Privacy Law Developments For the New Year! DMCA and GDPR

Written by: Alex Modelski, Sameena Habib, and Christine Steenstrup

DMCA Online Registration (Re-registration) Deadline December 31, 2017

The Digital Millennium Copyright Act (“DMCA”) provides certain safe harbors from copyright infringement liability related to company websites and online services. In order to qualify for safe harbor protection, a company must do two things: (1) make certain contact information for the service provider agent available to the public on its website; and (2) provide the same information to the Copyright Office, which maintains a centralized online directory of designated agent contact information for public use. The service provider must also ensure that this information is up to date. In December 2016, the Copyright Office introduced an online registration system and electronically generated directory to replace their old paper-based system and directory. December 31, 2017 ends the U.S. Copyright Office’s period for transitioning from paper to online service provider agent designations. Service providers must electronically designate an agent by December 31, 2017 to benefit from safe harbor protection. Even those who previously filed using the old system must re-register using the Copyright Office’s new online system in order to benefit from the safe harbor.

Companies That Receive Personally Identifiable Information From EU Residents Must Comply with GDPR by May 25, 2018

The General Data Privacy Regulation (GDPR) is a new privacy mandate that takes effect on May 25, 2018. Unlike its predecessor—Directive 95/46/EC—the GDPR applies to U.S. companies who control or process data personal to residents in the European Union, no matter where their offices, employees, datacenters, or subsidiaries reside. The GDPR’s new privacy obligations are accompanied by stricter penalties for violators—fines up to 4% of global revenue from the previous fiscal year or 20 million Euros (23.5 million US dollars), whichever is greater—which is reason enough for U.S. businesses of all sizes and industries to understand their obligations under the GDPR.

The GDPR was formally adopted by the European Council on April 14, 2016, and the two-year transition period ends on May 25, 2018. Though there is less than a year to achieve full compliance, many U.S. data controllers and processors, particularly small to medium-sized enterprises, are still unfamiliar with their GDPR obligations.

Specifically, the GDPR ensnares companies whose data processing activities involve personal data of EU residents. U.S. companies that process data on behalf of companies with a volume of EU business may also be directly liable under the GDPR. And depending on the scope of their data collection or processing activities, many American businesses will be required to hire a Data Protection Officer (DPO) to report directly to a “Supervisory Authority” in the EU.

The GDPR imposes new privacy rights, including the right to erasure (formerly the “right to be forgotten”), the right to withdraw consent for specific types of processing, and the right to object to processing related to direct marketing, among others.

There is no omnibus, one-size-fits-all GDPR readiness strategy for U.S. controllers and processors, since each company’s approach would depend on the type of data processed. Genetic or biometric data, for instance, is subject to enhanced protections. But there are tasks that businesses can complete in advance of May 2018, like assessing current data policies and practices, enhancing data breach reporting protocol, and renegotiating vendor agreements to align key terms to comply with GDPR requirements.

Karr Tuttle Campbell’s privacy and data security attorneys are monitoring GDPR developments closely and are available to discuss how the regulation may impact your business. As data privacy continues its rise to the top of enterprise priorities, European-grade privacy policies will be a powerful advantage to leverage against competitors.

For further information, please contact Alex Modelski at amodelski@karrtuttle.com or Sameena Habib at shabib@karrtuttle.com.

Disclaimer: The materials you find in this email have been prepared by Karr Tuttle Campbell to provide information about the services we offer to our clients and to provide information of general interest about a variety of legal subjects. This information is not intended as legal advice or as a substitute for the particularized advice of your own counsel and should not be relied upon as such. The advice appropriate for you will be dependent upon the particular facts and circumstances of your situation. The transmission or receipt of this information does not create an attorney-client relationship.