Category: E-Commerce

GoodRx Fined $1.5 Million for Disclosure of Users’ Personal Information to Third Parties Without Notice or Consent

On February 1, 2023, the Federal Trade Commission (FTC) filed a “first of its kind” enforcement action under the FTC’s Health Breach Notification Rule, 16 CFR Part 318, which offers several useful takeaways for all companies that collect and process a consumer’s personal information – not just companies that handle health-related data. The FTC’s proposed order seeks to impose a $1.5 million civil penalty against GoodRx, a digital health platform, for sharing the sensitive personal health and other information of millions of GoodRx users with various advertising platforms, including Facebook and Google, and failing to report these disclosures to consumers. According to the FTC complaint, GoodRx collects sensitive personal information from users and represents that it will treat users’ information in accordance with its privacy policies. Since at least 2017, the GoodRx privacy policy specifically stated that GoodRx “would never disclose personal health information to advertisers or any third parties.”  Yet for several years, GoodRx allegedly violated these promises “by sharing information with Advertising Platforms, including Facebook, Google and Criteo, about users’ prescription medications or personal health conditions” and “did so without notice to users, and without obtaining consent.” In addition, GoodRx monetized the personal health information it collected through the creation of advertising campaigns on Facebook and Instagram that targeted GoodRx users. In August...

Defend Trade Secrets Act of 2015 Passes House, Heads to President Obama’s Desk

On April 27, 2016, the Defend Trade Secrets Act (“DTSA”) passed the House of Representatives with a 410-2 vote. The two no votes were from Rep. Justin Amash (R-MI) and Rep. Thomas Massey (R-KY). Earlier this month, on April 4, the Senate passed the DTSA by a unanimous vote of 87-0. Now, the DTSA heads to President Obama’s desk for his signature.

Safe Harbor 2.0: Still a Work in Process

Last month, judges from the European Court of Justice, the European Union’s top court, issued a judgment striking down a 15-year old agreement, known as the Safe Harbor framework, which allowed American and European businesses to freely move personal data between the two regions. This ruling impacts nearly 4,000 businesses that currently rely on Safe Harbor framework to transfer data between the U.S. and Europe and requires all businesses to revaluate their compliance with Europeans standards.

Defend Trade Secrets Act of 2015 Would Create a Federal Private Right of Action for the Misappropriation of Trade Secrets

On July 29, 2015, with bipartisan support, Congressional leaders in both the House and the Senate introduced identical bills, HR 3326 and S. 1890, respectively, entitled, the “Defend Trade Secrets Act of 2015” (“DTSA 2015”). The proposed legislation attempts to authorize a private civil action in federal court for the misappropriation of a trade secret that is related to a product or service used in, or intended for use in, interstate or foreign commerce. Additionally, the proposed legislations seeks to (a) create a uniform standard for trade secret misappropriation; (b) provide parties pathways to injunctive relief and compensatory damages; and (c) create remedies for trade secret misappropriation that are similar to other violations of intellectual property rights, for example, including exemplary damages and attorneys’ fees available in the event of willful and malicious misappropriation of a trade secret. An interesting feature of the DTSA 2015 is the availability of an ex parte seizure order for plaintiffs fearful of the dissemination of their trade secret(s). The proposed ex parte seizure allows for the government to seize property necessary to prevent the propagation or dissemination of the trade secret prior to giving notice of the lawsuit to the defendant.

Maximizing Bankruptcy Protection in Software and SaaS Agreements

In today’s digital age, cloud computing has lowered the barrier of entry into many marketplaces by providing network access to a shared pool of configurable computing resources. Cloud services allow business to forego upfront capital costs on servers, network infrastructure, and software allowing companies to focus on establishing and differentiating its business instead of worrying about its IT resources. Additionally, it is typically a “pay as you go” service meaning that businesses can scale up or down as needed in real time. However, entrusting a third-party as the sole source of the company’s network, software, and data storage functionality puts the company at risk of losing these services should the provider enter bankruptcy.

Federal Circuit Panel Concludes That It Lacks Jurisdiction to Review PTAB Decision Terminating IPR Proceeding

Recently, the Federal Circuit held that it lacks jurisdiction to review non-final Patent Trial and Appeal Board (“PTAB”) decisions, such as decisions to vacate or terminate a post-grant proceeding. In GEA Process Engineering, Inc. v. Steuben Foods, Inc., the Federal Circuit denied GEA’s petition for writ of mandamus directing the PTAB to withdraw an order in which it terminated GEA’s five pending IPR proceedings on the grounds that these IPRs should have never been instituted. The PTAB reasoned that GEA failed to identify all real-parties-in-interest and, thus, the petitions were incomplete.

Federal Circuit Affirms PTAB in First-Instituted Covered Business Method Review (CBM) Proceeding

On July 9, 2015, the Federal Circuit affirmed a final written decision made by the U.S. Patent & Trademark Office Patent Trial and Appeal Board (“PTAB”) in SAP America, Inc. v. Versata Development Group, Inc. (CBM2012-00001), the PTAB’s first instituted Covered Business Method Review (“CBM”) Proceeding under § 18 of the Leahy-Smith America Invents Act (“AIA”). As a basis for the affirmance, the court established several important guidelines concerning Federal Circuit review of CBM proceedings which are highlighted below.

Claims by Brand Owners Against Alibaba Defendants are Reasserted in S.D.N.Y.

A group of brand owners has filed another complaint against eleven Alibaba and Taobao entities for claims including direct and contributory trademark counterfeiting and violations of the RICO statute. At issue is when and to what extent a service provider can be held liable for alleged trademark counterfeiting taking place on an online platform.

Updated California Online Privacy Laws Require Disclosure of “Do Not Track” Policies

Recently, California Assembly Bill No. 370 (AB370) was signed into law by Governor Jerry Brown. AB 370 amends California’s Online Privacy Protection Act of 2003 (OPPA) to require that the privacy policy provided by the operator of a website and online service describe how the operator will respond to consumer-initiated mechanisms for controlling the collection of consumer personally identifiable information (PII).

gTLDs Pose New Threats in Cyberspace

On January 12, 2012, ICANN, the Internet’s domain name registration watch dog, began accepting applications for new generic Top-Level Domains (gTLDs) to add to those already in existence, including .com, .net, .biz and others. Under the new scheme, any company can apply for a gTLD, thereby expanding the domain name system (DNS). Ultimately, this expansion will change the Internet forever. Each new gTLD poses an incremental risk for trademark owners who are already under heavy assault in cyberspace from cybersquatting (registering, trafficking in, or using a domain name with bad faith intent to profit from the goodwill of a trademark owner), brandjacking (assuming the online identity of another entity for the purposes of trading on another’s brand equity), and typosquatting (registering URLs with common misspellings) by those seeking to generate illicit profits. According to the Coalition Against Domain Name Abuse (CADNA), cybersquatting already costs trademark owners more than $1 billion each year due to lost sales, lost goodwill, and increased enforcement costs. However, with a major increase in gTLDs, many corporations fear an expansion in expensive litigation to enforce their brands and trademarks.