Having read the recent Supreme Court decision of Star Athletica v. Varsity Brands and the new unified test for copyright protectability in useful articles, we can now turn to the challenge of what actual changes will result from this opinion. http://www.lanepowell.com/wp-content/uploads/20170329Intellectual-Property-Legal-Update-Spelman.pdf.

While nothing changes with regard to how trademarks are handled in the useful article world, there are some practice tips that will strengthen the opportunity to protect what designs are eligible for copyright. Each of the practice tips below revolves around working proactively. Copyright is a game played proactively for best and most predictable results. These tips are calculated to make that proactivity a system that works in your favor:

1. Document: as you design, keep documentation of the iterative drafts and the dead ends that you consider as well as the final design. If there is a challenge that your design in an infringement, it is useful evidence to demonstrate that you were truly designing new work and that you evolved the final design out a whole field of discarded drafts;

2. Focus: if you do review the current field of existing designs as you search for the new design option, clear the work area of all the prior designs. It is too easy to “borrow” or be “inspired” by existing designs when that prior design is right there in front of you;

3. Register: file copyright applications early and often at the U.S. Copyright Office using the “Electronic Copyright Office” (“ECO”) filing system. Optimally, you will keep a file of the works that you are designing. Filing a batch of new copyright applications every calendar quarter (90 days) is a sure way to be certain that you are going to get the benefits of claiming statutory damages and attorney’s fees in every dispute… And the consequential benefit of having a remarkable archival demonstration of what you are creating and have created;

4. Drive: check to be sure that any license or distribution agreement includes provisions that you are in control of dispute resolution, including litigation. Sometimes found in the “indemnity” clause; sometimes in a separate clause, but do provide for what happens when things go wrong:

5. Notice: while no longer mandatory, there are substantial legal and practical benefits to affixing notice on the article being distributed. For instance, if you are publishing code for 3-D printing, be sure to include a copyright notice in the object code, or as part of the surface of what is “printed”;

6. Clarify Ownership: be sure to clarify who is the claimant/author of the work each time. Who owns the design becomes very important. Remember that independent contractors (those whom you pay using an IRS 1099 reporting form) are the authors of their design unless there is a written assignment to you.

Copyright is stronger and a more reliable as an asset when the ownership and the registration process is faithfully worked through as a standard operating procedure. Proactive habits are pivotal to a viable copyright program.

Beyond_IP_Law_Black-and-WhiteAmerican and Canadian data scientists, librarians, hackers and activists have united in a “rogue” movement to locate and archive climate data maintained by U.S. agencies.  Environmental scholars and librarians at the University of Pennsylvania founded DataRefuge in late 2016.  The purpose of DataRefuge is to prevent the new U.S. administration from adapting former Canadian Prime Minister Stephen Harper’s treatment of a centuries’ worth of scientific data.

What happened in Canada?  How, pray tell, did P.M. Harper’s administration treat environmental data when he controlled the administration between 2006 and 2015?  The administration: Burned it; Stripped it from websites; Closed research libraries; Expanded budgets to include salaries for assigned administrative “minders” to accompany scientists to media and scholarly events; Threw hard copies of generations of data into dumpsters; and Created an effective public media blackout on climate change, because the bureaucracy so frustrated journalists that media coverage of government environment research dropped by 80%.[1]

Ok.  So this sounds bad, but nothing really bad happens when a government scientific data is not available to the public, right?  Not much.  Just overfishing, lag time in addressing viruses affecting plant and animal based food sources and the underestimation of the levels of radiation released from a nuclear plant in Japan.[2]  By the time Canadian scientists held a mock funeral for the “death of scientific evidence” on Parliament Hill in 2013, the public had lost access to scientific data needed to set appropriate fishing quotas that are needed to provide stewardship of the fishing industry for decades.

What is happening in the U.S.?  Newly formed oversight organizations such as the Environmental Data & Governance Initiative[3] are documenting ‘changes’ in the U.S. government’s transparency on scientific issues.  “Changes,” means the public can no longer access data that the government has compiled for over a century at great cost, mostly funded by public monies.  The United Kingdom announced the funding of £14 million (approximately, $17 million U.S.) “to ensure that the published outcomes of publicly funded research are made widely accessible as quickly as possible.”[4]  Most would say that despite their different approaches to personal privacy, the U.S. and the U.K. share the same core ideology about government; yet the U.S. is actively hiding data that was previously available to the public as the U.K. is broadening access to data that has not yet been collected.  Oh the irony!

M.I.A. Data.  What is missing from U.S. federal government websites this Beyond_IP_Law_Puppiesmonth?  Data from the: (1) Department of Energy showing the correlation between burning coal and greenhouse gas emissions, (2) Interior Department related to the negative effects of hydraulic fracturing on federal land,[5] and the (3) U.S. Department of Agriculture’s Animal and Plant Health Inspection Service identifying circuses, zoos, research labs and puppy mills that violated the Animal Welfare Act and the Horse Protection Act.[6]

None of the agencies provided prior notice of the changes to their websites as required by the 1995 Paperwork Reduction Act.  The USDA reposted some records about violators after the American Humane Society threatened to sue, but data about puppy mills and zoos is still missing.[7]  Puppies! Cue, Sarah McLachlan’s “In the Arms of an Angel” commercial for the ASPCA.  Seriously, puppies. I would like to know which businesses mistreat them so I can do something about it.  Open access groups anticipate additional limits on the types of data will be disclosed.[8]  So, what can be done to keep data accessible? Are there private actors that can fill the holes in the government’s reporting?

What are the risks to the citizens and political oponents?  Activists are concerned that the public will not have access to the data necessary to hold the government accountable.  Accountability requires knowledge.  Remember when the hardest working, most experienced beat cops solved crimes on TV by wearing down the suspects and not stopping until every witness had been interviewed?  Now cops solve crimes with algorithms, autoclaves and TrueAllele.  Villains no longer steal gold ingots; they steal thumb drives.  The power shift from power to knowledge is evident in cinema and life.  “The Firm,” a movie that is about photocopying records to help the FBI, is converse to the strategy employed by Enron, which was to shred data before the government could seize it.

Dr. Bethany Wiggin voiced her concern that the politicization of science may keep “knowledge out of the hands of your political opponents,” which is “an effective win.”[9] Without data to correlate the presence of certain chemicals to illnesses lawsuits, implementation of product safety measures and conservation of animals will be much more difficult.  Knowing that child mortality increases when the new power plant opened in town is a fine thing to know.  But, only when you can prove the connection between the two is when you have the power to effect change.

“Rogue” U.S. data scientists, librarians and hackers are mobilized and making a difference.  Absent government websites with comprehensive scientific data, the public will be forced to rely on Freedom of Information Act requests or through nonprofit journalism websites like Mother Jones or the Sunlight Foundation.  Non-profits may be the best option to preserve existing data. Since November, DataRefuge, alone has hosted almost 20 events in several cities, including New York, Ann Arbor, Chicago, Los Angeles and Toronto.  Data scientists are not waiting to see how far the deletions go.  Instead, they assume that what happened in Canada will happen in the U.S.

Sometimes, apparently, you have to play dirty to preserve data.   Data scientists identify where the data is, or was, downloadable. Determine whether you can scrape the data off pages with web crawlers, if you need to write data-harvesting scripts or use other means.  Save the data somewhere safe.  The DataRefuge reportedly saves climate data to the Internet Archive or a research library.  The librarians (I LOVE librarians!) organize the data consistent with its original descriptors and try to keep the data free of evidence of handling.  Simple, right?  No.  Below are links to organizations that seem to have it all sorted out for you.  I do NOT support hacking; but I understand.

I don’t know about you, but if data scientists and librarians are consorting with hackers, I am terrified what will happen if they lose.  Let’s hope no fires in the U.S. are fueled by 60 years of climate data.

Beyond_IP_Law_Volcano Harvard Business Review and The Guardian have described data scientists like this:  Data Scientist: The Sexiest Job of the 21st Century and Data scientists: ‘As rare as unicorns.’  Now data scientists have an origin story.

Below are links to nonprofit organizations that are able and willing to assist others in joining the effort to preserve data before it is out of the public’s reach.  You can support and contact data preservationists at the links below:














[1] Palen, Wendy, When Canadian Scientists Were Muzzled by Their Government, NY Times, Feb. 14, 2017, https://www.nytimes.com/2017/02/14/opinion/when-canadian-scientists-were-muzzled-by-their-government.html?rref=collection%2Ftimestopic%2FHarper%2C%20Stephen%20J.&action=click&contentCollection=timestopics&region=stream&module=stream_unit&version=latest&contentPlacement=1&pgtype=collection; and Sowunmi, Jordan, The Harper Government has Trashed and Destroyed Environmental Books and Documents, Vice, Jan. 15, 2014, https://www.vice.com/en_ca/article/the-harper-government-has-trashed-and-burned-environmental-books-and-documents.

[2] Manasan, Althea, FAQ: The issues around muzzling government scientists, CBC News, May 20, 2015, http://www.cbc.ca/news/technology/faq-the-issues-around-muzzling-government-scientists-1.3079537.

[3] https://envirodatagov.org/.

[4] Research Councils UK, RCUK announces 2016/17 Block Grant for Open Access, Oct. 19, 2016, http://www.rcuk.ac.uk/media/news/161019/.

[5] Harmon, Amy, Activists Rush to Save Government Science Data – If They Can Find It, Save the US EPA, Mar. 7, 2017, https://savetheusepa.org/2017/03/07/activists-rush-to-save-government-science-data-if-they-can-find-it/.

[6] Chan, Melissa, The Government Purged Animal Welfare Data.  Now the Humane Society is Threatening to Sue, Time, Feb. 6, 2017, http://time.com/4661446/usda-animal-website-humane-society-lawsuit/.  

[7]Lewis, Lauren, Puppy Mill Inspection Reports Still Missing From Partially Restored USDA Database, World Animal News, Feb. 21, 2017, http://worldanimalnews.com/puppy-mill-inspection-reports-still-missing-partially-restored-usda-database/.

[8] In January, a bill was introduced to limit “the collection and disclosure of data about racial disparities in fair housing.”  Larson, Selena, Why Trump’s election scares data scientists: Trump administration removing info from websites, CNNMoney, Feb. 25, 2017, http://money.cnn.com/2017/02/25/technology/data-refuge-saving-data/index.html.

[9] Id.

The World Intellectual Property Office (WIPO)  has released its 2016 Uniform Dispute Resolution Proceedings (UDRP) statistics.  http://www.wipo.int/pressroom/en/articles/2017/article_0003.html. The overall number of new cases increased by 10 percent over the previous year. WIPO indicates that this surge of new cases relates to the new generic Top-Level Domains (gTLDs) that have come online during the year.

Trademark owners filed 3,036 disputes involving a total of 5,374 domain names. It appears that .XYZ (321 domain names disputed), .TOP (153 domain names disputed) were the most common of the new GTLDs to be involved. That number still pales in comparison to the number of domain names disputed in the .COM (3135 domain names disputed), .NET (272 domain names disputed) and .ORG (129 domain names disputed).

The United States accounted for 895 cases being instituted with a corresponding 680 cases where a US entity was the Respondent. France came in second, with 466 cases being brought by a French entity. China took the honors of being the second most likely source of Respondents to actions, with 473 cases.

So, what does this mean? It appears that the original gTLD’s, in particular .COM is still the most contested (and sought after) domain address. That doesn’t appear to be going away anytime soon. It also means that with the increase of the new gTLD’s, trademark owners should consider monitoring their trademarks in the .XYZ and .TOP gTLDs in addition to the .COM gTLD. While it would be great to watch trademarks in all of the new domains, it can be financially prohibitive. Choose your battles, win the big wars.

Does your business run and maintain a website? Does it create or license website or other content? Does it run and implement software? If you’ve answered yes to these questions, but haven’t yet considered the importance of copyright to your business, here are 10 tips to ring in a safe and proactive 2017.

  1. The Digital Millennium Copyright Act (DMCA) imposes strict piracy “anti-circumvention” measures meant to protect copyright holders from copyright infringement on the internet. But because the DMCA captures an otherwise large swath of internet service providers who do not have control over what content is posted to or distributed from their websites, the DMCA has a “safe harbor” provision that protects service providers from incurring legal liability in copyright infringement actions. If you qualify for the DMCA Safe Harbor, you must register your company as a Designated Agent for Service of Process at the Copyright Office to benefit from the Safe Harbor protections. To learn more about the DMCA, read this recent white paper.
  1. Unsure how copyright applies to your business? Continue your own copyright education and task someone within your company to keep abreast of the latest developments in copyright protection and compliance.
  1. Develop a written copyright policy or copyright guidelines. Have the same copyright questions arisen again and again in your organization? Year end is an ideal time to compile nagging questions and prepare short practical answers. Circulate copyright Q&As to your colleagues or post them to your intranet site. Having a copyright knowledge database may help your organization better comply with copyright laws, and help you identify how you can improve or update your policies or guidelines.
  1. Do you create content that you distribute to the public? Your content may be a “work” that qualifies for copyright protection. Although copyright registration is voluntary in most countries, consider registering your works with your country’s copyright office. Rather than registering individual works, register a group or collection of works produced during the year to save time and registration fees. While the grant of copyright arises automatically, copyright registration is necessary if you plan to enforce your rights through legal action.
  1. Have you licensed content outside of your organization? Prepare a database of all content your organization has licensed. Whether it’s an image to use on a promotional brochure, or content from a large electronic database, include all content in a single searchable database that allows you to quickly and easily locate that content and determine what rights you have in it.
  1. Review your license agreements and create an “ultimate” list of protections and guarantees that your organization needs from its license agreements. Do you need remote access or the right to share a PDF file? Do you need to make print-outs, or post articles to your intranet? What about using portions of the database for internal education or external seminars? Use the list to set the parameters for your future license negotiations.
  1. Consider your 2017 budget for permissions, licenses and copyright training. Consult with subject matter experts in your organization to understand their needs and preferences. Prepare a budget and ensure you have the funds you need to meet your copyright management goals. Brainstorm how to get the copyright message to your colleagues and employees. Often, recurring lunches or coffee chats with a diverse group of internal stakeholders and speakers from photography, library services, web design or other professional disciplines with copyright expertise can help sensitize your office to important copyright issues without overburdening your team with cold policy documents or rote lectures.
  1. Review your agreements with consultants. Does your company expect to retain copyright ownership in consulting reports? Make sure that this is clearly stated in your agreement and, if necessary, provide for an assignment of rights to your organization. If consultants own their works, review the rights your organization retains in any consultant work. If you are a consultant, review and understand the rights you have in your work.
  1. Undergo an intellectual property (IP) audit. It’s important to know that the content and computer software you are using is legal and properly licensed. Also, an IP audit will identify the IP that you own. Armed with that knowledge, you can then learn how to market, license and/or profit from leveraging your IP.
  1. Set up a mechanism for monitoring the legal use of your own online content on an international basis. This can be as simple as regularly undertaking search engine searches. But you can also hire a professional who specializes in finding unauthorized uses of content. Piracy is not only the domain of the software and entertainment industries. You may be surprised to find that your individual or organization’s rights are being exploited, and that your works are being used and perhaps even sold without your permission.

Copyright is a value-add opportunity for every business, and the best benefits are obtained by acting proactively to ascertain ownership and keep the copyright assets in ready order for offensive or defensive play.

In Brief: The recent Second Circuit decision in EMI Christian Music, Inc. v. MP3tunes, LLC builds on BMG Rights Management et al v. Cox Communications, further emphasizing that courts expect online service providers and website platforms to develop and enforce robust infringement response policies — or else risk losing their safe harbor under the Digital Millennium Copyright Act (DMCA). EMI stands as an important notice to all online service providers, especially those with peer-to-peer sharing or user-generated content features, to be vigilant and thoughtful about addressing infringement.

Online service providers should not turn a blind eye to copyright infringement happening on their watch. Since the rise of peer-to-peer file sharing, Internet service providers (ISPs) and website platforms have become the front line for preventing copyright infringement.

Content sharing on the Internet sparked a new line of case law in the early 1990s, including the seminal Religious Technology Center v. Netcom On-Line Communication Services, Inc., 907 F. Supp. 1361 (N.D. Cal. 1995), wherein the court found that a large Internet access provider could be liable for the copyright infringement of its subscribers. A few years after the case, in 1998, Congress passed the DMCA as a means of regulating online service providers and giving them some safeguards.

As peer-to-peer sharing platforms began to gain popularity in the early 2000s, copyright holders could no longer easily pursue individual infringers and began looking for alternative ways to protect their interests. The DMCA proved to initially be a barrier because it has a safe harbor to shield online service providers from monetary liability when someone brings a copyright infringement claim, making recovery against online service providers difficult for copyright holders. But the safe harbor is not a free lunch — online service providers must meet a variety of criteria in order to remain eligible for its protections.

Copyright holders have taken hold of the safe harbor eligibility requirements as a litigation tool for recovering from ISPs and website platforms. In BMG Rights Management et al. v. Cox Communications, 2016 WL 4224964 (E.D. Va. Aug. 8, 2016), which has been appealed to the Fourth Circuit, the court began its opinion by setting the historical stage: “This lawsuit is the latest in a years-long initiative by copyright holders to enlist the courts in the effort to curb the rampant infringement made possible by peer-to-peer file sharing on the Internet.”

One major statutory requirement for safe harbor protection is that the service provider must have adopted and reasonably implemented an internal policy for terminating subscribers and users of its system or network who are repeat infringers. Courts have increasingly emphasized the importance of this statutory requirement. It has become a key battleground, forming the center of the disputes in two pivotal cases: BMG Rights Management et al. v. Cox Communications, 2016 WL 4224964 (E.D. Va. Aug. 8, 2016) and EMI Christian Music, Inc. v. MP3tunes, LLC, 2016 WL 6211836 (2d Cir. Oct. 25, 2016).

In BMG, the copyright holder went directly to the source — the ISP — as the party responsible for preventing copyright management and ensuring users do not abuse website platforms. The BMG court allowed this approach, putting the onus on ISPs to develop real programs to combat infringement. The work begun in BMG was amplified in EMI, wherein the court held that online service providers that passively allow website or service users to engage in copyright infringement and fail to develop real policies to prevent abuse run the risk of losing their DMCA safe harbor protections. The resounding message from this line of cases: If ISPs and website platforms want to maintain their DMCA safe harbor, they need to develop and enforce robust response mechanisms.

Repeated Infringement Policies and Safe Harbor: A Closer Look

The BMG case involved BMG, a music company, suing Cox Communications, an ISP, for users of Cox’s ISP engaging in illegal music sharing on their network. Cox claimed that it could rely on the DMCA safe harbor because it had a response system for addressing repeat infringers. The court described Cox’s system as “essentially a thirteen-strike policy” wherein a user would have to commit several violations in order to be terminated — and even then could be reactivated quickly. The jury sided with BMG, finding Cox liable for willful contributory infringement and awarding BMG $25 million in damages. Cox sought to have the court overturn the verdict, but the Court declined. Instead, the court found, among other things, that “there was sufficient evidence for a reasonable jury to hold Cox responsible for the infringement of BMG’s copyrights on its network. . . . Cox could not [ ] turn a blind eye to specific infringement occurring on its network.” The court acknowledged that exposing ISPs and other intermediary online service providers to exposure for their users’ behavior “raises the specter of undesirable consequences that may follow,” but the court hoped the BMG case “may provide the vehicle for consideration of those questions.” The BMG case certainly held open the door for other courts to consider what policies and practices ISPs and other online service providers must have in place against repeat infringers to keep their DMCA safe harbor intact.

In EMI, the Second Circuit took up this question with MP3tunes, a music storage site that allows users to upload and store songs obtained from elsewhere on the Internet. EMI brought an action against MP3tunes in the Southern District of New York, claiming that MP3tunes was lax in responding to repeat infringers. The District Court disagreed, but the Circuit Court overturned the District Court and held MP3tunes in violation. The Circuit Court issued two main holdings:

  1. The meaning of “repeat infringers” in the DMCA does not require that the infringers be willful. Someone can qualify as a repeat infringer even if they have no knowledge that their behavior is infringing another’s work. “[T]he legislative history of the DMCA indicates that a ‘repeat infringer’ does not need to know of the infringing nature of its online activities, or to upload rather than download content.” This puts more pressure on online service providers to take serious efforts to connect infringing activity to users, checking for patterns and notifying all users who infringe. MP3tunes failed to do this because it did not investigate those who downloaded content and did not attempt to monitor use patterns in a consistent way.
  1. The EMI Circuit Court turned to what triggers need to be present before the online service provider needs to act to keep its DMCA safe harbor. The DMCA does not obligate a service provider to actively monitor or act on only a “generalized awareness” of infringement. If a copyright owner wants to overcome a service provider’s DMCA safe harbor, the copyright owner needs to prove that the service provider had 1) actual knowledge or 2) an awareness of facts or circumstances making specific acts of infringement obvious. The Circuit Court, based on this rule, upheld the jury’s verdict due to MP3tunes’ apparent knowledge.

Following the EMI ruling, MP3tunes requested reconsideration under the argument that the EMI court had effectively eliminated the DMCA safe harbor. The Second Circuit recently declined to reconsider its decision.

The Bottom Line: Take Steps to Stop Repeat Infringers

The case law is still in flux, but what the BMG and EMI opinions demonstrate is an increasing judicial focus on ensuring that ISPs and online service providers take tangible measures to prevent repeat infringers — or risk jeopardizing their DMCA safe harbor.

Open Access is one of the publishing models that arose with the ease of internet distribution. Before the internet, publishing was governed largely by a scarcity or “closed” model of distribution. Since the internet, the distribution models fill a wide spectrum between “open” and “closed” models with many in between the two opposites. “Open Access” is a specific phrase relating to publishing, especially focusing in the scientific and medical research fields. Open Access removes price barriers (subscriptions, licensing fees, pay-per-view fees) and permission barriers (most copyright and licensing restrictions). The Open Access shorthand definition is “free availability and unrestricted use” — succinctly captures both elements. There is considerable disquiet in the research community about the extent to which monopoly prices are charged for material that many believe ought to be feely and widely accessible as it expedites research and reduces redundant research.

The Gates Foundation is on the brink of implementing an Open Access policy that is the purest in the world. Under the Gates Foundation policy, “information sharing and transparency is promoted by unrestricted access and reuse of all peer-reviewed published research funded, in whole or in part, by the foundation, including any underlying data sets.” The radical aspect of the Gates Foundation Open Access policy is that no embargoes, no waivers and no exceptions are allowed.

This is not a sudden policy implementation. Three years ago, the Gates Foundation announced and implemented a modified form of this policy. The date of rigorous implementation without embargoes, waivers or exceptions was explicitly detailed as taking effect on January 1, 2017.

With less than two weeks to go before January 1, 2017, the University of Michigan and the Gates Foundation published this op-ed piece discussing the goals and benefits of Open Access, entitled: “Let’s speed up science by embracing open access publishing.”

For ease of access, that op-ed piece is complete below, reprinted with permission of the authors.


Let’s speed up science by embracing open access publishing


By Richard Wilder and Melissa Levine
December 19, 2016

Six years ago, Harvard scientist Jay Bradner discovered something unusual. His laboratory had isolated a molecule in mice, named JQ1, that appeared to reverse the effects of a serious cancer. But what he did with JQ1 was even more unusual: Rather than submit the findings to a prestigious journal, Bradner openly distributed the structure of the molecule — free and reusable for anyone.

Bradner’s goal was to disseminate his lab’s finding as widely as possible to encourage and expedite collaborations. And although the original concept for JQ1 fell through, he and others ultimately succeeded on different fronts: JQ1 now has broad usage in treatments for HIV infection, heart disease, pancreatic cancer, and more.

Despite this success story, most scientific research today is not published openly — meaning freely, to everyone, without delay from the time of publication. Instead, it lives behind time embargoes and paywalls, costing as much as $35 per article to access. Even when scientific information is free to read, it is subject to copyright restrictions that prevent it from being recast quickly in new ways.

A growing movement for open access seeks to change this because limitations on the use of scientific discoveries hinder the efficiency of research, increase costs, and ultimately delay even impede scientific progress. The possibilities of open access could be transformative.

Open Peer Review

It’s time to overhaul the secretive peer review process.

If published research and data were freely accessible and reusable by researchers of diverse interests, urgently needed solutions could be greatly accelerated. Scientists could quickly cross-check important studies, catching potentially consequential mistakes. Medical providers could access the latest technical guidance, improving patient care. And students around the world could build on each other’s work. With openness, good ideas could truly come from anyone, anywhere.

Some early open access efforts — like the Human Genome Project, one of the world’s most ambitious programs undertaken to sequence the complete set of DNA in a human body — illustrate just how significant the impact of open access could be. The Human Genome Project shared each of the body’s three billion DNA letters freely and rapidly online, leading to the discovery of more than 1,800 disease genes and generating over $1 trillion in economic impact across a diversity of sectors, including health care, energy and agriculture. Critical to this was enabling all uses of the data by anyone for any purpose — academic or commercial.

This is the future envisioned by a growing number of institutions and universities that sponsor research and development. In the last few years, NASA, Research Councils UK, and Wellcome, as well as the Massachusetts Institute of Technology and the University of California system have all implemented open access policies.

The Bill & Melinda Gates Foundation will usher in 2017 by making all published research funded by its grants available on full open access terms. It will base its open access policy on a robust legal framework that supports full reuse rights — the Creative Commons Attribution-Only license, also known as CC BY.  This license, which is also applied to all materials authored by librarians and staff of the University of Michigan Library, lets anyone distribute and build upon a work’s underlying data as long as they credit the original creation.

CC BY facilitates processes such as text-mining, helping researchers understand patterns in large datasets. It also promotes innovation, unlocking the ability of people across sectors and geographies to build on one another’s work. Unlike its counterpart, the CC BY-NC license, CC BY permits commercial reuse, meaning it directly enables the kinds of public-private partnerships that are so essential to scientific innovation.

That’s why, in part, the Gates Foundation adopted it — because it permits the widest range of actors to do their best work on the widest set of problems.

To be clear: free and open reuse does not mean misuse. Under CC BY, researchers and publishers do not give up the value of their name. The license includes significant mechanisms to guard against academic misrepresentation, and protects the logos that journals use to brand their reprints and products.

CC BY is a growing license of choice among open publishers, including the Lancet and Cell Reports. It is the top choice for researchers. In 2015, the Nature Publishing Group reported that 96 percent of researchers publishing open access selected the CC BY license.

Changing the status quo is tough, but it is made possible when people come together to reconsider outdated assumptions and practices. With the support of researchers, publishers, and the academic community more broadly, legal frameworks like CC BY can expand the interconnected web of human knowledge and facilitate its use by everyone.

In a fast-changing world, making these adjustments will advance what’s best about the scientific process: the ability of humans to generate new and life-changing ideas by building on the work of the past in a world where sharing and using data in medicine, public health, and the environment is the norm rather than the exception.

Richard Wilder is the associate general counsel at the Bill & Melinda Gates Foundation. Melissa Levine is the lead copyright officer at University of Michigan Library and ex officio member of the library’s open access committee. (Reprinted with permission of the authors.)

Washington State Begins Beta Testing Its Pioneering Privacy Modeling App

Seattle — and by extension, Washington — has a purist attitude in its fusion of technology and life. All other states offer their employees manuals, a help line, and if well-funded, a legal department to answer questions about privacy. If employees are lucky enough to have access to legal advice, they may be able to submit a question, receive a response and finally execute on the advice within a few business days. That’s sad.

The Washington State Office of Privacy and Data Protection is leaving those other states eating Mt. Rainier dust. Through collaboration with policy makers, attorneys and tech gurus, Alex Alben, the Chief Privacy Officer in the state’s Office of the Chief Information Officer, has realized his stated goals of examining privacy policies across state agencies and strengthening protections for personal data. The newly launched Privacy Modeling application (PM App), an initiative of the Office of Privacy and Data Protection, provides links to relevant federal and state law regulating security of data collected from individuals. Users immediately receive answers regarding what must, may or never ever can be done with different types of personal data.

The PM App does not just spit out a canned response to inform the user that social security numbers should be protected. Instead, the PM App offers truly helpful analysis of relevant statutes for people who are on the frontline of protecting citizen data being processed by the government. For example, a clerk working in the licensing department may want to know whether the agency can sell information that identifies recently licensed, male aestheticians within a certain age range, who are veterans, who have worked for at least three employers, and who have received disability benefits. By running a query, the user will learn that data such as first and last names, employment addresses, gender and age can probably be sold, but data related to veteran status and disability status must be shielded from disclosure.


How the PM App Works

Users select the data points to be analyzed:

  • The sector served by the agency, such as banking, health and medical, or education;
  • Types of data that the agency handles to fulfill its mission, such as veteran records, audio recordings, and driver or professional license numbers; and
  • Whether the agency plans to sell or market the data, share it with third parties or use it to grant social benefits.

The PM App analyzes the selections and produces a Results Matrix that uses color-coding to identify statutes that apply to the data and whether the proposed use of each type of data is “No Specific Privacy Law Found,” “Allowed With Limitations” or “Forbidden,” with links to the texts of relevant laws. Users also receive information about the laws and policies excluded from the PM App analysis, the statutes that should be reviewed by an attorney and a reminder that data must be collected in a lawful manner.

The PM App is a giant leap forward for the owners of the data, the agencies and their employees.

Why the PM App Is Important and Revolutionary 

Government agencies that process data have bad reputations for being invasive and self-interested to the detriment of the individual. It’s no accident that the DMV is the portal to hell in a television and comic book series. Results of a search for “big brother” include words like, “scary,” “creepy” and “overbearing.”[1]  Government has been characterized as stripping away the humanity of its subjects[2] or mining them for data. The PM App is a rehab of sorts — it embodies the self-regulatory spirit adopted by many industry sectors in the U.S.

The PM App also signifies the state’s interest in protecting the data entrusted to it.  Let’s be clear: people generally have no option to withhold their personal information if they want to benefit from government services. The privilege of conducting business in some industries requires the provision of fingerprints, background checks and photographs.  Information about our professional licenses are regularly marketed.

Initiatives like the PM App reduce cynicism about having to turn over personal data in order to pursue a dream of becoming a pyrotechnic operator. Development of the PM App signifies the state is invested in protecting our data. If George Orwell is accurate, and I am no more than a collection of my data, I welcome this added layer of protection.

The PM App also has significance for the users. Subject to the express and implied limitations in the User Guide, the PM App immediately provides links to federal and state statutes, and an analysis of whether the proposed use of the data complies with those statutes, enabling users to gain significant familiarity with the statutes that would ordinarily be accessible only through legal counsel. Users who desire to delve deeper into the laws may review definitions, exemptions and penalties to contextualize the laws to their agencies and privacy policies.  Feedback from the testing is anticipated to reveal additional intangible benefits to performance accuracy and morale.

You Too, Can Have an Attorney in a Box





One of the most basic tasks that attorneys do is identify and analyze laws that are relevant to their clients. The PM App empowers employees who handle personal data by granting them access to laws that directly affect if, how and when data can be handled throughout its life cycle. In accordance with the requirements of the funding source, the PM App will be available through open access. The PM App Guide shows developers how they may tailor the PM App to their own uses. Caution: The PM Guide is great, but attorney advice is still very necessary when making tough calls about privacy issues.

Click here to access the PM App beta test. You can provide feedback or ask questions via an embedded link on the site. You can also gain additional information about the process of developing the PM App here.

Keep your eyes on the PM App, the Office of the Chief Information Officer, and trends in privacy. A conference focusing on data protection in the evolving digital environment is scheduled for early 2017 in Washington. Keep an eye on everything.

It’s when you look away that you are apt to get hurt.

[1] “Big Brother isn’t watching. He’s singing and dancing. He’s pulling rabbits out of a hat. Big Brother’s busy holding your attention every moment you’re awake. He’s making sure you’re always distracted. He’s making sure you’re fully absorbed.”
Chuck Palahniuk, Lullaby

[2] “Does Big Brother exist?”
“Of course he exists. The Party exists. Big Brother is the embodiment of the Party.”
“Does he exist in the same way as I exist?”
“You do not exist.”
George Orwell (1984)

In a World Intellectual Property Office (WIPO) domain name decision, WIPO has ordered the cancellation of 175 domain names that include the famous Range Rover, Land Rover and Jaguar trademarks. The domains were registered in the .au ccTLD by the Trustee for the Trivett Family Trust (Trivett). Representative samples of the domains include rangeroverservicecentre.com.au., jaguarhybrid.com.au and landrover.net.au. Jaguar Land Rover (JLR) submitted its complaint in August. The decision was rendered on October 10, 2016. The ownership of the Jaguar, Land Rover and Range Rover marks was not in dispute. Trivett submitted that the domains were acquired by Trivett for the purposes of developing a proposed “Maintain My” web platform that would connect consumers to a range of service providers, including manufacturers of both genuine and non-genuine automotive spare parts.

JLR submitted that the use of well-known trademarks together with geographic or descriptive terms creates a domain name that is confusingly similar to the well-known trademark. Furthermore, JLR did not license or permit Trivett to use the trademarks, nor was the proposed use of the trademarks tantamount to a bona fide offering of goods and services. Trivett relied upon the test set out in the Oki-Data Americas, Inc. v ASD decision that sets out four minimum factors used to help decide whether there was a bona fide use of the domain name. Those factors include:

  1. The respondent must actually be offering the goods or services (Trivett had said that it was going to use the names starting in 2017 as part of its “Maintain My” platform);
  2. Only genuine trademarked goods could be sold on the website;
  3. The site must accurately disclose the relationship between the registrant and the trademark owner, and may not falsely suggest that the registrant is the trademark owner or is an official site; and
  4. The respondent must not try to corner the market in all domain names (175!) depriving the trademark owner of its own use of the mark.

The WIPO panel discussed that the decision may have been different had Trivett been able to show development of its “Maintain My” mark and if they could show that they actually sold JLR vehicles and they had not registered 175 domains.

The result: Oki-Data is still a reasonable test for the bona fide intent. It just so happened that Trivett did not qualify for any of the prongs of the test.

A recent case out of the Second Circuit says “Yes. Third parties have standing to assert the defense that a copyright owner’s claim of ownership is erroneously based on Work Made for Hire (WMFH).”

Urbont v. Sony Music held that the defendant did have standing to challenge the validity of the WMFH ownership claim. Sony claimed that they owned music by virtue of WMFH; and Jack Urbont, defendant, challenged that WMFH status of ownership. This is noteworthy because it was Marvel, not Sony, who was the copyright claimant under a theory of WMFH.  The music at issue was the theme song to the movie “IronMan.” Marvel was an unrelated party to Sony at the time that the work was created.

The defendant rested its claim on the premise that Marvel had no employees who were composers; and that music does not qualify for WMFH  status under the nine categories of work.

The Second Circuit ruled that whether the work was indeed a WMFH was a relevant issue; and that defendants were entitled to raise the defense; and such a defense rested on facts that precluded summary judgment.

The opinion came down on July 29 of this year. Discussing it before now seemed premature as it wasn’t clear whether Sony was going to appeal. This week, Urbont is reported to be the prevailing party. Urbont v. Sony settled on confidential terms. There will be no further appeal.

Pro-tip take away:  An assignment would have solved the problem.  The nine narrow categories of WMFH applying to non-employees is increasingly being read narrowly.  “Audio-visual works” are covered in one of the nine categories, but not just audio alone (namely music). To refresh your recollection, the nine categories listed in Section 101 of Title 17 of the copyright statute are:

  1. A contribution to a collective work (like a piece for a magazine, anthology or encyclopedia);
  2. A part of a motion picture or other audiovisual work;
  3. A translation;
  4. A supplementary work (like a foreword, afterword, bibliography, appendix, index or editorial notes);
  5. A compilation (like an anthology, database or anything that qualifies as a “collective work” from category 1 above);
  6. An instructional text (generally, any text that could go in a textbook);
  7. A test;
  8. Answer material for a test; and
  9. An atlas.

And even if your work falls into one of these nine categories, the statute states that there must also be a written agreement stating that it’s a “Work Made For Hire.” To be safe, the agreement should be signed before the work is created and signed by both parties.

Urbont v. Sony Music Entertainment Inc., Second Circuit July 29, 2016,  15-1778

The Privacy Shield in a nutshell. 

pugThe Privacy Shield permits U.S. businesses to process and control the personal data of individuals, aka data subjects, located in the European Union (EU). Without the Privacy Shield, U.S. businesses risk losing hundreds of millions of dollars if they cannot transfer personal data from the EU — businesses that cannot establish offices in the EU or negotiate agreements with each of the EU member countries will forego commerce with EU companies and data subjects. The U.S. government has agreed to enforce the Privacy Shield against U.S. businesses on behalf of EU data subjects. The U.S. government necessarily has to execute its enforcement duties with diligence. You might say, U.S. government agencies must bite as bad as they bark.

Is certification the best option for your company?

EU privacy standards that protect the data of its citizens are much stricter than those of the U.S. The EU requires U.S. companies to comply with privacy principles that comprise the EU/U.S. Privacy Shield. The U.S. Department of Commerce (Commerce Department) oversees U.S. businesses’ applications and certifications under the Privacy Shield. Your company may decide to be certified under the Privacy Shield if your business is subject to the jurisdiction of the Federal Trade Commission (FTC) or Department of Transportation (DOT); and EU citizens access your website, they do business with you or you conduct business in an EU member country. Each circumstance must be analyzed on a case-by-case basis. Issues such as volume, whether you are a data controller or processor, and whether you have multinational affiliates have bearing on your analysis.

How does the Privacy Shield compare to the Safe Harbor?

The Privacy Shield is more stringent than the Safe Harbor; some privacy principles that were merely guidelines under Safe Harbor are now affirmative covenants under the Privacy Shield. The U.S. government also must meet a higher standard under the Privacy Shield. The EU obligates the FTC and DOT to investigate and enforce penalties against U.S. companies that violate the Privacy Shield Principles.

What is the cost of certification?

While certification under the Privacy Shield is voluntary, U.S. businesses that receive personal data transfers from the EU must meet the same requirements as U.S. businesses that are certified. The fees for certification are based on the business’ annual revenue: the minimum fee is $250 per year for up to $5 million in revenue, and the maximum fee is $2,500 per year for more than $500 million in revenue. U.S. companies that are required to resolve disputes by an EU Data Privacy Authority must pay additional fees.

The application process itself is no more complicated than most other business certification processes.  The “real” cost of becoming certified under the Privacy Shield will likely be in personnel resources, especially if the business is not already compliant with the Safe Harbor rules.  For example, the business must dedicate personnel to develop privacy policies, educate employees about the policies, monitor the actions of employees and third party data processors, and take action against parties who violate the policies. There are also costs associated with verifying that third party processors update their security and privacy policies in step with Privacy Shield requirements.  You can review a summary of the five basic steps U.S. businesses must take to apply for certification here. You can review the seven Privacy Shield Principles here.

Alternatives to self-certification under the Privacy Shield.

It may be more cost effective for a business with limited personnel to use a private company to assist with the certification process, establish compliant policies and procedures, and provide ongoing monitoring, auditing, education and advice. The Commerce Department maintains an ever-expanding list of companies that transfer data to U.S. companies from abroad in compliance with the Privacy Shield[1] and the Madrid Resolution, U.S./Swiss Safe Harbor or the privacy rules adopted by the Asia-Pacific Economic Cooperation EU, European Economic Area, Switzerland and Asia Pacific Economic Cooperation.  When evaluating private companies, you should pay close attention to which party to the agreement is liable for violations of the Privacy Shield and the extent to which the contract covers transfers of data to third parties.

Binding Corporate Rules (BCR), model contract clauses and unambiguous consent are also options that you may consider if self-certification is unfeasible for your business.  BCRs are available to multinational companies.  An affiliated company located in the EU may transfer personal data to its U.S. location subject to BCRs.  Model Contracts, drafted by the European Commission, require U.S. businesses to provide adequate levels of protection of the privacy of data subjects.  If you are a data processor, not a data controller, you may have the option of entering into a Direct Data Processing Agreement or adopt the Model Clauses for Processors to eliminate the negotiation of broader issues that apply to controllers, but not processors. If you receive data from a limited number of known EU data subjects, the most cost effective way for you to transfer their data to the U.S. would be to obtain from each of them clear, unambiguous statements that they freely permit the transfer of their personal data.

What are the possible repercussions of not complying with the Privacy Shield?

BearThe FTC can investigate alleged violations of the Privacy Shield, enter consent orders and findings of contempt, and impose administrative penalties. Currently, administrative penalties may be up to $40,000 per violation or per day, for continuing violations. Additional penalties against a business include the FTC’s removal of a company from the Privacy Shield list, resulting in liability under the False Statements Act if the company claims it is certified. Learn from the lessons of others — the FTC has issued record-breaking fines in the past two years, including a $1.3 billion fine issued in the past month. The data owners in the EU, the EU Commission and/or data privacy authority may also have private rights of action against a U.S. company that violates relevant rules.


The wrap-up:

  • Assess how your U.S. based business receives personal data from EU data subjects. Based on the volume, your relationship to the data owners, and whether you process or control the data, you may have to delegate an employee or contractor who is knowledgeable about data privacy and cybersecurity to monitor, update and enforce the policy and verify that the privacy notice meets all applicable state, federal and international rules.
  • Consult all aspects of your company organization to assess which option is best for you. Privacy is not a distinct division within your company. Verify that operations, human resources and enforcement of policies work in concert to maintain the standards of the Privacy Shield.

[1] See, the “Privacy Shield List” at https://www.privacyshield.gov/list.