report child pornography

Internet Server Provider Requirements to Report Child Pornography

/0 Comments/in /by

Internet Server Provider Requirements to Report Child Pornography

Internet service providers (ISPs) occupy a unique place in modern society. They provide internet access to millions of people across the United States, which allows instantaneous communication, exchange of ideas, and, unfortunately, a new haven for criminal activity.

Because of their unique role in facilitating online communication and commerce, ISPs are subject to certain federal laws regarding child pornography and child sex trafficking.

Revision Legal’s internet and privacy attorneys have experience drafting website and software privacy policies, advising on privacy law compliance, and enforcing state law privacy torts. Our privacy law attorneys can advise you or your business on compliance with:

  • State privacy law
  • The Children’s Online Privacy Protection Act
  • California’s Shine the Light law
  • The European Union’s Data Protection Directive

Child Pornography

Under Federal law, it is illegal to produce, distribute, import, receive, or possess any image of child pornography. Images do not need to depict sexual activity. Instead, a picture of a naked child can be considered child pornography if it is sexually explicit. Minors under the age of 18 can not consent to be in these images.

While adult pornography that is not “obscene” is protected by the First Amendment free speech protections, child pornography is not protected. Individuals violating federal child pornography laws are subject to strict criminal punishments, including harsh jail sentences.

Child Sex Trafficking

Child sex trafficking is the recruitment, harboring, transportation, provision, obtaining, or advertising of a minor child for the purpose of a commercial sex transaction. Being convicted of this crime can result in serious criminal penalties. Federal laws also provide for civil asset forfeiture of property owners who ignore human smuggling on their land.

The internet is the major hub for facilitating human sex trafficking. A recent study of child sex trafficking survivors reported that 75% were advertised online. Additionally, the FBI estimates that at any given moment, 750,000 child predators are online.

ISP Requirements For Reporting Child Pornography

ISPs are required by 18 USC §2258A to issue a report to the National Center of Missing or Exploited Children (NCMEC) when they obtain knowledge of facts or circumstances involving:

  • Sexual exploitation of children;
  • Selling or buying of children;
  • Production or distribution of child pornography; and
  • Websites designed to trick minors into viewing pornography or other obscene material.

This report must contain information regarding:

  • The individual user, including his or her email address or IP address
  • The history of the transmission, including when and how it occurred
  • The geographic area of the involved individual, including the IP address, or the verified billing address

ISPs must also provide any images of apparent child pornography, as well as the complete communication regarding any images of apparent child pornography, including any digital files contained in or attached to the communication.

ISPs are not required to actively search their systems for information regarding sex trafficking or child pornography, nor are they required to monitor individuals for these types of communications.

Failure to make reports can result in fines up to $150,000 for the first offense, and up to $300,000 for subsequent offenses.

The NCMEC will forward these reports to appropriate local, state, federal, or international law enforcement agencies and relevant attorney general for investigation. This collaboration across domestic and international jurisdictional lines is important because a significant amount of child pornography and sex trafficking is done between jurisdictions.

Contacting the NCMEC

The NCMEC’s website is http://www.missingkids.com/home, and its CyberTipline can be contacted at 1-800-THE-LOST (1-800-843-5678) or online at https://report.cybertip.org/.

Other Efforts to Stop Child Pornography and Child Sex Trafficking

Due to the widespread, international nature of child pornography and child sex trafficking, it must be tackled on a number of different fronts.

Because of the serious nature of these crimes, both the US government and private ISPs have undertaken efforts to curb the distribution and production of child pornography and end child sex trafficking.

Private Internet Provider Efforts to Block Child Pornography

In addition to the federal government’s efforts to curb these practices, private internet service providers have reformed their services to block child pornography.

In 2008, Comcast and NetZero joined Verizon and Sprint in taking steps to block child pornography. These companies block bulletin boards where images are disseminated, as well as child porn news and web sites. These efforts to remove old images from circulation will allow law enforcement to focus on more recent images of children who are more likely to still be victimized.

Search engines, such as Google and Bing, are also blocking searches for restricted material, and are working to tackle peer-to-peer sharing of these images. A study analyzing data between 2011 and 2014 showed that these efforts reduced this type of search traffic by 70%.

Senate Fact Finding Into Online Criminal Activity

Finally, the federal government has many investigative tools that can be utilized to expose criminal activity online.

The leading online marketplace for commercial sex is Backpage.com. According to a 2017 Senate Subcommittee Report, this website is involved in 73% of all child traffic reports received by the NCMEC.

This investigation looked into whether Backpage.com was merely a conduit for criminal activity, or if the site was actually involved in promoting the criminal activity. If, as Backpage.com claimed, it was merely a conduit, it would be immune from liability under the Community Decency Act (CDA), which provides certain levels of immunity for ISPs and websites that make content available online and have good-faith screening processes to block offensive material. However, if Backpage.com was actively participant in criminal activity, the site could have criminal and civil liability.

Over the course of a nearly two-year investigation, the Senate discovered that not only was Backpage.com editing customer ads for child trafficking or pornography in order to remove words suggesting criminal activity, but also that it was coaching customers how to post “sanitized” versions of the ads to avoid detection.

Backpage.com had previously avoided liability for criminal activity under the CDA because the extent of its involvement with the criminal activity had not been known. The Senate subcommittee’s fact finding helped exposed Backpage.com’s practices, paving the way for lawsuits from victims of sexual exploitation. One such lawsuit was filed in June 2017 (1:17-cv-11069).

From the aggressive pursuit of Backpage.com by the US Senate, it is evident that the government is willing to utilize all the tools in its toolbox to seek out this sort of criminal activity online.

For more information on ISP disclosures or compliance requirements with federal and state laws, contact Revision Legal’s team of experienced internet attorneys through the form on this page or call 855-473-8474.

data privacy news

2018’s Biggest Data Privacy News Stories

/0 Comments/in /by

2018’s Biggest Data Privacy News Stories

As the year draws to a close, we wanted to take a moment to review the biggest data privacy news stories of 2018 and discuss what we can learn from them as we move into the new year.

1.   Europe’s GDPR

Probably the biggest news story is the European Union’s Global Data Privacy Regulation (GDPR). This regulation, which came into effect in May 2018, places significant limits on how companies must collect and store data.

In addition to outlining what companies must do when they process personal data, the GDPR has new regulations relating to how companies must handle data breaches. Businesses are now required to notify their relevant data protection authority within 72 hours of becoming aware of a breach. Depending on the type of data, the company must also notify impacted individuals, if the breach involves a high risk to their rights and freedoms.

Perhaps the most shocking aspect of the GDRP are the high fines a company faces for failure to comply with the regulation. Severe breaches can carry fines up to €20 million ($22.5 million), or 4% of a company’s annual revenue, whichever is greater. As a result, companies like Amazon.com, which took in just under US $178 billion in revenue in 2017, could be looking at multiple billions of dollars in fines for noncompliance.

If your company is subject to the GDRP, you should be looking closely at this regulation to ensure you are complying with all aspects of it. Remember: even if your company is attached by hackers, you can still be fined.

In order to ensure you are fully compliant with the regulation, speak with an attorney who specializes in internet privacy law.

2.   Huge Data Breaches

It seems like every week, we get data privacy news stories. In July, the Identity Theft Research Center reported that over 22 million records were exposed in the first half of the year alone.

Companies like Under Armour faced off against hackers who broke into the MyFitnessPal app, affecting over 150,000,000 users. While there were enough data protections in place to secure sensitive identifying information and credit card numbers, Under Armour’s password protection system was partially protected under a weaker hashing system that was easier to compromise. The stolen passwords could then be sold or used in online scams.

Perhaps the biggest data breach story was the Cambridge Analytica / Facebook scandal. This spring, it came to light that 50 million profiles were harvested data from user’s profile pages to analyze and influence election results, including the 2016 presidential election.

The program collected information about each individual user who completed a personality test, but also information from those user’s online friends. The usage violated Facebook policies, which allowed collection of data only to improve in-app experiences, not for advertising or other purposes. This breach led the UK to issue a £500,000 fine on Facebook (approximately US$644,000), which Facebook has recently appealed.

Facebook is taking a number of steps internally to prevent another Cambridge Analytica scandal, including reviewing apps that have access to large amounts of user data, and turning off the app’s access to someone’s data if it has not been used in the past three months. Imposing and adhering to this sort of internal policy may help limit this type of data misuse. The increased GDPR data privacy protections may also help prevent another Cambridge Analytica scandal, although Facebook previously failed to adhere to an agreement with the Federal Trade Commission (FTC) regarding its users’ data privacy.

Foreign operatives also attempted to steal intellectual property from universities. In March, the US Department of Justice filed charges against an Iranian company and nine individuals for hacking into hundreds of universities around the world, including 144 in the US. The attacks involved sending phishing emails to professors in order to gain access to university data.

These attacks began in 2013, and are estimated to have stolen 31 terabytes of academic data and intellectual property.

What can Your Company Learn From These Sensational Headlines?

In the Under Armour example, the company had many protections in place to protect user’s passwords, but its hashing protocols were flawed. Regularly reviewing and updating the security of your data encryption can help you stay one step ahead of hackers.

You should store data separately, as Under Armour did, to ensure that financial information, including credit card numbers, are kept separately from login data.

To avoid inadvertently allowing third parties to have access to your customer’s personal data, as in the Facebook case, you can follow GDPR guidance on appropriate limitations. You should also routinely audit third party use, to ensure they are adhering to your company’s privacy policies.

If you believe a third party is misusing your customer’s data, you can shut them out and ensure they dispose of the data, including backups, properly. You can also offer rewards to people who find holes in your security system.

Finally, as the Iran-University breach demonstrates, hackers do not always target automated systems. Sometimes the weakest links in data protection are humans.

You should routinely remind anyone who has access to your network – from first semester freshmen to tenured professors – to be wary of emails from unknown sources, even emails that make it through spam filtering. Your employees should exercise extreme caution before clicking on links in these emails.

3.   Data Leaks

A data leak may not seem as serious as a data breach, because it may be inadvertent disclosure, rather than a malicious attempt at hacking into your company’s data. However, a data leak can cause as much harm as a deliberate breach.

In 2018, an employee discovered that Panera Bread’s website included plain text personal data from users who ordered food online. It is estimated that millions of customers’ names, addresses, credit card numbers, and birth dates were vulnerable to automated tools searching for this type of data.

Making matters worse, the leak went on at least eight months after Panera’s head of information security was made aware of the problem.

To avoid putting your company in this situation, you should continue to conduct internal audits of your company’s website and security system. You should take reports of data leaks seriously and investigate them in a timely fashion when they are brought to your attention. Most importantly, you should not let the leak continue especially if there is a quick fix to stop it.

This article does not contain legal advice, and is for informational purposes only. Our internet privacy attorneys have significant experience helping our clients stay compliant with data privacy and protection laws, and manage data breaches when they occur. To discuss your data privacy needs, contact Revision Legal’s internet attorneys with the contact form on this page, or call us at 855-473-8474.

manage data breaches

How to Manage Data Breaches Under GDPR

/0 Comments/in /by

How to Manage Data Breaches Under GDPR

In recent weeks, we have posted about the requirements of personal data protection under Europe’s General Data Protection Regulation (GDPR) that companies must now follow. Today we will look into what a company must do in the event of a data breach under this regulation.

Over the past few years, we have seen some truly impressive data leaks around the world.

Between May and July 2017, Equifax was hacked, which compromised data for 143 million people, including names, social security numbers, birthdates, and home addresses. In 2018, a number of online retailers, such as Macy’s and Adidas, suffered from data breaches. Even Facebook faced a major data breach that affected as many as 50 million people. Because data breaches are, unfortunately, a fact of life, businesses and consumers must be prepared for them.

If your internet business is subject to the GDPR, here is what you should know:

What is a Data Breach?

Article 4 of the GDPR defines a personal data breach as “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.”

Under the GDPR, you are required to “implement appropriate technical and organizational measures, such as pseudonymization, which are designed to implement data-protection principals, such as data minimization, in an effective manner and to integrate the necessary safeguards in the processing.” (Article 25)

These requirements include having appropriate levels of security, limiting access to personal data so it can only be accessed on an as-needed basis, and conducting tests on a regular basis to ensure that you catch security breaches before they occur. You must also have an appropriate backup system in the event that the data is lost.

You may also be required to have a qualified data protection officer, who will be in charge of overseeing data security. This position is especially important if you are processing a significant amount of sensitive data, such as racial or ethnic origin, political opinions, religious or philosophical beliefs, or information related to genetic or biometric data.

Government data protection authorities are available for consultation, especially when there is a high risk in processing, or there are no measures in place to mitigate potential risks.

How Your Company Should Manage Data Breaches

You are not required to disclose every data breach. However, you must make an assessment as to whether or not the breach is likely to cause a significant detrimental effect to individuals.

If the breach is likely to be significantly detrimental, you must notify your country’s data protection authority within 72 hours of becoming aware of the breach. This notification must include:

  • The nature of the breach, including what type of data was taken and how many people’s information was compromised;
  • The likely consequences of the data breach;
  • What measures you have taken, or propose to take in order to address the breach; and
  • What measures, if any, that can mitigate adverse effects of the breach.

Additionally, if the data breach is likely to involve a high risk to the rights and freedoms of individuals, you must disclose the breach to the individuals at risk without undue delay. The GDPR allows you to make this communication by issuing an effective public communication, if contacting individuals would require disproportionate effort. Companies that have implemented measures, such as encryption, that would render the data unintelligible are allowed to forgo public notification.

Manage Data Breaches: Fines for Non-Compliance

If a company fails to comply with the GDPR’s data breach rules, specifically the requirement to notify your customers within 72 hours of the breach, you can also be fined a significant amount of money.

Less severe breaches carry fines up to €10 million ($11.2 million) or 2% of a company’s annual revenue, whichever is greater. More severe breaches can carry fines up to €20 million ($22.5 million), or 4% of a company’s annual revenue, whichever is greater.

In 2016, the year before Equifax had its major data breach, it reported $3.1 billion in revenue, meaning that it could have been liable for a fine up to $124 million due to its failure to report the breach within 72 hours.

Fines are discretionary, rather than mandatory, meaning that each country’s enforcement agency will assess the situation before imposing fines.

Factors that will be considered include:

  • The nature of the infringement;
  • The number of people affected by it;
  • Whether the breach was intentional or merely negligent;
  • What steps were taken to protect the data; and
  • History of noncompliance, if any.

Additionally, you may be required to compensate individuals for any damages they suffer as a result of the breach.

If You are a Consumer Whose Data has Been Breached

As a consumer, if your data was breached, there are a number of steps you should take.

If the data breach was for non-financial data, like an email or social media account, you should change your passwords. You should also monitor for suspicious activity, such as strange messages being sent or strange posts to your feed.

If the data breach was for a financial account, such as a credit or debit card or bank account, you have a couple more steps to take after changing passwords. Depending on the severity of the breach, you should place a credit freeze or a fraud alert on your accounts at Equifax, Experian, and TransUnion. You can also check your credit report for free at annualcreditreport.com. You should also monitor your financial accounts to look for unauthorized transactions.

Finally, if the GDPR applies to your situation, you can file a lawsuit against the company that violated our data protection rights, and make a claim with your national data protection authority.

This article does not contain legal advice, and is for informational purposes only. Our internet privacy attorneys have significant experience helping our clients stay compliant with data privacy and protection laws. If you have questions regarding compliance with GDPR, contact Revision Legal’s attorneys with the contact form on this page, or call us at 855-473-8474.

 

gdpr processing personal data

When is it “Necessary” to Process Personal Data Under GDPR?

/0 Comments/in /by

Last week I wrote about the EU’s new General Data Protection Regulation (GDPR) consumer-friendly approach to personal data collection and storage.

This regulation, which went into effect earlier this year, requires that companies only collect, store, or process personal data when there is consent or when it is necessary. Companies are often surprised at the broad definition of “necessary” under the regulation. Often, they do not need an individual’s consent to collect, store or process their personal data.

The GDPR provides five lawful bases outlining when it is “necessary” to process someone’s data. If your use falls into one of these five categories, then you do not have to worry about obtaining, or losing, consent.

Article 6(1)(b): Contracts

If the processing is “necessary for the performance of a contract” to which the individual is a party, or if the individual requested the company to do something prior to entering into a contract, the processing is necessary and therefore lawful under GDPR.

Here are some transactions that would fall under this category:

  • Paul purchases a t-shirt from an online store, which creates a contract between Paul and the store. The store needs to collect data from Paul, including his shipping address and payment information, in order to complete the contract and hold up its end of the deal.
  • Karen is having brochures printed for her office, and contacts a printing company for a quote. The printing company needs to collect Karen’s email address to send her the official quote. If Karen decides to work with the printing company, the company will need additional information in order to complete the transaction.

Contractual obligation will cover many transactions. However, an important part of the GDPR is that the data is collected for a specific and limited purpose, and that collection is limited to what is necessary for the original purpose. If you want to continue to use the customer’s information for marketing purposes after the transaction has completed, you may need to find a different lawful basis.

Article 6(1)(c): Legal Obligation

If a legal obligation requires you to process an individual’s information, you must do so.

Examples of legal obligation include:

  • A court order requiring a business to turn over information on an individual
  • A financial institution noticing suspicious account activity that could be money laundering reports this activity under relevant criminal statutes
  • Businesses collecting and reporting required information about their employees to relevant government agencies.

As these examples demonstrate, a company’s legal obligations to collect, distribute, or otherwise process personal data are typically spelled out in statutes, regulations, or court orders.

Article 6(1)(d): Vital Interests

The GDPR requires disclosure of personal data in situations when it is necessary to save someone’s life. This typically refers to sharing medical records between doctors, hospitals, and emergency rooms. Sharing information about the patient is permitted, but it is also permitted to share information about parents in order to save a child’s life.

Rule 46 of the GDPR also considers “protecting an interest which is essential” to the life of individuals to fall under this category, such as if processing data is necessary for emergencies, like fighting disease outbreaks, recovering from natural or man-made disasters, or other humanitarian emergencies.

However, it is also clear from the rules that if another lawful basis is available, someone controlling personal data should operate under that basis. Operating under a vital interest basis should be used only as a last resort.

Article 6(1)(e): Public Task

You are allowed to process data if doing so is “necessary for the performance of a task carried out in the public interest or in the exercise of official authority.”

If you work for a government agency, it is often necessary to process personal data. For example, immigration officials working at airports must process data of people at border crossings. This differs from the “legal obligation” basis, in that the data processing activity does not need to be specifically listed in a statute or regulation. However, there must be a clear source of law you can point to when processing data under the public task basis.

Additionally, organizations that are not specifically government agencies but serve a public function may also operate under the public task legal basis. If a private company is charged with parking meter enforcement by a city, then that company may collect data on illegally parked vehicles. If a private company has been hired by a city to test water after a potential contamination, they are permitted to act under the public task legal basis.

Article 6(1)(f): Legitimate Interests

The GDPR also allows a company to process personal data when it is in a company’s legitimate interests to do so, as long as the interest is not outweighed by the interests or fundamental rights in an individual’s data.

This is the broadest of the categories with the most room for interpretation. Although this basis may seem flexible, it is not meant to be a free-for-all. As a company, you should ask:

  • Are you pursuing a legitimate interest?
  • Is the data processing necessary for this purpose?
  • Do the individual’s interests override the legitimate interest?

Legitimate interests include using employee and client data for, marketing, IT security, or fraud prevention. For example, a credit card company might monitor its customers data to prevent identity theft. An email server may analyze incoming mail to weed out spam or potential viruses. Companies can also use information within the realm of “legitimate interests,” meaning that sending mail or emails out to former and current customers can be lawful.

Even though it might be easy to say that every data processing activity falls under the “legitimate interest” lawful basis, your company should not rely on this category as a catch-all. Instead, carefully review your data processing activities to ensure you are operating under the necessary basis that best matches your intentions.

This article does not contain legal advice, and is for informational purposes only. Our internet privacy attorneys have significant experience helping our clients stay compliant with data privacy and protection laws. If you have questions regarding compliance with GDPR, contact Revision Legal’s attorneys with the contact form on this page, or call us at 855-473-8474.

 

 

personal data processing

Personal Data Processing Under the GDPR

/0 Comments/in /by

In May 2018, the European Union’s General Data Protection Regulation (GDPR) went into effect. To read the regulation in its entirety, visit click here. The GDPR standardized personal data protection requirements across the 28 EU countries. Although the regulation is broad, advocates for GDPR applaud its consumer-friendly approach to personal data collection and storage.

What are the Governing Principles of GDPR?

GDPR provides a number of general principles relating to processing personal data, namely that it should be:

  • Collected and processed lawfully, fairly, and in a transparent manner;
  • Collected for a specific and legitimate purpose, as well as limited to what is necessary for the collection purpose
  • Kept only as long as necessary for the initial purpose;
  • Processed securely and protected against unlawful processing.

What are Personal Data and Personal Data Processing?

Article 4 of GDPR defines personal data as any information relating to an identified or identifiable natural person, who can be identified by reference to identifiers such as a name, ID number, location data, an online ID, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

Examples of personal data include:

  • Real names and online usernames;
  • Mailing, work, email, and IP addresses;
  • Photographs; and
  • Genetic and biometric data, including DNA

Article 9 prohibits the processing of data regarding racial or ethnic origin, political opinions, religious beliefs, or trade union membership except in certain specific situations and provides further limitations related to the use of genetic, biometric, and general health data.

Personal data processing refers to personal data that is collected, recorded, organized, structured, stored, adapted or altered, retrieved, consulted, used, disclosed by transmission, disseminated or otherwise made available, aligned or combined, restricted, or erased or destroyed. GDPR applies to processing of personal data through automated, partially automated, as well as non-automated means if it is part of a structured filing system.

Examples of personal data processing include:

  • Staff management and payroll administration;
  • Sending promotional emails to an email listserv;
  • Shredding documents containing medical records or bank records; and
  • Posting a picture of someone online.

The business or person who determines the means and purposes of personal data processing is known as the controller of the data. The controller is responsible for adhering to the GDPR and can be penalized for failing to meet the regulation’s requirements.

What are GDPR’s Requirements for Personal Data Processing?

The GDPR permits processing personal data when a user consents to the processing, or when it is necessary to process data.

Consent to Process Personal Data

In order for an individual to consent to a controller processing personal data, the controller must fully inform them about what they are consenting to. Best practices to obtain consent include making the request prominent and separate from terms and conditions of a site.

Consent must also be positively given – users must have an opportunity to affirmatively agree that the controller may process their data. Users must be able to revoke consent in the future, and consent should not be a precondition of the controller providing a service to the user.

People who are 16 years old or older are capable of consenting on their own. Children under 16 must have a parent or guardian consent on their behalf.

Necessary Personal Data Processing

GDPR also list five times when it is necessary for controllers to process data without explicit consent:

  • Contracts: If a controller has a contractual obligation to the data subject, and data processing is necessary to complete contractual obligations, the controller may process the data. Additionally, the controller may process data if doing so is a necessary prerequisite for entering into a contract.
  • Controller’s legal obligation: If the controller has an obligation to report data to a regulatory body, or is under a court order to provide information, they are under a legal obligation to provide it, regardless of consent.
  • Vital interests: If personal data disclosure is required to save someone’s life, the controller is obligated to do so. This situation will almost always involve health data.
  • Public task: This category of necessary processing relates to tasks carried out by an official government agency, on behalf of an official agency, or a task that is carried out in the public interest. This will often relate to government agencies, but government contractors or private water companies may also operate under this umbrella.
  • Legitimate interests pursued by the controller: This category is very broad. It requires the controller to pursue a legitimate interest, that the processing be necessary for the purpose, and that the controller’s legitimate interest does not outweigh the individual’s fundamental rights or freedoms.

Praise and Criticism for GDPR’s Data Processing Requirements

GDPR has drawn praise from tech leaders, including Apple CEO Tim Cook, who recently expressed support for a similar regulation in the US. Cook listed four areas of the GDPR he believed should be legislated in America:

  • The right to have personal data collection be minimized (Article 5(1)(c));
  • The right for users to know what data is collected on them (Article 15);
  • The right to access that data (Article 13); and
  • The right for data to be kept securely (Article 5(1)(f).

Critics of the regulation believe that it can be too burdensome for businesses to comply with or that limitations will stymie growth of artificial intelligence systems, which rely on individuals’ personal data to grow. Others argue that large companies like Facebook and Google who currently offer free services in exchange for the ability to collect and utilize user data may limit free options due to new limitations on data processing.

What are the Penalties for Failure to Comply With GDPR?

Failure to comply with GDPR’s data processing requirements can lead to a number of different penalties, including warnings, bans on data processing, audits, orders to restrict or delete data, and monetary fines up to €20 million or 4% of a company’s worldwide net sales. You should take compliance with GDPR very seriously.

Our internet privacy attorneys have significant experience helping our clients stay compliant with data privacy and protection laws. If you have questions regarding compliance with GDPR, contact Revision Legal’s internet lawyers with the contact form on this page, or call us at 855-473-8474.

 

intellectual property in china

Find Out How to Protect Your Intellectual Property from Your Chinese Manufacturer

/0 Comments/in /by

Any business with one eye fixed on the future knows that they can’t afford to stay out of China, one of the four largest emerging markets in the world.

Unfortunately, businesses also know that they can’t afford to stay in China either, as China accounts for at least half of all intellectual property theft from United States companies.

How do you beat the catch-22?

By learning how to play smarter than China.

That’s why we’re explaining everything you need to know about protecting your intellectual property in China, from the problems you’ll face to steps you can take.

What is Intellectual Property?

But first, we should address the basic question at the heart of this: what is intellectual property?

After all, if you’re not clear on what intellectual property actually is, you won’t have a clue about how to keep it safe.

In the simplest terms, intellectual property is any product of the human intellect that is legally protected from unauthorized use. It generally falls into four categories:

  1. Copyright
  2. Patent
  3. Trademark
  4. Trade secrets

The basic goal is to protect your property and business from infringement, particularly from the unauthorized use and misuse of your creation.

The most basic example of intellectual property theft? An employee walking out the front door with your designs to work for another company, which will market your trademarked product, design, or production process as their own.

Why You Need to Protect Your Intellectual Property

With that in mind, let’s talk about why you need to protect your intellectual property.

Intellectual property isn’t a physical asset–it’s an idea. That means that unlike a painting or a car or some other concrete object, you can’t lock it in a vault.

Yet safeguarding it is crucial.

One of the biggest reasons for this is maintaining a competitive advantage. Let’s say your company created a new drug, the only drug of its kind to do what it does or successfully treat a particular illness. That drug would make you pioneers in the field, and since you’re the only one who knows how to make it, you have a monopoly on the market.

Now let’s say someone else starts making that same drug and selling it. Suddenly, it doesn’t matter that you got there first–what matters is whether consumers happen to see your brand or your competitor’s brand first.

Another important element is brand recognition. When your company creates goodwill with customers, they’ll learn to identify your brand with that goodwill and use the brand as a shorthand identifier for quality.

And when you’ve worked so hard to create that positive association, you don’t want another company to profit on your work.

Problems with Intellectual Property in China

Since your intellectual property is so important to your business, you’d obviously want to protect it.

Here’s the problem: intellectual property protections are largely reliant on the laws of the place in question. Unfortunately for you, intellectual property laws in the United States are wildly different from intellectual property laws in China.

Worse, Chinese companies are encouraged under official Chinese government policy to poach intellectual property from American companies–often with the active participation of Chinese government personnel.

Your best option? Don’t wait for someone to infringe on your trademark. Instead, prevent the problem from happening.

Protecting Your Intellectual Property in China

So, with all of that in mind, how do you go about protecting your intellectual property on the Chinese market?

Nothing can replace an experienced intellectual property attorney, who can help you take a look at the rules, regulations, and common practices in the areas you want to do business and help you come up with a comprehensive plan to keep your property secure.

There are, however, a few things you can do to make your life (and your attorney’s life) a little simpler.

Know the Law

It starts with knowing the law.

And yes, we did just tell you that the government frequently encourages intellectual property pillaging. However, if you want a legal basis to address the issue (and protect your property from the rest of the world, as well) you’ll have to know your way around some of the most commonly used manufacturing agreements and IP registrations in China.

Again, your lawyer can help you explore your options in greater detail, but we’ve provided a few starting points here.

Manufacturing Agreements and IP Registrations

The first thing you should know about is NNN agreements, which are basic agreements protecting the confidentiality of your products while preventing your Chinese manufacturer from competing with you or circumventing you by going directly to your clients.

Many Western businesses make the mistake of believing their nondisclosure agreements are sufficient protection in China (for the record: no, they’re not.) Nondisclosure agreements work in countries like the US or Canada where judges have ample power to issue and enforce injunctions. That’s not the case in China.

You’ll also need a mold/tooling protection agreement, which makes it clear to all involved parties that the molds and tools you are having manufactured belong to you and cannot be used to manufacture products for anyone else. It seems basic, but it’s how you prevent your manufacturer from using your tools to compete with you.

In addition, you should get product ownership and product development agreements.

A product ownership agreement makes it clear that the product you co-develop with your Chinese manufacturer is solely your property.

A product development agreement is a little more complicated, but it’s designed to iron out the exact details of your product development relationship. Good agreements will make it clear who owns what components of the finished product and the precise milestones the manufacturer must meet along the way in order to receive payment.

Register Intellectual Property in China

The next thing you can do to help protect your intellectual property is to register your intellectual property in China if you have any intention of using it there.

Yes, even if you’ve already patented it elsewhere.

If you’ve been paying attention, you’ve probably noticed a trend by now: protection to the level of redundancy is a good thing where China intersects with your property. You want any dealings with your manufacturer to be ironclad and airtight.

Remember, patents are national rights. If your product is already legally protected in the local environment, it’s one less loophole a competitor (or your manufacturer) can exploit to edge you out of your own market.

Used Establish IP Protection Practices

In the process of patenting your product in China and ironing out details with your Chinese manufacturer, you should make sure you do one thing consistently throughout: abide by well-established local practices of IP protection.

Specifically, you should comb through Chinese laws on IP protection and make sure you’re abiding by it to the letter.

For example, this could include standard practices on how to handle inflow and outflow of sensitive material, restricted rights access to internal databases, and other practices.

Think of it this way – you don’t want to set up an invisible wall between Chinese coworkers and the rest of the company. That said, it’s much more socially acceptable to monitor workers in China than the West, and that’s something you should take advantage of.

If anything, most Chinese companies go well beyond what most Western companies would consider acceptable. Mobile phones, for example, might not be allowed in company buildings at all, in or out, and USB ports are blocked.

Whatever you may feel about surveillance, the fact remains that in China, it’s a competitive advantage. If you’re not using it, your Chinese competitor certainly is.

Establish Chinese R&D

Some companies have tried taking it a step further, to ensure that their Chinese manufacturer is just as invested in their success as the rest of the company.

One way that companies have done this is to establish Chinese-based research and development centers, particularly focused in areas where the company does not currently hold a large body of intellectual property.

The idea is that, through close collaboration, both sides have just as much to lose if something is leaked to a competitor, which will disincentivize your manufacturer from selling you out.

Plus, if the field is new for the company, you won’t need to transfer much (if any) core intellectual property technologies over to China. This means that you’re actively encouraging your Chinese manufacturer and Chinese staff to innovate on your behalf without having to worry about compromising your core technology.

There are downsides, of course, especially if you want to foster collaboration (which you should). Inevitably, there will have to be some sharing of core technology, or there’s no longer any incentive to stay loyal to you.

When all else fails, think of it this way: decide what you do not want to be shared with your Chinese colleagues. Anything not on that list can be shared freely.

The Attorney You Need to Protect Your Ideas

Regardless of the specific methods you use to protect your intellectual property in China, one of the best tools you can have in your arsenal is a talented intellectual property lawyer.

That’s where we come in.

We litigate to help you understand the complexities of intellectual property, business, and technology, and we believe in giving our clients plain language and respect.

If you need an intellectual property lawyer, don’t hesitate. Get in touch today to see what our firm can do to help your business thrive.

online defamation

Online Defamation: Your Response Guide for Slander and Libel

/0 Comments/in /by

Slander and libel can come from unexpected places. With the invention of the internet, online defamation has arisen. Learn how to respond if you’re targeted.

Imagine waking up to the sound of your phone uncontrollably buzzing, only to learn that you have several new emails, posts on your Facebook page, and comments on your website.

Your worst nightmare has come true–a malicious user has posted a false review of your company that tarnishes your reputation.

Online defamation has been rearing its ugly head more often with the rise of social media. But what exactly is online defamation, and how can companies combat untruthful and damaging statements posted online?

Online Defamation

Defamation is legally defined as a false statement that serves to damage the reputation of a business or individual. Slander and libel are under the umbrella of defamation.

In order to have a case for defamation, you have to prove that the statement is not true and that it specifically concerns yourself or your business. It also has to be published by a third party–like a website or blog.

You’ll have to show evidence that your company experienced significant damage because of the statement. This is one of the hardest things to prove in court.

Unfortunately, you can’t take legal action against someone who is actually telling the truth. If someone digs up your dark past and posts it online, you can’t sue them. The truth hurts.

Slander vs. Libel

Slander and libel are subcategories of defamation. They both concern statements that harm you or your business’ reputation.

Slander

Slander is the act of verbally speaking an untrue statement to another party. It must tarnish another person’s reputation. Online slander can usually be found in a video, audio file, or podcast.

Libel

On the other hand, libel is the act of writing a damaging and untrue statement to another party. Websites, blogs, comment sections, forums, and review sections are all places where libel can occur online.

Take Action Against Online Defamation

You’re able to file a lawsuit for defamation of character, but your success in trial depends on how much havoc the false statement has wreaked.

The First Amendment of the Constitution states that Congress is not allowed to make a law “abridging the freedom of speech, or of the press.” This makes it more difficult to make a case for defamation.

The Communications Decency Act is another barrier that could bar you from winning a defamation case. This act prohibits you from suing an internet service provider (ISP) for defamation. ISPs are meant to act like distributors, not perpetrators.

That being said, a lawsuit is not the only solution to defamation. There are other methods to alleviate the damage to your company’s reputation:

Just Ignore It

Maybe someone left your company a defaming remark in a review. In this case, you might be able to simply ignore it.

Readers are smart enough to weigh the good against the bad. They will usually just shrug off a blatantly exaggerated statement. The bottom line is that if there are numerous positive reviews, then these will outweigh the negative review.

However, ignoring this type of statement is not always the best choice. Some false statements might put your company’s integrity at risk. When someone publicly accuses your company of a crime, then you’ll need to do more than just ignore the comment.

Get Rid of It

There are numerous places where you can report the person’s false statement and potentially have it removed.

First, try reporting them to their registrar. Certain domain name registries have rules that prohibit websites from making a profit by posting defaming remarks.

You can also try to report them to their hosting company. You might be in luck if their website doesn’t comply with the host provider’s terms and conditions.

If the comment was posted on social media websites like Facebook, Twitter, or Instagram, you can report the user. However, social media websites don’t really care about defamation–they care about trademark use. The user making negative comments might be using your trademarked name as the name of their profile, which means that you might be able to take control of their account.

Reporting the user to Google is another option if they are violating Google’s SEO rules. Websites that misuse Google’s Adsense ads, or use “black hat” SEO methods can get banned and have their ad profit taken away.

You can go straight to your service provider as well. If the defaming statement defies any copyright or trademark laws, then you’ll have a better chance of getting the statement removed. Because of the Communication Decency Act discussed earlier, it’s not guaranteed that the statement will be deleted.

The only downside to removing the statement is that the user may decide to repost the same statement on a different website.

Fight Back

If you can’t remove an incriminating statement, then you’ll have to resort to making a rebuttal. Your rebuttal should be brief and concise. Avoid bickering with other users, as this will tarnish your reputation even more.

Sometimes, rebuttals can actually make the situation worse. It can make it seem like there is some credibility to the statement, which can trigger more criticism and attention directed towards your company. You have to weigh the pros on cons between risks that are associated with rebutting, compared with doing nothing at all.

Take Legal Action

Lawyers that specialize in defamation will be able to determine your next move. If the user’s statement is false and there’s clear evidence of damage done to your reputation, you’ll have a better chance of making a case.

Make sure to keep records of all the defaming statements made towards your business. Take screenshots of the posts, comments, search engine results, or other incriminating pages and print them out. You should also hold onto any evidence that indicates the user’s identity.

Lawyer Up

Experiencing online defamation can be frustrating–complex laws and policies make things confusing for busy companies.

Our lawyers at Revision Legal specialize in representing tech companies. We can assist your business as it goes through the process of combating defamation. Contact us to see how we can help.

infringing upon a trademark

What You Should Do if Someone is Infringing Upon Your Trademark

/0 Comments/in /by

Do you have a registered trademark that is being infringed upon? Check out this helpful guide to put a stop to it immediately.

The U.S. Patent and Trademark Office receives half a million applications every year. About three-quarters of them get registered. That leaves a lot of people and companies without trademark protection.

It also leaves a lot of people and companies open to trademark infringement. Of course, not all cases have the intention of causing harm and are accidental. Others do have malicious intent.

In all cases, they’re infringing upon your rights as the trademark holder. Trademark infringement is a complicated situation that requires legal expertise. In this article, we explain the steps you should take if you feel your registered trademark is being infringed upon.

What is Trademark Infringement?

When you start your business, you protect yourself from fraud. You make sure your computers have anti-virus and anti-malware installed to keep from getting hacked.

You spend hours making sure your site is working and your ordering process is flawless. You brainstorm with partners and peers on ways to market your brand.

You design logo after logo until you come up with the perfect one. You go through the trademark process with the U.S. Trademark and Patent Office. Before you know it, your name and logo are all yours!

That means, that only you can use your business name and logo. There are some confusing exceptions. For instance, Delta Airlines and Delta Faucet Company share the same name but have nothing to do with each other.

Trademark infringement happens when there is confusion between the use of two logos and whether it’s getting used on competing goods and services.

There’s 100% chance you’ve never tried to buy a plane ticket and ended up with a new faucet instead. There’s no confusion between the two Deltas, so there can be both an airline and faucet manufacturer with the same name.

Now, you trademarks do get infringed upon all the time. If you’ve ever called all tissue “Kleenex,” all lip balm “Chapstick,” or all headache medicine “Asprin,” you’ve technically infringed upon a trademark.

Don’t worry, these specific cases (and Thermos, Band-Aid, Velcro, etc.) get categorized as generic trademarks. This happens when a product is so significant or popular that it becomes synonymous with an entire class of products.

In other words, if you ask a maintenance worker where the building’s Dumpster is, you won’t get sued.

How You Know Someone is Infringing Upon Your Trademark

If you suspect someone is using your company name or company logo without permission, you have to prove it. A court of law takes many things into consideration when hearing a trademark infringement case.

The first thing they’ll do is apply the “likelihood of confusion” test. It’s actually an umbrella term used by various federal courts. Most courts use the same factors to figure out if a logo use causes confusion.

Their goal is to determine if a consumer will get confused by the products which can damage your business. The 6th Circuit Court uses an “8-Factor Trademark Infringement Test.”

What You Should Do If Your Trademark Gets Infringed Upon

If you pass the test and can prove confusion, your next step should be contacting a trademark infringement attorney. They specialize in handling cases like yours and will guide you through the legal process.

Send a Cease-and-Desist Letter

The first step that’s most common in a trademark infringement case is sending a cease-and-desist letter. You can do this on your own, but you should get legal advice to ensure you’re using proper terminology and covering all your bases.

The letter demands that another entity stops using your trademarked name or logo at once. It’s possible they didn’t realize they were using a registered trademark and stop using it.

If their intentions were a little more nefarious, they could ignore your letter and continue using your trademark. In this instance, you want to speak to a lawyer about filing a lawsuit.

File a Lawsuit

If the person or entity receives your letter and continues to use your trademark, it’s time to file a lawsuit. The suit will get filed in federal court if it spans more than one state. If the infringement is local, it may get filed in a state court.

The purpose of your suit is to stop your trademark from getting infringed upon. But you may be able to collect damages if:

  • You can prove your business got hurt financially as a result of the trademark infringement.
  • You can prove the alleged infringer made money from using your trademark.

There a few things to remember if you file a lawsuit. The first is that you must file for a trademark in the first place!

In court, you can argue on “common law” rights to a name. But, your chances for winning your case are greater if you filed for federal trademark protection with the USPTO.

As an entrepreneur or small business owner, you have a lot on your plate when you’re getting started. Filing for a trademark may be the last thing on your mind. But if you don’t and you find someone is using your name or logo after you’re operating and established, the fight becomes who used it first.

The other note of importance is that you must actively use your trademark. You can’t stop other businesses from using a name or logo unless you’re using it in the marketplace to identify your goods or service.

A court will give you minimal protection if you’ve held a trademark for years but haven’t used it.

How You Can Prevent Trademark Infringement

When it comes to prevention, you can ensure no one is infringing upon your trademark by monitoring it. Like not actively using your trademark, you can lose some of the federal protections by not monitoring it.

Specialized software is available that monitors trademark infringement. Reputable trademark infringement attorneys also have this software and can monitor for you. This is a proactive step in protecting your company name and logo that puts a stop to unauthorized uses.

A New Kind of Law Firm for a Data-Driven World

Your business and its trademark are unique. Don’t let anyone get away with infringing upon your livelihood. If you suspect someone is, you may need help proving it.

You need a lawyer that knows the effect of having your trademark infringed upon has on your business. That’s where Revision Legal comes in.

We’re a law firm that understands the connections between law, technology, and business. We’re experienced litigators who fight to protect online businesses.

If you feel your rights are being infringed upon, we can help. Contact us today and let us know how we can give you back your peace of mind.

how to trademark a product

How to Trademark a Product: The Ultimate Guide

/0 Comments/in /by

Do you need to know how to trademark a product? Check out our ultimate guide to get started and protect your work today.

A trademark legal battle has waged over the word “Apple” for three decades. You see, the Beatles named their music company Apple Corps.

Eight years later Steve Jobs came along with Apple Inc. After decades of fighting, Apple Inc has paid almost $100 million to Apple Corp. They worked it out for now, but it is a lesson for all of us.

Knowing how to trademark a product can help you avoid situations like this. Avoiding a generic name and doing a thorough search would have helped prevent this from happening.

Keep reading our guide to find out the basics of trademark registration.

What Can Be Trademarked

You can trademark a word, symbol, device, or color. You can trademark anything that identifies your company and goods in the marketplace.

You can only trademark commercial marks. There are three types of trademarks you can get.

Trademarks and service marks are phrases, words, or symbols. A Trademark indicates a good while a service mark indicates a service.

Collective marks work like a trademark but signify a group. This lets the different members of the group benefit from the trademark.

Certification marks are for the characteristics of your product. For example, if your product has “100% silk”.

How to Trademark a Product

Once you have a chosen mark that you want to register, you have 5 steps to take. The first step in the process is to check that you have a unique mark.

Step 1: Search for Similar trademarks

Search the USPTO database for similar marks. Do not focus on looking for exact matches.

Anything that looks or sounds similar can trigger a rejection. Take your time with this search, if your application gets rejected your fee.

It is smart to hire a trademark attorney before you begin this step. They will understand the database and the best way to find any potentially confusing marks.

Step 2: Prepare and File your Application with USPTO

You’ve done your search and there are no marks like yours. Now you’ll want to prepare your application for submission.

Gather proof of how you are currently using the mark. This proof is called your specimen.

Step 3: Review Your Application

About three months after you submit your application, the USPTO will assign you an attorney. This attorney reviews your application and does one of two things.

He may respond to your application with a request for calcification. If he’s happy with your application he will approve it for the next step.

Sep 4: Review of Trademark by the Public

The USPTO attorney will give your mark a publication date. On this day your trademark gets published in the Official Gazette.

There is a 30-day window after publication for someone to object to your trademark. They would need to make this objection on the basis that your mark will impact their trademark.

Step 5: Use your Registered Trademark

If no one objects during step four then you get your trademark. About three months after step four is complete you will receive a trademark certificate in the mail.

Once your registration is complete you can start using the trademark symbol after your mark. This is the “R” in a circle.

How To Speed up the Process

You will start to hear from the USPTO about your application within 3 months of filing. The whole process will take at least 6 months though.

Often the process can take a year or longer. There are a few steps you can take to speed up the process though.

Read our post about trademark registration process here.

Choose a Strong Mark

Not all names and symbols get approved. The stronger and more unique your mark, the more likely it will get approved.

Make up a word, or choose a word that is not associated with the industry. You can also pick a name suggesting the character of service without naming it.

Don’t Choose a Confusing Mark

What is the likelihood of confusion of your mark?

The purpose of registering a trademark is to protect your image in the market. By choosing an easily confused name you are likely to have it rejected.

Choose a mark too close to a competitor and you are likely to have it opposed. A search for similar marks should help you avoid this before you submit your application.

Begin Using Your Mark ASAP

If you are already using your mark you can select “use in commerce” on your application. This gives you one less step to do during the application process.

Make Sure Your Application is Correct

Making mistakes in your application will cause a delay in the process. These mistakes are easy to fix, but they take time.

Respond to the USPTO Promptly

If you receive correspondence from the USPTO you need to respond for your application to keep moving forward. The deadline to respond is 6 months, but you shouldn’t wait until the deadline to reply.

How Long Are Trademarks Good For

Once approved, you have trademark protection for ten years. This means that every ten years you will need to renew your registration.

Get Help to File For Your Trademark

The first step in getting a trademark registration is to come up with a unique mark. This can be a word, symbol or device.

Make sure that you choose a strong and unique mark. Then begin using it right away.

Do a search for similar trademarks that are currently registered. Make sure that yours is not similar or easily confused with any of them.

Once you are confident you have a unique mark, create an application. Review it for any errors and then submit it to the USPTO.

Once your application is submitted, follow the lead of the USPTO. Respond to any communications they send so your application will continue to process.

These steps are detailed and can take months to complete. If you are unsure of how to trademark a product the best option is to get help for a trademark attorney.

Get help today with registering your mark for trademark protection.

meme stealing

Meme Stealing and More: 7 Times Someone Sued Over a Meme

/0 Comments/in /by

 

Meme stealing may sound like harmless behavior, but recently cases have been filed. Check out these 7 and learn the laws behind creating memes here.

Memes are nothing new. In his 1976 book The Selfish Gene, Richard Dawkins noted the primitive nature of the rapid spread of ideas, or memes, in a people group.

Primitive is the perfect word to describe memes.

While they’re mostly meant in good fun, memes play loose with intellectual property. There’s a fine line before laughter becomes litigious, and meme-based lawsuits are on the rise.

Catch up on the ins and outs of meme stealing.

1. Grumpy Cat

Tardar Sauce is a grumpy faced internet sensation. Better known as Grumpy Cat, she’s the veritable online offspring of Oscar the Grouch. She struggles with mornings, hunger, and her disdain for affection.

Grumpy Cat’s fame has gotten her public appearances, complete with a rider for bottles of water and a comfy seat. It’s also earned her a lawsuit.

Grumpy Cat Limited received $710,001 in damages after filing suit against a beverage company called Grenade, which used Grumpy Cat’s image to sell unlicensed merchandise. While Grenade did have the rights to produce a line of “Grumpy Cat Grumppuccino” iced coffees, they also made her the mascot of a roasted coffee line and sold t-shirts.

When presented with the argument, the jury found in favor of the meme.

2. Pepe the Frog

Pepe the Frog is a somewhat lascivious looking anthropomorphic frog who spends a lot of time lamenting “that moment when…” People tend to dress him up and photoshop hats on him in the course of their meme making. Why not?

It’s all in good fun until it turns political.

The alt-right designated the frog as their internet figurehead, using him to promote the Trump campaign and dressing him in Klan robes and military helmets. A painter in Missouri began selling paintings depicting Pepe holding a rifle in front of the White House.

InfoWars, a radio show turned robust internet juggernaut, used Pepe the Frog on a MAGA poster available for sale on their website. The poster finds Pepe in company with Roger Stone, Kellyanne Conway, and, of course, Donald Trump.

This has all led to a plea to #SavePepe and several lawsuits. Matt Furie, the frog’s creator, after issuing a takedown notice, has sued the painter and InfoWars. He’d like to see Pepe return to his amicable roots and enjoy his golden years in peace like his cousins Senor Frog and Michigan J.

3. Ziggi’s Mullet

Ali Ziggi Mosslmani was just a kid having fun at a party until the internet started doing math equations on his half shaved head. The rest of his head featured a bold cascade of shaggy locks, a mullet.

The Internet loves a mullet. It loves to make fun of a mullet at least.

Ziggi’s mullet has been used to work out the Pythagorean theorem, it has been photoshopped as a skunk, and it has been turned into a Pin the Tail on the Donkey game. Even the Daily Mail Australia and KIIS radio got in on the teasing.

Mosslmani has sued them for defamation.

4. Attractive Convict

Mugshots aren’t renowned for their flattery of the subject, but Meagan Simmons managed to take a good one. Her steady gaze and telltale orange jumpsuit took the Internet by storm. It got people asking for her cell number and wondering if looks could kill.

Though no one wants to be reminded of the night they got a DUI, there’s not much Simmons could do until the website InstantCheckmate.com used her mugshot in an ad promotion, thus monetizing the meme. She filed suit against them for exploitation.

5. Adam Holland

Because nothing seems off limits when you’re online, memes can quickly become cruel. Such is the case with Adam Holland.

Adam has Down syndrome. A picture of him at 17 proudly holding up a drawing went viral. Meme creators replaced his artwork with drawings and phrases of their own, some of them derogatory and libelous.

Tampa’s WHPT-FM, the Bone, used the picture for the header of their dumb news section. They changed his drawing to read “Retarded News.”

Holland’s parents sued the radio station and the website signgenerator.org, which devised a “Retarded Handicap Generator” using the image. They reached a settlement for $150,000.

6. Ludacris

Defamation suits are not the only legal action inspired by memes. Copyright infringement is also having its day in court. Rapper and actor Ludacris was sued when he posted a meme belonging to LittleThings, Inc.

The image in question is an illustration of a busty woman applying what appears to be antiperspirant under her breasts. The depiction of the full-figured woman’s plight in hot weather, sweat beneath her bosoms, is a playful nod to summer.

LittleThings was less amused by Ludacris’ “ill-gotten gains,” profiting off of their intellectual content.

7. Self-Proclaimed “Meme Master” Sued for Meme Stealing

Elliot Tebele is the man behind the social media presence known as “F–k Jerry.” He’s got an all-caps quip for any of life’s situations.

He’s speared salads and luggage restrictions. His best work is topical everyday observations: sleeping in when your partner gets ready, trolling your husband’s ex-girlfriends, even people speeding past you and getting stuck at the next light.

But is his best work his own?

Tebele is being sued by the father of a 16-year old who claims the “F–k Jerry” curator stole his son’s Instagram account. After a promotion with the account ended, Tebele is being accused of taking over the meme-centric profile, which now has over 3 million followers.

Honorable Mention: No Copyright Infringement Intended

Taylor Swift has a history of taking legal action against perceived threats to her bottom line. She shut down Etsy shops selling merchandise made by her own fans. And she tends to trademark lyrics from her songs that are otherwise common phrases.

She can’t seem to shake it off.

Noting her tendency to litigate, people have taken to posting lengthy disclaimers after mentioning the singer or her lyrics on social media. Covering your bases never goes out of style.

Has Someone Been Meme to You?

Bad puns may not be illegal, but the jury’s still out on meme stealing. If you’ve found yourself in the middle of a fair use text war or if someone stole your meme, let us help you.

We specialize in Internet law, and we know how to provide the protection you need.