|
 |
|
|
Current Legal Issues Facing Businesses on the Internet: Legal Risks and How They Can Be Avoided
July 1999
|
|
|
|
Thelen Reid Brown Raysman & Steiner LLP
The Internet is such a recent phenomenon
that many companies still do not recognize all the pitfalls
that can accompany doing business online. Business persons
and even general counsel are still learning how to navigate
the Internet safely. This article is intended to alert
businesses to some of those legal risks - and how they can
be avoided through timely legal counseling.
1. Policing the Internet
Every company, even those not conducting significant business
online, should be concerned about harm it may suffer due to
the online conduct of others. The principal examples
include trademark infringement, copyright infringement, defamation,
and unauthorized access torts. We advise all our clients
to be proactive in policing the Internet to prevent harm to
their interests. Trademark risk has changed in the online
environment. In the area of trademark law legal risks
have changed due to the advent of the Internet. There
is no such thing as a local or regional trademark on the Internet
- the global nature of the Internet means that unregistered
trademarks that previously did not conflict due to geographic
or industry separation now find themselves in conflict when
used online, where every Web-based advertisement is accessible
in every market. In contests over desirable domain names
- the phrases such as "thelen.com" that companies
use to identify their Web sites - unregistered marks are at
a distinct disadvantage. In short, the Internet places
an increasing premium on registered trademarks, and on unique
"strong" marks. It also places a premium on
diligence in policing the Internet to uncover infringing uses
at the earliest opportunity. In the past year we have
handled a number of matters involving conflict over the rights
to domain names, some of which resulted in litigation or threats
to sue, others of which were resolved through a purchase of
the domain name by one of the contending parties.
Defamation of companies and management online is increasing.
Companies are also finding themselves under attack from negative
Web pages which disparage their products, management, financial
condition, employment practices, or other aspects of their
business. Such pages frequently divert users from the
company's official page by closely mirroring its domain name
or using the target company's trademark on their own page
to fool search engines into pulling up the critical page in
response to a search request designed to find the official
page.
Disparaging and potentially actionable material is frequently
found in investment oriented chat rooms or chat rooms designed
around a given industry focus. Many former employee
sites have been established specifically for the purpose of
airing grievances against former employers. In addition,
as with conventional media, the Internet can be a venue for
copyright infringement, and misappropriation of famous persons'
name or likeness. "Hacking" or improper access torts
are becoming increasingly common.
Many of our clients conduct routine sweeps of the Internet
to uncover instances of trademark infringement, copyright
infringement, or disparagement. Others ask us to perform
that service for them. The good news is that usually
we can get the infringing or defamatory material removed without
litigation, however sometimes a reasonable result cannot be
negotiated and litigation results. In the summer of
1998 Thelen Reid lawyers obtained a preliminary injunction
in federal court against the promoter of just such a rogue
Web site on behalf of a non-profit group whose mission and
message was disparaged on the site. The disparaging
site diverted users from the organization's official site
by use (and abuse) of the organization's trademarked name.
The preliminary injunction was upheld in the Third Circuit,
and the permanent injunction trial of that matter is proceeding.
2. Setting up your online
presence
Most companies have some form of Internet presence by
now, ranging from a static Web page which is little more than
a simple, electronic advertisement to complex Web pages which
allow a full range of electronic commerce activities to be
performed online, including communication and contracting
with the company's supply chain, distribution channel, and
ultimate consumers. In some ways the process of setting
up a Web page is easy. Professional Web page developers
can take your company through the entire process from initial
concept to final design. In many cases the developer
will host the page on its server, handle updates, and arrange
for electronic payment and encryption systems. However,
such vendors frequently offer standard Web page development
and hosting agreements which contain hidden time bombs that
can result in substantial legal difficulties down the road.
Development agreements should be clear about ownership of
intellectual property. The parties may not share the
same assumptions as to who will own the intangible property
rights in the developed product, including copyright, trademark,
patent, and publicity rights. Silence on this issue
should not be taken as comforting, however. The work
for hire doctrine under copyright law may not be applicable,
resulting in the developer retaining full ownership of the
copyrights to the work it creates for the other party.
A development contract should specify who owns the content
that goes into the Web page, otherwise conflicts may erupt
if the company decides to revise the page or move it to a
new host.
Performance specifications and warranties are important features
of any development contract. The contract also should
specify procedures for acceptance and testing of the finished
page. Web hosting agreements also raise concerns.
Nobody likes a Web site that is down, slow, or otherwise unreliable.
A Web hosting agreement should specify the level of service
the company is paying for. A company should consider
being able to terminate the agreement for failure to maintain
the contracted-for service levels.
Often hosting services take care of domain name registration.
This is fine so long as the registration is done in the name
of the company, or is transferred to the company. Problems
may arise where the host owns the name and the company seeks
to switch hosting services down the line.
It's not sufficient merely to have a Web site; rather,
surfers expect updated information. For this reason,
the Web host should provide specified tools to enable remote
updating through file transfer from the company. Some
Web hosts will provide updating services. Other companies
may opt to have their initial developer provide updates.
In any event, a company ought to consider who will provide
the updates, and how they will be incorporated into the Web
site. The hosting agreement should also deal with responsibility
for security. Sophisticated software and the use of
"cookies" can provide important information about
visitors to the site and their use of the site. Visitors
may also be asked to provide personal information through
registration or in connection with transactions. Such
information can be used to further modify a site to better
serve its users. Often a company will want to control
any information obtained through its Web site, however, this
information may also be valuable to the hosting service.
The hosting agreement should state which party has what rights
to information obtained from users.
Finally, a company must be able to move its Web site to another
host's server on short notice, especially in the event of
a breach of the Web hosting agreement. The contract
should require the Web host to transfer the contents of a
site in a medium selected by the company on 24 hours notice.
The Web host should also be obligated to provide reasonable
assistance in effecting the transfer to another server, at
least where the termination is not due to a breach by the
company.
The above illustrates the range of issues that should carefully
be considered in establishing an Internet presence.
Just because everyone from teenagers to Fortune 500 companies
has Web sites, does not mean the form agreements often proposed
by Web developers and Web hosts will provide necessary protection
for a company seeking to do business online.
3. Contracting on the Internet
In some ways the Internet is an ideal environment for
contracting, whether with business partners or ultimate consumers.
Because it is essentially instantaneous and interactive, contracting
online can be structured to eliminate ambiguities that can
result from the exchange of paper documents in the real world.
The so-called "battle of the forms" often results
when businesses contract with one another by exchange of pre-printed
forms. While those forms will probably agree on basic
terms like price, quantity, delivery and the like, they may
contain varying boilerplate terms regarding arbitration clauses,
forum selection, limitations of warranties, opportunity for
cure, and the like. Internet contracting can be set
up with only one form - the offeror's - with acceptance limited
to the offered terms. Collateral terms offered in free
text can be avoided by providing that acceptance can be indicated
in only one manner - by "clicking" or typing "I
accept" in a given box. Similarly, the instantaneous
nature of the Internet avoids disputes over the timing of
offer and acceptance, such as whether an offer was still outstanding
at the time the acceptance was made - the family of issues
referred to by lawyers as the "mailbox rules."
A Web page is an ideal platform for contracting for other
reasons as well. Disputes over whether a purchaser or
seller was made aware of certain terms, such as limitations
of remedies, can be avoided online by structuring the Web
page in such a manner that the purchaser must view the desired
text before proceeding to the execution page. Disputes
over the validity of clickwrap licenses can also be avoided
by careful structuring of the Web page. The need
to keep legal disclaimers in their place. Business
people do not want their Web page cluttered up with legal
disclaimers and boilerplate provisions. In our experience
assisting clients to construct online contracting environments,
legal protections can be integrated into Web pages in a legally
enforceable but non-distracting manner through careful design
of the Web page and focusing on the legal provisions that
are critical to the selling entity. Digital signature
legislation. The news is full of stories regarding
efforts in various state legislatures, Congress, and the National
Conference of Commissioners on Uniform State Laws, to enact
legislation to facilitate electronic commerce, including digital
signature legislation and encryption legislation. We
continue to track those initiatives, and depending on how
those lawmaking efforts turn out, they may in fact make electronic
commerce easier, safer and more reliable. But the Internet
is up and open for business now, and the legal tools already
exist to render e-commerce feasible today. Most companies
are not waiting.
4. Exposure to foreign jurisdiction risk
The global nature of cyberspace is its strength but can also pose dangers. A company may only want to reach a small, select audience with its message, but once the company's Web page is posted it will necessarily reach the entire world. This can cause problems when the company's message is illegal in certain jurisdictions, or when communicated to certain audiences such as minors. Industries traditionally regulated on a geographical basis, such as insurance and securities, need to consider how to avoid making offers or other communications online which are unlawful in certain jurisdictions because they have not been pre-approved or filed, or because the entity making the offer or communication is not registered or licensed there.
Perils exist in less regulated industries as well. Regulations regarding subjects such as advertising, defamation, and decency differ substantially in jurisdictions outside the United States. American companies have found themselves unexpectedly subject to regulatory attack overseas for engaging in comparative advertising which would have been perfectly legal and even unremarkable in the United States.
Personal jurisdiction may depend on the interactivity of a site. In addition, doing business online, or even just advertising on a Web page, may subject an entity to suit in distant jurisdictions. Parties entering into contracts over the Internet can anticipate this risk and attempt to contract around it with choice of law, choice of forum, or arbitration clauses. But some torts, like defamation or trademark infringement, do not require any transaction to take place to be actionable. In those cases the issue of personal jurisdiction in a distant forum, at least under United States law, comes down to whether the Web page was "targeted" at the forum state such that the courts of that state will find it fair to require the company to defend a case there. This issue has arisen in cases handled by this firm within the past few months and will doubtless arise with increasing frequency in the years to come.
The law in this area remains unsettled and continues to evolve. If any trend can be discerned it is that interactive Web sites, which invite the viewer to register, provide data or information, and generally enter into an online relationship with the Web page sponsor, are more likely to support assertion of jurisdiction over a distant Web page sponsor than a mere static Web page.
5. Privacy
One significant area where foreign law diverges from United
States law concerns the privacy of personal data - obtaining,
using, and distributing personal data, such as names, addresses,
phone numbers, income, medical conditions, and characteristics
of race, sex, age, ethnicity and political affiliation.
United States law on privacy is sporadic at best, targeting
individual subject matters and industries for attention (credit
reporting agencies, electronic communications, student records,
video rental records) and leaving other areas substantially
unregulated at the federal level (medical records, direct
marketing, and the Internet). Industry and the Clinton
administration continue to favor voluntary industry self regulation
of information gathering and use on the Internet, however
the Federal Trade Commission and privacy advocates are increasingly
demanding some form of federally legislated protection.
The European Commission Privacy Directive. By contrast,
privacy regulation in Europe is more systematized and bureaucratic,
with many countries having governmental bureaus charged with
protecting the interests of individuals in data that is collected
about them. Rights of data subjects are similarly more
developed, including the right to access data collected about
oneself, to be informed when and why data is being collected,
and to have data collected only for limited, specified purposes.
Freewheeling collection, purchase and sale of personal data
for marketing purposes in the American fashion would not be
permitted under such systems. The European Commission
and Parliament issued a directive in 1995 which requires all
European Union member states to have privacy legislation in
place that will prevent transmission of personal data to countries
like the United States that do not offer their citizens equal
protection. Active negotiations have been underway in
recent months between members of the Clinton administration
and EU representatives to gain as much assurance as possible
that data flows to the United States will not be interrupted.
Meanwhile individual United States companies and even whole
industries will attempt to comply with privacy standards acceptable
to the EU by entering into individual contracts and commitments,
or adopting industry standards, related to privacy rights.
Any company that needs to receive personal data from Europe,
whether from other entities or its own affiliates, needs to
consider how it will respond to the challenge posed by the
EC privacy directive.
| 6. | Internet and e-mail policies and the workplace |
Employees tend to use electronic mail differently than
paper communications such as letters or memorandum in the
work place. The popularity of electronic mail largely
results from its dual nature of being as efficient and informal
as a spoken conversation, while also having the permanence
of a written letter or memorandum. Unfortunately, this
informality often is accompanied by inappropriateness.
Employers need to warn supervisors and employees to use the
same care in drafting e-mail messages that they would in drafting
a letter or memorandum. Furthermore, companies should
be adamant that their electronic mail may be monitored by
supervisory personnel. Employees must understand that
e-mail frequently lasts longer than messages that are sent
to individuals on paper, and is far more easily forwarded
to other (unintended) users both within the company and outside
the company.
Internet access as source of liability for discrimination
and harassment. A recent poll of 9,000 Internet users
by MSNBC revealed that almost one in five persons visited
cybersex sites while at work. Allowing employees to
access such sites and either transmit their contents to others,
or allow others to observe them accessing such sites, raises
the possibility of liability for the creation of a hostile
work environment. In addition, republication of such
material may violate copyright and/or trademark laws.
Record keeping and retention. A common use for e-mail
or an intranet is to communicate requests for vacation, family
leave, training, disability accommodations, promotion or transfer,
adjustments in compensation, and even timekeeping. These
items are typically considered personnel records and need
to be retained under federal law, as well as under the laws
of many states, including California. Policies to retain
records indicating both transmission and receipt of such documents
are essential.
7. Public company issues
Securities lawyers are increasingly receiving inquiries
about the risks and potential rewards of using the Internet.
On the risk side, we have been advising public companies about
the need to update corporate disclosure policies to take the
Internet into account. Many companies still operate
on a dual system - while press releases and securities filings
are carefully scrutinized for any inaccuracy with securities
disclosure principles in mind, elsewhere in the company vague,
overly optimistic, or just plain speculative information is
being exchanged online without sufficient oversight.
Information disclosure and document retention policies need
to be updated to take the online world into account.
On the benefit side, companies are increasingly asking about
the feasibility of using the Internet to save costs in delivering
the annual report, proxy materials, and offering materials.
The SEC has clarified the procedures that need to be followed
to meet the "delivery" requirements for electronic
disclosure documents. This is an area where we expect
to see significant growth during 1999.
Conclusion
The issues presented above are relevant to all companies
doing business on the Internet, not just companies that consider
themselves to be in the high-tech field. These issues
confront mainstreet business, whether in construction, manufacturing,
retailing, utilities, securities, professional services, or
other lines of business. They exist even for companies
with a minimal online presence. Some of them, especially
the risks discussed under the heading "policing the Internet,"
even exist for companies that have no online presence.
We believe the legal risks posed by the Internet can be managed
in ways that do not detract from its attractiveness as a medium
in which to do business. But every chief executive,
general counsel and chief information officer owes it to him
or herself to understand those risks and obtain appropriate
advice.
If you would like to receive legal reports and updates
more quickly, by e-mail, click here and fill out the mailing list form.
For more information about the issues covered in this report, please contact Rauer L. Meyer in our Los Angeles office at 213-576-8005 or at rlmeyer@thelen.com or contact your Thelen attorney. For more information about Thelen's Construction Department, click here.
©1999 Thelen Reid Brown Raysman & Steiner LLP
|
|
|
|
