Emerging Issues In Advertising And Media
As a joint project of Kaye Scholer's Advertising, Marketing and Branding Group and its Entertainment and Media Group, we regularly publish updates on emerging legal issues relating to the advertising and media industries. In this edition, we discuss Veoh Network's attempt to obtain a declaratory judgment that its user-generated content web site was entitled to a safe harbor under the Digital Millennium Copyright Act ("DMCA"), eco-marketing and the FTC's review of its Green Guides, California's expansion of its data breach statute, and the FTC's proposed behavioral advertising privacy principles.
Veoh Case Summary
Veoh Networks, Inc. v. UMG Recordings, Inc., 2007 U.S. Dist. Lexis 84513 (S.D. Cal.) (Nov. 14, 2007)
Veoh Networks operates Internet video hosting services displaying user-generated content. Universal Music, without filing suit, accused Veoh of massively infringing its copyrights. Veoh turned to federal court, seeking a declaration of noninfringement. Veoh hoped to have the court declare that its DMCA reporting and take-down program was DMCA-compliant and that Veoh was therefore protected by the DMCA safe-harbor provisions.
On November 14, 2007, Judge Whelan of the Southern District of California dismissed Veoh's complaint, stating that it requested an advisory opinion, which federal courts may not provide. The court explained that Veoh did "not reference any specific copyright" and that the complaint did not allege facts showing an actual "case or controversy," as is constitutionally required for federal jurisdiction.
Veoh argued that it could not identify any specific Universal copyright in its complaint because "not knowing which copyrights are being infringed is essential to a declaration that their business meets the [DMCA] safe harbor requirements." The court disagreed, stating that under Perfect 10 v. CCBill, "actual knowledge" is not fatal to claiming a DMCA safe harbor because a provider having actual knowledge is protected "if it acts expeditiously to remove or disable access to the material."
The court also felt jurisdiction would be improper because issuing a declaration of non-infringement "would seemingly insulate Plaintiff's business model against all infringement claims, from every copyright holder, for all time."
Veoh's message is that an ISP cannot use the DMCA offensively and have a court anticipatorily assess its DMCA program in order to obtain a blanket declaration of non-infringement. Rather, a DMCA program may only be asserted defensively, in the context of an infringement lawsuit, at which point it will be too late to avoid liability by making changes to the program if it turns out to be noncompliant. Thus, it is critical that ISPs ensure compliance initially by seeking counsel's advice when devising their DMCA programs.
Eco-Markeing On The Rise And Under Review
A recent report by the National Marketing Institute estimated that the consumers who are influenced by environmental concerns represent over $230 billion in spending power. Many advertisers are touting themselves or their products as being environmentally friendly, and making claims that products or packaging have certain environmentally positive attributes or that they are involved in programs that reduce their impact on greenhouse gas emissions, such as through carbon offsets and use of or support of renewable energy. This has led the Federal Trade Commission ("FTC") to revisit its 1998 guidelines for environmental advertising claims, known as the Green Guides, earlier than originally scheduled, and to undertake a review of renewable energy and carbon offset claims, general "renewable" claims and environmentally "sustainable" claims.
On January 2, 2008, the FTC held a workshop concerning carbon-offset programs and renewable energy certificates, and the marketing of such programs. A number of additional workshops on a variety of eco-marketing issues are also being planned by the FTC. In addition, the FTC is taking public comments through February 11, 2008 on what it is and should be doing to regulate advertising and marketing that makes environmental claims. If you believe greater or lesser FTC regulation of eco-marketing is desirable, you should file comments with the agency before that deadline.
Pending the FTC review of these issues, both the current Green Guides and application of best practices in advertising and marketing generally provide guidance on how to work environmental claims that are not unfair or deceptive under the FTC Act into marketing campaigns. The following checklist is recommended as a starting point to avoid suspect green advertising claims:
1. Do you have valid substantiation for each express or implied claim made?
2. If claims are of a general nature and use new terms of art or use environmental symbols or images to convey green attributes, are they followed with a clear, conspicuous, accurate and verifiable explanation qualifying the basis of the claim?
3. If seals of approval or certifications are included, have you included an explanation of the basis of the award? Also, if the seal implies a third party has evaluated and certified the product, is it from a bona fide, independent and qualified third party?
4. If environmental symbols are used, can you substantiate the meaning reasonable customers would give to the symbol as well as the implied claim made by such use? The FTC calls for consumer research to form the basis for new symbols and provides specific guidance for the use of the "three chasing arrows" recycle symbol and the Society of Plastics Industry codes.
5. Have you specified the exact basis for the claim? Care should be taken in distinguishing between products, practices, packaging and components, as applicable.
6. Do the claims exaggerate or overstate attributes or benefits?
7. Are the claims made in a manner that would be understandable to the typical consumer?
8. Are comparative claims clear as to the basis of the comparison? For instance, if the packaging is said to have "50% more recycled content," explain what it is being compared to, such as "our previous package." This also applies to "source reduction" claims such as "50% less plastic."
9. If degradable, biodegradable, photodegradable, compostable, recyclable, recycled, ozone-safe, no CFCs or refillable claims are made, are they done so in a manner that is consistent with the FTC's current Green Guides? Note that the FTC finds "please recycle" on products or packaging to be deceptive if such item is incapable of being recycled by a substantial majority of the consumers where it is sold.
10. If carbon-offset, sustainability or renewable-energy claims are made, have you explained in a manner that a typical consumer would understand what exactly is meant by these claims? Keep in mind that the FTC has concerns that consumers may have misperceptions about the meaning of these types of statements and is currently examining the issue.
California Expands Data-Breach Notification Requirements To Include Medical And Health Insurance Information
Effective January 1, 2008, certain medical information and health insurance information are included in the type of personal information triggering notifications of unauthorized access in California. In 2003, California was the first state to enact breach-notification legislation. Since then, most other states have followed. These statutes help protect individuals from the effects of the misuse of their personal information by requiring state agencies and businesses aware of unauthorized access to such information to notify the affected individuals as soon as possible.
Most state breach-notification laws, including California's, define "personal information" as unencrypted, computerized information that includes the first name or first initial and last name of an individual in combination with the individual's (i) Social Security number, (ii) driver's license number, (iii) state identification number, or (iv) financial account, debit or credit card number in combination with any required security code, access code, or password that would permit access to an individual's account. California Governor Arnold Schwarzenegger signed AB 1298 on October 14, 2007, to add medical information and health insurance information to this list, expanding the types of "personal information" that would trigger a notice obligation in the event of a breach.
Under the amended version of the California breach-notification statute, "medical information" means "any information regarding an individual's medical history, mental or physical condition, or medical treatment or diagnosis by a health care professional." "Health insurance information" means "an individual's health insurance policy number or subscriber identification number, any unique identifier used by a health insurer to identify the individual, or any information in an individual's application and claims history, including any appeals records."
These changes are significant to employers with employees in California who maintain unencrypted medical and health insurance records for those employees, such as e-mail and scanned documents containing doctor's notes, Family & Medical Leave Act (FMLA) certification records, and health plan enrollment/claims information.
California's new breach-notification law is broader than the federal Health Insurance Portability and Accountability Act (HIPAA). HIPAA does not expressly require medical providers and health plans to notify patients of data breaches. Yet, under California's new law, these entities must now notify patients of any unauthorized data breaches involving their "protected health information," including the patients' medical and health insurance records.
FTC Proposes Online Behavioral Advertising Privacy Principles
The Federal Trade Commission has proposed principles to address consumer privacy concerns associated with online behaviorial advertising. On November 1 and 2, 2007, the FTC hosted a Town Hall entitled "eHavioral Advertising: Tracking, Targeting, and Technology," which focused on the privacy issues raised by behavioral advertising on the Internet. Behavioral advertising is the tracking of a consumer's activities online – including the searches the consumer has conducted, the Web pages visited, and the content viewed – in order to deliver advertising targeted to the individual consumer's interests. This attention has, unsurprisingly, led the FTC to propose a set of principles designed to "guide the development of self-regulation in this evolving area." The proposed principles call for industry to develop standards for:
1. Full and clear disclosure about behavioral advertising (e.g., "I use your data to sell advertisements.").
2. Consumer control over the use of behavioral advertising directed at them.
3. Obtaining affirmative express consent from Web surfers prior to utilizing any data for behavioral advertising purposes (e.g., "Can I use your data to advertise to you?").
4. Greater regulation of "sensitive" behavioral data.
5. Proper storage and retention policies regarding behavioral information.
Of course, behavioral advertising plays a big role in online advertising. Online advertising in turn drives free Web content and other benefits (i.e., free access to news reports) that can be enjoyed by all consumers. As such, the FTC is seeking comments from all interested parties, but especially advertisers and content providers, on the following topics:
What information should be considered "sensitive" and therefore subject
to greater regulation? For example, one concern raised by several
consumer protection groups is about the collection of medical Web-page
history, which may unintentionally expose parts of a person's life that
should be kept private.
2. Should the FTC ban collection of "sensitive" behavioral information?
3. What secondary uses of behavioral data are contemplated by companies currently using behavioral advertising? Should these uses merit heightened protection?
4. How can companies reduce their retention periods of behavioral data so that their legitimate business models don't suffer, yet consumers are not exposed to any undue risk?
The comment period on the proposed guidelines is open until February 22, 2008.
Both the International Association of Privacy Professionals (IAPP) and The Network Advertising Initiative (NAI) offer guides and/or training resources so that companies can maintain "best practices" in the area of online behavioral advertising. Practitioners interested in this area should review the NAI's Self-Regulatory Principles for Online Preference Marketing by Network Advertisers found at http://www.networkadvertising.org/networks/principles.asp.
Copyright ©2008 by Kaye Scholer LLP. All Rights Reserved. This publication is intended as a general guide only. It does not contain a general legal analysis or constitute an opinion of Kaye Scholer LLP or any member of the firm on the legal issues described. It is recommended that readers not rely on this general guide but that professional advice be sought in connection with individual matters. References herein to "Kaye Scholer LLP & Affiliates," "Kaye Scholer," "Kaye Scholer LLP," "the firm" and terms of similar import refer to Kaye Scholer LLP and its affiliates operating in various jurisdictions.