Digital content and IP issues
Are websites and any other digital content required to display certain legal notices or other information in your jurisdiction?
Yes, websites and other digital content are required to display certain legal or other information, including the following:
- Section 8 of the Electronic Commerce Act of 23 May 2003 requires businesses to display the following information on websites:
- the company's legal name;
- its organisation number;
- whether the company is value added tax registered;
- licences (if applicable for the business); and
- in cases where the company offers services which legally require diplomas or certifications, the website must also provide information regarding said certification (eg, work titles).
- The EU General Data Protection Regulation (GDPR) sets out information requirements (Article 13) which are fulfilled by displaying privacy policies on the company website.
- The Regulation for Universal Design of Information and Communication Technology Solutions of 21 June 2013 requires businesses to design websites in accordance with approved design standards (eg, the Web Content Accessibility Guidelines 2.0).
Liability for content
What rules govern liability for online or other digital content that is defamatory or infringes another party’s IP rights?
Norway decriminalised defamation with the introduction of the Penal Code of 2005, effective from 1 October 2015. Defamation can in certain cases be penalised as a violation of privacy under Section 267 of the Penal Code.
The Damage Compensation Act of 13 June 1969 (Sections 3 to 6) provide a legal basis for claiming compensation due to defamatory content. The liability under the act includes:
- compensation for damages;
- loss of future income; and
- reasonable damages for non-economic loss.
Liability for defamation requires negligence or intent.
The GDPR also provides grounds to hold content providers liable for defamation, in cases where the defamatory content also infringes on the GDPR. Under Articles 83 and 84 of the GDPR fines are limited to €20 million. The infringing party may also be liable for material and non-material damages for breaching the GDPR (Article 82).
The liability for online or other digital content that infringes another party’s IP rights is governed by the Copyright Act of 15 June 2018. Liability for such infringement includes:
- criminal penalties (Section 79 and 80); and
- remunerations and compensation (Section 81).
In cases of IP infringement, internet service providers (ISPs) may be ordered to:
- disclose personal data regarding the infringing party (Section 88); and
- obstruct or make access to webpages difficult (Section 88).
How can liability be excluded or limited?
The liability for damages requires negligence or intent, and the risk of liability will thus be limited (or excluded entirely) by ensuring due diligence when distributing digital content.
Which parties can be held liable for defamatory or infringing content? Can contingent liability be extended to internet service providers (ISPs)?
The defamatory or infringing party, in addition to parties who negligently or consciously contribute to the violation, can be held liable for defamatory or infringing content.
In principle, ISPs cannot be held liable for defamatory or infringing content. ISPs are generally indemnified for the content which is transferred through a communications network under Section 16 of the Electronic Commerce Act. The aforementioned indemnification applies to both criminal liability and civil liability for damages. The technical and neutral contribution ISPs make to the distribution of infringing content has been considered as too insignificant to be characterised as unlawful and punishable by Norwegian courts (see Borgarting Court of Appeal decision of 9 February 2010 (The Pirate Bay, LB-2010-6542).
What rules and procedures govern content takedowns? Can ISPs remove defamatory or infringing content without permission?
The procedure for removing infringing content without permission is regulated in Chapter 6, Part II of the Copyright Act. Norwegian courts can order ISPs to obstruct access to webpages or otherwise render access difficult, if the webpage in question distributes materials which evidently infringe IP rights under Section 88 of the Copyright Act. The take-down procedure involves the following:
- The claimant files a motion to Oslo District Court which specifies every ISP that the decision will be directed towards (Section 89).
- The proceedings are subject to simplified rules – the motion can be decided on the basis of written proceedings or by way of oral hearings at the court's discretion (Sections 90 to 91).
- If the motion is granted based on simplified procedures wherein the owner of the webpage has not been given the opportunity to give a statement, the owner should be given the opportunity to claim subsequent proceedings in order to review the take-down decision (Section 92).
- Take-down decisions can be legally enforced (Section 93).
- Take-down decisions can be subject to review if new evidence which invalidates the factual grounds for the decision can be produced (Section 93).
What rules, restrictions and procedures govern the licensing of domain names?
Norwegian domain names ‘.no’ are governed by the Domain Regulation of 1 August 2003 as well as the Domain Name Policy by Norid.
The applicant for a domain name must either be a private individual registered in the National Registry or an organisation registered in Norway’s Central Coordinating Register for Legal Entities. A list of approved organisation forms is available on the Norid website.
Domain names must be between two and 63 approved characters (ie, letters, numbers between 0 and 9 and certain national characters). Further, domain names must not be identical to a registered domain name, be reserved or prohibited. A list of reserved and prohibited domain names is available on the Norid website.
How are domain name disputes resolved in your jurisdiction?
Domain name disputes are settled by the Alternative Dispute Resolution Committee (ADRC) run by Norid.
The ADRC passes legally binding decisions in cases regarding ownership disputes and has the power to transfer and delete domain names.
A complaint to the ADRC must be raised within three years after the domain was registered or transferred.
Either party may dispute an ADRC decision and bring the case before a court of law (or arbitration if the parties have agreed to dispute resolution by arbitration). A decision handed down by the ADRC is not binding for the court going forward.
A detailed guide to domain name dispute resolution is available on the Norid website.
What special measures and safeguards should rights holders consider in protecting their online/digital content?
In order to protect their online and digital content, rights holders should consider:
- ensure that the domain name is properly registered by the correct legal entity;
- ensure that the digital content is stored in a secure manner – this should also include confirming that any cloud-based services or other hosting solutions are properly secured;
- implement adequate passwords and password protection measures;
- restrict access to online and digital content by implementing access control measures;
- include content ownership protection (eg, IP rights clauses in contracts with third-party service providers and employees);
- include proper and enforceable sanctions in contracts with third-party service providers; and
- include jurisdiction and legal venue clauses in contracts with third parties in order to reduce risks involved with the enforcement of content protection.
This list is not exhaustive.
Click here to view the full article.