We hear a lot about privacy these days, whether those privacy concerns relate to an individual’s health care, taxes and financials, personal information, or other proprietary data. From a business standpoint, privacy runs the gamut from legal, regulatory, governance, operational issues, plus (of course) intellectual property.
Some aspects of privacy as it relates to IP are a no-brainer, such as trade secrets, invention information, and pre-launch product information or prototypes. Other aspects, however, are not so intuitive, such as how a company handles the personal information of inventors involved in applying for patents or trademarks, or artists applying for copyright protections.
As individuals, what rights do writers, artists, or inventors have over the personal details necessary to file for a patent or copyright? What obligations do the companies have that employ them?
There’s No Single Privacy Law . . . Yet
“While a legal right to privacy is fundamental to the United States Constitution and the Bill of Rights, there is no single privacy law in the United States,” explains Eric Ludwig, founder and lawyer for Ludwig APC, a US-based full-service business, technology, and intellectual property law firm. “Instead, there are hundreds of state laws and dozens of federal laws that cover everything from who can access your personal data, children’s privacy, tracking online browsing history, the use of someone’s name or likeness, and a wide range of consumer privacy protections and business obligations.”
In the last decade, with the spread of the Internet to virtually every corner of the globe, the explosion of social media, and numerous instances of hackers breaching consumer and business data, the push for a comprehensive privacy law for the US has gained momentum. While that goal remains elusive, many states have passed (or are in the process of passing) comprehensive privacy legislation.
In the US, it’s the Federal Trade Commission (FTC), that has broad authority to handle privacy laws and take related enforcement actions. In Europe, in 2018 the European Union enacted the General Data Protection Regulation which, according to global data privacy firm Osano, “applies to all EU residents, regardless of the entity's location that collects the personal data.” In other words, the GDPR has far reaching consequences beyond the borders of the EU’s 28 member countries.
Privacy Rights & Obligations
One area of particular interest is the GDPR’s impact on privacy concerns related to personal data used when applying for or registering patents, trademarks, copyrights, and similar protections. According to the American Bar Association article, “Practical Tips on GDPR for Intellectual Property Attorneys,” under the GDPR, IP attorneys “will need valid legal grounds to collect, keep, and communicate personal data about individuals and to share those data with anyone else” when applying for such IP protections.
This raises several issues related to an IP attorney’s rights and obligations when filing the necessary information with various applicable entities in the EU and elsewhere.
An inventor, it seems, would need to provide consent to the IP attorney for the use of his or her personal data to be included with any filings—consent that presumably could be withdrawn at any time. And what of the obligations of the companies who employ those who invent new technologies or processes? Must they also receive consent before beginning the process of filing for a patent or trademark?
Every Situation is Unique
“The answer to those questions, and many others, as is quite often the case when it comes to all things IP-related is ‘it depends,’” says Ludwig. “Each situation is unique with many factors and variables to consider.”
Ludwig also contends that the GDPR and other privacy laws have the potential to complicate patent and trademark enforcement.
“For example, when an infringement claim requires the disclosure of personal data for both the patent holder and the infringer, how exactly is one supposed to go about obtaining the information necessary to proceed without breaching the data privacy rights of one or more parties involved?” He asks. “My best advice is that when in doubt concerning privacy laws, you should seek clear compliance advice from an IP attorney who has experience dealing with privacy laws both in the United States and overseas.”