European Union’s General Data Protection Regulation to Usher in Sweeping Changes Affecting Data Protection and Privacy Practices of European and U.S. Companies

Introduction

In December 2015 the European Commission published a General Data Protection Regulation to replace the Data Protection Directive, which currently regulates the collection and use of personal data within the European Union. The Data Protection Directive was enacted more than 20 years ago and was in dire need of updating to keep pace with developments in data collection and sharing practices, as well as the explosion of data security breaches. The Regulation will likely come into force in 2018, but its wide-ranging implications necessitate immediate attention from the business community not only in the EU, but on the global stage.

The key features of the Regulation are summarized below.

Territorial Reach

The “extra territorial” reach of the Regulation is a key change that all non-EU entities will need to be aware of. Previously, EU law in this area applied only to those entities that control the use of the data and have some sort of establishment or equipment in the EU. However, the Regulation applies directly to any entity that processes personal data about EU residents in connection with (i) the offer of goods or services in the EU; or (2) the monitoring of behavior in the EU.Jurisdiction will therefore be measured digitally rather than physically, paying less attention to the physical location of the entity undertaking the processing. When assessing this reach, regulators will look to a variety of factors, including how a website references EU individuals, the currencies accepted, and the languages used. Any profiling of EU individuals will fall squarely within these criteria. This is a huge shift and something that entities that were previously outside the scope of the current law, but are now likely subject to the Regulation, will need to absorb over the coming months.

Expansion of Definition of Personal Data

The Regulation expands upon the definition of “personal data” from the Data Protection Directive, the collection and processing of which is covered by the Regulation. After its effective date, personal data will include unique online identifiers, e.g., IP addresses and mobile device identifiers, as well as geo-location data about a subject. Unique biometric data such as fingerprints, retina scans, and genetic data are also included in the expanded definition of personal data.

Enhanced Individual Rights

The Regulation also requires data controllers to provide greater transparency to individuals about the data they are collecting and how that data will be used at the time of data collection. Most of this information should be described in a well-written privacy policy, and includes the identity and contact information of the controller, the purpose of data collection and processing, and third parties to whom the data will be transferred. The information provided must also identify the legal basis of transferring data outside of the EU. Those bases — whether the use of standard contractual clauses, binding corporate rules, or the new “Privacy Shield” — are likely to continue to be in flux until the Regulation comes into effect. Controllers also must inform individuals about the right to deletion and correction of data about themselves, more colloquially known as the “right to be forgotten,” the right to lodge complaints to the controller’s data privacy authority, and the right of individuals to receive data that has been collected about them in a structured and commonly used machine-readable format.

Article 4(3aa) of the Regulation also requires controllers to notify individuals if they will use personal data for “profiling,” which is defined as (a) involving automated processing of personal data; and (b) using that personal data to evaluate certain personal aspects relating to a natural person. Profiling cannot be based on certain special categories of personal data, such as racial, ethnic, or religious information without explicit consent, unless such processing is necessary for reasons of substantial public interest. Controllers will be required to use adequate procedures and implement technical and organizational safeguards to correct data inaccuracies and avoid errors, secure personal data, and minimize the risk of “discriminatory effects.” Additionally, individuals will have the right both to request the “profiling” data about themselves and to object to or demand that profiling be stopped.

Direct Liability for Processors

Data processors will now have direct obligations under the Regulation. Currently, only the data controllers are subject to direct regulatory oversight, often flowing applicable obligations to the data processor under contract, such that the data processor would be contractually liable to the data controller, but would not be subject to direct enforcement or penalties from a data protection regulator. Whether a data processor is located within the EU or overseas, this is a big movement in regulatory compliance risk. These obligations of a data processor will include implementing appropriate technical and organizational measures with respect to personal data, notifying the data controller of a data breach and potentially appointing a data protection officer. In addition, contracts appointing data processors will need to be more prescriptive, requiring audit rights for the data controller and a mechanism for the approval of the appointment of sup-processors.

Organizational Requirements

The Regulation imposes several internal administrative compliance obligations for data processors and controllers. First, both controllers and processors will be required to develop and maintain documentation describing their data protection policies. Both will also be required to keep a record of processing activities. Controllers and processors will be required to conduct data protection impact assessments where the proposed data processing is likely to result in a high risk to the rights and freedoms of individuals. An impact assessment evaluates the likelihood and severity of the risks involved in the proposed data processing and assesses the safeguards to be introduced to mitigate the risk. To ensure covered companies will have internal accountability for compliance, the Regulation will require data processors and controllers to appoint a data protection officer where its core processing activities require regular and systematic monitoring of individuals on a large scale, or where its core activities consist of the processing of sensitive data on a large scale. The data protection officer will have the responsibility for overseeing the company’s compliance with the Regulation.

Local Representative Requirement

As a mechanism to bring non-EU data processors within the regulatory oversight of EU data protection authorities, Article 25 of the Regulation requires both data controllers and processors that regularly collect or process personal data from EU citizens on a large scale to appoint local representatives within EU member states where they do business. This requirement is likely to apply to, for example, U.S.-based Software as a Service providers whose customers include companies with significant numbers of EU end users or employees.

Fortunately for companies that have few contacts with EU citizens’ personal information, there is an exception to this requirement for companies that do limited processing of EU citizens’ personal data. Companies that only engage in “processing which is occasional, does not include, on a large scale, processing of special categories of data as referred to in Article 9(1) or processing of data relating to criminal convictions and offences referred to in Article 9a, and is unlikely to result in a risk for the rights and freedoms of individuals, taking into account the nature, context, scope and purposes of the processing” are not required to appoint local representatives.

Harmonization and the One Stop Shop

Under EU law, a “regulation” is law directly applicable to companies acting within the EU whereas a “directive” requires legislation to be passed at a national level implementing the general principles of the directive, inevitably resulting in a lack of uniformity throughout Member States. Therefore a key nuance which is not necessarily evident from the text of the Regulation, but which is a product of this fundamental principle of EU law, is that the Regulation will now create a uniform privacy regime across the EU, in place of the current patchwork of member state laws implementing the current directive.

Following the same theme, the Regulation will also fundamentally change the way that data protection law is supervised in the EU. A key proposal to promote this uniformity was for any given company (which may have a presence in a number of Member States) to be able to have one point of contact for supervisory purposes. This has manifested itself in detailed structure whereby a lead supervisory authority in the Member State in which a company has its main or sole establishment will have supervisory responsibility, with that lead supervisory authority having the ability to work with other concerned authorities. A centralized European Data Protection Board will be established, having the ability to issue opinions on particular decisions. It remains to be seen how this will work in practice, and whether companies will have the ability to influence which lead supervisory authority is allocated to it, along with the political and tactical maneuvering this may entail to ensure the most preferable outcome for the company.

Data Transfers

There are no major changes in this area of the Regulation and, save for the Safe Harbor uncertainties, the existing methods to transfer data internationally have broadly been retained, with some refinements. With regard to Safe Harbor, we all await clarification on the law and the details of its newly unveiled replacement, the “Privacy Shield.” There appears to be an emerging view that whatever the details of this Privacy Shield transpire to be, it is likely to be subject to challenge in the courts. Whether it will withstand such challenge remains to be seen, but in the interim, the market waits with anticipation. With regard to other methods to facilitate transfers of data, a popular alternative to the Safe Harbor regime are Model Contractual Clauses. Although these remain intact under the Regulation, in due course these may come under fire and be subject to similar challenges and calls for invalidity as the Safe Harbor regime. Binding Corporate Rules have also survived under the Regulation, remaining a valid way to transfer data, with the current rules now codified into law.

Consent

There are new provisions codifying the ways in which a data subject may provide, or be deemed to have provided, its consent to the processing of its data. Consent needs to be informed, specific, evidenced by a statement or affirmative conduct (silence or inactivity is insufficient), and in the case of sensitive personal data, be explicit. The onus is on the data controller to demonstrate this and the request for consent must be easily accessible, using clear and plain language. The consent must be freely given and revocable at any time without detriment to the data subject. The Regulation looks to the bargaining power of the parties as a factor when assessing this. For example, companies can no longer make it a condition of a contract or service that consent is provided to that company to process certain personal data, where the processing of that personal data is not necessary for the performance of that contract or delivery of that service — the “all or nothing” option is therefore likely to find little favor. In addition, in the employer/employee context, which is often the focus of much analysis regarding freely given consent, Member States will have the ability to implement specific rules to regulate this.

Data Breach Response

An aspect of the Regulation that will significantly impact U.S.-based companies’ data breach response plans is the requirement of data controllers to notify supervisory authorities — e.g., data protection authorities — of a data breach that “is likely to result in a risk for the rights and freedoms of the data subject” within 72 hours of discovery of the breach. This time period is considerably shorter than any existing U.S. state statute. Because companies affected by breaches are often still assessing what happened and identifying the scope of the compromise within the first 72 hours of a breach, companies will need to be cautious in not understating or overstating the impact of the breach.

Affected individuals must also be notified without “undue delay” if the breach presents a high risk “for the rights and freedoms” of individuals. The notification must describe the nature of the breach and its causes, if known, and recommendations on how affected individuals may mitigate risks. Although a data controller may not give notice to the supervisory authority or affected individuals if it determines that the breach is unlikely to pose a threat to the rights and freedoms of affected persons, the burden will be on the data controller to prove the absence of risk.

Notably, the trigger for a breach notification under the Regulation is both broader and vaguer than under the laws of the more than 47 U.S. states and territories that have data breach notification statutes. Under these statutes, an obligation to notify arises following the breach of relatively well-defined categories of information, typically including a combination of the first name or initial and last name, plus some other unique identifier, such as a social security number, driver’s license number, financial account and passcode, unique biometric identifiers, or health insurance or medical treatment information. The Regulation imposes a much vaguer standard, requiring notification where the breach could lead to identity theft, discrimination, loss of confidentiality of information that could result in economic loss, or social disadvantage. The end result is likely to be an increase in global notifications of data breaches.

Penalties for Non-Compliance

The Regulation, once in effect, is not a paper tiger. Data controllers will face penalties of up to 4% global “turnover” — gross revenue — for non-compliance. For large U.S. companies — the kind that are likely to be controllers, rather than mere data processors — these fines could be substantial. Data protection authorities will also be able to enforce penalties against the local representative of a non-EU data processor or controller, effectively giving those authorities indirect jurisdiction over non-EU data processors. The Regulation has no means of enforcing penalties against non-EU processors who fail to appoint a local representative, which may lead some U.S. data processors to consider whether appointing a local representative simply invites more risk.

The Department of Commerce Internet Policy Task Force White Paper on Remixes, First Sale, and Statutory Damages

In January 2016, the U.S. Department of Commerce’s Internet Policy Task Force issued its “White Paper on Remixes, First Sale, and Statutory Damages.” Spearheaded by the U.S. Patent and Trademark Office and the National Telecommunications and Information Administration, the Task Force received public comments on and examined key topics in copyright law, including the application of statutory damages in the context of individual file-sharers and secondary liability for large-scale online infringement. This article focuses on the Task Force’s analysis of statutory damages under the Copyright Act and its recommendations for amending the statute.

Criticisms of the Current Regime for Statutory Damages

The Task Force highlights several concerns about the current statutory damages framework in § 504(c) of the Copyright Act. These include: the potential “chilling effect” that the prospect of a massive damages award has on innovations and new technologies, especially for Internet service providers, technology companies, and others that face secondary liability for the directly infringing acts of their customers and users; copyright “trolls” who leverage the threat of maximum statutory damages per work to coerce settlements from individuals they accuse of file-sharing; copyright plaintiffs who use statutory damages to obtain windfall profits; and inconsistencies in the application of statutory damages, leading to disparate and unpredictable awards in similar cases. And although service providers do not control the number of works individual users may directly infringe, they are nonetheless still held liable for damages on a per-work basis. In cases where tens of thousands of works are at issue, even a minimum of $750 per work leads to a massive award that is disproportionate to the service provider’s conduct.

Section 504(c) also lacks specificity. Unlike other federal laws, which provide specific factors to guide a statutory damages award (i.e., the Truth in Lending Act, 15 U.S.C. § 1640(a)), the Copyright Act offers no statutory factors or guidelines for courts and juries to consider in reaching a statutory damages award.

The Task Force’s Recommendations for Amending the Copyright Act

The Task Force recommends three amendments to statutory damages provisions of the Copyright Act, noting that “effective enforcement tools” against online piracy must be reconciled with “excessive and inconsistent awards” that chill innovation and incentivize litigation abuse.

The first recommendation is to amend § 504 to add nine specific, non-exclusive factors that courts and juries mustconsider in determining a statutory damages award:

  1. The plaintiff’s revenues lost and the difficulty of proving damages;
  2. The defendant’s expenses saved, profits reaped, and other benefits from the infringement;
  3. The need to deter future infringements;
  4. The defendant’s financial situation;
  5. The value or nature of the work infringed;
  6. The circumstances, duration, and scope of the infringement, including whether it was commercial in nature;
  7. In cases involving infringement of multiple works, whether the total sum of damages, taking into account the number of works infringed and the number of awards made, is commensurate with the overall harm caused by the infringement;
  8. The defendant’s state of mind, including whether the defendant was a willful or innocent infringer;
  9. In the case of willful infringement, whether it is appropriate to punish the defendant and if so, the amount of damages that would result in an appropriate punishment.

Drawn from model jury instructions and case law, the Task Force does not intend these factors to be exclusive, allowing consideration of other factors relevant to a particular case.

Second, the Task Force recommends an amendment to the notice provisions of the Copyright Act, embodied in §§ 401 (d) and 402 (d). Under the current statute, the presence of a notice of copyright protection prevents a defendant from asserting an innocent infringement defense. The proposed amendment would permit an infringer to still assert the innocent infringer “defense,” making the appearance of a copyright notice relevant, but not a bar to, an innocent infringement defense.

The third and final recommendation is arguably the most important. In cases involving non-willful secondary liability by “online services” involving large numbers of infringed works, courts should have discretion to fashion an award other than through a strict “per-work multiplier” calculation. In other words, courts would not be bound to the minimum statutory per-work amounts. As the Task Force notes, the “per-work multiplier” makes less sense where secondary liability is concerned, because there is an attenuated connection between the service provider’s actions and the direct infringement by customers and users. Without this change, “[w]hen a court must multiply this minimum by a very large number of copyrighted works, it may not be possible to avoid an excessive outcome.”

Benefits of the Task Force’s Recommendations: Taking Facts into Account

The recommendations are an improvement over the current statute, providing guidance, specificity, and greater predictability. The statutory damage factors help tie awards to the “facts on the ground.” The first, fifth, and seventh factors codify the rule recognized by several courts that statutory damages should bear a relationship to actual damages plaintiff suffered. New Line Cinema Corp. v. Russ Berrie & Co., 161 F. Supp. 2d 293 (S.D.N.Y. 2001) (“New Line’s statutory damages should be commensurate with the actual damages incurred”); Dae Han Video Prod., Inc. v. Chun, No. 1:89-01470, 1990 WL 265976 (E.D. Va., June 18, 1990) (“When awarded, statutory damages should bear some relation to the actual damages suffered.”); Bait Prods. Pty Ltd. v. Murray, No. 8:13-CV-0169-T-33AEP, 2013 WL 4506408 (M.D. Fla. Aug. 23, 2013) (“‘Statutory damages are not intended to provide a plaintiff with a windfall recovery’; they should bear some relationship to the actual damages suffered.”). This prevents windfalls for copyright plaintiffs, and provides an incentive for parties to use civil discovery tools to calculate actual harm. And a claim that damages are difficult or impossible to demonstrate is less likely to go unchallenged.

The sixth factor also ties awards to the “facts on the ground” by making the circumstances, duration, and scope of the infringements relevant considerations. For instance, “when the infringed work is of minimal commercial value, a lower award may be appropriate.” And where a large number of works are at issue, courts can take a “holistic” approach and adjust awards for each work so that the overall award is commensurate to harm, rather than engage in a mechanical exercise of multiplying a random amount by the number of works at issue. This will nudge courts and juries to consider the value of works at issue and to recognize that works should not be treated the same as a default.

Finally, permitting courts in their discretion to depart from the per-work calculus in cases of non-willful infringement is a crucial, common sense amendment. While courts would still retain discretion to revert to the ”per-work multiplier” approach, this change could in some instances help prevent the exorbitant awards that otherwise would inevitably result.

Drawbacks of the Task Force’s Recommendations

A step in the right direction, the recommendations nonetheless may promote confusion and inconsistency. The addition of certain mandatory factors suggests that other factors are less important. Missing from the proposed statutory factors is consideration of a plaintiff’s own conduct. Courts have held that the “conduct of the parties,” including that of the plaintiff, is a relevant consideration in crafting an award. Warner Bros. Inc. v. Dae Rim Trading, Inc.877 F.2d 1120 (2d Cir. 1989) (holding that a court may take into account the attitude and conduct of the parties, and finding that district court did not abuse its discretion in awarding low amount of statutory damages where plaintiff’s own conduct was “vexatious [and] oppressive.”); Bryant v. Media Right Prods., Inc., 603 F.3d 135 (2d Cir. 2010) (courts should consider the conduct and attitude of the parties in determining the amount of statutory damages to award for copyright infringement);Oppenheimer v. Holt, No. 1:14-CV-000208-MR, 2015 WL 2062189 (W.D.N.C. May 4, 2015) (same). Consideration of plaintiff or its agent’s own conduct would help to address abusive tactics by copyright trolls. Also missing from the proposed statutory factors is consideration of a plaintiff’s failure to mitigate its actual damages. Though this factor may be limited to assertion of a failure to mitigate defense, some courts have held this is a relevant consideration, even where a plaintiff seeks statutory damages. See, e.g., Malibu Media, LLC v. Julien, No. 1:12-CV-01730-TWP, 2013 WL 5274262 (S.D. Ind. Sept. 17, 2013) (“current law allows the court to consider actual damages [in making determination of statutory damages], and failure to mitigate is relevant in considering actual damages… ”); Malibu Media, LLC v. Guastaferro, No. 1:14-CV-1544, 2015 WL 4603065 (E.D. Va. July 28, 2015) (“Although typically only applied to claims for actual damages, the defense may be relevant to claim requesting statutory damages because ‘one purpose of statutory damages is to approximate actual damages that are difficult to prove.’”).

Additionally, the first factor references the “difficulty of proving damages,” but there is no mention of whether plaintiff has the burden of proof, what steps, if any, a plaintiff must take to meet this burden, or the consequences of failing to do so. Moreover, the fourth factor concerning a defendant’s financial situation is vague and open-ended. Though intended to address the reality that the amount needed to deter an infringer depends on the circumstances, such as whether the infringer is an individual or a corporation, the factor as phrased does not make this clear. Indeed, profitable corporations may unfairly become the target of higher awards simply because the company is seen as profitable and able to afford paying large awards.

The amendment allowing courts to depart from the “per-work multiplier” calculus also has limited benefit in the secondary liability context, because it would not apply in cases of willful infringement. But even where the infringement is willful, the acts of the service provider are likely to be so attenuated from and not related to the number of works infringed, and calculation of damages on a per-work basis may nonetheless remain overkill.

Finally, the Task Force does not address litigation abuse by copyright trolls, and rejects recalibrating the range of damages available in the case of awards against individual defendants. Such a step could address the use of threats of maximum statutory damages by trolls to extract settlements from unwitting consumers. Instead, the Task Force notes that “courts are well-positioned” to evaluate abusive enforcement activities. But this misses the point; indeed, the issue is that copyright trolls use threats to extract settlements outside the purview of the court.

Conclusion

The Task Force’s recommendations for amending the statutory damages provision of the Copyright Act are a mixed bag. While a step in the right direction because they offer greater clarity and recognize the different nature of secondary liability, there are some serious drawbacks and glaring omissions in the proposed amendments. If the Copyright Act is to be amended, it should be done in a comprehensive manner and should dispel as much confusion and inconsistency as possible.

Quick Updates

Prevailing Party: Defendant Awarded Attorney Fees Despite Plaintiff’s Voluntary Dismissal of California Trade Secrets Action

Cypress Semiconductor Corp. v. Maxim Integrated Products

In Cypress Semiconductor Corp. v. Maxim Integrated Products, 236 Cal. App. 4th 243 (6th Dist. 2015), the California Court of Appeal, Sixth Appellate District found that a defendant in a trade secrets suit can be deemed a “prevailing party” entitled to attorney fees under California Civil Code § 3426.4 when a plaintiff voluntarily dismisses its lawsuit to avoid an adverse determination on the merits. Although attorney fees provisions in contracts are governed by California Civil Code § 1717 — which defines “prevailing party” in a manner that excludes voluntary dismissal without prejudice as a basis for finding prevailing party status — attorney fees awarded per statute are not subject to § 1717. Cypress clarified that, at least under § 3426.4, prevailing party status can be found following a voluntary dismissal without prejudice.

Plaintiff Cypress sued defendant Maxim, alleging that Maxim had misappropriated a trade secret, or was in the process of doing so, by seeking to hire away specialists in touchscreen technology. Cypress and Maxim compete in the field of touchscreen technology. Maxim responded that it was entitled to solicit prospective candidates from Cypress’ workforce and that there was no evidence it acquired, or sought to acquire, any trade secret. Cypress tried and failed to secure temporary injunctive relief, and failed to obtain an order placing under seal evidence derived by Maxim from public sources. Cypress then dismissed the action. The trial court awarded Maxim attorney fees pursuant to § 3426.4, which authorizes such an award to the prevailing party where a claim for misappropriation of trade secrets is found to have been made in bad faith.

On appeal, Cypress argued that the trial court erred because it could not properly find that Maxim was the prevailing party, or that Cypress brought the action in bad faith. The court found that (1) the trial court’s findings are free of procedural error; (2) the finding of bad faith is supported by evidence that defendants merely attempted to recruit a competitor’s employees, which Maxim was entitled to do under California law; and (3) Maxim prevailed when, as the trial court implicitly found on substantial evidence, Cypress dismissed the suit to avoid an adverse determination on the merits.

A more detailed treatment of this case and its implications is available here.

How much Discretion does the Patent Trial and Appeal Board have in Instituting Inter PartesReviews?

2016 promises to bring clarity to issues that have confounded a country in the throes of change. No, we do not mean the presidential election. Instead, we are looking forward to the Federal Circuit’s review of a number of decisions by the Patent Trial and Appeal Board. This guidance will provide increased clarity for practitioners as the Federal Circuit weighs in on matters both procedural and substantive. Two recent decisions address the scope of the Board’s discretion in instituting inter partes reviews and conducting trials.

Synopsys v. Mentor Graphics

The Board may grant IPR if “there is a reasonable likelihood that the petitioner would prevail with respect to at least one of the claims challenged in the petition.” 35 U.S.C. § 314(a)37 C.F.R. § 42.4(a). The Board has discretion to review only certain claims in a petition, or only certain grounds raised by the petitioner. The Board’s institution decision is not appealable. 35 U.S.C. § 314(d).

In Synopsys, Inc. v. Mentor Graphics Corp., No. 2014-1516, 2014-1530, 2016 U.S. App. Lexis 2250 (Fed. Cir. Feb. 10, 2016), Synopsys sought review of claims 1-15 and claims 20-33 of Mentor’s patent as anticipated or obvious in light of various prior art references. The Board instituted review of only claims 1-9, 11, and 28-29 based on a single prior art reference, denying review of the remaining claims. After a hearing, the Board issued a written decision invalidating claims 5, 8, and 9. Synopsys appealed the decision, arguing the Board should have found claims 1 and 28 invalid and that the Board erred in issuing a final written decision that did not address the validity of all claims raised in the petition. Because an institution decision is not appealable, Synopsys instead challenged the scope of the final decision itself, arguing that “because § 318(a) directs the Board to issue a final written decision with respect to ‘any patent claim challenged by the petitioner,’ the Board’s final decision must address every claim raised in the petition.”

The Federal Circuit looked at the language of the statute to determine that Congress used different language to refer to claims challenged in a petition and claims adjudicated in the final written decision and rejected the argument that Congress intended the IPR proceeding to be a complete substitute for invalidity determinations in district court. Instead, the Federal Circuit affirmed that the validity of claims for which the Board did not institute review could still be litigated in district court.

Redline Detection LLC v. Star Envirotech

At the other end of the process, the Federal Circuit has confirmed that the Board has discretion to decline review of timely filed “supplemental” information from a petitioner. 37 C.F.R. § 42.123 provides that a party may file a motion to submit supplemental information after an IPR is instituted. Subsections (b) and (c) of the Rule, addressing late submission of supplemental information and other supplemental information, require Board authorization to file and a showing of good cause. Subsection (a) does not include those requirements — it simply requires that the motion be timely filed and that the supplemental information is relevant to an instituted claim.

Redline submitted an IPR petition seeking review on twelve grounds based on combinations of four prior art references. Redline planned to timely supplement its petition under 37 C.F.R. § 42.123(a) to include expert declarations after the Board issued its institution decision. Because Redline’s obviousness arguments could not be supported without the supplemental information — including a 60-page expert declaration — Redline believed it met the requirement of relevance. The Board denied Redline’s motion, stating that Redline did not provide any justification for submitting the information after institution beyond a desire to reduce costs. The Board then upheld the challenged patent. Redline Detection, LLC v. Star Envirotech, Inc., No. 2015-1047, 2015 U.S. App. LEXIS 22897 (Fed. Cir. Dec. 31, 2015).

On appeal Redline pointed to the language of the statute, noting the lack of requirement for good cause in subsection (a), and argued that the Board’s decision was arbitrary and capricious because the Board has permitted other petitioners to timely submit supplemental information. The Federal Circuit held that the Board was entitled to deference in interpreting its own rules and that its interpretation of 37 C.F.R. § 42.123(a) was not plainly erroneous. Requiring the Board to accept all timely, relevant supplemental information would read out other portions of the regulations governing IPR and trial proceedings and would remove the Board’s discretion to grant or deny motions under 37 C.F.R. § 42.5(a) and (b).

These decisions continue a trend of the Federal Circuit confirming the Board’s discretion in interpreting the statues and regulations governing IPRs. We will continue to follow the Federal Circuit’s jurisprudence in this area while we wait for the Supreme Court’s decision in Cuozzo Speed Techs. v. Lee. The Supreme Court granted certiorari on January 15 of this year. Cuozzo Speed Techs. v. Lee, 193 L. Ed. 2d 783 (2016). In the meantime, put all your supporting evidence in the petition, and think carefully before trying to appeal institution decisions.

Federal Circuit Court of Appeals Says That Excluding Disparaging Trademarks from Registration Is Unconstitutional

On December 22, 2015, the Federal Circuit Court of Appeals, sitting en banc, held that the Lanham Act’s exclusion of “disparaging” trademarks from registration violated the First Amendment and is unconstitutional. In re Simon Shiao Tam,808 F.3d 1321 (Fed. Cir. 2015).

Simon Shiao Tam, a founding member of the band The Slants, sought registration of THE SLANTS as a trademark in 2011 for use in connection with his band’s live music performances. Tam chose The Slants as his band’s name in an effort “to ‘reclaim’ and ‘take ownership’ of Asian stereotypes.” The Trademark Office rejected the application on the grounds that the mark “‘deride[s] and mock[s] a physical feature’ of people of Asian descent.” This determination that THE SLANTS was disparaging was affirmed on appeal by the Trademark Trial and Appeal Board and then again on appeal by the Federal Circuit Court of Appeals; however, THE SLANTS case was reheard by the Federal Circuit en banc,which held that the disparaging trademark exclusion was unconstitutional.

Section 2(a) of the Lanham Act precludes scandalous, immoral, or disparaging marks from being registered, and this has prevented the registration of numerous applications for marks containing racial slurs, swear words, and arguably vulgar designs over the last several decades. The 9-3 majority in In re Tam determined that excluding these types of marks from registration is a viewpoint-based denial of protection of speech by private speakers that cannot be reconciled with the First Amendment.

The most significant conclusions that the majority drew were: (1) the disparagement exclusion is viewpoint based, rather than content based, because it precludes registration of marks that describe groups in a negative way but allows registration of marks that refer to groups in a positive way; (2) although the government can discriminate against speech based on viewpoint when the speech is considered to be that of the government itself, federal trademark registration is not government speech and is a regulatory activity; and (3) even if registering a trademark is considered a subsidy or benefit, the denial of an available benefit based on the viewpoint of speech is still unconstitutional. The dissenting judges disagreed with a number of the majority’s conclusions, namely, whether trademark registration is government speech and whether the government has a sufficiently justifiable interest in restricting subsidies.

We are starting to see the fallout from the In re Tam decision in other cases. In In re Brunetti, No. 85310960, 2014 WL 3976439 (T.T.A.B. Aug. 1, 2014), the TTAB affirmed the Trademark Examiner’s refusal to register the mark FUCT based on the Lanham Act’s scandalous and immoral exclusions. On appeal to the Federal Circuit, the USPTO and Brunetti submitted separate letters to the Federal Circuit addressing In re Tam in light of their case. The USPTO interestingly conceded that the scandalous and immoral exclusions violate the First Amendment if it is true that the disparagement exclusion does, so the case should be remanded. Despite this concession, the USPTO did stipulate that it believes these exclusions to be constitutional, so this approach was likely a strategy to avoid giving the Federal Circuit another chance to look at the disparagement exclusion before In re Tam could perhaps reach the Supreme Court.

The 2(a) exclusion has become a particularly hot topic in the last few years, especially in light of the media attention that the REDSKINS case has garnered. Pro-Football, Inc. v. Blackhorse, 112 F. Supp. 3d 439 (E.D.Va. 2015), appeal docketed, No. 15-1874 (4th Cir. Aug. 6, 2015). As discussed in the IP Bulletin Quick Update in Summer 2014, several registrations of the REDSKINS mark were canceled by the TTAB on the grounds that REDSKINS was disparaging of people of Native American descent. Currently this case is being appealed to the Fourth Circuit Court of Appeals, and the parties recently submitted their opening briefs. Not surprisingly, THE SLANTS decision in the Federal Circuit will play a large role in bolstering Pro-Football’s First Amendment arguments. Although Federal Circuit decisions are not binding on the Fourth Circuit, they certainly are influential, particularly because the Federal Circuit hears many trademark cases that originate from TTAB decisions. If the Fourth Circuit’s decision does not align with the Federal Circuit, however, there is a higher likelihood that the Supreme Court will consider these cases.

Kirtsaeng II: Back to the High Court

Kirtsaeng v. John Wiley & Sons, Inc. will be one of those rare cases heard by the Supreme Court more than once.

Supap Kirtsaeng was a Thai graduate student studying in the U.S. While in school, he sold foreign edition English-language textbooks to fellow students that his friends and family had purchased in Thai bookstores. Because many publishers including John Wiley & Sons sold textbooks containing virtually identical content at high prices in the U.S. and low prices abroad, Kirtsaeng was able to reap a profit from his re-sales.

In 2008, John Wiley & Sons sued, alleging copyright infringement. It won at the district court and in the Second Circuit, but in 2013, the Supreme Court ruled for Kirtsaeng, holding that the first sale doctrine, which explicitly allows the resale and distribution of lawfully made copies on the secondhand market without running afoul of copyright law, applies to works first distributed overseas. Kirtsaeng v. John Wiley & Sons, Inc., 133 S. Ct. 1351 (2013). The decision was a momentous one, settling a hotly debated question that had ended in a 4-4 tie only three years earlier, in Costco Wholesale Corp. v. Omega, S.A., 562 U.S. 40 (2010). After the Supreme Court’s decision, Kirtsaeng’s attorneys asked the District Court for attorney fees. Section 505 of the Copyright Act allows judges to award attorney fees to the prevailing party at their discretion. The prospect of attorney fees can influence decisions to defend or settle a case, since attorney fees through trial and appeals can often exceed potential damages.

Past Supreme Court precedent on the topic is vague. In Fogerty v. Fantasy, Inc., 510 U.S. 517 (1994), the Supreme Court stated that copyright defendants are equally eligible for attorney fees as copyright plaintiffs, and should be treated alike. The Fogerty court emphasized that requiring prevailing defendants to show that the plaintiffs’ claim was frivolous or in bad faith — essentially treating an award of attorney fees to defendants as a punishment — was too narrow a view of the purposes of the Copyright Act and the attorney fees provision. Instead, the “primary objective of copyright is… to promote the Progress of Science and useful Arts,” and “defendants who seek to advance a variety of meritorious copyright defenses should be encouraged to litigate them to the same extent that plaintiffs are encouraged to litigate meritorious claims of infringement.”

Nevertheless, any award of fees is still at the discretion of the district court. In a footnote, the Supreme Court accepted, without explicitly endorsing, the use of non-exclusive factors such as “frivolousness, motivation, objective unreasonableness (both in the factual and in the legal components of the case) and the need in particular circumstances to advance considerations of compensation and deterrence…. [s]o long as such factors are faithful to the purposes of the Copyright Act and are applied to prevailing plaintiffs and defendants in an evenhanded manner.”

The various Circuits have applied the Fogerty factors in varying ways, setting the stage for Kirtsaeng II. At one end, the Seventh Circuit applies a presumption in favor of attorney fees to prevailing parties in all cases. On the other end, the Second Circuit emphasizes that the objective unreasonableness factor should receive substantial weight such that the other factors must outweigh it for a fees award to be issued. The rest of the Circuits lie somewhere in between, with some applying the Fogerty factors, either primarily or nonexclusively, some stating that awards should be “routine,” some emphasizing the question of whether fees would further the interests of the Copyright Act, or some combination, though all at the discretion of the district court.

The district court denied Kirtsaeng his fees, finding that the publisher’s suit was not “objectively unreasonable.” It weighed the novelty of the issues against Kirtsaeng because the plaintiff also took a risk in pressing an unsettled theory. It discounted consideration of compensation because Kirtsaeng had pro bono representation at the Supreme Court. It also held that Kirtsaeng’s degree of success and the financial disparity between the parties were issues relevant to theamount that would constitute reasonable fees, not whether fees should be awarded at all. The Second Circuit affirmed, though it disapproved of the district court’s discounting of potential compensation for pro bono versus paid representation.

Kirtsaeng has appealed to the Supreme Court, arguing that the Second Circuit’s focus on objective unreasonableness improperly mirrors the “exceptional case” standard of patent and trademark law because, unlike the patent and trademark statutes, there is no exceptional case requirement under the Copyright Act. Furthermore, he argued that the Second Circuit applies its standard in an uneven manner by favoring copyright plaintiffs unless their claims are unreasonable, under the theory that the imposition of a fee award against a copyright holder with an objectively reasonable litigation position will generally not promote the purposes of the Copyright Act, but awarding fees against defendants who employ reasonable defenses to deter violations. Essentially, Kirtsaeng’s critique is the Second Circuit improperly views the purpose of the Copyright Act as stopping infringement instead of promoting the progress of science and useful arts, as the constitutional preamble states.

In January, the Supreme Court granted Kirtsaeng’s petition for certiorari a second time. Briefing on the merits has not yet begun, so a decision will likely not come until the fall, but copyright practitioners, litigants, and potential litigants will be watching closely.