U.S. Privacy Laws—Cloud Computing, Transparency, and the European Union—Are We Behind the Times?

At a roundtable discussion yesterday, June 21, 2010, an attorney and representative for the U.S. Federal Trade Commission descried the current patchwork of U.S. privacy laws.  Unlike our neighbors across the pond in the European Union, the U.S. approach to privacy protection is arguably lacking in terms of uniformity and effectiveness.

As I described in a previous blog, the U.S. Congress has yet to adopt a federal statutory scheme that would hopefully provide uniformity.  The FTC representative echoed the often-heard concern in privacy law circles that the U.S. law needs to adapt to new methods of business data transfer and record retention—in particular, cloud computing.  A popular buzzword at present, cloud computing promises to streamline a business’s data processing, record retention, and provide lightning-quick methods of collaboration in a business climate that is seeing a rapid increase in “telecommuting.”  At the same time, cloud computing also threatens to expose the personal information of a business’s consumers, customers, and/or website users.  Although security measures are available to help make cloud computing secure against intrusions into or inadvertent disclosures of personal information, the retention and transfer of such sensitive information in an online environment certainly raises the specter of increased risk to privacy breaches.

One of the major concerns of the FTC is to require notice and disclosure of privacy breaches.  The FTC and most consumers understand that data breaches are inevitable, whether data is stored in a brick-and-mortar building or in on the cloud.  The FTC wants to ensure, however, that whenever such a breach occurs, the consumer will be notified of the breach.  California already requires businesses to notify California residents of such breaches, but many other states do not.  The House of Representatives approved a bill to require such notification for all U.S. consumers, see http://bit.ly/dnmBUr, but it has yet to be approved by the Senate.

In contrast to the U.S., the European Union nearly 15 years ago promulgated a Data Protection Directive; see http://bit.ly/9e4eDt, which provides considerably more protection to its residents.  Although many consider this directive to be too onerous on businesses, it does address the notice or “transparency” issue as described above.  Beyond just reporting breaches into a consumer’s personal data, the Directive requires notice, and sometimes consent, every time “personal data” is “processed”—which means just about anything you can do with data: transfer, store, etc.  Furthermore, such data can be processed only if it meets certain criteria regarding business necessity.

As a U.S. business owner, the important thing to be aware of is that you will become subject to the data privacy laws of whatever jurisdiction in which your customers, clients, or website users reside.  For example, if you have customers who reside in Nevada or Massachusetts, and your business is based in California, you will have to comply with stricter privacy laws than you normally would in your home state.

More surprisingly, if you have operations in any country in the European Union or have personal data from an individual who resides in the European Union, the EU Directive could potentially apply to your business operations.  Most often, problems occur when such data is transferred “offshore” from the EU country into the U.S., because the EU does not consider U.S. law to be sufficiently protective of its residents.  That being said, the EU has certain, limited “safe harbor” exceptions so that U.S. businesses do not have to comply with all of the onerous provisions in the Directive.  See http://www.export.gov/safeharbor.

For more information on how what laws apply to your business and how to comply with them, you can contact our law firm at info@chicolawfirm.com.

Trademark Law Rights: What Does the Circled “R” Get You?

The basic legal right you have in your trademark is to prevent others from using the same or a confusingly similar mark to identify the source of their goods or services where this would cause confusion in the mind of consumers.  Acquiring trademark rights is relatively simple: all you must do is begin using your mark in commerce.  This makes sense because trademark law protects those marks that identify the source of the goods or services in the mind of consumers.  The mark must be used in commerce in order for consumers to be aware of it and to make the connection between the mark and your goods or services.

The first user of a mark is usually given priority of rights.  For instance, if you federally register your mark and your competitor did not, your competitor might still be able to sue you for trademark infringement if your competitor began using the mark first.  If, however, a foreign company is the first to use a mark exclusively outside the U.S., our trademark law will generally not give that company trademark rights over a later user of a similar mark in the U.S.

A) State Law

Trademark law consists of both state law (often comprised of “common law”) and federal law.  Under state law, use of a mark confers trademark rights.  These rights extend to the geographic area where the mark is used and where the reputation of the mark extends.  Some states extend the geographic reach of trademark protection under the “Zone of Expansion” doctrine, which recognizes that a business will likely enter into broader geographic areas in the future, and thereby presently extends trademark protection to such areas.

You can enforce your trademark rights using your state’s unfair competition laws.  These laws give you the right to sue for infringement (or “passing off”) or dilution.  Infringement occurs when a competitor uses a mark that will likely cause confusion in the mind of the consumers as to the source of the goods or services.  For example, if you began selling “Crestor” brand toothpaste, this would infringe on the trademark for “Crest” brand toothpaste because such a similar name would cause confusion in the minds of the consumers.

Dilution, on the other hand, takes on two forms: blurring and tarnishment.  For either form, a dilution action is only available for those marks that have become sufficiently “famous.”

Blurring occurs when a competitor’s mark weakens the association in the mind of the consumers between your mark and the source of your goods or services.  For example, if someone began selling “Viagra” brand tennis rackets, the association between “Viagra” and the little, blue pill would become weakened in the minds of the consumers.

Tarnishment occurs when a competitor’s mark creates a negative association in the minds of the consumers between your mark and the source of your goods or services.  For example, if someone began selling “Sony” brand personal enemas, a negative association would form in the minds of consumers regarding the mark “Sony.”

Based on the examples above, you can see that dilution usually occurs when the two products in question are very different.  The crucial thing to remember is that with dilution, consumers are not confused about the source of the goods or services, like with infringement.  For instance, consumers would not be confused into thinking that Pfizer started making “Viagra” brand tennis shoes.  Instead, the quick association of a famous mark with its product is attenuated.  Another difference between dilution and infringement is that a dilution claim usually requires proof of the actual impact on the mind of consumers; whereas, an infringement claim usually requires proof of mere likelihood of confusion.

B) Federal Law

Federal trademark law is codified in the Lanham Act at 15 USC §§ 1051–1128.  Much like state law, federal law gives you the right to prevent competitors from using your mark or a similar mark, so long as you can prove that their mark is likely to cause confusion in the mind of the consumers.  Because these cases turn on “likelihood of confusion,” federal case law has established several areas of inquiry that will aid a court’s analysis of this issue:

1) The similarity of marks;

2) The respective “channels of trade” of the parties;

3) The similarity of the goods or services;

4) The sophistication of the relevant consumers;

5) Evidence of actual confusion;

6) The alleged infringer’s intent; and

7) The strength of the plaintiff’s mark.

See AMF, Inc. v. Sleekcraft Boats, 599 F.2d 341 (9th Cir. 1979).

Like state law, federal law also gives trademark holders the right to pursue a dilution action.  See the Federal Trademark Dilution Revision Act at 15 USC § 1125(c).  A plaintiff in a federal dilution action must prove that 1) the plaintiff’s mark is “famous,” 2) the defendant used its mark in commerce after the plaintiff’s mark became famous, and 3) the defendant’s use of its mark has caused dilution by blurring or tarnishment.  Federal dilution protection extends only to “famous” marks, which makes sense because only well-known marks have the potential to be diluted in the mind of the consumers.  Federal law also provides an injunction remedy.

For more information on your state and federal trademark rights, please contact my law offices at info@chicolawfirm.com!