PUERTO RICO: An Introduction to Intellectual Property

Intellectual property is a vital asset for businesses in today’s knowledge-based economy. With the current intellectual property trends, such as the development of artificial intelligence (AI), clients need to be aware of the new legislation and/or guidelines that affect intellectual property rights. Some of the most recent developments in intellectual property that may affect clients and the way to do business, are discussed briefly in this article.

Copyright and AI 

In March 2023, the US Copyright Office issued the “Registration Guidance: Works Containing Material Generated by Artificial Intelligence” to provide a clearer view of the Copyright Office’s procedures for works created in whole or in part with AI tools. Following the controversy generated by the application for registration of the literary work “Zayra of the Dawn”, the Copyright Office published the procedures to follow when requesting a copyright registration. New applicants must disclose – and have an affirmative duty – to exclude from authorship the elements created by AI. If a human did not create the text, artwork, photograph, etc, it should not be claimed as the author’s work. Applicants who have already applied for a work containing AI-generated material should take steps to correct the information. Applicants who fail to disclose information about AI-generated material in their applications or to update the public record after obtaining a registration for material generated by AI risk losing the benefits of the registration. Authors must be careful and aware of these new guidelines when submitting applications for works created with an AI tool. For those who already applied for registration, a correction must be made.

The Federal Trade Commission’s (FTC’s) New Guidelines on Deceptive Advertisement and Endorsements

The FTC released an updated version of Endorsement Guides in which it clarified and amplified the endorsement rules (last revised in 2009). Among the major changes the Endorsement Guides of 2023 offer is a definition of a “clear and conspicuous” disclosure, a warning that a platform’s built-in disclosure tool might not be adequate, and clarity of the liability for endorsers and intermediaries.

A “clear and conspicuous” disclosure should be “unavoidable”. The Endorsement Guides 2023 clarifies that disclosures at the bottom of a social media post, where consumers must click “more” to see them, are avoidable. Also, the “clear and conspicuous” disclosure must appear through the same means as the material connection – ie, if the material connection is made visually and audibly, then the disclosure must be both visual and audible.

“Paid Partnership” is not enough to divulge a business relationship. The FTC would evaluate whether the use of the tool by itself clearly and conspicuously discloses the relevant connection. The platform disclosure tool should be:

1. well placed – a disclosure placed above a photo may not attract a consumer’s attention, and a disclosure in the lower corner of a video could be too easy for users to overlook;
2. readable – simple-to-read font with a contrasting background that makes it stand out; and
3. clear – the material connection should be worded in a way that’s clear and understandable to the ordinary reader.

The new Endorsement Guides 2023 clarifies that all parties in an advertising transaction could share liability for problematic conduct. Intermediaries – such as advertising agencies and public relations firms – may be liable for their roles in creating or reproducing/disseminating what they knew or should have known were deceptive endorsements. Endorsers (ie, influencers) can be liable for their misleading and false representations. Such was the case against Nudge LLC and celebrity endorsers Dean Graziosi and Scott Yancey, who were found responsible for using false and deceptive promises to sell consumers a series of expensive real estate investment training programmes. (Fed Trade Comm’n v Nudge, LLC, 2:19-cv-00867-DBB-DAO (D Utah 15 Sep 2021.)) Advertising agencies and promoters must be aware of the content and information to be disclosed by an endorser to avoid liability for their misleading claims.

Non-Fungible Tokens (NFTs) and Trademarks 

NFTs have quickly become pervasive in their use by brand owners seeking to enter the nascent marketplace of virtual or digital products connected to a token on the blockchain. This has become a new way to capitalise and amplify recognition among consumers, and with it, the creation of opportunities for third parties to capitalise on the goodwill of other brands. Unlike the e-commerce business, which caters to buyers and sellers of goods under the first sale doctrine, using a trademark for commercial purposes without authorisation is categorised as a reproduction bearing the mark done for profit. This relationship was highlighted by the controversy regarding an artist who intended to cash in on a highly exclusive and uniquely valuable brand. (BIRKIN, Hermes Intl v Rothschild, 22-CV-384 (JSR), 2023 WL 1458126 (SDNY 2 Feb 2023.)) A Los Angeles-based artist, Mason Rothschild, created and sold, in November 2021, 100 digital “MetaBirkin” NFTs, linking to a depiction of a digital Hermès BIRKIN bag covered in faux fur and patterns, polka dots, and artworks such as the Mona Lisa and Van Gogh’s Starry Night. Rothschild also registered and used the domain name www.metabirkin.com and social media handles such as @metabirkins to promote the sale of the “MetaBirkin” NFTs. In reaction, the luxury design house Hermès sued artist Rothschild in January 2022, stating that the Birkin-like images and associated NFTs were actionable for trademark infringement and dilution, misappropriation of its BIRKIN trademark, cybersquatting, and false designation of origin, among others. A jury weighed the evidence and determined that Rothschild launched the MetaBirkin NFTs as a commercial venture more than an art project and, thus, that the artist committed trademark infringement through its NFTs. This demonstrates that an NFT, as a medium, is no different from any other medium (eg, social media, radio, or TV) such that existing trademark laws are sufficient to protect brand owners even in blockchains. Clients must be aware of when and how digital technology, such as NFTs, intersects with intellectual property law.

Privacy Data Breach 

With the development of new technologies, the risk of cyber-attacks has increased, and more companies are becoming victims of ransomware attacks. Puerto Rico has developed mechanisms to reduce the impact of these cyber-attacks.

The Citizen Information on the Security of Information Banks Act gives the Department of Consumer Affairs (DACo, for its Spanish acronym) the authority to regulate the same. DACo issued Regulation No 7376, Regulation on Citizen Information on the Security of Information Banks (the “Regulation”), and it defined as personal information:

1. social security number;
2. driver’s licence number, electoral card number, or other official identification number;
3. numbers of bank or financial accounts of any kind;
4. usernames and passwords for access to information systems;
5. HIPAA-protected health information;
6. tax information; and
7. employment evaluations.

If there is unauthorised access, and any of the aforementioned personal information is compromised, the impacted entity has a non-renewable period of ten calendar days to notify DACo of the access violation, the data that was compromised, and the steps it is taking to remediate the breach and notify impacted customers.

The Regulation provides that the notification must be done in writing, either by mail or electronically, and if direct communication is onerous (the cost exceeds USD100,000), then the Regulation allows it to be done through advertisements in the press or on internet pages.

All of this is without prejudice to the fact that if customers are impacted in other states, the laws of those states must be consulted to determine what additional steps the company must take and thus comply with the statutes of the domicile of the impacted persons.

In summary, in the situation of a database security breach, companies should:

1. use the technological tools available to them to close the vulnerability that allowed the unauthorised access, and if they do not have such equipment, immediately hire a digital security team to carry out the process;
2. notify their legal representatives to begin the course of notifications required by law, and if there is a cyber policy insurance, notify the same for the corresponding steps;
3. notify citizens and/or clientele as mandated by the Regulations; and
4. notify DACo within ten days as required by law.