online : Privacy & Information Security Law Blog

Home > online >

Hunton & Williams Prepares Study for the European Commission on the Interaction between Data Protection Law and Copyright Enforcement

Posted on February 3, 2010 by Hunton & Williams LLP

On February 3, 2010, Christopher Kuner, a partner in Hunton & Williams’ Brussels office and head of the firm’s EU Privacy Practice, presented to the “Stakeholders’ Dialogue on Illegal Uploading and Downloading,” organized by DG Internal Market and Services of the European Commission. Mr. Kuner presented a study which the Hunton & Williams Brussels team prepared for the Commission on the interaction of data protection law and copyright enforcement. The study covers both the legal framework under EU law and the situation in six selected EU Member States (Austria, Belgium, France, Germany, Spain and Sweden). The relationship between data protection and copyright enforcement was a point of contention in the recent amendment of the EU Directive on Privacy and Electronic Communications.

The following are the major findings of the study:

At the European level:

As confirmed by the European Court of Justice in the Promusicae (Productores de Música de España (Promusicae) v. Telefónica de España SAU (C-275/06)) and Tele2 (LSG-Gesellschaft zur Wahrnehmung von Leistungsschutzrechten GmbH v. Tele2 Telecommunication GmbH (C-557/07)) cases, there is no direct legal conflict between the European legal framework for data protection and online copyright enforcement.
However, the Court’s decisions leave open several important questions, such as how to apply the proportionality principle in practice and how to strike a fair balance between the various rights involved (i.e., data protection and the right to property). These issues thus seem to be left to the Member States, and there is little or no harmonization of them at the EU level.

At the Member State level:

IP addresses are generally considered by DPAs and courts to be personal data, although courts in some countries (e.g., France) have taken conflicting positions on this issue.
IP addresses are generally considered to be traffic data, which means that they may only be processed in a limited number of circumstances and for specific purposes (such as billing and invoicing), and that consent is generally required to process them for other purposes (such as online copyright enforcement).
IP addresses processed in the context of online copyright enforcement may be considered to be sensitive data (judicial data), except in Spain.
ISPs cannot store IP addresses for the specific purpose of online copyright enforcement (except in France, where retention for the purpose of making information available to certain governmental authorities is allowed).
The processing of IP addresses by ISPs to pass on infringement warning notices is generally prohibited or subject to strict restrictions.
The general monitoring of P2P networks by right holders resulting in the creation of a database of potential copyright infringers is usually prohibited.
The disclosure of P2P users’ identities by ISPs to judicial authorities in the context of criminal proceedings is generally authorized.
The disclosure of P2P users’ identities by ISPs to right holders for civil enforcement is generally restricted by data protection law. In particular, ISPs generally may not disclose P2P users’ identities to right holders outside the context of judicial (administrative) proceedings.
In most Member States, it seems that little consideration was given to the interaction between data protection rules and implementation of the IP Enforcement Directive.

As the study demonstrates, the relationship between data protection law and online copyright enforcement is far from being settled. This issue will certainly be discussed in the coming months during the ongoing debate on the review of the General Data Protection Directive at the European level, and in the context of the debate around possible graduated response mechanisms at the national level.

Tags: Christopher Kuner, Enforcement, European Commission, European Court of Justice, European Union, IP Enforcement Directive, IP addresses, International, copyright, data protection authority, online

New FTC Blog Guidelines Affect Companies Without Blogs

Posted on October 12, 2009 by Hunton & Williams LLP

On October 5, 2009, the Federal Trade Commission (“FTC”) issued amendments to its Guides for the Use of Endorsements and Testimonials in Advertising (“Guides”). Reactions to the amendment have primarily focused on the provisions that require bloggers to disclose their relationship with companies whose products they endorse. Largely absent from the commentary, however, have been observations regarding theories articulated in the amendments that demonstrate the risk of enforcement for companies that do not have a blog and that do not use third-party bloggers for promotion.

The Guides address the application of Section 5 of the FTC Act to the use of endorsements and testimonials in advertising. Although the Guides provide a basis for voluntary compliance with the law by advertisers and endorsers, practices inconsistent with them may result in enforcement action by the FTC. The Guides set forth general principles that the FTC intends to use in evaluating endorsements and testimonials, together with examples illustrating the application of those principles.

First issued in 1975 and 1980, these Guides generally require that endorsements reflect the honest opinion of the endorser and not contain representations that would be deceptive if made by the advertiser. In November 2008, the Commission proposed amendments to the Guides, including changes to clarify the obligations of bloggers and other users of new communication technologies and advertising strategies. In the final Guides, as under the pre-amendment Guides, when an expert or celebrity receives payment to endorse a company’s product in advertisements, the company does not need to explicitly disclose the fact of the payment in advertisements, since the public generally understands that experts and celebrities endorse products because they are paid to do so. Conversely, when a non-expert or non-celebrity endorses a product (e.g., a “man-on-the-street” testimonial), any payment must be disclosed, since the public generally does not expect such endorsement to have been influenced by payment. The amended Guides provide a new example of this principle in the online context: an employee of a manufacturer of MP3 players visits an online MP3 discussion board and posts comments promoting her employer’s products without disclosing the employment relationship. As a result, whether or not a company has its own blog or engages third-party bloggers, there may be some risk of enforcement based on employee activities. The amendment explains that the employee should disclose the relationship, since knowledge of the poster’s employment likely would affect the weight or credibility of her endorsement. The scope of the amendments suggest that the FTC’s view on this matter would extend to promotional comments made by persons with such undisclosed material connections to the promoted company in any emerging communications tool, such as online discussion boards, blogs, social networking sites, Twitter, etc.

To mitigate risk given the FTC’s new focus on this sort of activity, businesses may wish to (i) require their employees to disclose the employment relationship when making online comments that promote the employer or its products, (ii) require that such comments be vetted by the business, or (iii) prohibit employees from making online comments. Businesses should also consider training employees on any such policies that the business may establish.

Tags: Blog, Enforcement, FTC, Internet, Marketing, Online Privacy, advertisement, advertising, endorsement, guidelines, online, social networking

Draft Recommendation on Online Profiling in the Private Sector

Posted on October 5, 2009 by Hunton & Williams LLP

On October 2, the Council of Europe's Consultative Committee of the Convention 108 on Data Protection ("T-PD") for the first time made publicly available its "Draft Recommendation on the Protection of Individuals with regard to Automatic Processing of Personal Data in the Framework of Profiling." When it is finalized, the Draft Recommendation will be one of the first documents dealing with online profiling in the private sector issued by an international organization. The International Chamber of Commerce ("ICC"), which has observer status in the T-PD, has been working to obtain increased private-sector input during drafting, via its chairman Christopher Kuner of Hunton & Williams. The Council of Europe is now soliciting comments on the draft from the private sector, which should be submitted by the end of October.

Comments on the Draft Recommendation should be sent to Kateryna Gayevska of the Council of Europe Secretariat at Kateryna.GAYEVSKA@coe.int.

Tags: Council of Europe Consultative Committee, European Union, International, International Chamber of Commerce, online, profiling

Report Finds America Rejects Targeting Setting-Up Policy Debate

Posted on October 1, 2009 by Hunton & Williams LLP

In its announcement that it would convene a series of public roundtables to address developing privacy issues, the Federal Trade Commission requested empirical data on consumer privacy expectations. In response to that request, researchers at the University of California at Berkeley and the University of Pennsylvania have released a study entitled "Americans Reject Tailored Advertising." Survey data reported in the study found that 66% of Americans reject targeted advertising online; 86% reject such ads when told they are made possible through online data collection. The study also makes the case that Americans would like much stricter laws governing the data collected online and higher penalties for failures to comply.

The study did not explore consumers' perceptions of the role played by targeted advertising in providing free content to users or their willingness to pay for content in the absence of that advertising support. The House Energy and Commerce Committee has announced its intent to address these issues in the current session of Congress. In the absence of alternative empirical data, this study will feature prominently in the policy debate about regulating behavioral targeting in the U.S. and Europe.

Tags: Behavioral Advertising, Federal Trade Commission, House Energy and Commerce Committee, Online Privacy, advertising, behavioral targeting, consumer privacy, online, policy

Maine Enacts Comprehensive New Law Restricting Marketing to Minors

Posted on August 14, 2009 by Hunton & Williams LLP

On September 12, 2009, Maine’s Act to Prevent Predatory Marketing Practices Against Minors (the “Act”) will take effect. The Act prohibits businesses from knowingly collecting or receiving a minor’s health-related information or personal information for marketing purposes without first obtaining verifiable parental consent. Businesses are also prohibited from using any health-related information or personal information regarding a minor for the purpose of marketing a product or service to the minor. Pursuant to the Act, the use of information in such a manner is a predatory marketing practice, which may be sanctioned as an unfair trade practice. The law also allows individuals subject to unlawful data collection or predatory marketing practices to bring a private right of action against violators.

For businesses, the implications of Maine's new data collection and marketing restrictions are far-reaching. The scope of the law covers both online and off-line marketing activities, and the broad definition of personal information includes a minor’s name in combination with any information concerning the minor. In light of the Act’s restrictive requirements and considerable scope, businesses would be well-advised to evaluate their current marketing practices and age verification mechanisms. The text of the law is available here.

Tags: Act to Prevent Predatory Marketing Practices Against Minors, COPPA, Information Security, Maine, Marketing, State Law, health, online, parental consent, personal information

UK Information Commissioner Initiates Dialogue on Online Privacy

Posted on June 12, 2009 by Hunton & Williams LLP

The UK Information Commissioner is initiating a consultation to develop a code of practice that will help companies address online privacy issues. It is anticipated that the code will provide guidance on the following matters:

Operating a privacy-friendly website
Rights and protections for individuals
Privacy choices and default settings
Cyberspace and territoriality

The UK Information Commissioner's Office has requested that interested parties host discussion sessions. Hunton & Williams' London office, together with the firm's Centre for Information Policy Leadership, will be involved. Companies that are interested in participating should contact Bridget Treacy at btreacy@hunton.com or Paula Bruening at pbruening@hunton.com.

Tags: European Union, International, Online Privacy, UK ICO, UK Information Commissioner, code of practice, cyberspace, online

Is User-Generated Content on Trial? Google Executives Face Criminal Proceedings

Posted on February 13, 2009 by Hunton & Williams LLP

The Criminal Court of Milan has suspended proceedings against four Google executives to allow time to address relevant procedural considerations. The proceedings mark the culmination of a two-year investigation conducted by Italian authorities. The investigation focused on video footage made available on Google Video that depicted a disabled boy being taunted by his fellow classmates. As result of the video footage, Google executives face charges of defamation and privacy infringement.

For purposes of the criminal proceedings, Google is considered an internet content provider. Under the Italian penal code, internet content providers are distinct from internet service providers and bear responsibility for the content they make available online. As such, the Italian Prosecutor in the Google case has argued that companies are responsible for all content on their site. These charges raise questions about potential criminal liability for other online companies that allow user-generated content, such as providers of social networking sites.

The Criminal Court proceedings are expected to begin in Milan on February 18, 2009.

Tags: Enforcement, European Union, Google, International, Internet, Milan, Online Privacy, online, video

Privacy & Information Security Law Blog

Unless otherwise noted, attorneys not certified by the Texas Board of Legal Specialization.

The Hunton & Williams law firm's Privacy and Information Management practice includes attorneys who provide services related to privacy law and information security. Our lawyers practice in all areas of privacy and information security, including: state and federal privacy law compliance; EU data protection compliance, including global data transfer mechanisms such as the U.S. Safe Harbor program and model clauses; HIPAA compliance, including the Privacy Rule and Safeguards Rule; GLBA compliance, including the Privacy Rule and Safeguards Rule; FCRA compliance, including disclosure of consumer reports, Affiliate Marketing Rule compliance, and Red Flags Rule compliance; e-commerce issues such as CAN-SPAM, TCPA, mobile marketing, other direct marketing and behavioral advertising; response to and preparation for information security breaches, including breach notification; workplace privacy, such as employee monitoring; identity theft; records management, records retention, and records disposal; online privacy such as COPPA compliance and website privacy notices; e-discovery; and FTC or other government enforcement actions.

Privacy & Information Security Law Blog : Privacy Lawyer & Attorney : Hunton & Williams Law Firm : Personal Data, Information Security

Published By
Hunton & Williams

Global privacy and information security law updates and analysis