Accessibility Page Navigation
Style sheets must be enabled to view this page as it was intended.
ebizinfo

Sign up to receive updates in ebizlaw and details of our ebizlaw events.

Before you provide your details to register, we want to tell you how we'll use your data. »

ebizsearch

Search all of ebizlaw

See all Legal Guidance items by topic

Fox Williams websites
Please visit our other specialist websites

Google joins cloud revolution as Government consults on £500,000 maximum fine for data breaches

Google recently publicised its new computer operating system, Chrome OS, which it hopes could revolutionise computing. Rather than storing files and documents on the computer’s hard drive, Chrome OS relies on data stored in the “Cloud”. This means that files are accessible on demand from anywhere in the World assuming that you have an Internet connection. That is in fact quite a big assumption as even in this technology advanced country we do not have a comprehensive high speed internet infrastructure and there is lack of WiFi hotspots outside of major towns and cites. 

Despite this, cloud computing is the future as so much of life is now online; friends, music, film and pictures. Not only that but there are also significant benefits for business – reduced capital outlay for hardware and software and flexibility in the pricing model with “pay as you go” tariffs available. And besides, if Google see this as the future, you would be a brave person to bet against them.

But, with the news that Information Commissioner (the UK data protection regulator) could get the power to levy fines of up to £500,000 for serious breaches, data security will be an increasingly important factor in the move to cloud computing services. There is an increasing news flow about data security breaches, in both the public and private sectors and this is where the attention of the regulators is focussed. The FSA have in a particular levied six figure fines for data security breaches.

Under data protection laws, if a business engages a cloud service provider to look after their data, they will remain responsible for the security of the data and must ensure that the service provider gives “sufficient guarantees in respect of technical and organisational security measures”. Any breach of security by the provider, could lead to the business being fined by the regulator. It is generally the “owner” of the data that remains responsible. To manage this risk, businesses need to put in place appropriate contract terms not only to protect itself but also as a requirement to comply with data protection legislation.

 

Posted by ebizlaw team on the 24-11-2009

Getty Images shows the way forward for content owners?

The advance of technology and the digital age has been a pain in the proverbial for content owners. The ease with which material can be copied and distributed has undermined the business model of many content owners. Commenting on file sharing, the Creative Coalition Campaign - a partnership between trade unions representing people working in the creative industries has recently said that "our creative sector produces world-class content, bringing joy to countless people across the UK and the world, but this can't be sustained if illegal file-sharing persists."

There is a risk that if content owners are not able to make money from producing content, there will be a disincentive to produce the content in the first place. With the expectation that everything available on the web should be free, it is problematic to charge directly for content, whether that is news or music. Some parts of the music industry have embraced this by taking the opportunity to reach a wider audience (by allowing their music to be more freely available on the web), to generate more revenue from live gigs, sponsorship, advertising and merchandising. Despite this model working for some, there is a strong movement towards charging for content (see Rupert Murdoch's recent comments) and vigorously enforcing rights (see the recent debate on cutting off persistent files sharers).

Getty Images, a photographic agency, is an example of the latter part of this shift, as it is seeking to enforce its rights against those who use its images without authority. Often, the task of identifying infringers is outsourced to a third party who is incentivised, and may use heavy handed tactics, to extract a payment. The success of this strategy was highlighted last week when the court ordered a removals business to pay Getty Images nearly £2,000 (plus Getty Images' legal costs) for using a copyright protected photograph on its website without the permission of Getty Images. This is despite the fact that the website owner took the offending photo down on being contacted by Getty Images. Some website owners think that this is sufficient to appease the rights owner, but there is no guarantee that this will be the case. Content owners will often have a claim for compensation, even if they choose not to pursue legal action. But when a third party enforcement agency is involved, there is a clear incentive to seek to extract a payment and the content owner is well within its rights to do this. Even where the image is not generating any revenue itself, the content owner can claim compensation on a "lost licence fee" basis (i.e. the licence fee it would have earned, if the image had been properly licensed in the first place). Alternatively, where the website is making money from the unlawful content, then an "account of profits" can be claimed. Such enforcement can potentially be quite lucrative and open up a new revenue stream for the content owner. Also, once a content owner gets a reputation in the market place for enforcing its rights vigorously, then businesses will think twice about not being properly licensed.


For businesses, becoming involved in legal action can be expensive in terms of legal fees, management time and compensation payments so action should be taken to minimize this risk. Potential risk areas include where images and other works protected by copyright such as software are provided by a third party agency or developer. In that situation, businesses need to ensure that there is a licence in place to use the image and software and that the licence reflects the actual use. In the event that someone challenges the right to use certain work, then you need to be able to point to the licence, or at least pass on the costs of any action to the third party at fault under the contract that you have with the third party. The other main risk area is employees who assume that just because content is on the web, anyone is free to use it how they wish. This is almost always not the case and businesses need to ensure that their employees understand this. Referencing a search engine, such as google images, as a source is a dead giveaway of a lack of knowledge about image licensing.
 

Posted by ebizlaw team on the 14-09-2009

Privacy v web: are our privacy laws fit for purpose?

With the news this week that the Canadian privacy commissioner has reported that Facebook is breaching Canadian law by holding on to users' personal information indefinitely, the issue of privacy versus the rise of social media sites is again brought to the fore.

Even with Facebook’s stated commitment to privacy and vast resources, it seems unable to operate within the boundaries of privacy rules. Whilst this could be by design to a certain extent, there does seem to be an inherent conflict between the privacy rules we have today and the way in which individuals wish to use the web.

Take for example the ability of users to upload information about their friends or contacts (who are not members of the social media platform), the platform is unlikely to be able to contact these friends or contacts so cannot comply with its obligations under privacy laws. Even if the platform could contact friends or contacts to invite them to join the platform and consent to the use of their data, to do so could be a breach of the ePrivacy Directive on sending unsolicited electronic messages for direct marketing purposes. A rock and a hard place springs to mind. This is just one example of the difficulties faced by businesses in complying with privacy laws.

This issue has been recognised by the rather strangely named “Article 29 Working Party” which is an influential group of the EU Data Protection Commissioners which publishes opinions on privacy issues to assist with compliance with EU law. In June, the Working Party offered some guidance to social media platforms. Key tips include:

* Default settings should be privacy friendly;

* Users should be given adequate warnings about the privacy risks;

* Users should be advised that pictures or information about other individuals should only be uploaded with the individual’s consent;

* The homepage should contain a link to a privacy complaints process;

* Abandoned accounts should be deleted after a defined period of time.

Whilst this is helpful, there are still major issues that need to addressed. The area of data retention was also highlighted as an issue with the Working Party recommending that social media platforms should not retain deleted data unless they have a specific reason to do this. This is the issue faced by Facebook in Canada. The problem is that it is difficult for platforms to delete all data about a user available on the site. Account information is fairly straightforward but there could be personal information on other users’ profile pages, for example, which could be problematic to delete.

So what is the solution? Well the interim solution seems to be that certain regulators (the UK Information Commissioner is included in this) take a pragmatic and more risk / harm based approach to interpreting data protection laws. Rather than focusing on technical breaches of data protection laws, the focus is on the harm to individuals. This is fine for the time being and allows organisations and their advisers to develop more risk based compliance strategies. However, this does create a degree of uncertainty and devalues privacy rules. Sooner rather than later we need to consider whether our privacy laws are indeed fit for purpose. They were of course developed in the early 1990s at a time when Mark Zuckerberg was colouring in picture books rather than creating Facebook so a review is almost certainly needed.

 

Posted by ebizlaw team on the 21-07-2009

Will ISPs be forced to police the Internet?

In the perennial debate between rights holders and ISPs and consumers, ISPs have rejected calls from nine bodies representing the creative industries who have asked the Government to force ISPs to disconnect users who repeatedly file share material unlawfully.

Followers of this debate, will remember that last year the UK's largest ISPs, BT, Virgin, Orange, Tiscali, BSkyB and Carphone Warehouse signed up to a government backed scheme to send letters to customers who were caught illegally sharing music. This initiative was designed to appease the BPI who were wanting a 'three-strikes and your out' rule whereby persistent file-sharers would have their internet connection cut off. At that time, ISPs were willing to implement the letter sending scheme but stopped short of disconnecting users.

Twelve months ago illegal file sharing was a bigger issue for ISPs in terms of the bandwidth costs and ISPs no doubt welcomed the opportunity to reduce these costs by targeting file sharers. There is now even less incentive for ISPs to tackle this issue from a costs perspective with the increasing popularity of “legal” on demand video services such as the BBC iPlayer which represents a huge increase in the cost of bandwidth. The bandwidth cost of file sharers does not look quite so problematic in comparison! But suggesting that this is the reason ISPs are not co-operating ignores a number of important issues.

It is fair to say that the Internet is considered an important (if not, vital) utility. No one would suggest cutting off your electricity supply if a consumer was using this for an illegal purpose. The penalty of disconnecting users is therefore wholly disproportionate to the crime. The content providers have rights and remedies to pursue individuals and businesses that engage in persistent file sharing. The recent imprisonment of The Pirate Bay operators and the large fine levied highlights that these remedies can be effective and make the most seasoned of file sharers think twice about engaging in illegal activity.

Content owners have adequate rights to protect their interests and should not be seeking to outsource their enforcement to ISPs. This will undoubtedly represent a cost burden for ISPs but also offends principles of natural justice. Suddenly, the ISP becomes the judge, jury and executioner in relation to any alleged wrong doing.

Under the Ecommerce Regulations, ISPs have legal immunity from unlawful activity that occurs on their network being seen as a “mere conduits” and would not want to engage in any activity that jeopardises the “mere conduit” role. ISPs are naturally keen to be preserve their status as a neutral provider of Internet connectivity. Monitoring and taking action against its users threatens this “neutrality” and ISPs will resist this aggressively.

As such, it is unlikely that rights holders despite their continued protestations will be able to persuade the Government to force ISPs to police file sharers and rights holders will have to continue the battle directly against the perpetrators.
 

Posted by ebizlaw team on the 14-05-2009

Facebook users vote on new terms

Web 2.0 firms often seek to engage with users by enabling them to upload personal information, data and photographs to a website. Because of the resulting uncertainties about enduring rights to these materials, appropriate terms and conditions of use are essential. But as a website operator, can you impose any terms you want? What if you want to change your terms for existing users?

Facebook sparked a debate this week regarding unilateral changes to website user policies.
Following Facebook’s publication of new user conditions in February, there was a major backlash by users amid accusations that Facebook was attempting to claim ownership of the intellectual property of the images and video posted by users. This could apply even after members de-activated their accounts with the site. Facebook backed down.  
Facebook then announced a consultation with users on new terms (which would allow users to retain ownership of their own information and to be able to remove it from the site once their accounts have been deleted). More significantly, it held a week-long vote on the new terms.
So what does this mean for other online businesses?
First, it was something of a PR coup for Facebook. The language of democracy was clearly effective in diffusing criticism, even though Facebook did not go very far to encourage widespread participation or debate surrounding the new terms. Although Facebook initially said it would only count the vote as valid if more than 30% of its 200 million users voted, only 600,000 members actually participated in the vote. A strong majority supported the new terms so Facebook got the answer it wanted.
One can’t help but wonder, though, what Facebook would have done if a small percentage of users (but majority of voters) had overwhelmingly rejected the new terms. Although there may be some other businesses that flirt with the idea of allowing users/customers a say on their terms, we think that most will be wary of the risk that this will backfire as a PR exercise. The problem with a popular vote is that you might not get the answer you want. And it is better to be criticised for robust business practices than for manipulation of people’s votes.

Second, fairness in standard terms is a developing area of law which is heavily dependent on the context and the circumstances of trading. Unfair terms – which create significant imbalance between the parties – can potentially be unenforceable by the seller or supplier. (Although this does not necessarily mean that the rest of the contract will not be binding.) A factor in whether term is unfair is whether the seller dealt fairly and equitably with consumers. A right to vary your terms unilaterally is not normally fair.

But, taking it a step further as Facebook has reportedly done and giving customers a right to vote on changes to terms and conditions, we wonder whether such instances might create scope for future legal arguments that fair and equitable dealing requires consultation, voting rights or both. This reasoning is attractive in certain contexts, where the "supplier" relies so heavily on the "consumer" to build the environment into which it is supplying services. However, we doubt that it is likely to be applicable in many other ebusiness contexts.

Posted by ebizlaw team on the 27-04-2009

Is this the beginning of the end for free web based sevices?

With the announcement that Last.fm is to start charging listeners outside the UK, US, and Germany, could this start a trend of more web providers charging for their services?

Quite possibly.  This is against a backdrop of YouTube threatening to remove UK music videos on the basis that the royalties being charged by the PRS make the YouTube service "uneconomic".  Also, factor into this dwindling advertising revenues and the difficulty in securing VC finance and you can see that web providers may be forced to charge some sort of fee for their service.

Many of the major social media sites are struggling to monetise their businesses sufficiently to cover their own huge operating costs let alone make a profit for their shareholders. The problems with the strategy of "build it and they will come and then work out the revenue model" are starting to surface. 

When the VC finance runs out and the realisation kicks in that there is not enough in advertising revenue pot to feed everyone, what next? A subscription or freemium model?  The problem with this is that the web community have been spoilt.  They are so used to using services (and high valuable services at that) for free that you risk mass user migration by introducing a fee paying model.  To see this, you only need to look at the reaction to Last.fm's announcment on the blog sites which have largely been negative, with users threatening to delete their accounts. 

Many users have signed up to a service on the basis it is free and to try to convince them that they should now pay without losing them will be difficult.  However, this may need to happen or else we could see some spectacular business failures and a relunctance on behalf of the VC community to fund new ventures if the business model does not stack up.  Perhaps it is time for the big social media players to re-educate the public that not everything in life (on the web) should be free.   
 

Posted by ebizlaw team on the 27-03-2009

Facebook deal outed

A few college kids have an idea for a business. They write up a business plan as part of their coursework. Then, later on, one of them actually goes and creates the business.   Nothing particularly unusual about that so far. But when that business turns out to be Facebook, the number 1 social network site, with more than 175 million active users worldwide, and a valuation of between $3.75 billion and $5 billion, now that starts to get unusual !

The problem is, those old college friendships then become a thorn in the side. Could the guys have any claim over the business? After all, they did help create the idea. Could they close us down? How much could they claim? We can only guess how many nights sleep Mark Zuckerberg, founder of Facebook, may h