Business Law
Selected Developments in Business Law — Internet Law and Practice in California
Courtesy of CEB, we are bringing you selected legal developments in areas of California business law that are covered by CEB’s publications. This month’s feature is from the July 2020 update to Internet Law and Practice in California. References are to the book’s section numbers. The most significant legal developments since the last update include developments in such important topic areas as copyright, patent, domain names and trademark, independent contractor classification, social media, privacy, Internet advertising, and litigation issues.
July 2020 Update
Copyright
Knowledge can also include willful blindness. Specifically, actual knowledge requires showing either “actual knowledge of specific acts of infringement” or “willful blindness of specific facts” demonstrating infringement.” Erickson Prods., Inc. v Keck (9th Cir 2019) 921 F3d 822, 832. The Ninth Circuit defined willful blindness as taking “deliberate actions to avoid confirming a high probability of wrongdoing and who can almost be said to have actually have known the critical facts.” 921 F3d at 833. See §§1.27A, 1.29, 1.35.
There do appear to be limits concerning how far a court will go to infer implied consent. One federal district court has held that an implied license must still meet the elements of an express license (i.e., offer, acceptance, and consideration). Furie v Infowars, LLC (CD Cal 2019) 401 F Supp 3d 952, 968. This means the copyright holder must give permission to the licensee, and that permission will not be inferred from industry practice. See §1.32.
In Bell v Wilmottt Storage Servs. (CD Cal, July 1, 2019, No. 18-7329-CBM-MRV), the federal district court held the storage of an unlawful copy of a photograph that was not incorporated into a webpage (i.e., that could only be accessed by knowing the URL or by crawling the website or reverse image search) was a “de minimis” use. See §1.33A.
To demonstrate fraud on the copyright office, the defendant must show that the plaintiff “knowingly” included inaccurate information in the copyright application and that such information would have caused the Copyright Office to refuse registration. 17 USC §411(b)(1). In any case in which inaccurate information is alleged, the court is required to consult with the Copyright Office to determine whether the Copyright Office would have refused the registration. 17 USC §411(b)(2). Simple misstatements or clerical errors are insufficient. Abandonment occurs when a copyright holder intentionally relinquishes its copyright with knowledge of its rights and with the intent to relinquish the copyright in the copyrighted work. Furie v Infowars, LLC (CD Cal 2019) 401 F Supp 3d 952, 963. See §§1.33B, 1.33C.
In re DMCA Subpoena to Reddit (ND Cal 2019) 383 F Supp 3d 900 involved a post on a Reddit forum for former members of the Jehovah’s Witnesses. The Reddit user posted a Jehovah’s Witness advertisement with a title to the post that read as follows: “WHAT GIFT CAN WE GIVE JEHOVAH? … guess what? … WT Magazine November 2018, ‘Full Backpage Advert.'” 383 F Supp 3d at 914. The Reddit user—who was a current member of the Jehovah’s Witnesses—claimed that the post was meant to stimulate debate about the Jehovah’s Witnesses’ fundraising methods. The court found that the Reddit user’s post did not transform the advertisement but, since the use was noncommercial and the stated purpose was to evoke conversation, the first fair use factor favored the Reddit user. See §§1.45C, 1.87.
The fair use defense may serve as a bar to the enforcement of foreign judgments under California’s Recognition Act (CCP §§1713–1725). See De Fontbrune v Wofsy (ND Cal 2019) 409 F Supp 3d 823. California’s Recognition Act allows the enforcement of foreign judgments when the plaintiff proves that the judgment (1) grants a sum of money; (2) is final, conclusive, and enforceable under the laws of that country; and (3) is not a judgment for taxes, a fine, or other penalty, or one arising from domestic relations. Once the plaintiff satisfies that burden, it is up to the defendant to challenge the judgment. One way to challenge the judgment is to demonstrate that the judgment is directly repugnant to the laws of California or the United States. Since the fair use doctrine embodies First Amendment principles, demonstrating that the use was fair under U.S. law is one way to avoid enforcement of a foreign judgment. In De Fontbrune, the defendant was able to avoid enforcement of a French judgment for copyright infringement because the French court did not consider principles of fair use, which does not exist under French law. See §1.55A.
If the licensee or end user is unaware that the copyrighted work is subject to a license, the first sale doctrine may apply. Cisco Sys., Inc. v Beccelas Etc. LLC (ND Cal 2019) 403 F Supp 3d 813, 829. In Cisco, the district court held that the first sale doctrine would apply if purchasers of hardware containing software that was subject to a license were not made aware of the license prior to purchase. See §1.56.
Patents
In SRI Int’l, Inc. v Cisco Sys., Inc. (Fed Cir 2019) 930 F3d 1295, the Federal Circuit found that claims directed toward “using a plurality of network monitors that each analyze specific types of data on the network and integrating reports from the monitors—to solve a technological problem arising in computer networks: identifying hackers or potential intruders into the network” were sufficient to pass the first step of the Alice/Mayo test. 930 F3d at 1303. Like the court in Enfish, LLC v Microsoft Corp. (Fed Cir 2016) 822 F3d 1327, the court found that the claims were directed toward improvements of a computer’s capabilities. See §2.18A.
In ChargePoint, Inc. v SemaConnect, Inc. (Fed Cir 2019) 920 F3d 759, 766, the court ruled that claims directed toward an apparatus to turn electricity on and off remotely for an electric vehicle constituted an abstract idea. In coming to this conclusion, the court was focused on what the invention was “directed to.” 920 F3d at 767. Turning to the specification, the court determined that the invention was “nothing more than the abstract idea of communication over a network for interacting with a device, applied to the context of electric vehicle charging stations.” 920 F3d at 768. The court also noted that “the specification never suggests that the charging station itself is improved from a technical perspective, or that it would operate differently than it otherwise could.” 920 F3d at 768. See §2.18A.
Domain Names and Trademarks
A bad faith intent to profit can sometimes be established by conduct following registration of the domain name. For example, in VisualDynamics, LLC v Chaos Software Ltd. (WD Ark 2018) 309 F Supp 3d 609, the registrant had secured domain names consisting of the counterclaim plaintiff’s flagship mark and a generic top-level domain in good faith in anticipation of reselling the counterclaim plaintiff’s software. But the resale agreement was later terminated. In these circumstances, the federal district court found on summary judgment that even though the registrant may have registered the domain names in good faith initially, the registrant’s continued use of those domain names was in bad faith. After the resale agreement had been terminated, the registrant had no reasonable grounds to believe that its use of the domain names was a fair use or otherwise lawful. 309 F Supp 3d at 623. See §3.23.
Although 15 USC §1052 prohibits the registration of “immoral” or “scandalous” marks, the U.S. Supreme Court recently struck down the ban on immoral and scandalous marks in Iancu v Brunetti (2019) ___ US ___, 139 S Ct 2294, as unconstitutional under the First Amendment. See §3.32.
Classification of Independent Contractors
In Dynamex Operations W., Inc. v Superior Court (2018) 4 C5th 903, for purposes of claims asserted under California’s wage orders, the court essentially scrapped the nearly 30-year-old common law right-to-control test, articulated by the court in S.G. Borello & Sons, Inc. v Department of Indus. Relations (1989) 48 C3d 341, for determining whether a worker is an employee or an independent contractor. The Borello test applied multiple factors to determine whether a worker qualifies as an independent contractor (see §4.15). In its place, the court adopted the “ABC” test. The ABC test in the Dynamex decision was codified by the California State Legislature in 2019 with the enactment of AB 5 (Stats 2019, ch 296). Assembly Bill 5 specifically codified the presumption of employee status in Dynamex and added Lab C §2750.3, among other things. Labor Code §2750.3(a)(1) sets forth the ABC test, but Lab C §2750.3(b) expressly excepts a number of specified professions and job categories. See §4.13.
In Vazquez v Jan-Pro Franchising Int’l, Inc. (9th Cir 2019) 939 F3d 1045, the Ninth Circuit certified the question whether Dynamex applies retroactively to the California Supreme Court, which has agreed to decide the issue. See Vazquez, Roman & Aguilar v Jan-Pro Franchising Int’l, Inc. (Feb. 26, 2020, No. S258191) ___ C5th ___, 2020 Cal Lexis 1421. Two California courts of appeal previously held that the Dynamex decision does apply retroactively. See Gonzales v San Gabriel Transit, Inc. (2019) 40 CA5th 1131; Garcia v Border Transp. Group, LLC (2018) 28 CA5th 558. See §4.14A.
As noted above, the ABC test in the Dynamex decision was codified by the California State Legislature in 2019 with the enactment of AB 5 (Stats 2019, ch 296). Assembly Bill 5 specifically codified the ABC test for employee status in Dynamex by adding Lab C §2750.3. Under the ABC test, a worker is considered an independent contractor only if the hiring entity shows that all of the following conditions are satisfied (Lab C §2750.3(a)(1)):
(A) The person is free from the control and direction of the hiring entity in connection with the performance of the work, both under the contract for the performance of the work and in fact.
(B) The person performs work that is outside the usual course of the hiring entity’s business.
(C) The person is customarily engaged in an independently established trade, occupation, or business of the same nature as that involved in the work performed.
See §4.14A.
In Olson v State of Cal. (CD Cal, Feb. 10, 2020, No. CV 19-10956-DMG (RAOx)) 2020 US Dist Lexis 34710, the federal district court denied a motion by Uber and Postmates for a preliminary injunction to halt enforcement of AB 5, finding that the state’s need to police misclassification of workers outweighs any harm to Uber and Postmates or their workers. Legal challenges to AB 5 are likely to continue, along with efforts in the state legislature to amend the law and add additional exceptions. Practitioners should monitor these developments closely. See §4.14A.
The IRS has launched a new Gig Economy Tax Center on IRS.gov. See https://www.irs.gov/businesses/gig-economy-tax-center. There, digital platforms and businesses can find information on classifying workers, reporting payments, and filing taxes for a digital marketplace or business. Workers within the gig economy will find helpful tips and essential forms to accurately manage their taxes. The EDD also has a web portal to help both employees and employers address worker classification issues. See https://www.labor.ca.gov/employmentstatus/ and https://www.edd.ca.gov/payroll_taxes/ab-5.htm. See §4.14A.
The California Department of Industrial Relations has published a helpful and more detailed guide to analysis of the employee/independent contractor distinction at https://www.dir.ca.gov/dlse/faq_independentcontractor.htm. See also https://www.labor.ca.gov/employmentstatus/. For IRS guidance, see https://www.irs.gov/businesses/small-businesses-self-employed/independent-contractor-self-employed-or-employee. See §4.17.
Social Media
In Shenwick v Twitter, Inc. (ND Cal, Feb. 7, 2018, No. 16-cv-05314-JST (SK)) 2018 US Dist Lexis 22676, *7, a securities class action suit, the court held that the defendant Twitter was not required to produce communications among its employees made using Twitter’s “direct message” function because employees were not required to use that functionality in their jobs. These “personal” communications were therefore separated from other “business” communications, which Twitter had an obligation to produce. In Facebook, Inc. v Superior Court (2018) 4 C5th 1245, the court confirmed that communications on social media are protected by the Stored Communications Act (SCA) (18 USC §§2701–2712), and held that account holders do not impliedly consent to disclosure by sharing communications on social media, even when shared with a large group of “friends.” Commmunications on social media configured as “public” posts by the user, visible to anyone, which remain public at the time the subpoena is issued, fall within the SCA’s lawful consent exception and can be produced. See §8.32.
Privacy
In 2019, Facebook, Inc. was required to pay a $5 billion penalty, and submit to new restrictions and a modified corporate structure that will hold the company accountable for the decisions it makes about its users’ privacy. These new requirement are in place to settle FTC charges that Facebook violated prior FTC orders by deceiving its users about their ability to control the privacy of their personal information and the information shared with third party developers and applications. According to the FTC, it is one of the largest penalties ever assessed by the U.S. government for any violation. See https://www.ftc.gov/news-events/press-releases/2019/07/ftc-imposes-5-billion-penalty-sweeping-new-privacy-restrictions. See §§8.32A, 9.9.
The California Consumer Privacy Act of 2018 (CCPA) (CC §§1798.100–1798.199) took effect January 1, 2020. In October 2019, the Attorney General issued proposed regulations implementing the CCPA, which set out numerous new federal obligations not found in the statute. The Attorney General has stated that businesses are expected to comply with the final regulations by July 1, 2020, the date enforcement may begin. On February 10, 2020, and again on March 11, 2020, the Attorney General released amendments to the proposed regulations, which revise substantially the initial version of the proposed regulations. Practitioners are advised to monitor this regulatory development closely and model their privacy lawcompliance programs to conform with the proposed regulations (and the final regulations when issued). See https://oag.ca.gov/privacy/ccpa. See §9.18A.
In October 2019, the CCPA was amended to include two narrow exemptions for personal information collected within the context of an employment relationship or a business-to-business relationship. Most of the obligations of the CCPA do not apply to such personal information, although some significant obligations, such as the data breach obligations, continue to apply. These exemptions are set to sunset January 1, 2021, unless otherwise extended by the legislature. See AB 1355 (Stats 2019, ch 757). See §9.18A.
In the largest civil enforcement penalty under Children’s Online Privacy Protection Act of 1998 (COPPA) (15 USC §§6501–6506) to date, Google agreed to pay a $170 million civil penalty and to make changes to its YouTube platform to settle allegations from the FTC and the New York Attorney General that the video platform knowingly gathered personal information from children without first obtaining parental consent. See §9.33.
In 2019, Chinese video social networking app TikTok settled FTC charges that it violated COPPA by collecting personal information from children without first obtaining parental consent. The FTC found that TikTok knew that many children were using its app, but took no action to seek parental consent in flagrant violation of the law. TikTok collected pictures, videos, and other personal information from users, and made user accounts public by default. The FTC’s complaint noted public reports of adults trying to contact children via the app and thousands of parental complaints to the company. In the settlement, TikTok agreed to pay $5.7 million in civil penalties and to remove all videos made by children under age 13. See https://www.ftc.gov/news-events/press-releases/2019/02/video-social-networking-app-musically-agrees-settle-ftc. See §9.33.
In January 2020, the National Institute of Standards and Technology (NIST) published the first version of the NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management (Privacy Framework), available at https://www.nist.gov/privacy-framework/privacy-framework. Patterned after NIST’s Cybersecurity Framework, discussed at §18.7, the Privacy Framework is intended to enable better privacy engineering practices that support “Privacy by Design” concepts and help organizations protect individuals’ privacy. The Privacy Framework is intended to support organizations in their efforts to (1) build customers’ trust by supporting ethical decision making in product and service design or deployment that optimizes beneficial uses of data while minimizing adverse consequences for individuals’ privacy and society as a whole; (2) fulfill current compliance obligations, as well as future-proofing products and services to meet these obligations in a changing technological and policy environment; and (3) facilitate communication about privacy practices with individuals, business partners, assessors, and regulators. See §9.47.
Advertising on the Internet
In hiQ Labs, Inc. v LinkedIn Corp. (9th Cir 2019) 938 F3d 985, the Ninth Circuit was once again faced with a case involving alleged data scraping and claims under the Computer Fraud & Abuse Act (CFAA) (18 USC §1030) and California’s Pen C §502. The Ninth Circuit’s opinion focused on an analysis of the CFAA. With respect to the CFAA, the Ninth Circuit answered the so-called pivotal question “whether once hiQ received LinkedIn’s cease-and-desist letter, any further scraping and use of LinkedIn’s data was ‘without authorization’ within the meaning of the CFAA and thus a violation of the statute.” 938 F3d at 999. Ultimately, the court held that hiQ’s scraping was not “without authorization.” 938 F3d at 1003. See §17.27.
Jurisdiction
In Zehia v Superior Court (2020) 45 CA5th 543, the court of appeal held that the trial court had specific personal jurisdiction over a nonresident under CCP §410.10, given the nonresident’s alleged intentional conduct in sending targeted and allegedly defamatory private social media messages directly to California residents, with knowledge that they were California residents, intending to disrupt their personal relationship and to cause reputational injury in California through defamatory and harassing conversations. The defendant’s conduct was sufficient to establish a substantial connection to California under the minimum contacts test. See §19.10.
Speech-Related Litigation
The First Amendment only applies to the government; it does not apply to private entities. Prager Univ. v Google LLC (9th Cir, Feb. 26, 2020, No. 18-15712) 2020 US App Lexis 5903 (First Amendment claim against YouTube and its parent properly dismissed; YouTube was a private forum despite its ubiquity and role as public-facing platform; simply hosting speech by others was not a traditional, exclusive public function and did not transform private entity into governmental actor subject to First Amendment restrictions). See §20.5.
Case law regarding the tort of intrusion upon seclusion includes (1) McDonald v Kiloo ApS (ND Cal 2019) 385 F Supp 3d 1022 (parents of children sufficiently stated a claim of intrusion of seclusion when complaint alleged gaming applications engaged in unauthorized collection and dissemination of children’s personal data), and (2) Williams v Facebook, Inc. (ND Cal 2019) 384 F Supp 3d 1043 (allegations that Facebook collected, used, and disseminated its users’ call and text logs were sufficient to state a claim for intrusion upon seclusion). See §20.54A.
In Oberdorf v Amazon.com, Inc. (3rd Cir 2019) 930 F3d 136, a third party seller sold retractable dog leashes on Amazon. One purchaser lost an eye when her dog lunged and the leash snapped. The Third Circuit treated Amazon as a “seller” for purposes of products liability, despite the fact that a third party was the actual seller of the product on the Amazon website. The Third Circuit drew a distinction between the design defect claim and the inadequate warning claim. The court held that Amazon could be found liable under a strict product liability theory for the design defect. However, Amazon could not be held liable under the inadequate warning theory; it was immunized under the Communications Decency Act of 1996 (CDA) (47 USC §230) because the plaintiff was seeking to impose liability on account of Amazon’s status as a publisher of third party content. See §§20.62A, 20.125.
In FilmOn.com, Inc. v DoubleVerify, Inc. (2019) 7 C5th 133, the California Supreme Court reversed the Court of Appeal affirmance of the trial court granting the defendant’s anti-SLAPP motion because the defendant failed to meet the “connection” requirement. The defendant was a company that analyzed websites for potential advertisers and sent its clients confidential reports with tags regarding particular websites that the client was interested in posting advertisements. The plaintiff objected to defendant tagging its website with the tags of “adult content” and “copyright infringement.” The California Supreme Court held that, given the commercial nature of the reports and dispute, the tags only generally addressed the issue of public interest, and the confidential nature of the reports prohibited contribution to the public debate, the first prong was not satisfied. It is worth noting that the California Supreme Court did state that the commercial nature of the speech and its confidential nature were not dispostive factors. See §§20.80, 20.89.
In Wilson v Cable News Network, Inc. (2019) 7 C5th 871, 889, the California Supreme Court restated that no cause of action is exempt from the anti-SLAPP statute as long as the claim arises from protected activity. Wilson resolved a split within the California courts of appeal regarding whether employment discrimination and retaliation claims were exempt. See §20.82.
In HomeAway.com v City of Santa Monica (9th Cir 2019) 918 F3d 676, the Ninth Circuit held that the City of Santa Monica ordinance that prohibited websites from listing unregistered properties for short-term rentals did not impose a duty to monitor and therefore was not preempted by 47 USC §230. See §20.107.
In Dyroff v Ultimate Software Group, Inc. (9th Cir 2019) 934 F3d 1093, 1098, the Ninth Circuit held that a website that analyzed user posts and recommended posts and user groups performed traditional publisher functions under the CDA (47 USC §230). The role of a “publisher” is broader than merely providing a forum for the third party content to be posted. See §§20.115, 20.125.
The Ninth Circuit has clarified that §230 immunity does not apply when filtering involves allegations of anticompetitive conduct between direct competitors. See Enigma Software Group USA, LLC v Malwarebytes, Inc. (9th Cir 2019) 946 F3d 1040. In Enigma, both parties developed software to prevent malware. Defendant’s software prevented users from downloading plaintiff’s software. Defendant claimed immunity under 47 USC §230. The Ninth Circuit rejected this argument, given the complaint’s plausible allegations of anticompetitive animus as motivating the filtering software. See §20.129.
E-Discovery
The duty to exchange relevant electronically stored information (ESI) is an affirmative duty that does not require a production of document request. However, should a request be made by opposing counsel, the courts favor a prompt and good faith response to the request that yields the requested non-privileged electronic (and other) documents. Recently, a federal district court in Missouri found that the common practice of uniformly objecting to all discovery requests with a repeated blanket response of “party objects on the basis that the request is vague, overly broad, unduly burdensome … that is irrelevant and/or not reasonably calculated to lead to the discovery of admissible evidence” is likely not in good faith. The court has found that it constitutes a failure to comply with Fed R Civ P 26(a)(1), which requires objections to be “tailored with great particularity” and which requires parties to disclose specific custodians “likely to have discoverable information.” RightChoice Managed Care v Hospital Partners, Inc. (WD Mo, Feb. 1, 2019, No. 5:18-cv-06037-DGK) 2019 US Dist Lexis 16344, *10. A noticeable judicial trend as of 2018 involves courts refusing to allow blanket boilerplate objections to reasonable discovery requests. See §20A.8.
In 2019, a court held that a party who produces text messages that refer to other text messages may have the duty to have preserved the text messages that were referenced if the party reasonably knew of the possibility of litigation. The custodian of text messages who has reason to expect litigation engages in spoliation if text messages are destroyed on account of the auto-delete function on the custodian’s phones. A failure to turn off this auto-delete option amounts to spoliation, and logically any such custodian who knowingly destroys a phone holding text messages or “wipes” those messages similarly engages in spoliation. Paisley Park Enters., Inc. v Boxill (D Minn 2019) 330 FRD 226, 237 (interesting case involving unreleased recordings of late pop star, Prince). See §20A.21.
International
On September 14, 2019, the European Court of Justice ruled that the General Data Protection Regulation (GDPR) was not intended to be applied outside the territory of the European Union, and that Google and other search engines did not need to remove links from all versions of their search engines, only the European versions. Nevertheless, the court added that search engines should take steps to prevent users searching on non-EU search engines from seeing links to information that search engines have been ordered to remove. See https://eur-lex.europa.eu/legal-content/EN/TXT/?qid=1584384431823&uri=CELEX:62017CA0507 and https://eur-lex.europa.eu/legal-content/EN/TXT/?qid=1584391257239&uri=CELEX:62017CA0136. See §21.11B.