Articles Posted in Business Law

Electronic data exists on multitude devices for everyone. In other words, electronic information such as letters, emails, pictures, or videos are being stored on your electronic devices on a regular basis. Now, we should be cognizant of this process and take steps to protect the electronic information and promote privacy rights.

The Fourth Amendment was enacted to promote an individual’s right to privacy and states as follows:

“The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”

The parties are generally entitled to discovery of relevant and admissible evidence during litigation. This process includes the discovery of electronically-stored information (“ESI”) which can be stored at internal and external locations such as the local area network and cloud.  It has become more prevalent for companies to transfer their electronic files to the cloud to reduce costs. It is now more practical to upload and transfer data to a third-party’s servers. However, there are certain risks associated with this process. First, you will be relinquishing control over the electronic information. Second, you will not have control over the third-party’s information security protocols. In other words, even if the electronic information is originally encrypted, it may lose its encryption status if uploaded or transferred to the third-party’s servers.

It is important for attorneys to have a general understanding of the client’s network infrastructure. So, it is always recommended to interview the client’s information technology staff. This way, legal counsel can be better prepared to ask and answer discovery-related questions. Moreover, the relevant discovery rules are outlined in the Federal Rules of Civil Procedure 26, 33, 34, 37, and 45, and Federal Rule of Evidence 502.

Court Mandated Guidelines

International e-commerce laws have been evolving since the inception of the information technology age. International e-commerce transactions take place over a network of computers and have become more streamlined with technology advancements. The following topics will be evaluated and addressed in this article: alternative dispute resolution and insurance.

Alternative Dispute Resolution (“ADR”) is an important factor when it comes to international e-commerce transactions. It is much easier to resolve local disputes without geographical challenges. However, that is not the case with international commercial transactions because the parties can be anywhere in the world. So, tracking, identifying, or locating the customer is not an easy task for international commercial transactions and presents jurisdictional issues. In most cases, they are related to contractual disputes for the purchase and sale of products or services. There could be non-contractual disputes such as trademark, copyright, data protection, and domain name disputes. The parties should have the option to engage in mediation or arbitration to resolve the dispute. Mediation is conducted by a neutral expert who renders a non-binding decision after reviewing the file. Arbitration is conducted by a neutral expert who renders a binding decision after reviewing the file. Our international mediation and arbitration attorneys regularly provide professional legal services to clients.

In some European countries, the customers are permitted to file a lawsuit against the e-commerce company in their own country or where the e-commerce company is located even if the company has no business operations therein. For example, in LICRA v. Yahoo, the French courts issued an order against Yahoo, which is based in the United States, to prevent French residents from purchasing Nazi memorabilia through its website.

International internet laws are related to international commercial disputes, jurisdiction, judgment enforcement, free speech and censorship, e-commerce transactions, intellectual property rights, or cybersecurity and privacy.

International commercial disputes can take place in foreign jurisdictions since the internet has no borders. The internet comprises of commercial, educational, governmental, and international networks that use certain communication protocols – e.g., TCP/IP, UDP, ICMP, HTTP, POP, FTP, IMAP – to communicate with each other. These protocols are used for data transmission across computer networks. For example, TCP/IP enables data exchange by providing end-to-end communications. UDP is used by software programs to transmit short datagram messages. ICMP is used for diagnostics and generating system error reports. HTTP, which stands for Hypertext Transfer Protocol, is a client-server protocol that permits access to web resources. POP is used to extract and download emails from a remote server. FTP, which stands for File Transfer Protocol, is used to send or receive files to or from a server and client computer.  IMAP, which stands for Internet Message Access Protocol, is used by email clients to download messages from a mail server. In short, these protocols are used to send and receive electronic information across the network of computers.

The issue of jurisdiction is important because there could be various reasons why a state or federal court would not choose to exercise authority over the parties. The courts have set out parameters for determining whether they can exercise jurisdiction. These parameters include the location of parties, defendant’s physical presence in the jurisdiction, and nature of violations towards the plaintiff.

International internet laws are relevant to e-commerce and online transactions in many ways. There are many international rules and regulations that can affect electronic commercial transactions – i.e., e-commerce transactions. For example, the European Union has issued multiple directives that are set to regulate international policies. These directives outline the legislative minimum standards for all member states. Therefore, it is important to understand the parameters in order to properly advise clients who conduct international business.

Data protection and privacy has been an important issue on the national and international levels. So, for example, the European Union’s Data Protection Directive (EU Directive No. 95/46/EC) has set out the data protection and privacy parameters. It prevents the transfer of personal information to foreign nations without adequate protection. It has outlined several important principles to properly safeguard personal information.  These principles include collecting personal information for a legitimate purpose, informing the individuals about data collection, granting access to the individual’s personal data, giving the individuals the right to access, modify, or delete their personal information, and providing proper remedies in case of violations. This includes the “Right To Be Forgotten” rule which grants individuals the right to delete personal information from internet records.

The EU Data Protection Directive has also addressed cookies by requiring website operators to obtain the visitor’s consent for using cookies on their platforms. This requirement forces website operators to provide notice to all visitors about using cookies and to request formal consent.

International internet laws are important to understand in the context of internet transactions. Also, the issue of a foreign court’s jurisdiction over the parties comes up on a regular basis. The international laws include treaties, directives, rules, and regulations. For example, the Hague Conference on Private International Laws has adopted a convention that governs jurisdiction and judgment enforcement among its members. As such, the parties will have the opportunity to select the venue, governing law, and jurisdiction for dispute resolution before executing agreements. This way, a predesignated court would have authority over the parties and could render a final and enforceable judgment. This convention allows the parties to enforce the judgment in the proper jurisdiction. It also applies to non-consumer browse-wrap and click-wrap agreements.

International internet laws can be complicated especially if there are multiple parties involved from different jurisdictions. For example, if the plaintiff is in France, and one defendant is in Germany, and the other is in the United States, a foreign court with proper authority over the case may not grant the protections afforded to the defendants by the United States laws. The court usually evaluates where the violation took place and who was affected by it. It will also evaluate whether the defendant’s actions were intentionally directed towards the plaintiff. In some cases, the courts have been inclined to apply United States laws to foreign litigants based on the facts and evidence. Therefore, it will be determined on a case-by-case basis.

A foreign court will likely have jurisdiction if the online commercial transactions – i.e., e-commerce transactions – had a substantial effect in their country. This is called the Effects Doctrine which holds that a foreign court should have jurisdiction where the effects are felt and damages take place despite the defendant’s citizenship or nationality. This principle has been useful in online harassment and defamation cases.

International alternative dispute resolution is a necessary variable when it comes to internet and e-commerce transactions. In most cases, the parties have entered into a written agreement that yields an arbitration or mediation clause. Therefore, it is important for legal counsel to ensure the relevant provisions properly address the following issues: (1) choice of forum; (2) choice of law; (3) selection and number of arbitrators; (4) proceeding language; (5) discovery rights; and (6) remedies – e.g., injunctions, attorney’s fees, court costs.

Trustmark providers require the parties to stipulate to some form of alternative dispute resolution. A “trustmark” is a seal or banner on a website that shows the business is compliant with industry standards. So, it promotes self-regulation of e-commerce websites. In addition, the European Union has issued directives for e-commerce transactions to promote using alternative dispute resolution.

The options are clear when it comes to alternative dispute resolution (“ADR”). First, there is “arbitration” which includes a formal determination of the legal rights of the parties. Second, there is “mediation” which facilitates formal negotiation between the parties by focusing on their underlying interests.

Electronic discovery is complicated because it’s a multifaceted procedure. The parties must review the computer network that yields the electronically stored information. They must identify the relevant electronically stored information (“ESI”) and understand the network infrastructure. The collection process is the next step wherein the parties must be able to locate, identify, and collect the relevant information. They may be required to hire forensic data professionals who can use special tools for the discovery process. These forensic data professionals should have access to electronic data discovery software. They should be able to procure mirror images of the electronic files which may yield metadata for a proper evaluation. They should also know how to handle metadata and privileged information (e.g., intellectual properties, trade secrets) to avoid complications. However, in most cases the discovery process becomes complicated due to a lack of cooperation between the parties. Therefore, it may be necessary to invoke the right to onsite inspection.

Onsite inspection of the adverse party’s computers is supported by the state and federal rules. For example, Rule 34(a) of the Federal Rules of Civil Procedure grants the right to engage in the onsite inspection of the adverse party’s computers. In California, Code of Civil Procedure Section 2031.010 grants the right to conduct onsite inspections in certain situations. In general, the requesting party should prove the adverse party has destroyed evidence, has altered documents, or has failed in its discovery obligations.

The courts have raised the concept of proportionality in their analyses. They’ve held that the cost and effort of electronic discovery should be justified by the litigation’s nature, amount in controversy, and relevancy of the requested electronic files. The courts have assessed whether the benefits of examination outweigh the privacy interests of the adverse party. If so, then the requesting party is granted the right to electronic discovery. Yet, there is a high probability that they will run into problems such as data alteration, deletion or fabrication.

There has been an increase in privacy violations that have led to class action lawsuits. For example, Facebook was forced to pay $550 million to settle a class action lawsuit for privacy violations. In that case, it was ordered to pay the plaintiffs due to an alleged systematic violation of an Illinois consumer privacy law. The settlement agreement included a provision that required Facebook to procure express consent for face analysis and auto-tagging its users. There have been other lawsuits filed against technology companies, such as, Shutterfly, Snapchat, and Google for similar violations.

The California Consumer Privacy Act (“CCPA”) gives consumers the right to request information from a business about its data collection and retention practices. The consumers have the right to know if the business is using their data to make inferences from their behavior, attitude, psychology, intelligence, or abilities. This statute grants consumers the right to request a data deletion. It gives the consumers an “opt-out option” from selling their data to third parties. However, the statute is not retroactive which means that it does not apply to violations that took place before implementing the law.

A putative class action lawsuit was filed against Hanna Andersson, LLC and Salesforce.com for their alleged failure to maintain reasonable safeguards that led to a data breach. The complaint alleges that a group of hackers infiltrated the defendants’ websites with malware allowing them to extract personal information. Under Civil Code § 1798.150, a consumer is permitted to file a lawsuit if he or she can prove the business failed to implement reasonable safeguards to protect personal information. Then, if the plaintiff overcomes the applicable burden of proof, then he or she may be entitled to a minimum of $100 or maximum of $750 per consumer per incident, or actual damages, whichever is greater, as well as injunctive relief. However, there is a provision which requires giving the business an opportunity to cure the violation. In other words, the consumer must initially inform the business of the violation and grant at least 30 days to cure the violation. The business must provide a written statement that confirms the violation has been cured and no other violation will take place. Yet, the statute does not yield a safe harbor clause for the business against consumers who are seeking actual damages.

There are various ways to protect your intellectual property rights. First, you can register a copyright. Second, you may register a trademark or service mark. Third, you may register a patent. Copyrights are meant to protect literature, music, motion pictures, artistic works, photographs, essays, articles, computer programs, graphic design, and sound recordings. A trademark is a word, phrase, symbol, or design, or a combination of any of them that identifies and distinguishes the source of the goods of one party from those of others. A service mark is the same as a trademark but it identifies and distinguishes the source of a service. A patent grants a property right to the inventor. It grants the right to exclude others from making, using, offering for sale, or selling the invention or importing the invention into the United States. In general, patents are valid for 20 years from the application date.

So, in summary, trademarks, service marks, copyrights, and patents protect different types of intellectual property. Trademarks protect brand names and logos used on goods and services. A copyright protects an original artistic or literary work. A patent protects inventions. For example, if you invent a television, you should file a patent application. You would apply to register a trademark to protect the television’s brand name. You can also register a copyright for the product’s advertisement.

There have been multiple intellectual property disputes especially between e-commerce websites. For example, there was a legal battle between Amazon and Barnes & Noble regarding the “single click” or “one-click” buying mechanism. This legal action was confidentially settled between the parties. Google has been sued by multiple companies for selling their trademarks as keywords. In fact, American Airlines and Geico have instigated legal actions against it. Also, the infamous “Da Vinci Code” lawsuit was brought by several authors against the Random House Group claiming copyright infringement. The case was about an alleged copyright violation by Dan Brown who wrote the bestselling “Da Vinci Code” book. However, the court dismissed the case and stated that there was no copyright infringement by textual or non-textual copying of a substantial part of the subject book.