1 / 36

Legal Issues Facing Online Communities

Overview of Presentation. Potential Legal Liabilities for service providersExemptions to liability for service providersModerationTerms and Conditions

Leo
Download Presentation

Legal Issues Facing Online Communities

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


    1. Legal Issues Facing Online Communities Dominic Bray, Sarah Stone and Paul Massey 12 July 2007

    3. Potential legal liabilities for Online Communities Defamation The publication of a statement which tends to lower the claimant in the estimation of right thinking members of society. Is the intermediary a publisher at common law? If not a publisher: no liability If it is a publisher, consider: Innocent dissemination under Defamation Act Exemptions under E-Commerce Regulations – mere conduit, caching and hosting

    4. Bunt V. Tilley, Hancox, Stevens, AOL, Tiscali and BT [2006] EWHC 407 (QB) AOL not a publisher. Passive involvement does not incur liability as a publisher. There must be knowing involvement in publication of words. ISPs argued exemption under the E-Commerce Regulations and under the defence of innocent dissemination in the Defamation Act.

    5. Statutory Offences Obscenity Obscene Publications Act 1959 Obscene Publications Act 1964 Contempt of court Contempt of Court Act 1981 Harassment Protection from Harassment Act 1996 Sex discrimination Act 1975 Race Relations Act 1976 Other offences

    6. Primary acts of copyright infringement Copying Issuing copies to the public Perform, show or play the work in public Communicate the work to the public (i) broadcasting the work; and (ii) making available to the public by electronic transmission in such a way that members of the public may access it from a place and at a time individually chosen by them Make an adaptation of the work or do any of the above in relation to an adaptation Authorisation

    7. Authorisation of Copyright Infringement A developing area of law and not yet tested in the UK in relation to online copyright infringement. CBS v Amstrad (1988) A high water mark: no contributory infringement where a device is “capable of substantial non-infringing use” US Cases Napster – contributory and vicarious infringement Grokster- introduced doctrine of inducement of copyright infringement

    8. Australian case law - Kazaa Guidance on what constitutes authorisation: the extent of the person's power to prevent infringement; the nature of the person authorising and the person performing the infringing act; and whether the person alleged to be authorising took reasonable steps to prevent infringement Warnings to users and an End User Licence Agreement were ineffective in preventing infringement. Technical measures could have been adopted to reduce infringement but were not. Kazaa actively encouraged users to increase levels of sharing activities.

    9. Viacom v YouTube Remedies Sought Declaration of Infringement: direct copyright infringement and authorisation secondary infringement: inducement, contributory and vicarious infringement. Permanent injunction requiring YouTube to employ reasonable methodologies to prevent or limit infringement of Viacom’s copyright. Maximum damages for past and present infringement plus YouTube’s profits (estimated at least $1bn).

    10. Viacom v YouTube Viacom’s Arguments Viacom claim YouTube provide more than hosting facilities: Copies content to servers. Creates thumbnails. File sharing and embedding technology increases potential for infringement. Control its site and could remove material infringing copyright. Terms and conditions reserve the right to remove material. For example, YouTube remove pornographic material. YouTube encourage infringement: Tags and search features enable easy identification of copyright material. No steps taken to remove infringing material until take-down notice received. Only the specific urls identified will be blocked. Many copies not removed. Friends feature allows private areas where copyright infringement may take place undetected.

    11. Exemptions and defences for service providers Dominic Bray

    13. Exemptions & defences for service providers USA - ‘Safe Harbour’ under Digital Millennium Copyright Act UK exemptions under E-Commerce Regulations 2002 Innocent dissemination under Defamation Act 1996 Statutory Defences re obscene publications, contempt of court, etc

    14. E-Commerce Regulations Three categories of protected activity/service: Mere Conduit (Regulation 17) Caching (Regulation 18) Hosting (Regulation 19) If exempt – no liability for service provider for third party activity on its service.

    15. Hosting Exemption Reg 19 E-Commerce Regs Where an information society service is provided which consists of the storage of information provided by a recipient of the service, the service provider … shall not be liable for damages … as a result of that storage where … (a)The service provider: (i) does not have actual knowledge of unlawful activity or information … (ii) upon obtaining such knowledge … acts expeditiously to remove or disable access to the information, and (b)The recipient of the service was not acting under the authority or control of the service provider.

    16. Hosting exemption Two areas to consider: Is the community a qualifying service? Is it an “Information Society Service”? Is it an host? Does the community satisfy the conditions? No actual knowledge of infringement or reason to believe. Take down on notice. User not under control of service provider.

    17. Is the service a qualifying service? (1) Is the community an “Information Society Service”? “Any service normally provided for remuneration, at a distance, by means of electronic equipment, for the processing … and storage of data and at the individual request of a recipient of a service.” Provided for remuneration?

    18. Is the service a qualifying service? (2) Is the community service provider an “host”? A service “which consists of the storage of information provided by a recipient of the service.” Compare ISP web-hosting v online communities What if the service does more than simply store information? ‘Lafesse’ (Societe Lambert Anonyme) v MySpace, France Viacom v YouTube and FAPL v YouTube – challenge to YouTube’s assertion that it is a ‘host’ under DMCA.

    19. Hosting – knowledge of unlawful activity The service provider shall not be liable … where the service provider: Does not have actual knowledge … or is not aware of facts or circumstances from which it would have been apparent … that the activity or information was unlawful; or Upon obtaining such knowledge or awareness, acts expeditiously to remove or to disable access to the information (Regulation 19(a))

    20. Hosting – knowledge of unlawful activity (2) Knowledge of what? Knowledge of the actual infringement/unlawful activity; or Is general knowledge of circumstances enough (Viacom v YouTube)? Has service provider received adequate notice of unlawful activity?

    21. Hosting – Notice and Takedown Requirement to act “expeditiously to remove or disable access to the information” on obtaining knowledge (Regulation 19(a)(ii)). Knowledge requirement + obligation to remove are legal basis of notice and takedown procedure. Similar to innocent dissemination defence to defamation.

    22. E-Commerce Regulations – summary Is the service an information society service? Probably. Is the service a hosting service? Maybe. Does the service provider have knowledge? Notice? Moderation? Does the service provider comply with notice and takedown? Put in place a clear policy and follow it.

    23. Specific Defences Defamation – innocent dissemination Obscene Publications – knowledge and belief Contempt of Court – knowledge and belief

    24. Defamation – innocent dissemination (1) Is community a publisher at common law (Bunt v Tilley & Ors)? If not, no liability If publisher, then consider Section 1 Defamation Act

    25. Defamation – innocent dissemination (2) Defence if the community: Is not the author editor or publisher (as defined) Took reasonable care in relation to the publication Didn’t know and had no reason to believe that it caused or contributed to the defamatory statement

    26. Innocent dissemination (3) Is the service provider a “publisher” under the Act? Publisher” means commercial publisher: “a person whose business is issuing material to the public...” (Section 1(2)). Not a publisher if only the “operator or provider of access to a communication system through which the statement is transmitted or made available” (Section 1(3)(e)).

    27. Innocent dissemination (4) Did the provider take reasonable care? Includes looking at whether provider complied with notice. Godfrey v Demon – Demon failed to take down following notice. Bunt v Tilley – ISPs did take reasonable care – the notice was inadequate.

    28. Innocent Dissemination (5) Did the community know or have reason to believe that it caused or contributed to the publication of a defamatory statement? notice? moderation? other circumstances?

    29. Moderation Common theme of defences and exemptions: Take reasonable care but: Do not do more than ‘hosting’ Do not be a publisher or editor Do not have actual knowledge So what do you do? Damned if you moderate, damned if you don’t?

    30. Moderation – minimising risk Liability control and quality control Brand protection, user experience, user safety Consider: What type of community is it? Who will access the service? What content would you expect? What resources do you have? What risk are you willing to accept What are your priorities?

    31. Moderation Options: No moderation Pre-vet all material Moderate after posting? Alert moderation 24/7 or periodic? Third party providers

    32. Online communities - terms and conditions Sarah Stone

    33. Terms of Service / Terms of Use Key risk management terms right to remove / block access to content notification procedure for alleged unlawful content sanctions - warning, suspension, account termination financial protection - indemnity (value against user? enforceable?) IP ownership / rights to use Data protection / privacy Thank you Dominic. In the remaining 15 minutes or so, I’m going to give you an overview of key terms to include in the ToS for your online community websites to manage the risks that have been talked about today by Paul and Dominic. In addition to the usual boilerplate terms – eg., provisions that limit service provider liability - need to manage risk of unlawful / defamatory content being posted on your site. Can do this in various ways through ToS. include right to remove / block access to content - notice and take-down procedure (which I will discuss in a bit more detail in a few minutes) - sanctions against users - indemnity BUT query value, enforceability (Unfair Terms in Consumer Contract Regulations; Unfair Contract Terms Act) Should also include provisions dealing with intellectual property rights in the service and in UGC uploaded through the service, as well as a privacy policy to ensure that you are processing personal data in compliance with applicable data protection laws Thank you Dominic. In the remaining 15 minutes or so, I’m going to give you an overview of key terms to include in the ToS for your online community websites to manage the risks that have been talked about today by Paul and Dominic. In addition to the usual boilerplate terms – eg., provisions that limit service provider liability - need to manage risk of unlawful / defamatory content being posted on your site. Can do this in various ways through ToS. include right to remove / block access to content - notice and take-down procedure (which I will discuss in a bit more detail in a few minutes) - sanctions against users - indemnity BUT query value, enforceability (Unfair Terms in Consumer Contract Regulations; Unfair Contract Terms Act) Should also include provisions dealing with intellectual property rights in the service and in UGC uploaded through the service, as well as a privacy policy to ensure that you are processing personal data in compliance with applicable data protection laws

    34. Notice & take-down procedure Best practice: What should the notice contain? clear description of disputed content and why complainant believes it is unlawful details of URL or other location information complainant's contact details – verify identity statement by complainant info provided is accurate complainant has right to complain good faith belief that disputed content is not authorised / lawful OR it is untrue and harmful to their reputation (defamation) Easy to find and use In ToS, should have a notice & take down procedure designed to take advantage of the innocent dissemination defence under the Defamation Act and the hosting exemption under the eCommerce Regulations. The procedure should require the complainant to provide: [list above] Good faith belief point – useful to reiterate here that service provider is not seeking to act as policeman, this is designed to ensure that service provider has protection against claims from the poster of the disputed content that – for example – the service provider has interfered with their human rights – eg., freedom of expression In ToS, should have a notice & take down procedure designed to take advantage of the innocent dissemination defence under the Defamation Act and the hosting exemption under the eCommerce Regulations. The procedure should require the complainant to provide: [list above] Good faith belief point – useful to reiterate here that service provider is not seeking to act as policeman, this is designed to ensure that service provider has protection against claims from the poster of the disputed content that – for example – the service provider has interfered with their human rights – eg., freedom of expression

    35. IP ownership / rights to use Service provider ownership MMOGs eg., World of Warcraft, City of Heroes User ownership with service provider right to use Second Life: participants own content they create in-world, to the extent they have such rights under applicable law Licence scope - in-service (MySpace) / beyond (MTV Flux) Open-source - 'community' rights to copy, modify, distribute open source software communities eg., Linux Channel 4 Fourdocs – Creative Commons licence Another key provision in the ToS for an online community will be concerning intellectual property issues This will need to be customised to fit the way in which the community uses the website (eg., permits UGC to be uploaded) and the chosen business model of the website operator In very simple terms, there are 3 models: The service provider owns all IP in the service and the content that is available through it (this is a model adopted by MMOGs – claim ownership of IP in game environment, including virtual characters created by users) Suits their business model – can set up game exchanges where players can sell ‘virtual property’ to each other and operator derives a commission) User owns content that they create but grant service provider perpetual right to use. Nature of licence-back needs to reflect the purposes for which service provider may want to use the UGC in future eg., advertising, separate revenue stream. MTV Flux - freedom to use (commercially) in any way vs MySpace – limit to use on MySpace Services Open source model – often used in software communities; also used on Channel 4 Fourdocs site for budding documentary makers Another key provision in the ToS for an online community will be concerning intellectual property issues This will need to be customised to fit the way in which the community uses the website (eg., permits UGC to be uploaded) and the chosen business model of the website operator In very simple terms, there are 3 models: The service provider owns all IP in the service and the content that is available through it (this is a model adopted by MMOGs – claim ownership of IP in game environment, including virtual characters created by users) Suits their business model – can set up game exchanges where players can sell ‘virtual property’ to each other and operator derives a commission) User owns content that they create but grant service provider perpetual right to use. Nature of licence-back needs to reflect the purposes for which service provider may want to use the UGC in future eg., advertising, separate revenue stream. MTV Flux - freedom to use (commercially) in any way vs MySpace – limit to use on MySpace Services Open source model – often used in software communities; also used on Channel 4 Fourdocs site for budding documentary makers

    36. Data protection – collection methods user registration - provide personal information business model - open exchange of personal information eg., LinkedIn, FaceBook use of 'hidden' technologies to gather information about user activity (eg., cookies, web beacons) User profiling - targeted advertising as a means of monetising online communities [may use different data collection practices – listed above] Develop profile of way in which users interact with online community websites Very valuable asset – as seen by increasing trend of online community websites that are seeking to monetise their websites and database of loyal users through use of targeted advertising on their sites. [may use different data collection practices – listed above] Develop profile of way in which users interact with online community websites Very valuable asset – as seen by increasing trend of online community websites that are seeking to monetise their websites and database of loyal users through use of targeted advertising on their sites.

    37. Data protection - compliance Register as a data controller - failure to notify is a criminal offence (www.ico.gov.uk) Privacy policy inform users of the purposes for which their personal information will be processed ('fair and lawful processing’) Use of cookies, web beacons; how to disable (PEC Regulations) data sharing with third parties – who, why Other issues no data export outside EEA unless consent / other derogations targeted advertising on-site vs email marketing sent to individual – compliance with PEC Regulations If you are a service provider collecting personal information relating to users, and you are established in the UK or have servers in the UK on which the information or your service is hosted, you will need to comply with the UK Data Protection Act 1998. First of all, you will need to notify with Inf Cmr (unless exempt) as failure to notify is a criminal offence. Should also have a privacy policy that tells users who you are, what you are doing with their data and how they can contact you if they have any questions about their personal data. If you use cookies on site, also required by Privacy and Electronic Commerce Regulations to tell users this, and inform them how to disable. If you are a service provider collecting personal information relating to users, and you are established in the UK or have servers in the UK on which the information or your service is hosted, you will need to comply with the UK Data Protection Act 1998. First of all, you will need to notify with Inf Cmr (unless exempt) as failure to notify is a criminal offence. Should also have a privacy policy that tells users who you are, what you are doing with their data and how they can contact you if they have any questions about their personal data. If you use cookies on site, also required by Privacy and Electronic Commerce Regulations to tell users this, and inform them how to disable.

    38. Data protection - risk of getting it wrong UK - general approach, weak enforcement powers Fines (up to £5,000), compensation, rectification or destruction of data Compared to US - sectoral approach, large penalties Xanga.com - social networking site fined US$1m by FTC for breaching Children's Online Privacy Protection Act (COPPA) by allowing children under 13 to sign up for the service without getting their parent's consent

    39. dominic.bray@klgates.com sarah.stone@klgates.com paul.massey@klgates.com

More Related