Sie sind auf Seite 1von 24

VOLUME 13 ISSUE 03 [2013] ECLR 1-24

THE PRACTITIONERS’ GUIDE TO E-COMMERCE CASES VOLUME 13 ISSUE 03 WWW.E-COMLAW.COM [ 2013] ECLR 1- 24

03 TRADE MARKS

In Interflora, Inc. & Interflora British Unit v. Marks and Spencer plc & Flowers Direct Online Limited, Interflora’s network of sellers was deemed the crucial link in its battle with Marks and Spencer over trade mark infringement generated by Google’s Adword service.

05 MONEY LAUNDERING

The US Department of Justice announced charges against several individuals connected with Liberty Reserve for involvement in money laundering.

06 PRIVATE COPYING

The Court of First Instance of Paris ordered Apple to pay €5 million corresponding to the private copying levy for iPads sold in 2011.

08 DEFAMATION

The trial of a preliminary issue in a libel action between Lord McAlpine and Sally Bercow, involved the determination of the meaning of words complained of in a tweet.

10 MOBILE ADVERTISING

Papa John’s subject to substantial litigation under the federal Telephone Consumer Protection Act for allegedly sending unsolicited text messages.

12 COPYRIGHT

In the ‘Meltwater’ dispute: Public Relations Consultants Association Ltd v. The Newspaper

Licensing Agency Ltd & Ors, the UK Supreme Court ruled that temporary copies created in the course of viewing a web page are exempted from copyright infringement.

15 SEARCH WARRANT

The United States District Court for the Southern District of Texas denied a request from the FBI to obtain a search warrant to hack an unknown computer in an unknown location.

17 SIMULCASTING

In Phonographic Performance Company of Australia Ltd v. Commercial Radio Australia Ltd,

the Full Court of the Federal Court of Australia considered whether the internet simulcast of

a radio broadcast was a ‘broadcasting service.’

19 MOBILE APPS

The US Food and Drug Administration (FDA) has taken its first direct action against a mobile medical app developer, Biosense Technology Private Ltd, for failure to secure FDA clearance for an urinalysis app.

21 DATA PROCESSING

The lower court of Den Bosch (Netherlands) ruled that using Twitter or email to broadcast a link to a webpage containing personal data constitutes a processing of personal data.

23 PRIVACY

Ajemian v. Yahoo! involved a request by a deceased man’s relatives to access his Yahoo! email account, which was denied by Yahoo!, highlighting the difficulty of balancing electronic privacy with the rights of those claiming a legitimate reason to access online content.

EDITORIAL

THE PRACTITIONERS’ GUIDE TO E-COMMERCE CASES [2013] ECLR 1-24 VOLUME 13 ISSUE 03 WWW.E-COMLAW.COM

Framing and the law

The German Federal Court of Justice (BGH) referred a question to the Court of Justice of the European Union (CJEU) in May regarding the potential for copyright infringement caused by framing video content online. The case before the BGH involved a manufacturer of water filtration systems, who created a two-minute video about water pollution, which was uploaded to YouTube without the plaintiff’s consent by two sales representatives. Both defendants enabled users of their websites access to the film using framing technology, which loads content from other platforms, in this instance YouTube, and plays the content on the relevant website inside a frame.

In 2011 the Regional Court in Munich ruled that the sales representatives had infringed the plaintiff’s copyright based on an infringement of Section 19a of the German Copyrights Act, a provision which grants the rights holder the exclusive right to make copyright protected material available to the public. However, the defendant successfully challenged this decision, the Higher Regional Court of Munich overturned the ruling, and the BGH provisionally agreed with the decision that embedded videos do not infringe German copyright law. The BGH’s rationale is that the mere linkage, through framing, from a person’s website to copyright protected content provided on another party’s website does not constitute an act of making publicly

available in accordance with Section 19a of the German Copyrights Act. It is the website operator that initially uploaded the content that is in the position to decide whether or not it makes the content publicly available. However the BGH recognised that this may not be the case under European law, so referred questions to the CJEU for clarification. Ultimately the CJEU must decide whether framing may be considered ‘making available to the public’ in the meaning of Article 3(1) of the Copyright Directive and whether operators of websites infringe the rights of a copyright holder if they embed copyright protected material, that has been made public on other websites, on their own website by means of framing.

JOHN ENSER Olswang Taylor Wessing. He is a leading IP and information law litigator and
JOHN ENSER
Olswang
Taylor Wessing. He is a leading IP and
information law litigator and transactional
lawyer with over 25 years experience.
Mark advises clients in trade mark, copy-
right, database rights, information law,
data privacy, design and image rights
matter as well as advising on a range of
digital media and commerce issues and
content regulatory matters.
m.owen@taylorwessing.com
STEWART ROOM
Field Fisher Waterhouse
John is a partner at Olswang and
provides advice to clients active in all
aspects of the media and
communications business. His clients
include record companies, broadcasters,
surviving dotcoms, and household name
retailers, as well as ISPs, portals,
software developers and suppliers of
interactive TV technology. John writes
and speaks regularly on a range of
topics relating to interactive media. All
three of the independent legal directories
rank him as one of the UK’s leading
practitioners in e-commerce and digital
media. John is a member of the DTI
Foresight Programme’s working party on
the Future of Information Relationships
and author of the “Distribution of
Audiovisual Content” chapter of Global
Telecommunications Law and Practice
(Sweet & Maxwell).
john.enser@olswang.com
TIM PENNY
11 Stone Buildings
Tim is a barrister at 11 Stone Buildings,
Lincoln’s Inn. His practice involves
chancery/commercial, intellectual proper-
ty and IT related issues. Recent litigation
has involved the Metalrax case and
numerous internet-related disputes
involving database rights, copyright and
data protection. Advisory work includes
advising a major telecoms provider on
European data protection issues.
Recommended as junior Counsel in The
Legal 500 in connection with Sports
Law.
DAWN OSBORNE
Palmer Biggs Legal
penny@11sb.com
Dawn has been a Partner at Palmer
Biggs Legal since June 2009, having
previously worked at Rouse & Co. Dawn
specialises in IP litigation, including
copyright and trade marks on the
internet and was involved in the reported
Pitman and Prince domain name
litigation. Her expertise in online
alternative dispute resolution
mechanisms has led her to be a panellist
for the WIPO and NAF deciding domain
name disputes under the ICANN
procedure and for Nominet and .eu for
their procedures. She is a Board
Member of the Federation Against
Software Theft and Chairman of their
Legal Action Group FLAG. Dawn is a
graduate of Magdalen College, Oxford.
dawn.osborne@pblegal.co.uk
STEVEN PHILIPPSOHN
PCB Litigation LLP
Stewart is a partner in Field Fisher
Waterhouse's Technology and
Outsourcing Group, specialising in data
protection, privacy and data security law.
Stewart is a dual qualified barrister and a
solicitor holding full Higher Court Rights of
Audience, with 20 years’ experience as a
litigator and advocate. Stewart is rated as
one of the UK’s leading data protection
lawyers, with expertise in data protection
and data security matters. Stewart has
written three text books on information
law, including the UK's seminal work "Data
Security Law and Practice", published by
Butterworths LexisNexis. Stewart's areas
of specialisation include representing data
controllers in regulatory enforcement action
and defending them in litigation, handling
data security breaches, the technological
aspects of data processing and managing
international projects. Stewart is a Director
of Cyber Security Challenge UK, the
President of the National Association of
Data Protection Officers, a member of the
InfoSec Europe Advisory Board and a
member of the RSA Conference Europe
selection panel.
stewart.room@ffw.com
Steven is a leading authority on fraud. He
has recently given papers at the
International Bar Association, the
International Chamber of Commerce and
to a UK Government Department. He
frequently writes for newspapers and
specialist law publications. He is co-
editor of the UK Manual of the
Association of Certified Fraud Examiners
and is a member of the IAAC and the E-
Fraud working party of the Fraud
Advisory Panel. Steven qualified in 1972
and became the litigation partner of a
substantial Central London practice prior
to starting his own firm in 1979. His firm
was identified in the 2000 edition of The
Legal 500 as a leading fraud litigation
practice in the UK.
snp@pcblitigation.com
STEPHEN SIDKIN
Fox Williams
MARK OWEN
Taylor Wessing
Mark Owen is a partner in the Trade
Mark, Copyright and Media Group at
Stephen is a founding partner of Fox
Williams. He specialises in advising on
agency and distributorship agreements
and competition law. He frequently writes
on disintermediation, the effect of e-
commerce on agency and distributorship
agreements and the competition law
aspects of B2B exchanges. Stephen is
featured in Mondaq’s Survey of Leading
Internet & E-Commerce Lawyers. He is a
member of the Society for Computers &
Law and a member and past chairman
of the Commercial Law Sub-Committee
of the City of London Law Society, the
sub-committee which has taken the lead
in considering issues of e-commerce law
on behalf of the Society.
slsidkin@foxwilliams.com
EDITORIAL BOARD

CECILE PARK PUBLISHING

Managing Editor Lindsey Greig lindsey.greig@e-comlaw.com Associate Editor Sophie Cameron sophie.cameron@e-comlaw.com Editorial Assistant Simon Fuller simon.fuller@e-comlaw.com Subscriptions David Guati david.guati@e-comlaw.com telephone +44 (0)20 7012 1387 Design MadeInEarnest www.madeinearnest.com

E-Commerce Law Reports is published by Cecile Park Publishing Limited 17 The Timber Yard, Drysdale Street, London N1 6ND telephone +44 (0)20 7012 1380 facsimile +44 (0)20 7729 6093 www.e-comlaw.com

© Cecile Park Publishing Limited. All rights reserved. Publication in whole or in part in any medium, electronic or otherwise, without written permission is strictly prohibited. ISSN 1474-5771

CECILE PARK PUBLICATIONS

E-Commerce Law & Policy Monthly: launched February 1999 E-Commerce Law & Policy is a unique source of analysis and commentary on global developments in e-business legislation. The journal was nominated for the prestigious British & Irish Association of Law Librarians (BIALL) Serial Publication of the Year Award in 2001, 2004 and 2006. PRICE: £480 (£500 overseas).

E-Commerce Law Reports Six issues a year: launched May 2001 The reports are authoritative, topical and relevant, the definitive practitioners’ guide to e- commerce cases. Each case is summarised, with commentary by practising lawyers from leading firms specialising in e-commerce. PRICE: £480 (£500 overseas).

E-Finance & Payments Law & Policy Monthly: launched October 2006 E-Finance & Payments Law & Policy provides all those involved in this fast evolving sector with practical information on legal, regulatory and policy developments. PRICE £600 (£620 overseas).

Data Protection Law & Policy Monthly: launched February 2004 Data Protection Law & Policy is dedicated to making sure that businesses and public services alike can find their way through the regulatory maze to win the rewards of effective, well-regulated use of data. PRICE £450 (£470 overseas / £345 Govt).

World Online Gambling Law Report Monthly: launched April 2002 World Online Gambling Law Report provides up-to-date information and opinion on the key issues confronting the industry. PRICE £600 (£620 overseas).

World Sports Law Report Monthly: launched September 2003 World Sports Law Report is designed to address the key legal and business issues that face those involved in the sports industry. PRICE £600 (£620 overseas).

DataGuidance Launched December 2007 The global platform for data protection and privacy compliance. www.dataguidance.com

TRADE MARKS

Interflora, Inc. & Interflora British Unit v. Marks and Spencer plc & Flowers Direct Online Limited High Court of Justice, 21 May 2013 (EWHC 1291 (Ch)) Interflora’s network of sellers shown to be the crucial link in its battle with Marks and Spencer over trade mark infringement through Google’s AdWord service.

In a decision 1 which brought an end (subject to a possible appeal) to five years of litigation, including a reference to the Court of Justice of the European Union ('CJEU'), and two Court of Appeal decisions regarding witness evidence from surveys, Mr Justice Arnold held that Marks & Spencer ('M&S') infringed Interflora's UK and Community trade marks for INTERFLORA under Article 5(1)(a) of the Trade Marks Directive (89/104/EC) and Article 9(1)(a) of the Community Trade Marks Regulation (207/2099/EC) for using an identical sign in relation to identical goods/services for which the marks are registered. The Court held that M&S had infringed Interflora's trade marks because M&S' sponsored advertisements, generated in response to M&S' brand bidding on 'interflora' and other variants, mis-spells and combinations of 'interflora' on Google's AdWord service, had adversely affected the 'origin' function of Interflora's trade marks, which guarantees Interflora as the source of the advertised goods/services. The 'origin' function had been impaired because, following the CJEU's earlier guidance, M&S' advertisements did not enable reasonably well-informed and reasonably observant internet users, or enabled them only with difficulty, to ascertain whether M&S' flower delivery service originates from Interflora, or an undertaking economically linked to Interflora, or from a third party. Arnold J affirmed his analysis in Datacard Corporation v. Eagle Technologies Ltd [2011] EWHC 244 (Pat) that the burden of the proof under an Article 5(1)(a) case lies on the advertiser/defendant (rather than the claimant), reversing the burden of proof for an Article 5(1)(b) 'confusion' case. Arnold J followed the CJEU's

guidance that it was not enough that just some internet users might

have difficulty in grasping that the advertised goods/services did not originate from the trade mark owner - and it was important to discount ill-informed or unobservant internet users. Arnold

J dismissed M&S' claim that the

effect of the CJEU's case law is to create a single meaning rule in European trade mark law - that the use of a sign in context was deemed to create a single meaning even if it was understood by different people in different ways. Arnold J instead held that it was sufficient to show that a significant proportion of the relevant class of persons (an existing test used to enable a mark to establish distinctive character and thus be registrable) wrongly believed that the advertised goods or services are connected to the trade mark proprietor, which then establishes an adverse effect - which puts a different spin on the more familiar 'average consumer' trade mark test, the artificial construct through

whose eyes trade mark infringement is tested. According to Arnold J, a significant proportion of internet users who searched for 'interflora' and the other signs, and then clicked on M&S' advertisements, were led to believe, erroneously, that M&S' flower delivery service was part of Interflora's network because, based on the evidence:

(a) it was not known to a significant proportion of internet users both at the time M&S started using the Interflora trade marks on Google's AdWords service (May 2008), and now, that sponsored

links that appear alongside natural search results could be paid for by the trade mark owner's competitors, and nor was it generally known that M&S was not

a part of the Interflora network, but in competition with it;

(b) it was not obvious that M&S'

advertisements were obviously those of a competitor and that

therefore M&S is not part of the Interflora network;

(c) the nature of Interflora's

network (which is made up of 1,600 independent sellers, many of

whom have an online presence) made it difficult, in the absence of any contrary indication in M&S' advertisements, to determine that M&S was not part of the Interflora network. Key to this is that Interflora has tie-ups with several large retailers, including Sainsbury's, the Co-Op and Tesco, which made it all the more plausible that there could be a connection between a large retailer like M&S and Interflora's flower delivery services. Indeed, M&S had much more click-through success with Interflora-related keywords than those of M&S' other competitors it had paid for. Evidence relied on by Interflora showed that consumers who searched for 'Interflora,' clicked on the M&S advertisement, and then visited the M&S website, were much more likely to visit Interflora's website after visiting the M&S website than those who visited the flowers section of the M&S website without using 'Interflora' as a keyword - which, Interflora argued, indicated (and Arnold J accepted) that consumers who had used the 'Interflora' keyword had realised that they were not on an Interflora- affiliate/member site and then went to Interflora's website instead. Even if there were some users who were initially confused into thinking that M&S is part of the Interflora network but were no longer confused upon the point of sale, this could, Arnold J held, still be actionable as "initial interest confusion" following Och-Ziff

Management Europe Ltd v. OCH Capital LLP [2010] EWHC 2599

TRADE MARKS

(Ch). The CJEU's earlier guidance ruled out the possibility that keyword advertising could affect the advertising function of a trade mark, while Arnold J determined that the 'investment function' of the trade mark (a trade mark's ability to acquire/preserve a reputation capable of attracting customers and retaining their loyalty) was not impaired because there was no evidence that M&S' keyword advertising had any adverse effect on the reputation of Interflora's trade marks, such as damage to Interflora's image. Interflora argued that M&S' advertising took unfair advantage of its marks and was 'without due cause' under Article 5(2) of the Directive /Article 9(1)(c) of the Regulation because M&S had deliberately targeted Interflora and Interflora could not fight back - it was costly to bid on M&S' marks and there was not a level playing field as there were far fewer searches for 'marks and spencer flowers' than 'interflora flowers.' The Court disagreed, holding that M&S did have 'due cause' for its advertising - all Interflora's arguments illustrated is that the two have different market positions, with M&S being a general retailer selling many different products, whilst Interflora was a flower delivery specialist. Arnold J re-emphasised the CJEU's scepticism over claims that the use of 'Interflora' as a keyword could dilute the Inteflora marks under Article 5(2), so that 'Interflora' would cease to denote a source of goods/services, but instead become a generic term for 'flower delivery service.' The CJEU previously held that such use could merely serve to draw the internet user's attention to the existence of a competing product/service to that of the trade mark owner. Interestingly, Arnold J raised the

possibility that a defence of lawful comparative advertising, which was not raised by M&S, could apply to M&S' advertising given the breadth of the definition of comparative advertising under Article 4 Directive 2006/114/EC on Comparative Advertising in various CJEU cases. Although Arnold J did not comment on the merits of such a case, this defence could well be tested by the courts in the future. The case essentially turned on its facts, so does not spell the end of keyword advertising on third party trade marks. Indeed, the Court affirmed the significant hurdles that must be overcome to prove impairment of the 'investment function,' or a case under Article 5(2), given the CJEU's leaning towards fair competition. The idiosyncratic nature of the Interflora network (as the judge said, Interflora is not just like any other brand) with its 1,600 independent florists and commercial tie-ups with major retailers, ultimately proved decisive, along with Arnold J's observation that a significant proportion of internet users do not entirely understand the way keyword advertising operates, even now. Despite Arnold J's observations, with seemingly greater awareness now of how keyword searches and AdWords operate (partly because of this case!), if the claim were re-brought today (even on the same facts), the evidence of consumer perceptions might well be different. Following the decision, Interflora was granted an injunction covering the whole of the EU in respect of its Community Trade Marks 2 . For those considering bidding on third party marks, the judgment underlines the importance of first assessing the business model of the trade mark holder (e.g. do they have a network or franchise model,

which would make infringement much more likely?) and, if you offer the same goods/services, making your advertising clear so that there is no economic connection between you and the trade mark holder before you start bidding.

Steven James Associate Latham & Watkins steven.james@lw.com

Note: Steven James previously acted for Interflora during an earlier part of this case.

1. Interflora, Inc & Interflora British Unit v.

Marks and Spencer Plc & Flowers Direct Online Limited: [2013] EWHC 1291 (Ch).

2. Interflora Inc and another v. Marks and

Spencer Plc and another [2013] EWHC 1484 (Ch), 12 June 2013.

MONEY LAUNDERING

Liberty Reserve: individuals charged with money laundering Last month the US Department of Justice announced charges against several individuals connected with Liberty Reserve for their involvement in money laundering. It is alleged that Liberty Reserve conducted almost 55 million transactions and laundered more than $6 billion in suspected proceeds of crime.

Prosecutors claim that Liberty

Reserve was incorporated in 2006.

It operated a digital currency

referred to as LR. The company is said to have deemed itself the internet's 'largest payment processor and money transfer system.' However, the company failed to register with the US Department of Treasury as a money transmitting business, which is required by US law. According to the documents filed at court, the defendants operated Liberty Reserve as a 'criminal bank-payment processor designed to help users conduct illegal transactions anonymously and launder the proceeds of their crimes.' The DoJ identified Liberty Reserve as the 'principal money transfer agents used by cyber criminals around the world to distribute, store and launder the proceeds of their illegal activity.' The prosecutors claim that the company assisted a broad range of online criminal activity, including credit card fraud, identity theft and investment fraud.

Operation of the system The system operated on an anonymous basis. Users were required to open accounts through the website with basic information that was never verified by Liberty Reserve. Once the account was created the user was then able to carry out transactions with other users. If users wanted the transfer to be completely untraceable they could hide their Liberty Reserve account number for an extra fee. Users were required to make deposits or withdrawals through third party exchangers to ensure that information which could leave

a centralised financial paper trail

was not collected. The prosecutors claim that the pre-approved exchangers recommended by the Liberty Reserve website were generally unlicensed money

transmitting businesses operating in countries without significant money laundering regulation.

The charges The charges included: conspiracy to commit money laundering; conspiracy to operate an unlicensed money transmitting business; and operation of an unlicensed money transmitting business. The DoJ claims that the defendants were aware that Liberty Reserve functioned as an unlawful money laundering enterprise. Following the charges, more information about the system began to emerge with regulators beginning to unravel the extent of Liberty Reserve’s operations. It has been reported that a UK Bank in Spain had held one of the accounts belonging to Liberty Reserve. Reports indicate that whilst the UK Bank was not accused of any wrongdoing, the bank confirmed that it was co-operating with the regulators having received a notification. The account held is believed to be in the name of the founder of Liberty Reserve. The US regulatory authorities have not only brought criminal charges against the individuals, but five domain names have also been seized, 45 bank accounts have been restrained or seized and a civil action has been filed against 35 exchanger websites for the forfeiture of the exchangers' domain names.

Order against online retailer The Southern District of New York Court also issued an order against an online retailer used by Liberty Reserve for services related to the operation of its website. The order stated that the IP address was owned and controlled by the online retailer and that it routed traffic to the server(s) that host the Liberty Reserve website. The online retailer was ordered to cease

providing services to Liberty Reserve 'that support the operation of the Forfeitable Property, including but not limited to ceasing to direct web traffic to the Forfeitable Property.'

The crackdown The prosecution of Liberty Reserve has sent shockwaves through the cyber community. Regulators are keen to ensure that virtual currencies adhere to AML rules. Following the Liberty saga it is reported that Mt Gox users will now be required to provide identification documents to withdraw cash using the service. Reports suggest that if prosecutors continue cracking down on illegal money transmitting businesses they are likely to target online payment services that fail to verify user identities but allow cash to be moved. Following the shut down of

Liberty Reserve reports have indicated that security experts view

a Moscow-based service called

WebMoney as the preferred replacement. However, it is

important to note that if WebMoney detects illegal activity,

it will lock accounts. It is believed

that WebMoney is monitored by the FSB, although many believe that this will not deter criminals from using it.

Comment The DoJ’s actions demonstrate the willingness of US authorities to pursue violations of US law committed by organisations even where they are not domiciled in the US. The action against Liberty Reserve perhaps also reflects an increasing awareness of the growth of cyber crime.

Simon Garrett Partner CMS Cameron McKenna LLP Simon.garrett@cms-cmck.com

PRIVATE COPYING

French Court orders Apple to pay €5 million in private copying levy Court of First Instance of Paris, 30 May 2013 (Ref. 11/15194) On 30 May 2013, the Court of First Instance of Paris ordered Apple to pay €5 million corresponding to the private copying levy for iPads sold in 2011, which was due to Copie France, the collecting entity.

Apple recognised having collected the levy when selling its iPads but deliberately froze the sums because of serious doubts, they said, on the validity of Decision N° 13 of the Private Copying Commission which set the levy rates for digital tablets. Indeed, Decision N° 13 is currently challenged before the Conseil d'Etat, the French administrative Supreme Court. The Conseil d'Etat already annulled several other decisions of the Commission in the past. Ironically, it is Apple that first brought the case against Copie France before the Court of First Instance with a view to securing a finding that no levy was due under Decision N° 13. In the event the Court decided otherwise, Apple also asked the case to be put on hold pending the decision of the Conseil d'Etat. It is thus only as a counterclaim that Copie France asked for the payment of more than 7 million of private copying levy. The Court decided to put the case on hold until the decision of the Conseil d'Etat but nevertheless ordered Apple to pay to Copie France the sum of 5 million on a provisional basis. The Court justified its decision by ruling that Decision n° 13 was only an application of national law, which requires organising a fair compensation for artists (Article L.311-1 of the French Intellectual Property Code). Apple was hence bound to pay the levy regardless of the administrative organisation of its collection. The Court was even more severe towards Apple as it allowed the immediate execution of the decision whilst in principle a judgment is not enforceable until the period for appeal has elapsed. This case came as a surprise to many, even in France. Yet, this is only the lastest outcome of a never-ending story.

The ins and outs Since 1985, a right to remuneration for private copying has been set up in favour of authors, artists and producers. In order to find a source of remuneration, it has been decided to charge a levy on the purchases of recordable media. The Private Copying Commission was established to set the levy rates. This system first targeted audio and videotapes; it has been extended to all electronic devices except computers and e-readers. Since the Copyright Directive 2001/29/EC of 22 May 2001, all EU Member States have to organise a similar system to permit the fair compensation of the right holders (Article 5.2 b of the directive). In France and elsewhere, the determination of the levy rates has been a burning issue for years. Indeed, the Private Copying Commission decided to index the levy on the storage capacity of the device, a calculation system very advantageous for the right holders as devices gain storage capacity every year. In 2012, 190 Million has been collected, nearly twice as much as in 2001. It is thus strongly criticised by industry which claims that the levy, which is ultimately borne by the final consumers, creates a competitive disadvantage at its cost as consumers prefer buying from foreign sellers on the internet. The European Court of Justice (ECJ) ruled in the Padawan case (21 October 2010, C-467/08) that the fair compensation system only aims at compensating the damage suffered by the rights holders when a private copying of their work is made. The first consequence arising from this construction is that the devices sold for professional purposes must be excluded from the scope of the levy as professionals are not supposed to carry out private copying. More importantly, as the levy

rates can only be determined depending on the damage suffered by the right holders, the ECJ decision implies that the levy should not be based only on the storage capacity of the devices but more on the use that is made by the consumer. Clearly the best means for the Commission to assess such use would be to carry out surveys and opinion polls. In France, Decisions N° 7, 8, 9 and 10 of the Private Copying Commission have all been annulled by the Conseil d'Etat in 2008 and 2010 on the grounds that the Commission included the devices used to make infringing copies in the calculation of the levy rate. According to the Conseil d'Etat, the Commission should have searched for each medium, supported by surveys and opinion polls, the respective part of infringing and not infringing uses. Decision N° 11 was intended to replace the annulled decisions. Again, the Conseil d'Etat annulled this decision as the Commission included the devices acquired for professional purposes in the scope of the levy, which is forbidden under the Padawan case. But the Conseil d'Etat decided to grant the Commission six months to adopt new rates. The Commission failed to comply with the deadline set on

23 December 2011. They were

rescued in extremis by the Parliament with an act dated 20 December 2011 (No. 2011-1898). This act actually extended for one year the application of the rates which were annulled pursuant to the decision of the Conseil d'Etat. To no one's surprise, the industry tried to challenge the legality of

this act before the Conseil constitutionnel, the French constitutional court. The Conseil constitutionnel first rejected their request on 20 July 2012 but eventually admitted that the act of

20 December 2011 was partly

unconstitutional in a decision dated 15 January 2013. According to the Conseil constitutionnel, Article 6, paragraph II, of the act was intended to retroactively validate the private copying levy rates that had been annulled by the Conseil d'Etat. The Conseil constitutionnel considered that this provision breached the principle of separation of powers and the right to effective judicial review pursuant to Article 16 of the Declaration of the Rights of Man and the Citizen. The Conseil constitutionnel stated that the Parliament had the right to retroactively validate an administrative act provided it pursued an aim of sufficient general interest. As this requirement was missing, the Conseil constitutionnel repealed the provision at issue. Decision N° 13 of the Commission on digital tablets was adopted on 12 January 2011. The rate was identical to the one of Decision N° 11 that had been annulled in the first place. The industry acted together once more to challenge the new decision before the Conseil d'Etat and decided to freeze the sums collected in the meantime. In light of this context of uncertainty regarding the validity of the decisions of the Commission, the present order for Apple to pay 5 million looks quite astounding. Yet it is not the first time the Court of First Instance delivered such an order. On 15 May 2012, Nokia was ordered to pay 4 million to Copie France. The same day, Acer, Motorola and Sony were ordered to pay 500,000; 137,000 and 40,000 respectively. The cases were very similar: the three industry actors immobilised the sums corresponding to the levy and sued Copie France hoping that the Court will hold that the sums were not due.

A non-representative system? According to the industry, the Private Copying Commission is biased in favour of right holders. They criticise the lack of representativeness within the Commission as they hold only six seats, whereas the rights holders have 12. The other six seats belong to the consumers' representatives. Mr. Olivier Gayraud, a member of CLCV, a consumers association, admitted that the Commission "works through deceitfully democratic mechanisms." As much as they are concerned, the consumer associations disapprove of the fact that they still do not know how much private copying costs the consumer. The Act of 20 December 2011 had remedied this shortcoming by requiring the display of the amount of the private copying on the label of the product. However, this provision is still not effective since its implementing decrees are still not published. The industry asserts that as a matter of principle, they support culture and agree to compensate the right holders; however they disagree with the levy rates. Based on studies carried out by private firms, they affirm the levy should not be higher than 80 million per year and not 200 million as Copie France claims. They consider that this gap is due to the attempt of Copie France to make the private copying levy bear the loss of income caused by piracy - which would be illegal. In a report on the Cultural Exception in France by Mr Pierre Lescure of May 2013 to the Government, it is suggested that the private copying levy be expanded to include all connected devices, i.e. computers and e- readers as well. This is not likely to bury the hatchet. What is certain for the moment is that the decision of the Conseil d'Etat is eagerly

PRIVATE COPYING

awaited by Apple.

Benjamin May Partner Julie Pontier-Benhamou Aramis Société d'Avocats may@aramis-law.com

DEFAMATION

Lord McAlpine of West Green v. Sally Bercow High Court (Queen's Bench Division), 24 May 2013 (EWHC 1342(QB)) The trial of a preliminary issue in a libel action between Lord McAlpine and Sally Bercow, involved the determination of the meaning of words complained of in a tweet and whether that meaning was defamatory.

The Claimant was Lord McAlpine, a former Deputy Chairman of the Conservative Party, a former Party Treasurer and a close aide to Margaret Thatcher during her time as Prime Minister. The Defendant was Sally Bercow, who is the wife of the Speaker of the House of Commons and has made several appearances in well- known British television programmes, including Big Brother. She also has a Twitter account, which on the date the tweet was published, 4 November 2012, had over 56,000 followers.

Background On 2 November 2012, the BBC's current affairs programme Newsnight broadcast a report that included a serious allegation of child abuse at the Bryn Estyn care home in Wales in the 1970s and 1980s. One of the alleged abusers was a person who was not named, but who was variously referred to in the Newsnight report by expressions such as 'a leading Conservative from the time,' 'a leading Conservative politician from the Thatcher years,' 'a senior public figure,' 'a shadowy figure of high political standing,' and 'a prominent Tory politician at the time.' The Newsnight report quickly became a big news story and was widely reported in the media between 2 and 4 November 2012, with the coverage including articles in The Guardian, The Telegraph, The Sunday Telegraph, the MailOnline website and the Daily Mirror. None of these publications named the politician alleged to be at the centre of the scandal. As The Telegraph itself reported, this set off 'a frenzy of unsubstantiated speculation on social networking sites' as to the identity of the likely subject. Lord McAlpine was a particular

target of this internet gossip, to the extent that on 4 November 2012 he was 'trending' on Twitter, that is his name appeared in the list of top 10 popular topics, known as 'trends,' that appears on a Twitter user's home page. On the same day, Sally Bercow sent the following tweet to her followers ('the Tweet'): ‘Why is Lord McAlpine trending? *Innocent face*’ On 8 November 2012 during an interview with the Prime Minister David Cameron on the ITV programme This Morning, the presenter Philip Schofield handed him a list of names circulating on the internet of Tory politicians allegedly linked to child sex abuse. In fact, it quickly became apparent that the allegations against Lord McAlpine were completely unfounded and that he was entirely innocent of any of the very serious crimes of which he was accused. Faced with legal action for libel, the BBC and ITV apologised and paid £185,000 and £125,000 respectively in damages, in addition to legal costs. Lord McAlpine also pursued claims against Twitter users who had repeated the allegations, including Ms Bercow. Users with fewer than 500 followers were allowed to settle the matter by making a donation of £25 to the BBC Children in Need charity. Although Ms Bercow issued an apology on Twitter, she denied that her tweet was defamatory and refused to pay the £50,000 in damages demanded by Lord McAlpine. This led to the issue of proceedings against Ms Bercow in December 2012.

Meaning of the Tweet It was accepted by both parties that that the words 'innocent face' were to be read like an emoticon or stage direction to the reader to imagine that the expression on Ms Bercow's face was one of

innocence, suggesting that she did not know the answer to her question. Lord McAlpine's case was that the words 'innocent face' were being used insincerely or ironically by Ms Bercow to draw the readers' attention to an answer which a reasonable reader would understand that she already thought she knew, that is that Lord McAlpine was a paedophile who was guilty of sexually abusing boys living in care. Ms Bercow denied that the Tweet meant that, or that it meant anything defamatory of Lord McAlpine. Her case was that the question she asked in the Tweet was simply a question and that 'innocent face' was being used sincerely to suggest she did not know the answer to the question. While she accepted that her question implied that Lord McAlpine was trending, there was nothing else to be inferred from the question. In particular her question did not suggest any reason why Lord McAlpine was, or might have been, trending. Only an unreasonable reader, 'avid for scandal,' would read the Tweet as asking anything other than a straightforward question. Mr Justice Tugendhat distinguished between two kinds of meaning that words may have for the purposes of defamation. First, a natural and ordinary meaning, which would include any implication or inference that a reasonable reader, guided only by general knowledge, would draw from the words. Second, an innuendo meaning, which could be implied from the words complained of, but only if the reader also knew other extrinsic facts, which were not general knowledge. The judge had to consider the question of meaning from the point of view of the hypothetical

reasonable reader, in this case a reasonable representative of users of Twitter who follow Ms Bercow. The judge inferred that Ms Bercow's followers probably included a significant number who shared her interest in, and liked to be up to date with, politics and current affairs. They were therefore people who, by 4 November 2012, probably knew that allegations of child abuse had been made in the Newsnight report against a leading Conservative politician from 20 years ago, and that the decision of the BBC not to name the person was the subject of public controversy.

Judgment As a matter of law, the Tweet would be defamatory of Lord McAlpine if the words complained of referred to him and substantially affected in an adverse manner the attitude of other people towards him, or had a tendency to do so. Mr Justice Tugendhat held that some of Ms Bercow's followers probably did know who Lord McAlpine was from their prior knowledge when they read the Tweet. However, it was not necessary for a reader of the Tweet to have had any prior knowledge of Lord McAlpine as a leading politician of the Thatcher years in order for them reasonably to have linked the Tweet naming him with what they knew about the allegations in the Newsnight report. This was because the Tweet identified Lord McAlpine by his title, and it is common knowledge that peers are generally people who had held prominent positions in public life, in many cases in politics, including as members of the House of Lords. The Tweet asked why Lord McAlpine was trending, in circumstances where he was not otherwise in the public eye on 4 November 2012, and there was

feverish speculation as to the identity of an unnamed politician who had been prominent some 20 years ago. There was no sensible reason for including the words 'innocent face' in the Tweet if they were to be taken as meaning that Ms Bercow simply wanted to know the answer to a factual question. The reasonable reader would therefore understand the words 'innocent face' as being insincere and ironical. In circumstances where Ms Bercow was telling her followers that she did not know why Lord McAlpine was trending, and there was no alternative explanation for why he was trending, then the reader would infer that Ms Bercow had 'provided the last piece in the jigsaw,' and that the answer to Ms Bercow's question was that Lord McAlpine was trending because he fitted the description of the unnamed abuser. Under the repetition rule, a defendant who repeats a defamatory allegation made by another is treated as if he had made the allegation himself, even if he attempts to distance himself from the original allegation. The effect of the repetition rule in this case was that Ms Bercow, as the author of the Tweet, was treated as if she had made, with the addition of Lord McAlpine's name, the allegation in the Newsnight reports and other media, which had previously been made without his name. For these reasons, Mr Justice Tugendhat found that the Tweet meant, in its natural and ordinary defamatory meaning, but also in its innuendo meaning, that Lord McAlpine was a paedophile who was guilty of sexually abusing boys living in care, which is clearly one of the most seriously defamatory allegations that it is possible to make against a person.

DEFAMATION

Aftermath In the wake of the judgment, Ms Bercow issued a statement to say she was 'surprised and disappointed' by the ruling, but accepted it, that she remained sorry for the distress she had caused Lord McAlpine and that she repeated her apologies. Ms Bercow said that the Tweet was not tweeted 'with malice,' but 'was being conversational and mischievous, as was so often my style on Twitter.' Her statement added: 'Today's ruling should be seen as a warning to all social media users. Things can be held to be seriously defamatory, even when you do not intend them to be defamatory and do not make any express accusation.' It is understood Ms Bercow will pay significant damages and costs, although the amounts have not been disclosed. Ms Bercow has found out, as she puts it herself, 'the hard way,' that for defamation purposes the meaning of words is assessed objectively, entirely independent of the defendant's state of mind or intention. Moreover, meaning can include implication and inference by reference to general knowledge, and innuendo by reference to extrinsic facts. Tweeters beware!

Andrew Tibber Senior Associate Burges Salmon Andrew.Tibber@burges-salmon.com

MOBILE ADVERTISING

Mobile advertising and messaging: litigation under the TCPA What was considered an inexpensive marketing campaign is quickly becoming an expensive piece of 'dough' for Papa John's. The company faced substantial litigation recently for allegedly sending out unsolicited text messages advertising its products to consumers in violation of the federal Telephone Consumer Protection Act ('TCPA').

Papa John's recently settled a class action suit in the Western District of Washington state for $16.5 million. In fact, the company could have seen its exposure from the estimated 220,000-member class action reach over $250 million. However, it is likely that Papa John's will incur further litigation expenses, as there are still several other suits pending, including a case in Virginia.

Background Over the past few years, companies seeking to reach the estimated 326 million users of US mobile phones have adopted text message campaigns, marketing a variety of promotional deals and coupons along the way. Other companies have utilised text messages to remind consumers about upcoming appointments and service visits. While the Telephone Consumer Protection Act of 1991, 47 U.S.C. § 227, was originally enacted to protect consumers from automated telemarketing via phone and fax, the TCPA includes a specific provision banning (with certain exceptions) any type of automated call to mobile phones, even for non-commercial or informational purposes. Additionally, by categorising text messages as 'calls,' several courts and the Federal Communications Commission (FCC) have read the use of automated text message marketing into the statute. Thus, this 1991-era statute has broad application to today's mobile commerce marketplace. Moreover, the TCPA provides for $500 in damages for each violation, which can be 'trebled' if a court deems the actions 'willful.' Since damages are provided for every message sent to each consumer, exposure can multiply very quickly. Because there are statutory damages, a recipient does not have to prove individual damages.

Whereas for many years the TCPA lawsuits focused on fax advertising and telemarketing, now there are dozens of TCPA text messaging cases. The use of mass text message marketing has dramatically increased in recent years and it is easy to see why - text marketing is cheap, direct, and gets a customer's attention. But while most customers simply view it as an annoyance, others have filed suit, seeing the potential exposure from class actions skyrocket. As a result, plaintiffs' attorneys have been busy filing numerous TCPA suits related to mass text message marketing campaigns. In fact, over the last few years, similar cases have been filed against companies like NASCAR, Jiffy Lube, and the Buffalo Bills football team.

TCPA exceptions

There are a number of important exceptions that advertisers should be aware of in order to remain compliant with the TCPA. The biggest of which is whether the consumer has given the advertiser the proper consent necessary to send the text messages out. Currently, the TCPA only requires 'prior express consent' from the customer for calls (which includes text messages) to mobile phones, but is silent on what actually constitutes prior express consent. For instance, the courts have differed in their analyses of 1) whether merely providing a phone number to a business, without more, constitutes prior written consent, and 2) whether prior written consent should be gauged by the individual intent and circumstances when the customer provides a phone number.

Upcoming changes to consent requirements

Effective in October, the FCC will require companies to receive a

consumer's prior express written consent in order to send out automated text message advertisements. According to the FCC, a consumer's written consent must be signed and show that the consumer 1) received 'clear and conspicuous disclosure' that he or she will receive automated text messages, and 2) agrees to receive such messages at the phone number designated by the consumer. Furthermore, the written agreement cannot be made as a condition of purchasing a good or service. If a dispute about the consent arises, the advertiser has the burden to prove that it gave the consumer clear and conspicuous disclosure and that the consumer unambiguously consented to receive the text messages. It should be noted that while this ruling does not include purely informational text messages, such as crime alerts, service appointment confirmations, or school closing notifications, prior oral consent must still be given for mobile phones (however no consent is needed for wired residential lines). Of course, should an organisation wish to obtain written consent for an informational text message that is perfectly acceptable and (as a matter of compliance policy) would provide back-up evidence to support the consent. The FCC has further concluded that 'written' consent from a customer can be obtained through a variety of methods, including email, online form, text message, telephone keypress, or a voice recording, in compliance with the federal 'E-Sign' law. Allowing these forms of written consent to be obtained electronically will not only facilitate the written consent requirement, but also encourage efficiency by greatly minimising the costs on businesses of acquiring and maintaining written

consent. In addition, the FCC recently made a declaratory ruling that companies may send a one-time text message confirming a customer's opt-out request without violating the TCPA. This ruling was made in response to a request by a company (SoundBite Communications, Inc.) that, like many others, faced substantial litigation over similar opt-out confirmation messages. While many recent FCC rulings have not been seen as business-friendly, this common sense approach prevents a rash of potentially large class action suits. Moreover, this declaratory ruling is also consumer friendly, as these confirmations provide an important role by informing the consumer that the opt-out request was received and their request has been processed. Importantly, the company's message may only confirm the opt- out and cannot contain any further marketing information (or attempt to persuade the consumer to reconsider his or her opt-out). A federal court in California recently dismissed a case against the company RedBox based upon the FCC's interpretation of TCPA liability for opt-out texts and other supporting case law.

Recent developments The potential exposure in cases like Papa John's has made the plaintiff's bar very busy pursuing similar TCPA claims. For example, the footwear company Steve Madden, Ltd. also recently settled a class action suit for up to $10 million, based on claims that it sent out unsolicited text messages advertising various products and events to over 200,000 consumers. With claims like this, Steve Madden faced over $100 million in exposure, a verdict that would have likely bankrupted the company. While companies facing TCPA

suits must first fight the underlying claims by the plaintiff asserting liability for the unsolicited text messages, they are also often forced to battle for coverage by their insurers. Since many insurance policies preclude coverage for willful violations of penal statutes, defendants litigating TCPA claims could be left paying damages themselves. Fortunately for defendants, the Illinois Supreme Court recently held that TCPA damages are in fact remedial and, therefore, insurable. On the other hand, other courts, including a Missouri Court of Appeals and the Colorado Supreme Court, have previously determined that TCPA damages are instead punitive in nature. Ultimately, coverage for these claims varies on a state-by-state basis.

Implications While the Illinois Supreme Court's recent decision serves as a victory for companies defending against TCPA suits, individual coverage decisions still depend upon the specific language contained within the insurance contract. Advertisers thinking of using text message marketing should first consult their corporate liability insurance policy, including the choice of law provision. Companies must also make sure that they receive the necessary consent from their customers before engaging in such marketing campaigns. Advertisers should be diligent in monitoring how they collect their customers' mobile and other phone numbers, what consent is provided, and how the marketing is actually conducted. Furthermore, customer consent records should be maintained for at least four years, which is the federal 'catch-all' statute of limitations used to bring a private TCPA claim. And of course,

MOBILE ADVERTISING

companies should make sure that they accept and implement opt-out requests. An opt-out request would ordinarily 'cancel' the prior consent. Given the rise in class actions and the potential exposure resulting from large-scale text message marketing campaigns, advertisers should be vigilant to make sure they comply with the TCPA. Considering the ever-changing environment for TCPA claims, companies engaging in mass text message marketing campaigns should carefully evaluate the risks and their own individual marketing plans.

Michelle W. Cohen Member and Certified Information Privacy Professional, US Ifrah PLLC Jacob Hamburger Summer Intern Ifrah PLLC JD Candidate, George Mason University School of Law, May 2015 michelle@ifrahlaw.com

COPYRIGHT

The ‘Meltwater’ dispute: Public Relations Consultants Association Ltd v. The Newspaper Licensing Agency Ltd & Ors [2013] UKSC 18. On appeal from: [2011] EWCA Civ 890 The UK Supreme Court ruled that temporary copies created in the course of viewing a web page are exempted from copyright infringement.

Is reading material on an internet webpage an act which requires authorisation from the owner of copyright in the material? This was the question before the Supreme Court in the recent NLA v. PRCA dispute (the 'Meltwater case'). The case concerned the application of the temporary copies exception in Article 5(1) of the Information Society Directive (implemented in the UK by s.28A of the Copyright, Designs and Patents Act 1988) to temporary copies which are stored in a browser cache and produced on screen when an end user views a web page. However, the Supreme Court has referred this point to the Court of Justice of the European Union ('CJEU') for a preliminary reference before making its final order on the appeal, highlighting that it is an issue with a transnational dimension which has ‘important implications for many millions of people across the EU making use of what has become a basic facility.’ The final decision in the case will therefore turn upon whether the CJEU agrees with the Supreme Court's clear view that the appeal should be allowed.

Facts of the case Meltwater News is an online media monitoring service which monitors the online press for its customers ('end users') by reference to pre-set search terms. The monitoring is effected by internet search technology which scrapes and indexes publisher websites and then provides a list of results in a search report which includes the full headline of each article, the opening words of each article, and text either side of each appearance of the search term. The search reports are both sent by email to Meltwater's end-users and made available on Meltwater's website. Importantly, Meltwater's service only does this for sites which are

not behind a paywall (unless it has a deal in place with a publisher whose site is behind a paywall). Meltwater and the Public Relations Consultants Association ('PRCA') made a reference to the UK Copyright Tribunal challenging the reasonableness of licensing terms for online media monitoring services and their customers sought by the Newspaper Licensing Agency ('NLA'), representing major UK newspaper publishers. In the context of this reference, the NLA claimed that, in addition to any licence held by Meltwater, end-users also required a licence due to the following three acts of copying: (1) the copy of Meltwater's alert email held on the user's computer containing search results; (2) the temporary copy of the search results in the RAM and on screen on the user's computer when the user viewed search results on Meltwater's website; and (3) the copy of the article in the RAM and on screen on the user's computer when the user clicked on a link and viewed an article on the publisher's website. The PRCA claimed in defence that (2) and (3) were temporary copies within the terms of the exception in s.28A CDPA / Art 5 (1) Information Society Directive. It was this defence that the Supreme Court considered.

Legislative background Article 5(1) of the Information Society Directive (Directive 2001/29) provides that: 'Temporary acts of reproduction referred to in Article 2 [which provides for the reproduction right], which are transient or incidental [and] an integral and essential part of a technological process and whose sole purpose is to enable:

(a) a transmission in a network

between third parties by an intermediary, or

(b) a lawful use of a work or

other subject-matter to be made, and which have no independent economic significance, shall be exempted from the reproduction right provided for in Article 2.'

The Supreme Court's ruling The Supreme Court, in a unanimous judgment delivered by Lord Sumption, took the view that the temporary copies exception applies to the temporary copies necessarily made in a browser cache and on-screen when a web page is accessed and viewed. This is contrary to the position taken by both Proudman J at first instance and the Court of Appeal below, that any 'consumptive use' of copyright material, including reading or viewing such material, precluded the application of the temporary copies exception and, as such, it could not apply to temporary copies created in the course of internet browsing as these are made for the very purpose of enabling their viewing by end-users. The CJEU's rulings in both the FAPL 1 and Infopaq II 2 cases, which came after the Court of Appeal's decision, cast doubt on this approach. Applying these rulings, the Supreme Court took the view that making internet browsing an infringing activity would be ‘an unacceptable result making infringers out of the many millions of ordinary users of the internet across the EU who use browsers and search engines for private as well as commercial purposes.’ Its reasoning on the legislative intent behind the Article 5(1) exception and its application to internet browsing was very clearly set out in the judgment and is summarised below.

Legislative intention behind the temporary copies exception

The NLA had claimed that the

Article 5(1) exception only applied

to copies made in the course of transmission of the material within a network, for example in the caches of intermediate routers and proxy servers. The Supreme Court found this was ‘an impossible contention’ and that recital 33 of the Directive ‘expressly envisages’ that the exception should ‘include acts which enable browsing [i.e. end user browsing] as well as acts of caching to take place.’ The scope of the exception was wider than processes enabling ‘a transmission in a network between third parties by an intermediary,’ as provided for by Art 5(1)(a): it also, by virtue of Art 5(1)(b), extended to processes allowing the ‘lawful use’ of a work, which ‘necessarily includes the use of the work by an end-user browsing the internet.’ Therefore, for the exception to be coherent, it must apply to the ordinary technical processes associated with internet browsing.

Application of Art 5(1) and the Infopaq conditions

In Infopaq I 3 the CJEU had set out the following conditions to be satisfied for acts of temporary copying to fall within the Art 5.1 exception:

(1) the act is temporary; (2) it is transient or incidental; (3) it is an integral and essential part of a technological process; (4) the sole purpose of that process is to enable a transmission in a network between third parties by an intermediary or a lawful use of a work or protected subject matter and (5) the act has no independent economic significance. According to the Supreme Court these are not free standing requirements, but are ‘overlapping and repetitive, and each of them colours the meaning of the other’ and as such ‘have to be read together to achieve the combined purpose of all of them.’

In terms of their application to the facts, the court gave the following guidance:

Temporary, transient or

incidental. The Supreme Court took the view that the dispute turned on these first two conditions. 'Temporary' and 'transient' mean the same thing, and are intended to exclude from the exception acts which constitute permanent copying, for example downloading. Judged in the light of the normal operation of a computer or its browser, the ordinary processes of caching and browsing could be distinguished and came within the exception. It is irrelevant to this assessment that there are artificial ways of extending the period for which temporary cached copies are stored, as ‘there is a difference, which is fundamental to the object of article 5.1. between a discretionary decision to extend the duration of what remains an automatic process, and the storage of a copy of material in the course of browsing in a manner which will ensure that it is permanent unless and until a discretionary decision is made to delete or destroy it.’ The copies were ‘incidental’ as they were ‘for the purpose of enabling a lawful use of the copyright material, i.e. viewing it.’

Integral and essential part of a

technological process. The caching of material and its reproduction on screen is a basic feature of the design of modern computers and is necessary to allow the internet to function ‘correctly and efficiently.’ As such, the making of such copies is ‘manifestly’ an integral and essential part of a technological process.

Lawful use.

COPYRIGHT

Lawful ‘means lawful apart from any lack of authorisation by the copyright holder.’ The Court highlighted that ‘it has never been

an infringement, in either English or EU law, for a person merely to view or read an infringing article’ and this equally applies to the viewing of content on a web page.

No independent economic significance. This condition does not mean that the copy must have entirely no commercial value at all. The copy must have no independent commercial value additional to that which is ‘derived from the

mere fact of reading it on screen.’ The copies at issue in this case satisfied this requirement for the same reasons as temporary copies stored within a decoder and on a television screen in the context of broadcasts, which were held by the CJEU in the FAPL case to be ‘inseparable and non-autonomous [parts] of the process of reception of the broadcasts transmitted containing the works in

question

influence, or even awareness, on the part of the persons thereby having access to the protected works’ and were therefore ‘not capable of generating an additional economic advantage going beyond the advantage derived from mere reception of the broadcasts at issue.’

performed

without

Effect of Article 5(5) of the Directive

Art. 5(5) (often referred to as the 'three step test') provides that the Art. 5(1) exception 'shall only be applied in certain special cases which do not conflict with a normal exploitation of the work or other subject-matter and do not unreasonably prejudice the legitimate interests of the rightholder.'

The Court, consistent with the

COPYRIGHT

CJEU's approach in FAPL and Infopaq II, clarified that this provision simply requires Article 5(1) to be as narrowly construed as is consistent with its purpose. As such, if all five conditions are met, no additional restrictions are imposed by Art 5(5).

Anomaly with FAPL

The CJEU, in its decision in FAPL, had held that temporary copies stored within a decoder and on a television screen in the context of broadcasts were protected by the temporary copies exception. The Court acknowledged there was no rational distinction to be drawn between viewing copyright material on a television screen and on a computer. Should this be upheld by the CJEU, this will remove the anomaly in the law created by the conflicting decisions of the CJEU in FAPL and the decisions of the lower courts in the present case.

An online piracy charter?

The Court emphatically rejected the notion that the application of the temporary copies exception in this case would lead to an ‘internet piracy charter.’ Rightsholders continue to have causes of action against pirates and intermediaries which are used to disseminate infringing material and the Supreme Court believes that allowing the appeal will not alter the status quo.

Impact of the case Although this is not yet a final decision, pending the preliminary reference to the CJEU, the Supreme Court's reasoning is consistent with the CJEU's previous rulings, notably in the FAPL and Infopaq II cases. If, as many commentators anticipate, the CJEU agrees with the Supreme Court's decision, this will provide welcome clarification once and for all that simply

reading or viewing material on the internet is not an infringement of copyright. Should the Supreme Court's decision be upheld, this is also expected to have an impact on the Copyright Tribunal's view on what constitutes reasonable licensing terms for online media monitoring services and their customers, in particular the level of royalties as the number of restricted acts licensed under the NLA's scheme would be materially reduced.

Ben Allgrove Partner Michael Hart Partner Nicole Fairhead Trade Marks Practitioner Baker & McKenzie Ben.Allgrove@bakermckenzie.com Michael.Hart@bakermckenzie.com Nicole.Fairhead@bakermckenzie.com

*Disclosure - B&M acted for Meltwater and the PRCA in these proceedings.

1. Football Association Premier League v.

QC Leisure & Others, combined cases C-3403/08 and C-429/08.

2. Infopaq International v. Danske

Dagblades Forening, Case C-302/10.

3. Infopaq International v. Danske

Dagblades Forening, Case C-5/08 [2010] FSR 20.

SEARCH WARRANT

FBI warrant to search a target computer at premises unknown In May 2013, a United States magistrate judge of the United States District Court for the Southern District of Texas denied a request from the FBI to obtain a search warrant to hack an unknown computer in an unknown location to determine who was responsible for crimes committed using the computer.

Background The FBI's warrant request arose from an incident involving a personal email address of a Texas resident that was hacked in order to access the person's local bank account. The computer that hacked the account had an Internet Protocol (IP) address that resolved to a country in Southeast Asia. After discovering that he was hacked, the Texas resident attempted to secure his email account to prevent further breaches. The hacker then set up a nearly identical email address and used it to attempt to transfer a large sum of money from the Texas resident's local bank to a foreign bank account. The FBI then began an investigation and sought a warrant to identify the target computer and suspects involved in the crimes. The FBI's warrant application asked for permission to install data extraction software on the target computer, which has the capacity to perform several functions, including the following: search the hard drive, random access memory, and storage media; initiate the computer's built-in camera; identify latitude and longitude coordinates for the computer's location; and send the extracted data to FBI agents in Texas. Generally, the FBI wanted to obtain records that existed on the target computer, including IP addresses, records of internet activity, and evidence of who used the computer and when. The FBI also wanted to monitor the computer for 30 days to obtain data such as accounting entries that could identify new victims of fraud, photographs using the built- in camera to identify users of the target computer, and information about the computer's location. The government asked for the warrant application to be sealed to avoid harming the ongoing investigation.

The judge sealed the warrant application, but did not seal the opinion because it relates to a general question of law.

The Court's analysis The judge noted that the FBI's novel search warrant request hinged on three main questions, namely, whether the FBI's warrant satisfied the following: (1) the territorial limits of a Rule 41 search warrant; (2) the particularity requirements of the Fourth Amendment; and (3) the video surveillance requirements of the Fourth Amendment. The judge discussed each question in turn and concluded that the FBI had not demonstrated the applicable requirements, which led him to deny the FBI's request for a warrant.

Territorial limits of Rule 41

Rule 41 of the Federal Rules of Criminal Procedure identifies five territorial limits on a magistrate judge's authority to issue a warrant. The government invoked only the first subsection of Rule 41, which provides that a judge can only authorise a warrant to search property within the judge's district. The government argued that the FBI warrant meets this requirement because information obtained from the target computer would be reviewed by FBI agents within the magistrate's district in Texas. The judge disagreed, and noted that because intangible computer data can be analogised to a container filled with information, by the government's logic the FBI could 'roam the world' to search for containers of contraband and that would be acceptable as long as the containers were opened in the district issuing the warrant. Also, the judge explained that the FBI actually sought to conduct two searches: (1) an initial search to identify the target computer, and

(2) a search of the information on the target computer for criminal evidence. Because the FBI did not know where the target computer was located, the location of the information on the computer was also unknown and the search of that information could potentially occur outside the judge's district. Therefore, the judge concluded that the warrant application could not satisfy the territorial limit of Rule 41 that requires a warrant to be issued within the magistrate's district. Similarly, the judge explained that the warrant does not meet any of the other four territorial limits that the FBI did not address in its application.

Particularity requirements of the Fourth Amendment

The Fourth Amendment states that search warrants must 'particularly describ[e] the place to be searched, and the persons or things to be seized.' The judge explained that the FBI's warrant application did not specify how the agency would find the target computer, which forced the judge to speculate how the FBI would accomplish that task. The judge noted that it could be difficult to identify the target because hackers have ways of disguising their illegal computer activity and using seemingly innocent computers to carry out crimes. Also, the government did not explain how it would avoid placing the proposed intrusive software on innocent computers, or how it would ensure that only those engaging in illegal activity would be exposed to the hacking software. The application did not provide enough information about how the government would accommodate various circumstances that could affect the target computer, for example, if it was a public computer in a library or internet café, or if family or friends not involved in the illegal

SEARCH WARRANT

activity used the computer. The judge concluded that the limited information in the FBI's warrant application did not satisfy the particularity requirement of the Fourth Amendment.

Video surveillance requirements of the Fourth Amendment

As previously mentioned, the software the FBI proposed in the search warrant would be able to activate the target computer's built-in camera and take pictures of anyone who used the computer. Although the government described the use of the camera as 'photo monitoring' rather than video surveillance, the judge was not convinced. The software would allow the government to have access to the camera in real time and that is equivalent to video surveillance. The judge explained that video surveillance has been deemed the most intrusive method of surveillance by the Fifth Circuit and the court has borrowed from wiretapping statutes to identify constitutional standards for video surveillance. A search warrant for video surveillance must include:

(1) a statement that other investigative methods have been tried and failed, or appear too dangerous or unlikely to succeed if tried; (2) a description of the communication the government wants to intercept and what offence the communication relates to; (3) the duration of the surveillance (generally no longer than 30 days); and (4) a statement of steps taken to ensure that surveillance is only used for the intended purpose. US v. Cuevas- Sanchez, 821 F.2d 248, 252 (5th Cir. 1987). The judge concluded that the government's application failed to meet the criteria demonstrating inadequate alternatives and minimisation of intercepting video for the intended purpose. The government offered

only conclusory statements for these criteria but did not explain why other methods would not work or how the FBI intended to minimise collecting data only for the purposes for which the FBI requested the search warrant.

The Court's conclusion The judge found that based on his analysis of the FBI's application to obtain a warrant, the search warrant did not meet the requirements of Rule 41 and the Fourth Amendment. The judge acknowledged that Rule 41 does not necessarily preclude the use of the FBI's requested hacking techniques under any circumstances, and implied that innovations in computer searching technology could warrant changes to the territorial limits of the rule. However, an intrusive search of this nature must meet the requirements of Rule 41 and the Fourth Amendment, and the FBI did not meet its burden here.

Commentary The lesson from this judge's ruling is that courts may be reluctant to allow the government to obtain overly broad search warrants to investigate cyber attacks carried out using unknown computers in unknown places. The FBI's warrant request amounted to a general warrant of the sort that led to the adoption of the Fourth Amendment, which protects against 'unreasonable searches and seizures.' In this court's view, the government did not satisfy its burden of demonstrating that the warrant met the constitutional standards of the Fourth Amendment such that the FBI could capture data as wide ranging as IP addresses, chat history, browser cookies, and photographs of everyone who used the target computer. Here, the FBI had the added hurdle that the agency did

not even know which computer needed to be searched, or where the computer was located. The computer crimes the FBI sought to investigate raise the ever- present challenge for cyber attacks of determining attribution, which means identifying the actual perpetrator responsible for the cyber attacks. Attribution can be difficult to determine because the computer from which an attack seems to have originated might not be the actual source due to hackers' ability to take over computers and disguise their actions. Therefore, even if the FBI had identified a particular computer to hack, they might not be able to determine with certainty whether the computer was used knowingly and who controlled the computer when it was used to commit the crimes at issue. Attribution would likely pose a problem for any similar warrants the government may request in the future to hack computers. However, a court may be inclined to authorise such a warrant if the government can overcome the deficiencies in the warrant that the FBI sought in Texas. Specifically, if the warrant application includes more details about the target computer, such as where it is located or even how the target computer will be identified, then a judge might be more likely to authorise the warrant. Additionally, further advances in technology that allow the FBI to pinpoint the target computer may lessen the concern of overreaching and the potential hacking of innocent computers and individuals.

Andrew B. Serwin Partner Aramide O. Fields Associate Morrison & Foerster LLP ASerwin@mofo.com AFields@mofo.com

SIMULCASTING

Phonographic Performance Company of Australia Ltd v. Commercial Radio Australia Ltd The Full Court of the Federal Court of Australia, [2013] FCAFC 11 The Full Court considered whether the internet simulcast of a radio broadcast was a 'broadcasting service' within the meaning of the broadcasting services legislation.

The Phonographic Performance Company of Australia (PPCA) is the copyright collecting society for certain sound recordings (the 'PPCA sound recordings'). Commercial Radio Australia (CRA) is an industry body for the holders of commercial radio broadcasting licences in Australia. PPCA entered an agreement with CRA granting CRA's members a non-exclusive licence to exercise the 'broadcasting' right in respect of the PPCA sound recordings. The agreement defined this right by reference to certain statutory definitions. The parties agreed that the licence was, at the relevant times, equivalent to a right to communicate the PPCA sound recordings to the public using a 'broadcasting service' as defined in section 6(1) of the Broadcasting Services Act 1992 (Cth). Section 6(1) relevantly defines 'broadcasting service' as 'a service that delivers television programs or radio programs to persons having equipment appropriate for receiving that service, whether the delivery uses the radiofrequency spectrum, cable, optical fibre, satellite or any other means or a combination of those means.' This definition is affected by a Ministerial determination made on 12 September 2000 (the 'Ministerial Determination'), which excludes from the definition of 'broadcasting service' any 'service that makes available television programs or radio programs using the internet, other than a service that delivers television programs or radio programs using the broadcasting services bands.' The 'broadcasting services bands' are the part of the radiofrequency spectrum that is used to deliver television and radio programs. The Court was asked to consider whether the simulcasting of radio programs containing PPCA sound recordings by CRA members fell

within the section 6(1) definition, as affected by the Ministerial Determination (the 'Modified Definition'). The parties submitted an agreed statement of facts for the hearing at first instance and one expert witness was called. The witness explained that simulcasting was achieved by sending a single master audio stream through a distribution amplifier that split the single audio stream into four identical audio streams for simultaneous distribution by up to four separate methods: AM radio frequencies, FM radio frequencies, digital radio frequencies and internet streaming. Each of these distribution channels required separate equipment to transmit the relevant signal or stream. PPCA sought a declaration from the Court that the internet stream was a communication to the public that was not by way of a broadcasting service (and so outside the scope of the licence). PPCA did not seek damages or lead evidence as to the extent of internet simulcasting by CRA members.

The parties' contentions The distinction between the submissions was that CRA asked the Court to read the Modified Definition of 'broadcasting service' as applying to the simulcast as a whole (all four streams together) while PPCA contended that the separate radio and internet streams should be considered separate broadcasting services. The Full Court found that, for the purposes of interpreting the licence, this came down to two different interpretations of the word 'service' in the Modified Definition. CRA interpreted the word 'service' as referring to the radio program itself (or, as the Full Court described it, 'the benefit that is supplied'), while PPCA

interpreted the word 'service' as referring to the method of delivery

(or, in the Full Court's words, 'the method whereby the benefit is supplied'). CRA's submissions contended that the simulcast as a whole should be viewed as a single communication to the public, and that this single communication was delivered using a 'broadcasting service' within the meaning of the Modified Definition. CRA relied on the words 'or a

combination of

Modified Definition. CRA argued that because the simulcast delivered the radio program using a service that involved multiple distribution technologies, the service involved a 'combination of means' (therefore bringing it within the section 6(1) definition). CRA contended that although one of the simulcast streams was delivered using the internet, the simulcast as a whole was not excluded from being a broadcasting service by the Ministerial Determination because

the simulcast also included distribution streams that used the broadcasting services bands. In contrast, PPCA's submissions asked the Court to consider the internet stream in isolation from the streams delivered using the broadcasting services bands. On this analysis, the internet stream was not delivered using the broadcasting services bands.

means'

in the

The Full Court's decision Both parties relied on extensive extrinsic material to support their construction of the Modified Definition. The Full Court considered these materials in detail but ultimately found that they were not helpful in resolving the ambiguity as to how the Modified Definition applies to the simulcasting of radio programs. As the extrinsic materials were of little assistance, the Full Court

SIMULCASTING

considered that the Modified Definition had to be construed having regard solely to the content of the relevant provisions in the Broadcasting Services Act and the purpose and objects of the Act. The Full Court adopted a 'linguistic and syntactical analysis' to interpret the relevant provisions. Based on this analysis, the Full Court preferred PPCA's construction of the word 'service' (and, by extension, the Modified Definition) to CRA's. The Full Court noted that the drafting of the Act distinguishes between the concepts of a 'service' and a 'program.' As the section 6(1) definition of 'broadcasting service' describes a radio program being delivered by the broadcasting service, the 'service' must be distinct from the program being delivered by that service. Further, the fact that the Modified Definition lists 'radiofrequency spectrum, cable, optical fibre' as examples of a 'broadcasting service' supports the view that 'service' refers to the method of delivery. The Full Court also pointed out that broadcasting licences under the Broadcasting Services Act are subject to territorial restrictions that would be breached if an internet stream were held to be a 'broadcasting service.' On this basis, the Full Court concluded that the word 'service' refers to the provision of a radio program by a particular means. Given that the word 'service' refers to a discrete method of delivery, the Full Court held that the Ministerial Determination distinguishes between the following types of services: (a) services delivered by any means, including the broadcasting services bands; (b) services delivered or made available using the internet; and (c) services delivered or made available using both the internet

and broadcasting services bands. The Full Court found that services falling under categories (a) and (c) are 'broadcasting services,' while services in category (b) are not 'broadcasting services.' The internet stream of the simulcast fell into category (b), and the other streams fell into category (a). As such, the internet stream was not a 'broadcasting service' and was outside the scope of the licence. CRA has filed a special leave application to appeal the decision to the High Court of Australia. A hearing date has not been set but it is anticipated that the High Court will hear the application during the second half of 2013.

Analysis and commentary The immediate consequences of this decision for commercial radio broadcasters in Australia are significant. If the decision stands, radio broadcasters wishing to simulcast their programs online will need to negotiate separate licensing arrangements with PPCA. The fees for such a licence would not be subject to the compulsory licensing system for commercial broadcasters found in Australia's Copyright Act (see Part VI, Division 3 of the Copyright Act 1968 (Cth)). The compulsory licensing system allows commercial broadcasters to pay a blanket licence fee for the right to broadcast published sound recordings that is generally capped at 1% of the broadcaster's gross earnings. This '1% cap' has proved controversial, and was the subject of an unsuccessful High Court challenge by PPCA in 2012 (see Phonographic Performance Company of Australia Limited v. Commonwealth of Australia [2012] HCA 8). The legal status of simulcasts in Australia appears to be far from settled. In addition to CRA's application for special leave to

appeal the decision, legislative change is also being considered by the Commonwealth Parliament. In March 2013 the Senate Standing Committees on Environment and Communications convened an inquiry into 'the effectiveness of current regulatory arrangements in dealing with the simultaneous transmission of radio programs using the broadcasting services bands and the internet.' The inquiry's terms of reference include consideration of 'the impact of current regulation on stakeholders, including broadcasters, copyright holders, including both publishing and performance rights holders, and the audience' and any related matters. Submissions to the inquiry closed on 26 April, and the Senate Committees' reporting date is scheduled for 12 July 2013. The Senate Committees' inquiry is certainly timely. It is clear from the complexity of the Full Court's analysis that the current statutory provisions are not well suited to dealing with simulcasts, and are likely to cause similar issues with other types of convergent media technologies. The Full Court's decision raises questions about the desirability of technology neutrality in statutory drafting and the courts' role in 'filling in the gaps' when legislation is outpaced by technology. The Full Court's 'linguistic and syntactical' approach to interpreting the highly technical Modified Definition has been praised as a good example of purposive statutory interpretation, and seen as a cause for concern by advocates of technology neutrality.

David Smith Partner Tim Lee Lawyer Corrs Chambers Westgarth, Australia david.smith@corrs.com.au

MOBILE APPS

Mobile medical apps draw FDA scrutiny As mobile device applications intended to offer diagnosis or treatment of medical conditions continue to expand in the consumer market, the US Food and Drug Administration (FDA) has signaled the need for tighter scrutiny, by taking its first direct action against a mobile medical app developer, Biosense Technology Private Ltd.

Action against Biosense In May 2013, the FDA took action against Biosense Technology Private Ltd., an India-based medical technology company, for failure to secure FDA clearance for its urinalysis app 1 . In addition to this inquiry, the FDA is also anticipated to release the final version of its rules for mobile medical app developers later this year, meaning that such developers must be prepared to comply with new rules that may trigger enhanced standards for performance, reliability, and accuracy of mobile medical apps. Biosense developed 'uChek,' a urinalysis app designed for use by patients to test for such medical conditions as diabetes, hypertension, kidney, liver, and bladder problems 2 . For example, diabetic patients could use the app to check glucose levels in their urine by dipping test strips in urine and using a smartphone camera to take a picture of the strip and process and generate automated diagnostic results. However, according to the FDA, the uChek system was not submitted to the FDA for clearance before being launched earlier this year and being offered on the Apple App Store. On 22 May 2013, the FDA issued

a letter notifying Biosense of the

FDA's concerns, stating that while the uChek system utilises test strips that are approved for visual reading, the uChek system's automated analysis warranted an FDA clearance of the system and

the strips 3 . Biosense has reported its intent to work with the FDA, and reports on its website that Biosense is registered with the FDA and that the uChek analyser is registered with the FDA as a medical device 4 . However, the FDA

stated in its letter to Biosense that

it has reviewed its database of

cleared and registered medical

devices and has been unable to locate any such registry for uChek 5 . The FDA may further follow up by identifying specific violations of the law, as well as requesting test data or evidence from Biosense to prove that the app is reliable or works in a similar fashion to products already on the market.

The FDA’s draft guidance The FDA's inquiry with regards to the Biosense app occurs in an evolving regulatory environment for mobile medical app developers. In July 2011, the FDA issued its draft guidance of proposed rules for medical app developers, which were intended to inform the healthcare sector of the types of apps that the FDA intended to regulate in order to avoid risks to public health and patient safety 6 . According to the draft guidance, the rules contained therein were issued only as a draft, and do not establish legally enforceable standards or required practices, and are intended to serve as statement of the FDA's suggestions or recommendations regarding medical apps 7 . Notwithstanding such general intent, the draft guidance provides regulations that mobile medical app developers must comply with, to the extent that the apps provide functionality as medical devices to smartphones or similar mobile devices 8 . The draft guidance applies to certain mobile medical apps that are intended for use on handheld mobile devices, such as smartphones and tablets, and is limited in scope to those medical apps that are (1) intended to be used as an accessory to a regulated medical device, or (2) to perform a medical device function regardless of the platform on which the apps operate 9 . As such, for example, medical apps that are intended to analyse glucose meter readings would be subject to the draft

guidance 10 . The draft guidance includes specific examples of the types of mobile apps that are intended to be subject to its recommendations:

(1) mobile apps that serve as an extension of a medical device to either control or display medical data, such as EEG, ECG, and blood pressure monitors; (2) apps that transform the mobile device platform into a medical device by including functions similar to those of regulated medical devices, such as apps that function as stethoscopes, glucose meters, or apps that allow for attachment of electrodes to record ECG signals on the mobile device; and (3) apps that allow entry of patient-specific data and generate patient-specific diagnoses or treatment recommendations, such as analysis of lab results to generate a medical diagnosis 11 . The FDA also explicitly omits the following types of apps from the scope of the draft guidance: (1) apps that provide electronic copies of medical textbooks or similar medical reference materials; (2) apps that log or track general health and wellness, such as diet or exercise; (3) apps that automate general office functions, such as billing or calendaring; and (4) apps that function as electronic health record systems 12 . The draft guidance also includes regulatory requirements that apply to medical devices, including mobile medical apps. Mobile medical app manufacturers must register their places of business or manufacturing facilities on an annual basis and must also comply with applicable labeling regulations 13 . Medical app developers are also required to comply with the FDA's Quality System Regulation (QSR), which requires such developers to develop internal requirements that will result in safe and effective devices,

MOBILE APPS

as well as establish procedures to

design and produce their devices 14 . To the extent that medical apps provide functionality for mobile devices to serve as medical devices, app developers must also report adverse events to the FDA when they receive information that such

a device may have caused or

contributed to a death or serious injury, or has malfunctioned in such a way that is likely to cause or contribute to death or serious injury 15 . Mobile medical app developers seeking to create apps with novel technologies are encouraged to collaborate with the FDA to receive instructions on testing and development of such technologies 16 . Upon issuance of the draft guidance in July 2011, the FDA also requested public comment on how to regulate mobile medical apps. To date, however, the FDA has yet to issue final guidance on how it intends to regulate such apps. However, several health advocacy groups and mobile medical app organisations have called for issuance of the final guidance, in order to achieve regulatory certainty and ensure adequate compliance planning 17 .

Within this current regulatory framework, mobile medical app developers are responsible for considering the impact, if any, of the draft guidance on app design or function, while monitoring the status of the issuance of a final Regulation. As to the Biosense inquiry, it is as yet unknown to

what extent Biosense consulted or reviewed the draft guidance, but at

a minimum, Biosense should have

considered the suggestions, recommendations, and regulations that are cited in the draft guidance. While the mobile medical app industry awaits issuance of final regulatory guidance from the FDA, mobile medical app developers who seek to participate in the US

app market should carefully review and evaluate the draft guidance and also monitor the ongoing Biosense inquiry.

Aldo M. Leiva, Esq. Lawyer Leiva Law, Florida aleiva@leivalaw.com

1. ‘Letter to Biosense Technologies

Private Limited concerning the uChek

Urine Analyzer,’ accessed 27 June 2013, at http://www.fda.gov/Medical

Devices/ResourcesforYou/Industry/ucm3

53513.htm

2. ‘US Govt directs Biosense's uChek to

seek FDA approval,’ 28 May 2013,

Medianama, accessed 27 June 2013, at

http://www.medianama.com/2013/05/22

3-biosense-uchek-fda-clearance/

3. See Note 1.

4. ‘FDA wants to know why uChek app

doesn't have clearance,’ 22 May 2013, MobiHealth News, accessed 27 June 2013 at http://mobihealthnews.com

/22525/fda-wants-to-know-why-uchek-

app-doesnt-have-clearance/

5. Ibid.

6. ‘Draft Guidance for Industry and Food

and Drug Administration Staff - Mobile

Medical Applications,’ 21 July 2011, US Food and Drug Administration, accessed 27 June 2013 at http://www.fda.gov/MedicalDevices/Devi ceRegulationandGuidance/GuidanceDoc

uments/ucm263280.htm#ft19

7. Ibid.

8. Ibid.

9. Ibid.

10. Ibid.

11. Ibid.

12. Ibid.

13. Ibid.

14. Ibid.

15. Ibid.

16. Ibid.

17. See, e.g., ‘Coalition Pushes for

Release of Final Mobile Health Guidance,’ 26 June 2013, iHealthBeat, accessed 27 June 2013 at

http://www.ihealthbeat.org/articles/2013/

6/26/coalition-pushes-for-release-of-final-

mobile-health-guidance.aspx

DATA PROCESSING

Dutch Court holds hyperlinking to a webpage containing personal data to be a processing of personal data Court of Den Bosch, 31 January 2013, LJN BZ2126 The lower court of Den Bosch ruled that using Twitter or email to broadcast a link to a webpage containing personal data constitutes a processing of personal data.

Relevant facts In the Netherlands, creditors or tax authorities that obtain a judgment against debtors are entitled to recover their claims by selling the assets of those debtors with the help of judicial officers ('gerechtsdeurwaarders'). To maximise the profits involved, judicial officers are obligated to publicly announce the sale of assets. In this digital age, many judicial officers therefore (also) post the sale of assets online, in order to reach a larger audience. One of the websites used is 'Veilingdeurwaarder.nl,' being the defendant in this case. This website allows judicial officers to post information about public auctions in the context of which the assets of debtors will be sold. In this case, the plaintiff was a debtor whose car was seized to pay for his outstanding debts. The judicial officer had posted the vehicle registration as well as the plaintiff's name on Veilingdeurwaarder.nl. A glance at Veilingdeurwaarder.nl shows that this is common for most sales. Upon learning that his name was placed on the website 'Veilingdeurwaarder.nl,' the plaintiff - the debtor - demanded that the defendant disclose what personal data relating to him was being processed by the defendant. In particular, the plaintiff demanded a list of all the newsletter recipients. The defendant based his request on the 'right of access,' which is set out in article 12 of the Data Protection Directive and implemented in article 35 of the Dutch Data Protection Act. Veilingdeurwaarder.nl replied that it was not the data controller and referred the plaintiff to the judicial officer in question. The plaintiff decided to petition the court to order the defendant to provide him with an overview and a copy of all

personal data relating to him being processed by the defendant.

The decision It is important to note that when a judicial officer posts a licence plate number on Veilingdeurwaarder.nl, the website itself automatically retrieves the available information on that vehicle from the public record and combines it with the information submitted by the judicial officer. This public record itself does not contain information that would allow anyone to identify the owner of the car and is therefore not considered personal data. However, the Court decided that the non-identifying vehicle information combined with a name constitutes personal data. First, the court tackled the issue of who is 'responsible' for the publication of the personal data in question. The defendant had asserted that the judicial officer was the controller for the processing of personal data on the website, since he decided which information was posted in the announcement on the website. The court noted that - as a matter of law - the party that ostensibly processes personal data should be considered the controller, unless it can show otherwise. In that light, the court ruled that the defendant had not shown which data was submitted by the judicial officer and which information was derived automatically from the public vehicle record. Since the plaintiff's name was listed amongst the data displayed on the defendant's website, the court was forced to assume that this information was provided by the defendant for lack of evidence to the contrary. Next, the defendant contended that tweeting or emailing a hyperlink (to the announcement of the auction) cannot be considered an act of processing, since no personal data is being sent along

with the message. The court reasoned, however, that the definition of processing is quite broad and includes 'otherwise making available' of personal data. Distributing a link is just another form of 'making available.' The court therefore ordered that the defendant should comply with the 'right of access' request ex article 35 of the Dutch Data Protection Act. It does not need to disclose the names of the recipients of the newsletter; however, an overview of the categories of recipients will suffice. The court ordered the defendant to disclose an overview of all personal data relating to defendant and copies of all documents containing the data.

Commentary

Personal data and the controller

The court correctly concluded that the vehicle information must be considered personal data in combination with the defendant's name. The court then ruled that the 'party that ostensibly processes personal data should be considered the controller, unless it can show otherwise.' This effectively places the burden on the defendant to show that he is not the controller. The court did not identify the source of this rule, but there is certainly something to be said for it. After all, the data subject does not necessarily know who to contact when his or her information is published on a website. It stands to reason that the data subject may assume that the operator of that website is the controller in the absence of evidence to the contrary. On the other hand, we don't believe the plaintiff could have plausibly contended that he was not aware of the fact that the judicial officer was the party placing the information online in this case; certainly not after the defendant had referred the plaintiff

DATA PROCESSING

to the judicial officer in question. Moreover, based on the facts, it was abundantly clear who had provided the defendant's name: the judicial officer. There was no reason for the court to be confused about this point. The court's ruling does not mention the fact that many judicial officers post the names of debtors on the website, but a cursory review shows that this is the case. This shows that the defendant was - or should have been - aware of the practice of including personal data such as names on the website. Since Veilingdeurwaarder.nl apparently does not limit this practice on its website or in its terms of use, it stands to reason that it has - to a certain degree - determined that this practice is acceptable. The Data Protection Authority's guidelines about online publications say that a web intermediary - such as a hosting company - should be considered joint controller if it has the authority to remove information from its service and is used to doing so in situations where third parties claim that certain information infringes on their rights 1 . The court should have determined the amount of control that the defendant could and did exercise over the content of the website. We believe that this would have yielded a more satisfying conclusion than what the court arrived at.

Hyperlinking can constitute an act of processing

It would have made sense for the court to explain why tweeting or emailing a hyperlink is an act of processing, given the impact that such a verdict might have. The Data Protection Authority briefly addressed this question in its guidelines regarding online publication and suggested that placing a hyperlink to personal

data might be an act of processing in certain circumstances 2 . Unfortunately, the publication did not delve into this issue further. This is therefore fresh legal ground and it would have made sense for the court to further explain its reasoning. A Dutch court recently ruled that publishing a hyperlink to infringing content can - by itself - be considered an act of copyright infringement. In that situation it was argued that the defendant had intervened in the (unlawful) distribution of the infringing material, had brought it before a new audience and had profited from doing so 3 . One could argue that the case at hand is analogous to that situation. Any information posted on the internet suffers a measure of relative obscurity until its existence is somehow brought to the attention of the public. For example, an article about the personal life of a politician written on a random weblog is an act of processing by itself, but may only reach a few dozen people. If a popular news website republishes the information on its own site, hundreds of thousands of new readers would be introduced to the information. That re-publication would naturally constitute a new act of processing. If instead, however, the news site published only a hyperlink to the original blog post, those same hundreds of thousands of readers will discover the information only through the link on the news site. There is an argument to be made that publishing a hyperlink is just as much a 'making available' as republication of the information. The court never actually made such an argument, however. And - in any event - it is hard to argue that the tweets and newsletters sent out by Veilingsdeurwaarder.nl was an intervention that would have introduced the content to a

dramatically new audience. We therefore have strong reservations about the conclusion drawn by the court in this case. Finally, the court ordered the defendant to disclose the requested information. This may seem a little odd, since the court mentions in passing that it is likely that the plaintiff is already aware of the personal data held by the data controller. This is in line with case law, however. The Dutch Supreme Court has ruled that a controller cannot decline an article 35 request based on the fact that it covers information that is already known to the data subject. The purposes of the provision are - after all - to enable the data subject to verify the information held about him or her. The Supreme Court also ruled that the controller need not provide copies of documents that the data subject already possesses, since the data subject already would have had an opportunity to verify their accuracy 4 . It seems unlikely that the controller processed more information about the defendant than was publicly made available through the website. The plaintiff therefore probably had everything he needed to verify whether the personal data processed by Veilingdeurwaarder.nl was accurate. The court left this issue unanswered.

Nicole Wolters Ruckert Attorney Maarten Goudsmit Attorney Kennedy Van der Laan, Amsterdam Nicole.Wolters.ruckert@kvdl.nl Maarten.Goudsmit@kvdl.nl

1. CBP Richtsnoeren - Publicatie van

persoonsgegevens op internet, College bescherming persoonsgegevens, December 2007, p. 8.

2. Ibid.

3. Rechtbank Amsterdam, 12

September 2012, LJN BX7043 (Sanoma/GS Media).

4. Supreme Court, 29 June 2007, NJ

2007, 638, LJN AZ4663 (Dexia), ro. 3.4.

PRIVACY

Ajemian v. Yahoo! Appeals Court of Massachusetts (Norfolk division), 7 May 2013 (987 N.E.2d 604) A case involving a request by a deceased man’s relatives to access his Yahoo! email account, which was denied by Yahoo!, highlights the difficulty of balancing electronic privacy with the rights of those claiming a legitimate reason to access online content.

In the good old days, prior to the widespread adoption of electronic mail, obtaining access to a beloved one's personal documents after his or her death was a fairly straight- forward process. The executor of the estate would, consistent with any specific instructions in the decedent's will, be authorised by a court of law to have banks and postal offices open the decedent's safety deposit boxes to determine their contents and aid with the administration of the estate. A recent Massachusetts appeals case, Ajemian v. Yahoo!, Inc. 1 , highlights a growing conflict between traditional US probate law and outdated US electronic privacy laws, with respect to ownership and protection of a decedent's electronic communications.

Background facts Around August or September of 2002, Robert Ajemian opened a Yahoo!, Inc. email account for his brother John; Robert intended that the two access and share the account as co-users. Yahoo!'s Terms of Service and Privacy Policy (TOS) at the time the account was first opened gave it the right to terminate a password and discard account content for any reason, in its sole discretion 2 . In August of 2006, John was struck and killed by a motor vehicle. At the time of his death, Yahoo!'s TOS included a clause excluding any third-party beneficiaries to the agreement and terminating any right of survivorship to Yahoo! email accounts. There was no evidence that this change in policy was ever communicated to the decedent or his brother 3 . Beginning shortly after John's death, Marianne and Robert Ajemian, siblings of the decedent, tried repeatedly to gain access to their brother's email account. Initially, they sought access in

order to obtain the email addresses of John's friends to notify them of his death and memorial service. Subsequently, the plaintiffs (by then appointed as co- administrators of decedent's estate) sought the emails to help identify and locate assets and administer the decedent's estate. Although Yahoo! initially agreed to turn over the information, provided the family produced a copy of John's birth and death certificates and other documentation, it later refused them access to the account or its contents, relying on the Stored Communications Act, 18 U.S.C. §§ 2701 et seq. (2006). Yahoo! interpreted that law to prevent it from disclosing decedent's emails, even to the administrators of his estate. Subsequent negotiations led the parties to a partial resolution, requiring Yahoo! to produce 'all subscriber records and email header information, not to include email content,' which Yahoo! produced pursuant to the judgment 4 .

Probate court decision The co-administrators then filed a second complaint in Probate Court seeking the contents of the emails on the grounds that they were the property of John's estate and property of Robert as co-owner of the account. The probate judge dismissed the complaint on the grounds that the Yahoo! forum selection clause in the TOS required that any lawsuit be brought in California. The probate judge also concluded that res judicata barred the co- administrators from bringing their claim in a Massachusetts court, but not in a California court 5 .

Appeals Court decision The Appeals Court of Massachusetts (Norfolk division) determined that there was a failure

in the record as to whether the forum selection clause had been 'reasonably communicated and accepted' by the email account users; therefore, Yahoo! had not met its burden of proof with respect to its contract claims. Further, since the co- administrators were not signatories to the Yahoo! contract, the court determined that it would not be reasonable to enforce the forum selection clause against them. With respect to jurisdiction over this dispute, the Appeals Court favoured Massachusetts over California. The Appeals Court held that since John was domiciled in Massachusetts at the time of his death, 'Yahoo! [had] offered nothing to suggest that jurisdiction over assets of his estate [should be] anywhere other than Massachusetts.' 6 The Appeals Court did not reach the question of whether Yahoo! was required to keep the emails confidential under the Stored Communications Act. The Court noted that Yahoo!'s request that the Probate Court's decision be affirmed under the Stored Communications Act had been raised only in a footnote and did not 'rise to [the] level of argument acceptable for appellate review.' 7 The judgment was reversed and the matter remanded to the Probate Court for further proceedings consistent with the appellate opinion.

Comments: family law in the internet age Recent news of apparent widespread electronic snooping by the US government has heightened concerns that internet service providers guard and protect their customers' electronic communications. On the other hand, in a world where most people in developed nations communicate and engage in

PRIVACY

 

commerce largely via electronic means, cases like Ajemian v. Yahoo! highlight the often legitimate interests of non-governmental entities in gaining access to someone else's electronic communications. Under Massachusetts law, as with most states, upon a person's death, that person's real and personal property passes to their devisees or heirs 8 . Further, the decedent's personal representative has the right and responsibility to take control of the decedent's assets to the extent necessary to handle the

 

on the central importance of

 

communications of decedents 14 . At the same time, many email service providers have policies in place that would have allowed the plaintiffs access to the decedent's emails 15 . Absent changes in federal or state electronic privacy laws, these types of probate court disputes may become increasingly common.

electronic assets. Still, it could be another generation until the phrase 'personal effects' is recognised to include all of one's electronic communications and electronic documents.

In

the meantime, courts will

continue to struggle with this tension between electronic privacy rights and the legitimate interests of a decedent's estate administrators. As shown in this case, contract law provides only a partial solution, and may be part of the problem. Although 'a common law cause of action for invasion of privacy may cease upon death, general freedom of contract principles suggest that it may still be possible to create a contractual right of privacy which is effective to protect private information of deceased individuals.’ 11 However, if

Frederick M. Joyce Chair, Telecom Group Tiffany M. Nichols Associate Venable LLP rjoyce@venable.com tmnichols@venable.com

administration of the estate 9 . While

1.

Ajemian v. Yahoo, 987 N.E.2d 604

it

is unclear from the Appeals

(Mass. App. Ct. 7 May 2013).

Court decision whether the decedent had a valid will upon his death, this dispute might have occurred with or without a will, given uncertainties under Massachusetts law as to whether email should be deemed property of an estate. Yahoo! somewhat half-heartedly relied on the Stored Communications Act to deny the co-administrators access to the decedent's email records. Nevertheless, privacy rights are generally understood to cease upon

2. Ibid. at 607-08.

3. Ibid. at 608.

4. Ibid. at 608-09.

5. Ibid. at 609-10.

6. Ibid. at 613-15.

7. Ibid. at 616 (citing Mass. R. App. P.

16(a)(4), as amended by 367 Mass. 921

(1975)).

a contract is deemed unlawful or contrary to public policy, it is unenforceable 12 . Absent some record evidence that the decedent intended Yahoo!'s privacy policy to be binding on his estate, the Appeals Court likened Yahoo!'s privacy policy to a contract of adhesion, the kind a majority of internet users fail to read 13 . Consequently, the family's public

policy interest in administering the estate outweighed Yahoo!'s inchoate interests in protecting the privacy of a deceased customer.

8.

Mass. Gen. Laws ch. 190B, § 3-101

(2012).

9.

Mass. Gen. Laws ch. 190B, § 3-709

(2012).

10.

Jonathan J. Darrow & Gerald R.

Ferrera, 'Who Owns a Decedent's E- Mails: Inheritable Probate Assets or

Property of the Network?,' 10 N.Y.U. J. Legis. & Pub. Pol'y 281, 314 (2006- 2007) (citations omitted).

11.

Ibid. at 314 (citing Willard Packing

a

person's death 10 . And, personal effects such as letters and pictures that traditionally pass to heirs are just as likely as emails to contain personal information. The real concern for email service providers lies with potential liability for unauthorised disclosure to 'bad guys,' not family members, of private and protected electronic communications. One lesson to be learned from this case is that the drafters of wills may need to focus their attention

Co. v. Javier, 899 A.2d 940, 947 (Md. Ct. Spec. App. 2006); State v. Pleva, 456 N.W.2d 359, 362 (Wis. 1990)).

12. Ibid.; see also ibid. at 293-94.

13. See Tyler G. Tarney, 'A Call for

Legislation to Permit the Transfer of

Digital Assets at Death,' 40 Cap. U. L. Rev. 773, 778 (Summer 2012) (citation

A

change in venue, or even a

omitted).

change in email service provider, may have led to a different outcome. For instance, Indiana, Connecticut, Rhode Island, and Oklahoma have adopted laws granting estates certain property rights in the electronically stored

14.

Ind. Code § 29-1-13-1.1 (2010);

Conn. Gen. Stat. § 45a-334a (2010); R.I. Gen. Laws § 33-27-3 (2007); Okla. Stat. tit. 58 § 269 (2010).

15.

See Darrow & Ferrera at 294-295.

ACCESS YOUR ONLINE ACCOUNT - WWW.E-COMLAW.COM/E-COMMERCE-LAW-REPORTS

Benefit from more exclusive content online and make full use of our extensive case law online archives that span e- commerce case law since 2001. FFoorrggootttteenn yyoouurr lloogg--iinn ddeettaaiillss oorr iinntteerreesstteedd iinn ssuubbssccrriibbiinngg?? Email David Guati at david.guati@e-comlaw.com