United States Country Report

Topic:	Bankrupt online toy retailer and its customer database
Who:	Toysmart.com
Where:	U.S. Bankruptcy Court for the District of Massachusetts, Eastern Division
When:	February 2001
What happened:	As Toysmart.com began its bankruptcy proceedings, the failed company offered to auction its customer database. The FTC filed a complaint against Toysmart.com alleging that the proposed sale of the bankrupt toy seller's customer database would violate federal law as well as Toysmart.com's express privacy policy which stated that Toysmart.com would never share customers' personal information with any third party. Attorneys General of almost every state and privacy activists filed objections as well. A consent agreement with the FTC settled allegations regarding Toysmart.com's misrepresentation to consumers to never share personal information with third parties. However, in August 2000, the bankruptcy court rejected the consent agreement, holding that Toysmart.com could sell its most valuable asset, its customer database, as a separate asset to a prospective purchaser. In January 2001, the court then approved Toysmart.com's plan to sell the database for $50,000 to Buena Vista Internet Group, a subsidiary of Walt Disney Co., which owns 60% of Toysmart.com. Disney then destroyed the customer database, thus satisfying bankruptcy law and the consumers' promised privacy.
Comments:	This case demonstrates that companies are required to uphold the promises in their privacy policies even after they are no longer in business. Thus, companies should review their privacy policies to ensure current and future compliance.
Case Report:	In re DoubleClick Inc. Privacy Litigation
Topic:	Online profiling and the right of privacy
Where:	United States District Court, District of New York
When:	28 March 2001
What happened:	DoubleClick, the largest supplier of Internet advertising services in the world, collects, compiles and analyzes information about Internet users in order to target online advertising. When users visit a Web site affiliated with DoubleClick, a "cookie" is placed on their hard drives. Cookies, which are invisible to users, store personally identifiable information, such as usernames, passwords and preferences. Plaintiffs filed a class action lawsuit against DoubleClick, which alleged that the placement of cookies on hard drives violated federal privacy and anti-hacking laws. Plaintiff's complaint alleged violations of the Electronic Communications Privacy Act ("ECPA"), the Federal Wiretap Act, and the Computer Fraud and Abuse Act ("CFAA"). The court held that DoubleClick did not violate the ECPA because the affiliated Web sites authorized DoubleClick to access plaintiff's communications. Alternatively, the court found that because cookies are never actually in "electronic storage", the ECPA can not protect these communications. The court found that the Wiretap Act was not violated because the affiliated Web sites are deemed "parties" to plaintiffs' communications and, therefore, the affiliated Web sites consented to DoubleClick's interceptions. The court also held that the plaintiffs failed to prove that DoubleClick intercepted plaintiffs' communications for a "criminal or tortious" purpose. The court found that the CFAA was not violated because plaintiffs did not allege facts to support a finding that their injuries met the statutory minimum threshold for damages. The court ultimately determined that online profiling does not constitute an actionable offense under federal law. Because the district court dismissed the federal claims, the court rejected supplemental jurisdiction over plaintiffs' state law claims.
Comments:	This is the first decision in which a court has interpreted these three laws with regard to online advertising. In the past year and a half, class action suits have been filed across the country against Internet companies for alleged privacy violations. This court's ruling is, therefore, a victory for the online advertising industry.
Case Report:	On Davis v. The GAP, Inc., 246 F.3d 152 (2001)
Topic:	Copyright Infringement and Damages
Where:	The United States Court of Appeals, Second Circuit
When:	3 April 2001
What happened:	The GAP, an international retailer of clothing and accessories, published a print advertisement, which consisted of seven people standing in a "V" wearing The GAP clothing. The center model wore his own sunglasses, which were designed and manufactured by On Davis. The GAP did not get permission from On Davis to use the sunglasses in its advertisement. The district court granted summary judgment to The GAP, dismissing plaintiff's claim of copyright infringement on the grounds that registration of the copyright was not timely, actual damages were too speculative, and the Copyright Act does not allow recovery of punitive damages. The United States Court of Appeals affirmed in part and vacated in part, and remanded the case to the district court. The Court of Appeals affirmed the lower court's holding that no statutory damages were allowed because plaintiff did not register his copyright on time. The court held that plaintiff need not show any monetary loss in order to grant a declaratory judgment of copyright infringement. The court also held that actual damages were not too speculative to ascertain because a percentage of the fair market value for a license to use plaintiff's design in the advertisement was an appropriate valuation of damages. The court determined that actual damages should not be calculated based on a percentage of The GAP's estimated revenues resulting from this print ad, because that would be too speculative to calculate. The case was remanded to determine whether plaintiff is in fact entitled to damages from the loss of this licensing fee.
Comments:	The court made it clear that the copyright holder need not be damaged by the use of his art in the advertisement in order to secure relief. The copyright holder may be entitled to the fair market value of the licensing fee the advertiser would have been required to pay for such use.
Case Report:	Comedy III Productions, Inc. v. Gary Saderup, Inc., 21 P.3d 797 (2001)
Topic:	Balancing the right of publicity with First Amendment protection
Where:	Supreme Court of California
When:	30 April 2001
What happened:	Plaintiff, Comedy III. Prod., is the registered owner of all rights to the Three Stooges, who are deceased celebrities. Defendants are in the business of silk screening and lithography. Without permission, defendants sold prints and T-shirts with a charcoal sketch of the Three Stooges. The trial court held that defendants violated the Three Stooges' right of publicity when it sold products using their likenesses without consent. The Appellate Court affirmed and also held that the mere reproduction of an image, without the conveyance of any sort of message, and which is made solely for profit, does not constitute protected speech. The Supreme Court affirmed these judgments, finding that plaintiff's right of publicity had been violated. The court adopted a transformative test when balancing the defendant's First Amendment right and the celebrity's right of publicity: if the artist contributes something more than a "merely trivial variation" and something "recognizably his own" to the image, the artwork may be deemed sufficiently transformative and thus eligible for protection. The Supreme Court emphasized that reproductions of celebrities may be protected by the First Amendment, provided that the new image contains significant creative elements. In this case, the Supreme Court found the image of the Three Stooges not to be sufficiently transformative.
Comments:	The court created a new test to balance the right of celebrities to exploit their image and the right of artists to transform celebrities' image into their own creation. This test alters the previous belief that an artist's creation, regardless of the subject, is protected by the First Amendment of the Constitution which trumps all state laws including the right of publicity. It should be noted that this holding is binding only on California courts, but other states may look to this case as persuasive authority. Defendants have sought to appeal this decision to the United States Supreme Court.
Topic:	Children's Online Privacy Protection Act ("COPPA") Safe Harbor Programs
Who:	Federal Trade Commission ("FTC")
What happened:	COPPA, enacted in October of 1998, provides specific guidelines for the collection of personal information on the Internet from children under 13 years old. COPPA also enables industry groups to propose self-regulatory guidelines that provide the same or greater protections as the act. The self-regulatory program, which must be approved by the FTC, must satisfactorily create a method in which to evaluate participants' compliance and provide participants with effective incentives to continue compliance. On January 26, 2001 the FTC approved the application of the Children's Advertising Review Unit ("CARU") of the Council of Better Business Bureaus as the first safe harbor program authorized by COPPA. CARU seeks to protect children from unfair and deceptive advertising on the Internet. The second safe harbor program approved by the FTC was the Entertainment Software Rating Board ("ESRB") Privacy Online on April 18, 2001. This program requires participating online video and computer games to meet its privacy standards before posting its ESRB Privacy Online Certification Seal on its Web site. The third safe harbor program, TRUSTe, an internet privacy seal program, was approved, on May 21, 2001.
Comments:	The approval of COPPA safe harbor programs illustrates that the government and the Internet industry can work together to protect children online.
Legislation:	Gramm-Leach-Bliley Act ("GLB Act")
Topic:	Privacy of Consumer Financial Information
Who:	Federal Trade Commission ("FTC")
When:	Compliance date 1 July 2001
What happened:	As of this date, any "financial institution", which is broadly defined as any institution engaging in financial activities, including but not limited to banks, investment advisors, insurance companies and travel agencies must comply with the GLB Act. The GLB Act protects consumers' privacy relating to nonpublic personal information, which is defined as personally identifiable financial information obtained by the financial institution in any manner. The GLB Act: requires the financial institution to notify its consumers of its policies and practices on the disclosure of private financial information; prohibits the financial institution from disclosing private financial information to unaffiliated third parties unless consumers are provided the right to opt out of the disclosure; and requires the financial institution to implement safety and security safeguards to protect private financial information. In January of 2001, the FTC performed "Operation Detect Pretext", a sweep to review print advertisements and Web sites of firms that offered to conduct financial services. The FTC found about 200 firms that offered to obtain and sell asset or bank account information about consumers to third parties, therefore violating the GLB Act. Notices were sent by the FTC to these firms informing them to take steps to comply with the GLB Act and all other applicable federal laws.
Comments:	An institution, which provides any kind of financial services, should be aware of the GLB Act's requirements and prohibitions. "Financial institution" is defined so broadly that an entity which provides any direct or indirect services connected with finances, for example law firms, may be covered.
Topic:	New top level domain names ("TLDs")
Who:	Internet Corporation for Assigned Names and Numbers ("ICANN")
When:	September 2001
What happened:	On November 16, 2000, the ICANN Board selected seven new TLDs: ".aero", ".biz", ".coop", ".info", ".museum", ".name", and ".pro". The initial goal was to finish negotiations by the end of 2000, but this proved impossible due to the complex nature of the agreements. Negotiations for the smaller sponsored TLDs, ".museum", ".aero", ".coop", and ".pro", are currently in the beginning stages. Agreements have been reached for ".biz", ".info", and ".name". Afilias Limited was awarded the agreement to run ".info" TLDs. Trademark holders were allowed to pre-register domain names during a sunrise period from July 25 through August 27, 2001. After the sunrise period, ".info" domain names became available for general registration. The first ".info" domain names went live during the third week of September, 2001. ".biz" TLDs, which are operated by NeuLevel, Inc., accepted domain name pre-registration applications from registered trademark holders during its Intellectual Property Claim Period which ran from June 25 through August 6, 2001. After this period, domain name registrations were opened up to the general public. A number of lawsuits have been filed alleging that NeuLevel's process for determining domain name registrations amounts to an illegal lottery. These cases are currently pending, but the requested injunction to prevent NeuLevel from launching the ".biz" TLDs was denied. The ".biz" Web sites are anticipated to become operational in October 2001. Global Name Registry, Ltd., which operates the ".name" TLDs, began accepting domain name registrations in early September 2001. December 13, 2001 is the currently scheduled launch date for the ".name" TLDs to be officially activiated. All new TLDs are subject to ICANN's Uniform Domain Name Dispute Resolution Policy.
Comments:	These new registries will greatly expand the number of domain names available on the Internet. This is the largest expansion of Internet addresses since the mid 1980's, when the domain name system began.