International / Jurisdiction / Venue

In two recent cases, federal courts in California and Florida have permitted service of the Summons and Complaint by email on foreign defendants who operated online businesses solely through electronic communications and who took steps to conceal their physical addresses.

On April 6, 2010, The United States District for the District of Nebraska found that the Computer Fraud and Abuse Act (“CFAA”) was not void for vagueness in a criminal case where the defendant was alleged to have exceeded authorized access where he used the password provided by the user to access her email and send then send compromising images found in the email folders to others. 

On October 6, 2009, the FTC announced its second enforcement action under the EU Safe Harbor Program in four months.  Six companies that had certified in the EU Safe Harbor Program allowed their certifications to lapse, but continued to represent to their users and to the public that they were "Safe Harbor Certified."  Under the proposed settlements, the companies are prohibited from misrepresenting the extent to which they participate in any privacy, security, or other compliance program sponsored by a government or any third party.

Before its first enforcement action, brought in July, 2009, the FTC had not enforced the EU Safe Harbor Program at all since its inception in 2000.  While many commentators had heretofor suggested that the would not enforce it, these new actions suggest a renewed FTC interest in ensuring that Program particpants actually follow the rules.

Read the official FTC press release here.

On June 12, 2009 the Article 29 Data Protection Working Party adopted an opinion regarding its expectations for operators, application providers and users of social networking services – including those based outside the EU – to meet the requirements of EU data protection law.  See WP 163, “Opinion 5/2009 on online social networking.”

The American Automobile Association (AAA) recently sued Darba Enterprises, Inc. for using the AAA mark in its domain name, on its website, and in pay-per-click advertisements.  Darba moved to dismiss the claim based on lack of personal jurisdiction; however, the court held that by maintaining a commercial website, Darba reached beyond its home state of Nevada to purposefully avail itself of the benefits of the California forum.  The American Automobile Association Inc. v. Darba Enterprises, Inc., No. C-09-00510 (N.D. Cal. Apr. 21, 2009).

A report commissioned by the Office of the Privacy Commissioner of Canada concludes that Canada's Personal Information Protection and Electronic Document Act (PIPEDA) applies to Second Life, a massively multiplayer online game (MMOG) operated by Linden Lab, which is based in San Francisco, California. The report also concludes that the centralized collection of content, personal information, and "player data" in Second Life, and other MMOGs, may raise significant privacy concerns.

The original report, written by a law student at the University of Ottawa, is available here. The Office of the Privacy Commissioner of Canada is inviting responses to the report on its blog.

The Article 29 Working Party adopted its "Working Document 1/2009 on pre-trial discovery for cross border civil litigation" on February 11, 2009.  The document is the first attempt by the Working Party to address the numerous issues associated with conducting discovery between EU and non-EU countries.

The Payment Card Industry (PCI) Security Standards Council recently posted Version 1.2 of the PCI Data Security Standards (PCI DSS) that apply to many merchants and vendors that accept credit cards and other types of payment cards. A few of the changes will likely have a significant impact on many companies still struggling to comply with Version 1.1. The changes include, among others, heightened requirements for wireless networks and expanded requirements to implement anti-virus software beyond Windows-based platforms, including UNIX. Other changes are simply clarifications or in a few instances relaxation of requirements. Click read more for a more detailed analysis.

The New York Times reported today that diplomats from the EU and the US may be nearing agreement on a "binding international agreement" to enable law enforcement and security agencies to obtain and process personal data from the EU without the restrictions that are currently placed on the onward transfer of personal data from the EU to the US.  Will this agreement eliminate the frustrating compliance hurdles for private companies doing business in the EU?

UPDATED: June 26, 2008 11:23 PM. 

The Bush Administration announced today that it will lift longstanding economic sanctions against North Korea in response to North Korea's release of a 60-page declaration on its nuclear program.  While the pundits wrangle over the politics, companies that were formerly restricted in business dealings with North Korea by the Office of Foreign Asset Controls ("OFAC") may begin transacting business in and with North Korea effective immediately.  But there is a catch . . .

Regulators in the United States and the European Union take very different approaches to the nature of IP addresses in data protection law. The United States' regulatory system does not generally treat IP addresses as personal data. The European Union-level administrative position, however, is that IP addresses constitute personal data when they can be linked to an individual user.

The U.S. Department of Commerce hosted a conference entitled “Conference on Cross Border Data Flows, Data Protection, and Privacy” in Washington, DC on October 15 and 16.

On August 5, 2007, President Bush signed the "Protect America Act of 2007." The Act amends the Foreign Intelligence Surveillance Act of 1978 such that surveillance directed at a person reasonably believed to be located outside the United States no longer requires a government application to, and order issuing from, the FISA Court. Under the Act, communications can be monitored (i.e., intercepted) in real time or reviewed after receipt and storage, for example, in the case of email. The Act provides procedures for the government to issue directives to providers to provide data or assistance, for the government to seek an order to compel provider compliance from the FISA Court, and for the recipient of a directive to seek relief from the FISA Court from an unlawful or overly burdensome directive. Under the Act, providers receive cost reimbursement and full immunity from civil suits for compliance with any directive.

In a decision issued on March 21, 2007, the Eighth Circuit handed a victory to VoIP service providers in denying consolidated appeals of the FCC's Vonage Order. See Minn. Pub. Util. Comm'n v. FCC, No. 05-1069, slip op. (8th Cir. Mar. 21, 2007).  However, the court emphasized that its review of the Vonage Order was limited solely to the record that existed before the FCC at the time of the order. If future advances in technology undermine the "central rationale of the FCC's decision," (i.e., that it is impractical or impossible to identify the geographic location of nomadic VoIP customers), then the court noted that the preemptive effect of the Vonage Order would need to be reexamined.

Priceline, Travelocity and Cingular Wireless each contracted with DirectRevenue LLC to deliver ads to consumers. To service its clients (including Priceline, Travelocity and Cingular Wireless), DR installed adware on millions of computers. The adware, which was undisclosed to users and difficult to remove, monitored the websites visited by the users and collected the information they typed into web forms. The NY AG filed a law suit alleging that DirectRevenue had violated New York consumer protection law, then pursued DirectRevenue's three major advertiser clients.

Bell v. Shah, Case No. 3:05-CV-0671 (RNC) (D. Conn. Mar. 30, 2006).

The United States District Court for the District of Connecticut has held that the mere posting of allegedly defamatory material on a passive Web site, and the maintenance of such a general purpose Web site, does not constitute targeting of the forum sufficient to support personal jurisdiction.

In Earthlink, Inc. v. Andy Pope, et al., the District Court for the Northern District of Georgia recently held that defendant spammers could be sued in Georgia even though they resided in Alabama and dialed in  to the Earthlink network from an ISP in Alabama.

New Zealand
Foreign
New Zealand Company that had registered and offered for sale domain names incorporating the registered trademarks of several famous companies agreed to a permanent injunction bar it from using the names; however, the scope of the ruling did not reach many other famous names still held by the company.

British Trial Court
Foreign
A British court held that Graham Waddon was subject to jurisdiction in Britain for publishing pornography in violation of Britain's Obscene Publications Act, even though the sites were located in the United States.

Unknown
Newspaper, one of several news organizations subpoenaed for documents relating to correspondence regarding sensational murder case, refuses to turn over for inspection its files of readers' email to its online news site. Defense counsel in the murder case sought the materials to support its case for change of venue.

2005 WL 3542868 (N.Y. App. Term 2005), affirming 798 N.Y.S.2d 348 (N.Y. Civ. Ct. 2004)
Appellate Term of a New York Supreme Court upheld a small claims court's ruling that a forum selection clause in America Online's (AOL) electronic membership agreement, which required that any dispute against AOL be litigated in Virginia, was unenforceable regarding the plaintiff's $5,000 action. Enforcement of the forum selection clause in the clickwrap agreement would be unreasonable since the plaintiff would effectively be rendered unable to litigate the matter in a small claims court.

134 Cal. App. 4th 544, 36 Cal. Rptr. 3d 229, 2005 WL 3164648 (Cal. Ct. App. 2005)
CA
Aral filed a California class action suit against Earthlink, alleging Earthlink overcharged customers for digital subscriber line (DSL) Internet service before providing them with the equipment necessary to use the service. To install DSL service using EarthLink software, customers were required to click on an icon indicating that they have read and agreed to the terms and conditions of the DSL service agreement.

2005 WL 2542896, 151 Fed. Appx. 655 (10th Cir. 2005)
In a class action suit, Tomlinson alleged that H&R Block, Inc. and H&R Block Tax Service made false and deceptive statements by using her social security number in educational seminars and tax preparation training courses, breaching the companies' privacy policy stating they protect personal information.

[2005] FCA 1242 (Federal Court of Australia)
Australian Federal Court judge Murray Wilcox held that file-sharing network Kazaa violated Australian music copyrights by authorising the copyright infringing conduct of users of Kazaa, and ordered Kazaa's owner, Sharman, to modify its software to help prevent it. Judge Wilcox observed that Kazaa did little to discourage piracy, despite knowing that most of the files swapped through Kazaa were copyrighted music.

(2005) 8 U 93/05 Oberlandesgericht Oldenburg (Oldenburg High Regional Court, Germany)
German appellate court held that placing an article for sale on eBay constitutes a binding, irrevocable offer to sell. A private individual placed a car on eBay for sale, but cancelled the auction before it finished, claiming he had to withdraw because the car had an oil leak.

[2005] FCA 972 (Federal Court of Australia)
Australian Federal Court Justice Brian Tamberlin held that website operator and internet service provider (ISP) infringed record companies' copyrights by hosting a website that included hyperlinks to pirated music. Record companies sued Stephen Cooper, who operated mp3s4free.

[2005] FCA 193 (Federal Court of Appeal, Australia)
Foreign
Canadian Federal Court of Appeal upheld lower court decision that, in the early stages of litigation, Internet service providers (ISPs) need not identify subscribers that were accused of trading files in violation of copyright laws. Much of the evidence in support of releasing the names, the appellate court observed, was based on hearsay, "thus creating the risk that innocent persons might have their privacy invaded and also be named as defendants where it is not warranted.

2005 WL 756610 (N.D. Cal. 2005)
A federal district court held enforcable a forum selection clause contained in a website's Terms of Use page that was accessible through a hyperlink. Cairo operated a website that used scrapers to gather content from Crossmedia's website and included deep links to Crossmedia's webpages.

LG Berlin, No. 27 O 45/05
Berlin court found meta-search engine "Sharelook" liable for defamatory content based on its search results. When entering the term "naked" in the search engine, a link for an adult website would appear, listing television personality Babette Einstmann's name in connection with the site.

106 P.3d 841 (Wash. App. Div. 2005)
Class action plaintiffs alleged America Online (AOL) violated Washington state's Consumer Protection Act by displaying pop-up windows that invited plaintiffs to create additional AOL accounts, for which AOL would then bill plaintiffs. Plaintiffs were required to accept AOL's terms of service, which included a forum selection clause that required all claims to be raised in Virginia.

Tribunal de grande instance [T.G.I.] [ordinary court of original jurisdiction] Nanterre, Jan. 17, 2005 (France)
Trial court in Nanterre, France (the same court as in the related Google case) held that search engine Overture's keyword advertising scheme (similar to Google's) infringed on trademarks of hotel group Accor. When a user entered a keyword search, Overture's advertising system would suggest other possible keywords, including registered trademarks of Accor.

2004 WL 3141311 (Md. Cir. Ct. 2004)
Maryland trial court held that Maryland's anti-spam statute, the Commercial Electronic Mail Act (CEMA), was unconstitutionally vague and violated the dormant commerce clause. Consumer protection firm MaryCLE (a Maryland corporation with its primary place of business in the District of Columbia) and its Internet service provider, NEIT Solutions (a Maryland LLC with operations in Colorado), sued Internet marketing company First Choice and its president (both located in New York).

103 P.3d 156 (Utah Ct. App. 2004)
Utah appellate court held that sending one email to a resident of Utah was a sufficient "contact" to satisfy the long-arm statute and minimum contacts requirement of due process for a claim arising from the email. MLeads, an Arizona corporation, contracted with marketing agent to advertise MLeads's services.

(2004) VIII ZR 375/03 Bundesgerichtshof Zivilsenat (Federal Court of Justice, Civil, Germany)
Germany's highest civil court held that eBay is not an auction under German law, and thus those who purchase goods from professional sellers on eBay do not have to give a reason to get a refund. German consumer protection laws allow customers to return goods without a reason.

[2004] EWCA Civ. 1329 (10 October 2004) (Court of Appeal, UK)
UK Court of Appeal affirmed High Court decision that English courts are a proper forum to hear a libel case between two US residents concerning statements published on US-based websites. US resident Don King sued various US residents, including Lennox Lewis and his attorney, Judd Burstein, alleging libelous statements that were published on Internet websites.

2004 WL 2331918 (D. Kan. 2004)
D. Kan.
Kansas federal district court held a forum selection clause in a software license agreement was enforcable, even though the licensee's use of the software was necessary to obtain services within a separate contract with licensor. Mortgage Plus entered a contract with DocMagic for services concerning loan closing documents.

341 F.3d 1072 (9th Cir. 2003)
Federal Circuit
LL Bean sent a cease and desist letter to Gator.com, makers of a software program, that sent pop-ups ads of LL Bean competitors to people visiting LL Bean's site.