Jorge Contreras of Hale and Dorr on Online Liability
Diane Cabell, Berkman Center: Jorge and H&D represented IETF during formation of ICANN, among others. How we met. Were going to shift from voluntary to formalized, which could have global recognition. OK – if you’re going to make this a governing body, can you have democratic element or consumer voice built in? Activists were invited to Harvard for conference with parties. Geeks, Berkman, Clinton administration. Jorge hosted gathering which became Boston working group. Wanted to ensure that ICANN gov bylaws had way for users to input into policy. See bio. EECS degree from Rice, HLS, editor of JOLT, was on firing line during dotcom era. Opened Hale/Dorr’s first office in UK. Checklist for online engagement for company – what to watch out for.
Jorge Contreras: (handouts) What do you think about when someone says “I have a company and we’re going to do something online” – not going to talk about cases or theory in detail, but go through thought processes when this kind of client shows up. Refer to chart – grab bag of content types, things a company might want to do, some of the issues. There have been threats or cases related to these things. H&D does email alerts – compiled now in book, will be CD going forward. Can sign up for free. Want to develop business around website: legal notices, who designed it 0 have to have agreement with designers – they’ll want credit or attribution. Copyright/trademark notices on every page. In order to bring copyright lawsuit, you have to give notice. Have links on site to terms and conditions, privacy policy. Don’t want links to be so obscure that no one will find them. Needs to be as conspicuous as possible – still a chance that they will not be enforceable. After preliminaries: What content? Info about company, founders, what’s it doing, who are investors. Remember that any info on website – it’s avail to public, everyone will be deemed to have seen it. When you’re trying to sell stock, lots of carefully worded warranties, on the other hand you have broad language on website “wer’e going to be number one in three years, no risk, blar blar” – they’ll come back to haunt you. You can try to negate them but it will be difficult. Five times as bad if you’re going to go public. You’ll pay lawyers to review documents, look at outrageous claims.
DC: Different from other forms of marketing?
JC: The same, except that not everyone is deemed to know everything that’s in your product brochure. General marketing materials do not have investment information unlike website. Think twice about what you want up there. Be even more careful about what third-party blurbs you want to adopt for your website. Not as much the case for private/vc-backed companies. Public companies will get analyst reports, company will want to promote that. If you just hyperlink to the report, or use .pdf on your site, that will be attributed to you. Recent crackdowns – bullish on the market – having that type of commentary attributed to your company is very dangerous. Was an issue before the web came about – might send reports along with own annual report. Bad idea unless you want everything they say to be attributed to you.
Gail Altman, Clinical Student: If you just have it on your site, are they liable the same way as having a hyperlink?
JC: Linking makes you liable – if you just extract a quote (and they let you –they don’t like being quoted out of context) you’re less likely to be held to everything that’s in the report. It’s rare, from an analyst’s report, as opposed to say a news story. Almost any company who has a website wants it to give info about products/services – simplest website is “brochureware” – online clickable brochure for your company – have to take care that you’re not making promises that you can’t keep. IF you’re selling complex software for comm. Industry – representations of warranties again, those are supposed to be your exclusive warr. You could be undercutting your negotiated agreements on your site. Mistakes in your online ads – a number of cases. Typos, etc. – cases like this have been around for a century, since catalogs started. Is an ad an offer or an invitation to make an offer? Cases go both ways, usually don’t go to trial. Sears and Amazon don’t want the publicity problem. In most cases, merchants can get away with some level of mistake, if appeared to be honest and not deceitful. Something that happens a lot, though, and companies need to be careful. Comparative advertising – rules about mentioning competitors. In US, pretty flexible as long as you’re not being disparaging or saying something untruthful. Somewhat unique in that regard. Some European countries, just not allowed, particularly German – can’t have chart comparing with other products. Of course, online you can read US ads. German competitor could bring suit against you there – what’s the jurisdiction? Did you intend to advertise there? Whether or not you win, you waste time and money defending yourself. Partner/Customer information and testimonials – everyone wants to talk about big customers, have case studies, customer so pleased. Often the customer likes free adv. Some have strict rules about their names and logos. H&D has a consent letter, doesn’t use a logo unless permission is given. Number of large clients (inv banks and univ) who refuse to let anyone use name or logo in promotional materials. You can get sued, and sour the relationship. Even if you have permission, still want to be aware of confidentiality considerations – migh tbe ok to say HBS is our customer, or installed 25 of our routers – might not be OK to say how much they’ve paid for the work. In the deal with the customer, there will be a dividing line – what’s ok to tell the public and what’s not. Companies want the world to know they are players and cross the line. If you link to your customers – is hyperlinking ok without permission? Still people who would say not.
DC: Depends on the purpose of the links.
JC: A good idea, esp. sinc eyou’re dealing with a partner or customer, to get an agreement before hand. Could do mutual linking, cooperative relationship. Legally allowed or not, it’s good business practice. Rare that companies will think about this, but it’s important: Employee Photos. Companies like to have photos, but individuals have personality rights. Generally you can’t use photos for commercial purposes without permission, even if they are employees. Not an implied right of the company to use photo. Not considered part of your job desc. – even more protected in Europe. Can get a waiver to sign when they start, in conf agreement. Use actors instead – pay them, they look better, etc. Terminated employees – don’t want to have to make sure there are no photos left of them. Can lead to trouble, count in their termination lawsuit.
David Abrams, 2L: Even in a directory, is there a possibility of liability, stalker or something like that?
JC: I do not know of any cases, possible. Office number and photo: don’t think too many businesses give out more than that. Other than service firms. Most companies it’s hard to get to employee directory.
DA: Just a hypothetical – your online picture entices a stalker.
JC: News stories, etc. Getting permission does end – like a photo of a crowd. Some fuzzy lines – what’s a crowd?
GA: On web site, friend is featured – don’t know if she signed a waiver.
DC: main counsel would – local offices don’t usually call general counsel though. Don’t know whether ITS did that.
JJ Disini, Clinical Student: if someone took a picture right now and put it on a blog, would have to get release?
DC: states have different privacy issues, less here in MA than in say CA, for private indivs. Have to research whether we can do that.
JC: difference between news use and commercial use. If we did it to sell books, it’s different than if we report that meeting happened.
DC: If there were a precedent for stalking, and we knew that, it would be different. Student from outside US might have different rights. Harvard wouldn’t be immune from that.
JC: Biggest problem is in product brochures. Most concerned about commercial purposes. Content from outside company: real issue. You have to make sure your clients understand that just because something is publicly accessible on the web does not mean it is in the public domain. Huge difference. Can go to NYT web site for free and read their stories. Just because of that, doesn’t mean NYT has relinquished copyright. Same goes for any content on web. Except special cases when people have deliberately put it in public domain. Most commercial entities have not done that. Not ok to post other people’s stories, etc. into your own website. Same as copying stories from a magazine and publishing them in your own. Company annual reports are also copyrighted. Every work of authorship is a copyrighted work as soon as it is created. Something to think twice about. Lots of great business models rely on getting info from other sites without taking into account that the person who created that info will want money from you or try to stop you. Applies to images, music, etc. Lots of image banks – can purchase at low cost. Corollary to content is information. A lot of info avail on web is not “copyrighted” at least not in US. The actual news in a news story is not nec. Subject to copyright. Data, such as stock quotes. The weather. All of that is avail for free from a dozen different sites. You want to add a feature to your site, catch eyeballs, be a portal. This information – not a good idea to extract, even if avail for free, and use it on your commercial site. Spidering, scouring – there are theories about this being a trespass, violation of terms and conditions, potentially weak copyright in this information (in US – white page info vs. yellow page info). Don’t have a “sweat of the brow” copyright in US – just because you collected info doesn’t mean you have a copyright. Still being debated legislatively. In Europe they have sui generis database protection directive. If you assembled a million phone numbers, you’re entitled to some direction. It’s a bad idea to scour info from someone else’s website. Might even apply if info you’re getting is from a customer and they have consented. All of the information collected from other sites – you might not be allowed to extract info from another site even with a customer’s permission. Why do it without permission when it’s not that difficult to get permission? Oh, but we’re ready to go, we’re about to push the button to go live, wanted your final blessing but don’t want to spend the time to get permission. Do what you want to but it’s risky but don’t be surprised if you get a letter telling you to stop. Clients often don’t do what you advise them to do – thanks and see you next week but then they go do it anyway. As long as it’s not stealing money, etc – cross your fingers esp. when law is unclear.
DC: When we say “we don’t think you should do this” – they ask what’s the chance of that happening? What do you say?
JC: how much do your competitors hate you? How likely is it that anyone will know? People who have information are not stupid, so they have technical barriers.
DA: Deep linking
JC: yes, like ticket sales. Lots of times clients just don’t want to believe you. Lawyers can get in trouble for these judgment calls. Firm in CA got sued by MP3.com – they told them that they’d be OK, and of course they were the first victim of the RIAA. Lost millions of dollars, so investors sued law firm. Led them down wrong path. We don’t know what happened – assume it was settled. There is some risk in this kind of advice. You can’t stop them if they do something against your advice, but you send them a letter. Flip side: letting other people put stuff on your site that’s out of your control. Customer feedback – bulletin board or comment posting system where anyone can comment on your product. Rate this book, etc. When you get startedwith that you have to be careful – nothing to stop someone from writing some defamatory diatribe as their book review which then gets posted on Amazon – they actually have scanning systems. You have to make sure that you have an agreement with users in place at this point. Get standard representations from them that they are not being defamatory, obscene, infringing on someone’s IP. If someone doesn’t read agreement and doesn’t comply, and then posts something bad, there are a couple of ways a site operator is immunized against copyright infringement and defamation by third party. DMCA for copyright infringements – one of less objectionable provisions. Hasn’t been challenged much. Less controversial than other parts of act. Same for Communications Decency Act regarding tortuous statements. A couple of things you have to do – under DMCA, need copyright agent for service of notice. Have to take down potentially infringing material upon notification. Ebay is extremely quick to take down anything. Tougher call when you’re talking about customer feedback – don’t want a reputation for censorship. Often post on product-dedicated website. Policy matter as to whether they want to review and take down something other than the purely illegal. Customer registration – personal information about individuals, CC info, name and address, very valuable financial information. May ask for DOB, demographics, etc. If you collect this info, you have to be careful what you do with this information. EU has very strict laws about personally identifiable information. You have to be very careful with the transfer of this type of info. Even your own employees’ information. Unless you take a number of steps (register under safe harbor, other assurances that you’ll use data in right way), it becomes even more difficult with customer data. In Europe, regulate spam, not allowed to send unsolicited comm.. email to random people or even to your existing customers. You need to have some idea that they have opted in or indicated that they want to receive these emails. Sales: by the time you’re selling something, you have to have terms and conditions of sale. Have to worry about security (credit card numbers). Liability associated with that. States looking into this. CA just passed statute – if a company has reason to believe that data security is compromised, you have to notify all people who might be affected. Brand new law, not yet tested. Will be suits, other states looking into this. Lot of focus on privacy, less on security. People are beginning to get nervous – viruses, identity theft. Will be more security-related legislations. HIPAA, financial institutions. Not much else. Odds are that in next 2-3 years more states will put something into place. Taxation: Not a tax lawyer. I do know one thing – when you buy a book at a store, you pay sales tax in MA. When you buy online, you don’t pay sales tax. You are obligated to buy use tax, can file a return to pay this. Very rare that someone files – head of tax division wanted to talk with Dept. of Revenue – asked for a form to file, but few there had even heard of the form, never mind seen one filled out. Still unclear what needs to be done. Big & reputable companies, if they have a warehouse, they’ll charge sales tax. Common practice – no one pays anything if you don’t have a place of business in the state.
DC: Moratorium on taxes
JC: Funny thing about that – prevents imposition of NEW taxes on online commerce. Already due! No one is paying and no one is charging. Which vendor has to pay and which has to charge sales tax? A company operates site but isn’t a products company. Like Amazon – sells everything. Do not have all that stuff in their warehouses. Everyone is trying to push off that obligation. If you represent the portal, write the agreement so the other guy is responsible. One out of five is sophisticated enough to know that that’s an issue. In EU, passed an online VAT directive. Requires non-EU companies to charge VAT on sales made into the EU. Different in every country. You have to register in an EU country, then charge VAT at the rate of the country you’re registered in, not the home of the customer. Contests and Sweepstakes: Back in Internet heyday, no matter what they sold, everyone wanted to give something away. Whole set of law around that. In the US, state governments have a monopoly on conduct of lotteries. 3 Components: charge someone consideration to participate, give away prize that has value, selection has to be a matter of chance. Not legal. 100 years ago, took away consideration to enter – free to enter – that’s a sweepstakes. That’s legal. What’s consideration? Entering online could be consideration – ISP charge, computer, etc. Jury was out for a few years. All the contests, you can fill out a 3x5 card rather than purchasing. Courts held that purchasing a stamp wasn’t enough consideration to count. Can you get away without 3x5 cards? In Florida, atty general said that online registration was not consideration because you can do it at the library. You can also get away from lottery rule by contest of skill – get rid of random element. What is skill? Guess the jelly beans in the jar – that’s random. Quickness is random. Has to be judging of the entries by qualified person to not be random.