ARTICLE
30 May 2025

May 2025 FZLZ Minute

FZ
Fross Zelnick Lehrman & Zissu, PC

Contributor

Many of the world's most celebrated brands and content providers rely on Fross Zelnick to protect their valuable intellectual property assets. Consistently recognized as one of the premier IP firms, our lawyers focus exclusively on trademark, copyright, design patent, and related areas involving strategy, registration, enforcement, litigation, and transactions in the U.S. and globally.
Medisafe, the medical glove manufacturer, applied to register a color mark, namely "the color dark green (Pantone 3285 c)...
United States Technology

U.S. Federal Circuit Court Holds Dark Green Is Generic for Medical Exam Gloves

In re PT Medisafe Technologies, No. 2023-1573 (Fed. Cir. Apr. 29, 2025)

Medisafe, the medical glove manufacturer, applied to register a color mark, namely "the color dark green (Pantone 3285 c) as applied to the entire surface of the goods which consist of chloroprene examination gloves." The drawing and specimen are shown below:

1631098 a.jpg

The Examining Attorney refused registration, on the ground that the dark green color was generic for medical exam gloves, relying on screenshots of websites selling "chloroprene/neoprene medical examination gloves in the same or nearly the same dark green color" under third-party marks.

On appeal, the Trademark Trial and Appeal Board affirmed, using the two-step test to determine genericness. The Federal Circuit affirmed. As for the first step of the test, the Appeals Court held that the Board correctly identified the genus of goods at issue as "chloroprene medical examination gloves." As for the second step, the court held that substantial evidence supported the Board's finding that Medisafe's color mark "is so common in the chloroprene medical examination glove industry that it cannot identify a single source" and is therefore generic. This evidence included third-party websites showing the same or nearly the same dark green color for exam gloves.

The Court held that the Board correctly rejected Medisafe's evidence. For example, the Board found that the customer declarations Medisafe submitted were not "sufficiently representative or convincing of the relevant consumer perception of the proposed mark," especially because the "declarations are few in number, identical in form (which, while not fatal, makes them less persuasive), and relatively conclusory." And while Medisafe submitted a survey, the Board found its "flaws" were "too numerous to detail," including that it was conducted by Medisafe's counsel and not a qualified survey expert, was given to only six Medisafe customers (only three submitted responses), and relied on "leading" questions. The text of the case may be found here.

U.S. Copyright Office Issues Third Part in a Series of Studies Addressing Copyright Issues Raised by Artificial Intelligence

1631098 b.jpg

On May 9, 2025, the Copyright Office released a "pre-publication" version of Part 3 of its study of copyright issues raised by artificial intelligence (AI). The Office said a final version of Part 3 will be published "in the near future, without any substantive changes expected in the analysis or conclusions."

Part 3 – which is 108 pages long – addresses the use of copyrighted works in the training of AI systems and contains four sections: (1) "a technical overview" explaining how AI systems are developed; (2) a discussion of points in the development "where copying or other acts implicating copyright rights may occur"; (3) an analysis of how the fair use defense may apply to those acts; and (4) a discussion of "the practicality and advisability of various licensing options."

The report concludes that "several stages in the development of generative AI involve using copyrighted works in ways that implicate the owners' exclusive rights." It says the "key question" is whether those "acts of prima facie infringement can be excused as fair use." The report then suggests that when an AI "model is deployed for purposes such as analysis or research—the types of uses that are critical to international competitiveness," it may be excused as fair use. It cautions, however, that "making commercial use of vast troves of copyrighted works to produce expressive content that competes with them in existing markets, especially where this is accomplished through illegal access, goes beyond established fair use boundaries." As to acts that do not qualify as fair use, the report suggests that licensing agreements for AI training, "both individual and collective," may be a solution and should be allowed to develop. The Report may be found here.

DATA PRIVACY

California Enforcement Action Against Retailer Sends a Clear Message: Get Your Website Working Properly

1631098 c.jpg

The California Privacy Rights Act of 2020 ("CPRA") amended the California Consumer Privacy Act of 2018 ("CCPA"), the state's comprehensive privacy law, by adding new rights for consumers and responsibilities for businesses. The CPRA also established a regulatory body tasked with enforcing the CCPA, the California Privacy Protection Agency ("CPPA"). While this alphabet soup of acronyms may sow confusion, a recent CPPA enforcement action, on the heels of a similar one a few months earlier, makes it unmistakably clear that privacy compliance under the CCPA requires more than mere window dressing. Companies must ensure that their privacy compliance programs, including privacy controls on their websites, work as they should and as they are described in the companies' privacy notices.

On May 6, 2025, the Enforcement Division of the CPPA announced that it would impose fines of $345,178 for CCPA violations on Todd Snyder, Inc., a national men's clothing retailer based in New York City that does business in five locations in California. The CPPA determined that the privacy portal Todd Snyder provided on its website to process consumer opt-out requests did not function as it should have and noted that the company's failure to honor such requests persisted for about 40 days. Additionally, the cookie consent banner that should have allowed visitors to opt out of cookies would appear momentarily but then instantaneously disappear, thus making it impossible for consumers to request opt-outs of the sale/sharing of their personal data during that 40-day period. The CPPA took further issue with Todd Snyder's requiring users to verify their identities before opting out and to submit sensitive personal information, such as a driver's license photograph or other government-issued ID, which went far beyond what was necessary for such verification.

Todd Snyder relied on a third-party consent management platform to facilitate its privacy compliance program. While the business used such tools on its site, it did not test their functionality regularly. This enforcement action firmly established that the mere presence of these tools doesn't suffice and that the failure or malfunction of a consent mechanism is ultimately a liability for the business, rather than for the vendor whose privacy solution is used on the business's website.

The CPPA's determinations here largely track those from its March 2025 enforcement action against Honda, where it imposed a $632,500 fine on the car manufacturer based on similar CCPA violations. Both actions signal a redirection in the CPPA's approach to CCPA enforcement. Whereas much of the agency's focus previously had been on written privacy notices and disclosures, the CPPA now appears to be broadening its focus to test compliance tools provided on the website by attempting to recreate and test a user's website privacy compliance experience, such as submitting consumer rights requests, testing the opt-out feature and related compliance tools, and verifying how companies respond (if at all) to rights requests. The CPPA's participation in the Consortium of Privacy Regulators—a bipartisan collaboration among privacy regulators from California, Connecticut, Colorado, Delaware, Indiana, New Jersey, and Oregon, newly created to share expertise, resources, and strategies for enforcing their respective states' privacy laws—will likely lead to more states employing this investigative approach. Notwithstanding this potentially new enforcement focus, however, an accurate and complete privacy notice and necessary consumer disclosures remain an essential component of a properly functioning privacy program.

Takeaways: The primary takeaway from these enforcement actions is that accountability for a company's privacy program cannot be offloaded to a third-party provider. Regardless of the third-party tools integrated into a company's website, the business itself remains responsible for ensuring that such technologies fulfill opt-outs and consumer requests as intended. This requires frequent monitoring and auditing of the various features presented to consumers, especially where multiple players in a company's ecosystem may unintentionally alter the previously installed consent and rights management system. For example, the actions of the marketing department or IT team may interfere with a consent banner or disrupt how opt-outs are processed and logged.

A secondary but no less critical issue is data minimization, which is increasingly important in regulators' assessments. To the extent possible, a business should strive to honor consumer requests by relying on personal data already in its possession and avoiding the need to ask for any extraneous information. Likewise, verification of a consumer's identity isn't always needed; opt-out requests, for example, do not require verification.

Don't Mess with Texas – Not even you, Google

1631098 d.jpg

In many recent FZLZ Minute posts, including the analysis of the Todd Snyder matter above, we have highlighted the outsized role that California plays in defining the contours of the U.S. privacy law landscape. While California's influence remains significant, the Texas Attorney General's Office has become a big player in its own right and a leading force in state-level privacy enforcement.

Less than a week after California imposed fines on Todd Snyder, Texas Attorney General Ken Paxton announced a $1.375 billion settlement with Google to resolve multiple matters related to geolocation, biometric data, and "incognito" searches. Google's "incognito" search mode supposedly provided tracking-free web searches. Texas alleged, however, that Google tracked users' locations even when they had disabled the location-tracking feature through incognito mode. The AG's Office also alleged that Google collected biometric identifiers such as voiceprints and facial geometry records without obtaining users' consent.

Setting aside the remarkable dollar amount of this fine, the settlement of these claims is notable because they were not based on the Texas Data Privacy and Security Act (TDPSA), the state's broadly applicable, comprehensive data privacy law that became enforceable on July 1, 2024. Instead, these pre-TDPSA cases, filed in 2022, relied on Texas's Capture or Use of Biometric Identifier Act and the Texas Deceptive Trade Practices Consumer Protection Act. The prior settlement with Meta in July 2024 was in connection with a 2022 lawsuit based on its unauthorized use of biometric data in facial recognition software.

Now emboldened by the TDPSA, Texas has a more powerful, versatile means of pursuing businesses that process "sensitive data"—including not only precise geolocation and biometric data, but also personal data revealing racial or ethnic origin, religious beliefs, mental or physical health diagnosis, sexuality, citizenship or immigration status, genetic data, and personal data collected from a known child—all of which require consumer consent prior to processing.

In contrast to the applicability thresholds imposed by most states' comprehensive privacy laws, no threshold based on revenue or amount of consumer data processed must be met for the TDPSA to apply to companies doing business in Texas. Small businesses, as defined by the Small Business Administration (SBA) guidelines—a complex array of size standards grouped by industry—are generally exempt from the TDPSA, but still must obtain consumer consent before selling sensitive personal data.

Takeaway: Many companies doing business in Texas are now subject to the TDPSA, unless they quality as a small business under the SBA guidelines, and should therefore take stock of their compliance with the TDPSA's privacy obligations. It is likely that privacy-related lawsuits brought in Texas will now invoke the TDPSA with respect to sensitive data, and companies that process Texans' sensitive data should take heed of the Google settlement as a sign of Texas regulators' enforcement priorities.

INTERNATIONAL

1631098 e.jpg

Ukraine: Pause on Action and Fee Payment Deadlines in IP Matters Ends on May 31, 2025

Pursuant to Law No. 2174 (effective April 13, 2022), deadlines for IP matters were suspended during a period of martial law in Ukraine. Although martial law is still currently in place, effective May 31, 2025, pursuant to new Law No. 4362-IX (effective April 16, 2025), all deadlines in IP matters will start running, or continue running if started before April 13, 2022 and were then suspended. This reinstatement of deadlines includes those for oppositions (three months from publication), responses to office actions in national applications (two months from request), payment of publication fees (three months from receipt of the decision of registration) and renewals. Rights owners will have a 75-day grace period to act, running from May 31, 2025 (namely until August 13, 2025). If the remaining deadline period is under 75 days, parties would still have until August 13, 2025 to complete action and pay fees. If the remaining deadline period is greater than 75 days, all action would need to be concluded by August 13. Please note, however, that not all aspects of the new law have been clarified, and further guidance is expected from the IP Office, especially with respect to calculation of deadlines.

Takeaway: Trademark owners should promptly review their Ukrainian portfolios to identify any current or missed deadlines or fee payments. Similar review should be undertaken for existing and/or potential contested matters, certainly prior to the end of the applicable grace period. In view of the lack of certainty with respect to deadline calculation, however, we advise our readers to take action as soon as possible, rather than rely solely on the August 13 date.

1631098 f.jpg

Singapore: Effective May 20, 2025 – Fast-Track Trademark Application Procedure Launched

In our April FZLZ Minute, we reported that the Singapore IP Office had launched a pilot initiative for expediting handling of certain proceedings before the Registrar of Trade Marks. Effective May 20, 2025, this initiative fully launched. Fast-track handling is available for national applications filed directly with the Singapore IP Office (not those filed via Madrid), and the request for fast-track must be made at the time of filing with payment of the fast-track fee, which is additional to the filing fee. This process is not available for certification or collective marks. The fee for fast tracking is $200 for applications covering only pre-approved goods and services (based on the Registry's online classification guide) or $250 for applications covering partially-approved or non-pre-approved goods and services.

1631098 g.jpg

Canada: New Specificity Guidelines for Goods and Services

On September 18, 2024, the Canadian Intellectual Property Office (CIPO) released a new Specificity Guidelines Manual for use in connection with trademark and service mark applications. Applicants who have already filed in Canada are likely already aware of the rather strict CIPO specification standards. The new Manual is intended to clarify/complement the requirements previously set forth in the CIPO Goods and Services Manual and should help applicants avoid office actions relating to goods and services. The Manual has a "fill-in-the-blank" format, for example, which provides guidance on how applicants can further detail the goods and services of interest, based on Nice classification. If it is unclear to an applicant in which class a particular good or service belongs, the Manual offers specific guidance. This is a welcome development for individuals and entities seeking coverage in this important jurisdiction. The Manual may be accessed here.

1631098 h.jpg

Puerto Rico: Priority Claims and Local Registration

In Puerto Rico, priority claims based on U.S. filings are not available, as Puerto Rico is considered part of the United States. Nor is this jurisdiction a member of the Paris Convention for purposes of claiming priority. Applicants should bear this in mind when seeking coverage in Puerto Rico. We note as well that because Puerto Rico is a Commonwealth of the United States, the provisions of the Lanham Act also extend there. Accordingly, trademark protection in Puerto Rico can be acquired through the USPTO and/or the Puerto Rico Trademark Office. There are some advantages, however, to securing local registration in Puerto Rico in addition to U.S. Federal coverage, including the availability of statutory damages, costs, and legal fees for trademark infringement.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More