China Pushes Forward With New Cybersecurity Law

On November 7, 2016, China’s National People’s Congress passed the Cybersecurity Law. The law’s strict, but vague, provisions call for in-country data storage, law enforcement assistance, and various restrictions on individual internet users. The law will go into effect on June 1, 2017 and is part of a broader policy plan on internet regulation, spearheaded by the Cyberspace Administration of China. The law remains quite vague, and many of the key portions of the law refer obliquely to other laws or administrative regulations. In light of this, China may be planning to implement more stringent follow-on regulations at a later date. In any case, it seems apparent that, despite resistance and criticism from international groups, China remains determined in its efforts to implement even stricter internet controls.

Court Limits Availability Of CDA Immunity Against Breach-Of-Contract Claims

On November 2, the U.S. District Court for the Northern District of California found, in Darnaa, LLC v. Google, Inc., that Google (the owner of YouTube) could not be held liable for a claim that it intentionally interfered with a recording artist’s beneficial economic relationship with a radio marketing program. It found this claim barred by the immunity provision in Section 230 of the Communications Decency Act (CDA), which protects against claims that treat websites as publishers or speakers of content provided by third parties. However, the court found that a claim for breach of Google’s covenant of good faith and fair dealing, which was based on the same factual allegations, could continue because it stemmed from a legal obligation, not from Google’s role as a publisher.

DMCA Exemption For Security Research Takes Effect

Late last month, exemptions to the Digital Millennium Copyright Act (DMCA) took effect that will allow security researchers to circumvent digital access controls to engage in “good-faith security research” aimed at testing and correcting security vulnerabilities in computer programs on certain devices and machines. Ordinarily, the DMCA prohibits persons from circumventing technological measures that control access to a copyright protected work. However, under the DMCA, the Librarian of Congress has the authority to issue rules temporarily exempting certain persons from this prohibition if it determines that those persons’ ability to make non-infringing uses of certain protected works are likely to be adversely affected by the prohibition. The exemptions were contained in rules issued on October 28, 2015, by the Librarian of Congress and provided for a one-year delay in its implementation, except as applied to voting machines. That one-year delay ended on October 28, 2016, when the exemption officially took effect.