In the Coming ‘Metaverse’, There May Be Excitement but There Certainly Will Be Legal Issues

The concept of the “metaverse” has garnered much press coverage of late, addressing such topics as the new appetite for metaverse investment opportunities, a recent virtual land boom, or just the promise of it all, where “crypto, gaming and capitalism collide.” The term “metaverse,” which comes from Neal Stephenson’s 1992 science fiction novel “Snow Crash,” is generally used to refer to the development of virtual reality (VR) and augmented reality (AR) technologies, featuring a mashup of massive multiplayer gaming, virtual worlds, virtual workspaces, and remote education to create a decentralized wonderland and collaborative space. The grand concept is that the metaverse will be the next iteration of the mobile internet and a major part of both digital and real life.

Don’t feel like going out tonight in the real world? Why not stay “in” and catch a show or meet people/avatars/smart bots in the metaverse?

As currently conceived, the metaverse, “Web 3.0,” would feature a synchronous environment giving users a seamless experience across different realms, even if such discrete areas of the virtual world are operated by different developers. It would boast its own economy where users and their avatars interact socially and use digital assets based in both virtual and actual reality, a place where commerce would presumably be heavily based in decentralized finance, DeFi. No single company or platform would operate the metaverse, but rather, it would be administered by many entities in a decentralized manner (presumably on some open source metaverse OS) and work across multiple computing platforms. At the outset, the metaverse would look like a virtual world featuring enhanced experiences interfaced via VR headsets, mobile devices, gaming consoles and haptic gear that makes you “feel” virtual things. Later, the contours of the metaverse would be shaped by user preferences, monetary opportunities and incremental innovations by developers building on what came before.

In short, the vision is that multiple companies, developers and creators will come together to create one metaverse (as opposed to proprietary, closed platforms) and have it evolve into an embodied mobile internet, one that is open and interoperable and would include many facets of life (i.e., work, social interactions, entertainment) in one hybrid space.

In order for the metaverse to become a reality – that is, successfully link current gaming and communications platforms with other new technologies into a massive new online destination – many obstacles will have to be overcome, even beyond the hardware, software and integration issues. The legal issues stand out, front and center. Indeed, the concept of the metaverse presents a law school final exam’s worth of legal questions to sort out. Meanwhile, we are still trying to resolve the myriad of legal issues presented by “Web 2.0,” the Internet we know it today. Adding the metaverse to the picture will certainly make things even more complicated. Continue Reading

Tags: blockchain-based payment systems, DeFi, legal issues, metaverse, metaverse agreements, metaverse digital assets, metaverse economy, metaverse IP issues, metaverse legal challenges, metaverse privacy, smart contracts, web 3.0

GPL Open Source Litigation Could Open the Door to Other Suits

By Jeffrey Neuburger on October 26, 2021 Posted in Contracts, Licensing, Open Source, Software

In today’s digital age, the question isn’t whether there is open source software being used in a company’s products, but how it is being used and what license governs its use. Open source is ubiquitous. Despite its widespread use over the past decade, the provisions of open source licenses have been interpreted by only a handful of U.S. and foreign courts. Open source-related disputes do not usually reach court as open source advocacy groups that enforce open source license provisions often work out a resolution between the parties without litigation.

However, one recent open source dispute has reached the courthouse. As discussed below, a new case filed in California state court could test the enforcement of one of the most common family of open source licenses, the GNU General Public Licenses or “GPL.” If the plaintiff is successful, the case could have the effect of expanding enforcement of GPL licenses under the rubric of consumer protection and allow a broad range of parties to bring claims under the GPL as third party beneficiaries of those licenses.

Last week, the Software Freedom Conservancy, Inc. (“SFC”) filed a complaint against smart-TV manufacturer Vizio, Inc. (“Vizio”) alleging a failure to comply with the GNU General Public License Version 2 (“GPLv2”) and GNU Lesser General Public License Version 2.1 (“LGPL v2.1”) (collectively, the “GPL Licenses”). SFC alleges that, over the last four years, Vizio distributed smart TVs that included executable versions of Vizio’s “SmartCast code. The SmartCast code, it alleged, contained modifications to the Linux kernel and other code obtained by Vizio pursuant to the GPL Licenses. SFC asserts that Vizio did not release the corresponding modified source code (as enhanced, modified or otherwise altered by Vizio) or accompany their smart TVs with a written offer to supply such code upon demand, as is required under the GPL Licenses. (Software Freedom Conservancy, Inc. v. Vizio, Inc., No. 30-2021-01226723 (Cal. Super. Orange Cty Filed Oct. 19, 2021)). Continue Reading

Tags: breach of contract, GPL, GPL compliance, GPL open source license, open source litigation, open source software, smart TV platform, source code

English High Court Clarifies Appropriate Causes of Action in Data Claim Where Defendant Was a Victim of Third-Party Cyber-Attack

By Steven Baker, Vishnu V. Shankar and Julia Bihary on October 5, 2021 Posted in Data Security, Privacy

In the recent and significant Warren v DSG Retail Ltd [2021] EWHC 2168 (QB) decision the High Court in England clarified the limited circumstances in which claims for breach of confidence, misuse of private information and the tort of negligence might be advanced by individuals for compensation for distress relating to a cyber-security breach where the proposed defendant was itself a victim of a third-party cyber-attack. The decision has made it harder to bring free standing/non-statutory cyber-security breach claims in England and Wales where the proposed defendant has not positively caused the breach, and has also brought into question how such claims may be funded going forward (particularly, via “After-the-Event insurance”).

Read the full post on Proskauer’s Privacy Law blog.

Tags: After-the-event insurance, ATE Insurance, BREACH OF CONFIDENCE, BREACH OF STATUTORY DUTY, COMMON LAW NEGLIGENCE, CYBER ATTACK, DATA BREACH, DATA BREACH LITIGATION, DATA PROTECTION ACT, ICO, INFORMATION COMMISSIONER'S OFFICE, MISUSE OF PRIVATE INFORMATION, THIRD-PARTY CYBER ATTACK

Southwest Airlines Wins Injunction Barring Travel Site from Scraping

By Jeffrey Neuburger on October 4, 2021 Posted in Contracts, Internet, Online Commerce, Screen Scraping

UPDATE: On November 1, 2021, the parties filed a Joint Notice of Settlement indicating that they have reached a settlement agreement in principle. The terms of the settlement were not disclosed.

UPDATE: On October 28, 2021, the defendant Kiwi.com, Inc. filed a notice of appeal to the Fifth Circuit seeking review of the district court’s ruling granting Southwest Airlines Co.’s motion for a preliminary injunction.

On September 30, 2021, a Texas district court granted Southwest Airline Co.’s (“Southwest”) request for a preliminary injunction against online travel site Kiwi.com, Inc. (“Kiwi”), barring Kiwi from, among other things, scraping fare data from Southwest’s website and committing other acts that violate Southwest’s terms. (Southwest Airlines Co. v. Kiwi.com, Inc., No. 21-00098 (N.D. Tex. Sept. 30, 2021)). Southwest is no stranger in seeking and, in most cases, obtaining injunctive relief against businesses that have harvested its fare data without authorization – ranging as far back as the 2000s (See e.g., Southwest Airlines Co. v. BoardFirst, LLC, No. 06-0891 (N.D. Tex. Sept. 12, 2007) (a case cited in the current court opinion)), and as recently as two years ago, when we wrote about a 2019 settlement Southwest entered into with an online entity that scraped Southwest’s site and had offered a fare notification service, all contrary to Southwest’s terms.

In this case, the Texas court found that Southwest had established a likelihood of success on the merits of its breach of contract claim. Rejecting Kiwi’s arguments that it did not assent to Southwest’s terms, the court found that Kiwi had knowledge of and assented to the terms in multiple ways, including by agreeing to the terms when purchasing tickets on Southwest’s site. In all, the court found the existence of a valid contract and Kiwi’s likely breach of the terms, which prohibit scraping Southwest’s flight data and selling Southwest flights without authorization. The court also found that Southwest made a sufficient showing that Kiwi’s scraping and unauthorized sale of tickets, if not barred, would result in irreparable harm. In ultimately granting Southwest’s request for a preliminary injunction, the Texas court also found that Southwest also demonstrated the threatened injury if the injunction is denied outweighed any harm to Kiwi that will result if the injunction is granted and that the injunction would be in the public interest.

What made this result particularly notable is that the preliminary injunction is based on the likelihood of success on the merits of Southwest’s breach of contract claim and Kiwi’s alleged violation of Southwest’s site terms, as opposed to other recent scraping disputes which have centered around claims of unauthorized access under the federal Computer Fraud and Abuse Act (CFAA). Continue Reading

Tags: breach of contract, CFAA, fare information, preliminary injunction, public website data, screen scraping, violation of site terms, web scraping

SEC Brings First Enforcement Action Against Alternative Data Provider

By Robert Leonard, Jeffrey Neuburger, Joshua M. Newville and Samuel J. Waldon on September 16, 2021 Posted in Alternative Data, Mobile, Regulatory

On September 14, 2021, the Securities and Exchange Commission (“SEC”) filed a settled securities fraud action against App Annie Inc., one of the largest sellers of market data on how apps on mobile devices are performing, and its co-founder and former CEO and Chairman Bertrand Schmitt. The settlement is the first enforcement action brought by the SEC against an alternative data provider. As part of the settlement, App Annie agreed to pay a $10 million civil penalty and Schmitt agreed to pay a $300,000 penalty and to be barred from serving as an officer or director of a public company for three years.

For further discussion of this enforcement, please see our Client Alert posted on Proskauer’s website.

Tags: alternative data, alternative data vendors, material misrepresentations, mobile app performance data, SEC enforcement, Section 10(b) of the Exchange Act

Another NY Court Repudiates Ninth Circuit “Server Test” in Case over Embedded Video

By Jeffrey Neuburger on August 11, 2021 Posted in Copyright, Internet, Online Content, Social Media

On July 30, 2021, a New York district court declined to dismiss copyright infringement claims with respect to an online article that included an “embedded” video (i.e., shown via a link to a video hosted on another site). The case involved a video hosted on a social media platform that made embedding available as a function of the platform. The court ruled that the plaintiff-photographer plausibly alleged that the defendants’ “embed” may constitute copyright infringement and violate his display right in the copyrighted video, rejecting the defendants’ argument that embedding is not a “display” when the image at issue remains on a third-party’s server (Nicklen v. Sinclair Broadcast Group, Inc., No. 20-10300 (S.D.N.Y. July 30, 2021)). Notably, this is the second New York court to decline to adopt the Ninth Circuit’s “server test” first adopted in the 2007 Perfect 10 decision, which held that the infringement of the public display right in a photographic image depends, in part, on where the image was hosted. With this being the latest New York court finding the server test inapt for an online infringement case outside of the search engine context (even if other meritorious defenses may exist), website publishers have received another stark reminder to reexamine inline linking practices. Continue Reading

Tags: display right, embedded video, embeds, fair use, online copyright infringement, server test

Settlement in Plaid Fintech Data Case

By Jeffrey Neuburger on August 7, 2021 Posted in Alternative Data, Mobile, Online Commerce, Privacy

On August 5, 2021, a proposed class action settlement was reached in the closely-watched privacy action against fintech services company Plaid Inc. (“Plaid”). The settlement features a $58 million settlement fund and certain injunctive relief that would make changes to Plaid’s methods of notice and consumer data collection, including provisions requiring the deletion of certain banking transaction data. (In re Plaid Inc. Privacy Litig., No. 20-3056 (N.D. Cal. Memorandum of Points for Proposed Settlement Aug. 5, 2021)). The settlement is still subject to court approval.

Plaid is a fintech services company that offers applications that provide account linking and verification services for various fintech apps that consumers use to send and receive money from their bank accounts. The consolidated actions involve claims surrounding Plaid’s alleged collection and use of consumers’ banking login credentials and later processing and selling of such financial transaction data to third parties without adequate notice or consent. Plaintiffs’ complaint also contended that at no time were users ever given conspicuous notice or meaningfully prompted to read through Plaid’s privacy policy indicating that Plaid receives and retains access to their financial institution account login credentials or uses their credentials to collect and sell their banking information. As we wrote about back in May 2021, the California district court, in deciding Plaid’s motion to dismiss, trimmed various federal privacy-related claims, including the Computer Fraud and Abuse Act (CFAA) claim, but allowed other state law privacy claims to go forward. Continue Reading

Tags: data privacy, financial data privacy, financial transaction data, fintech apps, fintech privacy, mobile data collection, settlement, state privacy claims

Second Circuit Vacates CDA Decision and Reissues a Narrower Opinion Reaching Same Conclusion, Providing Some Practical CDA Lessons for the Future

By Jeffrey Neuburger on July 26, 2021 Posted in Internet, Online Content, Social Media, Video

Less than one week after issuing an order vacating its own March 2021 opinion in an important Communications Decency Act (“CDA”) case and granting a petition for rehearing, the Second Circuit issued a new opinion reaffirming “protection” under Section 230 of the CDA for video-sharing site Vimeo, Inc. (“Vimeo”) (Domen v. Vimeo, Inc., No. 20-616 (2d Cir. July 21, 2021) (amended opinion)).

It’s not completely clear why the Second Circuit decided to grant a rehearing and amend its original opinion to only reach essentially the same holding. It is possible that given the attention surrounding the CDA, the court thought it best to narrow the language of its original holding so it could insulate its ruling from possible Supreme Court review (recall, Justice Thomas previously issued a statement following denial of certiorari in a prior CDA case, that “in an appropriate case,” the Court should consider whether the text of the CDA “aligns with the current state of immunity enjoyed by Internet platforms”). The Second Circuit’s second decision arguably watered down some of its stronger statements in its earlier opinion enunciating broad CDA immunity (e.g., even swapping out the word “immunity” for “protection” when discussing the CDA). The court even mused in dicta near the end of the opinion about the types of claims that might fall outside of CDA protection, as if to intimate that CDA Section 230 immunity is broad, but not as broad as its detractors suggest.

Yet, despite the narrowing of its original opinion, the court reached the same result under the same reasoning. As in the original (now vacated) opinion from March 2021, the Second Circuit’s amended decision relied on Section 230(c)(2), the Good Samaritan provision, which allows online providers to self-regulate the moderation of third party content in good faith without fear of liability. Unlike the original opinion, in the second go-round the appeals court also knocked out the plaintiff’s claims on the merits, finding allegations of discrimination based on the presence of similar videos uploaded by other users that were left up on the site as “vanishingly thin” (thereby further reducing the chance of Supreme Court review). Continue Reading

Tags: account termination, amended opinion, CDA Good Samaritan immunity, CDA immunity, content guidelines, filtering decisions, harassing content, objectionable material, terms of service

Supreme Court Vacates LinkedIn-HiQ Scraping Decision, Remands to Ninth Circuit for Another Look

By Jeffrey Neuburger on June 16, 2021 Posted in Computer Fraud and Abuse Act, Internet, Screen Scraping, Social Media

On June 14, 2021, in a closely-watched dispute involving the Computer Fraud and Abuse Act (CFAA), the Supreme Court granted LinkedIn Corp.’s (“LinkedIn”) petition for certiorari filed in the hiQ web scraping case. It subsequently vacated the Ninth Circuit 2019 opinion and remanded the case to the Ninth Circuit for further consideration in light of the Supreme Court’s decision from earlier this month in Van Buren v. United States, 593 U. S. ___ (June 3, 2021). (LinkedIn Corp. v. hiQ Labs, Inc., No. 19-1116, 593 U.S. ___ (GVR Order June 14, 2021)).

In Van Buren, the Supreme Court reversed an Eleventh Circuit decision and adopted a narrow interpretation of “exceeds unauthorized access” under the CFAA, ruling that an individual “exceeds authorized access” when he or she accesses a computer with authorization but then obtains information located in particular areas of the computer – such as files, folders, or databases – that are off limits to him or her.

The LinkedIn-hiQ dispute involves a different part of the CFAA’s “unauthorized access” section than the Van Buren case. The question in the hiQ dispute concerns the scope of CFAA liability to unwanted web scraping of publicly available social media profile data and whether once data analytics firm hiQ received a cease-and-desist letter from LinkedIn demanding it stop scraping public profiles, any further scraping of such data was “without authorization” within the meaning of the CFAA. In 2017 the lower court issued a preliminary injunction, expressing “serious doubt” as to whether LinkedIn’s revocation of permission to access the public portions of its site rendered hiQ’s access “without authorization” within the meaning of the CFAA. On appeal, in 2019 the Ninth Circuit affirmed, notably ruling that: “It is likely that when a computer network generally permits public access to its data, a user’s accessing that publicly available data will not constitute access without authorization under the CFAA.” In 2020 LinkedIn filed a petition for a writ of certiorari asking the Supreme Court to overturn the Ninth Circuit’s ruling. And now, in the wake of Van Buren, the Supreme Court has vacated the appeals court ruling and sent the case back to the Ninth Circuit for further consideration.

So what’s next? Some thoughts: Continue Reading

Tags: CFAA, CFAA authorization, data scraping, Footnote 8, hiQ case, opposition brief, PUBLIC SOCIAL MEDIA DATA, publicly available website data, Supreme Court petition, unauthrorized access, Van Buren decision

Some Interesting CDA Section 230 Developments: A Novel FCRA Victory, a Negligent Design Exception and a Startling New State Law

By Jeffrey Neuburger on June 10, 2021 Posted in Mobile, Online Content, Social Media

In the past month, there have been some notable developments surrounding Section 230 of the Communications Decency Act (“CDA” or “Section 230”) beyond the ongoing debate in Congress over the potential for legislative reform. These include a novel application of CDA in a FCRA online privacy case (Henderson v. The Source for Public Data, No. 20-294 (E.D. Va. May 19, 2021)) and the denial of CDA immunity in another case involving an alleged design defect in a social media app (Lemmon v. Snap Inc., No. 20-55295 (9th Cir. May 4, 2021), as well as the uncertainties surrounding a new Florida law that attempts to regulate content moderation decisions and user policies of large online platforms. Continue Reading

Tags: CDA Section 230 exception, CDA Section 230 immunity, CDA workaround, moderation decisions, online platforms, publisher actions, social media functions

This website uses third party cookies, over which we have no control. To deactivate the use of third party advertising cookies, you should alter the settings in your browser.