What’s Happening in Technology, Intellectual Property & Contracts – September 2020

Intellectual Property – Copyright

Jackson v. Roberts, United States District Court of Appeals for the Second Circuit, Docket No.19-480, decided August 19, 2020

Topics: Copyright, Right of Publicity, Preemption

This is an appeal from the United States Court for the District of Connecticut that granted summary judgment to William Leonard Roberts II’s (aka Rick Ross) on Jackson’s (aka 50 Cent) claim of violation of Connecticut’s common law right of publicity on grounds that claim is preempted by Copyright Act. This case between two well-known Hip-Hop artists, considered whether an artist can make state rights claims, such as the right of publicity, to copyright protected works subject to a label agreement.


Roberts used a sample from Jackson’s song “In Da Club” in a 2-15 mixtape called Renzel Remixes released for free, before he released a commercial album, Black Market. The song was subject to a recording agreement with Jackson’s record label, Shady Records/Aftermath Records. The agreement transferred Jackson’s copyright interest in the song to the label. In addition, Jackson granted the “perpetual and exclusive rights” to his name and likeness connected to label marketing efforts during the term of the agreement and a non-exclusive right to use after the agreement’s termination. The recording agreement included language limiting the right to grant commercial sample licensing without Jackson’s consent.

In November 2015, Roberts released his mixtape for free. Both parties agreed that mixtapes, which include remixes of others’ songs are common amongst hip-hop performers often without permission from either recording artists or the copyright holder.

Robert’s mixtape was a compilation of 26 remixes where Roberts put his own lyrics over poplar audio samples by well-known artists. For this mixtape, Roberts identified the recording artists associated with the samples. Roberts did not get permission to use the samples or Jackson’s stage name.

Jackson brought his lawsuit on 12/23/2015 claiming that Robert’s use of his voice from In Da Club a cut from his debut album Get Rich or Die Tryin’ as well as his name in the title track and the use of his stage name was a violation of the right of publicity under Connecticut common law. Roberts responded that his use was protected by the First amendment, that Jackson’s claim was preempted by the Copyright Act and Jackson had no publicity rights because they were transferred to the label.

In the original complaint, Jackson claimed that Robert’s use of his voice from “In Da Club” a cut from his debut album “Get Rich or Die Tryin’” as well as his name in the title track and the use of his stage name was a violation of the right of publicity under Connecticut common law.

The lower court found that Jackson surrendered his rights to use his name, performance or likeness to the label. In addition, the right of publicity claim was preempted by copyright law and he cannot make a claim based on rights given up to the label under the contract.


Under Section 301, the Copyright Act preempts state laws “to the extent that those laws interfere or frustrate the functioning of the regime created by the Copyright Act.”

To determine whether a claim is preempted by Section 301, the court: 1) reviews the work against which the plaintiff wants to exert a state right to see if it comes within the subject matter of copyright, in this instance claims related to Connecticut rights of publicity laws and 2) looks at the equivalence or general scope of Section 301 as it relates to the work and whether it comes within copyright subject matter representing an equivalent to a right within the scope of copyright. This court considered common practices within the hip-hop community as the relevant audience to see whether that audience thought the mixtape represented a false implication of Jackson’s endorsement or sponsorship of Roberts’ project. The court found that common practices within the hip-hop community would not find that such endorsement or sponsorship was connected to the mixtape’s use of Jackson’s voice or stage name.

The court continued that it was concerned particularly about situations when another right conflicted with the rights of a copyright holder or licensee. If it did, that right “may be” preempted. This could be overcome if the state right involved consumer deception, privacy or reputational harms like defamation.

This court found that Jackson attempted to use Connecticut’s right of publicity laws to control a work subject to copyright law over which he had no control under his label agreement. The entity with the right to claim copyright infringement and violation of rights of publicity laws was the label. The alleged infringement should have been brought by the label and the rights related to commercial sample misuse were also with the label subject to Jackson’s approval. The court said that Jackson’s direct suit interferes with the actual rights holder. Specifically:

“Roberts’s mere reproduction of a sound that can be recognized as Jackson’s voice, and his small discreet notation that correctly identifies Jackson as the artist of the sample played, do not violate any substantial state law publicity interest that Jackson possesses. To the contrary, the predominant focus of Jackson’s claim is Roberts’s unauthorized use of a copyrighted sound recording that Jackson has no legal right to control.”


“Jackson’s attempt though this suit to control the reproduction of “In Da Club” conflicts with and acts in derogation of the exclusive right of the rights holder to exercise such control.”

This court granted Robert’s motion for summary judgment stating that Jackson’s claim was preempted under either: 1) the doctrine of implied preemption or 2) under express terms of Section 301 of the Copyright Act.

Comments: Offering copyright protected music in a mixtape for free does not automatically protect against a copyright infringement claim, as this case confirms. Rather, if there is a common industry practice, as in the case of the Hip-Hop industry, which allows for artists using others’ works without a license or other permission, what would have been considered an infringement may not be enforced. In the absence of a common industry practice, whether the work was offered for “free” is only helpful in the damages phase of copyright infringement as it relates to actual damages (if not registered with the Copyright Office) and disgorgement of profits and other statutory damages (if the work was registered with the Copyright Office For those who are concerned about music licensing and copyright, please contact Gayton Law.

Privacy and GDPR

Data Protection Commissioner v. Facebook Ireland and Maximillian Schrems (Schrems II), Ireland High Court, July 16, 2020

Topics: GDPR, Privacy Shield, Personal Data, Privacy

This is a significant privacy case decided in Ireland on July 16, 2020 which found that the United States’ offered equivalent to the European Union’s 2016 General Data Protection Regulation (GDPR), the Privacy Shield created by the United States’ Department of Commerce, was insufficient to protect the privacy of EU citizens. Fundamentally, there is no equivalent privacy-related US law which is the equivalent of the GDPR. As a result, many organizations have entered into their own agreements in order to meet GDPR requirements. It is lengthy and complicated, so what appears below is an attempt to summarize a more than 50 page decision.


This Preliminary Ruling was decided under Article 267 TFEU from Ireland’s High Court in relation to proceedings between the Data Protection Commissioner of Ireland and Facebook Ireland and Maximilian Schrems regarding a complaint brought by Schrems “concerning the transfer of his personal data by Facebook Ireland to Facebook Inc. in the United States.”

Preliminary Ruling Subject Scope

The High Court’s ruling’s scope covered:

1. The Interpretation of several articles under the EC Directive 95/46/EC regarding the “protection of individuals with regard to the processing of personal data and on the free movement of such data.”

2. The Interpretation and validity of Commission Decision 1010/87/CU dated February 5, 2010 regarding “standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46 and

3. The Interpretation and validity of Commission Implementing Decision 2016/1250 dated July 12, 2016 regarding the “adequacy of the protection provided by the EU-US Privacy Shield.

Key Ruling Provisions

Pre-GDPR Directive 95/46 Article 25 said that: “The Member States shall provide that the transfer to a third country of personal data … may take place only if … the third country in question ensures an adequate level of protection.” Whether the adequate level of protection exists is assessed “in light of all the circumstances surrounding a data transfer operation or set of data transfer operations.” However, the Commission may find “that a third country ensures an adequate level of protection … by reason of its domestic law or of the international commitments it has entered into … for the protection of the private lives and basic freedoms and rights of individuals.”  In addition, a Member State may authorize transfer to a third country which does not ensure adequate protection where “the controller adduces adequate safeguards with respect to the protection of the privacy and fundamental rights and freedoms of individuals and as regards the exercise of the corresponding rights; such safeguards may in particular result from appropriate contractual clauses.”

Pre-GDPR Directive 95/46 was replaced by GDPR Regulation 2016/679 on April 27, 2016. The new regulation stated in part that the protection levels, rights and freedoms of natural persons with regard to data processing should be equivalent in all Member States. However, Member States should be allowed to maintain or introduce national provisions and specify its own rules, including rules that set out circumstances for specific processing situations determining more precisely the conditions under which the processing of personal data is lawful. It recognizes that personal data flows to and from countries outside the Union are necessary to expand international trade and cooperation, but the data protection of natural persons should be ensured and not undermined.

Under the GDPR, the Commission can decide for the entire Union whether a third country, international organization or territory offers “an adequate level of data protection, thus providing legal certainty and uniformity throughout the Union as regards the third country or international organization which is considered to provide such level of protection.” The Commission can take into consideration “how a particular third country respects the rule of law, access to justice as well as international human rights norms and standards and its general and sectoral law, including legislation concerning public security, defense and national security as well as public order and criminal law.” To this end, the third country “should offer guarantees ensuring an adequate level of protection essentially equivalent to that ensured within the Union, in particular where personal data is processed in one or several specific sectors.” The Commission recognizes that some third countries, territories or organizations provide or ensure an adequate level of data protection which would result in the prohibition against the transfer of personal data to that entity. The Commission’s concern is that when personal data moves beyond the Union’s borders, that there is risk that the natural person will not be able to exercise data protection rights “to protect themselves from the unlawful use or disclosure of that information.”

When the Commission is charged with assessing data protection adequacy, it takes into account three features: 1) rule of law, respect for human rights and fundamental freedoms, relevant legislation, both general and sectoral including concerning public security, defense, national security and criminal law; 2) existence and effective functioning of one or more independent supervisory authorities in the third country with responsibility for ensuring and enforcing compliance with data protection rules; and 3) international commitments into which the third country has entered into including legally binding conventions or instruments. After this assessment takes place, they may decide, using an implementing act, that a third country ensures an adequate level of protection.

If there is no implementing act, the Member States may include standard contractual clauses (SCC) in data transfer agreements, approved of by the Commission are considered to be offering adequate safeguards.


On October 6, 2015, the Ireland High Court found the Commission’s 2000 decision under 95/46/EC supporting the adequacy of US safe harbor privacy principles, invalid. However, upon accession the limitations and safeguards promulgated by the US Department of Commerce in the form of the Privacy Shield, were found adequate.

In the current case, where Schrems requested that the Commissioner prohibit or suspend personal data transfer from Facebook Ireland to Facebook Inc., it reviewed the protection adequacy in light of Schrems’ doubts regarding the adequacy of Privacy Shield protections.


Generally, the Commission found that because the Privacy Shield enables interference “based on national security and public interest requirements or on domestic legislation of the United States, with the fundamental rights being unprotected, and that interference arising from access to or use of personal data transferred from the EU to the US by US public authorities through US law” cannot ensure adequate protection levels related to fundamental rights. For example, “It is thus apparent that Section 702 of FISA [Foreign Intelligence Surveillance Act of 1978] does not indicate any limitations on the power it confers to implement surveillance programs for the purposes of foreign intelligence or the existence of guarantees for non-US persons potentially targeted by those programs.

Comments: Since this decision, Switzerland, which was subject to a separate Privacy Shield agreement with the United States, also concluded under its own legal regime in light of the Schrems II decision that “[b]ecause there is no guarantee of rights that would afford persons concerned in Switzerland protection comparable to that afforded by [Swiss law], the FDPIC [Federal Data Protection and Information Commissioner] considers that data protection within the meaning of Art. 6 Para. 1 FADP is insufficient in the US, even for the processing of personal data by US companies that are certified under the [Swiss-US Privacy Shield] regime.”
This decision impacts data transfer and sharing between the US and the EU, now including Switzerland. If your business relies on data transfer and sharing, you may have to rely on individual contracts containing approved SCC clauses.
See article “Beyond Terrorism: data collection and responsibility for privacy, 2006, Journal of Information and knowledge management systems, volume 36, number 4. or request a copy from Gayton Law.


Security and Ransomware
For those of you who are Securities and Exchange Commission (SEC) registrants or registrants’ representatives, the SEC reported in July that there was an increase in ransomware attacks against broker-dealers, investment advisers, and investment companies. The SEC’s Cybersecurity: Ransomware Alert and related guidance can be found here.

Grant Scams
Several Small Business Administration- related grant and Payment Protection Program scams are making the rounds. They are in at least two flavors: 1) a telephone call or 2) a text message – both  are connected to Facebook account contacts. The scam relies on established personal relationships to socially engineer information about the target in the form of completing a loan application and returning it to the apparent requester. Please verify the purported SBA employee before sending any personally identifiable information that may be used for purposes of identity theft. See here for more information.

Publications and Education


Legal Aspects of Engineering, Design and Innovation 10th edition by Cynthia Gayton, February 2017.

This edition is available through the publisher, Kendall-Hunt publishers and on Amazon.com in paper and e-book form. This book is used in several engineering courses and is a useful reference for anyone interested in contracting, intellectual property, engineering practice, and other general legal issues. This new edition includes separate chapters for each intellectual property type, introduces and explanation of blockchain smart contracts, discusses trends in product liability, and has recent case law to highlight chapter topics. It also expands from a primarily engineering perspective to include design professionals and innovation-specific coverage.

Guide to Copyrights & Trademarks for CryptoCreatives by Cynthia Gayton, January 2019.

This guide is available as an e-book on Amazon.com and is intended to introduce basic contract, copyright and trademark concepts for the benefit of creatives in the crypto and digital art communities. It covers the art and music market, provides an introduction to contracts and smart contracts, and briefly explains copyright and trademarks.


Cynthia Gayton taught a Business Entities Formation class for the Washington Area Lawyers for the Arts Creative Entrepreneurship Series on September 21, 2020.

Cynthia Gayton made two digital, blockchain, art and copyright presentations since January 2020.The first was at the Rare Art Festival in May and the CADAF event in June.

Thank you for reading and for your business!

The information contained in this post is for general guidance on matters of general interest only. The application and impact of laws can vary widely based on specific facts. The information contained in this post should not be construed as a substitute for consultation with professional advisors. Certain links in this post connect to other websites maintained by third parties over whom Gayton Law has no control. Gayton Law makes no representations as to the accuracy or any other aspect of information contained in other websites.

© 2020 Gayton Law

Leave a Reply