Articles Posted in Business Law

There is a general presumption that workplace privacy does not exist under any circumstances. However, that is not always the case. The state Constitution grants privacy rights and a private right of action to file a lawsuit against employers who violate those rights. It states in relevant part that: “All people are by nature free and independent and have inalienable rights. Among these are enjoying and defending life and liberty, acquiring, possessing, and protecting property, pursuing and obtaining safety, happiness, and privacy.”

The courts have decided that the main issue is whether the employee has a “reasonable expectation of privacy.” So, for example, employers are allowed to monitor internet usage or business email communications. Nevertheless, employers are not permitted to conduct surveillance in bathrooms or locker rooms. An employer may be held liable for disclosing the employee’s termination reasons, arrests, convictions, credit reports, misconduct reports, medical information, or confidential communications.

Employers are usually interested in social media activities of their actual or potential employees. They may review their social media accounts to make hiring decisions. However, California Labor Code § 980 prohibits employers from requesting disclosure of usernames or passwords of social media accounts. It also prohibits employers to require the employees to access personal social media accounts in their presence. California Labor Code § 980 states in relevant part that an employer shall not require or request an employee or applicant for employment to do any of the following:

Workplace privacy rights and legal restrictions on workplace monitoring are important issues. Many employers monitor employee activities to increase productivity and avoid workplace violations. They may use special software to monitor the network activities which can include email, telephone, and internet activities. However, they should also consider the employee’s reasonable expectation of privacy.

An employer, that has a legitimate interest in monitoring its employees, should be allowed to monitor business-related communications without problems. A legitimate interest can be established when there is proof that surveillance was conducted to promote efficiency and productivity. Employers usually inform their employees that they are being monitored to avoid violating their privacy rights. In other words, once the employee knows that he or she is being monitored, then he or she does not have a reasonable expectation of privacy. However, any kind of workplace monitoring should be narrowly tailored in time, place, and manner.

The Electronic Communications Privacy Act (codified under 18 U.S.C. 2511, et seq.) is a federal statute that is designed to control the workplace monitoring of electronic communications. It generally prohibits employers from intercepting electronic communications of their employees. Nevertheless, there are the following exceptions: (1) business purpose exception; and (2) consent exception. The “business purpose exception” applies when the employer is able to show surveillance was being conducted for a legitimate business purpose. The “consent exception” applies when the employer is able to show surveillance was being conducted with the employee’s knowledge and consent.

Electronic data exists on multitude devices for everyone. In other words, electronic information such as letters, emails, pictures, or videos are being stored on your electronic devices on a regular basis. Now, we should be cognizant of this process and take steps to protect the electronic information and promote privacy rights.

The Fourth Amendment was enacted to promote an individual’s right to privacy and states as follows:

“The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”

The parties are generally entitled to discovery of relevant and admissible evidence during litigation. This process includes the discovery of electronically-stored information (“ESI”) which can be stored at internal and external locations such as the local area network and cloud.  It has become more prevalent for companies to transfer their electronic files to the cloud to reduce costs. It is now more practical to upload and transfer data to a third-party’s servers. However, there are certain risks associated with this process. First, you will be relinquishing control over the electronic information. Second, you will not have control over the third-party’s information security protocols. In other words, even if the electronic information is originally encrypted, it may lose its encryption status if uploaded or transferred to the third-party’s servers.

It is important for attorneys to have a general understanding of the client’s network infrastructure. So, it is always recommended to interview the client’s information technology staff. This way, legal counsel can be better prepared to ask and answer discovery-related questions. Moreover, the relevant discovery rules are outlined in the Federal Rules of Civil Procedure 26, 33, 34, 37, and 45, and Federal Rule of Evidence 502.

Court Mandated Guidelines

International e-commerce laws have been evolving since the inception of the information technology age. International e-commerce transactions take place over a network of computers and have become more streamlined with technology advancements. The following topics will be evaluated and addressed in this article: alternative dispute resolution and insurance.

Alternative Dispute Resolution (“ADR”) is an important factor when it comes to international e-commerce transactions. It is much easier to resolve local disputes without geographical challenges. However, that is not the case with international commercial transactions because the parties can be anywhere in the world. So, tracking, identifying, or locating the customer is not an easy task for international commercial transactions and presents jurisdictional issues. In most cases, they are related to contractual disputes for the purchase and sale of products or services. There could be non-contractual disputes such as trademark, copyright, data protection, and domain name disputes. The parties should have the option to engage in mediation or arbitration to resolve the dispute. Mediation is conducted by a neutral expert who renders a non-binding decision after reviewing the file. Arbitration is conducted by a neutral expert who renders a binding decision after reviewing the file. Our international mediation and arbitration attorneys regularly provide professional legal services to clients.

In some European countries, the customers are permitted to file a lawsuit against the e-commerce company in their own country or where the e-commerce company is located even if the company has no business operations therein. For example, in LICRA v. Yahoo, the French courts issued an order against Yahoo, which is based in the United States, to prevent French residents from purchasing Nazi memorabilia through its website.

International internet laws are related to international commercial disputes, jurisdiction, judgment enforcement, free speech and censorship, e-commerce transactions, intellectual property rights, or cybersecurity and privacy.

International commercial disputes can take place in foreign jurisdictions since the internet has no borders. The internet comprises of commercial, educational, governmental, and international networks that use certain communication protocols – e.g., TCP/IP, UDP, ICMP, HTTP, POP, FTP, IMAP – to communicate with each other. These protocols are used for data transmission across computer networks. For example, TCP/IP enables data exchange by providing end-to-end communications. UDP is used by software programs to transmit short datagram messages. ICMP is used for diagnostics and generating system error reports. HTTP, which stands for Hypertext Transfer Protocol, is a client-server protocol that permits access to web resources. POP is used to extract and download emails from a remote server. FTP, which stands for File Transfer Protocol, is used to send or receive files to or from a server and client computer.  IMAP, which stands for Internet Message Access Protocol, is used by email clients to download messages from a mail server. In short, these protocols are used to send and receive electronic information across the network of computers.

The issue of jurisdiction is important because there could be various reasons why a state or federal court would not choose to exercise authority over the parties. The courts have set out parameters for determining whether they can exercise jurisdiction. These parameters include the location of parties, defendant’s physical presence in the jurisdiction, and nature of violations towards the plaintiff.

International internet laws are relevant to e-commerce and online transactions in many ways. There are many international rules and regulations that can affect electronic commercial transactions – i.e., e-commerce transactions. For example, the European Union has issued multiple directives that are set to regulate international policies. These directives outline the legislative minimum standards for all member states. Therefore, it is important to understand the parameters in order to properly advise clients who conduct international business.

Data protection and privacy has been an important issue on the national and international levels. So, for example, the European Union’s Data Protection Directive (EU Directive No. 95/46/EC) has set out the data protection and privacy parameters. It prevents the transfer of personal information to foreign nations without adequate protection. It has outlined several important principles to properly safeguard personal information.  These principles include collecting personal information for a legitimate purpose, informing the individuals about data collection, granting access to the individual’s personal data, giving the individuals the right to access, modify, or delete their personal information, and providing proper remedies in case of violations. This includes the “Right To Be Forgotten” rule which grants individuals the right to delete personal information from internet records.

The EU Data Protection Directive has also addressed cookies by requiring website operators to obtain the visitor’s consent for using cookies on their platforms. This requirement forces website operators to provide notice to all visitors about using cookies and to request formal consent.

International internet laws are important to understand in the context of internet transactions. Also, the issue of a foreign court’s jurisdiction over the parties comes up on a regular basis. The international laws include treaties, directives, rules, and regulations. For example, the Hague Conference on Private International Laws has adopted a convention that governs jurisdiction and judgment enforcement among its members. As such, the parties will have the opportunity to select the venue, governing law, and jurisdiction for dispute resolution before executing agreements. This way, a predesignated court would have authority over the parties and could render a final and enforceable judgment. This convention allows the parties to enforce the judgment in the proper jurisdiction. It also applies to non-consumer browse-wrap and click-wrap agreements.

International internet laws can be complicated especially if there are multiple parties involved from different jurisdictions. For example, if the plaintiff is in France, and one defendant is in Germany, and the other is in the United States, a foreign court with proper authority over the case may not grant the protections afforded to the defendants by the United States laws. The court usually evaluates where the violation took place and who was affected by it. It will also evaluate whether the defendant’s actions were intentionally directed towards the plaintiff. In some cases, the courts have been inclined to apply United States laws to foreign litigants based on the facts and evidence. Therefore, it will be determined on a case-by-case basis.

A foreign court will likely have jurisdiction if the online commercial transactions – i.e., e-commerce transactions – had a substantial effect in their country. This is called the Effects Doctrine which holds that a foreign court should have jurisdiction where the effects are felt and damages take place despite the defendant’s citizenship or nationality. This principle has been useful in online harassment and defamation cases.

International alternative dispute resolution is a necessary variable when it comes to internet and e-commerce transactions. In most cases, the parties have entered into a written agreement that yields an arbitration or mediation clause. Therefore, it is important for legal counsel to ensure the relevant provisions properly address the following issues: (1) choice of forum; (2) choice of law; (3) selection and number of arbitrators; (4) proceeding language; (5) discovery rights; and (6) remedies – e.g., injunctions, attorney’s fees, court costs.

Trustmark providers require the parties to stipulate to some form of alternative dispute resolution. A “trustmark” is a seal or banner on a website that shows the business is compliant with industry standards. So, it promotes self-regulation of e-commerce websites. In addition, the European Union has issued directives for e-commerce transactions to promote using alternative dispute resolution.

The options are clear when it comes to alternative dispute resolution (“ADR”). First, there is “arbitration” which includes a formal determination of the legal rights of the parties. Second, there is “mediation” which facilitates formal negotiation between the parties by focusing on their underlying interests.

Electronic discovery is complicated because it’s a multifaceted procedure. The parties must review the computer network that yields the electronically stored information. They must identify the relevant electronically stored information (“ESI”) and understand the network infrastructure. The collection process is the next step wherein the parties must be able to locate, identify, and collect the relevant information. They may be required to hire forensic data professionals who can use special tools for the discovery process. These forensic data professionals should have access to electronic data discovery software. They should be able to procure mirror images of the electronic files which may yield metadata for a proper evaluation. They should also know how to handle metadata and privileged information (e.g., intellectual properties, trade secrets) to avoid complications. However, in most cases the discovery process becomes complicated due to a lack of cooperation between the parties. Therefore, it may be necessary to invoke the right to onsite inspection.

Onsite inspection of the adverse party’s computers is supported by the state and federal rules. For example, Rule 34(a) of the Federal Rules of Civil Procedure grants the right to engage in the onsite inspection of the adverse party’s computers. In California, Code of Civil Procedure Section 2031.010 grants the right to conduct onsite inspections in certain situations. In general, the requesting party should prove the adverse party has destroyed evidence, has altered documents, or has failed in its discovery obligations.

The courts have raised the concept of proportionality in their analyses. They’ve held that the cost and effort of electronic discovery should be justified by the litigation’s nature, amount in controversy, and relevancy of the requested electronic files. The courts have assessed whether the benefits of examination outweigh the privacy interests of the adverse party. If so, then the requesting party is granted the right to electronic discovery. Yet, there is a high probability that they will run into problems such as data alteration, deletion or fabrication.