360 likes | 625 Views
Overview of Presentation. Potential Legal Liabilities for service providersExemptions to liability for service providersModerationTerms and Conditions
E N D
1. Legal Issues Facing Online Communities Dominic Bray, Sarah Stone and Paul Massey
12 July 2007
3. Potential legal liabilities for Online Communities Defamation
The publication of a statement which tends to lower the claimant in the estimation of right thinking members of society.
Is the intermediary a publisher at common law?
If not a publisher: no liability
If it is a publisher, consider:
Innocent dissemination under Defamation Act
Exemptions under E-Commerce Regulations – mere conduit, caching and hosting
4. Bunt V. Tilley, Hancox, Stevens, AOL, Tiscali and BT [2006] EWHC 407 (QB)
AOL not a publisher. Passive involvement does not incur liability as a publisher. There must be knowing involvement in publication of words.
ISPs argued exemption under the E-Commerce Regulations and under the defence of innocent dissemination in the Defamation Act.
5. Statutory Offences
Obscenity
Obscene Publications Act 1959
Obscene Publications Act 1964
Contempt of court
Contempt of Court Act 1981
Harassment
Protection from Harassment Act 1996
Sex discrimination Act 1975
Race Relations Act 1976
Other offences
6. Primary acts of copyright infringement Copying
Issuing copies to the public
Perform, show or play the work in public
Communicate the work to the public
(i) broadcasting the work; and
(ii) making available to the public by electronic transmission in such a way that members of the public may access it from a place and at a time individually chosen by them
Make an adaptation of the work or do any of the above in relation to an adaptation
Authorisation
7. Authorisation of Copyright Infringement A developing area of law and not yet tested in the UK in relation to online copyright infringement.
CBS v Amstrad (1988)
A high water mark: no contributory infringement where a device is “capable of substantial non-infringing use”
US Cases
Napster – contributory and vicarious infringement
Grokster- introduced doctrine of inducement of copyright infringement
8. Australian case law - Kazaa Guidance on what constitutes authorisation:
the extent of the person's power to prevent infringement;
the nature of the person authorising and the person performing the infringing act; and
whether the person alleged to be authorising took reasonable steps to prevent infringement
Warnings to users and an End User Licence Agreement were ineffective in preventing infringement.
Technical measures could have been adopted to reduce infringement but were not.
Kazaa actively encouraged users to increase levels of sharing activities.
9. Viacom v YouTube Remedies Sought
Declaration of Infringement:
direct copyright infringement and authorisation
secondary infringement: inducement, contributory and vicarious infringement.
Permanent injunction requiring YouTube to employ reasonable methodologies to prevent or limit infringement of Viacom’s copyright.
Maximum damages for past and present infringement plus YouTube’s profits (estimated at least $1bn).
10. Viacom v YouTube Viacom’s Arguments
Viacom claim YouTube provide more than hosting facilities:
Copies content to servers.
Creates thumbnails.
File sharing and embedding technology increases potential for infringement.
Control its site and could remove material infringing copyright. Terms and conditions reserve the right to remove material. For example, YouTube remove pornographic material.
YouTube encourage infringement:
Tags and search features enable easy identification of copyright material.
No steps taken to remove infringing material until take-down notice received.
Only the specific urls identified will be blocked. Many copies not removed.
Friends feature allows private areas where copyright infringement may take place undetected.
11. Exemptions and defences for service providers Dominic Bray
13. Exemptions & defences for service providers USA - ‘Safe Harbour’ under Digital Millennium Copyright Act
UK exemptions under E-Commerce Regulations 2002
Innocent dissemination under Defamation Act 1996
Statutory Defences re obscene publications, contempt of court, etc
14. E-Commerce Regulations Three categories of protected activity/service:
Mere Conduit (Regulation 17)
Caching (Regulation 18)
Hosting (Regulation 19)
If exempt – no liability for service provider for third party activity on its service.
15. Hosting Exemption Reg 19 E-Commerce Regs Where an information society service is provided which consists of the storage of information provided by a recipient of the service, the service provider … shall not be liable for damages … as a result of that storage where …
(a)The service provider:
(i) does not have actual knowledge of unlawful activity or information …
(ii) upon obtaining such knowledge … acts expeditiously to remove or disable access to the information, and
(b)The recipient of the service was not acting under the authority or control of the service provider.
16. Hosting exemption Two areas to consider:
Is the community a qualifying service?
Is it an “Information Society Service”?
Is it an host?
Does the community satisfy the conditions?
No actual knowledge of infringement or reason to believe.
Take down on notice.
User not under control of service provider.
17. Is the service a qualifying service? (1) Is the community an “Information Society Service”?
“Any service normally provided for remuneration, at a distance, by means of electronic equipment, for the processing … and storage of data and at the individual request of a recipient of a service.”
Provided for remuneration?
18. Is the service a qualifying service? (2) Is the community service provider an “host”?
A service “which consists of the storage of information provided by a recipient of the service.”
Compare ISP web-hosting v online communities
What if the service does more than simply store information?
‘Lafesse’ (Societe Lambert Anonyme) v MySpace, France
Viacom v YouTube and FAPL v YouTube – challenge to YouTube’s assertion that it is a ‘host’ under DMCA.
19. Hosting – knowledge of unlawful activity The service provider shall not be liable … where the service provider:
Does not have actual knowledge … or is not aware of facts or circumstances from which it would have been apparent … that the activity or information was unlawful; or
Upon obtaining such knowledge or awareness, acts expeditiously to remove or to disable access to the information
(Regulation 19(a))
20. Hosting – knowledge of unlawful activity (2) Knowledge of what?
Knowledge of the actual infringement/unlawful activity; or
Is general knowledge of circumstances enough (Viacom v YouTube)?
Has service provider received adequate notice of unlawful activity?
21. Hosting – Notice and Takedown Requirement to act “expeditiously to remove or disable access to the information” on obtaining knowledge (Regulation 19(a)(ii)).
Knowledge requirement + obligation to remove are legal basis of notice and takedown procedure.
Similar to innocent dissemination defence to defamation.
22. E-Commerce Regulations – summary Is the service an information society service?
Probably.
Is the service a hosting service?
Maybe.
Does the service provider have knowledge?
Notice? Moderation?
Does the service provider comply with notice and takedown?
Put in place a clear policy and follow it.
23. Specific Defences Defamation – innocent dissemination
Obscene Publications – knowledge and belief
Contempt of Court – knowledge and belief
24. Defamation – innocent dissemination (1) Is community a publisher at common law (Bunt v Tilley & Ors)?
If not, no liability
If publisher, then consider Section 1 Defamation Act
25. Defamation – innocent dissemination (2) Defence if the community:
Is not the author editor or publisher (as defined)
Took reasonable care in relation to the publication
Didn’t know and had no reason to believe that it caused or contributed to the defamatory statement
26. Innocent dissemination (3) Is the service provider a “publisher” under the Act?
Publisher” means commercial publisher: “a person whose business is issuing material to the public...” (Section 1(2)).
Not a publisher if only the “operator or provider of access to a communication system through which the statement is transmitted or made available” (Section 1(3)(e)).
27. Innocent dissemination (4) Did the provider take reasonable care?
Includes looking at whether provider complied with notice.
Godfrey v Demon – Demon failed to take down following notice.
Bunt v Tilley – ISPs did take reasonable care – the notice was inadequate.
28. Innocent Dissemination (5) Did the community know or have reason to believe that it caused or contributed to the publication of a defamatory statement?
notice?
moderation?
other circumstances?
29. Moderation Common theme of defences and exemptions:
Take reasonable care but:
Do not do more than ‘hosting’
Do not be a publisher or editor
Do not have actual knowledge
So what do you do?
Damned if you moderate, damned if you don’t?
30. Moderation – minimising risk Liability control and quality control
Brand protection, user experience, user safety
Consider:
What type of community is it?
Who will access the service?
What content would you expect?
What resources do you have?
What risk are you willing to accept
What are your priorities?
31. Moderation Options:
No moderation
Pre-vet all material
Moderate after posting?
Alert moderation
24/7 or periodic?
Third party providers
32. Online communities - terms and conditions Sarah Stone
33. Terms of Service / Terms of Use Key risk management terms
right to remove / block access to content
notification procedure for alleged unlawful content
sanctions - warning, suspension, account termination
financial protection - indemnity (value against user? enforceable?)
IP ownership / rights to use
Data protection / privacy
Thank you Dominic.
In the remaining 15 minutes or so, I’m going to give you an overview of key terms to include in the ToS for your online community websites to manage the risks that have been talked about today by Paul and Dominic.
In addition to the usual boilerplate terms – eg., provisions that limit service provider liability - need to manage risk of unlawful / defamatory content being posted on your site. Can do this in various ways through ToS.
include right to remove / block access to content
- notice and take-down procedure (which I will discuss in a bit more detail in a few minutes)
- sanctions against users
- indemnity BUT query value, enforceability (Unfair Terms in Consumer Contract Regulations; Unfair Contract Terms Act)
Should also include provisions dealing with intellectual property rights in the service and in UGC uploaded through the service, as well as a privacy policy to ensure that you are processing personal data in compliance with applicable data protection laws
Thank you Dominic.
In the remaining 15 minutes or so, I’m going to give you an overview of key terms to include in the ToS for your online community websites to manage the risks that have been talked about today by Paul and Dominic.
In addition to the usual boilerplate terms – eg., provisions that limit service provider liability - need to manage risk of unlawful / defamatory content being posted on your site. Can do this in various ways through ToS.
include right to remove / block access to content
- notice and take-down procedure (which I will discuss in a bit more detail in a few minutes)
- sanctions against users
- indemnity BUT query value, enforceability (Unfair Terms in Consumer Contract Regulations; Unfair Contract Terms Act)
Should also include provisions dealing with intellectual property rights in the service and in UGC uploaded through the service, as well as a privacy policy to ensure that you are processing personal data in compliance with applicable data protection laws
34. Notice & take-down procedure Best practice: What should the notice contain?
clear description of disputed content and why complainant believes it is unlawful
details of URL or other location information
complainant's contact details – verify identity
statement by complainant
info provided is accurate
complainant has right to complain
good faith belief that disputed content is not authorised / lawful OR it is untrue and harmful to their reputation (defamation)
Easy to find and use
In ToS, should have a notice & take down procedure designed to take advantage of the innocent dissemination defence under the Defamation Act and the hosting exemption under the eCommerce Regulations.
The procedure should require the complainant to provide:
[list above]
Good faith belief point – useful to reiterate here that service provider is not seeking to act as policeman, this is designed to ensure that service provider has protection against claims from the poster of the disputed content that – for example – the service provider has interfered with their human rights – eg., freedom of expression
In ToS, should have a notice & take down procedure designed to take advantage of the innocent dissemination defence under the Defamation Act and the hosting exemption under the eCommerce Regulations.
The procedure should require the complainant to provide:
[list above]
Good faith belief point – useful to reiterate here that service provider is not seeking to act as policeman, this is designed to ensure that service provider has protection against claims from the poster of the disputed content that – for example – the service provider has interfered with their human rights – eg., freedom of expression
35. IP ownership / rights to use Service provider ownership
MMOGs eg., World of Warcraft, City of Heroes
User ownership with service provider right to use
Second Life: participants own content they create in-world, to the extent they have such rights under applicable law
Licence scope - in-service (MySpace) / beyond (MTV Flux)
Open-source - 'community' rights to copy, modify, distribute
open source software communities eg., Linux
Channel 4 Fourdocs – Creative Commons licence Another key provision in the ToS for an online community will be concerning intellectual property issues
This will need to be customised to fit the way in which the community uses the website (eg., permits UGC to be uploaded) and the chosen business model of the website operator
In very simple terms, there are 3 models:
The service provider owns all IP in the service and the content that is available through it (this is a model adopted by MMOGs – claim ownership of IP in game environment, including virtual characters created by users) Suits their business model – can set up game exchanges where players can sell ‘virtual property’ to each other and operator derives a commission)
User owns content that they create but grant service provider perpetual right to use. Nature of licence-back needs to reflect the purposes for which service provider may want to use the UGC in future eg., advertising, separate revenue stream. MTV Flux - freedom to use (commercially) in any way vs MySpace – limit to use on MySpace Services
Open source model – often used in software communities; also used on Channel 4 Fourdocs site for budding documentary makers
Another key provision in the ToS for an online community will be concerning intellectual property issues
This will need to be customised to fit the way in which the community uses the website (eg., permits UGC to be uploaded) and the chosen business model of the website operator
In very simple terms, there are 3 models:
The service provider owns all IP in the service and the content that is available through it (this is a model adopted by MMOGs – claim ownership of IP in game environment, including virtual characters created by users) Suits their business model – can set up game exchanges where players can sell ‘virtual property’ to each other and operator derives a commission)
User owns content that they create but grant service provider perpetual right to use. Nature of licence-back needs to reflect the purposes for which service provider may want to use the UGC in future eg., advertising, separate revenue stream. MTV Flux - freedom to use (commercially) in any way vs MySpace – limit to use on MySpace Services
Open source model – often used in software communities; also used on Channel 4 Fourdocs site for budding documentary makers
36. Data protection – collection methods user registration - provide personal information
business model - open exchange of personal information eg., LinkedIn, FaceBook
use of 'hidden' technologies to gather information about user activity (eg., cookies, web beacons)
User profiling - targeted advertising as a means of monetising online communities
[may use different data collection practices – listed above]
Develop profile of way in which users interact with online community websites
Very valuable asset – as seen by increasing trend of online community websites that are seeking to monetise their websites and database of loyal users through use of targeted advertising on their sites.
[may use different data collection practices – listed above]
Develop profile of way in which users interact with online community websites
Very valuable asset – as seen by increasing trend of online community websites that are seeking to monetise their websites and database of loyal users through use of targeted advertising on their sites.
37. Data protection - compliance Register as a data controller - failure to notify is a criminal offence (www.ico.gov.uk)
Privacy policy
inform users of the purposes for which their personal information will be processed ('fair and lawful processing’)
Use of cookies, web beacons; how to disable (PEC Regulations)
data sharing with third parties – who, why
Other issues
no data export outside EEA unless consent / other derogations
targeted advertising on-site vs email marketing sent to individual – compliance with PEC Regulations
If you are a service provider collecting personal information relating to users, and you are established in the UK or have servers in the UK on which the information or your service is hosted, you will need to comply with the UK Data Protection Act 1998.
First of all, you will need to notify with Inf Cmr (unless exempt) as failure to notify is a criminal offence.
Should also have a privacy policy that tells users who you are, what you are doing with their data and how they can contact you if they have any questions about their personal data. If you use cookies on site, also required by Privacy and Electronic Commerce Regulations to tell users this, and inform them how to disable.
If you are a service provider collecting personal information relating to users, and you are established in the UK or have servers in the UK on which the information or your service is hosted, you will need to comply with the UK Data Protection Act 1998.
First of all, you will need to notify with Inf Cmr (unless exempt) as failure to notify is a criminal offence.
Should also have a privacy policy that tells users who you are, what you are doing with their data and how they can contact you if they have any questions about their personal data. If you use cookies on site, also required by Privacy and Electronic Commerce Regulations to tell users this, and inform them how to disable.
38. Data protection - risk of getting it wrong UK - general approach, weak enforcement powers
Fines (up to £5,000), compensation, rectification or destruction of data
Compared to
US - sectoral approach, large penalties
Xanga.com - social networking site fined US$1m by FTC for breaching Children's Online Privacy Protection Act (COPPA) by allowing children under 13 to sign up for the service without getting their parent's consent
39. dominic.bray@klgates.comsarah.stone@klgates.compaul.massey@klgates.com