Internet Law Info Blog

Commentary: International Websites: The Internet has been amazing tool; enabling even the smallest voice to reach people throughout the world. It has, in fact, breathed new life into many small businesses who now can reach millions of potential customers in mere keystrokes. Many companies elect not to, or do not think to, limit the reach of their website. As a result, it may be accessible to the international public, and the Company could be deemed to be offering its goods or services to customers throughout the world. Again, this may be beneficial from a business standpoint, but it presents some legal vulnerabilities. Quite simply, different countries have different rules and standards by which a website must operate.

By offering its goods or services to other countries’ residents, a foreign court could claim that it has jurisdiction over a US-based company. So, even if the company has lawfully established the website in the United States, and is complying with the Federal and State laws here but the website is accessible to residents in another country, that company could still be vulnerable to legal attack for failure to adhere to that country’s (or their state or provincial) laws.

The difference in international website standards was recently highlighted in the Beijing Olympics. A lot of press came out of the Olympic Games for China’s censorship of certain Internet content. There, the government merely banned access to certain websites. However, other countries may not be so proactive, and may instead allow access to the website but hold the website operator liable for illegalities on the site or in connection with the sale. The vulnerability regarding the international scope of websites also takes a prominent role in regard to the different definitions of “obscenity.” Other countries have different standards as to what is “obscene” as compared to the United States. Therefore, what might be acceptable here, and what might even be considered to be artwork here, may be banned as pornography elsewhere. Another example is that the European Union tends to generally have stricter rules when it comes to privacy regulations.

Unfortunately, this vulnerability is complicated in that there may be different standards in each locality in addition to those differing national standards. This is a challenge even within the United States. For instance, the Internet is not generally regulated at the Federal level. Rather, each state can have its own rules and regulations relating to the operation of an e-commerce company. For instance, California has an entire regime of laws relating to privacy protections and disclaimers that need to be on a website. Regardless from where a website is based, if it is marketing to California residents, it will arguably need to comply with those laws.

Accordingly, if a website is simply launched and offers services to everyone, there are numerous legal vulnerabilities given all of the levels of legal regulation to which it may be exposed. One of the best ways to manage this risk is to limit in some way the people to whom the company is offering its goods or services. This can be included in the website terms and conditions or other legal disclaimers, where a company can specifically require the user to indicate that they are a resident of a certain country or state. Moreover, a company could establish protocols to be sure that orders are not accepted from residents of certain states and territories. Therefore, a company can limit the reach of its offerings to those states and countries that it has evaluated with legal counsel to ensure that the website and its goods and services will not run afoul of the laws of those areas.

Comments/Questions: ljm@gdnlaw.com
© 2008 Nissenbaum Law Group, LLC

Please visit our website at www.gdnlaw.com and our other blogs at www.nissenbaumlawblog.com; www.foreclosuredefenselawblog.com; www.saleofbusinesslawblog.com; www.internetdefamationlawblog.com; www.constructionlawinfoblog.com; www.filmproductionlawblog.com; www.internetlawinfoblog.com; and www.njbusinesslawblog.com

Commentary: As Mr. Horn previously discussed in his post, Ebay Liable for Breach of Contract Based on Violation of Terms and Conditions, the Missing Link case underscored the need to take caution in preparing website terms and conditions. There, eBay was held liable for failing to comply with its own terms and conditions. As Mr. Horn explained, this case emphasizes the importance of drafting terms and conditions that are directly applicable to the website and with which the company can comply. However, equally important is that the company is prepared and able to comply with the edicts of its privacy policy.

Privacy policies are critical documents for an e-commerce company. They generally outline what information is being collected by a company and how that information will be utilized. They are required in certain instances and by certain state laws. Moreover, the Federal Trade Commission (FTC) has offered precise guidelines with regard to the implementation of a privacy policy.

Notably, the FTC does not generally compel a company to adopt a privacy policy on its website. A significant number of cases brought by the FTC relating to website privacy policies not only concern the failure to have a policy, but also relate to enforcement actions against companies who fail to adhere to posted privacy policies they do have. In essence, while it is advisable to post a privacy policy, to do so and not adhere to it would be worse than not posting it at all. For example, in one of the landmark decisions in this area, the FTC brought suit against GeoCities, Inc., based on inconsistencies between its privacy practices and its stated policies. A settlement agreement was reached which required GeoCities to change its data collection policies and adopt a new privacy policy to protect consumer rights. In re GeoCities. Notably, this case is also beneficial because the settlement that was reached is instructive of the types of practices the FTC deems appropriate with regard to privacy policies and provides suggestions on implementation (i.e., where the notice should be placed on the website).

Again, this underscores the importance of making sure that the privacy policy, and all of a website’s legal disclaimers, are appropriate for its business. It is critical that the company take time to develop and precisely customize website terms and conditions and privacy policies. These documents need to suit the business’s needs, obtain the rights it needs against customers and website users, but also establish corporate standards that are reasonable and with which the company can easily comply.

Comments/Questions: ljm@gdnlaw.com

© 2008 Nissenbaum Law Group, LLC

Please visit our website at www.gdnlaw.com and our other blogs at www.nissenbaumlawblog.com; www.foreclosuredefenselawblog.com; www.saleofbusinesslawblog.com; www.internetdefamationlawblog.com; www.constructionlawinfoblog.com; www.filmproductionlawblog.com; www.internetlawinfoblog.com; and www.njbusinesslawblog.com

Commentary: As most of us know, spyware is something that is hard to define. As Justice Potter Stewart said in the famous Supreme Court opinion, Jacobellis v. Ohio, 378 U.S. 184 (1964), "I shall not today attempt further to define the kinds of material I understand to be embraced within that shorthand description; and perhaps I could never succeed in intelligibly doing so. But I know it when I see it . . . .” He was referring to obscenity, but he could just as easily have been discussing spyware.

Perhaps a reasonable definition would be a program that allows a third party to monitor another’s computer activities. As one might imagine, since most people have an expectation of privacy in their own computer operations, when a third party surreptitiously monitors that usage, lawsuits inevitably follow.

However, those lawsuits are not always successful. In Zango v. Kaspersky, Lab, Inc., No. C07-0807 (W.D. Wash. August 28, 2007), a lawsuit was brought against a company that manufactured software that had inserted spyware on another’s system. The Court ruled in favor of the software manufacturer. It based its holding on Section 230(c)(2)(b) of the Communications Decency Act based on a determination that the software manufacturer was an “access software provider” and that it had provided a means to restrict the utility of the spyware. Similarly, in Zango v. PC Tools Pty. Ltd., 494 F. Supp. 2d 1189 (W.D. Wash. 2007), the Court concluded that the spyware was a legitimate tool to prevent illegal downloading.

On the other hand, there are certainly other lawsuits in which the spyware claim has been successful. One notable example is Kerins v. Intermix Media, Inc., No. 05-4408 (C.D. Cal. 2006) in which California state law was the basis for the Court’s ruling that the claims could proceed. But, it is important to keep in mind that California has numerous state laws that are specifically applicable to Internet and computer related acts. Many of these provisions do not have counterparts in other states. It would therefore not be surprising to see a claim that failed elsewhere succeed under California law.

The law of spyware is constantly evolving. Only time will tell whether current law provides sufficient remedies to those adversely affected by it.

Comments/Questions: ljm@gdnlaw.com

© 2008 Nissenbaum Law Group, LLC

Please visit our website at www.gdnlaw.com and our other blogs at www.nissenbaumlawblog.com; www.foreclosuredefenselawblog.com; www.saleofbusinesslawblog.com; www.internetdefamationlawblog.com; www.constructionlawinfoblog.com; www.filmproductionlawblog.com; www.internetlawinfoblog.com; and www.njbusinesslawblog.com