New Privacy Regulations Weaken the Foundation of Smart Cities
An Inflection Point for Smart Cities
New privacy regulations are threatening the full value and promise of smart cities through more stringent requirements for data collection, use and sharing.
The California Consumer Privacy Act, for example, introduces greater privacy requirements relating to undisclosed collection and sharing of information for companies that interact with California consumers. While largely designed to prevent surprises or undisclosed third parties from acquiring and/or misusing personal information in AdTech and target marketing, these requirements will challenge the growth of smart cities and chip away at their technical infrastructure, as these cities rely upon connected buildings, vehicles and other IoT devices, extensive data sharing, and the new information eco-system of private company partners and suppliers. For example, the expanded definition of “Personal Information” under the CCPA includes IP addresses (a provision designed to limit the ability of technology/AdTech companies to target consumers who have not provided consent), which may inadvertently have a material, long-term impact on the ability of companies to collect and/or gain access to the mission critical IP-address-related mobile, geolocation and other data that smart cities depend upon (e.g., behaviors, location) for just-in-time services and information.
This article highlights some of the greatest challenges for smart city companies, which rely upon significant amounts of data to build accurate data models for machine learning and artificial intelligence. We also explain how strong data governance and the application of key data controls are essential to providing the data protection levels necessary to realize the full potential that smart city technologies can offer.
You’re Probably in a Smart City Right Now
A “smart city” amasses a wealth of data from a vast array of technology and communication devices implemented to improve critical city services, from air and water quality to transportation, energy and communication systems. A typical smart city initiative might involve sensors to read vehicle traffic for congestion management or a comprehensive network of CCTV-style cameras to monitor activity for public safety.
Many people consider smart cities as limited to a few newer cities or neighborhoods that have been engineered from the outset (such as Sidewalk Toronto — a 20-year undertaking to develop 12 acres of Toronto’s industrial waterfront). These developments are the exception, however, as thousands of mature cities around the world increasingly deploy devices to collect additional data for analytics. Smart cities are no longer a rarity or a destination: Chances are, you are in one right now. According to the Smart America Challenge, “city governments will invest approximately $41 trillion over the next 20 years to upgrade their infrastructure” to benefit from the Internet of Things. And TechRepublic reports that “smart city growth continues to expand, with 66% of cities reporting that they are investing in smart city technology, and 25% of those without any smart city systems are exploring how to implement it, according to a … report from the National League of Cities.”
The Smarter the City, the Greater the Privacy and Security Risk
Not surprisingly, smart cities pose risks to the privacy and security of individuals, especially where such data is personal, financial or health oriented. Inappropriate or unauthorized access to smart city data might reveal, for example, an individual’s driving habits (which could affect their auto insurance rates) or personal health afflictions (based on frequent visits to a specialized medical professional). Smart cities may have a greater number of suppliers with access to personal information, and data protection is only as strong as the weakest link in this long chain.
Additionally, public governments may lack resources and may struggle to preserve individual privacy and the security of data collected. Further, some recent privacy regulations apply only to certain corporate entities (e.g., based on industry or revenue), and municipalities and public agencies are exempt from these higher standards.
The increased frequency of personal data sharing with cities and other public entities — ostensibly for public benefit — compounds the risk for individuals. For example, certain providers of autos, bikes or scooters share data with the municipalities in which they operate for mobility improvements in the city. In Los Angeles, Bird, Lime and others must provide real-time information about how many of their vehicles are in use at any given time, where the vehicles are and the physical condition of the vehicles. Other information includes operating cost, customer cost and start and end trip data. One of the ride hailing companies shares pick-up and drop-off data with Washington, D.C. for city analysis and to consider whether the city’s street designs or traffic patterns accommodate the new ways of getting around. One on-demand vehicle sharing company is trading car-location data to help city planners refine their computerized traffic flow models in exchange for dedicated parking spots — a rare commodity in certain cities! While this mobility data is typically aggregated and/or de-identified, reidentification is increasingly possible given data availability and technological capabilities.
New Privacy Regulations Mean Complex Requirements for Smart City Stakeholders
The European Union’s General Data Protection Regulation, which took effect last year, requires additional protections for the data of individuals in the EU, including valid legal bases for data processing and enhanced rights for data subjects. More recently, and in the absence of a federal U.S. data privacy law, certain states have proposed or passed regulations that likewise increase the level of protection afforded to consumers. Cities, too, are following suit: A bill was introduced at the end of July that would make it illegal for cell phone companies and mobile app developers to share location data gathered while a customer’s mobile device is within New York City’s five boroughs. These regulations contain provisions that would be exceptionally challenging for many smart cities.
- Data Selling/Sharing. The CCPA, set to take effect on January 1, 2020, requires the identification of categories of third parties with whom the personal information of California consumers is shared and mandates that consumers have the right to restrict such sharing. This risk is higher than in the past given that the CCPA broadens the definition of personal information to include geolocation, unique identifiers (e.g., device identifiers, IP addresses) and biometric information, among other data elements. Under this requirement, smart city companies (e.g., those providing cameras, parking meters and sensors) will need to employ controls for greater visibility and management of the personal data that these devices collect and/or process. Contractual provisions mandating adequate data protection and capabilities to restrict data processing and data deletion will become table stakes.
- Data Subject Access Rights. The GDPR and CCPA provide individuals with rights to access, correct, delete and/or move (port) their data to another provider. These requirements pose technical and operational challenges for smart city companies that must collect and store data in an organized manner, be capable of retrieving the data within a reasonable time period and present it to the individual in a readable format. As with data selling/sharing, smart city companies will need to implement repeatable processes to identify the vast troves of data held for each individual and respond to data subject requests.
Using Old Dogs to Teach New Tricks
To address these new or heightened regulatory requirements, smart cities and their stakeholders need to implement robust data governance mechanisms and leverage and strengthen traditional safeguards for data accountability, monitoring and auditability.
- Clear Data Oversight and Accountability. One approach for controlled data use and ownership for smart cities is to employ data trusts, which may be independent of the city. These data trusts have a variety of responsibilities, including vetting companies in the supply chain who provide products and services to the smart city, defining and enforcing minimum standards throughout the data lifecycle (data collection, storage, use, sharing and disposal), and conducting periodic assessments to evaluate compliance with these standards. Chicago has developed an Executive Oversight Committee that must approve any proposed privacy changes, such as additional image processing algorithms or sensors that could potentially have privacy implications. The EOC is governed by dedicated privacy policies for the city’s Array of Things project.
- De-Identification. The Federal Trade Commission advises that, given the risk of reidentification, it is important to have accountability mechanisms in place. Owners should take reasonable steps to prevent reidentification, including de-identifying the data whenever (and as soon as) possible, publicly committing to not reidentify, and having enforceable contracts in place that prohibit reidentification by any third parties with whom the data is shared.
- Data Aggregation Rules. The adoption of deliberate, risk-based approaches for data analytics and marketing provides another safeguard. Establishing rules to de-identify personal information decreases risks of inappropriate data use while increasing the ability to share data with third parties. For example, for a smaller dataset, the “rule of 25” mandates that data analysis may be conducted only on a dataset that contains a minimum of 25 individuals. The “rule of 76+” grades age selection and filtering into tiered ranges with the maximum age tier set to 76+, which ensures that octogenarians cannot be explicitly selected and filtered. Location-based de-identification standards are also particularly relevant in smart cities, where limitations on the granularity of location data (e.g., to the street or neighborhood level instead of precise GPS coordinates) or limitations based on the type of location (e.g., a residential address) help protect the privacy of individuals, especially when the data is analyzed in conjunction with other activity or behavioral information. Often, many rules are needed for the same dataset to prevent reidentification.
- Transparency and Notice. Providing notice and choices to users about the collection and use of personal data will be a challenge. Smart cities and their downstream partners must be creative and develop a well-planned suite of just-in-time and other notices that convey clearly and comprehensively (but concisely) the necessary information for users to make informed decisions about their personal data. They may also explore innovative concepts such as affiliated consent, whereby the parties approved or trusted by an individual curate experiences or make decisions for them and the individual’s data is shared accordingly. For more on affiliated consent and privacy law as it relates to connected cars, see co-author James Koenig’s TEDxWilmingtonSalon talk “Navigating Privacy to Realize the Promise of Connected Cars.”
Five Steps Smart City Companies (and Others) Should Take Now
- Review & Enhance Data Governance. Ensure accountability through designated roles/teams, data governance committees or independent oversight bodies, data ethics frameworks and periodic audits to engage internal and external stakeholders regarding the sufficiency of data governance and related controls.
- Conduct Privacy Impact Assessments. New privacy laws and regulations are quickly raising the bar for privacy (and with it, consumer and regulator expectations). Use privacy impact assessments to analyze how information is collected, used and shared to identify privacy and security risks early and often.
- Improve Data Sharing Visibility and Controls. The use or sharing of personal data for safety or for value requires smart cities to maintain greater visibility of data movement (internal and with third parties) and more granular technical controls/capabilities to restrict sharing and use. Building trust requires greater individual and community input and choices.
- Identify & Segregate Different Use Cases. Review data collection and uses, and segregate data flows and data storage for those use cases requiring personal data from those that do not. Leverage de-identification techniques wherever possible (preferably at the time of data collection), data aggregation rules, and data access controls to minimize risk related to unauthorized use and disclosure. Consult industry resources on these approaches such as those from NIST and the FPF.
- Limit Data Access. Limit data access to designated individuals who understand the relevant risks and who have a legitimate business purpose. Establish robust provisioning and de-provisioning processes with periodic access reviews to identify and remove any individuals who no longer require such access or whose access has been abused.
New Federal Circuit Guidance on Design Patents: Key Takeaways for Companies Seeking Protection
With few substantive decisions addressing design patents, it’s always exciting to see new guidance from the U.S. Court of Appeals for the Federal Circuit on how these valuable IP assets are prosecuted and enforced. In two recent decisions, the court clarified the proper application of two different portions of the relevant statutory provision, 35 U.S.C. § 171. In Automotive Body Parts Association v. Ford Global Technologies, the court underscored the low bar of ornamentality for designs by refusing to invalidate two patents incorporated into Ford’s F-150 pickup truck. And in Curver Luxembourg, SARL v. Home Expressions, the court emphasized that the scope of a design patent is limited by the article of manufacture recited in the claim. Both decisions provide direction in developing effective patent strategies.
ABPA: Ornamentality Remains a Low Bar
Design patents may be granted to inventors of a “new, original and ornamental design for an article of manufacture.” 35 U.S.C. § 171. While the article itself is generally functional, the design sought to be protected may not be one primarily dictated by function. This ornamentality requirement was the basis of the ABPA’s declaratory judgment lawsuit.
The ABPA, an association of auto part distributors, argued in the U.S. District Court for the Eastern District of Michigan that two of Ford’s design patents — one covering the F-150 hood and the other the headlamp — were invalid as primarily functional. Borrowing from trademark law and arguing that purchasers of replacement parts prefer hoods and headlamps that match the original appearance of the vehicle, the ABPA concluded that the functional benefit of aesthetic compatibility rendered the patents invalid. The district court denied the ABPA’s motion for declaratory judgment and held that the patents were not invalid under 35 U.S.C. § 171.
In affirming the lower court, the Federal Circuit similarly rejected the ABPA’s theory of functionality, holding that, regardless of consumer preference for matching parts, “the aesthetic appeal of a design to consumers is inadequate to render that design functional.” Rather, as Judge Stoll wrote for the court, a preference for Ford’s designs over competitor parts that perform the same function “is exactly the type of market advantage ‘manifestly contemplate[d]’ by Congress in the laws authorizing design patents.”
The Federal Circuit declined the ABPA’s invitation to extend the trademark law principle of aesthetic functionality to design patents, explaining that although trademarks and design patents have certain similarities, they serve different purposes, and “[t]he considerations that drive the aesthetic functionality doctrine of trademark law simply do not apply to design patents.”
While the court has not mandated a specific test to determine whether a design is functional, precedent has often looked to the presence of alternative designs as an indication that the design serves a primarily ornamental purpose. In this matter, the Federal Circuit noted that Ford introduced “abundant evidence” showing that many alternative headlamp and hood designs physically fit its trucks and perform the same functions as the original parts.
Similarly unsuccessful was the ABPA’s theory that Ford’s patents were unenforceable under the doctrine of exhaustion. Exhaustion is the principle that once a patent holder sells something covered by their patent, the purchaser does not infringe the patent by using the purchased item. It was already well established for utility patents that exhaustion applies only to the specific article sold and does not give the purchaser the right to create additional copies of the patented invention. However, the ABPA argued that a different rule should apply for design patents. In particular, the ABPA urged that the sale of an F-150 truck exhausts Ford’s design patent rights and allows the use of the designs on replacement parts intended for use with Ford’s trucks. In rejecting this argument, the court noted that “we apply the same rules to design and utility patents whenever possible.” The Federal Circuit did not find any reason why design and utility patents should be treated differently with regard to exhaustion, concluding that it “attaches only to items sold by, or with the authorization of, the patentee,” and that since “ABPA’s members’ sales are not authorized by Ford; it follows that exhaustion does not protect them.”
The ABPA also argued that its members had a right to repair their trucks and were thus immune from infringement. It is well established that the purchase of a patented article includes the right to repair it. In the context of utility patents, that right does not extend to complete reproduction of the patented article or a license to produce other, independently patented articles. The court declined to make a special rule for design patents with similar reasoning to that used for ABPA’s exhaustion argument, finding that Ford’s sales of F-150s did not include a right to produce replacement hoods and headlamps because “the designs … are covered by distinct patents.”
The Federal Circuit’s ABPA decision demonstrates the important role that design patents can play in protecting the market for replacement parts against aftermarket sales by competing manufacturers. It makes clear that the ornamentality requirement is a low bar and that the aesthetic appeal of a design does not itself render the design primarily functional.
Companies seeking protection in this space should consider the availability of alternative designs to support a claim of ornamentality. They should also carefully consider the scope of design patent claims. The ABPA decision specifically noted that if Ford had patented its designs in the context of the whole truck, rather than just the headlamp or hood, purchases of the truck would have come with a right to repair the truck by replacing those components. Thus, companies should seek to file design patents on distinct components that they expect to be replaced throughout the lifetime of the product as a whole.
Curver Luxembourg: A Case of First Impression
The Federal Circuit similarly weighed in on the scope of design patent claims in Curver Luxembourg, SARL v. Home Expressions, a case of first impression upholding a New Jersey judge’s ruling that Home Expressions’ baskets showing an overlapping “Y” pattern did not infringe Curver’s patent showing a similar design.
While the ornamentality requirement of § 171 was at issue in ABPA, at issue in Curver Luxembourg was the statute’s requirement that the design be applied to an article of manufacture. To determine the scope of a design patent, courts have traditionally looked to the figures illustrated in the patent. Critically, however, while the title, description and claim of the patent-in-suit, US D677,946, recite a “pattern for a chair,” the figures show only the pattern itself.
Curver sued Home Expressions in New Jersey district court, alleging that Home Expressions made and sold baskets that incorporated Curver’s claimed “Y” pattern and thus infringed the ’946 patent. Home Expressions moved to dismiss the case under Federal Rule of Civil Procedure 12(b)(6), arguing that its baskets did not infringe because the patented design was limited to chairs. The district court agreed. In applying the “ordinary observer” test for design patent infringement claims, the court construed the scope of the design as limited to the article of manufacture (here, a chair) listed in the patent and concluded that an ordinary observer would not purchase a Home Expressions basket with an overlapping “Y” design believing the purchase to be for an ornamental “Y” design applied to a chair. The court noted that, during prosecution, Curver had amended the title to satisfy the article of manufacture requirement after the examiner concluded that the original title of “Furniture (Part Of)” was too vague.
On appeal to the Federal Circuit, Curver argued that the district court erred by relying on claim language reciting a “pattern for a chair,” rather than focusing on the figures, which did not show an article of manufacture. The case thus tasked the Federal Circuit with answering a unique question: how to construe the scope of a design patent when an article of manufacture is recited in the claim but not depicted in the drawings. Concluding that Curver’s argument “effectively collapse[d] to a request for a patent on a surface ornamentation design per se,” the court declined to construe the scope of design patent law so broadly, looking to precedent and U.S. Patent and Trademark Office practice to support its holding that design patents are granted only for designs applied to an article of manufacture. The answer to the unique question facing the court was thus: “claim language can limit the scope of a design patent where the claim language supplies the only instance of an article of manufacture that appears nowhere in the figures.”
The decision in Curver has several implications for companies seeking design patent protection. When initially drafting design applications, companies should balance limiting the scope of prior art with obtaining broad protection in deciding how to define the article of manufacture to which the design is attached. Companies should consider including support for a range of articles of manufacture with differing scope in their applications. Companies with pending applications should also consider filing continuations claiming their designs applied to articles of manufacture of differing scope to the extent their existing specifications support such claims. Finally, should an examiner request an amendment to the title during prosecution, companies should carefully scrutinize any recommended titles to determine the potential impact on claim scope.
The Time is Now: Renew DMCA-Designated Agent Registrations with the Copyright Office
Starting December 1, 2019, service providers will need to renew their Digital Millennium Copyright Act-designated agent registrations with the U.S. Copyright Office to remain qualified for safe harbor protection.
Fenwick advises all service providers who seek the safe harbor protections of the DMCA to promptly renew their online designated agent registrations via the DMCA website. Read on for a summary of key points to keep in mind.
What is a DMCA safe harbor?
The Digital Millennium Copyright Act includes a set of provisions commonly known as the DMCA Safe Harbors. 17 U.S.C. § 512. These provisions are designed to protect online service providers from liability from copyright claims arising out of end-user conduct that copyright holders claim is infringing: when, for example, users submit content to an online service that does not belong to them, this could be an act of copyright infringement. To learn more about DMCA Safe Harbors, read our detailed overview, see this video and review our interactive reorganization of the safe harbors portion of the DMCA.
Who is a designated agent?
The designated agent receives all notices of alleged copyright infringement on behalf of the service provider. The agent’s contact information must be available to the public and the Copyright Office. Service providers must provide detailed contact information, including the full name, physical street address, telephone number and email address for both the organization and the designated agent. It must also submit contact information for the representatives who will serve as primary and secondary contacts with the Copyright Office.
What is this renewal process?
In December 2016, the U.S. Copyright Office issued a rule requiring complete re-registration of all DMCA-designated agents through the office’s new online system. All new registrations automatically expire after three years, so December 1, 2019 marks the first day in a rolling period that online renewal is required. There is a $6 fee for each registration or renewal.
What happens to service providers that miss the deadline?
Any lapse in registration is a lapse in safe harbor protection for that time period. It is therefore very important for service providers to promptly review their deadlines and renew their designated agent registrations before they expire. We advise clients to calendar reminders every three years to avoid any lapses in safe harbor protection.
Clear Trends Visible in the Post-TC Heartland Patent Landscape
The patent landscape experienced a paradigm shift with the May 2017 United States Supreme Court decision in TC Heartland v. Kraft Foods Group Brands. In TC Heartland, venue in patent cases was narrowed to either (1) the defendant’s state of incorporation or (2) the jurisdiction where the defendant allegedly committed acts of infringement and has a regular and established place of business. This ruling has led to new trends in patent cases.
Before TC Heartland, a corporation could be sued in any jurisdiction in which a defendant was subject to a court’s personal jurisdiction. The test was “minimum contacts” — a low bar. For example, courts found that venue was proper based on the sale or distribution of accused products to customers in the jurisdiction. See, e.g., Astute Tech., LLC v. Learners Digest Int’l LLC, C.A. No. 12-cv-689-WCB, 2014 WL 12596468 (Apr. 28, 2014) (finding 46 sales of the accused product in the district sufficient); IDQ Operating, Inc. v. Aerospace Communications. Holdings Co., C.A. No. 15-cv-781 2016 WL 5349488 (Jun. 10, 2016) (finding sufficient the sale of accused products to a nationwide distributor that sold the products in the district). The sale of accused products alone is no longer sufficient, however. Those sales must now be coupled with evidence that the defendant has “a regular and established place of business” in the district.
TC Heartland effectively redistributed the filing of many patent cases from the Eastern District of Texas to Delaware, a district where many technology companies are incorporated. According to Lex Machina, from January 2008 to May 2017 (under the “minimum contacts” standard), 27 percent of patent cases (9,939 of 36,344) were filed in the Eastern District of Texas, 15 percent in Delaware and 14 percent in the Central and Northern Districts of California. Since May 2017, however, the number of filed cases in the Eastern District of Texas has declined dramatically, and as of September 16, 2019 makes up 14 percent of patent cases (1,140 of 8,007). In the same period, filings in Delaware increased to 27 percent and filings in the Central and Northern Districts of California increased to 16 percent. And since 2018, there has been a 165 percent increase in patent cases in the Western District of Texas — a district where many technology companies have regular and established places of business.
At the same time, there has been an increase in the number of patent campaigns targeting defendants in multiple districts — campaigns that could previously be brought in a single jurisdiction. For example, a post-TC Heartland patent campaign against multiple defendants is likely to span multiple districts, such as the District of Delaware and the Western District of Texas, among others. Cases in Delaware and the Western District Texas proceed on starkly divergent schedules. Compare Power Feed-Thru-Systems & Connectors, LLC v. Sonic Connectors, LTD, C.A. No. 18-cv-00345-ADA, D.I. 27 (W.D. Tex.) (identifying a 17-month schedule to trial), with Edwards Lifesciences, LLC v. Boston Scientific Corp., C.A. No. 18-cv-01294-RGA, D.I. 15 (D. Del.) (identifying a 29-month schedule to trial). Their differing timeframes makes coordination on common issues (e.g., assertion of infringement based on standard essentiality, invalidity, claim construction and fact discovery) impractical for defendants in different district courts. When this kind of differential occurs, the result often is that defendants in the district with the fastest schedule bear the cost of addressing core issues long before they would be addressed by defendants on the slower schedule cases.
Multidistrict litigation is one possible response to this development. Congress authorized the transfer of “civil actions involving one or more common questions of fact . . . to any district for coordinated or consolidated pretrial proceedings.” 28 U.S.C. § 1407. Such a transfer could lower the overall cost of litigation by allowing coordination on common issues in the same jurisdiction. MDL may also lead to earlier case resolution. A plaintiff’s assertion of infringement based on standard essentiality could be resolved across all co-pending cases on an early motion to dismiss before the Judicial Panel on Multidistrict Litigation. As of September 16, 2019, there were only nine pending patent multidistrict litigations. As patent campaigns continue to be launched against defendants in divergent district courts, we could see an increase in patent defendants availing themselves of the MDL litigation process.
Eleventh Circuit Affirms Contributory Trademark Infringement Award
By Sapna Mehta
The United States Court of Appeals for the Eleventh Circuit affirmed liability under the “know or has reason to know” standard for contributory trademark infringement in Luxottica Group, S.p.A. v. Airport Mini Mall, a case concerning a mall owner’s liability for alleged sale of counterfeit goods by retailers who subleased space in the mall.
The plaintiffs, luxury eyewear manufacturers and sellers, sued the owners, the manager and the lessee of a shopping center for contributory trademark infringement of their Ray-Ban and Oakley-branded eyewear. A jury found the defendants liable and awarded $1.9 million in damages. The Eleventh Circuit affirmed, finding the defendants had constructive knowledge of the trademark infringement, based on their willful blindness to it.
The court applied the elements for contributory trademark infringement from the Supreme Court’s Inwood Laboratories v. Ives Laboratories decision (involving product manufacturers) because the defendants provided services and support that facilitated the direct infringement. The mall owner provided the lessee — and the 100-plus retailers who subleased retail space from the lessee — with services such as lighting, water, sewage, maintenance, cleaning and customer parking.
Under Inwood, the court considered whether the defendants had actual or constructive knowledge of the infringement. The defendants urged the court to follow the Second Circuit’s decision in Tiffany (NJ) v. eBay. In eBay, Tiffany sued the online marketplace based on allegedly infringing goods listed for sale by users of eBay’s platform. The Second Circuit held that a service provider, such as eBay, could only be liable for contributory trademark infringement with knowledge of specific acts of infringement, rather than general knowledge or a reason to believe that its service is being used for infringing purposes.
The Eleventh Circuit, however, declined to decide whether knowledge of specific infringing acts is required. Instead, it determined, regardless of the standard applied, that there was sufficient evidence to support liability. The court rejected the defendants’ argument that the plaintiffs failed to prove knowledge because they did not provide notice that specific retailers in the mall were infringing. It held instead that knowledge can come from “many sources,” not limited to the plaintiffs’ notices. It distinguished Tiffany, in which the Second Circuit rejected Tiffany’s demand letters that did not identify particular eBay sellers, finding that the defendants here did not need assistance in identifying the infringing goods.
The court pointed to three categories of evidence as showing constructive knowledge: (1) “serious and widespread” infringement based on three law enforcement raids to execute search warrants, arrest subtenants and seize alleged counterfeit products; (2) the mall’s manager and attorney meeting with the local police department to discuss counterfeit sales at the mall after the plaintiffs sued; and (3) the defendants’ ability to inspect each retail space in the mall to see if retailers displayed goods with Luxottica’s marks at suspicious prices after receiving demand letters from the plaintiffs identifying certain retailers. It made this determination despite acknowledging evidence of “a legitimate secondary market for Ray-Ban and Oakley eyewear.”
The opinion did not decide, and thus leaves open, the requisite knowledge standard for contributory infringement in the Eleventh Circuit. The court’s analysis, however, departs from the framework adopted by other courts by finding sufficient evidence based on more generalized knowledge of the alleged infringement, rather than limiting its consideration to knowledge of the specific infringing acts. In affirming the landlord’s liability for the acts of its tenants, the Eleventh Circuit thus left open the possibility of holding service providers liable for contributory trademark infringement based on a reason to believe that their services are being used for infringing purposes.
Georgia Appellate Court Opens the Door for Trade Secret Misappropriation Suits Against State Entities
In Board of Regents of the University System of Georgia v. One Sixty Over Ninety, the Georgia Court of Appeals held recently that a state entity is not immune from trade secret claims brought under the Georgia Trade Secrets Act. The ruling paves the way for courts in other states to deny sovereign immunity in trade secret cases.
One Sixty, a creative services agency that provides branding and strategy services, claims that it shared confidential information with the University of Georgia through recorded webcasts and a written response to UGA’s request for proposal for a branding initiative. One Sixty ultimately lost the branding initiative bid to Ologie, LLC, its direct competitor in the higher education community. Despite UGA’s assurances that One Sixty’s responsive information would remain confidential, a UGA employee allegedly shared One Sixty’s recorded presentations and a selection of One Sixty’s creative work samples with Ologie, which used this information to compete with One Sixty in other proposals.
One Sixty sued UGA for misappropriation of its trade secrets under the Georgia Trade Secrets Act. UGA moved to dismiss, arguing that One Sixty’s trade secret claims were barred by sovereign immunity, which shields the state from suits seeking to recover damages unless immunity is explicitly or implicitly waived. The trial court, however, disagreed and concluded that One Sixty’s trade secret claims could move forward against UGA.
Affirming the trial court, the appellate court determined that the language of the Georgia Trade Secrets Act does not contain an express or implied waiver of sovereign immunity. But that did not end the inquiry. The appellate court next examined Georgia tort law, the history of the Uniform Trade Secrets Act and claims available under the Georgia Trade Secrets Act. It ultimately concluded that a violation of the Georgia Trade Secrets Act is a tort that a litigant may pursue as a claim against a state entity under the Tort Claims Act — a statute that does contain an express waiver of sovereign immunity.
The One Sixty decision comes on the heels of a 2018 ruling from the U.S. District Court for Massachusetts in Fast Enterprises v. Pollack, which held that the Defend Trade Secrets Act does not create a federal cause of action for trade secret misappropriation against a state government. In that case, the district court noted that this issue “must be resolved by the state courts or the state legislature.” Litigants seeking to bring trade secret claims against state entities should therefore be mindful of the differences between federal law and state law, and should consider these distinctions in deciding whether to bring a state or federal trade secret claim.