IP & the Internet Archives - Page 3 of 7

Copyright Registration for Short Online Literary Works

Posted on October 30, 2020August 23, 2021 by Gavin Law Offices

The Copyright Office recently implemented a new method of group registration for short online works that simplifies the registration process and provides a much more cost-effective path to protection. This development offers a great opportunity for bloggers and other authors that frequently publish online content, who may not have previously considered copyright protection due to effort and expense, to obtain protection for their works. The Group Registration for Short Online Literary Works (GRTX) allows authors to simultaneously register between two and fifty works.

To be eligible for the GRTX process, the relevant works must be:

Published for the first time online;
Between 50 and 17,500 words;
Published during the same 3-month period; and
Written or co-written by the same author or joint author.

The process is primarily for those who regularly publish content online, for example with social media posts, articles, and blogs. The protection conferred only applies to the text of the work, so the GRTX is not suitable for images, videos, audiobooks, or computer programs. Works made for hire are also not eligible for GRTX.

A major benefit of the GRTX is its ability to save copyright owner’s money. For a Copyright Office fee of only $65,[1] authors using the GRTX can register up to fifty works. Before the GRTX, clients would have spent more than $3,000 in government fees to register and protect the same volume of works in separate applications. The new filing also helps to accelerate the registration process for online content creators who would likely have spent much more time and effort on registering their many publications separately before the GRTX.

If you are interested in developing a copyright protection strategy for your creative works, please feel free to reach out to us for more information on the process and associated fees.

-Jamie Seibert

[1] Please note, this fee represents only the government filing fee at the Copyright Office, and not any associated legal fees if you hire an attorney to represent you in connection with strategizing and filing for copyright protection.

Navigating the Legal Landscape in Changing Times

Posted on May 21, 2020November 10, 2020 by Gavin Law Offices

Rina Van Orden sat down with Taylor Quinn from Filmspire to chat about how Gavin Law Offices assists clients in protecting their intellectual property and navigate the legal landscape during these changing times.

2020 Update: Data Privacy Laws in the United States

Posted on January 28, 2020November 10, 2020 by Gavin Law Offices

After the European Union passed the General Data Protection Regulation (“GDPR”) in 2016, the world watched to see whether the United States would adopt a similar data privacy law at the federal level. While U.S. lawmakers, the tech industry, and consumer advocates have been working towards a federal data privacy bill, Congress has yet to pass, or even seriously consider, such legislation. However, a federal law may finally be on the horizon – two data privacy bills have been introduced in the Senate, and a bi-partisan bill is currently being developed by a House committee. In honor of Data Privacy Day, celebrated internationally on January 28, we explore the current status of data privacy laws in the United States.

In the absence of a comprehensive federal law, numerous states across the U.S. have passed their own data privacy legislation, including, perhaps most notably, California. The California Consumer Privacy Act of 2018 (“CCPA”) became effective on January 1, 2020, creating new obligations for covered businesses regarding privacy notices and the handling of California consumers’ personal information. The CCPA only protects Californians’ personal information but may apply to companies that do business in California even if they are not physically located in the state. Businesses continue to scramble to understand and comply with the CCPA, which is only one of many state and industry-specific laws forming the current patchwork of data privacy laws in the U.S.

However, a federal solution may be on the horizon. In November 2019, two data privacy bills were introduced in the Senate – the Consumer Online Privacy Rights Act (COPRA) and the United States Consumer Data Privacy Act (CDPA). The bills share many similarities, including enforcement by the Federal Trade Commission, and would provide individuals with new rights regarding their personal information. However, COPRA (introduced by Sen. Maria Cantwell, D-Wash.) and the CDPA (introduced by Sen. Roger Wicker, R-Miss.) vary on some important points, leading many to wonder whether either bill could make it through Congress. For example, COPRA would preempt only state laws that expressly conflict with the Act, leaving state laws that provide additional protection to consumers intact, whereas the CDPA would preempt all state laws regarding data privacy (except for data breach notification provisions), including the CCPA. COPRA would also allow for an individual private right of action, similar to the CCPA, while the CDPA would not.

Additionally, the House Energy & Commerce Committee recently released an initial draft of a bi-partisan data privacy bill. Bi-partisan support will be critical for Congress to enact a federal data privacy law, but the initial House bill does little to reconcile the differences between the two introduced Senate bills. Further, while this federal legislation is pending, numerous states are actively considering data privacy bills themselves. Specifically, multiple states are in the process of considering data privacy legislation mirroring the CCPA. In other states, such as Virginia (where the Virginia Privacy Act was introduced earlier this month), representatives have pulled provisions from the CCPA as well as the GDPR to create a more tailored bill for their state legislature to consider. With many states in their legislative sessions and various federal bills pending, 2020 is already shaping up to be an exciting year for data privacy in the United States.

-Courtney Reigel, Esq.

Patchwork of State Privacy Laws

Posted on June 28, 2019October 16, 2019 by Gavin Law Offices

Earlier this year, we wrote about the European Union’s General Data Protection Regulation (GDPR) and how California was following suit by passing the California Consumer Privacy Act (CCPA). This law will come into effect on January 1, 2020.

The CCPA protects California residents by providing heightened privacy rights and consumer protection regarding the collection of their personal data online. While California residents are the protected class, businesses nationwide will be affected by the CCPA. Any company whose website is accessed by California residents is subject to the requirements of the CCPA. Potential damages for violation of the CCPA include statutory or actual damages, as well as fines for intentional and unintentional violations; therefore, it is imperative that businesses ensure their websites, privacy policies, and data collection procedures are compliant with the CCPA as soon as possible.

Additionally, a patchwork of states have started drafting and passing privacy laws in the CCPA’s wake. The infographic above shows which states are proposing and passing new legislation.

One of the two states that has officially passed a data privacy law is Nevada. Although only passed in May of this year, it will be effective a full three months earlier than the CCPA, October 1, 2019. This law appears narrower than the CCPA, as it specifically addresses a consumer’s right to opt out of the sale of their personal information, while the CCPA covers the whole gamut of an individual’s rights to data. Additionally, this bill does not include a private right of action, but rather relies on the Attorney General to enforce it. We are not at all shocked that Nevada would be one of the earliest adopters of additional privacy legislation, however. What happens in Vegas, stays in Vegas.

The other early actor is Maine, whose governor signed one of the strictest internet privacy protection bills into law just this month. Maine’s new privacy law, which goes into effect on July 1, 2020, will require internet service providers to seek consent from their consumers before selling or sharing their personal information with any third party. Critics have attacked this law on various grounds, arguing that the law conflicts with federal laws, the U.S. Constitution’s Interstate Commerce Clause, and even the right of free speech. Yikes. We’re interested to see how these challenges will play out in the courts.

Five additional states have proposed legislation. All of these proposed bills have pros and cons, but we will look into them in more depth as they progress.

New York has proposed a broadly worded bill regarding privacy that includes imposing an obligation on companies as a “data fiduciary” and allows for a private right of action. We expect such an aggressive bill to get some pushback, as a fiduciary duty is a very high obligation.
Maryland’s proposal incorporates the CCPA’s prohibition on discriminating against those who exercise their individual rights to data access or deletion (which was one of the big changes from the GDPR to the CCPA) and shares many characteristics with the CCPA. This bill does not allow for a private right of action.
Massachusetts’ proposed bill allows for a private right of action for consumers who have had their personal information “improperly collected.” It also prohibits discrimination where consumers have exercised their associated privacy rights.
Hawaii’s proposed legislation currently has no definition for “business,” which will hopefully be remedied before its passage. It also does not include a private right of action . . . or any penalties for violations.
New Mexico’s proposed bill includes many key individual rights addressed in the CCPA, such as the right to access and deletion of personal information.

Additionally, Mississippi, Washington, and Texas all attempted to pass legislation this year that addressed consumer privacy. While these bills did not make it through the legislatures, these states are participating in active discussions, which is just more inspiration for the remaining states.

A federal law may soon address this developing patchwork of state laws. As early as November 2018, various House and Senate Committees held hearings and drafted federal legislation regarding consumer data protection. We expect to hear more from Washington D.C. by August 2019, but again, we’ll keep you posted.

– Kat Gavin, Esq.

GDPR update: 1 Year Later

Posted on May 23, 2019October 16, 2019 by Gavin Law Offices

One of the most significant data privacy laws enacted, the European Union’s General Data Protection Regulation (GDPR), brought substantial changes for organizations which are located in the EU or process the personal data of individuals residing in the EU. In light of the one year “anniversary” of the GDPR, which came into force a year ago on May 25, 2018. Here is a short overview of the current global data privacy law climate and noted some upcoming changes and trends that may impact businesses internationally.

1) Europe – The General Data Protection Regulation (GDPR):

The GDPR was designed to harmonize data privacy laws across Europe and give greater rights to individuals residing in the EU in terms of their personal data. Last year, businesses around the world scrambled to comply with the GDPR, in part due to fines for non-compliance. While the expected fines have generally yet to materialize (the largest fine for violating the GDPR was issued by France’s regulatory agency against Google for 50 million Euros earlier this year), industry experts note that enforcement of the GDPR is just getting started. The process of investigating violations and issuing fines can take time, and many EU member states are reportedly struggling to staff their regulatory offices.
The GDPR requires certain businesses to appoint a data protection officer, a role new to many organizations, and includes data breach reporting guidelines. As a result, the International Association of Privacy Professionals (IAPP) reports that over 500,000 organizations have registered data privacy officers in the past year, shedding light on the rapid growth of the privacy profession due largely in part to the GDPR. Additionally, according to the European Data Protection Board, over 65,000 data breach notifications have been initiated by businesses as a result of the GDPR. Businesses generally appear to be using the GDPR’s framework to update their data privacy policies and procedures, and to be cooperating with regulators.
The GDPR launched a dialogue about data privacy laws around the world, causing countries such as Brazil, China, India, Japan, South Korea, Thailand, and Australia to pass or propose new legislation, or consider changes to existing laws, that would bring their privacy regulations into closer alignment with the GDPR.

2) The United States – The California Consumer Privacy Act (CCPA) & Other State Laws:

Currently, the United States has no federal data privacy law as large in scope as the GDPR, but rather a patchwork of state data privacy laws. Many businesses that were required to comply with the GDPR will also need to comply with the CCPA, California’s new data privacy law, which will come into effect on January 1, 2020.
- The CCPA applies to businesses that receive personal data from California residents and exceed one of these three thresholds: (1) annual gross revenues of $25 million; (2) obtains personal information of 50,000 or more California residents, households, or devices annually; or (3) makes 50% or more of its annual revenue from selling California residents’ personal information.
The CCPA is a broad privacy law that expands the definition of “personal information,” and grants additional rights and protections to California residents regarding the use of their personal information by covered businesses. California residents will be able to request that businesses provide them with information about how their individual personal information is being used, and may request that businesses stop selling their personal information.
Covered businesses should ensure that their websites and privacy policies are compliant with the new requirements of the CCPA. It is important to note that just because a business is GDPR compliant, does not mean it will be CCPA compliant.
Other states in the U.S. are considering legislation that closely mirrors the CCPA and the GDPR, showing a trend for laws which expand the privacy rights of consumers. Changes to the CCPA are still occurring – for example, a California bill that would have added a sweeping and unrestricted private right of action for any violation of the CCPA died in an appropriations committee earlier this month. Also, lobbyists across various industries have been asking Congress to pass a federal data privacy law, which would preempt the new law in California and other states that are trying to follow suit, stating that the patchwork of laws in the U.S. will be too difficult for businesses to follow.

Based on the above, we anticipate that new data privacy laws and changes to existing data privacy laws will continue to emerge. Frequently, countries’ motivation for passing or updating legislation is to enjoy the privileges of transferring personal information between themselves and the EU under the GDPR. While many believe the GDPR has not been enforced as zealously as they anticipated, the law has clearly impacted privacy laws on a global scale in its first year.

– Courtney Reigel, Esq.

Nationally Ranked, Award-Winning Intellectual Property Law Firm

804-784-4427

IP & the Internet