If you are running a technology business that deals with content provided by users or other third parties—or even if your business simply has an interactive web presence that allows users to post their own comments or photos or contains links to other websites—there are important changes you need to know about to limit your liability for copyright infringement caused by your users and other third parties. Here’s what you need to know.
Since 1998, the Digital Millennium Copyright Act (DMCA) has provided certain “safe harbors” that limit a “service provider’s” liability for copyright infringements caused by content provided by users or other third parties. If the service provider meets the requirements of a particular safe harbor, it will have no liability for monetary damages or (almost all) injunctive relief for copyright infringement arising out of content provided by third parties.
Under new regulations that became effective December 1, 2016, the U.S. Copyright Office imposed new, detailed registration and renewal requirements that a service provider must meet in order to qualify for—and maintain—the limitations on liability afforded under the DMCA. Furthermore, the regulations signal the U.S. Copyright Office’s intent to extend the new registration requirements to service providers who were not clearly required to comply with these requirements under the DMCA previously—meaning that certain businesses who may have believed since 1998 that they were exempt from these registration requirements must now comply with the new regulations—or risk losing important protections against liability for copyright infringement.
THINK YOUR BUSINESS IS NOT A “SERVICE PROVIDER”? THINK AGAIN.
Section 512 of the U.S. Copyright Act defines a “service provider” broadly to mean any “provider of online services or network access, or the operator of facilities therefor.” As such, your business is likely a “service provider” within the meaning of the DMCA if you, for example:
- Operate a website or app that does any of the following:
- has “social” or “sharing” functionalities (for example, that allow users to provide comments or reviews, participate in discussions or user forums, or upload photos or other materials);
- contains or publishes material submitted by third parties (such as product photos or descriptions in an online marketplace);
- contains links to other websites or online materials;
- helps users locate information (for example, a tool to search for and compare product or pricing information from various sources); or
- has messaging functionalities where messages are stored—temporarily or permanently—on your servers (such as an “Inbox” where the user can exchange messages with your business or with other recipients); or
- Provide a data service where the data consists—in whole or in part—of information provided at the direction of users or other third parties;
- Operate servers, cloud services, hosting services or “software-as-a-service” offerings that allow users to submit, store, or publish content; or
- Provide network services whereby material transmitted by users is temporarily stored (“cached”) in your system as an incidental function of your service.
A BRIEF HISTORY OF THE DMCA AND THE “NOTICE AND TAKEDOWN” PROVISIONS OF THE SAFE HARBORS.
Under U.S. copyright law, simply creating a copy of someone else’s copyrightable subject matter without permission is a copyright infringement—even if that copy was created automatically through a technological process initiated at the direction of someone else. (For example, a user’s submission of materials to your website may result in a copy of these materials being automatically created on the website servers.) Similarly, merely linking to infringing materials can give rise to a copyright infringement—even if you had no reason to know that the linked material was infringing.
Because automated copying and linking of online content are both inherently necessary to the operation of the Internet, Congress recognized that holding website operators and other service providers strictly liable for these activities in all cases could hinder the growth of the Internet and the advancement of related technologies (including networking and e-commerce). As a result, when enacting the DMCA in 1998, Congress specifically provided certain “safe harbors” to protect service providers against claims of copyright infringement arising out of temporary or permanent storage of user-provided materials or linking to infringing materials.
Though each safe harbor has differing requirements (based on the activity of the service provider that is alleged to cause an infringement), the “notice and takedown” component is common to almost all DMCA safe harbors. Under the “notice and takedown” component, a service provider can immunize itself from monetary liability to a copyright claimant by: (i) appointing an agent to receive notices of copyright infringement occurring via its service and (ii) upon receiving notice of an infringement, acting expeditiously to remove or block access to (“take down”) the infringing material.
Appointment of an Agent to Receive Copyright Notices—Required Steps.
As written, the DMCA provided specific instructions for appointing an agent for only one of the safe harbors—albeit the one with potentially the greatest applicability to most businesses, namely, the safe harbor against liability for information uploaded to or stored on websites or servers by users. Under this safe harbor, the service provider must do both of the following for the appointment of an agent to be valid and meet the requirements for the safe harbor:
- Publish required contact information for the designated agent on a publicly-accessible page on the service provider’s website; and
- Provide the required contact information for the designated agent to the U.S. Copyright Office for inclusion in a public directory of such agents.
WHAT HAS CHANGED WITH THE NEW REGULATIONS?
Since 1998, the Copyright Office has required that a service provider use a paper form to appoint its designated agent, which was then scanned into an electronic format and made available to the public via an online directory (there was also a fairly hefty filing fee of $135.00 per filing). In addition to being cumbersome and non-searchable, over time much of the information contained in the directory became outdated (due to businesses not updating their contact information) and cluttered with defunct service providers. Given this, effective December 1, 2016, the U.S. Copyright Office implemented a mandatory online mechanism for service providers to provide the required contact information for their designated agent. This new mechanism places the burden on service providers to keep their information accurate and up-to-date or risk losing the protection of the DMCA safe harbors.
Key Points of the New Regulation:
1. Mandatory Electronic Filing with the Copyright Office to Appoint an Agent. Starting December 1, 2016, all service providers seeking the protections of the safe harbor must use the U.S. Copyright Office’s online registration mechanism to appoint an agent to receive notices of copyright infringement. Paper filings will no longer be accepted by the Copyright Office.
Note – The Notice on Your Website is Still Required. Be aware that the new mandatory electronic filing procedure does not eliminate the separate legal requirement that the service provider also publish the contact information for the appointed agent in a publicly-accessible page on the service provider’s website. Failure to do so will mean that the service provider will not get the benefit of the safe harbor, even if the service provider has made the required filing with the Copyright Office.
2. You Need to File under the New System Even if You Previously Appointed an Agent with the Copyright Office. As noted, the Copyright Office has maintained a directory of appointed agents since 1998, and you (or your attorney) may have already filed an appointment of copyright agent under the old system. However, in an effort to clear out the outdated information that has accumulated in that time, on December 31, 2017, all appointments filed before November 30, 2016 will become invalid. In short, even if you filed under the old system, you need to make a new filing under the new system if you wish to preserve the limitations on liability under the DMCA safe harbor beyond 2017.
3. Service Providers Must Renew the Appointment of Their Agent At Least Every Three (3) Years. Once filed, each appointment will expire and become invalid three (3) years after the appointment is made, unless the service provider makes a filing with the Copyright Office to renew the appointment. Failure to renew the appointment will mean that the service provider loses the limitation on liability afforded by the safe harbor.
Note – There is a nuance to this “three (3) year rule”: to encourage service providers to keep their agents’ contact information current, the new regulations provide that the “three 3 year clock” is reset each time the service provider changes their appointment information (for example to change the name or address of their appointed agent). In this case, the three (3) year clock starts running anew from the date the service provider updates its appointment with the Copyright Office.
Example: Service Provider files with the Copyright Office to appoint an agent on March 1, 2017. That appointment will expire three (3) years later (March 1, 2020) unless validly renewed.
However, if Service Provider makes a subsequent filing on June 1, 2017 to update its appointment, the three (3) year clock is reset from the date of the “update” filing (June 1, 2017), and will not expire until June 1 2020.
4. The New Filing Requirement Applies to the “System Caching” and “Linking/Search Tool” Safe Harbors As Well. While several of the DMCA safe harbors require the service provider to act promptly to remove (or disable access to) allegedly infringing information once its appointed agent is notified, only one safe harbor—the one for “information stored by others”—specifically states that the agent must be appointed by a filing with the Copyright Office coupled with public notice on the service provider’s website. However, the explanatory comments to the new regulations make clear that this filing requirement—as well as the requirement of a public notice on the service provider’s website—are required to qualify for the DMCA safe harbors for “system caching” and “linking/search tool” activities as well.
This means that, even if you do not allow users to store information on your website or system, you should still make a filing under the new system if you wish to limit your liability for websites or business activities that involve:
- providing links to third party information;
- providing tools or functionality to locate third party information; or
- automatic, temporary “caching” of third-party information (for example, as part of transmitting content from one user to another).
ADDITIONAL—BUT OFTEN UNSUNG—BENEFITS OF THE DMCA AND THE SAFE HARBORS.
Obviously, the ability to avoid all monetary liability for certain copyright infringement claims is a prime motivator for service providers to obtain—and maintain—protection under the DMCA safe harbors. But there are two additional benefits available to a service provider under the DMCA that are often overlooked.
- First, if a service provider has validly designated an agent to receive notices of copyright infringement as required under the safe harbors, copyright claims that are made against the service provider—but are not sent to the service provider’s designated agent—generally do not count as putting the service provider “on notice” of the infringement, and do not trigger the obligation to remove (or disable access to) the material.
- Second, a service provider who “takes down” allegedly infringing materials to protect itself against liability to a copyright claimant could inadvertently expose itself to liability to another party—namely, the party who originally provided the allegedly infringing content. (For example, disabling access to a customer’s content because of a copyright claim could be a breach of the service provider’s contract with that customer.) To address this concern, the DMCA provides that a service provider will have no liability to any person for “taking down” material that is claimed to be infringing (though, in certain situations, the service provider must also notify the party who originally provided the allegedly infringing content and give them an opportunity to contest the “takedown” in order to take advantage of this additional protection against liability).
While the new regulations described above have a significant impact on the “notice and takedown” component of the DMCA safe harbors, bear in mind that complying with these new regulations is not the only thing you need to do to qualify for the benefits of the safe harbors. There are numerous safe harbors that may apply to your business activities, and each has additional specific requirements and conditions that must also be met before you can claim protection under an applicable safe harbor. If you have questions regarding the DMCA safe harbors or how to structure or protect your online business operations, contact Mike Stewart at firstname.lastname@example.org or (770) 399-9500 for more guidance.