In the latest development in the legal controversy over scraping, 3taps, Inc. (“3taps”), a data aggregator and “exchange platform” for developers, filed suit against LinkedIn seeking a declaratory judgment that 3taps would not be in violation of the Computer Fraud and Abuse Act (CFAA) if it accesses and collects publicly-available data from LinkedIn’s website. (3Taps Inc. v. LinkedIn Corp., No. 18-00855 (C.D. Cal. filed Feb. 8, 2018)). The basis of 3Taps’s complaint is last year’s hotly-debated California district court ruling (hiQ Labs, Inc. v. LinkedIn, Corp., 2017 WL 3473663 (N.D. Cal. Aug. 14, 2017)), where the court granted a preliminary injunction compelling LinkedIn to disable any technical measures it had employed to block a data analytics company from scraping the publicly available data on LinkedIn’s website. The hiQ ruling essentially limited the applicability of the CFAA as a tool against the scraping of publicly-available website data. [For an analysis of the hiQ lower court decision, please read the Client Alert on our website]. Continue Reading
A California district court issued an important opinion in a dispute between a ticket sales platform and a ticket broker that employed automated bots to purchase tickets in bulk. (Ticketmaster L.L.C. v. Prestige Entertainment, Inc., No. 17-07232 (C.D. Cal. Jan. 31, 2018)). For those of us who have been following the evolution of the law around the use of automation to scrape websites, this case is interesting. The decision interprets some of the major Ninth Circuit decisions of recent memory on liability for web scraping. Indeed, two weeks ago, we wrote about a case in which the Ninth Circuit interpreted certain automated downloading practices under the CFAA and CDAFA. Also, we wrote about and are awaiting the decision in the hiQ v. LinkedIn appeal before the Ninth Circuit. Also prior posts on the topic include a discussion of a noteworthy appeals court opinion that examined scraping activity under copyright law and the scope of liability under the DMCA anticircumvention provisions. These seminal decisions and the issues they raise were expressly or implicitly addressed in the instant case. While we will briefly review some of the highlights of this decision below, the case is a must-read for website operators and entities that engage in web scraping activities. Continue Reading
Facebook recently announced that it would make changes to its news feed to prioritize content that users share and discuss and material from “reputable publishers.” These changes are part of what Mark Zuckerberg says is a refocusing of Facebook from “helping [users] find relevant content to helping [users] have more meaningful social interactions.” This refocus highlights the tensions between Facebook’s conflicting roles as a social media platform on one hand, and, in effect, a distributor of third party content on the other. We have discussed this issue in previous posts.
As Facebook implements these newly-announced changes in the way third party content will be presented — focusing on “trusted content” — the operational models powering Facebook’s use of third party content (user generated and otherwise) will also evolve. Lawyers should keep an eye on what the changes might mean for Facebook from a liability perspective. For example, will Facebook’s direct or indirect control of third party content impact its immunity from publisher and distributor liability under Section 230 of the Communication Decency Act? Or, rather will changes to its algorithm to prioritize trusted content still be deemed to be quintessential publisher conduct, and therefore within the scope of Section 230? Also, to the extent that Facebook directly or indirectly curates third party content, could it possibly lose the benefits afforded by the safe harbors of the Digital Millennium Copyright Act?
Given the fact that the immunities and safe harbors for online service providers are so crucial for the business model of social media platforms such as Facebook, one can be sure that counsel to Facebook will highlight any changes that may call into question the availability of those immunities and safe harbors. All the same, you can be sure that a creative plaintiff’s lawyer may attempt to use any change where Facebook is somehow more engaged in the curation, display or distribution of third party content to pierce through the CDA/DMCA armor to hold Facebook responsible for allegedly problematic third party content.
Earlier this month, the Ninth Circuit issued a noteworthy ruling in a dispute between an enterprise software licensor and a third-party support provider. The case is particularly important as it addresses the common practice of using automated means to download information (in this case, software) from websites in contravention of website terms and conditions. Also, the case examines and interprets fairly “standard” software licensing language in light of evolving business practices in the software industry. (Oracle USA, Inc. v. Rimini Street, Inc., No. 16-16832 (9th Cir. Jan. 8, 2018)). Continue Reading
A Canadian appellate court ruled that a lower court had jurisdictional authority to issue a production order to craigslist based upon its virtual (but not physical) presence in British Columbia. The production order requested that Craigslist produce to Canadian officials documents relating to a user post in connection with a criminal investigation. (British Columbia (Attorney General) v. Brecknell, 2018 BCCA 5 (Jan. 9, 2018)).
This decision highlights another situation where a court blurred the distinction between a physical and virtual presence of a corporation that engages in global e-commerce. Indeed, we had written about an important Canadian decision last year that involved an American company objecting to an order to delist certain search results globally. With U.S. companies already concerned about the territorial scope of the EU’s GDPR, they also have to address legal risks associated with jurisdiction by a virtual presence north of the border (and possibly other jurisdictions). Continue Reading
In a blog post last month, Google announced that it would extend certain commitments it made to the FTC in 2012 that were set to expire relating to, among other things, the scraping of third-party content for use on certain Google “vertical search” properties such as Google Shopping. The announcement came days before the commitments were set to expire on December 27th and months after Yelp had claimed that Google was not living up to its promises by allegedly scraping Yelp local business photos for use in certain Google results (e.g., local business listings). Continue Reading
We have been closely following the legal and legislative developments relating to biometric privacy, and in particular, the flow of litigation under the Illinois biometrics privacy law. It was interesting to see how the Illinois law (as well as a similar Texas law) influenced Google’s offering of a new facial recognition feature on the Google Arts & Culture app. (It is also interesting to note that the media coverage of the app has made the Illinois and Texas laws subjects of mainstream discourse.)
The Google Arts & Culture app, which was originally released a couple years ago, offers users virtual tours of museums and a searchable database of other art-related content. What recently made it one of the hottest free apps is a new entertaining tool that compares a selfie to a database of great works of art and presents the results that most closely match the user’s face. [Note: My classical art doppelgänger is “Portrait of a Gentleman in Red” by Rosalba Carriera. What’s yours?]. However, out of an apparent abundance of caution, Google has disabled this art-twinning function in Illinois and Texas, presumably because those states have biometric privacy laws that regulate the collection and use of biometric identifiers like facial templates; while the Texas statute can only be enforced by the state attorney general, Illinois’s Biometric Information Privacy Act (BIPA) contains a private right of action and remedies that include statutory damages. Interestingly, Washington users are able to access this tool, despite Washington having enacted its own biometric privacy law last year. Perhaps that is because, as described in the referenced blog post, compliance under the Washington statute is less demanding than under the Illinois or Texas statutes. Continue Reading
As 2017 drew to an end, we noted the continuing flood of Illinois biometric privacy suits filed over the past year. There are literally dozens of cases pending, most in Illinois state courts, alleging violation of Illinois’s Biometric Information Privacy Act (BIPA), which regulates the collection, retention, and disclosure of personal biometric identifiers and biometric information. The suits initially targeted the use of biometrics on social media platforms, but, perhaps reflecting the increased use of biometrics in the workplace, have increasingly been asserted against businesses that collect biometric data to authenticate customers or employees.
While federal courts have weighed in on whether litigants have standing for asserting procedural violations of BIPA, it was not clear if mere procedural violations of BIPA’s consent and data retention requirements, without any showing of actual harm or data misuse, were actionable under the statute (i.e., whether persons pleading procedural violations are “aggrieved” under the statute, as BIPA expressly provides that “any person aggrieved by a violation” of the BIPA may pursue money damages and injunctive relief against the offending party).
As the year came to a close, an Illinois appellate court may have cooled the New Year’s Eve celebrations of BIPA class action lawyers a bit, as the court issued a decision which could provide defendants with a shield against BIPA suits. The court ruled that if a party alleges only a technical violation of BIPA without alleging any injury or adverse effect, then such a party is not “aggrieved” under the Act and may not seek remedies (i.e., monetary damages or injunctive relief). (Rosenbach v. Six Flags Entertainment Corp., No. 2-17-0317, 2017 IL App (2d) 170317 (Ill. App. Dec. 21, 2017)). Continue Reading
As we approach the end of 2017, it is a time to reflect on the dizzying pace of technology evolution this year, and the amazing array of legal issues it presented. Similarly, it is a time to look forward and anticipate what technology-related issues we will be thinking about in the coming year.
For 2017, the list is long and varied.
This year, the true potential of blockchain was recognized by many in the commercial sector. While recent blockchain-related headlines have focused on the rise (and regulation) of cryptocurrencies, a great deal of the blockchain action has been in back office applications in financial services, supply chain and other areas. Industry wide consortia have been formed, trials and proof of concepts have been run, and, as evidenced by the recent announcement by the Australian Stock Exchange to replace its clearing and settlement system with a blockchain based system, we are moving into full production implementations of blockchain systems.
Cybersecurity garnered major attention in 2017. Unfortunately, data breaches continued to be a constant headline item, as were related class action litigation. As a result, cybersecurity was a “top of the agenda” item for state and federal agencies, state legislatures, regulators, corporate boards, GCs and plaintiffs’ lawyers.
As a related matter, privacy issues were also front and center this year. In particular, we saw increased activity in some of the cutting edge areas of privacy law, including biometrics-related litigation (particularly under the Illinois Biometric Information Privacy Act (known as BIPA)), video streaming privacy (particularly under the Video Privacy Protection Act, or the VPPA)) and mobile-related privacy issues.
There are many other issues that occupied our minds this year, including artificial intelligence, virtual and augmented reality, online copyright liability (including application of the DMCA in online contexts), and publisher/distributor liability for third party content online (under Section 230 of the Communications Decency Act). Additionally, parties involved in agreements of all types have been increasingly focused on technology-related legal risk, and were more intent on addressing and shifting technology-related risks with very specific contractual provisions. Continue Reading
I am pleased to announce that Proskauer has recently launched a new blog focused exclusively on the use of blockchain in business. The blog will be wide ranging in nature, covering the legal issues associated with blockchain as applied to financial services, health care, real estate, supply chain management, media and entertainment, advertising, content delivery, e-commerce and many other areas. We will also cover legal developments in the cryptocurrency space and ICO developments, “smart contracts” and the like. The issues span all areas of law. The blog will be a companion blog to this one, which will continue to cover legal developments in the tech and media space generally.
So check it out, blockchainandthelaw.com, and subscribe to that blog as well as this one!