Among the digital changes in the Copyright Act, which will come into effect later this year, there is some protection for “ISPs” against claims for breach of copyright. Many companies and public sector entities come within that “ISP” definition. With the protection come obligations and the need for systems to handle copyright infringement.
Opportunities to benefit (and increased obligations) apply most where a corporate operates an interactive online presence. Examples include websites (particularly where they take content from outside the corporate), blogs, website and data hosting services and data warehouses.
Although there is some uncertainty as to what is included in “ISP” for this purpose, the safe approach is to go wide. So when ISP is referred to below, we are taking a wide approach. On that basis, most corporates will be affected, which is why we’ve developed a process to handle this.
The aim of this change is to provide protection against copyright breach claims if the ISP fits within certain criteria. If it does, it enters a “safe harbour”, which reduces the potential for claims.
ISPs can expect — based on what has happened overseas — escalated claims and notices against them from all sorts, ranging from record companies trying to nail peer-to-peer, through to cranks. They’ll have to figure out what to do with imperfect information, knowing they could alienate customers as well if accounts are terminated, etc. Some ISPs will face litigation: There are many examples, but the record companies’ court cases against ISPs in Australia give some idea of what’s ahead.
Of course, some corporates will be more at risk than others. Those with an active web presence (and providers such as pure ISPs, web and data hosting companies) are more at risk. But, for example, even a Government department could have potential problems.
Before the new legislation, ISPs might have been liable for pirated material carried over, stored or copied on their servers, even if they were not aware of its existence. That’s a big source of liability.
Under the changes, the ISP can get “safe-harbour” protection if the ISP takes certain steps.
The Act has refinements on this theme. An ISP is generally not liable if it stores pirated material for a user. That applies so long as, when the ISP knows or has reason to believe that the material infringes copyright, it quickly deletes or prevents access to it.
ISPs need tools to handle these situations, which will often involve hard judgment calls. What does the ISP do when it has imperfect information from the copyright owner, and could face flack or legal risk from customers or other stakeholders whose services are terminated?
There is provision for a copyright owner to give an infringement notice to the ISP. In deciding whether the ISP knew or had reason to believe material infringed copyright (that’s the test referred to above), one of the factors — but not the only one — would be whether an infringement notice has been received.
Merely receiving an infringement notice doesn’t mean that the material should be deleted or access should be prevented. After all, the rights claimed in the notice may not be sustainable. When similar law was introduced overseas, ISPs started receiving questionable infringement notices, sometimes generated automatically using bots searching the web.
An ISP must also adopt and reasonably implement a policy that provides for the termination of accounts for users who repeatedly infringe copyright. How that policy is implemented could also affect an ISP’s liability. Some ISPs will need to change their Acceptable Use Policies.
The Act also protects ISPs that cache infringing material. Unlike the rest of these law changes, this generally will only apply to pure ISP services (such as those provided by Xtra, TelstraClear, etc). This caching provision comes with some catches.
The new legislation adds to the matters that companies and public sectors need to cover when dealing with online issues.
Michael Wigley is the Principal of Wigley & Company, a law firm specialising in ICT. He can be reached at email@example.com.
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.