European Data Protection Law - a Tsunami of Change

Dear reader

I wrote a piece about 10 years ago about how data protection was climbing to the top of the business agenda. I was wrong. It's now. That view was certainly reinforced by having attended an excellent Seminar organised by the Society For Computers & Law yesterday.

The Commission's Proposal for a General Data Protection Regulation will replace the 1995 Data Protection Directive. It contains some major changes which make data protection a major compliance issue and could even impact on how businesses which process large amounts of personal data are organised.

Here is a flavour of some of the proposed changes:-

• Data Processors (e.g. 'cloud' service providers who process data for their customers) will now be regulated globally. Currently,it is only 'Data Controllers' who have to comply with European data protection requirements.
• For international data transfers (i.e. outside the EU), contractual provisions rather than consents will be the primary route, although 'Safe Harbor' for the US and exports to other countries deemed by the EU to have adequate safeguards for the processing of personal data will stil apply. 
• Companies with 250+ employees must appoint a Data Protection Officer - a job for life!
• The 'right to be forgotten', which to some extent already exists under current law, could lead to major challenges for social media and platforms hosting information (e.g. photographs) posted by 3rd parties.
• The obligations on data controllers and data processors to maintain internal documentation, to audit  and verify their personal data handling procedures is substantial. In effect, the Regulator is outsourcing compliance to companies.
• Rather like the world of regulated financial services, there will be a legal obligation to notify security breaches to the Data Protection Authority.
• Fines will be serious - e.g. potentially up to 1m euros or  2% of global turnover for a security breach or unauthorised international transfer.

And that's for starters. There is some good news as well in the Proposal, including a 'one stop shop' for legal compliance for companies who have data processing activities in several member states. There's some clarification about the definition of a 'Data Controller' and rules governing non EU data processors who are caught by the EU regime.

The timeframe for introducing the Regulation is not yet definite. I have heard two years. We'll see and, of course, the devil was in the detail.

But one thing is clear: this needs to be on your business agenda now.

Have a good week,

Laurie Kaye

 

 

Digital Copyright Exchange - What's the big idea?

Dear reader

In the incredibly unlikely event you missed it, I thought I'd post my OpEd piece on the Digital Copyright Exchange which appeared in the Bookseller this week. Bottom line: will the DCE live up to its promise or be a digital white elephant? Richard Hooper, who is leading the  feasibility study on the DCE, has just closed his consultation. So watch out for next steps.

Anyway, here's my piece:

The Big Idea

The big idea of the Hargreaves Review on Intellectual Property is to create a “Digital Copyright Exchange” (DCE) to solve problems around copyright licensing in the digital age, and to make the UK a world leader in licensing creative content. It is a great idea. The publishing industry has welcomed the proposal, and the DCE Feasibility Study being led by Richard Hooper.

We’re all familiar with delays and transaction costs in clearing rights in existing works―especially in the context of new digital services―and the problems that can arise in locating the owner of works. So although there isn’t a “one size fits all” solution across all the creative industries, there is a consensus that automating the ways in which copyright works are located and cleared―and permissions for use communicated to users―is essential in the 21st century.

But there are two big issues that need to be resolved before the digital diggers can start building the DCE. The first is the scope and design of the DCE. The second is the government’s role and regulatory response. If these are handled correctly, the DCE could well live up to its promise. If not, we’ll have a digital white elephant.

Scope and design

A fully functioning market of digital rights has three elements: (1) the “metadata registries” which manage and deliver data about the management or ownership of rights; (2) the “exchanges”, the virtual marketplaces where digital rights transactions takes place; and (3) the “standardised communication” layer, the unseen “technical glue” that enables “machine-to-machine” communication to take place between these registries and exchanges, which facilitates these transactions across the internet. This is the vision that the Linked Content Coalition wants to see realised.

It’s vital to recognise that there will be no single exchange or registry. Registries are being created across different industry sectors on a national or transnational basis by individual rights holders and organisations. Exchanges will be created by service providers, collective management companies and others.

Great design is about clarity of vision as much as about deciding what to omit as to include. That is what is essential to the DCE. The government agrees with Hargreaves that the DCE should not be a state-funded and operated entity. It has neither the skills nor money to do that. The DCE needs to be a cross-industry entity that ensures that the standardised communication layer is built. This means encouraging the development of standards that, like the web itself, enable registries and exchanges to exchange messages and data in an automated, seamless way.

Two pointers

The DCE proposal is part of Hargreaves’ recommendations about which the government is consulting. There are many others, including extensions to copyright exceptions. I hope the government will bear two things in mind.

First, the DCE should be based on voluntary participation. Rights holders should not be compelled to use the DCE as a quid pro quo for being able to enforce their rights. Second, digital content services are built on licensing. So while it’s right that copyright exceptions may, in certain cases, need updating, care must to be taken to ensure that over-broad exceptions do not undermine the need for licences for commercial uses.

Digital creative industries are the third most important export sector. The DCE, implemented in the right way, can play a really valuable role in delivering economic and cultural benefit for creators, consumers and the creative industries. Let’s engage with the DCE constructively, and critically, to make sure it delivers on its promise.

 Have a great week

Laurie Kaye

A double edged sword for photographers?

Dear reader,

My colleague, Sherif Malak, has been looking at a recent case involving a photograph of what many would consider a famous but commonplace London city scene – a red Routemaster bus travelling over Westminster Bridge.  In a somewhat surprising decision, it illustrates the impact of the European approach in relation to what is actually protected by copyright i.e. what elements can't be copied without a licence: expressed in Euro-speak, it is those that are "the author's own intellectual creation".  Sherif examines the judge's decision and what elements of the photo in question were protected.

Souvenir maker, Temple Island Collection Ltd (TIC) recently succeeded in its claim against New English Teas (NET), a supplier of tea products, that the photo NET was using on its product packaging infringed  the copyright in TIC’s photo.

Whilst the ruling will on the one hand benefit photographers and their licensees by acting as a deterrent to copycat attempts to recreate their photos, others will have to think twice before recreating a photo they do not own, or certain elements of it, even if it is a commonplace scene or image and particularly if that photo is in commercial use.

In the ruling, the judge summarised the law remarking that “it is possible as a matter of principle to infringe copyright in a photograph in an appropriate case by recreating a scene which was photographed” i.e. copying does not require making a straight facsimile reproduction.

Admitting that it was a difficult question to answer, the judge nonetheless decided that the elements that were protected by copyright derived from and were the expression of the skill and labour exercised by the photographer, Mr Fielder (TIC’s MD) or, put in the way expressed in the Infopaq case: they were “the author’s own intellectual creation”.  And that those original elements had been infringed in NET’s photo.

The elements that were infringed included the photo’s overall composition and the visual contrast of its features which (an interesting and novel aspect to this particular case), had been largely achieved by manipulating the image using Photoshop to “satisfy [Mr Fielder’s] own visual aesthetic sense” (only the bus was in colour and the sky and certain people in the photo erased).  In fact, although not material to the case, there was even some discussion as to whether these manipulations rendered the work a “collage” rather than a photo.

Both NET and its MD - the photographer of the infringing photo -  were jointly liable for the copyright infringement.  So the case is also a reminder that everyone in the publishing chain must be vigilant regarding these issues, as potentially, each is at risk of being on the receiving end of a claim form.

If you'd like to find out more, the judgment can be found here with the photos set out in the Annexes at the end of the page.

Have a good weekend!

Laurie Kaye