Domain Names Disputes and Delays at WIPO

Last month, attorney Courtney Reigel attended a webinar addressing ongoing delays at the World Intellectual Property Organization (WIPO).  Specifically, the webinar discussed the increase in the overall number of Uniform Domain-Name Dispute-Resolution Policy (UDRP) complaints WIPO has received since the beginning of the pandemic.

Domain name registrars such as GoDaddy are required to follow the UDRP. The UDRP establishes an expedited administrative process for resolving disputes involving the registration of internet domain names.  While other trademark-related legal matters must often be resolved through arbitration or litigation in federal court (which can be costly and time consuming), holders of trademark rights may file UDRP complaints with WIPO or another approved dispute resolution service provider to resolve issues involving abusive registrations of domain names (e.g., “cybersquatting”).  UDRP complaints generally offer an affordable, efficient, and straightforward option for us to resolve domain disputes for clients.

While UDRP complaints remain a useful tool for addressing domain name matters such as cybersquatting and “typo-squatting,” WIPO is currently experiencing delays in processing times for reviewing such complaints and issuing decisions.

Generally, the cause for the delay is the increase in overall number of UDRP complaints being filed with WIPO.  2020 was a record-breaking year for the number of domain name disputes filed with the organization.  However, this year is already on track to surpass 2020 in number of domain name disputes filed.  The increase in complaints is due to several factors, including the fact that there has generally been more internet activity as people shopped and worked from home during the pandemic. Additionally, the pandemic created new opportunities for cybersquatters to register and use domain names that contain a trademark plus the terms “coronavirus,” “covid,” or “vaccine,” for example.  The ICANN WHOIS service used to investigate registrant information for potentially infringing domain names no longer offers the same information it used to.  Due to privacy laws such as Europe’s General Data Protection Regulation, as well as the increase in number of privacy and proxy services registrants can use, registrant information (an individual or business’s name, address, and contact information) is no longer readily available.  In some instances, the only way for trademark holders to determine who is responsible for registering a domain that appears to infringe their intellectual property rights is to actually file a UDRP complaint and wait for the domain’s registrar to provide such information.  Further, the lack of registrant information makes it difficult to combine complaints involving several domain names that have the same registrant together into a single complaint (previously a common practice), which is also driving up the number of overall complaints.

Attorneys can help trademark holders monitor for potentially infringing domain names and enforce their rights, which often includes preparing and filing a UDRP complaint.  In light of the increase of bad actors online, such monitoring can be critical for preventing trademark dilution and avoiding the harm that can be caused by infringing domain names.  We can also draft complaints that clearly articulate trademark holders’ rights and address key issues to assist WIPO with reviewing complaints and issuing decisions as quickly as possible. The pandemic and changing laws compel a more strategic approach for handling domain name disputes, and we continue to monitor developments and are readily available to help clients with these matters.

Rina Van Orden, Esq. & Courtney Reigel, Esq.

Hidden Risks of the Side Hustle

If you’ve ever searched online for ways to make extra money, you’ve likely come across a multitude of “side-hustles.” The side hustle has become an increasingly trendy topic, especially with the recent changes in remote work. These ways of increasing your cashflow can be benign, but several popular avenues come with hidden risks.

Domain Name Marketplace

You may be thinking that it’s profitable to buy and sell domain names. That can be true! But you face risks in that process that you need to be aware of. Namely, if you are purchasing a domain name that is valuable specifically because it trades on the brand of a well-known company, you could be infringing someone’s trademark, violating anti-cybersquatting laws, and generally making a lot of people really angry.

Buying and selling domain names is also referred to as domain flipping. This is a side hustle because people can buy domain names from registrars such as GoDaddy and attempt to later resell them for a profit. Whether the flipper builds an actual website with the domain is up to them. “Domain parking” refers to flippers that do not build a site tied to the purchased domain(s). Another strategy is to invest in the site and increase traffic to make it more valuable. This practice can be lucrative – investing.com was sold for $2.45 million in 2012. But like most headline grabbing stories, it’s not as safe or simple as it sounds.

One of the major risks with purchasing domains is the potential to infringe on someone’s protected intellectual property. Even with research, you could purchase a domain name that is too similar to an existing brand and wind up paying the price. It’s a good idea to consult a lawyer to make sure a domain name doesn’t gain value from an existing source.

Finally, domain flippers must be aware of the dangers of cybersquatting. Although cybersquatting as a practice is often intentional, even unintending flippers can violate anti-cybersquatting policy. The Anticybersquatting Consumer Protection Act covers a range of domain buying and selling practices that could get side hustlers in real trouble.

Options for Trademark Owners

Cybersquatters – and potentially unknowing flippers – commonly obtain exact or confusingly similar domain names to protected marks. Since infringement is so frequent, it’s important to monitor your protected property. An experienced legal team can build the best strategy for your situation and help you keep an eye on the marketplace.

Trademark owners worried about potential infringers or cybersquatters have options. There are different types of actions mark owners can take if they find out a domain registrant is making money off of the owner’s mark. The general first course of action is to send a cease-and-desist letter. This addresses trademark ownership, how the domain name is infringing and causing damage, and your willingness to take the appropriate legal action if the infringement does not stop. If no action results from a cease-and-desist letter, you may wish to involve an attorney who can guide you and implement the correct course of action to stop the infringement.

Side Hustle Risk: Creative Infringement

People can make a lot of money selling and designing creative t-shirts, but you are better safe than sorry when it comes to designing shirts that are valuable because someone else has created the content it is based on. Using online platforms such as Etsy or Instagram means that your activity is subject to federal regulation. Goods that use characters, slogans, or even inspiration from protected works risk both trademark and copyright infringement.

Using the content of businesses commercially without express permission or license is trademark infringement. A common example is personalized goods with college or university logos. These are protected intellectual property so commercial use on your t-shirts without permission is infringement. Another example is fan gear for professional sports teams. A quick search of these online marketplaces shows plenty of stores using infringing material which might make you feel safe. However, just because other stores are selling these doesn’t mean it’s legal. Or the the trademark owner won’t shut that store down. The risk of infringement outweighs any potential gain from unauthorized use.

This type of side hustle also risks copyright infringement. T-shirts with popular tv characters or quotes from a new bestselling movie may fly off your shelves, but remember: their value comes from someone else’s work. And federal copyright infringement claims come with a hefty price tag.

Another common mistake is using pictures from Google. Without checking the source, it’s highly likely that you do not have permission to use that property commercially. No matter what good you’re interested in creating and selling, make sure it’s your original design. If what you’re selling gains value from established content – and you don’t have permission to use it – think twice. Like trademark infringement, copyright infringement can lead you into a mess of legal trouble.

To sell or not to sell

The public domain refers to a collection of works without exclusive intellectual property rights. For instance, the works of William Shakespeare are in the public domain. This means that if someone wanted to do a theater reenactment of Shakespeare’s work, they wouldn’t have to have a license or permission to do so unlike a copyright protected work.

Another type of side hustle involves publishing work from the public domain. There’s always a demand for classics such as Little Women, Treasure Island, or The Great Gatsby, which entered the public domain as of January 1, 2021. Entrepreneurial side hustlers have filled this demand by turning these public domain works into e-books on platforms such as Amazon Kindle. Due to the lack of copyright protection of works in the public domain, infringement can disappear if you are using or inspired by works in the public domain. There are enterprises which have successfully used this hustle – such as the man who sold 64,000 Anne of Green Gables e-books.

However, if you’re thinking this is the new trick for you, don’t dive in too fast. Calculation of the time a copyright is active can be complicated. One version of a work may be in the public domain, but another is not.  It’s important to err on the side of caution and contact a lawyer to be safe if you feel conflicted. No matter what side hustle you’re thinking of pursuing, always do your research and be aware of the hidden risks. If you’re a trademark or copyright owner worried about potential infringers, remember you have options.

(This is not intended as legal advice. Contact a lawyer for assistance in your particular situation.)

Kat Gavin, Esq.

IP Strategies for Your Online Business

Transitioning into an online business may feel daunting. From operations to technology, there are so many potentially new processes. Business owners currently operating online can also benefit from a review of their operations and how they can best protect their work. Don’t let your intellectual property strategy hinder your success! Here are five perspectives of what you need to consider when engaging online:

Advertising and Marketing 

  1. Marketing your product or service is an integral part of any business, especially when operating online. Creating an advertising strategy that abides by legal guidelines may sound confusing but there are a few easy tips.
  2. Firstly, make sure that all claims are truthful and substantiated. If you’re selling socks, don’t say that they can fix a broken bone.
  3. Don’t forget that this also applies to social media. Not only you and/or your business, but anyone you may work with such as content influencers, with must adhere to these rules.

Trademarks

  1. Select a strong name and/or logo for your business. What is a strong name? A good rule of thumb is, if it describes what you’re selling, it’s probably not distinct enough.
  2. Make sure you take steps to decrease the likelihood of infringement. Before committing to a name to use commercially, consult with a legal team to search existing marks and assess potential risks.
  3. Will you conduct business in multiple countries? Keep up to date with individual country’s trademark requirements so you understand how to file.
  4. Lastly, make sure to review your contracts to be aware of which rights you have and which rights you are granting. You cannot grant any rights that you don’t have! If you need help deciphering a contract, reach out.

Copyright

  1. Is there content that you use on your website, social media, or mobile apps? Make sure you know whether you can use media like music, text, photos, art, video, or other content in various ways- personally, commercially, within whatever geographic restrictions. Additionally, follow “proper credit and/or attribution” requirements for the content.
  2. Are third-parties able to post content on your website? You may want to limit your liability against their potential copyright infringement by taking advantage of the Digital Millennium Copyright Act (DMCA)’s Safe Harbor. Let us know if you need help navigating these requirements.
  3. Is there a person whose name, likeness, or image you are using in connection with your business? There are right of publicity laws that you must follow as well as applicable state laws.
  4. An online entrepreneurs’ website is like their online storefront. Do you have a clear agreement with your website or software developer? Make sure any other tools created for the operation of your business, like mobile apps, are included in your strategy. A well-written contract is a good way to take preventative measures before the work is done to avoid later infringement or theft.

Privacy and Other Legal Considerations

  1. Be in the know when it comes to changing data privacy and internet laws. Specific state laws may apply to your business even if you are not physically located there.
  2. The California Consumer Privacy Act (CCPA) and Californica Public Records Act (CPRA) grants California residents greater control over their personal data and how businesses use that information. If you want to prepare your businesses for CPRA compliance, start by reviewing how your company collects data, and then contact a professional about how to make sure everything is above board and complies with the new laws.
  3. Virginia recently passed similar legislation known as the Consumer Data Privacy Act (CDPA). There are some differences compared to California’s legislation such as which businesses apply to the regulations.
  4. Finally, set up your online presence to comply with other regulations such as the Americans with Disability Act (ADA). For example, make online offerings available to those with disabilities. Other important legislation includes the Children’s Online Privacy Protection Act (COPPA) and the Communications Decency Act (CDA).

Protection Strategies

  1. Last but certainly not least, educate yourself and pursue all routes to protect your content.
  2. Seeking registration with the Copyright Office and/or the USPTO is a great first step in protecting your business and intellectual property.
  3. Another strategy which helps to prevent improper use is to include notices on your website, social media, and /or mobile applications.
  4. If you are concerned about improper use, explore all monitoring tools and consult with your legal team.

Whether you already conduct business online or not, the internet is here to stay. It’s become an invaluable economic resource, especially with the need for remote options in the past year. As such a fast and accessible way to work, make sure you take into account all your legal and commercial options as an intellectual property owner.

(This is not intended as legal advice. Contact a lawyer for assistance in your particular situation.)

Virginia Becomes 2nd State to Pass Comprehensive Data Privacy Law

On March 2nd, Governor Ralph Northam signed into law the Consumer Data Protection Act (“CDPA”), making Virginia the second state to enact comprehensive data privacy legislation.  The new law, which will go into effect on January 1, 2023, combines concepts from the California Consumer Privacy Act (“CCPA”) and California Privacy Rights Act (“CPRA”), as well as Europe’s General Data Protection Regulation (“GDPR”).  The CDPA grants numerous rights to residents of the Commonwealth to provide them with greater control over their personal data, and places new obligations upon covered businesses.  Specifically, the law gives Virginia residents (“consumers”) the right to access, correct, delete, and obtain a copy of their personal data, as well as the right to opt out of the sale or processing of their personal data by covered businesses for purposes of “targeted advertising.”[1]  The CDPA broadly defines “personal data” as “any information that is linked or reasonably linkable to an identified or identifiable natural person,” and excludes de-identified data or publicly available information.  Virginia’s new law also creates a special sub-category for “sensitive data” that includes: “(1) personal data revealing racial or ethnic origin, religious beliefs, mental or physical health diagnosis, sexual orientation, or citizenship or immigration status; (2) the processing of genetic or biometric data for the purpose of uniquely identifying a natural person; (3) the personal data collected from a known child; or (4) precise geolocation data.”

Who is Covered?

The CDPA applies to businesses, whether physically located in Virginia or not, that conduct business in or target residents of the Commonwealth, and that either: (1) control or process the personal data of at least 100,000 consumers, or (2) derive over 50 percent of their gross revenue from the sale of personal data and control or process the personal data of at least 25,000 consumers.  In addition to excluding small business from its scope, Virginia’s law includes several other exemptions and provisions making it generally more business-friendly than Europe’s and California’s laws.   For example, the CDPA excludes non-profit organizations and institutions of higher education, as well as businesses that meet the above thresholds but are already subject to federal privacy laws such as the Gramm-Leach-Bliley Act and HIPPA.[2]  The law also defines “consumer” as “a natural person who is a resident of the Commonwealth acting only in an individual or household context. It does not include a natural person acting in a commercial or employment context.”  While California passed temporary business-to-business (“B2B”) and employment-related exemptions to lessen the burden of businesses’ compliance with the CCPA, the Virginia law considers and includes built-in exceptions for these types of personal data.

Requirements for Covered Businesses

Businesses subject to the provisions of the CDPA will need to develop processes to allow consumers to exercise the above-mentioned rights.  Covered businesses should also prepare to comply with the following obligations under the new law:

  1. The requirement that covered businesses provide a reasonably accessible, clear, and meaningful privacy notice (often referred to as a “privacy policy”) that includes specific information as outlined by the law.
  2. The requirement that covered businesses considered “controllers” put contracts in place with third party “processors” of personal data containing specific provisions related to the handling of consumers’ personal data.[3] Thus, businesses subject to the CDPA should adopt standard contractual language to include in any agreements with vendors that will touch personal data.
  3. The requirement that covered businesses limit the collection of personal data to what is “adequate, relevant, and reasonably necessary in relation to the purposes for which such data is processed, as disclosed to the consumer,” and that such businesses “establish, implement, and maintain reasonable administrative, technical, and physical data security practices to protect the confidentiality, integrity, and accessibility of personal data.”[4]
  4. The requirement that covered businesses conduct and document a formal “data protection assessment.” The assessment must include specific information related to businesses’ processing of personal data.  The Office of Attorney General may request a copy of a business’s data protection assessment under its investigative authority (which, for example, is likely to occur during its investigation into a covered business’s data breach).
  5. The requirement that covered businesses obtain affirmative consent from consumers before collecting and using “sensitive data.” Because affirmative consent is not currently required under California’s data privacy laws, many covered businesses will likely need to consider how they will obtain such consent and if/why they are processing sensitive data, specifically.

Enforcement

The CDPA will be enforced by Virginia’s Office of the Attorney General, which will have investigative authority and may seek injunctions and/or impose civil penalties of up to $7,500 per infraction for covered businesses that violate the law.  Any penalties and fees collected will go into a “Consumer Privacy Fund” used to support the work of the Office of the Attorney General to enforce the provisions of the CDPA.  Like the CCPA, Virginia’s new law also provides for a 30-day cure period for violations.  However, quite notably and unlike the CCPA, the CDPA does not include any private right of action.  Further, while the Virginia law does not contain language regarding rulemaking authority or procedures, it creates a “work group” to review the CDPA and issues related to its implementation.[5]  The work group’s findings, best practices, and recommendations regarding the implementation of the CDPA shall be submitted to the Chairmen of the Senate Committee on General Laws and Technology and the House Committee on Communications, Technology and Innovation no later than November 1, 2021.

Generally, the CDPA avoids several areas of uncertainty that lawmakers and California’s Attorney General, as well as covered businesses seeking to comply, encountered during the rollout of the CCPA.  Thus, Virginia’s law may provide a clearer model for consumers and businesses to follow, as well as for other states and possibly the federal government when developing their own data privacy legislation.  Gavin Law Offices, PLC will continue to monitor updates regarding the CDPA and other U.S. data privacy laws.

(This blog post is not intended as legal advice.  Please contact us for more information and assistance regarding your particular situation.)

[1] “Targeted advertising” means displaying advertisements to a consumer where the advertisement is selected based on personal data obtained from that consumer’s activities over time and across nonaffiliated websites or online applications to predict such consumer’s preferences or interests.  “Targeted advertising” does not include: (1) Advertisements based on activities within a controller’s own websites or online applications; (2) Advertisements based on the context of a consumer’s current search query, visit to a website, or online application; (3) Advertisements directed to a consumer in response to the consumer’s request for information or feedback; or (4) Processing personal data processed solely for measuring or reporting advertising performance, reach, or frequency.

[2] This language is considerably more favorable for businesses than a similar exception under the CCPA, which applies to only “personal information” collected, processed, sold, or disclosed pursuant to a specified federal law such as GLBA or HIPPA, and does not exclude the entity as a whole like the new Virginia law.

[3] Under the CDPA, “controller” means the natural or legal person that, alone or jointly with others, determines the purpose and means of processing personal data.  Meanwhile, “processor” means a natural or legal entity that processes personal data on behalf of a controller.  Both terms will be familiar to those acquainted with data privacy legislation, as they are borrowed from the GDPR.

[4] This “reasonable” safeguard standard is also included in the CCPA/CPRA and the GDPR.  The CDPA also includes language that “such data security practices shall be appropriate to the volume and nature of the personal data at issue.”  Thus, like existing data privacy law, Virginia’s will allow businesses to determine their own “reasonable” security practices and does not obligate covered businesses to put in place any specific data security measures.

[5] Specifically, the “Chairman of the Joint Commission on Technology and Science shall create a work group composed of the Secretary of Commerce and Trade, the Secretary of Administration, the Attorney General, the Chairman of the Senate Committee on Transportation, representatives of businesses who control or process personal data of at least 100,000 persons, and consumer rights advocates.”  Interestingly, this does not include representatives of businesses who derive over 50 percent of their gross revenue from the sale of personal data and control or process the personal data of at least 25,000 consumers.

 

–  Courtney Reigel, Esq.

2021 JOLT Symposium: Emerging Technology in Law

Rina Van Orden recently attended the University of Richmond’s Journal of Law & Technology Spring Symposium. The event focused on “Emerging Technology in Lawand included topics such as artificial intelligence, blockchain, and bridging the access gap.

One panel covered “The Future of Law Post-Pandemic” presented by Sharon Nelson and John Simek. Nelson and Simek covered the many ways that the past year has changed the ways we work. Legal considerations for modifying operations represent their own opportunities for creative solutions. Web-based solutions like electronic signature and document services have helped maintain integral professional processes. Similarly, telecommunicating services provide safe ways to consult with coworkers and clients.

The event concluded with an engaging panel focused on Women in Technology Law. A highlight of the event, this topic was particularly relevant to our firm. The panel included attorneys, educators, and other professionals who were able to give perspective on what it’s like to be a woman in this field and ways to increase future technology law opportunities.

We want to thank the Journal of Law & Technology for a wonderful program. As the legal industry grows and adapts, we continue to stay informed of the ways to better serve you.