Wednesday, April 17, 2019

What does the new EU Copyright Law have to do with my small business? Perhaps more than you think…

On April 15, 2019, the European Council approved the “Directive on Copyright in the Digital Single Market” — a major change to EU copyright law that was approved by the parliament of the European Union on March 26, 2019 with a vote of 348 yea, 274 nay, and 36 abstentions. The Directive’s next step will be publication in the Official Journal of the EU, after which member states will have two years to implement the Directive into their national laws.

What is the Directive and why might it matter for my small business?

The Directive is completely changing the copyright landscape in the EU – but given the global nature of the World Wide Web, it is likely to alter business practices around the world. 

The Directive’s greatest changes are to websites with user-generated content. Such websites include not only YouTube and Facebook, but also sites like Medium and blogs and commentary sites as well. If you have a website that contains user-generated content that touches the EU in any way, you may be responsible for making sure that content does not infringe copyright laws.

Over the last several months the Directive has been heavily criticized, particularly due to Articles 15 and 17 (formerly Articles 11 and 13), respectively the so-called “link tax” clause and “upload filter” clause. Prior to the vote by parliament, protestors took to the streets of Europe, cautioning that the Directive will “censor the internet.” Meanwhile, the author of the legislation and his supporters tout it as necessary to “protect and strengthen the rights of the creatives: authors, performers, singers, songwriters, journalists . . . all copyright-holders.”

Thursday, April 11, 2019

Lessons From Fyre Festival

Music. Supermodels. White sand beaches. Luxury villas. Gourmet dining. A VIP experience you will never forget.

No, I’m not talking about your typical legal experience at Gray Plant Mooty. This is everything Billy MacFarland and Ja Rule, the founders of Fyre Festival, promised and failed to deliver to festival-goers and investors in the Spring of 2017. 

For those who missed it, in 2016, Billy MacFarland, a young entrepreneur and the Chief Executive Officer of Fyre Media Inc., along with rapper Ja Rule, dreamt up the idea of a brand new musical festival on the Bahamian island of Great Exuma. The festival would be one of the most luxurious and exclusive musical festivals to ever exist — an “immersive music festival,” a party you certainly did not want to miss. MacFarland and the other organizers of the festival had a little more than four months to pull off an all-inclusive festival for thousands of people on a remote island in the Caribbean. Yes, four months. 

The organizers of the festival mainly relied on the powers of social media — a tactic specifically geared towards the millennial and Gen Z generations — to attract the attention of festival-goers and investors. They hired supermodels and other social media influencers to post about the festival on their social media accounts, despite the lack of evidence of actual development of the festival itself. That didn’t seem to matter for the targeted audience. Thousands of millennials and Gen Zs purchased tickets (allegedly some festival packages were as expensive as $250,000), booked flights, and packed their bags. 

Wednesday, April 3, 2019


Keeping with the theme of my prior post covering recent oversight and enforcement action by the Securities and Exchange Commission (SEC) of the cryptocurrency industry/exchanges, Gladius Network (an issuer of unregistered cryptocurrency tokens) recently reached a settlement with the SEC which avoided civil penalties entirely.

Gladius, a Washington D.C. firm dedicated to using the Ethereum Blockchain as a means of mitigating Distributed Denial of Serve attacks, raised over $12 million USD in an initial coin offering (ICO) in 2017 – the peak of the cryptocurrency investor craze. 

As SEC enforcement activity increased over the last several years, and the SEC maintained that most ICOs qualified as the sale of unregistered securities, Gladius decided to proceed with caution and self-reported its unregistered ICO to the SEC during the summer of 2018.  Gladius cooperated with the SEC’s investigation and agreed to take certain remedial actions, including registering its tokens as a security and repaying investors that requested their investments back.

Most significantly, however, is the SEC’s determination not to levy any civil penalties against Gladius. The SEC explained that “the SEC did not impose a penalty because the company [Gladius] self-reported the conduct, agreed to compensate investors and will register the tokens as a class of securities.” Robert Cohen, Chief of the SEC’s Cyber Unit, further commented that the case “shows the benefit of self-report and taking proactive steps to remediate unregistered offerings.”

The Gladius settlement follows similar enforcement actions initiated by the SEC in November 2018 against companies that conducted unregistered ICOs. In those instances, the companies did not self-report and were penalized by the SEC, sometimes to the tune of $250,000.

If nothing else, the Gladius case sends a clear and deliberate message that self-reporting to the SEC can result in meaningful cooperation credit – in particular the avoidance of hefty civil penalties. 

If you or your company are interested in learning more about the SEC’s guidance regarding cryptocurrency or ICOs and the recent regulatory activity, or have questions about how to make sure you are in compliance with securities law, the GPM team is here to help.

Thursday, March 28, 2019

Circumventing Subscription Requirements Can Cost Big Bucks

By: Dean C. Eyler, Loren L. Hansen, and Molly R. Littman

You have probably been here before: A colleague tells you to check out an article on [insert your preferred news outlet here]. You click on the link or go to the news outlet’s website, but in order to read the entire article you have to subscribe to the publication or pay $0.99 to view the article. You are genuinely interested in reading the article, but the process of filling out the subscription form with your personal contact and credit card information is tedious and you are busy. So you ask your colleague to send you a copy of the article. She does. As it turns out, she received the article as part of her company’s subscription to the news outlet. You work for the same company. However, she is a part of the company’s limited subscription to the newspaper and you are not.

She has just committed copyright infringement and may be liable for up to $30,000 in statutory damages. If she sent you more than one article, she may liable for up to $30,000 for each article sent. To make matters worse, if she knew that sending the article would be a violation of the news outlet’s copyright, she may be liable for up $150,000 in statutory damages per article. Given that this was a company subscription, it’s unlikely the individual will be sued, but rather the company is likely on the hook for the damages incurred by her sending you the article. You, she, and several others at the company are now embroiled in expensive, time-consuming litigation for something that easily could have been prevented with appropriate employee training.

From 2017 to 2018 copyright infringement lawsuits increased by more than 50%. Under 17 U.S.C. § 504, a copyright registrant who prevails in a copyright infringement lawsuit may be entitled to statutory damages ranging between $750 and $30,000 for each work infringed. Statutory damages are intended to help copyright owners enforce their rights where actual damages are difficult to prove, and also to deter infringers. If the infringement was willful — with knowledge of the owner’s copyright — the range increases to $150,000. If the copyright owner prevails in litigation, it is also entitled to its costs and, in many cases, attorneys’ fees.

Wednesday, March 20, 2019

The Value of Convenience in Cooking

I’ve never been a fan of cooking, so I certainly never expected to write about it. But to my surprise, here I am, writing about cooking.

This is because I’ve recently become curious about these new meal-kit delivery services that purport to make cooking quick and easy. To my disbelief, they even purport to make cooking fun

There are several companies that offer meal-kit delivery services. Some of the more familiar are Blue ApronHello FreshPlatedSun Basket, and Home Chef. Their concept is simple: Consumers select the meals they want for the week and they receive in the mail easy-to-follow directions and fresh, pre-portioned ingredients. They are then able to cook meals that are quick, easy, healthy, and tasty. 

While the concept is simple, it ultimately addresses something highly sought after by consumers all over the U.S. — convenience. At an average cost per plate of $10, these delivery services don’t run cheap. Yet the convenience factor is so powerful that it has caused consumers to eat the idea up (pun intended).

Wednesday, March 13, 2019

Luck of the Irish?

It is March and St Patrick’s Day is just around the corner. My mother was proudly Irish — possibly full-blooded, although family lore has it that there might be a little French in the mix. With the DNA capabilities these days, I could maybe get some clarity, but part of me likes the mystery. 

My Irish ancestors were so poor that several left Ireland in the early 1800s, before the potato famine. Some came in through Canada because Canadian ship fares were often cheaper; others came through New York. They didn’t linger long on the East Coast, but got jobs building the canals and railroads going west. They were settled in Ohio, Iowa, and Minnesota by the time the potato famine forced other family members to leave Ireland.

I remember events with my mother’s family, which at the time of my childhood still included grandparents and great uncles and aunts that were the first generation born in America. The gatherings were noisy and animated — a constant cacophony of “discussions” regarding current events, politics, and religion. In the midst of the din, it was not uncommon to witness a spontaneous recitation of some well-known poetry, or occasionally something more obscure or even original. It was a time for books to be recommended and shared. My uncle Johnny played the guitar and sang what songs were acceptable having spent 20+ years in the navy. The food was mediocre. 

What I don’t remember are conversations about business, industry, careers, or even work. In fact, I’m not really sure what most of my Irish relatives did for their livings. It simply wasn’t a topic of conversation. Was it because it didn’t matter or because they had no historical connection to "business?” Their families came to America with no money, education, or skills. They were looking for jobs — not business opportunities. The same persons that could quote Yeats or Wilde or Joyce never spoke of great Irish industrialists or inventors.

Tuesday, February 26, 2019


In Europe, privacy is considered a fundamental human right. If you are collecting, using, or sharing personal information of a European resident, you will likely have to comply with the General Data Protection Regulation (GDPR) that became effective May 25, 2018. This single comprehensive omnibus law covers all industries and sectors and applies to all member countries. Penalties for noncompliance can be severe.

The United States does not have a single comprehensive privacy law. Instead, the United States has a patchwork of federal and state laws and has taken a sectoral approach to regulating data privacy. We have laws specific to industries and type of information such as health care, financial services, telemarketing, student records, and the online collection, use, and disclosure of information from children. States enact their own laws including data breach notification laws that now exist in all 50 states. A business that experiences a data breach must comply with the state law where each individual resides.

Great for lawyers, but terrible for businesses trying to figure out compliance obligations imposed by differing state and federal standards and laws regarding data privacy and breach notification.