On February 28, 2014, the Federal Court of California ruled in favour of Instagram in a case between the social network and one of its users (Rodriguez v Instagram LLC, CGC 13-532875) who alleged breach of contract by the web-based photograph sharing platform as well as violation of California’s contract law.
After it was bought by Facebook, Instagram modified its terms of service. In compliance with the contractual notice period, Instagram announced the changes in December 2012 and the new terms of service came into effect on January 19, 2013. Three material changes were made to harmonize the terms of service of Instagram and Facebook:
Users are owners of the content posted and no longer simply right holders in the content.
Instagram asserted the right to use posted content under a transferable and sub-licensable license.
The terms of service now include a liability waiver.
To facilitate the adoption of these new terms, Instagram provided that continued use of the service after January 19, 2013 would mean implicit consent to its new terms. A user, who believed that these terms had been imposed upon her without her consent, brought the case before the courts.
The judge of the federal court of California ruled in favour of Instagram on all claims.
Firstly, the plaintiff had a full opportunity to read the new terms, which she did. She could have declined the new terms by no longer using Instagram services. Yet, she did continue to use the website.
The plaintiff also argued that filing a lawsuit demonstrated that she rejected the new terms. The courts did not follow this line of reasoning and held that there was “no basis to conclude that the filing of a complaint is sufficient to reject the new terms – most especially after Plaintiff continues to use and presumably benefit from the Instagram site”.
Thus the social network does not incur contractual liability based on the plaintiff’s alleged non-acceptance of the terms. The decision of the Federal Court of California was logical, since social networks as well as users need legal certainty.
Dreyfus law firm is specialised in dispute resolution on social networks. Please do not hesitate to contact us for more information.
On May 25, 2014, the American National Arbitration Forum (NAF) delivered its 44th URS (Uniform Rapid Suspension) decision, the first in respect of a domain name bearing the .sexy TLD.
The domain name concerned, <finn.sexy> is reserved by North Sound Names. Spearheaded by Frank Schilling, also the founder of Uniregistry, which, to date, is a registry comprising of 50 new gTLDs, North Sound Names is used to store domain names in the TLDs managed by Uniregistry before they are made available to the public. It is in this context that the disputed domain name was reserved on April 15, 2014.
The domain name resolves to a parking page offering the name for sale and containing links called “First Names”, “Selfies”, “Diet”, “Fitness”, “Social Networks”, “Dating” and “Modeling.” It is to be noted that these terms are clearly detached from the business activities of the complainant, Finn.no, the largest online market in Finland.
In support of its complaint, the complainant mentions its extensive use of the Norwegian trademark FINN. This allows the expert to find that the first condition of the URS procedure has been satisfied as the domain name is identical to the trademark. With regard to the legitimate interests or the rights of the registrant, the expert notes that the latter employs the term “finn” in its common usage, i.e. referring to Finnish people. According to the expert, the registrant in fact has a legitimate interest to use this name. On the issue of bad faith, neither the fact of the domain name in dispute being offered for sale nor the notification received by the registrant from the Trademark Clearinghouse (TMCH) convinced the expert. Logically thus, the complaint was dismissed.
The URS procedure is still at an early stage and it is difficult to foresee how the case law of the centres will develop. Yet, there have been many dismissals since most proceedings are primarily concerned with clear cases of trademark abuse. A more appropriate option therefore would have been to proceed on the grounds of the UDRP (Uniform Dispute Resolution Policy). Indeed, while the rules are similar, UDRP experts espouse a more flexible approach and it is usually easier to lend credence to one’s complaint. Without entertaining any preconceived opinions about the experts’ views, it seems that a transfer unto the applicant would have been warranted.
Dreyfus specializes in domain name dispute resolution and guides you in the defense of your rights on the Internet. Please do not hesitate to contact us for any queries.
Enacted in 1994, the “Toubon” Act is one of the most famous laws in France. It requires companies to translate in French their slogans, particulars or information displayed on all media meant for the public. The major exception to this rule is the right to a trademark, since trademarks in foreign language need not be translated.
The Toubon Act attracted the attention of the Office québécois de la langue française. Back in 2012, that office drafted a Charter for retailers to use the French language and launched a publicised campaign promoting the use of the French language on storefronts.
Akin to the Toubon Act, the Charter provides for a trademark exception. Yet the office opposes it. It is of the view that storefront signage are rather considered by the public to be business names rather than trademarks. According to the office, commercial signage should therefore be translated into French. There is thus a clear conflict between what the law says and the interpretation made by the Québécois office.
It is in this context that eight retailers lodged a case before the Québec Superior Court asking to rule on the interpretation of the Charter. The question posed to the Court was clear: either the sign is a recognised trademark within the meaning of the Canadian Trademarks Act and the exception should apply; or it is not and it should therefore be translated in French.
In a declaratory judgment of April 9, 2014, the judges of the Québec Superior Court opined that “a trademark forms part of a legal concept that is governed by its own rules and differs significantly from that of a trade name or business name”.
The judge therefore applied the law stricto sensu and held that trademarks displayed on storefronts needed not be translated.
It is a fact that Québec traditionally holds particular importance to the French language; however, this decision is important since it denotes that tradition must not override the law.
In March 2014, the French Parliament adopted the Hamon Consumer law (Act N˚ 2014-344 of March 17, 2014) creating the first class action procedure in France.
This class action procedure will enable customers to rally and sue for customer protection and antitrust claims. For the time being, consumer associations are the sole representatives allowed to defend consumer rights in court. These associations, submitted to ministerial approval, can be mandated by several consumers for their defense. This civil action is limited to the recovery of pecuniary damages for injuries allegedly caused by a same breach of contract, statutory duty or anti-competitive practices by the same defendant.
For a long time, class actions were denied as it was considered one can only defend one’s own interests in court. But this time, consumer protection prevailed and after examination by the Constitutional Council, the bill was adopted.
Such group actions have a larger impact than individual actions and should favor citizens’ rights. Currently, this action is very unfavorable to the defendant. The adoption of this new procedure can be seen as a response to the recent scandals involving consumers’ injuries. But even when they are not found guilty, the companies will suffer from the media attention.
This new procedure will take effect after the publication of the implementation decree. In 30 months, a report is scheduled to assess the procedure. Now that the door has been opened, the government expressed its wish to extend class action procedures to environmental and health claims.
This Consumer law also includes measures related to online consumer protection. For more information regarding these measures, you can read the article “E-commerce: Amendments to the law”.
The Court of First Instance of the European Union has intervened on the issue concerning the proof of coexistence of marks on October 2, 2013 (TPICE T-285/12 The cartoon Network, Inc. v OHIM and another). The Court has clearly ruled that the applicant who avails himself from the coexistence of a mark should prove the absence of likelihood of confusion within the mind of relevant public.
On April 2, 2012 (R 699/2011-2), the Board of Appeal rightfully contended as regard to the Court, that the applicant has not proved the way the consumer has been confronted to the conflicting marks on the market. The elements of proof have not demonstrated any absence of confusion during the period the marks were commercialised.
The issue is hence to know how to prove the absence of likelihood of confusion between the marks. The coexistence of earlier marks on the market can in some circumstances eliminate the risk of confusion between two conflicting marks. This hypothesis requires the applicant to demonstrate the absence of likelihood of confusion between the earlier marks in the mind the relevant public provided that they are identical. However, the proof of coexistence of registrations and the use of the mark by the applicant is insufficient and not relevant for the Courts.
In short, the probability of proving the peaceful coexistence of trademarks is weak. Indeed, how to prove that confusion has not occurred during the commercialisation of the marks? The outlines of the evidence of trademarks’ coexistence still need to be defined. Therefore, it is of minimal relevance in a claim of likelihood of confusion before the OHIM. The ultimate decision in the matter is within the hand of OHIM.
Last week, it was time for .TOKYO Sunrise to see an end. This is neither the first new gTLD for a city nor the last. After the .BERLIN in March, the .LONDON and the .NYC whose Sunrise period will end newt week, we will welcome the .HAMBURG and also the much awaited .PARIS.
For some of these TLDs, a local presence will be mandatory. If you have business in one of these cities, think about registering your names !
We remind you that a Trademark registered in the Trademark Clearinghouse along with the corresponding SMD file is required to register a domain name during a Sunrise period.
On May 13, 2014, the European Court of Justice dismissed Google’s claims on the grounds that search engines are responsible for the processing of personal data published on web pages (ECJ, Google Spain SL, Google Inc. / Agencia Espanola de Proteccion de Datos, Mario Costeja Gonzalez, May 13, 2014, C-131/12).
A Spanish internet user sought from the Spanish Data Protection Agency the deletion of two press articles that reported his indebtedness. He also requested that these articles be de-indexed by Google since they no longer reflect his situation.
In this respect, the ECJ upheld a fundamental right: the right to be forgotten. Henceforth, when so requested by a person, search engines must delete search results that are irrelevant and outdated.
Furthermore, the Court is of the view that Google and other search engines have to exercise control over personal data as they retrieve, record and organize them in a systematic way. They are thus controllers within the meaning of EU privacy law.
The Court also mentioned all persons have a right to control their personal data, irrespective of whether they are public figures or not. Therefore, if a person wishes that irrelevant or inaccurate information pertaining to them be deleted from search engine results, they may request the deletion thereof even if the information has been published legally. Such a request may be addressed directly to the search engine operator who must duly examine its merits.
Finally, the decision to delete a person’s personal data depends “on the nature of the information in question, on its sensitivity for the person’s private life and on the interest of the public in having that information, an interest which may vary according to the role played by that person in public life.”
The ECJ upheld, in the end, the right to be forgotten. Nonetheless, it is not an absolute right since a balance must be struck between the freedom of expression, of information and the right to privacy. Finally, problems related to the enforcement of this right to be forgotten have already arisen following this decision.
Indeed, in the three days following the decision, Google received hundreds of withdrawal requests of personal data. Google reported on the complexity of processing these requests since they are in different languages and given that particular attention must be given to each of them.
Nevertheless, the European Court of Justice’s decision holds that legal action may be initiated before a supervisory authority or a court against the search engine operator and/or the latter may be heavily fined if it does not take any action.
In order to regulate the right to be forgotten, the CNIL’s annual report of May 19, 2014 offers effective means to control the publication of personal data. First and foremost, the CNIL recommends the elaboration of a framework of reference on the duration of conservation of personal data. The rationale behind such a recommendation is to provide guidelines for those in charge of the processing regarding how long they may keep personal data. Moreover, the CNIL suggests tools that would allow internet users to have better control on the publication of their data. For example, they could define a time limit for publication, modify their data or delete it. Lastly, the CNIL advocates that the right to be forgotten should be supplemented by an obligation to de-index without delay incumbent to search engines from the moment an internet user has obtained the deletion of the initial information.
With more than one billion active users, Facebook is perpetually innovating to stay in the race. Faced with an increasingly diverse range of social networks, the social web giant must improve the user experience. The following months are going to witness the implementation of various features, each with its share of clear issues.
Whether Facebook is a private or public space has always been open to debate. However, for most analysts, Facebook remained, by default, a public social network, a far cry from its origins when it was restricted to a handful of students. Besides, the innovations of the last few years have only highlighted this fact. The Court of Appeal of Besançon had thus held that “in light of its purpose and organization, this network must necessarily be considered as a public space”. (Besançon, November 15, 2011, 10/02642). With Timeline and Social Graph, it became very easy to regroup information that members could have wrongly thought to be private.
But Facebook seems to have backtracked, as new members will eventually have their confidentiality settings set to private. This will likely allow the courts to clearly assert the private nature of Facebook, as held by the Court of Appeal of Rouen in two 2011 judgments: “it cannot be asserted with absolute certainty that current case law denies Facebook the status of a private space given that this network can either constitute a private space or a public space, depending on the settings chosen by its user”.
Furthermore, all services or websites that allow for connection through Facebook will now be trying out a connection method that is “anonymous.” According to the social network, this will make it possible “to try out an application without sharing one’s personal information stored on Facebook.”
While Facebook is showing an inclination to limit the sharing of data, the social network still wants to know more about its members. Driven by the success of Shazam, Facebook will be adding a new feature that will make it possible to identify a song listened to by a user, and then to share it. Not only will Facebook have an intimate knowledge of the profiles of its users, but it will also be able to identify the musical tastes of each of its members, by region, age group or sex. This of course raises the question as to the use that is made of these data, their destination, or even their real purpose. There is no doubt that the social network is very closely monitored by all competent authorities in that respect.
The social network furthermore wants to bring its members closer. Thus, if two users are “friends” on the website, they could easily question each other on their relationship status by clicking on “Ask”. According to the Financial Times, Facebook is also devising an alternative to the famous application Snapchat. This ephemeral message service raises many legal issues: right to the use of individuals’ and/or goods’ images, right to privacy or even the gathering and admissibility of evidence.
Faced with social networks like WeChat, which is extremely popular in China and which offers various services, Facebook is diversifying. Despite the progress made by the network with respect to privacy protection, there remains the tricky issue of the right to be digitally forgotten. First and foremost advocated by Alex Türk, previous President of the CNIL, it is according to the latter “the implementation of a natural function, the ability to forget, which makes life bearable”.
Dreyfus is specialized in the fight against infringements on social networks. Please contact us for more information.
With effect from July 1, 2014, South Korea joined the Hague International Design System which allows for the protection of designs in several countries through the filing of a single application with the World’s Intellectual Property Organization (WIPO).
South Korea is the 62nd member to enter into the Hague Agreement for the International Registration of Industrial Designs.
This system offers significant opportunities for efficiency gains and allows the filing of up to 100 different designs per application. It also simplifies the recording of changes in, and renewals of, protected industrial designs.
Only contracting parties can benefit from the system. Non-member States such as the United States and Japan still require the filing of applications at a national level.
However, more and more countries are currently filing for membership, which is good news for companies. Similarly to international trademarks, it is recommended to take advantage of the benefits offered by international designs.
Following the media coverage of its discovery in early April, the so-called Heartbleed flaw has been extensively written about. A major flaw, if any, Heartbleed is actually a coding error in the OpenSSL encryption software. The websites using OpenSSL are, or were for a few days, highly vulnerable to theft of data. Overwhelming for some, frightening for others, the flaw must be taken seriously in any event. The Heartbleed situation in four questions.
What is Heartbleed?
Heartbleed is neither a malware nor a virus. It is a flaw in the implementation of the OpenSSL security protocol. The latter is used to secure communication between two computers while protecting their identities. Heartbleed allows any internet user to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. It compromises the secret keys used to identify the service providers and to encrypt traffic as well as the names and passwords of users. It also allows hackers to eavesdrop on communications and to steal data directly from the servers.
The flaw of the OpenSSL lies in this tiny line of code:
memcpy (bp, pl, payload):
Mempcy is a command that copies data by overwriting previously copied data. But, with Heartbleed, the data is stored in the system as information to be overwritten, but it is not, and the flaw allows for this data to be stolen.
How significant is the flaw?
Heartbleed allows a maximum 64 Kb of data to be retrieved, which may seem to be an insignificant amount. However, this represents a significant amount of information in plain text (64,000 characters!). Together, data retrieved from all servers represent a colossal amount of information. In addition, “the number of attacks from hackers is unlimited” as stated by Fox-IT, a company specialised in IT security.
The identity of the hackers may be equally important. Thus, a few days after the discovery of the flaw, the National Security Agency (NSA) was accused of having exploited this flaw for almost two years to collect the maximum amount of data on Internet users. While the Edward Snowden commotion had started to settle, these accusations did not bode well for the U.S. agency.
Has the flaw been fixed?
The OpenSSL protocol was developed as open software. This allows its users to modify the source code, and to deal with flaws of this magnitude. For April, an organisation for the promotion of open software, the open nature of the code has “substantially lowered the impact of this flaw.” OpenSSL has been updated but this still does not solve all the problems, as the update must be installed on all vulnerable servers.
The most popular websites had already installed this update of the protocol before the media started reporting on the flaw. The servers are therefore no longer vulnerable to this flaw.
Nonetheless, mistakes can happen swiftly. Akamai Technologies, which manages almost 30 % of global traffic on its 147,000 servers, learnt it the hard way. For over 10 years, Akamai has been using a modified version of OpenSSL which provided “better security” against the Heartbleed flaw according to the Chief Technology Officer of the company. However, an independent researcher found “a code full of bugs and non-functional” in the patch provided by Akamai to its clients. The researcher believes that the update does not offer adequate protection against Heartbleed. This is particularly worrying given that Akamai’s clients are major banks, media groups and companies specialising in e-commerce.
However it is possible that other flaws will be revealed. Indeed, OpenSSL is crucial for websites that use it; however this project is far from being sustainable. Its developers are “desperately short of funds” according to the Research Manager of Sophos. The Wall Street Journal says that only four developers work on this project, only one of them on a full time basis.
What should users do?
For users, two steps are crucial to prevent personal information from being stolen. Firstly, it is essential to ensure that websites they use have updated their version of OpenSSL. This is already the case for most websites, including social networks and banks’, but checking is still important.
The second step is to change your passwords. This change must be put into practice after the OpenSSL has been updated, otherwise hackers may retrieve the new password.
Last but not least, in order to ensure protection of one’s information on the Internet, one should have different passwords. This is commonly known advice but unfortunately it not applied frequently enough. Yet, it is essential. Thus a unique and hard to guess password is good practice for sensitive websites such as banks’ websites. Passwords that are too simple such as “password” or “123456” are obviously prohibited, on any website.
Our site uses cookies to offer you the best service and to produce statistics, and measure the website's audience. You can change your preferences at any time by clicking on the "Customise my choices" section.
When browsing the Website, Internet users leave digital traces. This information is collected by a connection indicator called "cookie".
Dreyfus uses cookies for statistical analysis purposes to offer you the best experience on its Website.
In compliance with the applicable regulations and with your prior consent, Dreyfus may collect information relating to your terminal or the networks from which you access the Website.
The cookies associated with our Website are intended to store only information relating to your navigation on the Website. This information can be directly read or modified during your subsequent visits and searches on the Website.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Dreyfus is concerned about protecting your privacy and the Personal Data ("Data"; "Personal Data") it collects and processes for you.
Hence, Dreyfus complies every day with the European Union legislation regarding Data protection and particularly the European General Data Protection Regulation Number 2016/679 of 27 April 2016 (GDPR).
This Privacy Policy is aimed at informing you clearly and comprehensively about how Dreyfus, as Data Controller, collects and uses your Personal Data. In addition, the purpose of this Policy is to inform you about the means at your disposal to control this use and exercise your rights related to the said processing, collection and use of your Personal Data.
This Privacy Policy describes how Dreyfus collects and processes your Personal Data. The collection happens when you visit our Website, when you exchange with Dreyfus by e-mail or post, when exercising our Intellectual Property Attorney and representative roles, when we interact with our clients and fellow practitioners, or on any other occasion when you provide your Personal Data to Dreyfus, in particular when you register for our professional events.
On February 28, 2014, the Federal Court of California ruled in favour of Instagram in a case between the social network and one of its users (Rodriguez v Instagram LLC, CGC 13-532875) who alleged breach of contract by the web-based photograph sharing platform as well as violation of California’s contract law.
