Articles Posted in Internet Law

We have briefly discussed some of the state and federal privacy laws that are applicable to consumers and commercial organizations. It is important to understand how personal information is being obtained and distributed by businesses. Personal information is also being obtained and distributed by bad actors – i.e., criminals who gain access to customer information through clandestine methods and sell the information for profit. This information can be extracted by using cookies which is a software program that records the customer’s activities when visiting the website. Yet, a computer can be configured to not automatically accept cookies. Tracking software is being used to follow and monitor the customer’s online activities. The Federal Trade Commission, which has the authority to bring legal action for unfair or deceptive trade practices affecting commerce, has prosecuted companies for their failure to properly disclose this information.

What are the federal privacy laws?

The Federal Constitution has implicitly granted privacy rights. The Fourth Amendment prohibits unreasonable searches and seizures. There has been a series of legal cases that have dealt with this provision in order to determine the definition of unreasonable searches and seizures. However, some courts have held website monitoring programs that may reveal Internet Protocol or electronic mail addresses do not implicate the Fourth Amendment. The federal privacy laws that have been promulgate by the federal government include: (1) Driver’s Privacy Protection Act; (2) Electronic Communications Privacy Act; (3) Family Educational Rights and Privacy Act; (4) Fair Credit Reporting Act; (5) Fair Debt Collection Practices Act; (6) Federal Privacy Act; (7) Financial Services Modernization Act a/k/a “Gramm-Leach Bliley Act;” and (8) Video Privacy Protection Act which grants consumers the right to opt-out from disclosure of their personal information and file a legal action if their rights are violated. Also, the Federal Identity Theft and Assumption Deterrence Act prohibits the production and possession of false or unauthorized documents or the usage of another person’s identity.

There are state and federal privacy laws that are applicable to consumers and commercial organizations. There has been much activity with the collection and distribution of private or confidential information in recent years. Personal information can be collected through several methods such as voluntary disclosures, cookies, website bugs, tracking software, malware (e.g., worms, trojans, spyware), and phishing. For example, tracking software can be used to collect information but there must be proper disclosure. Nonetheless, criminals do not follow the rules or guidelines and it is a known fact they have access to the tools and techniques to extract customer information without obtaining authorization.

Personal information is certainly valuable to its owner. It is also valuable to a bad actor who is seeking to misuse the personal information without authorization. The bad actors who obtain personal information in a secretive manner are planning to gain a profit. They may engage in identity theft or online impersonation by using the wrongfully obtained personal information. Identity theft has caused a significant amount of monetary damages to the victims. There are state and federal laws that prohibit identity theft in every jurisdiction. The National Conference of State Legislatures provides a comprehensive list of these laws. In California, the following state laws prohibit identity theft and provide remedies:

  1. California Penal Code § 368: It prohibits identity theft against elders and disabled persons;

International e-commerce laws have been evolving since the inception of the information technology age. International e-commerce transactions take place over a network of computers and have become more streamlined with technology advancements. The following topics will be evaluated and addressed in this article: alternative dispute resolution and insurance.

Alternative Dispute Resolution (“ADR”) is an important factor when it comes to international e-commerce transactions. It is much easier to resolve local disputes without geographical challenges. However, that is not the case with international commercial transactions because the parties can be anywhere in the world. So, tracking, identifying, or locating the customer is not an easy task for international commercial transactions and presents jurisdictional issues. In most cases, they are related to contractual disputes for the purchase and sale of products or services. There could be non-contractual disputes such as trademark, copyright, data protection, and domain name disputes. The parties should have the option to engage in mediation or arbitration to resolve the dispute. Mediation is conducted by a neutral expert who renders a non-binding decision after reviewing the file. Arbitration is conducted by a neutral expert who renders a binding decision after reviewing the file. Our international mediation and arbitration attorneys regularly provide professional legal services to clients.

In some European countries, the customers are permitted to file a lawsuit against the e-commerce company in their own country or where the e-commerce company is located even if the company has no business operations therein. For example, in LICRA v. Yahoo, the French courts issued an order against Yahoo, which is based in the United States, to prevent French residents from purchasing Nazi memorabilia through its website.

International e-commerce laws have been evolving since the inception of the information technology age. International e-commerce transactions which take place over the vast network of computers have become more streamlined with the advancement of technology. The following topics will be evaluated and addressed in these series of articles: Intellectual properties, taxes, and alternative dispute resolution.

Intellectual property rights can be protected by registering trademarks, copyrights or patents with governmental agencies. For example, the United States Patent and Trademark Office (“USPTO”) registers patents and trademarks. The United States Copyright Office registers copyrights. However, trade secrets cannot be registered with any government agencies. The trade secret owner is responsible to protect it by taking precautionary steps. International e-commerce and business law attorneys should recommend the following steps to their clients: (1) locate, identify, and mark the trade secrets; (2) restrict access to the trade secrets; (3) sign non-disclosure agreements with the trade secret holders; and (4) restrict access to the trade secrets. The Uniform Trade Secrets Act (“UTSA”) defines a trade secret as information that derives independent economic value because it is not generally known or readily ascertainable and is the subject of efforts to maintain secrecy. It includes formulas, patterns, compilations, programs, devices, methods, techniques, or processes that yield economic value – e.g., customer lists.

International e-commerce transactions will be taxed by the appropriate government agencies. In 2018, the United States Supreme Court addressed this issue in South Dakota v. Wayfair and acknowledged the states are losing revenue due to their incapability to collect sales tax from out-of-state retailers. Thus far, the Internet Tax Freedom Act (“ITFA”) and Streamlined Sales Tax Project have been implemented to prevent new taxes on e-commerce transactions and to simplify sales and use taxes.

International e-commerce laws pertain to online commercial transactions that takes place for the purchase or sale of goods and services.  Electronic contracts are used for the purchase or sale of software through shrink-wrap, click-wrap, and browse-wrap agreements. In general, these electronic transactions have a correlation to taxes, duties, and custom laws. In addition, the topic of intellectual property must be addressed to protect confidential information such as trademarks, copyrights, patents, and trade secrets.

There are six principles that apply to electronic agreements. First, the users should have automatic access to the agreement’s terms. Second, the contractual terms should comply with the applicable laws in relation to form, content, notice, and disclosure. Third, the users should be given the opportunity to take some form of affirmative action to consummate the transaction. Fourth, users should be given the opportunity to reject the agreement. Fifth, the agreement process should provide the user to detect and correct errors. Sixth, users should be able to print the agreement and software developers should provide a method to preserve the electronic records.

It is important for e-businesses to comply with the guidelines. For example, e-businesses should use fair advertising and marketing strategies for the online transactions. They should provide correct and accessible information about their company and its goods and services. They should fully disclose information regarding the transaction’s terms and conditions. They should provide a secure method for online payments. They should protect the customer’s privacy during the e-commerce transactions.

International internet laws are related to international commercial disputes, jurisdiction, judgment enforcement, free speech and censorship, e-commerce transactions, intellectual property rights, or cybersecurity and privacy.

International commercial disputes can take place in foreign jurisdictions since the internet has no borders. The internet comprises of commercial, educational, governmental, and international networks that use certain communication protocols – e.g., TCP/IP, UDP, ICMP, HTTP, POP, FTP, IMAP – to communicate with each other. These protocols are used for data transmission across computer networks. For example, TCP/IP enables data exchange by providing end-to-end communications. UDP is used by software programs to transmit short datagram messages. ICMP is used for diagnostics and generating system error reports. HTTP, which stands for Hypertext Transfer Protocol, is a client-server protocol that permits access to web resources. POP is used to extract and download emails from a remote server. FTP, which stands for File Transfer Protocol, is used to send or receive files to or from a server and client computer.  IMAP, which stands for Internet Message Access Protocol, is used by email clients to download messages from a mail server. In short, these protocols are used to send and receive electronic information across the network of computers.

The issue of jurisdiction is important because there could be various reasons why a state or federal court would not choose to exercise authority over the parties. The courts have set out parameters for determining whether they can exercise jurisdiction. These parameters include the location of parties, defendant’s physical presence in the jurisdiction, and nature of violations towards the plaintiff.

International internet laws are relevant to e-commerce and online transactions in many ways. There are many international rules and regulations that can affect electronic commercial transactions – i.e., e-commerce transactions. For example, the European Union has issued multiple directives that are set to regulate international policies. These directives outline the legislative minimum standards for all member states. Therefore, it is important to understand the parameters in order to properly advise clients who conduct international business.

Data protection and privacy has been an important issue on the national and international levels. So, for example, the European Union’s Data Protection Directive (EU Directive No. 95/46/EC) has set out the data protection and privacy parameters. It prevents the transfer of personal information to foreign nations without adequate protection. It has outlined several important principles to properly safeguard personal information.  These principles include collecting personal information for a legitimate purpose, informing the individuals about data collection, granting access to the individual’s personal data, giving the individuals the right to access, modify, or delete their personal information, and providing proper remedies in case of violations. This includes the “Right To Be Forgotten” rule which grants individuals the right to delete personal information from internet records.

The EU Data Protection Directive has also addressed cookies by requiring website operators to obtain the visitor’s consent for using cookies on their platforms. This requirement forces website operators to provide notice to all visitors about using cookies and to request formal consent.

International internet laws are important to understand in the context of internet transactions. Also, the issue of a foreign court’s jurisdiction over the parties comes up on a regular basis. The international laws include treaties, directives, rules, and regulations. For example, the Hague Conference on Private International Laws has adopted a convention that governs jurisdiction and judgment enforcement among its members. As such, the parties will have the opportunity to select the venue, governing law, and jurisdiction for dispute resolution before executing agreements. This way, a predesignated court would have authority over the parties and could render a final and enforceable judgment. This convention allows the parties to enforce the judgment in the proper jurisdiction. It also applies to non-consumer browse-wrap and click-wrap agreements.

International internet laws can be complicated especially if there are multiple parties involved from different jurisdictions. For example, if the plaintiff is in France, and one defendant is in Germany, and the other is in the United States, a foreign court with proper authority over the case may not grant the protections afforded to the defendants by the United States laws. The court usually evaluates where the violation took place and who was affected by it. It will also evaluate whether the defendant’s actions were intentionally directed towards the plaintiff. In some cases, the courts have been inclined to apply United States laws to foreign litigants based on the facts and evidence. Therefore, it will be determined on a case-by-case basis.

A foreign court will likely have jurisdiction if the online commercial transactions – i.e., e-commerce transactions – had a substantial effect in their country. This is called the Effects Doctrine which holds that a foreign court should have jurisdiction where the effects are felt and damages take place despite the defendant’s citizenship or nationality. This principle has been useful in online harassment and defamation cases.

The Eliminating Abuse and Rampant Neglect of Interactive Technology (“EARN IT”) Act is a proposed bill that is designed to permit government agencies scan online messages and prevent child sexual exploitations. It is meant to force websites remove child abuse images from their platforms. The advocates argue it is necessary to allow the government evaluate online communications for potential violations. They argue that websites should be held accountable for user violations. This law seems to be against encryption which is used to obscure content from the unintended recipient. Encryption technology has been used to protect online privacy by scrambling messages through special algorithms. It can only be deciphered by the intended recipient who has access to the private key. Encryption can be used to securely communicate on the internet but it can also be used for nefarious reasons. That said, the EARN IT Act does not use the term “encryption” in its provisions. The supporting legislators have claimed the proposed statute is not designed to outlaw encryption. Also, it would require websites to adhere to certain best practices that will be implemented by the Attorney General’s Office by selecting a group of law enforcement agents who would impose them.

The EARN IT Act could reduce the protections granted under Section 230 of the Communications Decency Act (“CDA”) which provides a certain level of immunity for online service providers. Now, the immunity is not absolute but it is not very far from it. It protects online service providers (a/k/a “interactive computer service providers”) from user violations. For example, if the user engages in conduct that constitutes invasion of privacy of another person, the website would be shielded from legal liability. So, the victim could not file a lawsuit against the website for the user’s violations. However, the following three exceptions apply: (1) federal criminal activity and obscene material; (2) intellectual property violations; and (3) sex trafficking. In fact, 47 U.S.C. § 230(e)(1) prohibits obscene material and sexual exploitation of children. Moreover, 47 U.S.C. § 223 prohibits the transmission of lewd, lascivious, filthy, or indecent messages to a person under the age of eighteen. The CDA prohibits online service providers from sexual exploitation of minors, sex trafficking, or promotion of prostitution in jurisdictions where it is illegal. In other words, interactive computer service providers cannot facilitate these activities on their platforms. In Reno v. ACLU, the Supreme Court evaluated the CDA and its relevant provisions. It found that the CDA criminalized protected speech – e.g., sexually explicit speech – and unprotected obscenity.

The EARN IT Act has been compared to the Fight Online Sex Trafficking Act (“FOSTA”) and Stop Enabling Sex Trafficking Act (“SESTA”) which were passed to fight against online sex trafficking by making websites criminally liable for user content. These federal statutes caused several websites, including, but not limited to, Craigslist and Backpage to remove pages or be completely shut down. So naturally, critics have argued that they promoted online speech censorship and prevented people who engaged in consensual sex work. Yet, if the proposed bill passes legislation, it could open the floodgates for lawsuits against technology companies.

Free speech and censorship laws have clashed for a very long time in this country. On one hand, we have the constitutional right to free speech. On the other hand, there are limitations that can be applied on a case-by-case basis. In short, speech can be censored if it includes obscenity, child pornography, or the incitement of imminent lawless action. The Supreme Court has faced a multitude of cases in these contexts. For example, in Schenck v. United States, the court ruled that freedom of speech does not include the right to incite actions that would harm others. In Roth v. United States, it held that it is unlawful to make or distribute obscene materials. In United States v. O’Brien, it held that it is unlawful to burn draft cards as an anti-war protest. In Hazelwood School District v. Kuhlmeier, it ruled that it is unlawful to permit students to print articles in a school newspaper over the objections of the school administration. In Bethel School District #43 v. Fraser, the court held that it is illegal for students to make obscene speech at a school-sponsored event. Furthermore, in Morse v. Frederick, it held that students cannot advocate illegal drug use at a school-sponsored event. The point is that even though there are a vast amount of constitutionally-protected rights, yet there are certain limitations.

How does the First Amendment apply to private social media platforms?

The First Amendment is designed to limit government agencies from encroaching upon its citizen’s rights. In recent years, private social media platforms – e.g., Facebook, Twitter, Instagram – have had discretion to limit, control, or censor online speech of their users. It is certainly arguable that the state and federal constitutions should also apply to private social media platforms because truth and falsity have always clashed with each other during the course of history. There are several schools of thought that analyze free speech rights based on the freedom of expression. First, one idea is that government should not change or alter the marketplace of ideas with censorship. Second, the other idea is that people should have the liberty to express themselves in society without reservation. So, if the social media platforms are granted censorship rights, then it would prevent liberty and growth. Now, more recently, in Packingham v. North Carolina, the Supreme Court acknowledged the fact that speech is taking place on social media platforms more than anywhere else. As such, the State Action Doctrine’s application should be reevaluated by the legislators.