The Digital Millennium Copyright Act (DMCA) provides a great deal of protection to Internet service providers that maintain an online presence (e.g. through the use of a website) through specially defined “safe harbors.” We recently wrote about how a service provider might lose its safe harbor protection, but today we remind service providers how to maintain their DMCA safe harbor protection. Specifically, service providers must re-register a “Designated Agent” with the U.S. Copyright Office by December 31st of this year in order to take advantage of the safe harbor protections provided for in Section 512 of the DMCA.
Under Section 512(c), a service provider may claim safe-harbor immunity if certain conditions are met. A “service provider” is broadly defined as a “provider of online services or network access, or the operator of facilities therefor,” which includes any “entity offering the transmission, routing, or providing of connections for digital online communications, between or among points specified by a user, of material of the user’s choosing, without modification to the content of the material as sent or received.” Under that definition, any host or operator of a website that allows the public to post content qualifies as a service provider. This includes most, if not all, businesses that have interactive websites.
Section 512 safe harbors come in handy when a user posts material on a website that infringes on the rights of a copyright holder; for example, when a user unlawfully posts a movie or television episode on a streaming video website. Any time a user has the ability to post to a website, even if only posting comments to an article, the potential for copyright infringement exists and safe harbors are meaningful.
To enjoy the benefits of the DMCA’s safe-harbor immunity a service provider must, in addition to complying with the DMCA’s technical requirements (e.g., having an appropriate notice and takedown policy), establish that (1) the infringing content is stored “at the direction of a user;” (2) the provider does not have actual or “red flag” knowledge of the infringing material; (3) upon obtaining knowledge of the infringing material, the provider “acts expeditiously to remove, or disable access to, the material;” and (4) the website must designate an agent to receive notifications of alleged infringement from copyright owners.
Until now, a service provider could simply make a paper filing of its designated agent’s contact information with the Copyright Office, which catalogued the name and contact information of each agent. However, this past December the Copyright Office amended its rules (which became effective on May 10, 2017) and launched “a new fully-electronic online system through which service providers…” must submit designated agent information. The new electronic system allows service providers to easily update their designated agent information, and the public can just as easily search for and find that information.
There are two very important aspects of the new rules promulgated by the Copyright Office. First, service providers who previously registered their designated agents to avail themselves of the Section 512(c) safe harbors must re-register through the new system by December 31, 2017, i.e., within the next six months. Any service provider who fails to re-register will lose safe harbor protection beginning January 1, 2018. Second, designated agent registrations will now expire after three years. Accordingly, service providers must renew their registrations at least once every three years to continue to avail themselves of the DMCA’s safe harbor protection.
We encourage all service providers (i.e., companies that operate interactive websites) to register their designated agent as soon as possible to avoid loss of safe harbor protection. The registration process is extremely simple, costs only $6.00, and can be accomplished here. Information about the new electronic filing process and additional details can be found on the Copyright Office website here.
As a general matter we encourage all service providers to review the status of their online presence. This would include reviewing compliance with Section 512 of the DMCA, as well as reviewing website privacy policies to ensure that the policy accurately describes each way the service provider utilizes user data. Finally, in view of the many recent sophisticated cyberattacks, we encourage all service providers to protect themselves by reviewing and updating their cybersecurity and data protection processes.