305 Broadway, 7TH Floor, New York, NY 10007
212-537-4436 / Toll-free 866-871-8655
Natoli Legal, LLC. The home of Lantern Legal Services.

Launching Your Web Based Business Part Three

DMCA Take-Down Notices and Privacy Policy Concerns

In parts one and two of this three-part series on launching an Internet business (available here), we explained operating agreements, work for hire agreements, indemnity agreements, terms of use agreements, privacy policies and user-generated content agreements. This final installment discusses problems that you may encounter in the operating phase, including DMCA takedown notices and privacy policy concerns.
The Digital Millennium Copyright Act, or DMCA, became law in 1998, amending the copyright laws of the United States to extend the reach of copyrights in the digital world while also limiting liability for indirect infringement for Internet service providers (ISPs) and other intermediaries. Under the DMCA, an ISP may not be held liable for transmitting infringing material, but the ISP must remove infringing material from its users’ websites after receiving proper notice of the infringement.

Depending on your business, you could find yourself on either side of a takedown notice. Below is a basic explanation of what you can do if you want to protect your copyright that is being infringed by someone else, or if you want to protect your content which is not infringing but is the subject of a takedown notice.

Another Website is Using Your Content and Infringing Your Copyright

In this scenario you may want to send a takedown notice, first to the website owner. If the website owner does not provide an email address, try searching to obtain one. If the infringing content is not removed or if you cannot contact the website owner, the next step is to send the takedown notice to the ISP of the website owner. The ISP can also be identified by a WHOIS search. The DMCA requires ISPs to designate an agent to receive takedown notices.

The Register of Copyrights publishes a directory of agents on its website, available at Send your takedown notice to the designated agent. The takedown notice is simply a letter, and it need not be in any particular format, but it must include the following information:

  1. Identification of the work that is infringed;
  2. Identification of the infringing material that you are seeking to have removed or blocked, including information to allow the ISP to locate the material (e.g., the web address of the page with the infringing content;
  3. Your contact information;
  4. A statement that you are acting in good faith;
  5. A statement that “the information in the notification is accurate, and under penalty of perjury, that the complaining party is authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.”
  6. The signature of the copyright owner (or authorized agent of the copyright owner). Electronic signatures are acceptable.
  7. Once an ISP receives a proper takedown notice, it must remove the infringing material in order to enjoy the limited liability for copyright infringement provided by the DMCA. But what happens when your content is removed and you have a good-faith belief that it is not infringing?

    Your Content is Not Infringing and Has Been Improperly Removed

    The DMCA provides a “counter-notice” procedure to reinstate material that has been erroneously or unnecessarily removed. Your ISP is required to inform you that your allegedly infringing content has been removed. If you believe you have a right to post the content, because it is parody or in the public domain, for example, you may file a counter notice to your ISP. Note that the ISP will not be liable to you for removing content that is not actually infringing. The counter notice must identify the material that has been blocked or removed, and indicate where it was found on your website (e.g. the web address of the page containing the content). You must include a statement that you are under “a good faith belief that the material was removed or disabled as a result of mistake or misidentification of the material to be removed or disabled,” as it is stated in the statute. The counter notice must also include your signature and contact information that includes a statement that you submit to the jurisdiction of the Federal court where you live. (This means that you can be sued in that court, should it come to that.) Upon receipt of your counter notice, the ISP informs the issuer of the takedown notice that the material will be restored in 10 business days, unless the issuer has notified the ISP that it has filed a court action seeking to restrain you from posting the material in controversy. Simple, right?

    Though it may not be as complicated as it seems, it is always a good idea to consult an attorney who is knowledgeable in this area of the law.

    Privacy Policy Concerns

    Another issue that may arise with an Internet business concerns your privacy policy. In a nutshell, you must disclose your terms for collecting and sharing users’ information, and you cannot do something you say you are not going to do when it comes to collecting and sharing users’ information. If you have an opt-out provision, make sure to adhere to it, and if you make changes to your privacy policy, ensure that your users are aware of this change and consent to it. Otherwise the Federal Trade Commission (FTC) might come knocking. The FTC website at provides information regarding Internet privacy and how companies can comply with privacy laws, rules and regulation (note that at the time of this writing, this site is offline due to the Federal government shutdown). Privacy requirements in the following areas may apply to your web business.

    • Credit Reporting: A business using consumer or credit reports has responsibilities under the Fair Credit Reporting Act.
    • Data Security: If you keep users’ sensitive information, you need a security plan for collecting, storing and disposing of this information properly and in compliance with your own policy.
    • COPPA: Any web site collecting information from users under the age of thirteen must comply with the Children’s Online Privacy Protection Act (COPPA). For more information on COPPA and how to comply with the Act, follow this link:
    • HIPAA: Under the new omnibus rule, Health Insurance Portability and Accountability Act (HIPAA) requires that any person or organization handling personal health information take affirmative steps to protect the privacy of such information.
    • Gramm-Leach-Billey Act: applies to financial institutions and companies that offer financial products or services like loans, investment advice or insurance.
    • Red Flags Rule: requires some companies to implement a written program for dealing with identity theft.

    Again, consulting with a knowledgeable attorney can help you navigate the “web” of Internet privacy.