Reproducing copyright works in the cloud - do we need a new copyright levy?

Should authors and artists receive appropriate compensation when we store their works on a virtual disk such as a cloud? This question will be tackled by the Court of Justice in case between Austrian copyright collecting society Austro-Mechana and German company Strato AG which provides cloud services to its users (case C-433/20). Meanwhile, Advocate General Gerard Hogan has already issued his opinion in the case. 

Going into the details - the dispute mainly concerns the interpretation of Article 5(2)(b) of Directive 2001/29 on the harmonisation of certain aspects of copyright and related rights in the information society. As a rule, the exclusive right to authorise reproduction of protected works is vested in the rightholders, e.g. authors, performers, etc. However, this right may be restricted when the reproduction is done by a natural person for private use and not for direct or indirect commercial purposes. There is one condition - the copyright holders should receive fair compensation for this. Such compensation consists in so-called copyright levies, popular and introduced in many member states, which are included in the price of devices and media enabling reproduction of works, e.g. smartphones, tablets, computers, but also printers or blank media, such as CDs.

Many people nowadays use cloud services, storing various files there, including copyright-protected materials. The question is whether the exception provided for in Article 5(2)(b) of Directive 2001/29 also covers private copying of copyright-protected content by individuals in the  cloud? Since the provision uses the expression 'reproductions on any medium', does it concern only physical media or virtual as well? If so, should the rightholders receive appropriate compensation in such cases?

Replying to the first question, AG states that the provisions of Directive 2001/29 must be interpreted in a technologically neutral way in order to ensure that copyright protection in the EU does not become obsolete and out of date with technological progress and the emergence of new forms of exploitation of works. Nor does it appear that the EU lawmakers intended to limit the scope of the provision in question exclusively to physical media or carriers (para 35-36). Therefore, in the AG's view, the exception concerning reproduction on any medium also covers reproduction using cloud services.

On the other hand, answering the second question, he found that a copyright levy is not necessarily payable here. This is due to the fact that very often devices or carriers used for data transmission to the cloud are already subject to fees. AG emphasized that a fair compensation should be considered as a compensation that does not excessively or insufficiently compensate (para. 59). Thus, care must be taken not to disturb the balance between copyright holders and users by introducing new fees. After all, the purpose of setting copyright levies is to ensure that authors are not unduly harmed by the private reproduction of their works. Therefore, there is no need to introduce a separate fee for reproduction of a work by a natural person for private purposes using cloud services provided by a third party. The condition, however, is that the fees already charged for reprographic devices used to transmit files to the cloud must also reflect the harm caused to the rightholders by such reproduction (para 72). As he added, the rightholder may, nevertheless, try to show that the compensation obtained is inadequate in a given situation.

Press digest

Cloud computing

New research suggests that 72% of European cloud users still are not able to answer any questions as to where their data is being transferred to, which means that even if they have been informed about this by their cloud service providers, this information clearly has not reached them. (see Many cloud systems 'not meeting EU data protection rules')

Mobile banking and mobile advertising

The European Banking Authority is consulting its new guidelines for providing more security to online payments market. The new guidelines of the European Banking Authority so far correspond to the rules of the EU Payment Services Directive. The question is whether it makes sense to adopt them as such as of August 2015 or whether to strengthen them already in the anticipation of the new PSD2. (New payment security guidelines to apply to online retail from August 2015) A brief summary of a current EU regulatory landscape with respect to mobile banking and payments may be found here: FCA thematic review - mobile banking and payments September 2014.

 Another article presents well how the use of smartphones influences modern advertising strategies. (3 Truths About Mobile Advertising In The Era Of Hyper-Connectivity)

 

Morality & consumers

The Archbishop of Bukavu and President of the Provincial Assembly of Bishops of Bukavu and Kindu addresses the European Parliament and other European institutions to guarantee that the resources used in consumer goods are not linked to human right violations and conflicts. (EU must give assurances on the morality of trade in natural resources)

Consumer behaviour

Interesting article on what went wrong with the consumer culture/ consumer image. (Viewpoint: How the consumer dream went wrong) Another survey shows us that at least in the US trust of consumers in using their credit cards have diminished recently; is it turn to popularize fingerprint-protected credit cards? (Data Breaches Are Affecting Consumer Behaviour and Trust in Credit Cards...)

Press digest

Telecommunication

The European Commission announces not to further regulate fixed telephone lines, since the market moved towards mobile and online telecommunication. (Europe says goodbye to fixed line regulation, hello to mobile era)

Tobacco Products Directive

UK e-cigarette manufacturer, Totally Wicked, challenges the validity of art. 20 of the Tobacco Products Directive at the CJEU, claiming that e-cigarettes should not be regulated as "tobacco related products" if they don't contain tobacco. (E-cig manufacturer wins right to challenge Brussels in EU courts; Totally Wicked vs. the EU's tobacco directive; First e-cig TV adverts from next month)

EU Data Protection and ePrivacy rules

Worries are being expressed about strengthening existing data protection rules even when businesses do not seem to be able to hold to currently existing ones (EU set to strengthen data protection laws). Data Protection Authorities across the EU are currently stepping up enforcement of the compliance with the existing EU data protection rules, by conducting a widespread cookie sweep (Are you ready? The EU "Cookie Sweep" is upon us). Other sources report widespread non-compliance of cloud-based storage service providers with the existing EU data protection rules (Most cloud apps flout EU data protection rules - study).

Tourism sector

TUI Travel argues in the UK for more support to be given to the reform of the Package Travel Directive and the Regulation No 261/2004 on air passenger rights. (TUI Travel calls on UK government to support the travel and tourism sector at home and abroad)

Competition

European booksellers plead with the European Commission and BEUC to set up investigation into the monopoly position of Amazon in the online book market, which harms European consumers by depriving them of a rich and diversified online book offering. (Booksellers raise Amazon monopoly concerns with European Commission)

Health claims

The new rules on food labelling (EU Regulation 1169/2011 on food information to consumers) are to enter into force as of December 2014 (nutrition information as of December 2016). Especially the sport nutrition sector may have to invest time and money to adjust the labels of their products to the new rules. While this regulation forces producers to be very specific in listing ingredients of their products, it may be even more difficult for the producers to justify placement of easy claims on how certain products may boost energy etc. (which are also regulated by Regulation 1924/2006). (Claim, set and match)

Consumer behaviour

Two new survey results have been published showing us growing trends of consumer online shopping habits. (UK leads European online shopping; Northern European web shoppers spent €1,780 each in 2013) In the meantime, Facebook sets up a new division - Facebook IQ - to try to understand consumer behaviour better... (Facebook forms new unit to study consumer behaviour).

BEUC discussion paper on cloud contracts

Last October, an expert group on cloud computing contracts was established by the European Commission. In a recent discussion paper, consumer organisation BEUC listed a number of questions relevant to the work of the expert group on 'unfair terms in cloud computing service contracts'. These cover a wide range of issues, including (with emphasis added):

'- What elements should be taken into account to assess unfairness by lack of transparency?

- [C]lauses [that establish consumer obligations not proportionate to those of the trader] could be considered unfair under the general unfairness test of the Unfair Contract Terms Directive. Do you think there are elements specific to cloud computing services that should be taken into account to establish the lack of balance in the parties’ rights and obligations?

Would the assessment of these elements be different in paid and ‘free’ cloud computing contracts?

- To what extent suppliers of cloud computing services should obtain, for the mere access to the website, the explicit consent of consumers in order to ensure that they are aware of the contractual conditions (if the accessibility implies the conclusion of a contract)?

Would it be necessary to distinguish between the agreement on the contract terms and the agreement on the collecting and processing of personal data?

- Would it be appropriate that the contract provides specific cases in which the supplier is entitled to suspend the services that are the subject of the contract? Should these cases differentiate between contracts in which the contracting party is a consumer or a SME?

Should we envisage the need that the suspension of the services is preceded by a notice to user (that, in the specific cases of delay or failure in payments, gives to user a time limit within which he may fulfill)?

- How these clauses should incorporate the CRD requirements? For example, should the clause indicate that the consumer’s relevant means of payment (e.g. credit, debit card) will be charged only after he or she explicitly agrees so at the end of the trial period?

- Should the authoritative language version be the one used for the conclusion of the contract taking into account the pro-consumatore interpretation principle of the unfair contract terms directive?

Would this situation be different in a contract in which one party is a SME?

- Is it possible to identify basic elements that should be included in arbitration clauses of cloud computing service contracts (e.g. distinction between internal complain handling and independent ADR; non-mandatory and / or biding nature of the arbitration settlement)?

- Is it justified to request the consumer’s agreement to grant a licence over the content he/she supplied and that is protected under copyright law? To what extent this would be necessary to develop innovative cloud-based products?

If the answer to the first question is possible, under what circumstances that licence would be necessary? Is it necessary to make a distinction between paid and ‘free’ services?

- The framework of Directive 95/46/EC, national legislation and the interpretation of the Article 29 Working Party defines when the consent is valid. However, if the consumer has no choice but to accept, can this consent be considered ‘free’?

- Taking into account the requirements of Directive 95/46/EC, to what extend these types of clauses should be considered unfair?

Do you think that this type of processing of personal data is necessary to the development of innovative cloud services?

- Under what circumstances would it be justified to (legally) allow an exoneration of liability of the supplier of cloud computing services (e.g. due to the influence of external factors)?

- How these clauses [on contractual limitation of compensation due by the supplier] could be re-written in order to comply with the specific provisions of the unfair contract terms directive? Should we make a difference between paid and ‘free’ cloud service contracts?

- If the supplier assigns the contract or some rights or obligations deriving from it, it would be envisage the obligation for the supplier to inform the user, giving him the possibility to terminate the contract?

- What minimum elements should be included in jurisdiction and applicable law clauses? Would it be sufficient a disclaimer claiming that the consumer may be protected under his own legislation or it is necessary to be more specific?

- Despite the fact that in any event, the cloud provider has to comply with its obligations according to Articles 10, 11 and 14 of Directive 95/46/EC, do you think that in these situations [of transfer of personal data in corporate mergers] the consumer should be given with the possibility to withdraw from the contract?'

Work on European cloud computing contract terms got off the ground

This week the European Commission formalised an expert group that is supposed to elaborate on potential European rules for cloud computing contracts, which could be implemented through an optional instrument. At the moment, consumers and SMEs are somewhat reluctant to use cloud computing services due to uncertainties as to their rights, obligations, and in general the functioning of cloud computing and its security. Current proposal for the Common European Sales Law regulation does not address many issues of cloud computing, therefore, the task of the new Expert Group would be to isolate these problems and to draft contract terms for consumers and SMEs that would provide more security to cloud computing contracts. The report is expected back in spring 2014. (European Commission takes another leap to boost cloud computing)

EP in the clouds

On 25 June, the Legal Affairs Committee of the European Parliament published a draft opinion on the European Commission's Communication 'Unleashing the Potential of Cloud Computing in Europe'. The Committee's suggestions are summarised as follows:

'The Committee on Legal Affairs calls on the Committee on Industry, Research and Energy, as the committee responsible, to incorporate the following suggestions in its motion for a resolution:

1. Urges the Commission to take action to further harmonise laws across the Member States in order to avoid jurisdictional confusion and fragmentation and to improve the transparency of the digital single market;

2. Calls on the Commission to review other EU legislation to address gaps related to cloud computing; calls, in particular, for the revision of the intellectual property rights regime, the Unfair Commercial Practices Directive, the Unfair Contract Terms Directive and the E-Commerce Directive, which are the most relevant pieces of EU legislation that apply to cloud computing;

3. Calls on the Commission to establish a clear legal framework in the field of copyright content in the cloud, especially with regard to licensing regulations;

4. Stresses that, owing to uncertainties regarding applicable law and jurisdiction, contracts are the main tools for establishing relations between cloud providers and their customers, and that there is therefore a clear need for common European guidelines in that field;

5. Calls on the Commission to work together with the Member States to develop European best practice models for contracts, or ‘model contracts’, that will ensure complete transparency by providing all terms and conditions in a very clear format;

6. Calls on the Commission to develop, together with stakeholders, voluntary certification schemes for provider security systems which would help to harmonise practices across cloud providers and which would make clients more aware of what they should expect from cloud service providers;

7. Stresses that, owing to jurisdiction problems, European consumers are in practice unlikely to be able to seek redress from cloud services providers in other jurisdictions; calls therefore, on the Commission to provide adequate means for redress in the consumer services area, since there is a strong imbalance of power between consumers and providers of cloud computing;

8. Calls on the Commission to ensure a speedy implementation of Alternative Dispute Resolution and Online Dispute Resolution and to make sure that consumers are equipped with adequate means of collective redress against security and privacy breaches as well as against illegal contract provisions for cloud services.'

The value and price of privacy

Privacy and data protection are hot topics, especially in light of the development of the digital economy and the increasing use of cloud services. At the occasion of a recent meeting of the European Cloud Partnership Board, Commissioner Neelie Kroes observed that in this 'age of total information', the successful use of the cloud depends on 1) efficiency through scale and 2) trust that the data is stored securely.

In relation to the pending CJEU case of Google Spain (on which a post appeared on this blog last Tuesday), an interesting suggestion made by the Commissioner concerns the role of digital service providers in safeguarding privacy. While Advocate General Jääskinen's opinion in the Google case underlines the fact that it is still a topic of debate to what extent private actors are and should be responsible for the protection of privacy (in particular the 'right to be forgotten'), Kroes remarks that privacy protection can also offer service providers a competitive advantage. Cloud providers who (contractually) guarantee the safe storage of data may be more successful in attracting customers than those who cannot provide such terms of use. As such, private actors may perform a complementary role to public institutions in regard to the protection of fundamental rights.

Pick out your cloud

In response to the 'cloud computing' strategy that the European Commission presented last week (Unleashing the potential of cloud computing), concerns are raised about the protection of users in the cloud. The Commission's strategy follows up on the proposal for new data protection rules and aims at clarifying standards for 'cloud computing', meaning the storage of data (such as text files, pictures and video) and software on remote computers, which users access over the internet on the device of their choice. While the key actions proposed by the Commission are mostly aimed at creating a seamless digital space for cloud providers, various sources point out that the protection of users should also be high on the agenda. As a Finnish newspaper writes (summarised on eurotopics):

'Clouds are already here, and they're here to stay in Europe. … It's crucial for the EU apparatus to protect the rights of consumers and company customers as regards the use of cloud services. Contract models for clarifying the main disputed issues are already in the pipeline. Customers must know in which countries their data is stored. Regulations also need to be established for the transfer of data, its destruction and data protection. Nonetheless Cloud services should not just be seen as a risk. People should also participate in the development of such services, because otherwise the branch will evolve without any input from Europe or Finland.'

The experience of some Dutch journalists whose data were mixed in the cloud also illustrates that user protection is a necessary feature of successful extension of the remote digital space (their story is available here, in Dutch).

Finally, privacy and cloud computing were among the topics discussed at last week's conference of the European Law Institute and may result in new projects of the institute.

Small world (III) - Towards a European cloud computing strategy

On 21 and 22 June 2012, a Digital Agenda assembly will take place. The assembly will, among other topics, address cloud computing, in preparation of an EU-wide strategy for the supply and development of cloud services. An important aspect of the strategy is the legal framework for cloud computing:

'This concerns data protection and privacy, including the international dimension. It also concerns laws and other rules that have a bearing on the deployment of cloud computing in public and private organisations. And it concerns users' rights insofar as they are provided for by law.'

The programme for the cloud workshop can be found here.

As a reminder, another conference on (consumer) contract law in the EU is organised in Messina at the end of this week:

Secola conference
'Principles and specific rules in European contract law'

1-2 June, Messina, Italy