FOSTA-SESTA for Internet Service Providers

FOSTA-SESTA for Internet Service Providers

The Allow States and Victims to Fight Online Sex Trafficking Act (FOSTA) and the Stop Enabling Sex Traffickers Act of 2017 (SESTA) are two bills that were passed by the House and Senate. The combination of the bills, referred to as FOSTA-SETSA was signed into law in April 2018. This law represents an important change to the way internet content will be policed moving forward.

Previous Requirements Under the Community Decency Act

Before the enactment of FOSTA-SESTA, Section 230 of the Community Decency Act (CDA) stated:

“No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.”

In other words, websites like Craigslist or Reddit, which encourage anonymous users to engage in discussion, debate, and commerce, would not be liable for the content on these sites, even if they edited or moderated the content, so long as the meaning did not change. This law, which was described as “the law that gave us the internet,” was capable of shielding Google and Facebook from liability for defamation lawsuits, or even criminal investigations.

For a long time, this law was also used to protect, which a Senate Subcommittee Report discovered was involved in 73% of all child trafficking reports. The owners of the site argued that Section 230 of the CDA shielded them from liability. However, the Senate discovered that Backpage was actively facilitating child sex trafficking by editing ads so they would pass community standards and teaching its users on how to post “clean” ads for illegal transactions.

This level of editing went beyond the safety net of Section 230, and in April 2018, the Department of Justice issued a 93-count indictment against seven people involved with The FBI seized the website.

What FOSTA-SESTA Changes

Under FOSTA-SESTA, websites can be civilly liable and prosecuted in criminal court for any sex trafficking discussions that are viewable on their platform.

Specifically, someone who “owns, manages, or operates an interactive computer service (or attempts or conspires to do so) to promote or facilitate the prostitution of another person” can face up to 10 years in prison and hefty fines.

This law removes the Section 230 shields for web hosts, internet service providers (ISPs), and social media sites specifically when it comes to sex trafficking. The shields on liability will remain in place for other matters, such as defamation lawsuits.

However, FOSTA-SETSA does represent a major change to the duties and responsibilities with regard to monitoring and enforcing their content. After the law passed, many sites took steps to remove material for which they could be found liable. Craigslist, for example, took down its entire personals section, while Redditt removed several popular subreddits.

ISP Compliance Under the New Laws

If your company provides any online services, there are a number of steps you can take to ensure you are in compliance with FOSTA-SETSA.

First, you should take a look at services your organization currently provides. If you have classified ads, dating apps or services, social media forums, or accept third-party ads on your site, you should update your terms of service to specifically reflect what you will, and will not allow to be posted.

Second, you will need to double down on efforts to moderate these third-party messages. You should understand the language used in sex trafficking in order to do this properly. If you need to, hire and train additional moderators to do this job correctly. You should also update your parameters periodically in order to catch new language and phrases used in these communications.

Finally, decide what level of risk your company wants to take. While some companies may decide to challenge the law if pursued, many are taking a conservative approach. For example, Craigslist made the decision to completely remove its Personals section to avoid liability under the law. Recent news of Tumblr’s decision to remove adult content from its site has also been linked to this new legislation.

Remember, your company may or may not actually be subject to FOSTA-SETSA. For example, ProtonMail, a Switzerland-based email service, issued a statement explaining how it is not governed by US laws. Because activities such as gambling and sex work are not illegal in Switzerland, a Swiss court would be unlikely to acquiesce to a government request for data related to these activities.

Praise and Criticism for FOSTA-SESTA

FOSTA-SESTA received praise from a number of sectors. Many industry leaders who are members of the Internet Association, including Amazon, Microsoft, Uber, and Netflix, supported the new legislation, stating that it is “committed to combating sexual exploitation and sex trafficking online.” Another proponent of the new law argued that this change is needed to “deal with a 21st century problem.”

The Department of Justice (DOJ) also largely supported the change in legislation, as it gives additional tools to fight trafficking. However, the DOJ asked that language be amended to focus on trafficking, rather than consenting adults. It also raised a constitutional concern, in that FOSTA-SESTA allowed for criminal punishments on behavior that occurred before the law passed. This sort of ex post facto law is unconstitutional, and is a highly criticized element of the law.

Advocates for sex worker safety believe that this law does more harm than good. The law will prevent people from using sites like Craigslist to advertise their services, which is a safer alternative than being on the street. Instead, because of this law, women and men may need to put themselves back in dangerous situations to make their livings.

Freedom Network USA, which provides services to trafficking victims – the group the law is designed to help – also argues that this law will drive the sex trade further underground.

Removing references to sex trafficking and prostitution will not make their victims or participants disappear. Under current enforcement models, investigatory agencies are able to track victims online through IP address and photographs. If these sites are shut down, victims will be less likely to be identified and face more threats of violence.

Free speech advocates, including the ACLU, also argue that FOSTA-SESTA requires online platforms to spend more energy on policing content, which can have a chilling effect on free expression online. Perhaps the most vocal opponent to the new law is the Electronic Frontier Foundation (EFF), which believes that Congress is now censoring the internet and preventing the development of new technologies.

For more information on ISP disclosures or compliance requirements with federal and state laws, contact Revision Legal’s team of experienced internet attorneys through the form on this page or call 855-473-8474.

report child pornography

Internet Server Provider Requirements to Report Child Pornography

Internet Server Provider Requirements to Report Child Pornography

Internet service providers (ISPs) occupy a unique place in modern society. They provide internet access to millions of people across the United States, which allows instantaneous communication, exchange of ideas, and, unfortunately, a new haven for criminal activity.

Because of their unique role in facilitating online communication and commerce, ISPs are subject to certain federal laws regarding child pornography and child sex trafficking.

Revision Legal’s internet and privacy attorneys have experience drafting website and software privacy policies, advising on privacy law compliance, and enforcing state law privacy torts. Our privacy law attorneys can advise you or your business on compliance with:

  • State privacy law
  • The Children’s Online Privacy Protection Act
  • California’s Shine the Light law
  • The European Union’s Data Protection Directive

Child Pornography

Under Federal law, it is illegal to produce, distribute, import, receive, or possess any image of child pornography. Images do not need to depict sexual activity. Instead, a picture of a naked child can be considered child pornography if it is sexually explicit. Minors under the age of 18 can not consent to be in these images.

While adult pornography that is not “obscene” is protected by the First Amendment free speech protections, child pornography is not protected. Individuals violating federal child pornography laws are subject to strict criminal punishments, including harsh jail sentences.

Child Sex Trafficking

Child sex trafficking is the recruitment, harboring, transportation, provision, obtaining, or advertising of a minor child for the purpose of a commercial sex transaction. Being convicted of this crime can result in serious criminal penalties. Federal laws also provide for civil asset forfeiture of property owners who ignore human smuggling on their land.

The internet is the major hub for facilitating human sex trafficking. A recent study of child sex trafficking survivors reported that 75% were advertised online. Additionally, the FBI estimates that at any given moment, 750,000 child predators are online.

ISP Requirements For Reporting Child Pornography

ISPs are required by 18 USC §2258A to issue a report to the National Center of Missing or Exploited Children (NCMEC) when they obtain knowledge of facts or circumstances involving:

  • Sexual exploitation of children;
  • Selling or buying of children;
  • Production or distribution of child pornography; and
  • Websites designed to trick minors into viewing pornography or other obscene material.

This report must contain information regarding:

  • The individual user, including his or her email address or IP address
  • The history of the transmission, including when and how it occurred
  • The geographic area of the involved individual, including the IP address, or the verified billing address

ISPs must also provide any images of apparent child pornography, as well as the complete communication regarding any images of apparent child pornography, including any digital files contained in or attached to the communication.

ISPs are not required to actively search their systems for information regarding sex trafficking or child pornography, nor are they required to monitor individuals for these types of communications.

Failure to make reports can result in fines up to $150,000 for the first offense, and up to $300,000 for subsequent offenses.

The NCMEC will forward these reports to appropriate local, state, federal, or international law enforcement agencies and relevant attorney general for investigation. This collaboration across domestic and international jurisdictional lines is important because a significant amount of child pornography and sex trafficking is done between jurisdictions.

Contacting the NCMEC

The NCMEC’s website is, and its CyberTipline can be contacted at 1-800-THE-LOST (1-800-843-5678) or online at

Other Efforts to Stop Child Pornography and Child Sex Trafficking

Due to the widespread, international nature of child pornography and child sex trafficking, it must be tackled on a number of different fronts.

Because of the serious nature of these crimes, both the US government and private ISPs have undertaken efforts to curb the distribution and production of child pornography and end child sex trafficking.

Private Internet Provider Efforts to Block Child Pornography

In addition to the federal government’s efforts to curb these practices, private internet service providers have reformed their services to block child pornography.

In 2008, Comcast and NetZero joined Verizon and Sprint in taking steps to block child pornography. These companies block bulletin boards where images are disseminated, as well as child porn news and web sites. These efforts to remove old images from circulation will allow law enforcement to focus on more recent images of children who are more likely to still be victimized.

Search engines, such as Google and Bing, are also blocking searches for restricted material, and are working to tackle peer-to-peer sharing of these images. A study analyzing data between 2011 and 2014 showed that these efforts reduced this type of search traffic by 70%.

Senate Fact Finding Into Online Criminal Activity

Finally, the federal government has many investigative tools that can be utilized to expose criminal activity online.

The leading online marketplace for commercial sex is According to a 2017 Senate Subcommittee Report, this website is involved in 73% of all child traffic reports received by the NCMEC.

This investigation looked into whether was merely a conduit for criminal activity, or if the site was actually involved in promoting the criminal activity. If, as claimed, it was merely a conduit, it would be immune from liability under the Community Decency Act (CDA), which provides certain levels of immunity for ISPs and websites that make content available online and have good-faith screening processes to block offensive material. However, if was actively participant in criminal activity, the site could have criminal and civil liability.

Over the course of a nearly two-year investigation, the Senate discovered that not only was editing customer ads for child trafficking or pornography in order to remove words suggesting criminal activity, but also that it was coaching customers how to post “sanitized” versions of the ads to avoid detection. had previously avoided liability for criminal activity under the CDA because the extent of its involvement with the criminal activity had not been known. The Senate subcommittee’s fact finding helped exposed’s practices, paving the way for lawsuits from victims of sexual exploitation. One such lawsuit was filed in June 2017 (1:17-cv-11069).

From the aggressive pursuit of by the US Senate, it is evident that the government is willing to utilize all the tools in its toolbox to seek out this sort of criminal activity online.

For more information on ISP disclosures or compliance requirements with federal and state laws, contact Revision Legal’s team of experienced internet attorneys through the form on this page or call 855-473-8474.

data privacy news

2018’s Biggest Data Privacy News Stories

2018’s Biggest Data Privacy News Stories

As the year draws to a close, we wanted to take a moment to review the biggest data privacy news stories of 2018 and discuss what we can learn from them as we move into the new year.

1.   Europe’s GDPR

Probably the biggest news story is the European Union’s Global Data Privacy Regulation (GDPR). This regulation, which came into effect in May 2018, places significant limits on how companies must collect and store data.

In addition to outlining what companies must do when they process personal data, the GDPR has new regulations relating to how companies must handle data breaches. Businesses are now required to notify their relevant data protection authority within 72 hours of becoming aware of a breach. Depending on the type of data, the company must also notify impacted individuals, if the breach involves a high risk to their rights and freedoms.

Perhaps the most shocking aspect of the GDRP are the high fines a company faces for failure to comply with the regulation. Severe breaches can carry fines up to €20 million ($22.5 million), or 4% of a company’s annual revenue, whichever is greater. As a result, companies like, which took in just under US $178 billion in revenue in 2017, could be looking at multiple billions of dollars in fines for noncompliance.

If your company is subject to the GDRP, you should be looking closely at this regulation to ensure you are complying with all aspects of it. Remember: even if your company is attached by hackers, you can still be fined.

In order to ensure you are fully compliant with the regulation, speak with an attorney who specializes in internet privacy law.

2.   Huge Data Breaches

It seems like every week, we get data privacy news stories. In July, the Identity Theft Research Center reported that over 22 million records were exposed in the first half of the year alone.

Companies like Under Armour faced off against hackers who broke into the MyFitnessPal app, affecting over 150,000,000 users. While there were enough data protections in place to secure sensitive identifying information and credit card numbers, Under Armour’s password protection system was partially protected under a weaker hashing system that was easier to compromise. The stolen passwords could then be sold or used in online scams.

Perhaps the biggest data breach story was the Cambridge Analytica / Facebook scandal. This spring, it came to light that 50 million profiles were harvested data from user’s profile pages to analyze and influence election results, including the 2016 presidential election.

The program collected information about each individual user who completed a personality test, but also information from those user’s online friends. The usage violated Facebook policies, which allowed collection of data only to improve in-app experiences, not for advertising or other purposes. This breach led the UK to issue a £500,000 fine on Facebook (approximately US$644,000), which Facebook has recently appealed.

Facebook is taking a number of steps internally to prevent another Cambridge Analytica scandal, including reviewing apps that have access to large amounts of user data, and turning off the app’s access to someone’s data if it has not been used in the past three months. Imposing and adhering to this sort of internal policy may help limit this type of data misuse. The increased GDPR data privacy protections may also help prevent another Cambridge Analytica scandal, although Facebook previously failed to adhere to an agreement with the Federal Trade Commission (FTC) regarding its users’ data privacy.

Foreign operatives also attempted to steal intellectual property from universities. In March, the US Department of Justice filed charges against an Iranian company and nine individuals for hacking into hundreds of universities around the world, including 144 in the US. The attacks involved sending phishing emails to professors in order to gain access to university data.

These attacks began in 2013, and are estimated to have stolen 31 terabytes of academic data and intellectual property.

What can Your Company Learn From These Sensational Headlines?

In the Under Armour example, the company had many protections in place to protect user’s passwords, but its hashing protocols were flawed. Regularly reviewing and updating the security of your data encryption can help you stay one step ahead of hackers.

You should store data separately, as Under Armour did, to ensure that financial information, including credit card numbers, are kept separately from login data.

To avoid inadvertently allowing third parties to have access to your customer’s personal data, as in the Facebook case, you can follow GDPR guidance on appropriate limitations. You should also routinely audit third party use, to ensure they are adhering to your company’s privacy policies.

If you believe a third party is misusing your customer’s data, you can shut them out and ensure they dispose of the data, including backups, properly. You can also offer rewards to people who find holes in your security system.

Finally, as the Iran-University breach demonstrates, hackers do not always target automated systems. Sometimes the weakest links in data protection are humans.

You should routinely remind anyone who has access to your network – from first semester freshmen to tenured professors – to be wary of emails from unknown sources, even emails that make it through spam filtering. Your employees should exercise extreme caution before clicking on links in these emails.

3.   Data Leaks

A data leak may not seem as serious as a data breach, because it may be inadvertent disclosure, rather than a malicious attempt at hacking into your company’s data. However, a data leak can cause as much harm as a deliberate breach.

In 2018, an employee discovered that Panera Bread’s website included plain text personal data from users who ordered food online. It is estimated that millions of customers’ names, addresses, credit card numbers, and birth dates were vulnerable to automated tools searching for this type of data.

Making matters worse, the leak went on at least eight months after Panera’s head of information security was made aware of the problem.

To avoid putting your company in this situation, you should continue to conduct internal audits of your company’s website and security system. You should take reports of data leaks seriously and investigate them in a timely fashion when they are brought to your attention. Most importantly, you should not let the leak continue especially if there is a quick fix to stop it.

This article does not contain legal advice, and is for informational purposes only. Our internet privacy attorneys have significant experience helping our clients stay compliant with data privacy and protection laws, and manage data breaches when they occur. To discuss your data privacy needs, contact Revision Legal’s internet attorneys with the contact form on this page, or call us at 855-473-8474.

manage data breaches

How to Manage Data Breaches Under GDPR

How to Manage Data Breaches Under GDPR

In recent weeks, we have posted about the requirements of personal data protection under Europe’s General Data Protection Regulation (GDPR) that companies must now follow. Today we will look into what a company must do in the event of a data breach under this regulation.

Over the past few years, we have seen some truly impressive data leaks around the world.

Between May and July 2017, Equifax was hacked, which compromised data for 143 million people, including names, social security numbers, birthdates, and home addresses. In 2018, a number of online retailers, such as Macy’s and Adidas, suffered from data breaches. Even Facebook faced a major data breach that affected as many as 50 million people. Because data breaches are, unfortunately, a fact of life, businesses and consumers must be prepared for them.

If your internet business is subject to the GDPR, here is what you should know:

What is a Data Breach?

Article 4 of the GDPR defines a personal data breach as “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.”

Under the GDPR, you are required to “implement appropriate technical and organizational measures, such as pseudonymization, which are designed to implement data-protection principals, such as data minimization, in an effective manner and to integrate the necessary safeguards in the processing.” (Article 25)

These requirements include having appropriate levels of security, limiting access to personal data so it can only be accessed on an as-needed basis, and conducting tests on a regular basis to ensure that you catch security breaches before they occur. You must also have an appropriate backup system in the event that the data is lost.

You may also be required to have a qualified data protection officer, who will be in charge of overseeing data security. This position is especially important if you are processing a significant amount of sensitive data, such as racial or ethnic origin, political opinions, religious or philosophical beliefs, or information related to genetic or biometric data.

Government data protection authorities are available for consultation, especially when there is a high risk in processing, or there are no measures in place to mitigate potential risks.

How Your Company Should Manage Data Breaches

You are not required to disclose every data breach. However, you must make an assessment as to whether or not the breach is likely to cause a significant detrimental effect to individuals.

If the breach is likely to be significantly detrimental, you must notify your country’s data protection authority within 72 hours of becoming aware of the breach. This notification must include:

  • The nature of the breach, including what type of data was taken and how many people’s information was compromised;
  • The likely consequences of the data breach;
  • What measures you have taken, or propose to take in order to address the breach; and
  • What measures, if any, that can mitigate adverse effects of the breach.

Additionally, if the data breach is likely to involve a high risk to the rights and freedoms of individuals, you must disclose the breach to the individuals at risk without undue delay. The GDPR allows you to make this communication by issuing an effective public communication, if contacting individuals would require disproportionate effort. Companies that have implemented measures, such as encryption, that would render the data unintelligible are allowed to forgo public notification.

Manage Data Breaches: Fines for Non-Compliance

If a company fails to comply with the GDPR’s data breach rules, specifically the requirement to notify your customers within 72 hours of the breach, you can also be fined a significant amount of money.

Less severe breaches carry fines up to €10 million ($11.2 million) or 2% of a company’s annual revenue, whichever is greater. More severe breaches can carry fines up to €20 million ($22.5 million), or 4% of a company’s annual revenue, whichever is greater.

In 2016, the year before Equifax had its major data breach, it reported $3.1 billion in revenue, meaning that it could have been liable for a fine up to $124 million due to its failure to report the breach within 72 hours.

Fines are discretionary, rather than mandatory, meaning that each country’s enforcement agency will assess the situation before imposing fines.

Factors that will be considered include:

  • The nature of the infringement;
  • The number of people affected by it;
  • Whether the breach was intentional or merely negligent;
  • What steps were taken to protect the data; and
  • History of noncompliance, if any.

Additionally, you may be required to compensate individuals for any damages they suffer as a result of the breach.

If You are a Consumer Whose Data has Been Breached

As a consumer, if your data was breached, there are a number of steps you should take.

If the data breach was for non-financial data, like an email or social media account, you should change your passwords. You should also monitor for suspicious activity, such as strange messages being sent or strange posts to your feed.

If the data breach was for a financial account, such as a credit or debit card or bank account, you have a couple more steps to take after changing passwords. Depending on the severity of the breach, you should place a credit freeze or a fraud alert on your accounts at Equifax, Experian, and TransUnion. You can also check your credit report for free at You should also monitor your financial accounts to look for unauthorized transactions.

Finally, if the GDPR applies to your situation, you can file a lawsuit against the company that violated our data protection rights, and make a claim with your national data protection authority.

This article does not contain legal advice, and is for informational purposes only. Our internet privacy attorneys have significant experience helping our clients stay compliant with data privacy and protection laws. If you have questions regarding compliance with GDPR, contact Revision Legal’s attorneys with the contact form on this page, or call us at 855-473-8474.


gdpr processing personal data

When is it “Necessary” to Process Personal Data Under GDPR?

Last week I wrote about the EU’s new General Data Protection Regulation (GDPR) consumer-friendly approach to personal data collection and storage.

This regulation, which went into effect earlier this year, requires that companies only collect, store, or process personal data when there is consent or when it is necessary. Companies are often surprised at the broad definition of “necessary” under the regulation. Often, they do not need an individual’s consent to collect, store or process their personal data.

The GDPR provides five lawful bases outlining when it is “necessary” to process someone’s data. If your use falls into one of these five categories, then you do not have to worry about obtaining, or losing, consent.

Article 6(1)(b): Contracts

If the processing is “necessary for the performance of a contract” to which the individual is a party, or if the individual requested the company to do something prior to entering into a contract, the processing is necessary and therefore lawful under GDPR.

Here are some transactions that would fall under this category:

  • Paul purchases a t-shirt from an online store, which creates a contract between Paul and the store. The store needs to collect data from Paul, including his shipping address and payment information, in order to complete the contract and hold up its end of the deal.
  • Karen is having brochures printed for her office, and contacts a printing company for a quote. The printing company needs to collect Karen’s email address to send her the official quote. If Karen decides to work with the printing company, the company will need additional information in order to complete the transaction.

Contractual obligation will cover many transactions. However, an important part of the GDPR is that the data is collected for a specific and limited purpose, and that collection is limited to what is necessary for the original purpose. If you want to continue to use the customer’s information for marketing purposes after the transaction has completed, you may need to find a different lawful basis.

Article 6(1)(c): Legal Obligation

If a legal obligation requires you to process an individual’s information, you must do so.

Examples of legal obligation include:

  • A court order requiring a business to turn over information on an individual
  • A financial institution noticing suspicious account activity that could be money laundering reports this activity under relevant criminal statutes
  • Businesses collecting and reporting required information about their employees to relevant government agencies.

As these examples demonstrate, a company’s legal obligations to collect, distribute, or otherwise process personal data are typically spelled out in statutes, regulations, or court orders.

Article 6(1)(d): Vital Interests

The GDPR requires disclosure of personal data in situations when it is necessary to save someone’s life. This typically refers to sharing medical records between doctors, hospitals, and emergency rooms. Sharing information about the patient is permitted, but it is also permitted to share information about parents in order to save a child’s life.

Rule 46 of the GDPR also considers “protecting an interest which is essential” to the life of individuals to fall under this category, such as if processing data is necessary for emergencies, like fighting disease outbreaks, recovering from natural or man-made disasters, or other humanitarian emergencies.

However, it is also clear from the rules that if another lawful basis is available, someone controlling personal data should operate under that basis. Operating under a vital interest basis should be used only as a last resort.

Article 6(1)(e): Public Task

You are allowed to process data if doing so is “necessary for the performance of a task carried out in the public interest or in the exercise of official authority.”

If you work for a government agency, it is often necessary to process personal data. For example, immigration officials working at airports must process data of people at border crossings. This differs from the “legal obligation” basis, in that the data processing activity does not need to be specifically listed in a statute or regulation. However, there must be a clear source of law you can point to when processing data under the public task basis.

Additionally, organizations that are not specifically government agencies but serve a public function may also operate under the public task legal basis. If a private company is charged with parking meter enforcement by a city, then that company may collect data on illegally parked vehicles. If a private company has been hired by a city to test water after a potential contamination, they are permitted to act under the public task legal basis.

Article 6(1)(f): Legitimate Interests

The GDPR also allows a company to process personal data when it is in a company’s legitimate interests to do so, as long as the interest is not outweighed by the interests or fundamental rights in an individual’s data.

This is the broadest of the categories with the most room for interpretation. Although this basis may seem flexible, it is not meant to be a free-for-all. As a company, you should ask:

  • Are you pursuing a legitimate interest?
  • Is the data processing necessary for this purpose?
  • Do the individual’s interests override the legitimate interest?

Legitimate interests include using employee and client data for, marketing, IT security, or fraud prevention. For example, a credit card company might monitor its customers data to prevent identity theft. An email server may analyze incoming mail to weed out spam or potential viruses. Companies can also use information within the realm of “legitimate interests,” meaning that sending mail or emails out to former and current customers can be lawful.

Even though it might be easy to say that every data processing activity falls under the “legitimate interest” lawful basis, your company should not rely on this category as a catch-all. Instead, carefully review your data processing activities to ensure you are operating under the necessary basis that best matches your intentions.

This article does not contain legal advice, and is for informational purposes only. Our internet privacy attorneys have significant experience helping our clients stay compliant with data privacy and protection laws. If you have questions regarding compliance with GDPR, contact Revision Legal’s attorneys with the contact form on this page, or call us at 855-473-8474.



personal data processing

Personal Data Processing Under the GDPR

In May 2018, the European Union’s General Data Protection Regulation (GDPR) went into effect. To read the regulation in its entirety, visit click here. The GDPR standardized personal data protection requirements across the 28 EU countries. Although the regulation is broad, advocates for GDPR applaud its consumer-friendly approach to personal data collection and storage.

What are the Governing Principles of GDPR?

GDPR provides a number of general principles relating to processing personal data, namely that it should be:

  • Collected and processed lawfully, fairly, and in a transparent manner;
  • Collected for a specific and legitimate purpose, as well as limited to what is necessary for the collection purpose
  • Kept only as long as necessary for the initial purpose;
  • Processed securely and protected against unlawful processing.

What are Personal Data and Personal Data Processing?

Article 4 of GDPR defines personal data as any information relating to an identified or identifiable natural person, who can be identified by reference to identifiers such as a name, ID number, location data, an online ID, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

Examples of personal data include:

  • Real names and online usernames;
  • Mailing, work, email, and IP addresses;
  • Photographs; and
  • Genetic and biometric data, including DNA

Article 9 prohibits the processing of data regarding racial or ethnic origin, political opinions, religious beliefs, or trade union membership except in certain specific situations and provides further limitations related to the use of genetic, biometric, and general health data.

Personal data processing refers to personal data that is collected, recorded, organized, structured, stored, adapted or altered, retrieved, consulted, used, disclosed by transmission, disseminated or otherwise made available, aligned or combined, restricted, or erased or destroyed. GDPR applies to processing of personal data through automated, partially automated, as well as non-automated means if it is part of a structured filing system.

Examples of personal data processing include:

  • Staff management and payroll administration;
  • Sending promotional emails to an email listserv;
  • Shredding documents containing medical records or bank records; and
  • Posting a picture of someone online.

The business or person who determines the means and purposes of personal data processing is known as the controller of the data. The controller is responsible for adhering to the GDPR and can be penalized for failing to meet the regulation’s requirements.

What are GDPR’s Requirements for Personal Data Processing?

The GDPR permits processing personal data when a user consents to the processing, or when it is necessary to process data.

Consent to Process Personal Data

In order for an individual to consent to a controller processing personal data, the controller must fully inform them about what they are consenting to. Best practices to obtain consent include making the request prominent and separate from terms and conditions of a site.

Consent must also be positively given – users must have an opportunity to affirmatively agree that the controller may process their data. Users must be able to revoke consent in the future, and consent should not be a precondition of the controller providing a service to the user.

People who are 16 years old or older are capable of consenting on their own. Children under 16 must have a parent or guardian consent on their behalf.

Necessary Personal Data Processing

GDPR also list five times when it is necessary for controllers to process data without explicit consent:

  • Contracts: If a controller has a contractual obligation to the data subject, and data processing is necessary to complete contractual obligations, the controller may process the data. Additionally, the controller may process data if doing so is a necessary prerequisite for entering into a contract.
  • Controller’s legal obligation: If the controller has an obligation to report data to a regulatory body, or is under a court order to provide information, they are under a legal obligation to provide it, regardless of consent.
  • Vital interests: If personal data disclosure is required to save someone’s life, the controller is obligated to do so. This situation will almost always involve health data.
  • Public task: This category of necessary processing relates to tasks carried out by an official government agency, on behalf of an official agency, or a task that is carried out in the public interest. This will often relate to government agencies, but government contractors or private water companies may also operate under this umbrella.
  • Legitimate interests pursued by the controller: This category is very broad. It requires the controller to pursue a legitimate interest, that the processing be necessary for the purpose, and that the controller’s legitimate interest does not outweigh the individual’s fundamental rights or freedoms.

Praise and Criticism for GDPR’s Data Processing Requirements

GDPR has drawn praise from tech leaders, including Apple CEO Tim Cook, who recently expressed support for a similar regulation in the US. Cook listed four areas of the GDPR he believed should be legislated in America:

  • The right to have personal data collection be minimized (Article 5(1)(c));
  • The right for users to know what data is collected on them (Article 15);
  • The right to access that data (Article 13); and
  • The right for data to be kept securely (Article 5(1)(f).

Critics of the regulation believe that it can be too burdensome for businesses to comply with or that limitations will stymie growth of artificial intelligence systems, which rely on individuals’ personal data to grow. Others argue that large companies like Facebook and Google who currently offer free services in exchange for the ability to collect and utilize user data may limit free options due to new limitations on data processing.

What are the Penalties for Failure to Comply With GDPR?

Failure to comply with GDPR’s data processing requirements can lead to a number of different penalties, including warnings, bans on data processing, audits, orders to restrict or delete data, and monetary fines up to €20 million or 4% of a company’s worldwide net sales. You should take compliance with GDPR very seriously.

Our internet privacy attorneys have significant experience helping our clients stay compliant with data privacy and protection laws. If you have questions regarding compliance with GDPR, contact Revision Legal’s internet lawyers with the contact form on this page, or call us at 855-473-8474.


intellectual property in china

Find Out How to Protect Your Intellectual Property from Your Chinese Manufacturer

Any business with one eye fixed on the future knows that they can’t afford to stay out of China, one of the four largest emerging markets in the world.

Unfortunately, businesses also know that they can’t afford to stay in China either, as China accounts for at least half of all intellectual property theft from United States companies.

How do you beat the catch-22?

By learning how to play smarter than China.

That’s why we’re explaining everything you need to know about protecting your intellectual property in China, from the problems you’ll face to steps you can take.

What is Intellectual Property?

But first, we should address the basic question at the heart of this: what is intellectual property?

After all, if you’re not clear on what intellectual property actually is, you won’t have a clue about how to keep it safe.

In the simplest terms, intellectual property is any product of the human intellect that is legally protected from unauthorized use. It generally falls into four categories:

  1. Copyright
  2. Patent
  3. Trademark
  4. Trade secrets

The basic goal is to protect your property and business from infringement, particularly from the unauthorized use and misuse of your creation.

The most basic example of intellectual property theft? An employee walking out the front door with your designs to work for another company, which will market your trademarked product, design, or production process as their own.

Why You Need to Protect Your Intellectual Property

With that in mind, let’s talk about why you need to protect your intellectual property.

Intellectual property isn’t a physical asset–it’s an idea. That means that unlike a painting or a car or some other concrete object, you can’t lock it in a vault.

Yet safeguarding it is crucial.

One of the biggest reasons for this is maintaining a competitive advantage. Let’s say your company created a new drug, the only drug of its kind to do what it does or successfully treat a particular illness. That drug would make you pioneers in the field, and since you’re the only one who knows how to make it, you have a monopoly on the market.

Now let’s say someone else starts making that same drug and selling it. Suddenly, it doesn’t matter that you got there first–what matters is whether consumers happen to see your brand or your competitor’s brand first.

Another important element is brand recognition. When your company creates goodwill with customers, they’ll learn to identify your brand with that goodwill and use the brand as a shorthand identifier for quality.

And when you’ve worked so hard to create that positive association, you don’t want another company to profit on your work.

Problems with Intellectual Property in China

Since your intellectual property is so important to your business, you’d obviously want to protect it.

Here’s the problem: intellectual property protections are largely reliant on the laws of the place in question. Unfortunately for you, intellectual property laws in the United States are wildly different from intellectual property laws in China.

Worse, Chinese companies are encouraged under official Chinese government policy to poach intellectual property from American companies–often with the active participation of Chinese government personnel.

Your best option? Don’t wait for someone to infringe on your trademark. Instead, prevent the problem from happening.

Protecting Your Intellectual Property in China

So, with all of that in mind, how do you go about protecting your intellectual property on the Chinese market?

Nothing can replace an experienced intellectual property attorney, who can help you take a look at the rules, regulations, and common practices in the areas you want to do business and help you come up with a comprehensive plan to keep your property secure.

There are, however, a few things you can do to make your life (and your attorney’s life) a little simpler.

Know the Law

It starts with knowing the law.

And yes, we did just tell you that the government frequently encourages intellectual property pillaging. However, if you want a legal basis to address the issue (and protect your property from the rest of the world, as well) you’ll have to know your way around some of the most commonly used manufacturing agreements and IP registrations in China.

Again, your lawyer can help you explore your options in greater detail, but we’ve provided a few starting points here.

Manufacturing Agreements and IP Registrations

The first thing you should know about is NNN agreements, which are basic agreements protecting the confidentiality of your products while preventing your Chinese manufacturer from competing with you or circumventing you by going directly to your clients.

Many Western businesses make the mistake of believing their nondisclosure agreements are sufficient protection in China (for the record: no, they’re not.) Nondisclosure agreements work in countries like the US or Canada where judges have ample power to issue and enforce injunctions. That’s not the case in China.

You’ll also need a mold/tooling protection agreement, which makes it clear to all involved parties that the molds and tools you are having manufactured belong to you and cannot be used to manufacture products for anyone else. It seems basic, but it’s how you prevent your manufacturer from using your tools to compete with you.

In addition, you should get product ownership and product development agreements.

A product ownership agreement makes it clear that the product you co-develop with your Chinese manufacturer is solely your property.

A product development agreement is a little more complicated, but it’s designed to iron out the exact details of your product development relationship. Good agreements will make it clear who owns what components of the finished product and the precise milestones the manufacturer must meet along the way in order to receive payment.

Register Intellectual Property in China

The next thing you can do to help protect your intellectual property is to register your intellectual property in China if you have any intention of using it there.

Yes, even if you’ve already patented it elsewhere.

If you’ve been paying attention, you’ve probably noticed a trend by now: protection to the level of redundancy is a good thing where China intersects with your property. You want any dealings with your manufacturer to be ironclad and airtight.

Remember, patents are national rights. If your product is already legally protected in the local environment, it’s one less loophole a competitor (or your manufacturer) can exploit to edge you out of your own market.

Used Establish IP Protection Practices

In the process of patenting your product in China and ironing out details with your Chinese manufacturer, you should make sure you do one thing consistently throughout: abide by well-established local practices of IP protection.

Specifically, you should comb through Chinese laws on IP protection and make sure you’re abiding by it to the letter.

For example, this could include standard practices on how to handle inflow and outflow of sensitive material, restricted rights access to internal databases, and other practices.

Think of it this way – you don’t want to set up an invisible wall between Chinese coworkers and the rest of the company. That said, it’s much more socially acceptable to monitor workers in China than the West, and that’s something you should take advantage of.

If anything, most Chinese companies go well beyond what most Western companies would consider acceptable. Mobile phones, for example, might not be allowed in company buildings at all, in or out, and USB ports are blocked.

Whatever you may feel about surveillance, the fact remains that in China, it’s a competitive advantage. If you’re not using it, your Chinese competitor certainly is.

Establish Chinese R&D

Some companies have tried taking it a step further, to ensure that their Chinese manufacturer is just as invested in their success as the rest of the company.

One way that companies have done this is to establish Chinese-based research and development centers, particularly focused in areas where the company does not currently hold a large body of intellectual property.

The idea is that, through close collaboration, both sides have just as much to lose if something is leaked to a competitor, which will disincentivize your manufacturer from selling you out.

Plus, if the field is new for the company, you won’t need to transfer much (if any) core intellectual property technologies over to China. This means that you’re actively encouraging your Chinese manufacturer and Chinese staff to innovate on your behalf without having to worry about compromising your core technology.

There are downsides, of course, especially if you want to foster collaboration (which you should). Inevitably, there will have to be some sharing of core technology, or there’s no longer any incentive to stay loyal to you.

When all else fails, think of it this way: decide what you do not want to be shared with your Chinese colleagues. Anything not on that list can be shared freely.

The Attorney You Need to Protect Your Ideas

Regardless of the specific methods you use to protect your intellectual property in China, one of the best tools you can have in your arsenal is a talented intellectual property lawyer.

That’s where we come in.

We litigate to help you understand the complexities of intellectual property, business, and technology, and we believe in giving our clients plain language and respect.

If you need an intellectual property lawyer, don’t hesitate. Get in touch today to see what our firm can do to help your business thrive.

online defamation

Online Defamation: Your Response Guide for Slander and Libel

Slander and libel can come from unexpected places. With the invention of the internet, online defamation has arisen. Learn how to respond if you’re targeted.

Imagine waking up to the sound of your phone uncontrollably buzzing, only to learn that you have several new emails, posts on your Facebook page, and comments on your website.

Your worst nightmare has come true–a malicious user has posted a false review of your company that tarnishes your reputation.

Online defamation has been rearing its ugly head more often with the rise of social media. But what exactly is online defamation, and how can companies combat untruthful and damaging statements posted online?

Online Defamation

Defamation is legally defined as a false statement that serves to damage the reputation of a business or individual. Slander and libel are under the umbrella of defamation.

In order to have a case for defamation, you have to prove that the statement is not true and that it specifically concerns yourself or your business. It also has to be published by a third party–like a website or blog.

You’ll have to show evidence that your company experienced significant damage because of the statement. This is one of the hardest things to prove in court.

Unfortunately, you can’t take legal action against someone who is actually telling the truth. If someone digs up your dark past and posts it online, you can’t sue them. The truth hurts.

Slander vs. Libel

Slander and libel are subcategories of defamation. They both concern statements that harm you or your business’ reputation.


Slander is the act of verbally speaking an untrue statement to another party. It must tarnish another person’s reputation. Online slander can usually be found in a video, audio file, or podcast.


On the other hand, libel is the act of writing a damaging and untrue statement to another party. Websites, blogs, comment sections, forums, and review sections are all places where libel can occur online.

Take Action Against Online Defamation

You’re able to file a lawsuit for defamation of character, but your success in trial depends on how much havoc the false statement has wreaked.

The First Amendment of the Constitution states that Congress is not allowed to make a law “abridging the freedom of speech, or of the press.” This makes it more difficult to make a case for defamation.

The Communications Decency Act is another barrier that could bar you from winning a defamation case. This act prohibits you from suing an internet service provider (ISP) for defamation. ISPs are meant to act like distributors, not perpetrators.

That being said, a lawsuit is not the only solution to defamation. There are other methods to alleviate the damage to your company’s reputation:

Just Ignore It

Maybe someone left your company a defaming remark in a review. In this case, you might be able to simply ignore it.

Readers are smart enough to weigh the good against the bad. They will usually just shrug off a blatantly exaggerated statement. The bottom line is that if there are numerous positive reviews, then these will outweigh the negative review.

However, ignoring this type of statement is not always the best choice. Some false statements might put your company’s integrity at risk. When someone publicly accuses your company of a crime, then you’ll need to do more than just ignore the comment.

Get Rid of It

There are numerous places where you can report the person’s false statement and potentially have it removed.

First, try reporting them to their registrar. Certain domain name registries have rules that prohibit websites from making a profit by posting defaming remarks.

You can also try to report them to their hosting company. You might be in luck if their website doesn’t comply with the host provider’s terms and conditions.

If the comment was posted on social media websites like Facebook, Twitter, or Instagram, you can report the user. However, social media websites don’t really care about defamation–they care about trademark use. The user making negative comments might be using your trademarked name as the name of their profile, which means that you might be able to take control of their account.

Reporting the user to Google is another option if they are violating Google’s SEO rules. Websites that misuse Google’s Adsense ads, or use “black hat” SEO methods can get banned and have their ad profit taken away.

You can go straight to your service provider as well. If the defaming statement defies any copyright or trademark laws, then you’ll have a better chance of getting the statement removed. Because of the Communication Decency Act discussed earlier, it’s not guaranteed that the statement will be deleted.

The only downside to removing the statement is that the user may decide to repost the same statement on a different website.

Fight Back

If you can’t remove an incriminating statement, then you’ll have to resort to making a rebuttal. Your rebuttal should be brief and concise. Avoid bickering with other users, as this will tarnish your reputation even more.

Sometimes, rebuttals can actually make the situation worse. It can make it seem like there is some credibility to the statement, which can trigger more criticism and attention directed towards your company. You have to weigh the pros on cons between risks that are associated with rebutting, compared with doing nothing at all.

Take Legal Action

Lawyers that specialize in defamation will be able to determine your next move. If the user’s statement is false and there’s clear evidence of damage done to your reputation, you’ll have a better chance of making a case.

Make sure to keep records of all the defaming statements made towards your business. Take screenshots of the posts, comments, search engine results, or other incriminating pages and print them out. You should also hold onto any evidence that indicates the user’s identity.

Lawyer Up

Experiencing online defamation can be frustrating–complex laws and policies make things confusing for busy companies.

Our lawyers at Revision Legal specialize in representing tech companies. We can assist your business as it goes through the process of combating defamation. Contact us to see how we can help.

infringing upon a trademark

What You Should Do if Someone is Infringing Upon Your Trademark

Do you have a registered trademark that is being infringed upon? Check out this helpful guide to put a stop to it immediately.

The U.S. Patent and Trademark Office receives half a million applications every year. About three-quarters of them get registered. That leaves a lot of people and companies without trademark protection.

It also leaves a lot of people and companies open to trademark infringement. Of course, not all cases have the intention of causing harm and are accidental. Others do have malicious intent.

In all cases, they’re infringing upon your rights as the trademark holder. Trademark infringement is a complicated situation that requires legal expertise. In this article, we explain the steps you should take if you feel your registered trademark is being infringed upon.

What is Trademark Infringement?

When you start your business, you protect yourself from fraud. You make sure your computers have anti-virus and anti-malware installed to keep from getting hacked.

You spend hours making sure your site is working and your ordering process is flawless. You brainstorm with partners and peers on ways to market your brand.

You design logo after logo until you come up with the perfect one. You go through the trademark process with the U.S. Trademark and Patent Office. Before you know it, your name and logo are all yours!

That means, that only you can use your business name and logo. There are some confusing exceptions. For instance, Delta Airlines and Delta Faucet Company share the same name but have nothing to do with each other.

Trademark infringement happens when there is confusion between the use of two logos and whether it’s getting used on competing goods and services.

There’s 100% chance you’ve never tried to buy a plane ticket and ended up with a new faucet instead. There’s no confusion between the two Deltas, so there can be both an airline and faucet manufacturer with the same name.

Now, you trademarks do get infringed upon all the time. If you’ve ever called all tissue “Kleenex,” all lip balm “Chapstick,” or all headache medicine “Asprin,” you’ve technically infringed upon a trademark.

Don’t worry, these specific cases (and Thermos, Band-Aid, Velcro, etc.) get categorized as generic trademarks. This happens when a product is so significant or popular that it becomes synonymous with an entire class of products.

In other words, if you ask a maintenance worker where the building’s Dumpster is, you won’t get sued.

How You Know Someone is Infringing Upon Your Trademark

If you suspect someone is using your company name or company logo without permission, you have to prove it. A court of law takes many things into consideration when hearing a trademark infringement case.

The first thing they’ll do is apply the “likelihood of confusion” test. It’s actually an umbrella term used by various federal courts. Most courts use the same factors to figure out if a logo use causes confusion.

Their goal is to determine if a consumer will get confused by the products which can damage your business. The 6th Circuit Court uses an “8-Factor Trademark Infringement Test.”

What You Should Do If Your Trademark Gets Infringed Upon

If you pass the test and can prove confusion, your next step should be contacting a trademark infringement attorney. They specialize in handling cases like yours and will guide you through the legal process.

Send a Cease-and-Desist Letter

The first step that’s most common in a trademark infringement case is sending a cease-and-desist letter. You can do this on your own, but you should get legal advice to ensure you’re using proper terminology and covering all your bases.

The letter demands that another entity stops using your trademarked name or logo at once. It’s possible they didn’t realize they were using a registered trademark and stop using it.

If their intentions were a little more nefarious, they could ignore your letter and continue using your trademark. In this instance, you want to speak to a lawyer about filing a lawsuit.

File a Lawsuit

If the person or entity receives your letter and continues to use your trademark, it’s time to file a lawsuit. The suit will get filed in federal court if it spans more than one state. If the infringement is local, it may get filed in a state court.

The purpose of your suit is to stop your trademark from getting infringed upon. But you may be able to collect damages if:

  • You can prove your business got hurt financially as a result of the trademark infringement.
  • You can prove the alleged infringer made money from using your trademark.

There a few things to remember if you file a lawsuit. The first is that you must file for a trademark in the first place!

In court, you can argue on “common law” rights to a name. But, your chances for winning your case are greater if you filed for federal trademark protection with the USPTO.

As an entrepreneur or small business owner, you have a lot on your plate when you’re getting started. Filing for a trademark may be the last thing on your mind. But if you don’t and you find someone is using your name or logo after you’re operating and established, the fight becomes who used it first.

The other note of importance is that you must actively use your trademark. You can’t stop other businesses from using a name or logo unless you’re using it in the marketplace to identify your goods or service.

A court will give you minimal protection if you’ve held a trademark for years but haven’t used it.

How You Can Prevent Trademark Infringement

When it comes to prevention, you can ensure no one is infringing upon your trademark by monitoring it. Like not actively using your trademark, you can lose some of the federal protections by not monitoring it.

Specialized software is available that monitors trademark infringement. Reputable trademark infringement attorneys also have this software and can monitor for you. This is a proactive step in protecting your company name and logo that puts a stop to unauthorized uses.

A New Kind of Law Firm for a Data-Driven World

Your business and its trademark are unique. Don’t let anyone get away with infringing upon your livelihood. If you suspect someone is, you may need help proving it.

You need a lawyer that knows the effect of having your trademark infringed upon has on your business. That’s where Revision Legal comes in.

We’re a law firm that understands the connections between law, technology, and business. We’re experienced litigators who fight to protect online businesses.

If you feel your rights are being infringed upon, we can help. Contact us today and let us know how we can give you back your peace of mind.

how to trademark a product

How to Trademark a Product: The Ultimate Guide

Do you need to know how to trademark a product? Check out our ultimate guide to get started and protect your work today.

A trademark legal battle has waged over the word “Apple” for three decades. You see, the Beatles named their music company Apple Corps.

Eight years later Steve Jobs came along with Apple Inc. After decades of fighting, Apple Inc has paid almost $100 million to Apple Corp. They worked it out for now, but it is a lesson for all of us.

Knowing how to trademark a product can help you avoid situations like this. Avoiding a generic name and doing a thorough search would have helped prevent this from happening.

Keep reading our guide to find out the basics of trademark registration.

What Can Be Trademarked

You can trademark a word, symbol, device, or color. You can trademark anything that identifies your company and goods in the marketplace.

You can only trademark commercial marks. There are three types of trademarks you can get.

Trademarks and service marks are phrases, words, or symbols. A Trademark indicates a good while a service mark indicates a service.

Collective marks work like a trademark but signify a group. This lets the different members of the group benefit from the trademark.

Certification marks are for the characteristics of your product. For example, if your product has “100% silk”.

How to Trademark a Product

Once you have a chosen mark that you want to register, you have 5 steps to take. The first step in the process is to check that you have a unique mark.

Step 1: Search for Similar trademarks

Search the USPTO database for similar marks. Do not focus on looking for exact matches.

Anything that looks or sounds similar can trigger a rejection. Take your time with this search, if your application gets rejected your fee.

It is smart to hire a trademark attorney before you begin this step. They will understand the database and the best way to find any potentially confusing marks.

Step 2: Prepare and File your Application with USPTO

You’ve done your search and there are no marks like yours. Now you’ll want to prepare your application for submission.

Gather proof of how you are currently using the mark. This proof is called your specimen.

Step 3: Review Your Application

About three months after you submit your application, the USPTO will assign you an attorney. This attorney reviews your application and does one of two things.

He may respond to your application with a request for calcification. If he’s happy with your application he will approve it for the next step.

Sep 4: Review of Trademark by the Public

The USPTO attorney will give your mark a publication date. On this day your trademark gets published in the Official Gazette.

There is a 30-day window after publication for someone to object to your trademark. They would need to make this objection on the basis that your mark will impact their trademark.

Step 5: Use your Registered Trademark

If no one objects during step four then you get your trademark. About three months after step four is complete you will receive a trademark certificate in the mail.

Once your registration is complete you can start using the trademark symbol after your mark. This is the “R” in a circle.

How To Speed up the Process

You will start to hear from the USPTO about your application within 3 months of filing. The whole process will take at least 6 months though.

Often the process can take a year or longer. There are a few steps you can take to speed up the process though.

Read our post about trademark registration process here.

Choose a Strong Mark

Not all names and symbols get approved. The stronger and more unique your mark, the more likely it will get approved.

Make up a word, or choose a word that is not associated with the industry. You can also pick a name suggesting the character of service without naming it.

Don’t Choose a Confusing Mark

What is the likelihood of confusion of your mark?

The purpose of registering a trademark is to protect your image in the market. By choosing an easily confused name you are likely to have it rejected.

Choose a mark too close to a competitor and you are likely to have it opposed. A search for similar marks should help you avoid this before you submit your application.

Begin Using Your Mark ASAP

If you are already using your mark you can select “use in commerce” on your application. This gives you one less step to do during the application process.

Make Sure Your Application is Correct

Making mistakes in your application will cause a delay in the process. These mistakes are easy to fix, but they take time.

Respond to the USPTO Promptly

If you receive correspondence from the USPTO you need to respond for your application to keep moving forward. The deadline to respond is 6 months, but you shouldn’t wait until the deadline to reply.

How Long Are Trademarks Good For

Once approved, you have trademark protection for ten years. This means that every ten years you will need to renew your registration.

Get Help to File For Your Trademark

The first step in getting a trademark registration is to come up with a unique mark. This can be a word, symbol or device.

Make sure that you choose a strong and unique mark. Then begin using it right away.

Do a search for similar trademarks that are currently registered. Make sure that yours is not similar or easily confused with any of them.

Once you are confident you have a unique mark, create an application. Review it for any errors and then submit it to the USPTO.

Once your application is submitted, follow the lead of the USPTO. Respond to any communications they send so your application will continue to process.

These steps are detailed and can take months to complete. If you are unsure of how to trademark a product the best option is to get help for a trademark attorney.

Get help today with registering your mark for trademark protection.