- Bad chords. A European musician’s attempt to stop a negative concert review from continuing to appear in Internet search results is raising questions about whether the EU’s “right to be forgotten” ruling could prevent the Internet from being a source of objective truth. Established in May by the European Court of Justice, the right to be forgotten ruling requires search engines like Google to remove “inadequate, irrelevant or… excessive” links that appear as a result of searches of an EC member’s name. Pursuant to the ruling, European pianist Dejan Lazic asked the Washington Post to remove a tepid review of one of his Kennedy Center concerts from Google search results. Lazic’s request was denied because it was posed to the wrong party—the right to be forgotten ruling applies to Internet search engines, not publishers—but it nevertheless serves as an example of a request that could be granted under the right to be forgotten rule, and that, argues Washington Post Internet culture columnist Caitlin Dewey, is “terrifying.” Dewey writes that such a result “torpedoes the very foundation of arts criticism… essentially invalidates the primary function of journalism,” and “undermines the greatest power of the Web as a record and a clearinghouse for our vast intellectual output.”
- A tall tale. The FBI has admitted to fabricating an Associated Press story and sending its link to the MySpace page of a high-school-bombing-threat suspect in 2007 to lure him into downloading malware that revealed his location and Internet Protocol address. Agents arrested the suspect, a 15-year-old Seattle-area boy, within days of learning his whereabouts as the result of the malware, which downloaded automatically when the suspect clicked the link to a fabricated story bearing the headline “Technology savvy student holds Timberline High School hostage.” Civil libertarians are concerned about the FBI’s impersonation of news organizations to send malware to suspects, and an AP spokesman said the organization finds it “unacceptable that the FBI misappropriated the name of The Associated Press and published a false story attributed to AP.”
- Suspicious expulsions. An Alabama school district recently expelled more than a dozen students after a review of their social media accounts revealed signs of gang involvement or gun possession. The investigation into the students’ social media accounts was conducted by a former FBI agent whom the school district had hired for $157,000 as a security consultant. Since 12 of the 14 expelled students were African-American, a county commissioner accused the investigation of “effectively targeting or profiling black children in terms of behavior and behavioral issues.”
In June of this year, we sent out an alert about the anticipated new UK copyright infringement exceptions. These exceptions were to be introduced based on the recommendations of the Hargreaves Review. Surprisingly, some of the exceptions had been dramatically pulled from the legislative slate at the last minute. However, the UK government has now upheld its subsequent promise to re-publish the statutory instruments for the infringement exceptions for (1) personal use, (2) parodies and (3) quotations, with new legislation on all three subjects that came into force on October 1, 2014.
Almost in parallel, a European ruling and an Advocate General opinion have helped to prepare for the arrival of the two statutory instruments, with commentary on (i) the scope of parody and (ii) in relation to personal use, the impact of copyright levies.
The New Legislation
Two new regulations have come into force, amending the Copyright, Designs and Patents Act 1988 (the “CDPA”) to include new exceptions for copyright infringement. The first – the Copyright and Rights in Performances (Quotation and Parody) Regulations 2014 (the “Quotation and Parody Regulations”) – extends the provisions for quotations of copyright-protected works (having previously only been available for criticism and review), and creates a new provision for parodies. The second regulation – the Copyright and Rights in Performances (Personal Copies for Private Use) Regulations 2014 (the “Personal Copies Regulations”) – concerns making copies of copyrighted works for personal use.
From October 1, 2014, the free quotation of copyright protected works is no longer limited to reporting current events or to works of criticism or review. The Quotation and Parody Regulations, inserted into the CDPA as section 30(1ZA), now permit quotation for any purpose, provided that:
- the work quoted has been made publicly available;
- the use of the quotations constitutes “fair dealing” with the work;
- the extent of a quotation is no more than is necessary for the purpose; and
- the quotation is accompanied by sufficient acknowledgment to the copyright owner (unless this is impossible).
The UK Intellectual Property Office has stated that this amendment will help to save costs on copyright clearance, support free expression and align UK law with the rest of Europe. However, as anticipated in our previous alert, the Quotation and Parody Regulations do not provide a definition of “quotation”, or guidance as to how extensive a “quotation” is allowed to be. This may place undue pressure on the meaning of “fair dealing” as UK courts seek to define the scope of the exception.
The new exception for parodies allows fair dealing with a work for the purposes of caricature, parody or pastiche (section 30A of the CDPA) and provides that fair dealing with a recording or performance (section 2A to Schedule 2 of the CDPA) for the purposes of parody does not infringe copyright conferred in the performance or recording. This change now means that the permission of the copyright holder will no longer have to be obtained, provided that the use of the original work is fair and proportionate. This is good news for British comedians and artists, it would seem, unless, of course, it is their work that is being parodied.
However, an EU court ruling on parodies in September 2014 has already placed some restrictions on the new legislation. In Deckmyn v Vandersteen C-201/13, the Court of Justice of the European Union (the “CJEU”) defined a parody as something that evokes an existing work while being noticeably different from it and constituting an expression of humour or mockery. The CJEU also stated that national courts must strike a balance between copyright owners’ interests and mimickers, and that copyright owners have a legitimate interest in disassociating their work from a parody, if the parody involves a discriminatory message.
This creates a whole new checklist for UK courts to consider, alongside the usual fair dealing test. Judges will have to also hold a view on whether the parody (i) strikes a fair balance, (ii) differs noticeably from the original work, and (iii) is sufficiently humorous. In particular, the last of these requirements may worry budding parodists, who could end up having to justify their comedy in front of a very different audience than first intended.
In November 2012, we wrote an Alert about the European Commission’s Communication on Cloud Computing intended, it said, to “… unleash the potential of cloud computing in Europe”. Sceptics were doubtful that the cloud industry needed much help from European regulators to thrive.
Twenty months later, the Commission has begun to deliver on its key actions in the Communication with the publication of its Cloud Service Level Agreement Standardisation Guidelines.
How helpful are these Standardisation Guidelines to the cloud sector at this point in its development?
The recently-issued Cloud Service Level Agreement Standardisation Guidelines have their origin back in November 2012. At that time, the European Commission issued a Communication setting out a road map for the future growth of cloud computing in Europe.
In the 2012 Communication, the Commission set out a number of key actions, including to cut through the jungle of standards and to promote safe and fair cloud contracts. The Commission believes that the development of model terms for cloud computing – and, specifically, service level agreements in the cloud sector – is one of the most important issues affecting the future growth of the cloud industry in Europe, and that standardising the approach to cloud services will enable buyers of cloud computing services to make fair comparisons between different providers’ offerings.
The latest issue of our Socially Aware newsletter is now available here.
All this–plus a collection of thought-provoking statistics about online privacy…
- A Gallup survey found that a majority of Americans do not turn to social media when making purchasing decisions — but the survey appears to be flawed in several respects, especially because the information was gathered 18 months ago, which, let’s face it, is a virtual lifetime in social media marketing.
- Google has begun to implement the newly recognized European “right to be forgotten” by removing personal data from its search engines in response to user requests. Other providers such as Microsoft are beginning the same process, and at least one company — France-based Reputation VIP — has launched a website to facilitate removal requests.
- By the way, before we forget, this is what you’ll see when Google removes “forgotten” search results. No word yet on what EU regulators think of this . . .
- Social media and even video games have become crucial ways in which health professionals can convey important information about HIV prevention to people at high risk of infection.
The latest issue of our Socially Aware newsletter is now available here.
All this—plus a collection of thought-provoking statistics about digital music…
In a press release published (in French) on its website, UFC-Que Choisir explains that the three Internet companies ignored a letter that the group had delivered to them in June 2013, containing recommendations on how to modify their online policies and agreements. The group sought to press the companies to modify their practices as part of a consumer campaign entitled “Je garde la main sur mes données” (or, in English, “I keep my hand on my data”).
According to the press release, the companies’ refusal to address UFC-Que Choisir’s concerns prompted it to initiate court proceedings. The group has requested that the court suppress or modify a “myriad of contentious clauses,” and alleged that one company had included 180 such “contentious clauses” in its user agreement.
The group has also invited French consumers to sign a petition calling for rapid adoption of the EU Data Protection Reform that will replace the current Directive on data protection with a Regulation with direct effects on the 28 EU Member States. UFC-Que Choisir published two possibly NSFW videos depicting a man and a woman being stripped bare while posting to their Google Plus, Facebook and Twitter accounts. A message associated with each video states: “Sur les réseaux sociaux, vous êtes vite à poil” (or, in English, “On social networks, you will be quickly stripped bare”). Continue Reading French Consumer Association Takes on Internet Giants
The European Court of Justice (ECJ) issued a quite surprising decision against Google which has significant implications for global companies.
On May 13, 2014 the ECJ issued a ruling which did not follow the rationale or the conclusions of its Advocate General, but instead sided with the Spanish data protection authority (DPA) and found that:
- Individuals have a right to request from the search engine provider that content that was legitimately published on websites should not be searchable by name if the personal information published is inadequate, irrelevant or no longer relevant;
- Google’s search function resulted in Google acting as a data controller within the meaning of the Data Protection Directive 95/46, despite the fact that Google did not control the data appearing on webpages of third party publishers;
- Spanish law applied because Google Inc. processed data that was closely related to Google Spain’s selling of advertising space, even where Google Spain did not process any of the data. In doing so, it derogated from earlier decisions, arguing the services were targeted at the Spanish market, and such broad application was required for the effectiveness of the Directive.
The ruling will have significant implications for search engines, social media operators and businesses with operations in Europe generally. While the much debated “right to be forgotten” is strengthened, the decision may open the floodgates for people living in the 28 countries in the EU to demand that Google and other search engine operators remove links from search results. The problem is that the ECJ mentions a broad range of data that may be erased. Not only should incorrect or unlawful data be erased, but also all those data which are “inadequate, irrelevant, or no longer relevant”, as well as those which are “excessive or not kept up to date” in relation to the purposes for which they were processed. It is left to the companies to decide when data falls into these categories.
In that context, the ruling will likely create new costs for companies and possibly thousands of individual complaints. What is more, companies operating search engines for users in the EU will have the difficult task of assessing each complaint they process and whether the rights of the individuals prevail over the rights of the public. Internet search engines with operations in the EU will have to handle requests from individuals who want the deletion of search results that link to pages containing their personal data.
That said, the scope of the ruling is limited to name searches. While search engines will have to de-activate the name search, the data can still be available in relation to other keyword searches. The ECJ did not impose new requirements relating to the content of webpages, in an effort to maintain the freedom of expression, and more particularly, press freedom. But this will still result in a great deal of information legally published to be available only to a limited audience.
Below we set out the facts of the case and the most significant implications of the decision, and address its possible consequences on all companies operating search engines. Continue Reading European Court of Justice Strengthens Right to Be Forgotten
Cisco estimates that 25 billion devices will be connected in the Internet of Things (IoT) by 2015, and 50 billion by 2020. Analyst firm IDC makes an even bolder prediction: 212 billion connected devices by 2020. This massive increase in connectedness will drive a wave of innovation and could generate up to $19 trillion in savings over the next decade, according to Cisco’s estimates.
In the first part of this two-part post, we examined the development of, and practical challenges facing businesses implementing, IoT solutions. In this second part, we will look at the likely legal and regulatory issues associated with the IoT, especially from an EU and U.S. perspective.
In the new world of the IoT, the problem is, in many cases, the old problem squared. Contractually, the explosion of devices and platforms will create the need for a web of inter-dependent providers and alliances, with consequent issues such as liability, intellectual property ownership and compliance with consumer protection regulations. Continue Reading The Internet of Things Part 2: The Old Problem Squared
On March 27, 2014, the highest court in the European Union—the Court of Justice for the European Union (CJEU)—decided that copyright owners have the right to seek injunctions against Internet service providers (ISPs) requiring the ISPs to block access to pirate websites illegally streaming or making copyright material available for download.
The case arose out of a dispute in Austria between two movie companies and an Austrian ISP, UPC Telekabel Wien GmbH. The movie companies were concerned about access to an illegal streaming site, Kino.to, which was making copies of films such as Vicky the Viking and The White Ribbon available to its subscribers. The Austrian Supreme Court had asked the CJEU whether the movie companies were entitled under European law to seek an injunction against the ISP, not just against the illegal streaming site.
EU law allows holders of intellectual property rights to seek an injunction against any “intermediary” that provides services to third parties and, in doing so, helps them to infringe copyrighted works. The Austrian Supreme Court asked the CJEU for a ruling on whether ISPs in this position were considered to be an intermediary for the purposes of the European legislation. Continue Reading The Umpire Strikes Back: European Court Rules That ISPs Can Be Forced to Block Pirate Websites