Legal Aspects of Augmented Reality Development
AP: My application uses a marker to present content to my users, are markers copyright free?
Sean Kane: Markers could be copyright protected, as can any other image or work of advertising. Once a marker is embodied in a “tangible form,” which can include digital or printed form, it may be subject to protection, provided it meets the legal requirements for copyright. Two important legal factors to use in considering a marker’s level of protection are its “originality” and whether its nature is merely “functional.”
AP: Not that I deliberately set out to copy others, but when I build an augmented reality browser, it’s pretty difficult not to copy how others have implemented their user interface. There is only so much screen real estate to use. Are there any issues I should be aware of?
Sean Kane: It may be possible under copyright law for two independently created works to be separately protectable even if they are virtually identical. Moreover, under the “Scenes a Faire” doctrine, there may be elements of a user interface that are so intrinsically necessary, that the scope of copyright protection available may be limited.
Copyright law protects the actual expression of an idea, but not the idea itself. Coincidentally having some of the same elements as another application is not, on its face, an automatic infringement. That said, if the totality of the look and feel of two applications is substantially similar it is likely that liability will be found, unless one party can demonstrate its work is not at all based on the other work.
Under patent law, knowledge or willfulness is not a necessary element for a finding of infringement. Therefore, it is necessary to strive for all of the work to be original and not merely a derivation of protectable elements from an earlier application.
AP: Are there any legal aspects I should be aware of when building geolocation applications? Specifically, I am thinking about the location data I may hold about where users go.
John Nicholson: This is one of those questions that just doesn’t have a quick answer. Collecting, storing, processing and sharing personal information about your users, including their whereabouts, can be a minefield, and, ideally, it’s something you should talk with an AR or game-savvy lawyer about as you’re designing the application.
The U.S., Canada, Mexico and Europe, for example, have all taken different approaches to the legal protection of personal information. The U.S. has the most business-friendly, laissez-faire approach, which regulates information where there is a likelihood of harm associated with it – financial, medical and information about children under the age of 13. Other kinds of information are treated as being covered by the “contract” between the user and the collector embodied in the privacy notice – so we’re back to talking about the importance of a solid TOS.
Geolocation is an emerging category, where businesses, consumers – society, really – are trying to get a comfort level on privacy. As usual, “the devil is in the details.” Depending on how you collect and share it, location data might raise concerns about children’s safety, if predators or non-custodial parents have the means to follow children. Location data might also disclose sensitive medical information about the user, if they visit specific clinics or offices.
AP: Do you see AR or other developers making common privacy mistakes in this area?
John Nicholson: Yes. A common problem occurs when developers either simply don’t do what they say in the privacy notice, or they suddenly decide to make a radical change in what they do with personal information and try to change their privacy practices. We all saw this in the uproar over Facebook’s changes to its privacy practices, for example.
Properly configured, AR can achieve what is considered to be the ideal best practice in privacy management – the concept of “real-time notice and consent.” For example, if a user has subscribed to a geolocation sharing application/service, the user could select options for informing other members of their location: notify all automatically (default open), notify only friends, notify specific individuals, request permission to notify when an registered individual comes within a certain range, do not notify (default closed), but if that user is a child under 13, you may need parental consent for anything other than the default closed option.
Similarly, on the marketing front, AR-powered advertising could provide real-time privacy notice and selections for users, but you might want to be careful about dropping ads to someone visiting a hospital or clinic. Finally, even if you don’t share location data or serve up location-specific ads, you probably need to think ahead about what you will do if law enforcement in your country approaches you to request location data they believe you may have on a specific user or users.
AP: So are you saying that there may be different rules about the collection and use of personal information depending on where the service is being used?
John Nicholson: Absolutely. And if you plan to host your service in one location – like California – and you have users in the EU, then you may be “exporting” personal information you collect from the EU to the US, simply by virtue of your IT architecture. This requires jumping through some legal and operational hoops – something start-up developers may not anticipate. It’s not impossible, just something you need to pay attention to and deal with appropriately.
Continued on the next page