The Digital Economy Act 2010 (the Act) was designed to bring the enforcement of copyright law into the 21st century and, despite the criticism it has received, is now here to stay. This article by Ingrid Silver and Shona Harper of SNR Denton goes into the obligations on Internet Service Providers (ISPs) flowing from the Act; considers how effective those obligations might be; and looks at the potential impact on businesses.
The Act
The Act imposes three main obligations upon ISPs:
1) to notify subscribers when they are alleged by copyright owners to have committed copyright infringement;
2) to maintain a copyright infringement list recording all such notifications to subscribers, and to make that list available to copyright owners upon request; and
3) to impose “technical measures” upon subscribers who are identified as repeat offenders, for example to slow down or even suspend their internet connection.
A subscriber who receives a notice will have 20 working days to appeal to an independent appeals body, but only on very limited grounds. Where an infringement is alleged to have been carried out by an employee, a business will have to be able to show that either there was no infringement, or the infringement was carried out from a different IP address, or a third party was responsible for it despite the business’s reasonable steps to prevent such illegitimate use of its systems.
Does this enforcement work?
The first obligation on ISPs is notification of alleged copyright infringement. While the UK ISPs objected to these obligations , there are overseas precedents to suggest that notification generally works. For example, New Zealand has introduced a controversial “three strikes” rule, whereby illegal downloaders are warned twice in writing from their ISP, and then fined when they receive a third warning. The Recording Industry Association of New Zealand (Rianz) claims very few users have reached “strike three” and there has been a significant fall in piracy levels. It estimated that illegal viewing of top-200 movies dropped from about 110,000 instances in August 2011 to 50,000 in September 2011, when the rule came into force.
There is a similar graduated response system in France, and it also seems to have reduced piracy. A report released earlier this year by HADOPI, the French copyright enforcement body, stated that illegal data sharing in France fell by 43 per cent in 2011. The report also showed that 95 per cent of those receiving a first notification did not go on to receive a second.
How the Act may affect businesses
Businesses usually have to provide staff with internet access. However, it is unrealistic to expect businesses to be in complete control of all online activity carried out by their employees, despite their ability to monitor and block that access. Businesses have always been at risk of being accused of copyright infringement should their employees use copyright-protected works in the course of their work, through vicarious liability. However, the Act raises the possibility of more immediate sanctions for those businesses for alleged infringement than in the past. There could also be practical problems identifying the relevant employee, particularly if a business does not identify its computers by individual IP addresses, which is in any event a crude tool.
Businesses should therefore ensure they have carried out straightforward measures against copyright infringement, and it is likely that most will already have them in place. These include securing access to Wi-Fi networks to protect against third party access; tightening company policy on internet usage; and educating staff as to what constitutes, and the risks of, copyright infringement. Businesses should regularly remind staff of these risks and consequences, as well as checking the security of their IT systems.
The picture is slightly more complex for employees working from home. The employer would still be vicariously liable for any infringement that is the result of the employee’s work, even though the employee was not using the employer’s computers directly (he or she may be using its servers). Thus, the infringing IP address will be registered to the employee, which means that the employee would receive the notification from the ISP supplying his or her residential internet services, and would probably immediately bring it to their employer’s attention. Further, the employee may expect support in clearing his or her personal name of the notification associated with his or her work. However, this detail associated with whether the employee was at home or in the office when the alleged infringement happened is not going to be of concern to any copyright holder looking to enforce its rights.
Any business that receives a notification under the Act should investigate immediately; otherwise it could ultimately find itself subject to sanctions under the Act and the relevant legislation on copyright infringement. The extreme possibility of suspending internet access altogether could be catastrophic for any organisation.
Conclusion
The creative industries are pleased the Act introduces a more robust method of enforcing copyright protection, but businesses generally will be less enthusiastic given the possible extreme sanctions. While businesses may already take steps to minimise risks, the practical implications of the Act suggest that guarding against copyright infringement in the digital age is more important than ever. All businesses should ensure this issue is on their management agenda.
