In my last post, I said I'd look at more detail at this issue. If you were an Internet pioneer, you'll remember the adventure book language of 'Cyberspace' and the Wild West in the early 1990's, in which the Net/Web was seen as a parallel universe beyond legal and other norms. But there's been a slow but steady theme emerging that, at least in legal terms, 'online =offline' is a more accurate starting point for cyberlaw analysis, a point hammered home by the recent slew of libel claims arising from tweets on Twitter.
The issue of jurisdiction
Sure, the debate about the enforceability and acceptability of certain aspects of intellectual property and other legal rights as they apply online rages on. But an issue of equal importance is the location of the legal jurisdiction where rights can be enforced. In the online world, there is a cross-border, continuous chain of transmission. Content is copied and distributed across multiple legal jurisdictions on its journey from the browser request, across multiple servers until it's served up to the user's device.
So if that content is illegal or infringing content, where does the rights owner go to enforce those rights? And for rights clearance purposes, which national rights need to be cleared?
In short, the hunt for legal jurisdiction over content online has travelled from "it's nowhere" >"its everywhere" > to "its somewhere". In this post, I examine the rules which determine where that "somewhere" is. As we'll see, under European law it's the country where the recipient computer/device is located assuming there's some targeting of the public there.
The legal framework about jurisdiction is the so-called Brussels Regulation which says that the general rule is that you sue someone where they are domiciled. (So, in the case of a company, it would be where that company was established). But there's an exception for 'torts, including intellectual property rights. In that case, you can sue "where the harmful event" occurs. So with creative content which is travelling from server to server across legal jurisdictions, where does the "harm" take place?
That was the point examined in detail by the European Court of Justice (ECJ) in Football Dataco and others v Sportradar GmbH and another, Case C-173/11, 18 October 2012. The legal right in question was the often misunderstood and often overlooked database right (aka sui generis right), which was created by European law in the Database Directive. The Directive harmonised the rules in Europe about copyright protection for databases but also introduced a new right - the database right - to protect investment in database content. (You can read a guide I wrote about the Directive here).
In short, the database right gives the owner of that right - the database producer or their successor - the right to prevent others from "extracting" or "re-utilising" substantial parts of database without a licence.
Football Dataco Ltd (Dataco), a UK company, gathered and exploited data about English Premier League football matches through its 'Football Live' database available via the Web. Sportradar GmbH has a competitor service - 'Sport Live Data' - available via its betradar.com website which was hosted on servers in Germany and Austria. UK-based customers were using online betting services provided to them by UK companies who were taking a data feed from Betradar. Dataco alleged that Sportrader had 'extracted' data from its 'Football Live' database without permission.
So the question for the ECJ was this: where was the infringement of the database right taking place? In Germany and Austria where the servers were located, in the UK where the UK customers were using the data or both? (To be precise, the question was whether Sportradar was jointly liable for acts of infringement of the database right by users in the UK who accessed the data).
The ECJ decided two things about the Database Directive. First, that sending data that has previously been uploaded from a database protected by the sui generis/database right from a web server to the computer of another person for the purpose of storage in that computer's memory and display on screen, is an act of re-utilisation by the sender (Sportradar in this case).
On the issue of jurisdiction, the ECJ decided that that act of re-utilisation takes place at least in the member state where the receiving computer is located - in this case the UK - as long as there is evidence that the sending discloses an intention to target members of the public in that member state. That evidence about "targetting" must be considered by the national court. Relevant factors in this case might include the fact that Sportrader made agreements with companies which offered betting services to the UK public; the fact that betting companies' websites were in the English language.
In fact, this decision of locating "harm", and therefore jurisdiction, in the "targeted" country is narrower that other intrepretations. The Attorney General had previously given an opinion that infringement proceedings can be brought in any country where an act in the chain of re-utilisation takes place.
This case will not be the last case on the issue. But it does demonstrate that, at least in legal terms, there is growing proximity between the online and offline worlds. In both the physical and digital worlds, "stuff" happens somewhere. And you just have to deal with it.
Have a great week,