We are pleased to provide you with our Group’s February newsletter, featuring leading cyber, privacy and copyright regulation, case-law and related developments in the United States, Europe and Israel.

This edition features the following items:

  • Fourth Circuit Clarifies Rules for Limiting Liability of ISPs Subscriber Piracy
  • Belgium: Facebook Must Stop Collecting Data on Users through Third-Party Websites
  • Second Circuit Finds Media Monitoring Platform Not Protected by Fair Use
  • SEC Published New Guidelines on Disclosure of Cyber-Risks to Investors
  • Israeli Bank Ordered to Provide Services to Account Involved in Bitcoin Trading

February 1, 2018

FOURTH CIRCUIT CLARIFIES RULES FOR LIMITING LIABILITY OF ISPs FOR SUBSCRIBER PIRACY

The U.S. Court of Appeals for the Fourth Circuit has set rules clarifying the eligibility of Internet access providers for limiting their liability for copyright infringements committed by their subscribers.

In 2014, BMG Rights Management, a music publisher, sued Cox Communications, an Internet access provider, on the theory that Cox had knowingly ignored requests to terminate the accounts of repeat infringers who unlawfully shared and downloaded BMG's songs. In 2015, a jury found Cox liable for willful contributory copyright infringement and awarded BMG $25 million in damages. Cox appealed to the Forth Circuit, which held in February that Cox is not entitled to the safe harbor protection under the U.S. Digital Millennium Copyright Act (DMCA), for the following reasons:

  1. Cox did not adopt and reasonably implement a policy that provides for the termination of subscribers who are repeat infringers. It also did not reasonably enforce the policy and terminate repeat infringers in appropriate circumstances.
  2. Cox illegitimately refrained from terminating repeat infringers on the grounds of loss of income from the terminated subscribers.
  3. Contrary to Cox’s assertions, subscribers can be considered 'repeat infringers' under the DMCA, even if they were not found liable by court.
  4. Cox did not implement an adequate procedure for handling and addressing copyright infringement complaints.

Importantly, the Court also held that an Internet access provider is liable for contributory infringement due to the conduct of its subscribers only if the Internet access provider had actual knowledge of infringing activity or was willfully blind to such activity. Mere negligence by the Internet access provider for failing to address subscriber misconduct – that is, if the Internet access provider had no actual knowledge of subscriber misconduct but should have known better – is insufficient for contributory infringement claims.

CLICK HERE to read the court decision.

February 16, 2018

BELGIUM: FACEBOOK MUST STOP COLLECTING DATA ON USERS THROUGH THIRD-PARTY WEBSITES

A Belgian court ordered Facebook to stop tracking Belgian citizens surfing the Internet, and to delete all data it unlawfully obtained on Belgian citizens who are not Facebook users. The court also ordered that if Facebook does not comply with the ruling it will face compounding fines of € 250,000 per day. The court also held that Facebook failed to inform its users of its data collection practices outside the confines of the social network, and that it did not provide sufficient information about how it uses the collected data and for how long it retains the data.

The legal battle between the Belgian regulators and Facebook ensued in 2015, when a Belgium court ordered Facebook to stop monitoring citizens who are not Facebook users, or it will be fined € 250,000 per day. Both the present lawsuit and the one from 2015 were brought by the Belgium data-protection regulators. In 2015, Facebook successfully overturned the ruling on appeal, on the grounds that Belgium courts have no jurisdiction over the social network, given that its headquarters are in Ireland. Now, the court has rejected Facebook's arguments that it lacks jurisdiction, given that Facebook violates Belgium privacy laws by tracking Belgian users.

February 27, 2018

SECOND CIRCUIT FINDS MEDIA MONITORING PLATFORM NOT PROTECTED BY FAIR USE

The U.S. Court of Appeals for the Second Circuit held that TVEyes, Inc., a media company that continuously monitors the content of more than 1,400 television and radio channels, is not protected by the fair use doctrine, reversing the lower court’s finding of fair use and concluding that TVEyes infringes the copyrighted broadcast of Fox News Network (the plaintiff).

The TVEyes platform records the audiovisual content, imports that content into a database, and enables its clients, for $500 per month, to view, archive, download, and email to others ten‐minute clips. TVEyes also copies the closed‐captioned text of the content it imports, allowing its clients to search for the clips that they want by keyword, as well as by date and time.

The court indicated that TVEyes’s re‐distribution of Fox’s content serves a transformative purpose where it enables TVEyes’s clients to isolate from the vast corpus of Fox’s content the material that is responsive to their interests, and to access that material in a convenient manner. But because that re‐distribution makes available to TVEyes’s clients virtually all of Fox’s copyrighted content that the clients wish to see and hear, and because it deprives Fox of revenue that properly belongs to the copyright holder, the platform’s copyright infringement was found indefensible under the fair use doctrine.

CLICK HERE to read the decision.

February 26, 2018

U.S. S.E.C. PUBLISHED NEW GUIDELINES ON DISCLOSURE OF CYBER-RISKS TO INVESTORS

the U.S. Securities and Exchange Commission (SEC) released guidance on Public Company Cybersecurity Disclosures. The guidance provides the Commission’s views about public companies’ disclosure obligations under existing law with respect to matters involving cybersecurity risk and incidents. It also addresses the importance of cybersecurity policies and procedures and the application of disclosure controls and procedures, insider trading prohibitions, and selective disclosure prohibitions in the cybersecurity context.

Among the cybersecurity risks that public companies will be expected to address –

  1. Remediation costs, such as liability for stolen assets or information, repairs of system damage, and incentives to customers or business partners in an effort to maintain relationships after an attack.
  2. Increased cybersecurity protection costs, which may include the costs of making organizational changes, deploying additional personnel and protection technologies, training employees, and engaging third party experts and consultants.
  3. Lost revenues resulting from the unauthorized use of proprietary information or the failure to retain or attract customers following an attack.
  4. Litigation and legal risks, including regulatory actions by state and federal governmental authorities and non-U.S. authorities.
  5. Increased insurance premiums.
  6. Reputational damage that adversely affects customer or investor confidence, damage to the company’s competitiveness, stock price and long-term shareholder value.

CLICK HERE to read the SEC's guidance.

February 25, 2018

ISRAELI BANK ORDERED TO PROVIDE SERVICES TO ACCOUNT INVOLVED IN BITCOIN TRADING

The Israeli Supreme Court has granted a motion for interim injunction by Bits of Gold Ltd., enjoining Bank Le’umi Le’Israel, one of Israel’s largest and leading commercial banks, from ceasing to provide banking services to the company's bank account (which is related to Bitcoin commerce). The injunctive relief was granted for the duration of the appeal proceedings between the bank and the company.

Bits of Gold is an Israeli company providing Bitcoin and other cryptocurrency related services. The company was formed in 2013 and opened its bank account with the bank the same year. In 2015 the bank notified the company of its decision not to allow any activity in its account related to commerce in cryptocurrencies.

In June 2017, the Tel-Aviv District Court dismissed the company's lawsuit against the bank and determined that the bank may refuse to allow companies engaging in Bitcoin trading to use their bank accounts for transactions related to Bitcoin trading. The Court held that any decision the bank makes with respect to the company’s Bitcoin-related activities would be within the permissible zone of reasonableness.

The company appealed to the Israeli Supreme Court. On the motion for interim injunction, the Supreme Court decided that the balance of hardships tips in favor of Bits of Gold, because the potential damage to the bank is presently only speculative, whereas the potential damage to the company may lead to it ceasing its operation.

According to the Supreme Court's decision, the bank may still inspect each and every transaction and take necessary steps to minimize the potential risks emanating from the company's activity.

CLICK HERE to the read the Supreme Court's decision (in Hebrew).