Website Compliance 2009

Website Compliance:Website Compliance:

Privacy Policies, DMCA Safe Harbor, Privacy Policies, DMCA Safe Harbor,

Terms of ServiceTerms of Service

Fulwider Patton LLPFebruary 18, 2009 – Los Angeles, CA

SPEAKER: Scott R. Hansen, Esq.

Website Compliance

• Privacy Policy

• Terms of Use

• Safe Harbor from Copyright Infringement: DMCA

Privacy Policy

• Policy under which:– A company or

organization – operating a web

site – handles the

personal information

– collected about visitors to the site

Privacy Policy Examples

• http://www.google.com/intl/en/privacy.html

• https://www.bankofamerica.com/privacy/Control.do?body=privacysecur_cnsmr

Why Privacy?

• Protects integrity of customer's personally-identifiable information

• Customer can control disclosure to 3rd parties

• Customer can avoid being bothered with advertisements when they don't want to be contacted 

Personally Identifiable Information

• name• age • address • phone number • credit card number• bank names• account numbers • health history• job information• etc.

Goals of Privacy Policy

• Reassure customers

• Explain:– why you want information– what you will do w/it

• Allay concerns with a clear, efficient Privacy Policy

Privacy Policy: Some Sections

• 1) What types of information you collect and how you use it

• 2) Why your server and online operations are secure

• 3) Let customers opt out

Privacy Policy Sections (cont.)

• 4) Let customers view and edit their personal information 

• 5) Policy changes

• 6) Who to contact

w/questions

Privacy Policy Sections (cont.)

• 7) Write a privacy policy that people can understand  

Rule of Thumb

• ‘Keep it simple’

• Be Straightforward

• Honest & Complete

Special Issues With Children

• Child Online Protection Act (COPA)– Applies to Information Collected from

Children Under 13– Many requirements (parental notification,

etc.)• Most Simply Don’t Collect Info from Children

under 13

Example

• Los Angeles Times– "If you are under 13 years of age you may

read this message board, but you may not participate."

Special Issue: Financial Institutions

• California Financial Information Privacy Act

• Customer can "opt-out" of information-sharing between affiliated institutions

• Customer must “opt in” for sharing of info w/nonaffiliated third parties

• Controversial, bouncing around the courts

Privacy Policy Enforcement

• Mrs. Fields Cookies matter

• FCC

• California Office of Privacy Protection

Privacy Policy Certification

• TRUSTe– Outside company reviews your privacy

policy– Allows you to display the TRUSTe seal

Protection from Copyright Infringement

• Digital Milenium Copyright Act of 1998 (“DMCA”)

• Process to Avoid Copyright Infringement Lawsuits (“Safe Harbor”)

DMCA SAFE HARBOR

• Valuable for web sites that allow users to upload and display text, graphics or other content

• Steps to protect website owners from copyright infringement liability

US Copyright Law

• owner of a copyright has exclusive rights:– right to reproduce the copyrighted work,– right to prepare derivatives of the work– right to distribute copies of the work to the

public– right to display the work publicly.

Copyright  Infringement 

• strict liability statute

• innocent infringement not a defense

Potential Copyright Infringement Liability

• Problem– Users upload a copyrighted work without a

license to do so

• Example– User uploads drawing of Mickey Mouse.

Violates copyright of Disney

What to Do?

• User Agreement– Make User Agree Not to Infringe

Copyrights– Make User Agree to Indemnify Website

• Problem– Doesn’t Shield Website Owner

What to Do? (cont.)

• Monitor all uploads

• Delete infringing material before the material is displayed to the public

• Problem: Too much time & expense

Solution: DMCA Safe Harbor

• Digital Millennium Copyright Act (“DMCA”) 17 U.S.C. §512

DMCA Safe Harbor (cont.)

• Simplest & Cheapest Approach– Comply with requirements of DMCA; and

– Take appropriate action after receiving notice of copyright infringement

– Will not be liable for money damages for users' uploaded content

DMCA

• Title 17, US Code, § 512(c)(1):

"a service provider shall not be liable for monetary relief, or . . . for infringement of copyright by reason of the storage at the direction of a user of material that resides on a system or network controlled or operated by or for the service provider." 

DMCA “Service Provider”

A service provider is "a provider of online services or network access, or the operator of facilities therefor" and an "entity offering the transmission, routing, or providing of connections for digital online communications, between or among points specified by a user, of material of the user's choosing, without modification to the content of the material as sent or received."  17 U.S.C. § 512(k)(1)

DMCA Does Not Apply!!!!

• Service provider knows that the material is infringing;

• Is aware of facts or circumstances from which infringing activity is apparent; or

• Does not quickly remove or disable access to the material upon obtaining knowledge or awareness of the infringing material.

DMCA Does Not Apply!!! (cont.)

• service provider has right and ability to control the infringing activity and

• receives financial benefit directly attributable to the infringing activity, then

• service provider will not be protected by Section 512 of the Digital Millennium Copyright Act.

Other DMCA Requirements

• Must have agent for service of copyright infringement claim

• Must post contact info for agent of service

• Must register agent contact information with the Copyright Office– Go to Copyright Office website– Fill out a form– Send in money

Take Down Procedure

• Take down copyrighted material “expeditiously”

Protection Against Claims by Users

Service provider will "not be liable to any person for any claim based on the service provider's good faith disabling of access to, or removal of, material or activity claimed to be infringing or based on facts or circumstances from which infringing activity is apparent, regardless of whether the material or activity is ultimately determined to be infringing."  17 U.S.C. § 512(g)(1)

Terms of Service

Terms of Service

• Rules by which one must agree to abide by in order to use a service.

• Such terms may be legally binding

• Examples: eBay and PayPal– high level of community trust – transactions involving money

Terms of Use Generally Covers

• Acceptable user behavior online

• Company's marketing policies

• DMCA Notification of Take Down policy and Agent

•  Copyright notices

Penalties for Violation of ToS

• Banish From Site

• Report to Authorities

• Civil Liability

• Criminal Penalties

Resources• Privacy Policies

– TRUSTe Privacy Policy Certification• www.TRUSTe.org

– California Office of Privacy Protection • http://www.oispp.ca.gov/consumer_privacy/online.asp

– Center for Democracy and Technology, CDT's Guide to Online Privacy

• www.cdt.org/privacy/guide/

– Electronic Privacy Information Center, Online Privacy Tools

• www.epic.org/privacy/tools.html

Resources (cont.)

• DMCA Safe Harbor– Wikipedia Explanation of DMCA at

• http://en.wikipedia.org/wiki/Digital_Millennium_Copyright_Act

– Text of Section 512 (“Safe Harbor”)• http://www4.law.cornell.edu/uscode/17/512.html

– Responding to Take Down Notice• Fair Use Network (NYU School of Law)

– http://fairusenetwork.org/reference/td.php

Resources (cont.)

• General Internet Law– See Books by Prof. Michael D. Scott,

Southwestern University School of Law• INTERNET AND TECHNOLOGY LAW DESK

REFERENCE

8th ed. (Aspen Publishers, 2007)

• SCOTT ON INFORMATION TECHNOLOGY LAW, 3rd ed. (Aspen Publishers, 2006)