Music at Work – Money Money Money

Last week the government announced changes to the exemptions allowing charities to play music in the workplace without paying royalites.This serves as a useful reminder that if you play music in your place of work, whether it is by way of CDs behind a bar, or because the radio is on in the garage, or because the aerobics class uses dodgy disco re-mix of AC/DC (yes this happened to me during Body Pump one day) then technically you are infringing intellectual property rights. The IPRs in question are both copyright in the composition, and a fairly strange right called “performance right” which protects musicians and recordings.

These rights are enforced by the Performing Rights Society (PRS) for the composition, and Phonographic Performance Limited (PPL) for the recording. These organisations will sell you a licence to allow you to use the music, and then distribute the licence fees to the composers and performers (there is a reference in the Beautiful South’s uber-cynical “Song for Whoever” about loving a “PRS cheque”).

Of course if PRS/PPL they catch you using music without a licence then not only will they insist that you buy a licence for future use, but they will also ping you for past use. So for example a couple of years ago PRS dragged Kwik Fit throught the Courts in relation to music played on radios brought in by the mechanics (as opposed to “a company radio”).

Just something to bear in mind!

         

Court ruling on “reasonable adjustments” under the DDA

I read at the weekend that an appeal by RBS to over-turn a court order ordering RBS to carry out £200,000 worth of remedial works to a branch in Sheffield has failed.

The case involves a successful claim by a customer that, as a service provider, RBS had breached its obligations under the Disability Discrimination Act 1995 (the “DDA”) – in particular that it had failed to make “reasonable adjustments” (as required under section 21 of the DDA) to make the branch accessible to wheelchair users. The case is signifcant because it is the first time (as far as I am aware) that, in addition to a finding that discrimination had taken place, a court has ordered a defendant to incur capital costs to prevent discrimination from re-occuring.

Whilst this case relates to access to a physical building, it is also relevant for the purposes of considering the DDA and the accessibility of websites by users with disabilities. In particular, it confirms that the courts are prepared to order a defendant to incur substantial costs and carry out remedial work (whether to a bricks and mortar site or a clicks and mortar website). That doesn’t mean to say that costs of £200,000 fixing an inaccessible website will automatically be deemed “reasonable” (RBS did not appear to challenge the reasonableness of that figure), but it does set a precedent in respect of the use of court orders under the DDA.

It’s also interesting to note that the court rejected RBS’s argument that the claimant could access the same services through RBS’s Internet banking website, and therefore that RBS had discharged its duties under the DDA. The court differentiated the channels through which services are offered to customers on the basis that there are certain things that can be done in a branch that cannot be done online. This may make it harder for operators of inaccessible websites to say that other, alternative, channels offer the same functionality as the website.

You can read the judgment on the BAILII Website

Telecoms to be testing ground for data security breach notification requirements

So the European Council has finally approved amendments to the “E-Privacy” Directive (Directive 2002/58/EC) which will introduce a formal data security breach notification obligation for providers of telecommunications services.

This brings a temporary end to the wrangling which saw the European Parliament pushing for the notification requirements to extend also to providers of other information society services. However “temporary” is the operative word as the amending Directive makes it clear in its recitals that the Commission should in the meantime be working with the European Data Protection Supervisor to “encourage” the application of the principles embodied in the new rules throughout the Community, regardless of sector or nature of personal data involved. 

I said in my post on the California law position a few weeks ago, that flexibility and proportionality are key if data breach notification is to fulfil its purpose. For that reason, the march towards wide ranging mandatory breach notification requirements in Europe in itself doesn’t fill me with quite as much enthusiasm as might be expected of a conscientious data protection lawyer.

However the approach taken by the new legislation is encouraging. The obligation will be to notify the Information Commissioner without undue delay of a data security breach and to notify any data subject only if the breach is likely to adversely affect that person’s personal data or privacy. And the telecoms provider will be relieved of the obligation to tell data subjects if it can show that the data affected by the breach was  protected by appropriate security measures, rendering the data “unintelligible” to anyone not authorised to access it. So, in theory, this approach means that the information overload/breach fatigue which I discussed in my earlier post could be restricted to the Information Commissioner, with data subjects only finding out about incidents where there is a real risk that they may be adversely affected.

Of course there is still a risk that cautious data controllers will tell data subjects anyway, regardless of the likelihood of their being affected. But there is a right in the new legislation for the Information Commissioner to effectively make this judgment for the data controller and order it to tell data subjects if it hasn’t already done so.  Whilst that right doesn’t excuse a failure on the part of the controller to make the right decision on this in the first place, there is perhaps at least some scope for this mechanism to curb unnecessary notification in practice. Time will tell.

 

 

 

Twittersquatting

So, cybersquatters have hit Twitter and Hyundai are considering court action to prevent someone displaying racy pictures and a caption saying, “Have a lustful day” under their name on Twitter. According to this report a number of large brands including Diageo, Burger King, Nike and Volkswagen all have squatters sitting on their accounts.

The UK courts have come down hard on cybersquatters and the Court of Appeal decision in One in a Million virtually outlawed the practice. The One in a Million approach was given express approval by the Court of Session in Scotland in Bonnier Media. In addition, cybersquatters also have to contend with the cheaper and more informal online dispute resolution policies such as the ICANN policy  meaning that a trade mark proprietor or brand owner can generally get their domain name back from a blatant cybersquatter for a few thousand pounds. Obviously there are always grey areas and cybersquatters have become more sophisticated with many seeking smaller sums in order to avoid being seen to be blatantly holding domains to ransom.

So, is there likely to be a lucrative cybersquatting trade in Twitter accounts? In the UK anyway I think this is unlikely. It appears that Twitter are, at present, doing what they can to re-assign well-known brands, even if it does take some time. If this did ever come before the Courts in England or Scotland I’d be very surprised if the approach taken was any different to that taken in One in a Million; that registration of a Twitter account relating to a well-known brand amounted to passing off and, if applicable, trade mark infringement.

In the meantime, no doubt Hyundai will see a significant increase in traffic to their Twitter site.

The long and winding road

My favourite band ever is the Beatles. If you start to read up on their history you get a crash course in company law, partnership law, copyright law, trade mark law – lots of kinds of law. And hey, the tunes aren’t too shoddy either.

The latest development in Beatles legal wrangles is that an American website named bluebeat.com has been banned from selling the entire Beatles discography for digital download.   The songs have never been licensed to anybody to sell online, so it’s unlikely the Beatles would break with this trend to license an obscure company. Bluebeat’s owner, Hank Risan, has justified the site’s actions on the basis that the tracks were “re-recorded” using “psycho-acoustic simulation”, and refers to an “imitation or simulation” loophole in the American Copyright Act. While I can’t speak for US law, I can say for certain that no such loophole exists in the UK Copyright, Designs and Patents Act 1988. (And in any case I’m still fairly sure that this argument won’t stand up to much scrutiny in the US when the parties meet again in court on 20th November.)

So why are the Beatles pretty much the only major artists yet to make available their back catalogue online? The answer is that the Beatles have generated almost as many lawsuits as memorable melodies.

A really abridged history would be as follows. The Beatles float a publishing company Northern Songs on the stock exchange to avoid income tax; Paul McCartney falls out with John Lennon and petitions the court to dissolve the Beatles’ partnership; Apple Corps (the company formed in 1968 to look after the Beatles’ affairs) bicker with their record label EMI over royalty payments; Apple Corps sues Apple Computers for trade mark infringement; Apple Computers agree to stay out of the music business, the controlling stake in Northern Songs is put up for sale (and Michael Jackson outbids Paul McCartney, whose appeal for financial assistance from Yoko Ono is refused); Paul McCartney gets sued by Yoko Ono over royalty arrangements with EMI; Apple Corps sue Apple Computers again when computers are equipped to playback MIDI files; Apple Corps sue Apple Computers (now “Apple Inc”) yet again when ITunes appears; Apple Inc gets rights in Apple trade marks and agrees to license all Apple trade marks back to Apple Corps; Apple Corps sues EMI for money owed from albums sales … and so on.

It’s all a bit reminiscent of Frank Drebbin’s speech in The Naked Gun: “boy finds girl, boy loses girl, girl finds boy, boy forgets girl, boy remembers girl, girl dies in a tragic blimp accident over the Orange Bowl on New Year’s Day.” (Except of course it would be the Apple Bowl, not the Orange Bowl.)

You may have picked up that the biggest dispute is between Apple Corps and Apple Inc – who just happen to be the owner of ITunes, the world’s biggest online-based digital download store. This is the big reason that the Beatles songs aren’t available for digital download. What everyone has been waiting for is something as rare as a bad Beatles tune: a time when the four Beatles (and their widows), both Apple companies and EMI are all in agreement. Things seemed to be going well for the last few years, until McCartney reported that negotiations had got a bit heavy, man.

They all just need to Come Together, With a Little Help From Their Friends and reach The End, of The Long And Winding Road.

(You knew a “song title sentence” had to happen at some point.)

The Rise of the Machines (Phorm and Data Protection)

Earlier last month the Office of Fair Trading announced a review of the targeting of “online behavioural advertising and customised pricing”. I think this is a result of the EU threatening legal action against the UK.

The dispute centres around BT’s secret trials in 2006 and 2007 of “behavioural advertising” technology developed by UK tech firm Phorm. The technology was presented to BT internet customers on an opt-out basis, and cheerily described as being designed to provide greater protection from online fraud. (Cheekily, tailoring of advertising was glossed over as a secondary feature.) If you didn’t opt-out then advertising you saw on your browser was duly based on previous web browsing activity – so that the adverts more closely matched the browser’s interests. This secret trial was uncovered by some impressive detective work by BT customers.

The explanation is fairly technical, and it’s hard to decipher without being reminded of The Terminator or The Matrix or any of the other 100 dystopian sci-fi films which tell you that technology is only going to make things horrible for humans. But it’s enough to understand that some BT customers began to note that anytime they visited a new website their browsers were exchanging information with a mysterious domain, and the truth was unravelled from there. (It’s not quite as heroic as saving the future of mankind by fighting an unstoppable cyborg assassin who has been sent back from the year 2029 by a collective of artificially intelligent computer-controlled machines – but it’s still pretty heroic in its own way.)

The discovery of this sneaky secret trial led to complaints to the Information Commissioner, the UK police and MEPs, and a dialogue was opened between the Information Commissioner and the European Commission about possible problems in the way in which the UK has implemented parts of EU rules on the confidentiality of communications.

A subsequent government investigation, by the Department for Business, Innovation and Skills concluded that the Phorm technology did not breach European laws on data protection. Nevertheless, the E-Privacy Directive clearly requires EU Member States to ensure confidentiality of the communications and related traffic data by prohibiting unlawful interception and surveillance unless the users concerned have consented. And the Data Protection Directive also specifies that user consent must be “freely given specific and informed”. Does an obscure opt-out amount to “freely given” or “informed” consent? The EC thinks not, and is also concerned that the UK does not have an independent national supervisory authority that deals with such interceptions.

The EC also thinks that the application of UK surveillance law (as set out in the Regulation of Investigatory Powers Act (RIPA) isn’t being regulated properly.

The UK which now has two months in which to respond to the Commission. If the Commission is unsatisfied with the response it could take the case to an EU court and perhaps force a change in UK law.

Olympic Stadium Photos (aka Red Heat)

When I was a trainee I was once asked if a client could use “copyright” to stop a newspaper printing photos of its stadium development (the answer was no).

So I was amused that the International Olympic Commitee has sent a “legal letter” to a photographer asking him to remove photos of the Beijing Water Cube from Flickr.

Interestingly the letter doesn’t mention copyright (although a lot of the blog commentators do start banging on about copyright).  Under UK law the photographer owns the copyright in a photo he/she takes (no matter what the subject matter is). So on that analysis the IOC have no copyright in the photo taken by the photographer.

There is a type of quasi intellectual property right called moral rights which gives a very limited protection to a person featured in a a commissioned photo such as a wedding photo.  More relevantly for this case there is also a moral right that (if asserted) means the architect of a building has to be indentified every time a photo of that building is displayed.

Rather than fight on copyright (good decision) the IOC letter claims that posting the photo is a breach of contract.

“What contract?” I hear you cry. The contract the IOC is referring to is the contract formed when you buy a ticket for an Olympic event. That contract has terms that prohibit the taking of photos at the event. However, it is not clear that the photographer bought a ticket, and the photos are exterior shots. So that looks like a dud line of attack.

Finally the IOC letter says its trade mark rights are being infringed. However, under UK law at least, I don’t think the photographer is infringing the trade marks because he is not using the Olympic trade mark as a “badge of origin” or similar.

I have noticed an increase in these “Olympic committee being over zealous in protecting its trade mark” stories recently.  I blame the lawyers!

From a personal point of view I hope they don’t have a pop at Little Chef’s Olympic breakfast.