Mr Pinckney (a songwriter resident in France) alleged the infringement of his copyright through, inter alia (i) online sale of unauthorized CDs by two British companies, and (ii) online access to these songs offered by these companies.  In his Opinion, the AG recalled the basic principles of EU private international law for tort liability and then looked more closely at the courts that are competent to hear online copyright infringement cases.  One of the criteria to identify the competent courts is the territory in which the damage occurs.  The AG took the view that the damage from an online copyright infringement occurs in the territory whose population was targeted by the infringing website (para. 64).  The activity of the website should disclose an intention on the part of its performer to target persons in that territory (para. 61).

The ultimate judgment in Pinckney may have broader implications for the approach taken to online distribution in other areas of law.  For example, when assessing compliance of distribution agreements with EU Competition law, the “active sales” concept is fundamental (i.e., sales targeted at customers in a specific territory).  The Commission uses various objective indicia to identify active sales (see Commission Guidelines, para. 51).  If the court takes jurisdiction in Pinckney, it may be that these indicia could also be complemented by other elements, perhaps including intention.

It remains to be seen whether the CJEU will take jurisdiction and, if it does, whether it will follow the AG’s approach.

Addressing such threats, FDA has issued a draft guidance document entitled “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices.”  The draft guidance is intended to make “recommendations to consider and document in FDA medical  device premarket submissions to provide effective cybersecurity management and to reduce the risk that device functionality is intentionally or unintentionally compromised.”

FDA outlines three general principles of cybersecurity that manufacturers should consider:

• Confidentiality of data, information, and systems;
• Integrity of data and information; and
• Availability of data, information, and information systems when needed.

According to the draft guidance, devices that connect with other devices, with the Internet, or with portable media could be more vulnerable to cybersecurity threats.  Manufacturers will be expected to perform a hazard analysis for their particular devices.

The draft guidance makes specific recommendations of security features to consider and document in premarket submissions, including measures to limit access to trusted users, ensuring trusted content, and using fail safe and recovery features.  The draft guidance also specifies the type of documentation that should be included in submissions to address cybersecurity issues, such as a traceability matrix that links cybersecurity controls to risks that were considered.

Although the guidance is geared toward premarket submissions, it may be useful for manufacturers of class I devices as well.  Class I devices that are automated with computer software are subject to the design controls of the Quality System Regulation (QSR).  FDA recommends several specific cybersecurity activities that manufacturers should consider as part of a risk assessment under the QSR.

Retransmission consent agreements may contain a provision that limits the geographic area within which the cable operator can retransmit the broadcast signal to its subscribers.  The District Court denied Nexstar’s request for an injunction because it found that the retransmission consent agreement in effect between the parties contains no such provision.  For this reason, the District Court found that the retransmission consent agreement does not prohibit Time Warner from rebroadcasting the signals outside the stations’ local markets, and accordingly found that injunctive relief against such retransmission was not warranted.

The Fifth Circuit agreed, finding that the agreement describes only what Time Warner must transmit, and that it does not limit where Time Warner may retransmit signals. The Court also ruled that there was likely no copyright infringement claim.

On 22 May 2013, the Supreme Court issued a ruling on the English law of confidential information.  The case represents a helpful guide as to how confidential information may be protected by a business after the end of an employment contract.

The case, Vestergaard Frandsen A/S (now called MVF 3 ApS) and others v Bestnet Europe Limited and others [2013] UKSC 31, deals with facts that may represent a fairly common business scenario.  In the case, one employee left a business, together with a consultant, to set up a rival business.  In the course of their work at the new business, the ex-consultant used what was, unbeknownst to the ex-employee, confidential information that the court deemed to be a trade secret from the prior business.

Considering these facts, the High Court found the ex-consultant liable for breach of confidence.  Expanding on that finding, the Supreme Court found that the ex-employee — in contrast to the ex-consultant — should not be liable for breach of confidence, because unlike the ex-consultant the ex-employee had had no knowledge of the trade secret when working for their former employer, and because the ex-employee hadn’t subsequently realised that the information had ever originated from their former employer when it was being used in the new rival business.

Summarising the Supreme Court’s logic, Lord Neuberger stated that “an action for breach of confidence is based ultimately on conscience”.  In other words, the ex-employee was not liable because she had no knowledge of the breach, so her conscience couldn’t have been affected – despite the fact that the ex-employee had arguably assisted in the use and misuse of the trade secret in the course of running a rival business.

By stressing the importance of the ex-employee’s awareness of the breach, the Vestergaard case highlights the way in which courts have tried to balance the need for businesses to protect trade secrets against the need for robust competition.

Under English law, information is generally protected as confidential if it is confidential in nature, and disclosed in circumstances that import an obligation of confidence.  This obligation can be expressly stated in a contract, or it can be implied through general circumstances, or through the relationship between the parties concerned (for example, employers can tell employees that information imparted is confidential).  In classic breach of confidence cases, confidential information may be disclosed and/or used in ways that are inconsistent with its confidential nature, by a defendant who has received the information and who knew (or ought to have known) that such information was confidential.  Defendants may also be secondarily liable if they assist in a breach of confidence, but again only if they are aware (or ought to have been aware) that a breach is occurring.

English law also distinguishes between different types of confidential information acquired by employees.  The first case to make the distinction between the different types of confidential information was Faccenda Chicken v Fowler [1987] Ch 117.  Faccenda Chicken distinguished between two classes of confidential information acquired by employees, being (A) information with some confidential element, and (B) information that is either “classed as a trade secret” or “is in all the circumstances of such a highly confidential nature as to require the same protection as a trade secret eo nomine”.  To decide into which category information should fall, English courts look at several factors, including the nature of the employment and the information in question, and the steps taken by employers to impress upon their employees the nature of confidentiality of the information.

There is a sharp difference in the level of protection granted to the different categories of information under English law.  In Faccenda Chicken, the Court of Appeal made clear that employees were obliged to treat information falling under category (A) as confidential under an “implied duty” of confidentiality for the course of their employment — but for no longer than that.  By contrast, information in category (B) was covered by an implied duty of confidentiality even after the end of an employment period.  The Vestergaard case illustrates this divide in practice:  in the case, the High Court ruled that the information in question fell into category (B), and that therefore the information was protected even after the consultant had left the business.

In his conclusion, Lord Neuberger stated that “in a modern economy, the law has to maintain a realistic and fair balance between (i) effectively protecting trade secrets (and other intellectual property rights) and (ii) not reasonably inhibiting competition in the market place”.  The Vestergaard judgments have maintained this balance, by providing some protection to IP rights such as trade secrets, but equally by not inhibiting an honest attempt to compete with former employers.

Commentators observed that the letter appeared to be intended, in large part, as an educational tool for industry.  As such, it’s appropriate to ask:  what lessons should industry draw?  Although single enforcement actions do not always serve as reliable predictors of future actions, the letter offers a handful of key takeaways:

• Public and political pressure can spur FDA action.  Biosense’s app hardly was flying under the radar.  The app received media coverage after being featured at a TED conference, and it was called out in trade press and in testimony to the House Energy and Commerce Committee.  These factors likely helped push FDA to finally take a public enforcement action.
• Lack of a final guidance document doesn’t preclude enforcement.  Although FDA’s draft guidance document on mobile medical apps was “distributed for comment purposes only,” the principles FDA proposed were on display in the Biosense enforcement letter.  The uCheck app had the effect of transforming “the mobile platform into a medical device”—causing FDA to conclude that “the phone and device as a whole functions as an automated strip reader.”  It thus fell into one of the categories of apps that FDA stated that it would regulate.
• FDA will second-guess how an app is listed.  Though not mentioned in the enforcement letter, the uCheck app is listed in FDA’s establishment registration and device listing database as a class I “[a]utomated urinalysis system” under 21 C.F.R. § 862.2900, defined as a “device intended to measure certain of the physical properties and chemical constituents of urine by procedures that duplicate manual urinalysis systems.”  Though not an inaccurate description of the device’s overall function, FDA’s letter observed that the app is intended to work with certain reagent strips that were cleared as part of class II test systems, and FDA offered an example 510(k) for a similar strip-reading device.  Thus, when determining the proper classification for an app, developers should thoroughly research how similar devices are regulated—as classification regulations that appear applicable on first blush may not capture all of a device’s functionalities.  Developers also should be aware of the “.9 regulations” contained in each device classification Part, which state that devices used for certain purposes (including “diabetes management”) are not exempt from the requirement of 510(k) premarket notification.

When the legislative package the EU Unitary Patent was agreed last December, many speculated that the 1 January 2014 date for the implementation of the EU’s Unitary Patent was overly ambitious.  The publication of the UK’s new Intellectual Property Bill (the “Bill”) on 10 May 2013 now gives real substance to this viewpoint.  The provisions of the Bill indicate that the UK will not ratify the Agreement on a Unified Patent Court (the “Agreement”), one of the key legislative instruments required for the Unitary Patent’s implementation, until April or May 2015.  Since the UK must ratify the Agreement before it can be implemented anywhere in Europe, it appears that the timetable has been derailed.  Given that a number of tech companies, including Nokia and BAE Systems, advocated vocally against the Unitary Patent in its current form, this may be welcome news to some.

The Unitary Patent will create a single patent with unitary effect, litigated in a Unified European Patent Court.  Regulation (EU) No 1257/2012 and Council regulation (EU) No 1260/2012 provide for the single patent with unitary effect.  The former also establishes the 1 January timeline for its implementation.  The Agreement creates the court system which will govern the new system.  However, the Unitary Patent cannot come into effect until 4 months after 13 EU member states have ratified the Agreement, which must include the UK, France and Germany.  Importantly, the ratification process is dependent on national laws and timelines.

The recent publication of the UK’s Bill confirms that the UK’s timetable for ratifying the Agreement will delay the Unitary Patent’s implementation.  Clause 16 of the Bill gives the Secretary of State the power to create a Statutory Instrument (the “SI”) to amend the UK Patents Act to provide for the Unitary Patent.  Only after the Bill has become law, will the SI be approved by Parliament.  Following approval of the Bill and subsequently the SI, the Foreign Office must present a command paper to Parliament requesting approval of the Agreement, completing the UK’s ratification process, probably in the Spring of 2015.

The UK may not be the slowest member state to ratify the Agreement.  It still remains to be seen if Germany, France and at least 10 other EU member states can ratify the Agreement within this extended time period of ~April/May 2015.  It is possible that Ireland and Denmark will be required by their national laws to hold a referendum on the Unitary Patent.  Even if sufficient countries have ratified the Agreement before the UK, the Unitary Patent will not be implemented for a further four months.  Furthermore, there are several other issues that could even delay the process, including a second Spanish legal challenge to the Unitary Patent presently in the CJEU.  Also, there are various procedural matters such as training judges and hiring the personnel to staff the courts to contend with.  Consequently, it does not appear that the new Unitary Patent system will be a reality until at least the second half of 2015.

In a May 17 Public Notice, the FCC asked for comments regarding possible variations on the previously proposed “Down from 51” band plan.  Under that plan, the FCC would clear TV spectrum from Channel 51 down after the anticipated auction of spectrum voluntarily relinquished by TV broadcasters.  The original plan would place a new uplink band in the higher portion of the cleared spectrum (adjacent to the current 700 MHz uplink band), while a new downlink band would occupy the lower portion of the spectrum.  One of the possible variants discussed in the May 17 Public Notice would reverse the position of the uplink and downlink bands.  Another proposal would convert cleared TV spectrum into a single band for mobile broadband, relying on Time Division Duplexing (TDD) to separate upstream and downstream traffic rather than paired uplink and downlink spectrum.  The Notice expressed the FCC’s concern that the original “Down from 51” plan would not allow enough flexibility if different amounts of TV spectrum are cleared in different markets.

However, today’s joint statement says that reversing the positions of the uplink and downlink bands “has absolutely no support in the record,” while the TDD approach would be “contrary to the one proposed by the majority of U.S. carriers.”  The statement suggests that the FCC’s resources would be “better spent on dealing with other critical and as-yet-unanswered questions in this proceeding, such as how co-channel interference concerns could undermine the variability of any band plan and how the FCC plans to conduct an effective re-packing.”

The FCC’s ruling interprets two subsections of the TCPA. The first subsection — 47 U.S.C. § 227(b) — includes several restrictions, including a general prohibition on making calls to landline or mobile telephones using a prerecorded message without  the recipient’s prior express consent. Section 227(b)(3) allows individuals or companies to bring private lawsuits “based on a violation of this subsection” or the FCC’s implementing regulations.

A separate portion of the TCPA — 47 U.S.C. § 227(c) — authorizes the FCC to set up a national Do Not Call registry, which the FCC did in coordination with the Federal Trade Commission several years ago. Section 227(c)(5) authorizes private lawsuits by individuals who receive “more than one telephone call within any 12-month period by or on behalf of the same entity” in violation of the Do Not Call rules.

Last week’s declaratory ruling came in response to questions referred to the FCC by two federal courts in two separate TCPA-based lawsuits. In one suit, filed against EchoStar Satellite LLC in  an Ohio federal court in 2007, a consumer alleged that telemarketers selling subscriptions to EchoStar’s satellite TV service — now provided by the DISH Network — made 30 calls to the plaintiff in violation of the TCPA. In the other suit, filed in an Illinois federal court in 2009, several state attorneys general alleged that DISH, through its authorized dealers, had violated the TCPA’s restrictions on prerecorded calls and calls made to numbers on the Do Not Call registry.

In accordance with the federal courts’ referrals, the parties in both cases petitioned the FCC to interpret the relevant TCPA provisions and regulations and determine whether sellers like DISH could be liable for unlawful telemarketing calls made by dealers or other third parties.

The FCC concluded that a seller is not always liable for calls made by third parties for the seller’s benefit, but that sellers may be held vicariously liable for the conduct of third-party telemarketers in some circumstances. Specifically, the FCC concluded that, at a minimum, federal common law principles of agency law allow a seller to be held vicariously liable under either statutory provision if the telemarketer acts as the seller’s agent or has “apparent authority” to do so, or if the seller ratifies the telemarketer’s conduct.

The FCC provided “illustrative examples” of situations in which sellers might be vicariously liable for telemarketers’ conduct, such as situations in which:

• the seller approves, writes, or reviews telemarketing scripts;
• the seller gives telemarketers access to customer information or the seller’s internal systems;
• the seller authorizes telemarketers to use the seller’s trade name, trademark and service mark;
• the seller “knew (or reasonably should have known) that the telemarketer was violating the TCPA on the seller’s behalf and the seller failed to take effective steps within its  power to force the telemarketer to cease that conduct.”

In a partial dissent, Commissioner Ajit Pai argued that the majority incorrectly interpreted the two TCPA provisions at issue to incorporate the same standard of vicarious liability, even though the provisions’ language differs. Pai argued that, given the language of the TCPA’s do-not-call provision, “the Commission should give meaning to [the words] ‘on behalf of’ and impose third-party liability for do-not-call violations whenever a telemarketer initiates a call on a seller’s behalf, even if that telemarketer is not under the seller’s control.”

The majority decision left open the possibility that the FCC could in the future interpret the TCPA to allow “a broader standard of vicarious liability for do-not-call violations,” but said the agency could not establish such a broad standard in a declaratory ruling, given the FCC’s existing precedent.

The FCC also recently released a Small Entity Compliance Guide outlining changes to the TCPA rules that were adopted by the FCC in early 2012 and that began taking effect last fall. Among other changes, the revised rules require all prerecorded telemarketing calls to include an automated, interactive opt-out mechanism throughout the duration of the call, as well as a toll-free telephone number that can be contacted to opt out when a prerecorded telemarketing message is left on voicemail. That rule took effect in January. As of October 16, 2013, prior express written consent will be required to transmit prerecorded or autodialed telemarketing calls to wireless numbers, and the established business relationship exception will no longer apply to prerecorded telemarketing calls to residential lines.