Jan 22, 2012

A Photographer’s Guide to Copyright

Introduction

There are many instances when the law can either help or hinder the achievement of your objectives.  Copyright is an area of law, often misunderstood, which can be particularly helpful for a photographer.  Whether you are an independent photographer, a freelance photo journalist, a staff photographer for a newspaper, a partner in a high street studio or an international studio employee, the law of copyright ultimately affects your job.

In this article, we explain the nature of copyright: what it is; what it protects; how you obtain copyright; how to protect copyright and how to exploit copyright.  We also briefly discuss the use of other people’s work in your photographs and the concept of “fair dealing”.

The Nature of Copyright

Copyright law was developed over two centuries ago, originally to protect written works.  The modern law of copyright extends, among other material, to the protection of photographs.  Copyright law protects photographs against unauthorised exploitation, including copying or unauthorised publishing.  It grants the owner of the photograph the exclusive right to copy the photograph and to “make copies available to the public”: this includes any form of publishing of the photograph. 

Form rather than Content

Copyright protects a photograph as the expression or recording of an original idea.  Copyright only protects the idea as recorded (i.e. the manifestation of the idea), not the underlying idea itself.  For example, if a photographer takes a photograph of some overhead powerlines and superimposes it onto a photograph of a stately home, he will own the copyright in the resultant work.  However any other photographer can take two similar photographs and  use them to create a similar superimposed image, without breaching the copyright.  This is because copyright protection does not extend to the concept behind the image, but only to the resultant image itself.

The standard of originality in copyright law is low.  Nearly all photographs will be original as you will be recording your effort and creativity in respect of your choice of film speed (or pixel sensitivity), aperture, lighting, composition of the subject matter, development of the image and any digital manipulation.  In the example above, each of the superimposed images would be “original” even if the two overlaid photographs were similar – provided that the other variables listed above had not been copied. 

An International Right

Copyright is an international right principally governed by two international Conventions: the Berne Convention for the Protection of Literary and Artistic Works, 1886 and the Universal Copyright Convention (or UCC), adopted at Geneva in 1952.  These Conventions ensure that certain minimum levels of protection are reciprocally given to copyright owners throughout the countries which are members of a Convention.  For example, if you are the copyright owner in the United Kingdom, you can take action to protect your copyright in the USA, France and in any other convention country.  Similarly the copyright owner of a foreign country within one of these conventions can take action to protect his copyright in the United Kingdom.  Most of the countries of the world, including all industrialised countries are in one or both conventions.   There are countries such as Iran and The Seychelles which are not in either convention.  Citizens of these countries do not then enjoy any copyright protection. 

How to obtain Copyright

Copyright exists automatically.  Contrary to popular belief, there is no need to register Copyright in your work, nor do you have to affix the international Copyright symbol © to every piece of work you wish to protect. However, the main advantage of inserting the symbol ©, the year and name of the author (i.e. the photographer) is that those facts are then assumed to be true in any subsequent court case.  It also indicates to third parties that you are aware of your rights in the photographs.  In the United Kingdom, copyright lasts until the end of the seventieth year after the end of the year in which the death of the photographer occurs. 

Authorship and Ownership

Copyright is given to the author of the photograph.  This is a term used by the legislation in respect of copyright, although it can be misleading when applied to photographs. For example, one person may direct another to take a photograph or be responsible for setting up the scene to be photographed or even just be responsible for the lighting.  The case of Creation Records Ltd v News Group Newspapers Ltd ([1997] EMLR 444 (Ch)) determined that the author of the photograph is the person who takes it – i.e. the person who presses the shutter release.  The only exception to this is perhaps the photographer’s apprentice, where a photographer sets up the scene to be photographed (the position and angle of the camera and all the necessary settings) and directs the apprentice to press the shutter release at a moment chosen by the photographer.  In this example, it would be the photographer and not the apprentice who would be deemed to be the author. 

The photographer, being the author, is said to be the first owner of the copyright in a photograph.  However, ownership of copyright is a different concept to that of authorship.  Ownership can be transferred while the authorship (or creation) remains with one person and can never be transferred.  That transfer can be by way of a sale or it may be by operation of law: for example when a photographer dies, his estate will inherit ownership of the copyright in his photographs. 

Copyright and Employment

Most employment contracts expressly provide that the copyright in any work created by an employee in the course of their employment is owned by the employer.  Even if the contract does not explicitly say this, the law effectively states that this is the case, unless otherwise agreed.  So, for example, if an employee of a newspaper takes photographs of a celebrity which are worth a lot of money, it is the newspaper, not the photographer who becomes the first owner of copyright in the photographs, due to the operation of this rule of copyright law. 

The rule that the employer owns copyright does not, however, extend to photographs created outside the course of employment.  So a photograph taken outside working hours, particularly one which does not use the newspaper’s photographic equipment, would be owned by the photographer not his newspaper employer.  There is still some debate, however, as to what effect the use of the employer’s equipment would have on the ownership of copyright in these circumstances.  Much would depend upon the exact situation, the seniority of the employee and his precise job description. 

Joint Ownership

It is possible to have joint ownership of copyright in law.  However, unless the joint owners agree otherwise, neither joint owner is permitted to publish the photograph or to licence a third party to copy the work without the consent of the other.  Therefore, where a photographer and a commissioner agree to own copyright jointly neither party will, in the absence of an agreement with the other party, be permitted fully to exploit the photographs without the consent of the other party.  The commercial reality, therefore, is that joint ownership of copyright does not provide an easy solution. 

Moral Rights

These are separate rights owned by the author of a photograph.  Moral rights are always owned by the  author and can never be transferred.  For instance, when a photographer sells a picture to a photographic agency (as opposed to merely granting a licence to use the photograph) the photographer would still retain the moral rights in the photograph.

One moral right is the right to be identified as the author of the photograph whenever it is published.  This moral right must, however be asserted before it comes into operation.

A second moral right is the right to object to any derogatory treatment of the photograph.  Derogatory treatment means any “addition, deletion, alteration or adaptation which amounts to distortion or mutilation of the work or which is otherwise prejudicial to the honour or reputation” of the photographer.  This right would extend for example to any digital manipulation which alters the photograph in a substantial and derogatory manner without the author’s permission.  However a critique of a work by another photographer does not constitute an infringement of moral rights.

Although moral rights cannot be transferred, they can be waived.  For instance, the purchaser of a photograph may require that the moral rights are “waived” by the author.  This then prevents the author of the photograph from enforcing those moral rights at a later date. 

Exploitation – Common Misunderstandings

As has been seen, it is a breach of copyright to make a copy or distribute a copy of a photograph without the consent of the owner of the copyright.  A copyright licence is nothing more than a permission from the owner granting the right to make a copy.  The licence can be limited in a number of ways: by geography; by time; by the media on which the copy is made.  So, for example, a photographer could grant a licence allowing someone to make and distribute CD-ROMs containing his photographs in the United States for a period of ten years. 

Confusion sometimes surrounds determining who is the author and the fact that ownership can be transferred, while authorship cannot.  This becomes especially important when a photographer is exploiting (making use of) his copyright by publishing or having someone else publish his photographs.

A Commissioned Photograph

For example, take the following scenario: a library commissions a photographer to take some photographs of some historic buildings and also some pictures of a newly constructed building designed by a famous international architect.  There are three issues in this scenario; first, what rights will the photographer have in the photographs, what rights will the library have and what rights will the architect have?

The answer to the first question is, simply, whatever rights the photographer does not give to the library.  The photographer, will be the author and initial owner of the copyright in the photographs.  Copyright is a form of property and, as mentioned earlier, it can be transferred to someone else – this could be outright ownership or merely by granting a licence to use the photographs.  The photographer may want to give the library (only) a licence to hold copies of the photographs for reference or to use them in a limited number of publications but not, for example, to include them on the library’s Internet site. 

Similarly the library would obtain only the rights expressly transferred or licensed to it.  The library may want the photographer to relinquish all his rights and transfer the ownership to the library (for a fee, of course) so that it becomes free to use the photographs in any way it chooses – for example, in promotional material, advertisements, catalogues as well as on its Internet site. 
 
The moral rights in the photographs would always remain with the photographer.  If the library did not want them to be exercised and the photographer was agreeable, the most that the library could achieve would be a waiver of the moral rights i.e. an agreement by the photographer that he would not exercise those moral rights. 

From what has been said, a photographer may think that he need not worry when he is employed on a commission basis, since the photographer would always own the copyright in the photographs.  Experience indicates otherwise.  Although, in theory, a written assignment is necessary to transfer the copyright, the courts have been more liberal in their practical interpretation of the law.  In practice, if the commissioner can show that, in the circumstances, it is proper for the commissioner to own the copyright or to have an extensive licence in the copyright to use the photographs, the courts will enforce such rights in favour of the commissioner.  In reality, the only way to avoid such an argument is to have a written contract to delineate precisely which party is to own the copyright and, more importantly, what rights, if any, the party who is not to own the copyright has to reproduce the photographs.  The contract does not have to be in writing, but it is more sensible if it is.

On a number of occasions the courts have implied into the contract a transfer of the copyright where it has not been mentioned by the parties, however this is only usual when there has been a well established trading history between the person giving the commission and the photographer.  This is particularly likely to occur where the photographer has not shown any objections to the commissioner using his work for other purposes previously.  In practice, both photographer and commissioner should closely scrutinise the terms and conditions they are contracting on before the photographs are taken and if necessary take advice – it could save a great deal of time and money later on.

The remaining third question, namely what rights does the architect have, has a straightforward answer.  The copyright an architect holds is primarily in the plans of the building on paper, (so you cannot copy those without permission) and in the physical building itself – so you cannot construct a copy of that building without permission.  Almost certainly, taking a photograph of the building does not infringe the architect’s rights. 

Copyright Protection

What happens when someone else copies or publishes a photograph without the permission of the owner of the copyright?  This is an infringement of copyright law.  Primarily, however, it is up to the owner of the copyright to take action himself to enforce copyright.  He can seek an injunction to prevent future publication and seek damages.  If the copying is done in the course of a business, it will also amount to a criminal offence – punishable by up to ten years imprisonment and an unlimited fine (see section 107 of the Copyright, Designs and Patents Act, 1988). 

Even a straightforward copyright infringement can therefore amount to a criminal offence.  This principle was established in the case of Thames & Hudson v Design and Artists Copyright Society Limited ([1995] FSR 153).  The case concerned copyright in a photograph.  The parties were in dispute over the extent of a licence granted to use certain photographs in a book.  The defendant claimed that the licence did not extend to use of the photographs in the second edition of the book.  In order to put commercial pressure on Thames & Hudson, the Design and Artists Copyright Society initiated proceedings in Bow Street Magistrates court against them.  A case was then brought by Thames & Hudson Limited to stop those criminal proceedings as an abuse of process.  The court rejected Thames & Hudson’s argument that the criminal provisions of the Copyright, Designs and Patents Act 1994 was intended only for “pirate” organisations.  The court held that the statute did not limit the nature of the offender and therefore the criminal proceedings against Thames & Hudson Limited could proceed.

Fair Dealing

A possible defence is for the infringer to argue that he falls under the “fair dealing” exception.  The “fair dealing” defence is however, quite limited in English law.  The only circumstances in which it applies in commercial circumstances is where there is “fair dealing … for the purposes of criticism or review” (see Section 30 of the Copyright, Designs and Patents Act. 1988). 

A high profile case in this area is that of Banier v News Group Newspapers Ltd ([1997] FSR 812]).  The case involved an attempt by a newspaper to claim the right to publish a photograph without the owner’s permission.  A picture of Princess Caroline of Monaco was published by the Times under an exclusive licence.  The Sun, having been unable to obtain a similar licence, published the photograph regardless.  It was argued by the Sun that it was industry practice to publish photographs before obtaining a licence when the photograph had already appeared in another newspaper and that a licence would then, in normal circumstances, be obtained retrospectively.  The court stated that although many newspapers may have adopted this practice in the past it was, nevertheless, “plainly unjustified and unlawful”. 

It was further argued by the Sun that the concept of “fair dealing” applied.  The court held that the concept of “fair dealing” extended only to the purposes of criticism or review and provided that sufficient acknowledgement is given to the author.  Furthermore, there is a specific exception in that the concept of “fair dealing” does not apply to photographs used in news reporting – the reporter always needs permission.  The Sun could not therefore take advantage of the “fair dealing” defence in these circumstances.

Breach of Licence

One of the most common breaches of copyright is where an agency uses a picture for a different purpose to the one which the photographer believed he or she licensed the photograph for.  This often occurs when there is no written contract.  The common assumption in practice is that where a photographer grants a licence it is for use of a photograph once in one territory and on one medium.  If there is to be further publication the photographer must agree to grant a further licence. 

Theoretically this is good news for a photographer.  However the practicalities of proving that a photographer only granted a licence to use the photograph once (without a written contract) can be time consuming and expensive.  This is the reason why much unauthorised use goes on – regardless of the fact that breach of a licence in the course of a business is also a criminal offence.  See the discussion of the case of Thames & Hudson v Design and Artists Copyright Society Limited above.  In practice, it is often simply not worthwhile or cost effective to take action for copyright infringement.  Having a written contract often tips the risk – benefit equation over to make it worth while to take action for infringement.

Copyright and the Internet

The Internet is notoriously difficult to police.  In practice, once you put copyright – protected material on the Internet, there is nothing to stop someone copying it.  Two solutions present themselves: (1) don’t put photographs in which you wish to enforce the copyright on the Internet; or (2) if you need to advertise that you have certain photographs, put only poor quality copies that are not worth copying on the Internet.  Hopefully, then people who want a good quality copy will contact you and pay for one!

There is a third solution, which is by the inclusion of a watermark.  However, all watermarks can be removed given sufficient time.  Nevertheless, a complex and intricate watermark may prove an effective deterrent given the effort required to remove it. 

Conclusion – Practical Steps for Photographers

These few practical steps should help a photographer protect the copyright in his photographs:
• When granting a licence which allows someone to use the photographs, use a written contract which details as precisely as possible what the licensee is allowed to use the photograph for, stating that they must contact the photographer to agree a separate fee for any other use.
• When taking photographs on a commission, do not rely on the legal assumption that the photographer will own the copyright in the photographs.  Remember that this is only a starting point.  Always record in writing that the photographer is to retain the copyright and expressly state what the commissioner may do with the photographs. 
• Do take the time to check your employment contract and determine what rights you have in the photographs you take. 
• If you want to be named as the author of the photograph, say so before you grant the licence.
• If you are creating a virtual library on the Internet, don’t put photographs on the Internet that you don’t want copying.  Only put “tasters” on – copies which aren’t good enough for commercial publication. 
• If in doubt, take legal advice.  Remember that ‘a stitch in time’ really does ‘save nine’!

 

Jan 1, 2012

Buying Services via the Cloud: Ten Legal Pitfalls

Introduction

Although many Cloud Service Providers consider themselves as much more than a mere outsource provider, from the Customers perspective it is important to realise that, in essence, they are providing an outsource service, albeit one delivered via the internet.  A Customer could, at least in theory, have chosen to do “in-house” what it is that the Cloud Service Provider is doing for him. 

A Cloud Service is an outsourcing arrangement where one or more elements used in providing the service is hosted on the internet.  One easy example of a cloud service which we all use is the provision of e-mail.  The e-mails are stored “somewhere on the internet” before the user downloads them to the user’s computer.  Depending upon how the user has configured the service, the e-mails will then be retained by the e-mail service provider or else deleted. 

One of the most popular forms of Cloud Service Provision is where the bulk of the software is hosted remotely.  This known as “Software as a Service” or “SaaS”.  In a Saas model, some small part of the software may be downloaded onto the user’s machine.  Depending upon the model, the data may be stored on the user’s machine or remotely by the Cloud Service Provider.  The Customer will access that software and data remotely via the internet. 

Generally the Cloud Service Provider will host software and data remotely and allow the Customer to access that software and data remotely: often via internet enabled applications.  As with all forms of “outsourcing” the Customer has several risks associated with these circumstances.  In this paper we identify and discuss ten such risks of a “legal” nature: Annual fee renewal; Termination; Limitations of liability; Change of Customer; Force Majeure; Change Control; Continuity; Inclusive costs; Foreign Suppliers; Data Protection. 

This paper does not discuss whether and how the Customer will be able to negotiate changes to the terms on which the Cloud Service Provider is prepared to offer the Cloud Service.  Many Cloud Service Providers will offer their services only on a “take it or leave it” basis.  In other cases, the Customer may have insufficient bargaining power to insist on changes.  At least the Customer will then be aware of what risks it is accepting in entering into the proffered contract. 

Annual fee renewal

Some Cloud Service Provider models provide that the licence subsists only on a year by year basis.  Many offer a licence on an even shorter, monthly basis.  Often, the licence fee for the second and future years (or months) is not set out.  Neither is it given (or capped) by some sort of formula: such as the Retail Prices Index or a labour index.  Instead the licensor is free to set the charge for a future year entirely within its discretion.  This will clearly present a substantive risk to the Customer: it will have no certainty as to the amount of its payment in future.  The same issue may also arise in respect of future payments of maintenance or the like: where relevant, the Customer should have some sort of certainty of the price of maintenance or support throughout the lifetime of the contact. 

Termination

The agreement will come to an end at some time.  It is important to consider termination carefully at the outset, since often the Customer may have little or no bargaining power at the time of termination.  At that point the Customer may be heavily dependent on the Cloud Service Provider.  How long will it take for the Customer to find another Cloud Service Provider?  Will the Customer have easy access to its data in order to transfer the data from one Cloud Service Provider to another?  Provisions must be built into the contract with the Cloud Service Provider to deal adequately with these issues.  Many Cloud Service contracts provide no guarantee of continuity for the Customer and no or little provision for the data to be delivered in a timely manner to the Customer in the format in which the Customer may need the data. 

Limitations of liability

Limitation of liability is a complex legal subject.  The Cloud Service Provider will not wish to have unlimited liability since its potential loss, in the case of a failure in its services, may well exceed the value of the contract.  Conversely, the Customer may be relying on the Cloud Service Provider to run a critical part, of its business  Resolving that dichotomy can require the negotiation and skill of an experienced lawyer.  Ultimately, what can be successfully excluded in law often depends upon a “reasonableness” test.  Some loss, for instance personal injury arising from the negligence of a party, can never be excluded or limited.  Many Cloud Service Providers, particularly large United States providers purport to exclude virtually all liability. 

Change of Customer

The software used in the service is invariably licensed.  In most cases the software will be licensed by the Cloud Service Provider to the Customer.  It is important to be aware of what fees the Cloud Service Provider will charge where there is a change in the user.  This may occur, for example where the Customer subsequently is bought or merges with another company.  The Customer will not wish this to be an unreasonable amount.  Some Cloud Service contracts allow the Cloud Service Provider to terminate the contract in such circumstances.  The easiest way to avoid an unpalatable result in such circumstances is to ensure that the original licence deals properly with such a change. 

Force Majeure

Force majeure is a French term which has found its way into many commercial contracts.  It is usually used in conjunction with a definition, which provides that a party can avoid its contractual obligations for reasons beyond that party’s control : such as fire, earthquake or shortages of supplies.  The Cloud Service Provider will naturally provide generous provisions in its favour.  Do not be fooled!  The major obligations to be performed are placed on the Cloud Service Provider.  Therefore it is the Cloud Service Provider who will be able to take advantage of this clause – not the Customer!  At the least, the force majeure clause should provide that the person taking advantage of the clause gives timely notice to the other party and continues to use its reasonable endeavors to minimize the effect of the event of force majeure. 

Change Control

The services to be provided by the Cloud Service Provider are unlikely to remain static.  The Customer will need to know that the prices to be charged by the Cloud Service Provider for additional services will not be unreasonably high.  The original contract might specify certain extra services and a charge for them.  However, the contract will also need to deal with other unforeseen additional services by providing some mechanism for quotation. 

Ultimately, there are only three ways of determining the additional charge for the additional service : the Cloud Service Provider will set the price; the Customer will set the price; an independent expert will set the price.  Ideally, a contract would be worded to allow the price for an additional service to be set by an independent neutral party, acting as an expert.  It is most unlikely that a Customer will have enough bargaining power to insist on this.  While the first option, where the Cloud Service Provider sets the price “acting reasonably” may be seen as an acceptable compromise, in practice even achieving this is likely to be difficult. 

Continuity

How financially secure is the Cloud Service Provider?  The livelihood of the Customer may depend upon the continuity of the services being provided by the Cloud Service Provider.  Default of the Cloud Service Provider can therefore have serious repercussions.  There is not much point in the Cloud Service Provider being penalized for non performance, if the reality is that the non performance may arise out of the questionable financial viability of the Cloud Service Provider.  It is better not to undertake the deal with that Cloud Service Provider than end up with having to change Cloud Service Provider because the original Cloud Service Provider has gone out of business.  Even if there were no direct monetary loss, the cost of setting up a replacement deal in terms of time and energy should be enough to dissuade a Customer from doing a deal with someone without a track record. 

Inclusive costs

Are costs inclusive of all extras?  It is worthwhile checking precisely what is and is not excluded.  It has been known for a Cloud Service Provider to have a cost structure which included a charge for each page printed – a charge which can quickly mount up.  Likewise telephones (whether a dedicated line or not), server rental and media storage costs may all be charged for at an extra rate.  So long as these costs are known about in advance when you go into the contract, then at least there will be no surprises. 

Foreign Suppliers

A Cloud Service Provider need not be based in a high cost country such as the United Kingdom.  Many Cloud Service Providers operate out of low cost countries.  While Iceland is popular because of its relatively low electricity costs, so are countries in the Far East.  However, there are clearly additional risks when using a foreign Cloud Service Provider, for example: lack of immediate control; standards of professionalism; use of English as a first language.  It is important to balance the price gain that can be achieved by using a foreign Cloud Service Provider against these additional risks. 

Data Protection

A Cloud Service Provider will be using and indeed, to a certain extent, controlling the Customers data.  This means that both the Cloud Service Provider and the Customer will need to register and comply with the Data Protection  Legislation in so far as that data is personal data.  A full discussion of the data protection legislation is outside the scope of this article.  In practice, many Cloud Service Providers are United States companies who operate outside the European Economic Area and to whom compliance with data protection legislation is an anathema. 

 

Dec 28, 2011

European Commission to increase the Data Protection burden for businesses

Recently leaked information gives details of a European proposal for a new data protection law (See Financial Times of Monday 12 December 2011).  The European Commission has been debating such a law for at least 12 months and indeed sought submissions on possible changes over that period (See, for example http://ec.europa.eu/justice/news/consulting_public/news_consulting_0006_en.htm).  If the leaks are to be believed, the new law will require EU countries to adopt stringent new data protection measures.  If breached they will allow for companies to be fined up to 5% of annual turnover.  This is in stark contrast to the present theoretical maximum fine of £500,000 (See http://www.ico.gov.uk/what_we_cover/taking_action/dp_pecr.aspx#monetarypenalties). 

The United Kingdom Commissioner’s Office (ICO) has had this power to fine companies only since 6 April 2010.  However, the ICO has used this power sparingly. Indeed in the first 20 months the ICO has fined only two businesses.  Excluding one nominal fine, the only fine imposed on a commercial company was to A4E Limited, a company acting primarily as a supplier of service to the public sector.  All the remaining seven fines were of local authorities. 

History shows, that at least in the United Kingdom, the ICO has no appetite to take on companies bigger than he is.  Take for example the case of Google collecting Wi-Fi data unlawfully in preparation for its Street View service a few years ago. 

The UK Information Commissioner took no effective action against Google, unlike his counterparts in Germany, Italy, Switzerland, Canada and Czech Republic (See, for example http://www.bbc.co.uk/news/technology-11684952).  In more recent times, the UK Information Commissioner has similarly failed to take action against Sony in respect of the Playstation hacking incident or against Facebook for tagging of facial features (See, for example http://www.dailymail.co.uk/news/article-1260334/Facebook-tagging-launch-breach-privacy-EU-court-battle-looms-social-network.html). 

This week has seen David Cameron throw down a gauntlet to the European Union to protect the London based banking industry.  The European Commission is proposing a radical change to the United Kingdom’s softly-softly approach to policing the data protection legislation, by proposing that a new European bureaucracy would enforce the new legislation.  It remains to be seen whether the British government will continue the stance it started last week in opposing this type of legislation.  If it fails to do so, British industry and British banks in particular will face a very significant increase in the risks associated with data loss. 

The one silver lining in the cloud of the new proposals is the way in which they propose to tackle the Cloud Computing industry.  Previously this industry, based as it is to a large extent outside the European Union, has been able to ignore European data protection rules.  The European Commission is proposing to extend enforcement of the new European Union rules to all foreign companies operating in the European Union.  This would mark a significant change.  No longer would companies such as Facebook be able to hide behind a foreign veil.  Instead, the new EU rules would allow their EU subsidiaries to be fined. 

However, a company can only be fined if the proposed European data-policing authority knows that the company has breached data protection rules.  Therefore the European Commission is proposing to require companies to report data protection breaches.  This is consistent with EU Commissioner Viviane Reding remarks in a speech on 29 November 2011, when she said “Our proposal will introduce a general obligation for data controllers to notify data breaches. In concrete terms, that means notifying data protection authorities and the individuals concerned when a data breach is discovered.” (See http://ec.europa.eu/commission_2010-2014/reding/pdf/speeches/data-protection-social-media_en.pdf).  What is not yet known is whether all breaches must be reported or, more likely, only those over a certain threshold of importance. 

A proposal that has been debated for a while is a “right to be forgotten”.  A provision to achieve this will also be included in the new legislation.  This will require Facebook and other social media networks to change their sites significantly to improve the ease with which individuals can require their data to be removed.  All of this is significant with Ms Reding’s view that “The protection of personal data is a fundamental right”. 

 

Dec 27, 2011

Database Protection Rights

1  DATABASES – THE LEGISLATION

In the United Kingdom, the Copyright and Rights in Databases Regulations 1997 (S.I. 1997 No. 3032) (the “Regulations”) implement Council Directive 96/9/EC of the European Union on the Legal Protection of Databases (the “Directive”).  Under this legislation, the maker of a database (i.e. the person who creates the database) has the right to prevent the extraction or re-utilisation of the whole or a substantial part of the contents of the database.  The legislation applies to databases created on or after 1 January 1998.  There are certain transition provisions. 

2  THE MAKER AND OWNER OF THE DATABASE

For the database right to be enforceable the person or organisation having the benefit of the rights must be a national of a Member State of the European Economic Area or be formed under the laws of such a state.

The maker of the database is the person who takes the initiative in obtaining, verifying or presenting the contents of the database and assumes the risk of investing in it.  Where the database is made by an employee during the course of his employment, then, unless the contrary is agreed, the employer will be regarded as the database “maker”. 

3  THE DATABASE

In the legislation, a “database” is defined as:
* “a collection of independent works, data or other material which:
* are arranged in a systematic or methodical way, and
* are individually accessible by electronic or other means”

This definition of database will include, for example, a telephone directory; a list of spare parts or an analysis of stresses and strains in a mechanical device.  The definition is also sufficient to encompass an automated employment record or even a web site.

Database rights are applicable to databases whether they are in written or electronic format.  However, there are limits as to how widely the definition may be interpreted.  In the case of Hit Bit Software GmbH v AOL Bertelsmann Online GmbH & Co KG it was argued in the German Court that computer MIDI files of instrumental music were capable of protection as databases.  Hit Bit Software produced MIDI files of instrumental music.  AOL Bertelsmann hosted a website from which various MIDI files could be downloaded.  Hit Bit alleged that MIDI files contained on AOL Bertelsmann?s website breached its copyright and it also alleged that its MIDI files were capable of being protected as databases.  The court held that a MIDI file was not capable of being protected as a database under the equivalent German Copyright Act. 

4  THE DURATION OF THE DATABASE RIGHT

The rights created by the Regulations last for 15 years from the date of creation of the database.  The rights are infringed even by a systematic extraction or re-use of insubstantial parts of the contents of the database. 

Where there is a substantial change to the contents of a database, so that it can be considered as a ?substantial new investment?, the database will then qualify for a new term of protection beyond the original 15 year period.  In this way, database protection can conceivably last for a long time: provided that “substantial new investments”, are regularly made to the database.  This will invariably be the case for commercial databases which are continuously being updated; as for example to a telephone directory or a spare parts list. 

Database owners are strongly recommended to maintain records of the investments of time or money in their databases to assist in arguing that they are making a “substantial new investment” and thereby extending the period of database right protection.  Database owners are also advised to ensure that the correct name of the (European) owner appears as the database creator on any copy of the database. 

5   INFRINGEMENT OF THE DATABASE RIGHT

Database rights are infringed if any person extracts or re-utilises a substantial part of the contents of the database.  However, the rights may also be infringed by a systematic extraction or re-use of a series of insubstantial parts of the contents of the database. 

There are exceptions to this.  For example, extraction of a substantial part of the contents of a database is permissible in circumstances where the database has been made available to the public or  where the extraction is by a lawful user for the purpose of teaching or research.  In order for this exception to apply, the source must be indicated and the teaching or research must not be for any commercial purpose.

The UK Regulations define “extraction”, in relation to any contents of a database, as “the permanent or temporary transfer of those contents to another medium by any means or in any form”. 

6   DATABASE SUBSTANTIALITY

The UK Regulations state that “substantial” means “in relation to any investment, extraction or re-utilisation, substantial in terms of quantity or quality or a combination of both”.

In the William Hill case, discussed in detail below, the Court concluded that there was both a qualitative and quantitative element to the substantiality test. 

 7  DATABASE LICENSING

The UK Regulations do not contain any compulsory licensing provision for the contents of a database which cannot be obtained through any other source. 

8  DATABASE RIGHTS - LEADING CASES

The English case of British Horseracing Board Ltd v William Hill Organisation Ltd (Case C-203/02 – (1) The British Horseracing Board Limited (2) The Jockey Club (3) Weatherbys Group Limited -v- William Hill Organization Limited (2004)) has provoked much debate about the investment required in order for a database ot be protectable under the legislation.  The brief facts of this case are as follows.  British Horseracing Board maintained a comprehensive electronic database providing up to date statistics relating to horse racing.  Some of the information on the database was supplied to a firm, SIS by a licence agreement.  William Hill used information and services supplied by SIS in order to provide up to date information to customers in its betting shops.  This information was later incorporated in to William Hill’s online betting website.   British Horseracing Board argued that William Hill was using the information without its permission and this constituted an infringement of British Horseracing Board’s database right: i.e. William Hill was extracting and re-utilising a substantial part of the database or was making repeated extractions of insubstantial parts.  William Hill argued that the material was available from other sources and consequently it was not infringing British Horseracing Board’s rights. 

William Hill further argued that the information it had used or extracted from the database was not a part of the database, since what had been extracted was the information from the database (rather than the database itself). 

Other jurisdictions have also struggled with the definition of a database contained in the Directive and there had previously been a series of conflicting decisions within the EU.  The William Hill case came before the European Court of Justice at the same time as anumber of other cases, collectively knopwn as the ”Football Fixtures” cases, namely:
* C-46/02 - Fixtures Marketing Ltd -v- Oy Veikkaus AB (2004) ECJ 9/11/2004
* Case C-338/02 – Fixtures Marketing Ltd -v- AB Svenska Spel (2004) ECJ 9/11/2004
* Case C-444/02 – Fixtures Marketing Ltd -v- Organismos Prognostikon Agonon Podosphairou AE (OPAP) (2004) ECJ 9/11/2004

These three cases in, respectively Finland, Sweden and Greece concerned lists of football fixtures created by the English and Scottish football leagues.  The claimant had been given exclusive rights to use the database rights.  The defendants ran the football pools and in doing so extracted information from the claimant’s fixture lists.  The claimant sued for infringement of its database right.  The defendants argued that the claimant’s database was merely a by-product of the leagues’ investment and was not protectable as a database. 

The decision given by the European Court of Justice on the 9th November 2004 in all these cases was somewhat surprising.  The European Court distinguished between the investment made in obtaining the contents of the database on the one hand and the investment concerning the verification and presentation of those contents on the other.  The European Court said that in order to be protected under database rights, there must have been a substantial investment in the verification or presentation of the data rather than the (mere) collection of the data.  Thus, it is the organisation of the data rather than the value of the data itself which requires a substantial investment. 

Although the European Court is not authorised to determine facts, in reality, it held that this test had not been satisfied either for the British Horseracing Board’s database nor for the English and Scottish Football Leagues? database.  In these cases, the European Court said that the value of the investment was in the original collection of the data and not the verification or presentation of the data within the database. 

The European Court also considered the issue of ?substantiality? under the database rights legislation.  This was of relevance in the William Hill case.  The European Court held that the extraction and re-utilisation carried out by William Hill, even though it was carried out in a repeated and systematic manner, concerned only insubstantial parts of the database.  Furthermore, the cumulative effect of William Hill?s actions did not amount to the making available to the public of the whole or a substantial part of the contents of the British Horseracing Board?s database.  There was therefore no infringement of the British Horseracing Board’s database rights. 

This rather narrow view of the legislation came as something of a surprise.  What it does mean in practice is that companies that wish to protect their database must ensure that they record not only the investment in making the underlying data (which will not afford protection to the database) but the investment they make in the verification and presentation of the data which will potentially afford protection to the database. 

9  DATABASE – CONCLUSIONS

Following these cases, it is not enough to show that the data itself is valuable.  What is more important, in order to be sure of database rights, is to show that there has been a valuable investment in the verification or presentation of the data within the database.  Further the owner of the database must be a citizen of or a company established within the European Economic Area. 

 

Jul 3, 2011

BSkyB –v– EDS

BSkyB –v– EDS
 
Background

In 2001 Electronic Data Systems (“EDS”) agreed to supply a Customer Management System to British Sky Broadcasting (“BSkyB”). It didn’t work. BSkyB therefore sued EDS. BSkyB (successfully, as it transpired) claimed that EDS salesmen had made negligent and fraudulent representations during the course of the negotiations. Although many claims were made by EDS, the main one that succeeded was in respect of a fraudulent misrepresentation that EDS’ had the ability to perform the project within the timescales stated by EDS. In law, a misrepresentation occurs when a salesman makes a false statement that persuades a party to enter into a contract. The statement needs to be one of fact, as opposed to opinion, but may be made verbally or in writing.

IT contracts invariably contain limitations of liability. In this case, EDS had sought to limit its liability to $30 million. However if BSkyB’s could show that there had been a false representation that had been made fraudulently, this limitation would not then apply. Indeed, one can never limit one’s liability for acting fraudulently.  This was decided in the cases of Thomas Witter Limited v TBP Industries Limited (15 July 1994, unreported) and South West Water Services -v- International Computers Limited [1999] BLJ 420.
 
In a civil case such as this, it is significantly easier to show “fraud” than in a criminal case. In the end the court decided that negligent and fraudulent misrepresentations had indeed been made. BSkyB could therefore claim all the damages that have been caused by EDS’ misrepresentations, without any limit.
 
Why is the case so important?
 
The case shows how a customer can avoid a supplier’s limitations of liability in a spectacular manner. Limitations of liability are of critical importance in IT contracts where the consequences of the IT system failing are often much higher than the cost of the IT system. In this case the value of the claim, £700m was disproportional to the monies paid, £48 million and the agreed limit of liability, £30 million. The case is important because it will undoubtedly encourage dissatisfied buyers of large IT systems to “have a go”, even where limitations of liability have previously been agreed in the contract. The case should cause all IT suppliers to reflect on their salespeople and consider whether they ever “oversell” products and services. 
 
The case is an example of how the English litigation system is not for the faint hearted. The final costs have yet to be assessed but it has been estimated that the total costs to be borne by the losing party, EDS, will be about £70 million! Far greater than the costs of the system, £48 million. Even the largest of companies are likely to baulk at those figures!
 
The case also exemplifies the protracted nature of litigation in England:
    • Some 500,000 documents were reviewed by the lawyers. 
    • The court hearing involved some 70 witnesses and lasted for about a year of real time (109 days in court). 
    • The case started in summer 2002, and the judgment was given in January 2010: however it was nearly 18 months after the trial ended before the judge was able to give his decision. 
    • The judgment is 468 pages long!
The original damages claimed were £700 million.  The parties have yet to have further arguments about the amount of damages that will be actually awarded, however they will be about £220 million.  Weighed against the likely damages, the total costs of £70 million are still significant.
 
Final Comments
 
One reason that the costs were so high was because the case was, in part, a “who said what to whom and when” dispute. Given that was the case and given that BSkyB were alleging fraud, the credibility of witnesses became most important. One of EDS’ main witnesses, Joe Galloway, the managing director of the relevant part of EDS, gave evidence that he had obtained an MBA from Concordia College, St. Johns, US Virgin Islands.  He stated that he had studied there for about a year.  It transpired that he had bought the MBA on the internet. Counsel proved this in open court by buying a degree with an identical glowing reference, but with better marks, for his dog Lulu!
 
In case you are wondering what happened to EDS, it was bought in 2008, while this case was proceeding in the law courts, by Hewlett Packard.

Seminars

December 2014
S M T W T F S
« Jan    
 123456
78910111213
14151617181920
21222324252627
28293031