The California State Senate votes today on the passage of SB761, introduced by State Senator Alan Lowenthal (D-Long Beach), that would require the state attorney general to adopt regulations allowing users to opt-out of programs that track online information and identifying user behavior on computers, smartphones, tablet computers, and any other device that accesses the Internet.  Under SB761, any Internet user can send a message to a website doing business in California requesting that their online activity not be monitored.  The bill would allow consumers or the state attorney general to file a civil lawsuit against a company or website that ignores or violates this law. This law would be the first one of its kind nationwide and is based upon a similar federal bill introduced into Congress by Rep. Jackie Speier (D-CA).

Specifically, the proposed law prohibits any software to be copied onto a computer, without the prior approval of the user, and using the software to:

1. take control of the computer;
2. modify certain settings relating to the computer’s access to or use of the Internet;
3. collect, through intentionally deceptive means, personally identifiable information;
4. prevent, without authorization, an authorized user’s reasonable efforts to block the installation of or disabling of software;
5. intentionally misrepresent that the software will be uninstalled or disabled by an authorized user’s action; or
6. through intentionally deceptive means, remove, disable, or render inoperative security, antispyware, or antivirus software installed on the computer.

Although, at first glance, this proposed bill seems to benefit all Internet users, there lies the risk that this is the first step towards a user-fee-based Internet.  The business model of many of today’s websites is based upon advertising sales and the sale of personal data collected from users accessing their sites.  Advertisers seek this personal data in order to better understand the behaviors of their target audience resulting in enhanced access to their potential consumer base through a more strategic placement of ads.  Without the sale of this collected data as well as reduced advertising sales, websites will begin to see a decline in revenue and will require a new method of generating funds in order to replace these financial losses.  Therefore, we anticipate that websites will begin require users to pay a fee for the privilege of accessing websites and information that they were accustomed to access for free and, in exchange, websites would not collect or disseminate any user data.  This type of behavior will result in a “digital divide” in which those who have the financial means to pay for access will have better choices for an enhanced ad-free and tracking-free online experience.  Those without will have no choice but to give-up personal data in order to access lower quality websites or potentially not be allowed to access these websites at all.  By limiting Internet access to those that have the financial means to pay for services, there lies the question of whether Internet access is an inalienable right thereby allowing this type of digital divide without violation of any federal law.

On the flipside, without the passage of SB761, websites will continue to track user behavior and collect highly-invasive psychographic data resulting in an invasion or privacy.  As seen by the recent fury directed at Apple for tracking and storing the location of iPhone users, consumers need to have some type of protection against websites or option to restrict data collection from websites that will take advantage of unwitting Internet users without some type of restriction.  Therefore the passage of the law is the appropriate first step towards providing online users with appropriate options.

Practice Tips

While the public is rightfully concerned about online data collection and the sale of information to advertisers, companies need to be able to protect themselves and continue to generate revenue while still balancing the needs of the online consumer.  Companies with an online presence, especially start-up companies, need to determine the types of safeguards needed to be incorporated to protect themselves and their users and still succeed in generating revenue.  If companies engage in tracking practices and behavior, it is important to determine how to incorporate such practices and divulge this information in the privacy policies.  Disclosure is key but the ramifications of not being tracked needs to be divulged as well.

Section 512 includes a recital of the various safe harbors from liability and is also collectively referred to as OCILLA (Online Copyright Infringement Liability Limitation Act). Section 512(f) is intended to be a deterrent to those making false claims of infringement; this subsection of OCCILLA makes the person who is asserting the false claim of infringement liable for damages suffered by those who were harmed by the false take-down plus attorney fees. The recent two cases demonstrate that this is a specialty tool to be specifically and narrowly applied against those who assert specious take-downs to ISPs and (f) is not just a blunt retaliation instrument.

1. Rock River Communications, Inc. v. Universal Music Group, Inc., 2011 WL 1598916 (C.D.Cal. April 27, 2011)

We’ve had the DMCA for a little over a decade now, and the case law reflects that we are beginning to chart the navigational paths through its topography. In this case, a remixer, the plaintiff, took a license from someone who purported to be the authorized licensee of the specific Bob Marley music at issue.

The defendants claim they are the correct licensor of that particular Bob Marley music; and, defendants succeeded in getting the allegedly infringing remixes removed from the market.

This case is one brought by one of those driven out of the market as retaliation for the newly remixed pieces being removed by use of Section 512. In short, the plaintiff is asserting that Section 512(f) is being incorrectly applied. The court agreed holding that (f) did not apply because the recipient of defendant’s take-down was not an ISP, but was a retailer. Section 512(f) did not apply both because iTunes wasn’t performing the functions contemplated by 512(c) and because iTunes has a financial interest, as such, the C&D letter isn’t the functional equivalent of a 512(c)(3) take-down notice.

2. Amaretto Ranch Breedables, LLC v. Ozimals, Inc., 3:10-cv-05696-CRB (N.D. Cal. April 22, 2011)

In this case of the dueling take-down letters, two virtual animal vendors on Second Life sent numerous take-down demands regarding the alleged infringement of their respective bunnies and horses. In an unorthodox procedural play, the horse vendor asked the court to enjoin Second Life from acting on the bunny vendor’s take-downs. The court threw out the predictable Section 512(f) retaliatory claim brought by the horse vendor, in this the most recent episode of this ongoing saga.

The court held that because Second Life forbore from acting on the bunny vendor’s take-down there was no standing for a Section 512(f) action. While the horse vendor may be pragmatically correct that the sending of the specious take-down should be the only condition precedent to (f) eligibility, the court read the statute literally and ruled that there is a further second condition precedent to getting standing to file the (f) action is that the recipient of the take-down actually have taken it down.