Blockbuster may not be able to rely on the what I learned in Kindergarten defense when it answers charges it illegally shared a plaintiff’s movie preferences with third parties. In a suit filed in Texas earlier this month, Cathryn Harris sued Blockbuster for sharing her rental history on Facebook.

The suit, which is currently seeking class action status, claims Blockbuster’s actions of feeding renters video choices to a news feed violate the Videotape Privacy Protection Act, (“VPPA”) which states in relevant part that a video tape service provider is liable under the VPPA if that provider knowingly discloses personally identifiable information without the renter’s “informed, written consent.” Harris contends the online “opt out” options she was given did not constitute her informed written consent as intended by the VPPA.

The sharing comes as a result of Blockbuster’s participation in the Beacon advertising program, which has received considerable attention and criticism from consumer activist groups and corporations over the past 18 months. Beacon is a form of “social advertising” that allows Facebook friends to see your purchases (as well as other transactions you make) through news feeds. After considerable controversy, Facebook changed the “opt out” provision to an “opt in” provision, so that users would not inadvertently share their personal information simply by accepting the use agreement. Even so, last year, Coca-Cola announced it would not be participating in the program, as did Overstock.com and several other companies, citing privacy concerns. For instance, research showed that participating companies were sending information to Facebook even for buyers who were not Facebook members. Although Facebook claims it deletes such information if and when it is received, many partner sites determined the program contained too many privacy problems for them to feel comfortable participating.

The VPPA was enacted in 1987. It is rarely cited and was clearly not created with the sort of digital transmission of private information in mind that happens today. In fact, the VPPA was enacted after Robert Bork’s video rental history was published during his Supreme Court nomination hearings.

Practice Note: Privacy policies are tricky things. Clients should be advised to create policies that they can follow. Any updates to a privacy policy, particularly ones that will change the way a user’s information is shared, should be highlighted in bold.

If u cn rd ths, then you’re either over 50 and remember the old shorthand print ads, or you use your phone to text messages. Amazon continues to push the digital envelope, recently launching its Text-To-Buy program. Adding to its existing mobile phone program (launched last Fall), consumers can set up an account online and then text the UPC, ISBN number, or even a keyword to AMAZON” (262966), and make purchases.

Text-to-buy is likely to pick up speed over the next year, with online and brick-and-mortar companies expanding their clientele and extending their shopping hours by allowing consumers to text purchases, either for pick-up or delivery.

Practice Note: Clients who want to add mobile interaction to their online sites should update their privacy and terms of use policies. The federal CAN-SPAM Act applies to all mobile devices.

Jacobsen v. Katzer, No. C06-01905 JSW, 2007 U.S. Dist. LEXIS 63568 (N.D. Ca. August 17, 2007)

This little case about model railroad software addresses a debated issue in the open source community: on what basis can open source creators sue people who misuse their work. This case seems to suggest breach of contract is an available remedy, but not copyright infringement. The case also deals with copyright law preemption.

Plaintiff developed model train software made available on this online community. Plaintiff’s work was subject to a standard open source software license permitting members of the public to make copies, distribute and make derivative works, providing they gave credit to the creators. Plaintiff alleged that defendants used plaintiff’s software to develop and fraudulently patent their own software for model train enthusiasts. Plaintiff sued on a number of counts and moved for a preliminary injunction to enjoin defendants from willfully infringing plaintiff’s copyrighted materials.

The court first held that plaintiff’s claims of unfair competition and unjust enrichment were preempted by federal copyright law, as both counts dealt “exclusively” with the misappropriation of plaintiff’s copyrighted files, a subject matter within the Copyright Act. To survive preemption the state claims must protect different rights than copyright rights. The state claims here did not add the required “extra element” to change the nature of the action or the rights secured under copyright law.

The court then denied plaintiff’s injunction, stating that plaintiff’s claims sounded in contract, not copyright. The court held that, implicit in a non-exclusive license like this one was a promise not to sue for copyright infringement. That is not to say that a licensor may never sue for copyright infringement, but they may only do so when the licensee exceeds the scope of the license. In this case, the license, like all open source licenses, was intentionally broad, closing the door to a copyright claim.

The Children’s Advertising Review Unit (”CARU”) has reached an agreement with Roca Wear, a children’s clothing line, to discontinue showcasing its website on advertisements directed at children.

Roca Wear produced an advertisement that appeared in the April 2005 print edition of Nickelodeon Magazine, which is exclusively directed at children. In the ad, Roca Wear prominently displays its web site and encourages readers to visit. The site is not designed for children in particular, but given the circulation of advertising, it is clear that children will visit the site. As a consequence, the site could, in theory, collect personally identifiable information from children without parental permission. Roca Wear has agreed to remove references to its web site in future advertising directed at children.

Practice pointer: If companies know (or have a reasonable expectation) that children may be visiting their website and registering with personal information, simply removing advertising may not be enough. Companies that have a prominent web presence will have to institute “neutral screening procedures” in order to filter out children under 13 and keep from contaminating their database. Merely because a web site is not directed at children does not mean children do not visit the site. Any site that has a “registration” process and is reasonably likely to attract children should institute a neutral screening process.