1. Supreme Court opines that 'browsing' of copyrighted material should not constitute copyright infringement
The UK Supreme Court has provisionally concluded that temporary copies of copyrighted materials created through web-browsing do not infringe copyright. Due to the "important implications for many millions of people across the EU" and to ensure that a uniform approach is taken, the Supreme Court has made a reference on the issue to the Court of Justice of the European Union (CJEU).
This is the latest in the Meltwater case (Newspaper Licensing Agency (NLA) v Meltwater). Meltwater provides a 'media-monitoring' service for its customers, by automatically generating a report of newspaper articles containing key words of interest submitted by a customer and showing the use of these words in context, as well as providing the articles' headlines, their opening words and hyperlinks to the articles themselves. Incidentally, accessing articles through the hyperlinks would not prevent the customer from having to pay any necessary fee or subscription to view the article itself.
Meltwater makes these reports available to customers via email and on its website. It takes a licence from the NLA and it was accepted in the case that the submission of the report to customers by email, or the downloading of a report from the website by a customer, would require a licence as in both cases the report (and the copyrighted material contained within it) would remain on the customer's hard drive until actively deleted.
The question for the Supreme Court was whether a licence would still be required if the report was simply viewed by a customer on Meltwater's website, as this would create a copy of material containing the article information on the user's screen (until the browsing session was ended) and on the user's cache (until it was overlaid by new material).
The Supreme Court considered recent CJEU decisions (including Murphy (C-429/08) and Infopaq II (C-302/10)) in approaching this question and the exception to copyright infringement in the 'making of temporary copies', as set out under section 28A of the Copyright, Designs and Patents Act 1988 (giving effect to Article 5.1 of the "Infosoc Directive" (2001/29/EC)). This permits the making of a temporary copy that is "transient or incidental" and "an integral and essential part of a technological process" involved. Whilst the action of browsing involved the user's deliberate act, the Court thought that it would be too restrictive and undesirable if each temporary (and inadvertent) copy of material created by virtue of browsing could constitute copyright infringement, as well as being contrary to its view that "part of the purpose of Article 5.1 is to authorise the making of copies to enable the end-user to view copyright material on the internet".
The Court's view (subject to the CJEU reference) was that copies of such material appearing on screen or being stored on the computer's cache were simply basic features of modern computers, and browsing of the internet could not occur properly without these features. Hence, these functions could not be separated from the technological process of web-browsing. Furthermore, the Supreme Court's view was that the copies involved must be seen as "transient" and "temporary", as they arise automatically and are deleted automatically, as opposed to being dependent on deliberate human action or choice.
The decision represents a shift towards a practical consideration of what constitutes being "part of the technological process" under the 'temporary copies' exception. Although this approach avoids copyright infringement liability arising through everyday web-browsing, the Court acknowledges that this would not apply in the same way to the downloading, printing or storage by email of the copyrighted material. We await the outcome of the reference to the CJEU.
2. UK Government publishes guidance on cyber-security consultation call for evidence
The UK Government has recently published a guidance document and a response form to support the call for evidence in respect of its open consultation into organisational standards for cyber-security, (the "Consultation"). The documents are intended to help groups and organisations prepare their responses to the Consultation.
There are currently a number of relevant standards in relation to cyber-security available to the private sector; the differences between these has led to some confusion around which standard should be adopted by organisations as best practice. The Government intends, following the Consultation, to select and endorse an existing organisational standard that the Government feels best assures organisations that they are effectively managing cyber risk.
The guidance document is to provide further guidance to stakeholders intending to submit evidence in support of their preferred organisational standard. The guidance includes acceptance criteria that Consultation responses should try to meet when proposing cyber security standards for consideration. The Consultation will remain open until 14 October 2013.
As the Consultation is industry-led, it provides businesses with an opportunity to put forward their views on the best standards for cyber security going forward. Once the government has selected and endorsed a particular standard, businesses will be able to take comfort from the clear benchmark against which to assess their approaches to cyber-security.
A link to the Consultation can be found here.
3. 'Simple steps' in a complicated dance: UK Government publishes cyber-security guidance for small businesses
The UK government has published guidance for small businesses suggesting some simple ways that a small business can protect its computer-based information and equipment from security breaches.
In September 2012, the Government launched its Cyber Security Guidance for Business, which offered businesses clear guidance on how to best manage cyber risks. This has been followed in April 2013 by guidance tailored to small businesses. The Department for Business, Innovation and Skills (BIS) has divided cyber risk management into three key steps:
- Conducting a risk assessment of the types of threats a business is exposed to and their likely consequences.
- Reassessing their current approach to cyber-security – BIS highlights in particular password protection and staff training.
- Considering whether their approach is adequate from a commercial, legal and regulatory perspective, putting in place business continuity plans in case their security is breached.
- Practical security controls are highlighted such as malware protection, firewalls and encryption of data transmitted online.
- A number of simple user restrictions are suggested, such as minimising access to IT equipment to people who need it and restricting the use of removable media.
- An activity log is proposed, to monitor IT systems and equipment to help identify any malicious activity.
- Regular monitoring would ensure that risks are picked up as early as possible.
- Frequent checks and updates of software and access lists are suggested.
- In the event of an attack, BIS proposes undertaking a lessons learnt exercise to help address any gaps in security going forward.
In light of the increasingly costly consequences of cyber threats, the simple and practical guidance will serve as a useful reminder to small businesses of very simple and cost effective ways to protect themselves.
A complete copy of the government's guidance is available here.
4. European Commission publishes annual report on e-commerce action plan
The European Commission has published its first annual report on the e-commerce action plan, which shows good progress in the implementation of its stated objectives.
In January 2012, the Commission published a communication entitled "A coherent framework for building trust in the Digital Single Market for e-commerce and online services". The communication was aimed at identifying the main obstacles to the Digital Single Market and at doubling the share of e-commerce in retail sales (3.4% in 2010) and the size of the Internet sector in European GDP (less than 3% in 2010) before 2015.
The Communication and accompanying Staff Working Document set out 5 broad priorities to assist with tackling the obstacles to the Digital Single Market and the Commission listed 16 main action points that it would undertake.
The Communication required an annual report on the implementation of the e-commerce action plan and the first report, which has just been published, shows that many of the actions included in the plan have been completed already and the remaining ones are underway. For example, one of the five priorities was to develop legal rules to facilitate cross-border offers of online products and services and to this end the Commission has overseen the adoption of a regulation on the Internal Market Information (IMI) system, which paves the way for flexible expansion of the IMI system into further policy areas.
However, as the Commission acknowledges, the full success of the action plan will depend on appropriate follow up and concrete initiatives undertaken in the years ahead. Further monitoring of the action plan and market developments will be required in future annual reports and a stakeholder conference will also be organised for the end of 2013 to take stock of the progress made and assess future requirements.
Progress in developing the e-commerce sector is key to offering increased opportunities for a variety of businesses and as such it will be important to hold the Commission to account and to encourage further developments in this area.
To view a copy of the full annual report, please see here.
5. European Commission publishes proposed Google competition commitments
Google has proposed a set of commitments to the European Commission to try and address the Commission's concerns that Google may be abusing its dominant position.
As a result of the European Commission's on-going competition investigation into concerns that Google may be abusing its dominant position in the markets for web search, online search advertising and online search advertising intermediation in the EEA, Google has now proposed a set of commitments to the Commission to try and address the Commission's main concerns.
Included in the full set of proposals put forward by Google, it has offered for a period of five years to:
- label promoted links to its own specialised search services so that users can distinguish them from natural web search results;
- offer all websites the option to opt-out from the use of all their content in Google's specialised search services, while ensuring that any opt-out does not unduly affect the ranking of those web sites in Google's general web search results;
- no longer include in its agreements with publishers any written or unwritten obligations that would require them to source online search advertisements exclusively from Google; and
- no longer impose obligations that would prevent advertisers from managing search advertising campaigns across competing advertising platforms.
The European Commission is now inviting comments from interested parties on the proposed Google commitments.
The Google commitments can be accessed here.