• Bad chords. A European musician’s attempt to stop a negative concert review from continuing to appear in Internet search results is raising questions about whether the EU’s “right to be forgotten” ruling could prevent the Internet from being a source of objective truth.  Established in May by the European Court of Justice, the right to be forgotten ruling requires search engines like Google to remove “inadequate, irrelevant or… excessive” links that appear as a result of searches of an EC member’s name. Pursuant to the ruling, European pianist Dejan Lazic asked the Washington Post to remove a tepid review of one of his Kennedy Center concerts from Google search results. Lazic’s request was denied because it was posed to the wrong party—the right to be forgotten ruling applies to Internet search engines, not publishers—but it nevertheless serves as an example of a request that could be granted under the right to be forgotten rule, and that, argues Washington Post Internet culture columnist Caitlin Dewey, is “terrifying.” Dewey writes that such a result “torpedoes the very foundation of arts criticism… essentially invalidates the primary function of journalism,” and “undermines the greatest power of the Web as a record and a clearinghouse for our vast intellectual output.”
  • A tall tale. The FBI has admitted to fabricating an Associated Press story and sending its link to the MySpace page of a high-school-bombing-threat suspect in 2007 to lure him into downloading malware that revealed his location and Internet Protocol address. Agents arrested the suspect, a 15-year-old Seattle-area boy, within days of learning his whereabouts as the result of the malware, which downloaded automatically when the suspect clicked the link to a fabricated story bearing the headline “Technology savvy student holds Timberline High School hostage.” Civil libertarians are concerned about the FBI’s impersonation of news organizations to send malware to suspects, and an AP spokesman said the organization finds it “unacceptable that the FBI misappropriated the name of The Associated Press and published a false story attributed to AP.”
  • Suspicious expulsions. An Alabama school district recently expelled more than a dozen students after a review of their social media accounts revealed signs of gang involvement or gun possession. The investigation into the students’ social media accounts was conducted by a former FBI agent whom the school district had hired for $157,000 as a security consultant. Since 12 of the 14 expelled students were African-American, a county commissioner accused the investigation of  “effectively targeting or profiling black children in terms of behavior and behavioral issues.”

Introduction

In June of this year, we sent out an alert about the anticipated new UK copyright infringement exceptions. These exceptions were to be introduced based on the recommendations of the Hargreaves Review. Surprisingly, some of the exceptions had been dramatically pulled from the legislative slate at the last minute. However, the UK government has now upheld its subsequent promise to re-publish the statutory instruments for the infringement exceptions for (1) personal use, (2) parodies and (3) quotations, with new legislation on all three subjects that came into force on October 1, 2014.

Almost in parallel, a European ruling and an Advocate General opinion have helped to prepare for the arrival of the two statutory instruments, with commentary on (i) the scope of parody and (ii) in relation to personal use, the impact of copyright levies.

The New Legislation

Two new regulations have come into force, amending the Copyright, Designs and Patents Act 1988 (the “CDPA”) to include new exceptions for copyright infringement. The first – the Copyright and Rights in Performances (Quotation and Parody) Regulations 2014 (the “Quotation and Parody Regulations”) – extends the provisions for quotations of copyright-protected works (having previously only been available for criticism and review), and creates a new provision for parodies.  The second regulation – the Copyright and Rights in Performances (Personal Copies for Private Use) Regulations 2014 (the “Personal Copies Regulations”) – concerns making copies of copyrighted works for personal use.

Quotation

From October 1, 2014, the free quotation of copyright protected works is no longer limited to reporting current events or to works of criticism or review. The Quotation and Parody Regulations, inserted into the CDPA as section 30(1ZA), now permit quotation for any purpose, provided that:

  • the work quoted has been made publicly available;
  • the use of the quotations constitutes “fair dealing” with the work;
  • the extent of a quotation is no more than is necessary for the purpose; and
  • the quotation is accompanied by sufficient acknowledgment to the copyright owner (unless this is impossible).

The UK Intellectual Property Office has stated that this amendment will help to save costs on copyright clearance, support free expression and align UK law with the rest of Europe. However, as anticipated in our previous alert, the Quotation and Parody Regulations do not provide a definition of “quotation”, or guidance as to how extensive a “quotation” is allowed to be. This may place undue pressure on the meaning of “fair dealing” as UK courts seek to define the scope of the exception.

Parody

The new exception for parodies allows fair dealing with a work for the purposes of caricature, parody or pastiche (section 30A of the CDPA) and provides that fair dealing with a recording or performance  (section 2A to Schedule 2 of the CDPA) for the purposes of parody does not infringe copyright conferred in the performance or recording. This change now means that the permission of the copyright holder will no longer have to be obtained, provided that the use of the original work is fair and proportionate.  This is good news for British comedians and artists, it would seem, unless, of course, it is their work that is being parodied.

However, an EU court ruling on parodies in September 2014 has already placed some restrictions on the new legislation. In Deckmyn v Vandersteen C-201/13, the Court of Justice of the European Union (the “CJEU”) defined a parody as something that evokes an existing work while being noticeably different from it and constituting an expression of humour or mockery. The CJEU also stated that national courts must strike a balance between copyright owners’ interests and mimickers, and that copyright owners have a legitimate interest in disassociating their work from a parody, if the parody involves a discriminatory message.

This creates a whole new checklist for UK courts to consider, alongside the usual fair dealing test. Judges will have to also hold a view on whether the parody (i) strikes a fair balance, (ii) differs noticeably from the original work, and (iii) is sufficiently humorous. In particular, the last of these requirements may worry budding parodists, who could end up having to justify their comedy in front of a very different audience than first intended.

Continue Reading Copyright: Europe Explores Its Boundaries – New UK Infringement Exceptions – The Ones That Came Back Again

In November 2012, we wrote an Alert about the European Commission’s Communication on Cloud Computing intended, it said, to “… unleash the potential of cloud computing in Europe”.  Sceptics were doubtful that the cloud industry needed much help from European regulators to thrive.

Twenty months later, the Commission has begun to deliver on its key actions in the Communication with the publication of its Cloud Service Level Agreement Standardisation Guidelines.

How helpful are these Standardisation Guidelines to the cloud sector at this point in its development?

The recently-issued Cloud Service Level Agreement Standardisation Guidelines have their origin back in November 2012.  At that time, the European Commission issued a Communication setting out a road map for the future growth of cloud computing in Europe.

In the 2012 Communication, the Commission set out a number of key actions, including to cut through the jungle of standards and to promote safe and fair cloud contracts.  The Commission believes that the development of model terms for cloud computing – and, specifically, service level agreements in the cloud sector – is one of the most important issues affecting the future growth of the cloud industry in Europe, and that standardising the approach to cloud services will enable buyers of cloud computing services to make fair comparisons between different providers’ offerings.

Continue Reading EU Cloud Standardisation Guidelines

The latest issue of our Socially Aware newsletter is now available here.

In this issue of Socially Aware, our Burton Award-winning guide to the law and business of social media, we analyze a groundbreaking FTC complaint alleging deceptive practices online that could turn website Terms of Use into federal law; we summarize a U.S. Supreme Court copyright case that could impact existing technologies and future technological innovation; we discuss a ruling from Europe’s highest court that will aid copyright owners in the fight against illegal streaming sites; we report on new SEC guidance on social media use by investment advisers as it relates to testimonials; we take a look at the development of the Internet of Things and the many regulatory, privacy and security issues that go along with it; and we highlight a recent class action decision that potentially impacts any company that hosts videos on its website.

All this—plus a collection of thought-provoking statistics about digital music…

Earlier this year, the French consumer association UFC-Que Choisir initiated proceedings before the Paris District Court against Google Inc., Facebook Inc. and Twitter Inc., accusing these companies of using confusing and unlawful online privacy policies and terms of use agreements in the French versions of their social media platforms; in particular, the consumer association argued that these online policies and agreements provide the companies with too much leeway to collect and share user data.

In a press release published (in French) on its website, UFC-Que Choisir explains that the three Internet companies ignored a letter that the group had delivered to them in June 2013, containing recommendations on how to modify their online policies and agreements. The group sought to press the companies to modify their practices as part of a consumer campaign entitled “Je garde la main sur mes données” (or, in English, “I keep my hand on my data”).

According to the press release, the companies’ refusal to address UFC-Que Choisir’s concerns prompted it to initiate court proceedings. The group has requested that the court suppress or modify a “myriad of contentious clauses,” and alleged that one company had included 180 such “contentious clauses” in its user agreement.

The group has also invited French consumers to sign a petition calling for rapid adoption of the EU Data Protection Reform that will replace the current Directive on data protection with a Regulation with direct effects on the 28 EU Member States. UFC-Que Choisir published two possibly NSFW videos depicting a man and a woman being stripped bare while posting to their Google Plus, Facebook and Twitter accounts. A message associated with each video states: “Sur les réseaux sociaux, vous êtes vite à poil” (or, in English, “On social networks, you will be quickly stripped bare”). Continue Reading French Consumer Association Takes on Internet Giants

The European Court of Justice (ECJ) issued a quite surprising decision against Google which has significant implications for global companies.

On May 13, 2014 the ECJ issued a ruling which did not follow the rationale or the conclusions of its Advocate General, but instead sided with the Spanish data protection authority (DPA) and found that:

  • Individuals have a right to request from the search engine provider that content that was legitimately published on websites should not be searchable by name if the personal information published is inadequate, irrelevant or no longer relevant;
  • Google’s search function resulted in Google acting as a data controller within the meaning of the Data Protection Directive 95/46, despite the fact that Google did not control the data appearing on webpages of third party publishers;
  • Spanish law applied because Google Inc. processed data that was closely related to Google Spain’s selling of advertising space, even where Google Spain did not process any of the data. In doing so, it derogated from earlier decisions, arguing the services were targeted at the Spanish market, and such broad application was required for the effectiveness of the Directive.

The ruling will have significant implications for search engines, social media operators and businesses with operations in Europe generally. While the much debated “right to be forgotten” is strengthened, the decision may open the floodgates for people living in the 28 countries in the EU to demand that Google and other search engine operators remove links from search results. The problem is that the ECJ mentions a broad range of data that may be erased. Not only should incorrect or unlawful data be erased, but also all those data which are “inadequate, irrelevant, or no longer relevant”, as well as those which are “excessive or not kept up to date” in relation to the purposes for which they were processed. It is left to the companies to decide when data falls into these categories.

In that context, the ruling will likely create new costs for companies and possibly thousands of individual complaints. What is more, companies operating search engines for users in the EU will have the difficult task of assessing each complaint they process and whether the rights of the individuals prevail over the rights of the public. Internet search engines with operations in the EU will have to handle requests from individuals who want the deletion of search results that link to pages containing their personal data.

That said, the scope of the ruling is limited to name searches. While search engines will have to de-activate the name search, the data can still be available in relation to other keyword searches. The ECJ did not impose new requirements relating to the content of webpages, in an effort to maintain the freedom of expression, and more particularly, press freedom. But this will still result in a great deal of information legally published to be available only to a limited audience.

Below we set out the facts of the case and the most significant implications of the decision, and address its possible consequences on all companies operating search engines. Continue Reading European Court of Justice Strengthens Right to Be Forgotten

The latest issue of our Socially Aware newsletter is now available here.

In this issue of Socially Aware, our Burton Award-winning guide to the law and business of social media, we summarize the current status of various state laws restricting employer access to the personal social media accounts of applicants and employees; we explore how driving while wearing Google Glass is butting up against the law, and examine recent attempts to legislate the use of Glass on the road; we report on various approaches U.S. courts are taking to address social media-related discovery challenges and to avoid social media fishing expeditions; we take a look at the legal landscape of so-called “revenge porn” and the laws victims are leveraging (or may be able to leverage in the future) in order to fight back; we discuss how UK and European copyright law is being applied to common Internet social and business practices, including the most basic of online activities—hyperlinking; and we highlight a puzzling recent Ninth Circuit decision that has operators of online video services and copyright experts alike scratching their respective heads.

All this—plus a collection of thought-provoking statistics about social media marketing…

The Internet of Things (IoT) is the network of everyday physical objects that surround us and are increasingly being embedded with technology to enable those objects to collect and transmit data about their use and surroundings. TVs connected to the Internet and refrigerators connected to online delivery services are just the start of it. In the new world of the IoT, the possibilities are enormous, and the technology industry has so far only scratched the surface of what “machine-to-machine” (M2M) interconnectivity could achieve.

But the ingenuity and innovation which companies will apply to turn the IoT into practical reality is constrained by law and regulation. Existing issues may take on new dimensions and, as technologies combine, so will the legal consequences of those technologies.

In this post, we look at the prospects for the IoT. In a second post to be published shortly, we will examine the likely legal and regulatory factors that will affect the development and growth of IoT technology and the markets that such technology will create. Continue Reading The Internet of Things Part 1: Brave New World

On March 27, 2014, the highest court in the European Union—the Court of Justice for the European Union (CJEU)—decided that copyright owners have the right to seek injunctions against Internet service providers (ISPs) requiring the ISPs to block access to pirate websites illegally streaming or making copyright material available for download.

The case arose out of a dispute in Austria between two movie companies and an Austrian ISP, UPC Telekabel Wien GmbH. The movie companies were concerned about access to an illegal streaming site, Kino.to, which was making copies of films such as Vicky the Viking and The White Ribbon available to its subscribers. The Austrian Supreme Court had asked the CJEU whether the movie companies were entitled under European law to seek an injunction against the ISP, not just against the illegal streaming site.

EU law allows holders of intellectual property rights to seek an injunction against any “intermediary” that provides services to third parties and, in doing so, helps them to infringe copyrighted works. The Austrian Supreme Court asked the CJEU for a ruling on whether ISPs in this position were considered to be an intermediary for the purposes of the European legislation. Continue Reading The Umpire Strikes Back: European Court Rules That ISPs Can Be Forced to Block Pirate Websites

INTRODUCTION

This year, as the world celebrates the 25th anniversary of the World Wide Web, the Web’s founder, Tim Berners-Lee, has called for a fundamental reappraisal of copyright law.  By coincidence, this year we also anticipate a rash of UK and European legislative developments and court decisions centring on copyright and its application to the Web.

In our “Copyright: Europe Explores its Boundaries” series of posts—aimed at copyright owners, technology developers and digital philosophers alike—we will examine how UK and European copyright is coping with the Web and the novel social and business practices that it enables. Continue Reading Copyright: Europe Explores its Boundaries: Part 1: Link Hubs