reed Smith Partner and General Counsel to the Association of National Advertisers, Discusses Growth Issues Facing Brands For 2019
Douglas Wood published an article for the Association of National Advertisers on January 2nd titled “Growth in 2019: A Legal Perspective.” In the article, Doug discusses how legal issues will affect brands and growth in years to come and provides an outlook on legal challenges marketers who care about growth need to keep in mind in 2019. A copy of the article is available here.
Jason Gordon Discusses 2019 Advertising Law Trends in Law360 Article
Jason Gordon and Andrew Levad published an article in Law360 this week titled, “6 Advertising Law Trends To Watch In 2019.” A copy of the article is available here. You may also view a PDF copy of the article here.
Federal Court Tosses TCPA Suit Over Hotel Booking Text Messages
Posted in In the Courts, Industry, InternationalA California federal court granted Singapore-based hotel booking firm Agoda Company Pte. Ltd.’s (“Agoda”) motion for summary judgment in a case involving alleged violations of the Telephone Consumer Protection Act (“TCPA”). The plaintiff alleged that the confirmation text he received after booking travel on Agoda’s website [“Good news! Your Agoda booking [number] is confirmed. Manage your booking with our free app (alongside a link to download the app)] was a violation of the TCPA because, in part, the message was a telemarketing message sent without plaintiff’s consent. The court agreed with Agoda’s argument that despite the confirmation text message being sent by an automated dialing system and the including a link to Agoda’s website, the message was not advertising under the TCPA – instead it was a message tied to the plaintiff’s existing transaction. Moreover, the court noted that the plaintiff provided Agoda with his phone number and consented to receiving the text messages in accordance with Agoda’s terms of use and privacy policy.
Takeaway: Companies should note that some courts may find that a link to the company’s app sent along with a confirmation text does not rise to advertising or telemarketing under the TCPA, however, as we have previously written, the plaintiff’s bar continues to be very active in this space.
Federal Court Tosses False Advertising Suit Over Angie’s List Rankings
Posted in In the Courts, IndustryA Kansas federal court granted Angie’s List’s motion to dismiss a class action lawsuit alleging false advertising, finding that most of plaintiff’s claims were time-barred and the rest were not properly pled. The owner of a tree trimming business spent over $200,000 in advertising on Angie’s List from 2005 and 2013. According to the plaintiff, Angie’s List’s business model misleads consumers by not revealing that the ranking of businesses is heavily influenced by how much such member businesses pay Angie’s List. Further, plaintiff also alleged that Angie’s List engaged in deceptive practices by improperly giving consumers a negative impression of its business over an extended period of time prior to plaintiff ceasing advertising on Angie’s List.
In dismissing plaintiff’s lawsuit, the court determined that the plaintiff failed to show that the statements on Angie’s List’s website were made for purposes of influencing consumers to buy defendant’s goods or services. The court stated “At best, plaintiff [Strauss] has plausibly pled that the 2016 [Angie’s List] website statements influenced consumers to buy the goods or services of a tree care business other than plaintiff [Strauss], but not the goods or services of defendant.”
Takeaway: Companies with websites containing consumer reviews may wish to consider disclosing how the rankings are determined, if factors other than the review itself determine the ranking.
Litigation in the Forecast for Weather Channel App
On January 3, the city of Los Angeles accused TWC Product and Technology, LLC (“TWC”) (an International Business Machines Corporation subsidiary) of violating millions of American consumers’ privacy. In the civil lawsuit, Los Angeles City Attorney Michael Feuer alleged TWC misled users of its Weather Channel app to turn on precise location tracking by suggesting, according to the complaint, that the data would only be used to provide local weather reports. Los Angeles contends that TWC failed to alert consumers that geolocation data would be shared with third parties for other purposes, including targeted advertising and consumer behavior analysis.
The city acknowledged that the app’s privacy policy “vaguely” discloses that geolocation data may be transmitted to third parties for various commercial purposes. Nevertheless, the city asserted that consumers had no reason to search for that disclosure because the app requests permission to track precise location data without disclosing that the data will be used for purposes unrelated to weather forecasts. Furthermore, the city argued, the disclosure is buried in the privacy policy and would be difficult to identify even if it were sought after.
It is apparently the city’s belief that TWC’s failure to adequately disclose how geolocation data would be used, coupled with allegedly misleading claims about the use of that data, constitutes a violation of California’s Unfair Competition Law according to the city. Damages sought include civil penalties of up to $2,500 per violation of the law, and an injunction prohibiting TWC from continuing the ostensibly fraudulent business practices. As the owner of one of the most downloaded weather apps, TWC could face significant monetary penalties if the city wins the case.
TAKEAWAY: As consumers and government officials continue to prioritize data security and privacy, companies may want to review their data collection practices. This is particularly important for companies that track geolocation data given regulators’ increasing concern over this sensitive information.
Five Companies Settle Privacy Case With NY AG Over Apps
Posted in Industry, Regulatory - United StatesThe New York Attorney General settled cases with five companies – Equifax, Western Union, Priceline.com, Spark Network and Credit Sesame – for having mobile apps that failed to keep sensitive user data secure when transmitted over the Internet. The companies’ mobile apps suffered from a well-known security vulnerability that could have allowed hackers to intercept users’ sensitive information such as passwords, social security numbers, credit card numbers and bank account numbers.
The settlements, which do not impose fines, require the companies to implement comprehensive data security programs to address the mobile apps’ security flaws that left the apps vulnerable to fairly well-known hacking techniques. Although the companies represented to users that it would use reasonable security measures to protect users’ information, certain versions of the companies’ apps failed to properly authenticate SSL/TLS certificates, which help establish a secure connection between a mobile device and computer server. This failure left app users who had connected to public Wi-Fi networks vulnerable to so-called “man-in-the-middle attacks,” in which a hacker impersonates a company’s servers and intercepts information users type into the app. Despite this data security representations to users, the companies failed to sufficiently test whether their mobile apps had this vulnerability.
The settlements are part of the New York Attorney General’s initiative to find and patch security vulnerabilities before user information is compromised.
Takeaway: As we have previously written, federal and state regulators appear to be ramping up their enforcement against companies who fail to provide sufficient data security policies to protect users’ information.
Washington D.C. Proposes Auto-Renewal Bill
Posted in Industry, What We're ReadingWashington D.C. is seeking to impose new burdens on businesses offering goods and services with automatic renewal provisions. The bill was submitted to the Mayor’s office, and we expect a response around January 14, 2019.
If passed, the bill would require businesses to disclose the automatic renewal provisions and cancellation procedure in contracts with consumers. If the automatic renewal term is 12 months or more and would automatically renew for a term of one month or more, businesses would further be required to notify consumers by mail or email of the automatic renewal provision. Such notice would need to be sent 30-60 days before the cancellation deadline, and contain certain required disclosures. Importantly, if the notice is provided by email, businesses would also need to include an active weblink to allow the consumer to cancel the automatic renewal.
The bill also places requirements on businesses offering free trials with automatic renewals, including notification of the automatic renewal before the expiration of the free trial period, and a requirement that the business obtain consent to the automatic renewal before charging the consumer.
TAKEAWAY: Automatic renewal provisions continue to be a hot topic for regulators and legislators. In addition to complying with the Restore Online Shoppers’ Confidence Act, advertisers should be aware of current and pending state law requirements, including California’s automatic renewal law and this proposed bill in Washington D.C.
Who Owns That Dance Move?
Posted in In the CourtsOn December 5th, 2018, Terrence Ferguson, better known as 2 Milly, filed a complaint in the United States District Court for the Central District of California alleging that Epic Games, Inc. committed copyright infringement and violated right of publicity and unfair competition laws by implementing the “Milly Rock” dance into their free-to-play video game Fortnite.
2 Milly gained recognition when he released the sound recording “Milly Rock” in 2015. The track appeared on the iTunes top 200 chart, with its popularity mainly stemming from the music video that accompanied its release. In the music video for “Milly Rock,” 2 Milly and his accompanying dancers swing their arms in a circle and rock their hips back and forth. This simple-yet-immediately-identifiable dance became known as the Milly Rock. The dance has since been repeated by celebrities and athletes and has become a staple in the arsenal of hip-hop dancers.
Since 2 Milly filed his complaint, two other artists have come out and filed strikingly similar complaints against Epic Games, Inc.: Russell Horning, better known as “Backpack Kid,” and Alfonso Ribeiro, recognizable for his role as Carlton Banks on The Fresh Prince of Bel-Air. Horning’s mother, on Russell’s behalf, has launched claims against Epic for their use of the “Floss Dance” in their game, and Ribeiro has done the same for Epic’s use of the “Carlton Dance.”
In 2017, Epic Games, Inc. released Fortnite, which quickly became most well known for its free-to-play “battle royale” mode. While Fortnite found its popularity in its accessible game mechanics, the game has also seen great fan recognition for its “emotes.” Emotes, or short animated sequences during which a player’s avatar dances, celebrates, or shows any other emotion on-screen, have been a significant source of revenue for Epic as the company sells these emotes for a premium virtual currency available through “micro-transactions.” While Fortnite’s most popular game mode may be free-to-play, the cosmetic items available for sale through the in-game items shop, including emotes, have made Fortnite one of the most profitable video games in history. To appeal to its young core audience, Epic Games usually takes inspiration for Fortnite’s emotes from popular dances or viral videos.
Since Fortnite’s release, the “Carlton Dance,” the “Floss Dance,” and the “Milly Rock” dance have all been incorporated into the game and made available for sale. The artists claim that Epic has taken their copyrighted choreographic routines and exploited their right of publicity without permission. Further, Russell Horning claims trademark infringement, trademark dilution, and false designation of origin.
Though the category of “choreographic works” was given explicit copyright coverage under the 1976 Copyright Act, courts, including the 9th Circuit, have not yet drawn clear lines to indicate what qualifies as a choreographic work. Legislative history and recent legal trends indicate that “social dance steps” and “simple routines” do not fall under the “choreographic works” protective umbrella; section 450.03(a) of the Copyright Office Practices, Compendium II (1984) specifies: “for example, the basic waltz step, the hustle step, and the second position of classical ballet are not copyrightable.” However, in the ever-evolving landscape of copyright law where each work is evaluated on a case-by-case basis, any of these dances could shift the paradigm regarding the inclusion of popular dances in video games. As our colleague Gregor Pryor has stated, “whether Fortnite’s emotes are an homage or infringement will remain uncertain until tested in court.”
More intriguing questions arise in the claims of violations of the artists’ respective rights of publicity. California has both common law and statutory claims for right of publicity violations. The artists are seeking relief through both of those avenues, along with unfair competition, under California law. For the artists to succeed under theses causes of action, they will need to show that the respective dances are closely linked to their likeness or “identity.” This test will require a court to examine each dance on an individualized basis to evaluate just how closely those moves are associated with the artists and their identities. There is a long history of cases citing support for First Amendment protection for video games, but ultimately the court will perform a balancing test between First Amendment implications and the artists’ rights of publicity. The fact that the depictions of the artists are not literal will be helpful for Epic’s defense.
Russell Horning is the only complainant thus far to launch a claim for trademark infringement, trademark dilution, and false designation of origin. In his complaint, Horning claims to have created the “Floss Dance.” Months ago, fans of Fortnite started their own Internet investigation to determine when the first person recorded the dance, and they have found that the dance existed long before Horning launched it into the spotlight with his performance during Katy Perry’s appearance on Saturday Night Live. Horning also claims to have a common law trademark on the term “Floss” when associated with a dance. To succeed on these claims Horning will have to convince the court that the term “Floss” is associated with products or services introduced into commerce by him.
While the plaintiffs present strikingly similar complaints and are represented by the same counsel, each one presents its own interesting question to the court. Horning claims to have created the “Floss Dance” and have a common law trademark over the dance. Ribeiro was an actor when he performed his dance, and generally, actors do not own their performances if the production studio took industry-standard steps, which will likely lead to an argument over ownership of the dance. 2 Milly’s dance has become so popular that many people may not even know where the “Milly Rock” originated.
While these Fortnite cases are the latest and loudest legal issue that Epic Games has faced over Fortnite’s in-game item shop, this is not the first time Epic has faced this issue. Though details of the out-of-court dealings have not been confirmed, Gabby David, the creator of a dance routine that was introduced into the game under the name “Electro Shuffle,” is rumored to have settled with Epic Games in early 2018 over a similar issue. Fortnite has sourced its emotes from plenty of popular dance moves, and it would not be surprising to see others like the artists that have filed complaints and Gabby David coming forward to get a piece of the Fortnite pie.
Takeaway: These three artists, though they have launched similar complaints against Epic, have very different cases. 2 Milly has a simple dance that he created that he believes was taken from him. Alfonso Ribeiro performed a dance on a show while acting, and hopes to recover for that to which he believes he has ownership rights. Russell Horning claims to have invented a dance, and although that may not be true, he arguably brought that dance into the public consciousness. Now the issue is in the hands of the legal system to answer who owns these dance moves, if anyone. Video game and other content creators may see a slew of new complaints if any of these artists are successful in their claims.
Ready Tech Settles Privacy Shield Case with FTC
Posted in Industry, Regulatory - United StatesLate last year, the Federal Trade Commission (“FTC”) settled another enforcement action over false claims under the EU-U.S. Privacy Shield framework (the “Privacy Shield”). The FTC alleges that Ready Tech Corporation, a provider of online and instructor led training (“Ready-Tech”), falsely claimed in its privacy policy on its website that it was in the process of certifying its compliance under the Privacy Shield. Although Ready-Tech initiated an application in October 2016, it did not complete the steps necessary to participate in the Privacy Shield framework. As part of the settlement, Ready-Tech is prohibited from misrepresenting its participation in any privacy or security program sponsored by the government or any self-regulatory or standard-setting organization, including but not limited to, the Privacy Shield.
TAKEAWAY: Advertisers who wish to tout compliance with the Privacy Shield must ensure that in addition to applying for self-certification, they must also undertake steps including: (i) developing a compliant privacy policy statement consistent with Privacy Shield principles, (ii) designating a contact for the handling of questions, complaints, access requests and other issues arising under the Privacy Shield, and (iii) identifying an independent recourse mechanism to investigate unresolved consumer complaints at no cost to the consumer. Annual re-certification with the U.S. Department of Commerce is also required.
