Future Regulation of the Internet

Dear Reader,

Laurie is busy with work on SABIP and apologises for the radio silence. He'll be back and blogging soon but in the meantime, I'm afraid, you'll have to make do with me...

The correct title for this post is in fact "Net Neutrality (what is it and why should I care)"... but please don't run away.

I admit it's a cheap trick - but one that I was caught by recently when I went to a lecture given by Chris Marsden. I turned up to the friendly sounding "Future Regulation of the Internet" only to be told that in fact the seminar was on "Net Neutrality 'Lite': The European Approach".

  If it weren't for the free cakes, I would have left.

But I'm glad I stayed. Net neutrality is one of those terms I often hear people use but never quite fully understand. For me, it's in that category of frightening webby concepts including folksonomies and convergence. What's more: it's about the pipes and I'm really more interested in the content. Chris managed to get me interested in it, though, and in reading around the subject after the seminar, I am on a quest to get to the bottom of it because it is clearly something that people get evangelistic about. For example, the US Federal Communication Commission has recently launched a site for the preservation of a "free and open internet", advocating net neutrality principles (see here for Mashable's commentary on the issue).

The reason that the term 'net neutrality' causes me such consternation is that it seems to mean different things to different people. Google explains it as "the principle that Internet users should be in control of what content they view and what applications they use on the Internet" (it would - it is, of course, a mere facilitator). Techies describe it as "the idea that every packet of information...carries equal importance. That is, a message from me moves no faster or slower over the Internet than a message from the Queen." Chris defined it as the principle that there is no ISP interference with the packets of data; i.e. that ISPs do not open packets to see inside and that they do not discriminate between packets.

Combining these, I understand net neutrality to be the principle that the Internet is a method of communicating packets of information from one end to another which does not: (a) investigate the packets; or (b) discriminate between the packets. This seems to me to be similar to Google's argument in the case I recently blogged about: i.e. Google, like the Internet, is a mere facilitator and is neither responsible for the content it carries nor obliged to monitor the same (the latter principle is enshrined in Art.15 of the E-Commerce Directive).

Apparently, ISPs breach the principle of net neutrality (and, possibly, their contracts with their subscribers) by advertising 'unlimited broadband' and then slowing different types of traffic to suit them. They may do this for practical purposes ('traffic management'), for selfish purposes (to save money), to get the competitive edge (to promote their own bundled services over those offered by third parties), out of the goodness of their heart (by blocking spam)...the list goes on. The interesting thing is that when an ISP selectively slows traffic, it is extremely difficult to tell if this is because of a legitimate attempt to avoid congestion, or because the ISP has underprovisioned (i.e. advertised speeds faster than it is capable of achieving all of the time), or a deliberate attempt to do so for a particular purpose (and then there are problems with evidencing that purpose). So far, so conspiracy theory!

Putting that can of worms aside, what interests me are the overarching principles - the way the net neutrality principle interacts with the fact that certain controls are necessary to ensure protection of consumers, content providers and other policy concerns. It is not a great leap to draw parallels with the freedom of expression -v- protection of privacy debate, or the free -v- paid-for content debate.

Also, from a legal perspective, as we often mention in our posts, offline laws apply in the online world and no amount of web-specific principles can undermine that. So the Data Retention Directive means that internet intermediaries have to keep records of communications, and the exemptions for ISPs in the E-Commerce Directive are defeated if the ISP has not observed notice and take down. I think this is what Chris meant by net neutrality 'lite'. The principle of net neutrality is all well and good but must in certain circumstances be diluted by regulations (which reflect real and practical concerns) in order to find the middle ground wherever the principle of net neutrality clashes with other equally important principles (e.g. privacy, crime prevention, consumer protection).

As always, this is a small taster of the whole debate and please forgive me any inaccuracies - it was my first foray specifically into this area. There are consumer protection, competition and so many more issues involved. But I hope that if you, like me, secretly baulked at the mention of net neutrality, you'll have found that this taster whets your appetite.

Yasmin Joomraty

Laurence Kaye Solicitors

Google Search as 'Facilitator' not 'Publisher'

Dear Reader,

There has been some doubt  in the UK as to whether search engines are 'publishers' and so responsible for: (a) displaying unlawful content in 'snippets' on the search results page; or (b) displaying a link to the page on which such content first appears.

But Mr Justice Eady has swept away this uncertainty by ruling in July that Google is a 'facilitator', not a 'publisher' and as such is not liable for defamatory text appearing in a snippet on its search results page (or, by extension, for displaying a link to the page on which the defamatory content was published in full, although Eady J did not specifically address this point).

MIS v Google

The claimant was a company trading as "Scheidegger MIS" offering a distance learning course called "Train2Game". The claimant noticed defamatory comments on a forum provider's website, some of which also appeared in Google's search results when searching for "Train2Game".

The position regarding forum providers' liability for UGC is relatively clear (essentially they can benefit from certain exemptions as long as they implement an expeditious 'notice and take-down' policy) so I won't rehearse it here.

The decision in this case was essentially that Google is not to be regarded as publisher of the defamatory comments so it is not liable for them. As such, although Eady J considered the defences available to Google under common law, the Defamation Act 1996 and the E-Commerce Directive, it was unnecessary for Google to rely on them - it is not liable in any event because "if a person is not properly to be categoised as the publisher at common law, there is no need of a defence."

So the general position regarding search engines now appears to be that they are not publishers of the content they display on their search results page and, as such, they are not liable for any unlawful content contained therein. However, this is subject to the following provisos:

• This will depend on the facts of each case and the way in which each search engine operates (e.g. search engines acting as aggregators may still run into trouble as Google News did in Belgium in 2007 - see our article here).
• As a High Court decision in an interim application, this decision is not strictly binding legal precedent but is strongly persuasive and highly likely to be followed in future cases - and, perhaps more significantly, to act as a deterrent to claimants joining search engines as co-defendants in defamation claims.

Eady J made much of the fact that Google's service is fully automated and "Google has no control over the search terms entered by users of the search engine or of the material which is placed on the web by its users." It follows that "it has not authorised or caused the snippet to appear on the user's screen in any meaningful sense."

As there is no directly applicable case law and no specific legislation on the question of whether a search engine is a 'publisher' for the purposes of defamation, Eady J took the approach "to see how the relatively recent concept of a search engine can be made to fit into the traditional legal framework (unless and until specific legislation is introduced in this jurisdiction". In doing so, he referred to the ISP cases of Bunt v Tilley and Godfrey v Demon Internet.

The idea that one party can be liable for an unlawful statement published by another party goes all the way back to 1894 to the quirky English case of Hird v Wood. In this case, a man sitting in a chair pointing to a defamatory placard was held to be liable because by pointing out the sign, he had contributed to its publication. However, in the even earlier (and even quirkier) case of Smith v Wood in 1813, a man who showed a defamatory caricature to a stranger who had knocked on his door and asked to see his etchings, was held not to have published that defamatory caricature.

Eady J did not refer to either of these cases in his judgment. If he had, I imagine he would have seen Google as the caricature artist acting passively in response to the requests of strangers, rather than the man actively pointing to a sign. Google does not choose what it 'points to' - as Eady J held, it "has no role to play in formulating the search terms" and performs the search "automatically in accordance with computer programmes." In addition, Google has an "absence of knowledge...in relation to the offending material", so on this basis it can be distinguished from the caricature artist as well.

Notice and Take-Down

One of Google's arguments in its defence in this case was that "it is practically impossible and certainly disproportionate to expect [Google] to embark on a wild goose chase in order to determine where the words complained of, or some of them, might from time to time "pop up" on the Web". Eady J agreed with this point, saying "One cannot merely press a button to ensure that the offending words will never reappear on a Google search snippet...." As such, access to the specific link the claimant complained of may be removed  but this does not mean that the comments will not appear in Google's search results (e.g. if they appear on another site, Google may link to that site, unless the URL for that site is also specifically blocked).

When I Googled "train2game" to see what the fuss was about, the following message appeared at the bottom of the search results page:

 

So Google has removed the link to the offending comment. It is interesting to note that Google has a mechanism for people to file notices of copyright infringement (see here) but not for other types of unlawful (e.g. defamatory) content. Following this decision, there is no reason (in the UK, at least) for it to change this position.

We have previously advised a client who had written an article which aggravated members of the online community, causing them to attack him in blogs, forums, wikis, you name it. Needless to say, his 'net-rep' was in tatters and he was finding difficulty getting a job as a result. As it was fruitless to pursue all of the sites on which defamatory comments appeared, he went straight to Google to ask them to block the content. However, they said that this was not possible, for the reasons given above. Eady J's decision in this case further decreases his chances of any such remedy.

Eady J did, however, say that "there is no doubt room for debate as to what further blocking steps it would be open for it to take, or how effective they might be." We'll keep an eye out for any developments in this area.

No doubt this will be a welcome development for all search engines. It has created a degree of certainty in this area, bringing the UK into line with those EU member states which have opted to include a statutory exemption from liability for search engines (e.g. Bulgaria). However, there is still room for clarification on the notice and take-down obligations of search engines, which could be dealt with by a voluntary industry code or by the introduction of legislation.

Yasmin Joomraty

Laurence Kaye Solicitors

Different Playground, Same Old Bullies

Dear Reader,

I was quoted in the Times recently in relation to a teenage 'cyberbully', Keeley Houghton, who was jailed and issued with a restraining order for bullying another teenage girl. The reporter asked me if this case marks a turning point in online bullying cases - here are my thoughts on the issue.

Without knowing the exact facts of the case, it seems to me that Houghton must have been prosecuted under the Protection from Harassment Act 1997 ("the Act"), under which offenders can be sentenced for up to 6 months' improsonment.

It should be noted that the victim had "been victimised by Houghton for four years...and had previously suffered a physical assault as well as damage to her home." This would have been a significant factor in leading the judge to believe that Houghton had pursued a "course of conduct" which: (a) "amounts to harassment of another" under s.1(1) of the Act; and/or (b) "causes another to fear, on at least two occasions, that violence will be used against him" under s.4(1) of the Act.

For this reason, I don't think that this case marks a turning point in online harassment or cyberbullying cases. On the facts, there was a long prior course of conduct including assault and criminal damage against the victim. It would, of course, be different if a person were sentenced for using social networks to bully another person without having also bullied that person 'offline'. The wording of the Act does not preclude an offence being committed in such a scenario - but to my knowledge nobody has been imprisoned on that basis in the UK yet.

However, this case does underline the point that people do not have a carte blanche to behave online in a way that is unacceptable offline. It also demonstrates that courts will take threats and comments made through social networking sites very seriously. Needless to say, there have been numerous online defamation cases and even a revival of the Obscene Publications Act 1959 in a lawsuit against a blogger. With the explosion in UGC and social networking sites, it is likely that online harassment cases will likewise occur more frequently, whether in civil or criminal actions.

As we've seen from people's behaviour on the gamut of websites from Facebook to Secondlife, Mumsnet to Owlstalk, the online world follows the offline world in all things bad as well as good. At the same time, laws that were drafted pre-Web 2.0 are being stretched to cover all sorts of new online behaviours. Put another way, the same old laws are applied to cover the activities of the same old bullies in a new playground.

Unfortunately, as every playground has a bully, so social networking sites have spawned cyberbullying and this case shows that harassment laws are flexible enough to step in to protect the victims.

Yasmin Joomraty,

Laurence Kaye Solicitors

Digital Britain: Blueprint for the future?

Dear reader

'Digital Britain', published June 16th, is not modest in its stated ambition: "Digital Britain is the government's vision of an of an economy and society where core working activities are based around knowledge, skills and information. It represents a strategic plan to accelerate growth in the digital industries and cement the UK's position as a world leader for innovation, investment and quality."

It's certainly in keeping with the zeitgeist in its use of social media tools. You can get social media news releases and check out the Digital Britain Dashboard' on 'Pageflakes'.

So it's a bit odd that things seem to have gone a bit quiet after the initial flurry of reactions to its proposals for 'next generation' broadband networks, legislation to deal with illicit P2P file sharing and 'top slicing' the BBC licence fee primarilty to fund broadcast regional news.

I think the reason is that Digital Britain is big in scope and ambition. Whether it all adds up to blueprint for keeping - putting? -  the UK into the global no. 1 spot is a moot point. But there's a lot to it.

I see 'Digital Britain' as a website, a mix of of its own 'original' content (e.g. on the issues I've justs mentioned) plus lots of snippets and hyperlinks pointing to other developments which are already in process. But does it all add up to systemic change? Potentially "yes", but there's obviously a big question mark about how far circumstances will allow 'Digital Britain' to deliver its vision.

Also, it's probably fair to say that the most significant areas of change focus on the network and the funding of public sector content and services rather than in the area of copyright and commercial content.

With those caveats here are some reasons why, in overall terms, Digital Britain gets a 'yes' vote in the scale of its ambition and scope.

The importance of public sector content

Public sector is no longer just about broadcast media. The Report states that Government commissiong may represent as much as 30% of total investment in professional UK online content (source: research by Analysys). Think central and local Government information. Also think the arts, cultural and scientific institutions. So plans about how those institutions licence their content are hugely significant to the digital content sector. Check out Chapter 8 ("the Journey to Digital Government'.

The same chapter is also worth reading to see how dramatic the shift is to the Web as the main platform for accessing public services - the 'Digital Switchover of Public Services'.

Legislative plans on illegal P2P filesharing

OK, not exactly new - you can see the background here - we can now the Government's plans taking shape. OFCOM will be charged with a duty to take steps to reduce copyright infringement. It will discharge this duty by requiring ISPs to accept 2 conditions: (1) to notify account holders where their account appears to have been used for infringement and (2) an obligation to maintain and make available - based on a Court order - data about enable 'serious infringers' to be identified to enable court action. These 2 obligations will be based on a detailed code of practice to be drafted, possibly by a yet to be created industry body - a 'rights agency' or 'rights authority'.

If these measures do not achieve a 70% target for reduction of unlawful file sharing, of  OFCOM will be able to impose additional conditions on ISPs requiring them to apply technical measures such as Blocking (Site, IP, URL), Protocol blocking, Port blocking and Bandwidth capping. The Government has published a Consultation on these proposals which can be found here.

Online = Offline penalties

Again, not in the category of 'originality' - but nonetheless important - Digital Britain announces the Government's intention to introduce exceptional statutory maxima of £50,000 for all IP offences. This was Recommendation 36 of the Gowers Review.

UK copyright law - some significant tweaks

Digital Britain gives pointers to some of the proposals that resulted from the Gowers Review are likely to see the legislative light of day. It talks about updating existing copyright exceptions to allow certain public institutions to make preservation copies of films and sound recordings and also to enable educational institutions to communicate copies of material to 'distance learning' students.

Digital Britain also refers to plans to introduce legislation to enable commercial schemes to operate under  collecting societies could licence 'orphan works' - copyright works whose authors can't be found. This isn't a minor issue. The British Library estimate that 40% of their archive count as orphan works.

These are covered in Chapter 4 which also mentions another potential change which would greatly increase the range of works which can be licensed by collecting societies. Following the example in the Nordic countries, collecting societies may be able to offer licences over works which have not been mandated to them by the relevant rights holders.

UK copyright law - other changes?

Digital Britain's focus is, of course, the UK only. So any of the other 'big issues' that are currently floating around, such as broad provisions for 'fair use', fall into the remit of the EU and the World Intelectual Property Organisation. So on these issues, Digital Britain doesn't so much duck the question as defer to the work being led by the IPO following publication of 'Strategic Priorities for Copyright' which has an international and strategic focus. 'SABIP', the Strategic Advisory Board for Intellectual Property Policy', is currently working on a number of issues - check out my post here. As a member of SABIP's Copyright Expert Panel, I'm involved in this.

What about support for innovation in the creative industries?

To be frank, it's a bit of a hotch potch here. But there's certainly some prospective good news for the computer games industry on potential tax breaks; some discussion about rights-based funding mechanisms such as levies and cable re-transmission fees and a few thoughts about film, cinema and literature. These can be found in Chapter 4.

So when you add it all up, it's a landscape of significant and ongoing change. But for the world of commercial content, the future ultimately lies not in Digital Britain but in new business models.

Watch out for my next post on the 'Why Pay for Content?', the topic of a recent debate hosted by the Publishers Association on June 24th. Although it focused on academic and professional publishing, the question is at no.1 on the agendas of most sectors of the content industries.

Have a good week.

Laurie Kaye
 

A year's lifespan for every tweet?

Dear reader,

I will be blogging soon about Digital Britain so watch this space. In the meantime, Yasmin weighs up a regulatory development in the field of data retention in this post and in a related article on our website.

Laurie

The Data Retention (EC Directive) Regulations 2009

Landline and mobile phone providers have been required to retain certain communications data (e.g. time/length of call, name/address of caller) since 2007. New Regulations introduced a couple of months ago have extended this obligation to cover internet, email and VOIP as well, which could potentially see every post, tweet and poke being compulsorily retained for 12 months.

This move may be seen as a welcome and necessary weapon in the fight against terrorism and other serious crime which can be incited, orchestrated or even conducted online. However, others would counter that it is a threat to privacy as well as an extra compliance burden for service providers.

The new Regulations came into force on 6th April and require certain providers of telephone and internet services to retain communications data for a year. This ‘communications data’ relates to the who/when/where of a communication (but not the content) and ranges from log on/call times and durations to the  names and addresses of people sending and receiving communications (callers, callees, emailers, emailees... YouTubers? Twitterers?)

Only public communications providers who are notified by the Secretary of State will be required to comply with the Regulations. It remains to be seen which companies will receive such notification, but  ISPs (e.g. BT Internet) will certainly be notified, as will mobile phone providers (if they haven't already, e.g. O2) and VOIP operators (e.g. Skype). It will be interesting to see whether the Government will extend such notification to search engines (Google?) and website operators – particularly social networking sites (Facebook?), where mass communication (Twitter?) is key.

Pros

The Home Office has pointed out that communications data has long proved valuable for law enforcement purposes, in detecting crimes, investigating suspects and prosecuting offenders. Although many communications providers already retain this information in any event, they delete it as soon as their business purposes have been met (whether because of data protection legislation or the costs of storage). The Home Office argues that long running investigations, which may require communications data some time after a crime has been detected, tend to relate to the most serious crimes and as such there is a strong public interest in obliging relevant companies to preserve such evidence.

If every email, IM, tweet and post is logged along with the sender’s name, address and geographical location at the time, then law enforcers will find it easier to verify alibis, trace contacts and track movements. Criminals will be unable to rely on the perceived anonymity of the Web to disguise their activities. The Regulations send a clear message that people cannot hide behind online personalities to conduct criminal behaviour – ‘no avatar is an island’, if you like.

Cons

However, despite the stated benefits of the Regulations as a crime fighting tool, legitimate data protection concerns have been raised by privacy groups, who object to being monitored (or spied on) and criticise the measure as a step towards a ‘Big Brother’ state. As the Government has not had a good track record recently with safeguarding data, concerns over the generation and retention of increasing amounts of data are perhaps justified.

What I see as the biggest concern is the fact that the Regulations do not limit the disclosure and use of the data to investigation of the serious crimes on the basis of which the Regulations are justified. The Regulations blandly state that “Access to data retained in accordance with these Regulations may be obtained only (a) in specific cases, and (b) in circumstances in which disclosure of the data is permitted or required by law.” It is not difficult to envisage courts interpreting this provision widely and ordering disclosure in civil cases where this information would be useful – for example, defamation claims (to discover the details of a big-mouth blogger) and divorce cases (to check a cheating spouse’s phone calls). We have previously postedon how 'Norwich Pharmacal' orders have been made to disclose the contact details of certain libellous chat room participants. We may see increasing similar instances as more companies are required to hold more data for longer, meaning more data is available for disclosure under court order. This may not necessarily be a bad thing, but it does depart from the stated purpose of the Regulations and the reasoning behind their introduction.  

We should not forget that the Regulations will impose an additional compliance burden on the notified public communications providers. The extent to which this is an issue depends on the amount of companies notified under the Regulations and the additional measures they will have to take to understand and implement their obligations under the Regulations. The Regulations have gone some way to addressing this by stating that the Secretary of State “may reimburse any expenses incurred by a public communications provider in complying with the provisions of these Regulations.” However, this subsidy ultimately comes from credit-crunched UK taxpayers, who may query the efficacy and efficiency of setting up the systems required to implement the Regulations.

If you are keen to find out more about these Regulations, please see my article and the Explanatory Memorandum.

Enjoy the weekend!

Yasmin Joomraty

Web 2.0, UGC, Mash ups: who owns the data, who is responsible?

Dear reader

I gave a presentation on this subject at the European Directory Publishers Conference in Barcelona on May 29th. (I arrived just as the Barcelona team were on their triumphal tour around the City. As a Manchester United supporter, the pleasure of being in this great City was small compensation!).

The directory publishing industry has moved rapidly from a traditional, print-based business with a well-established annual cycle of data gathering, production and distribution to the front line of Web 2.0. Whilst print still continues, the hot topics are now about building online communities and search-driven directories 'on the fly' combining proprietary content, web harvested information and user generated content.

So I thought you might like to read my presentation given to the conference and to take a look at my slides. You can view them here.

Have a good week.

Laurie

Copyright: green shoots?

Dear reader

You'll have read from previous posts about the recurring theme (or is it a formula?) of new business models + effective copyright enforcement = 21st century copyright.

It seems to me that 'green shoots' of both elements are springing up around us. But where's the anecdotal evidence?

Business models?

Let's start on the business model side. Amongst many challenges, two of the biggest are streamlining the cost and efficiency of clearing rights for online services and how to 'monetise' - horrible expression - content.

So it was interesting to see the announcement reported in the FT yesterday that PRS for Music is lowering the prices for pricing music online by almost two thirds - good news for streaming services like 'Spotify'. The FT reported that PRS wil receive 0.085p per song played online, down from 0.2p. In return, PRS' share of advertising or other revenues from services will rise from 8% to 10.5%.

Meanwhile, Facebook has taken a US$200m investment from the Russian company Digital Sky Technologies, valuing Facebook's preferred stock at US$10b. Whilst the valuation undoubtedly appealed to Facebook, Yuri Milner, founder of DSG which has stakes in 30 internet companies in Russia, was quoted in the FT yesterday, saying that "our network focused on monetisation a bit earlier than Facebook."

And then we have the resurgence of the debate within the newspaper industry about paid for content, although sceptics argue that only premium content, and not 'news of the day', may support subscription or other paid for models. But perhaps the advertising revenue sharing deal struck by PRS has potential for the newspaper industry in its relationship with search.

Effective copyright enforcement

It seems to me to be pretty clear that the 'credit crunch', and the loss of the financial services industies ability -at least for the time being - to sustain ever rising revenues, both for itself and the taxman, has raised the economic profile and signficance of the creative industries. In turn, that's leading to a joining up of the dots betweeen.......creative content.........jobs...........copyright enforcement. Under the headline 'Unions and publishers join to fight piracy', the FT reported today - that representatives of media unions on both sides of the Atlantic are co-ordinating their approach as the 'Digital Britain' report nears publication. Following the proposals in the interim Report and then Consultation on the Digital Rights Agency, momentum will gather for a legislative solution involving ISP's to the issue of illegal file sharing.

Getting that sorted won't be easy. Just take a look around Europe. With thanks to my colleague Angela Mills at EPC, here's a couple of key developments. The EU's Telecoms Package is still bogged down with Amendment 138,  a measure that would force Member States to say, in their national law, that internet access can never be restricted without a “prior decision” from a judiciary authority. Meanwhile, France is going to create a high authority for the copyright protection and the dissemination of works on the internet (Hadopi). It is being created in order to avoid the need for judicial prosecution.  The national debate has been stormy and it is not over yet: the Socialist opposition has gone to the Constitutional Court considering the planned measure to be “easily circumvented, counter-productive, unworkable and costly”. The Court will give its decision by June 19th and it could yet end up with the ECJ. So watch this space!

One thing is for sure. National measures to deal with the issue of illegal file sharing - here and around Europe and beyond - will be taken.

Enjoy your week. I'm off to Barcelona today to talk about "Web 2.0, UGC, Mash ups : who owns the data, who is responsible?" at the European Association of Database Publishers (EADP)Congress. As a Manchester United supporter, I'm hoping Barcelona's supporters won't gloat! Well, at least the excellent tapas will be some small consolation.

Laurie Kaye

Profiling, Targeting, Behavioural Advertising

Dear Reader,

My colleague, Yasmin Joomraty, attended a very interesting forum on 'Behavioural Targeting, Social Networking and the Challenges of Online Privacy' earlier this week. We were discussing her views and I asked her to blog about them so here follow her personal reflections on profiling, targeting and behavioural advertising...

(Yasmin writes) "I returned to my desk today to write up my take on the issues discussed at the Westminster eForum. At the forum, the Assistant Information Commissioner had mentioned the 'Personal Information Promise' on the ICO website to which companies can sign up. I Googled it to find out more. As soon as I had keyed "personal info" into the search bar, top of the list of Google's suggested search terms for my search was - you guessed it - "Personal Information Promise". In light of the comments the delegate from Phorm had made regarding search engines profiling and targeting users in more ways than Phorm would ever wish to, I chuckled to myself at this timely demonstration. 

I then went to look up "privacy enhancing technologies" and, again, no sooner had I typed "privacy e" but Google had guessed what I was looking for. Handy, yes. But a little disconcerting in light of the 'challenges for online privacy' I was contemplating.

We have written in the past about Google's raps on the knuckles over keyword advertising, legal battles over 'scraping' third party content, book deals struck, thumbnails infringing copyright, sniping over news snippets - the list goes on - and I thought I knew a lot about Google... Except for what Google knows about me.

Google's Privacy Overview states, predictably, that:

• "Google uses cookies and other technologies to enhance your online experience and to learn about how you use Google services in order to improve the quality of our services."

and 

• "Google’s servers automatically record information when you visit our website or use some of our products, including the URL, IP address, browser type and language, and the date and time of your request."

So that explains the customised search suggestions. Google knows my IP address and has tracked my online behaviour in order to provide me with this service - which, incidentally, I do not remember signing up for. This raises 3 questions for me:

1. What constitutes personal data? An IP address has been held to be personal data. So Google has obligations under the DPA here. 
2. Does it matter whether information about me constitutes personal data or not? As technologies evolve and trackers can find out more about me, should the obligations under the DPA stop at personal data? Do I have a valid objection to companies building up a profile of me which, although it does not constitute personal data, consists only of numbers and codes, and is never even read by a human but simply passes through a 'black box' (as the Phorm delegate called it), but which nevertheless corresponds to me and my habits, some of which may be private? As society understands the new technologies better, there is scope for data about my behaviour finding its way to third parties and even saying private things about me to others? For example, if a friend uses my laptop and notices that the suggested search terms and targeted ads are geared towards Botox, this may reveal something about me that is private and if not constitutes then relates to personal data. 
3. Have I consented? I would describe myself as protective over my online presence and reluctant to receive marketing communications - I tend to search for opt-outs and actively select my preferences. The notion of informed consent is often debated but it seems to me that if I find it difficult to ascertain what Google is doing with my information and how to opt out of the same, then how will the 'reasonable man' who is not actively looking or notified?  

More worryingly, another point in Google's Privacy Overview is: 

• "Google collects personal information when you register for a Google service or otherwise voluntarily provide such information. We may combine personal information collected from you with information from other Google services or third parties to provide a better user experience, including customizing content for you."

Does this include/anticipate collaboration with Phorm-like behavioural trackers?

As new technologies and social attitudes merge to cause the shift in media, publishing and entertainment from a 'one to many' broadcast to the two way dialogue of 'many to many' communication, so advertising is reaching its holy grail of targeting specific individuals with relevant messages. 

An individual's online presence makes him part of the online world (consumer, broadcaster, commentator, buyer, seller, MMORPG player all in one) in a way that he never was before TV remotes had red buttons. The fact that that individual has an online presence exposes him to risks which do not apply in the offline world. These risks mostly centre on that individual's data - the type he chooses to share and the type he does not know he is sharing.

However, advertising has rich benefits and should not be unduly stifled. It is the driver for online growth and funds much of our virtual activities. It offers choice to consumers and can entertain, inform and empower.

The difficulty, as always, is in getting the balance right."  

Yasmin Joomraty   

Report on the European Commission's Content Online Platform

Dear Reader

The European Commission has just published its Final Report on the Content Online Platform which was set up as part of its 'Creative Content' initiative to get stakeholders together to debate key issues. You can read it here - Download Col_platform_report (2).

What struck me on first read were these:

• Although the pace of change is slow in some areas - like solutions for multi-territorial licences - in other areas today's 'hot topic' seems distinctly cold tomorrow. Take a look at the conclusions about 'DRM' in the sense of technical protection measures. The growth of TPM-free services has moved on the debate.
• There are no 'one size fits all solutions'. What is right for, say, film and music online is not the same for online publishing.
• There is an odd disconnect between (1) the different approaches in Member States for tackling piracy, where the debate is mired in parochial and industry- specific concerns versus (2) the almost universal recognition that a lack of a common and consistent approach will hold back the development of successful cross-border business models.
• Solutions are needed tailored to individual industry needs and 'soft law', such as Codes of Practice and common standards, will get us more quickly to where we all want to be....

a rich and diverse range of online offerings which give consumers what they want and which deliver a fair return to creators and producers.

Have a good week.

Laurie Kaye

 

Protection of children - New Legislation for Websites

Dear Reader,

From October this year, if you operate a website which has interactive features used by children, you will be required to vet new staff you employ to act as moderators on the website. This means that their names must be registered with the Independent Safeguarding Authority (ISA), a public body which has been set up to prevent unsuitable people from working with children. From 2010 you will also be required to ensure all existing staff moderators are ISA-registered (even if they have already undergone a CRB check).   

The relevant legislation is The Safeguarding Vulnerable Groups Act 2006, which provides for the maintenance of a register of people who are banned from certain activities relating to children (a 'barred list'). Under a commencement order which came into force in January this year, this Act will apply to regulate moderators of websites with interactive features aimed at children. 

You can read more about this development in the law by reading the article on our website.

Yasmin Joomraty and Mailin Bala