Legal & Government Affairs Update Issue 9 - 2017
Cloud Industry Forum attains EU Cloud code of Conduct Supporter Status
On 19 October, Cloud Industry Forum (CIF) and the EU Code of Conduct's General Assembly announced that CIF attained supporter status for the EU Cloud Code of Conduct (the Code). This cross border relationship between the UK and EU organisations shows that, despite Brexit, there is still a strong drive on both sides of the channel to collaborate to improve cloud privacy standards.
The EU Cloud Code of Conduct obliges Cloud Service Providers (CSPs) who are signatories to it, to maintain high levels of data protection, with the aim of improving transparency and trust in the European cloud marketplace. For customers, the Code provides assurances as to the level of data security they can expect, making it easier to decide which CSPs are best suited to their needs.
CIF is a not-for-profit organisation that provides certification to reputable CSPs who meet its code of practice, improving standards in the industry. The organisation also educates businesses on adopting cloud services through its CIF Membership scheme.
On achieving supporter status CIF Professor Conor Ward, stated: “While Brexit is sowing uncertainty in British-EU relations, this move demonstrates that CIF is dedicated to ensuring that British CSPs and indeed cloud customers can work closely with European organisations."
In a similar vein Jonathan Sage, Chair of the General Assembly of the EU Cloud Code of Conduct, said: “We’re delighted to have granted CIF Supporter Status… CIF’s expertise in educating the UK cloud marketplace and connecting CSPs and customers in mutually beneficial ways with its Code of Practice makes them a valuable organisation with much to contribute to the General Assembly. This value is reflected in the fact that they are one of the first organisations that has received Supporter status."
Both CIF and the EU Code of Conduct's General Assembly share a common goal and this news is an excellent demonstration of how Brexit need not be a barrier to future cooperation between UK and EU organisations. The growing use of cloud services presents a unique and constantly changing set of challenges, but this continued collaboration represents a truly positive step in the work to safeguard data held in the cloud.
Readers wishing to learn more about the announcement can do so here:
Legislation & Case Law Updates
EU Directive on copyright in the Digital Single Market gets closer to approval
In September 2016, The EU released its proposed Directive on copyright in the Digital Single Market. The Directive is intended to bring copyright law up to speed with new technologies, strengthen author/publisher safeguards and improve access to information. But its proposals have proved controversial and the European Commission, Council and Parliament have struggled to reach an agreement. Something certainly needs to be done to tackle to problems facing copyright in the changing digital landscape, but the Directive had drawn criticism from commentators for being ineffective or uncertain in a number of areas.
The suggested introduction of a new right to protect press publishers from exploitation online and help to sustain newspaper publishing and local journalism is similar to regimes already in place in Italy and Germany. But unfortunately experience in these countries suggests that this new right will not be particularly effective in preventing the continued decline of print and local journalism.
Article 13 of the proposed Directive has also provoked much discussion and criticism. As I have described in previous editions it plans to control platform operators and ISPs that host copyrighted content. It applies to those that store large amount of works but gives little indication of what "large" means, so it's unclear who exactly is subject to its rules. The Directive is wading into complex legal territory here. On its face Article 13 has no impact on the mere conduit defence or the obligation not to monitor content, both as set out in the eCommerce Directive. But in practice it is difficult to reconcile how compliance with Article 13 could amount to anything other than breach of the eCommerce Directive.
The various branches of the EU have been working hard to get the Directive into shape and it is looking as if approval is getting near, but it remains to be seen whether the Directive does enough to modernise copyright law in the EU or just adds more uncertainty.
Sci-Hub faces hefty fine and ISP block in the US
On 4 October 2017, the District Court in Virginia issued a preliminary finding that Sci-Hub, a website dedicated to the sharing of academic papers online, had infringed upon the American Chemical Society's (ACS) intellectual property rights. The site, which has been called the "Pirate Bay of science" was founded by Kazakhstani neuroscientist Alexanda Elbakyan and is now facing a potential IP block in the US. For unaware readers, The Pirate Bay is a website widely known as a platform for online sharing of copyrighted materials, such as music and films, most often without the owner's consent. It is currently ranked amongst the top 100 most visited websites in the world. Sci-Hub allegedly operates a similarly infringing platform, but for academic research papers.
ACS launched its lawsuit in June 2017, alleging that the Sci-Hub had illegally made tens of thousands of academic papers freely available, had cloned part of the ACS website and had infringed upon ACS trademarks. The district court agreed with ACS's allegations. As well as a $4.8m fine, the judge recommended that a broad injunction be put in place to block the site form search engines and ISPs in the U.S.
Given how rare ISP blocking is in the U.S., this is a particularly interesting case. Even The Pirate Bay, the premiere site for copyright infringement, has not yet been blocked in the U.S. (despite its ban throughout much of the world). The ban is not yet in effect but, if successful, this could open the door to challenges to numerous sites engaged in similar acts of copyright infringement.
EU launches public consultation on the availability of Public Sector data
A public consultation on the availability of Public Sector Information (PSI) is currently underway as part of the European Commission's review of the PSI Directive. The PSI Directive first came into force in 2003 with the aim of opening up government data to the wider public for the benefit of the wider economy. It was imagined that the free use of this data would help improve public bodies' transparency, generate innovation and increase competition.
With the advent of the Digital Single Market strategy, the EU's plan to break down barriers to digital transactions between Member States, the PSI Directive is getting another look. The Commission wants a new initiative to tackle the issues still affecting access to public data, but also wishes to explore access to data deemed to be in the public interest that is held privately.
The Commission is looking to the public for feedback on the effectiveness of the current PSI directive, how well it is implemented, and the suitability of granting public bodies access to private data.
This last point is the most radical and controversial, raising important questions about government involvement in the private sector. Should governments have the ability to access private data for the betterment of society? Or is this another example of the state snooping around where it doesn’t belong? Wherever you stand, the EU is looking to make access to this data a reality.
Readers wishing to contribute feedback to the EU's consultation can do so by clicking here.