Legal & Government Affairs Update Dec16
European Data Commission
The European Data Commission has published its findings on personal information management services this month. The vision was to work towards a control function (e.g. console or dashboard provided via a web page or app) allowing the individual to define access to and usage of data at a highly granular level in terms of which data can be accessed, by whom and for what purpose and foresee also the option to withdraw consent at any moment.
The report outlined that a number of personal data information management services companies have been founded. The main challenges outlines to these services were listed as:
- The culture of the provision of "free" services for individuals making it unlikely that a sufficient number of individuals would agree to pay for personal information management services.
- The difficulty in winning over data-holding organisations who have already invested heavily to reach the capacity to collect user data and consequently have no natural interest to broaden access through personal information management platforms.
The report also noted that a number of telco providers were experimenting with a personal information management service offer. The key action points from the consultation were set out as follows:
- Political support and public endorsement of the concept of personal information management platforms;
- Further examination of the role of public sector organisations as part of the governance of personal information systems so as to ensure trust.
Data / Cyber Security
This month again, there have been several reported cyber-attacks on large well-resourced companies such as:
- Hackers attempted to steal $45m from Russia's federal bank;
- National Lottery website hit by cyber-attack with thousands of accounts hacked;
- 80 million Dailymotion.com accounts compromised in cyber-attacks;
Despite this a survey conducted by Advance, a software service company has found that nearly half of businesses (46%) 'claim that data security is not a deciding factor in adopting digital technology'.
This seems quite staggering when many companies have come to accept that it is not a question of if they will be hacked but when they will be hacked with the main focus being on effectiveness of their response. The significant threats posed to businesses and importance of cyber security is no better demonstrated than the increased turnover of cyber security companies in the UK and America. Companies such as ECSC and LogRythem have already planned IPO on their respective markets and more companies in this sector are likely to follow suit.
It seems naive in the digital age in which we live and do business that more and more emphasis is not placed upon cyber security whether it be in the context of upgrading of hardware or software, customer satisfaction, insurance or any other aspect of the business.
Investigatory Powers Bill given Royal Assent
The Investigatory Powers Bill (arguably better known as the snoopers charter) was given royal approval on 29 November 2016. Critics had been campaigning against its introduction arguing that the scope of its powers were too broad and represent a further step towards an Orwellian society. One of the main battle grounds was the ability for law enforcement and security services to review the entire browsing history of terror suspects so termed 'Internet Connection Records'.
The Government have since been keen to stress the mechanisms they have put in place to ensure there remains a balance between privacy and security of the public. One of these is the 'double-lock' system which applies to the most intrusive of powers. It requires that warrants issued by a Secretary of State will also need further approval of a senior judge.
Amber Rudd, Home Secretary has stated that "This government is clear that, at a time of heightened security threat, it is essential our law enforcement, security and intelligence services have the powers they need to keep people safe".
The Bill places a requirement on Internet Service Providers (ISP) to keep users complete internet browsing histories for at least one year. This additional requirement may pose a headache for ISP who will have to securely store all the additional data and ensure they are complaint with the incoming GDPR.
The issue, on one hand of safe guarding privacy while on the other protecting public security is not a new one. The juxtaposition of opinion is aptly demonstrated by the conflicting views in relation Edward Snowden the former CIA employee who leaked thousands of classified documents many of which were connected to surveillance programmes.
Case Law Updates
Domestic Copyright v EU Copyright
The CJEU have provided their preliminary ruling this month on whether the Copyright Directive (20001/29/EC) precluded the French Intellectual Property Code. The French legislation allowed collecting societies the right to authorise the reproduction in digital form of out of date books.
Under French law out of date books are defined as anything published before 1 January 2001 which is no longer commercially distributed by a publisher or published in paper or digital form. Once a book was considered out of date it was published on a public database. Authors of these works had a period of six months to raise certain conditions or else the book was capable of digital reproduction by the societies.
However, Articles 2(a) and 3(1) of the Copyright directive requires that any reproduction or communication to the public of an author's work by a third party required the author's prior consent. The CJEU held that the Copyright Directive did preclude national legislation, primarily because the failure by an author to raise a condition with their work listed on the database for a period six months did not equate to implied consent. The ruling also outlined it was not inconceivable that some authors would not even be aware of the envisaged use of their works and therefore they would not be able to adopt a position one way or other.
While the preliminary ruling may have been limited to the reproduction of books by societies in France it does raise wider concerns on the ability of member states to legislate independently on copyright issues. These questions appear to challenge the balance between national and European legislation at a time of much political uncertainty in many member states.
Premier League Successful in Court of Appeal Copyright Action
The Football Association Premier League (FAPL) had already obtained judgment against Mr Luxton the licence holder of a public house called the Rhyddings for infringement of copyright. The copyrighted works were the on screen graphics and logos of the FAPL added to the live feed of Premier League football matches.
The FAPL grant licences to broadcasters in a number of different territories. Mr Luxton purchased a satellite decoder card sold by Viasat AS, a Danish broadcaster. Mr Luxton had sought to purchase a commercial satellite card for this purpose. However, Viasat had run out of licensees to provide a commercial package and a domestic card was installed instead. Mr Luxton alleges that at all times he thought he had purchased a commercial package.
On the face of the facts it appears a rather typical copyright infringement case. However, Mr Luxton sought to challenge the judgment by relying on European Competition law namely Articles 56 of the Treaty on the Functioning of the European Union (TFEU). Mr Luxton had two main arguments as follows:
- That in reality this was an illicit attempt by the FAPL to preclude his use of a foreign decoder card to receive broadcasts from a foreign broadcaster within the EU;
- That the arrangement between Premier League and its licenses elsewhere in Europe prevented him from being supplied with a foreign decoder card authorised for commercial use.
The Court of Appeal sided with the previous High Court decision. Lord Justice Floyd stated that 'the infringing activity, and therefore the enforcement action taken to prevent it, are not the results of unlawful agreements and practice relied on'.
Had Mr Luxton been successful there may well have been a flurry of litigation from other publicans against who copyright infringement has been alleged. However, it also remains to be seen whether there would have been a different outcome had Mr Luxton obtained a commercial satellite card.
Media Players Containing Links to Unauthorised Content
Following on from the decision in GS Media v Samona, Advocate General Campos Sánchez-Bordona has given an opinion on whether hyperlinks (which linked to unauthorised content) contained in a media player constituted copyright infringement (Case C-5237/15).
Jack Fredrick Wullwms, offered to the public various versions of a multimedia player which included a number of add-ons. Some of these add-ons linked to unauthorised content such as films and live sporting events which could be played through his media player. The case had been referred to the CJEU prior to waiting for the decision in GS Media on the basis that the facts of the case were so different.
Advocate General Campos Sánchez-Bordona ruled that the inclusion of hyperlinks in a multimedia player did amount to copy infringement for the following reasons:
- Mr Wullems installed add-ons with hyperlinks to websites providing unrestricted access to copyright-protected works;
- Mr Wullems was, or ought to have been, aware that some of those add-ons included links to digital content uploaded to the internet without the right-holders' authorisation;
- Mr Wullems was operating in pursuit of a profit, given that he was selling his multimedia player.
While the decision is not controversial it does reinforce the principles and test outlined in GS Media as being the correct approach when considering whether hyperlinking to another website or content constitutes an infringement.