Quantcast
You are here: Home / Archives for Irene Bodle

Liability for Breach of Privacy in Each Country Material is Accessed

February 17, 2012 By Leave a Comment

Following a recent European Court of Justice (ECJ) ruling individuals can now sue publishers for content published online in each EU country in which the individual’s image has been harmed.


Martinez Case

A French actor sued a UK newspaper in a French court for breach of his “personality rights” resulting from the publication of a story about him. Under English law these rights do not exist, so no claim could have been made in the English courts. The ECJ was asked to rule on where the actor could pursue his claim.

Which Court has Jurisdiction

The ECJ ruled that individuals could sue publishers either in the countries in which their image had been damaged, or in the country where the person’s “centre of interests” is based. Publishers, should however not be subject to stricter laws than would apply if the claim had been issued in the country in which the publisher was based i.e. the UK. Additionally, any compensation awarded by national courts could only relate to damage caused in the country sued in.

An individual’s “centre of interests” is generally the place of habitual residence, however the ECJ added that “a person may also have the centre of his interests in a member state in which he does not habitually reside, in so far as other factors, such as the pursuit of a professional activity, may establish the existence of a particularly close link with that state.”

Implications for Internet Publishers

This decision widens the potential liability of EU website operators. They could now be liable for numerous damages claims for breaches of privacy not just in the country of publication – where the website operator is based – but in any EU country in which a claimant’s rights have been breached.

Filed Under: Internet Law

The Electronic Communications Privacy Act (ECPA) Applies to Any Data Stored in the USA

January 27, 2012 By Leave a Comment

The US Court of Appeals has ruled that the ECPA, an American law, protects the data of non-USA citizens when their data is stored on servers in the USA.

Suzlon Case

Korean firm, Suzlon Energy Ltd, wanted Microsoft to disclose email documents belonging to an Indian citizen stored on a server in the USA. They argued that the emails were not protected from disclosure by the privacy protections of the ECPA, as these only applied to US citizens.

The US court determined that the ECPA covered “any person” and not just a US citizen. Part of the reason for this was the impracticality of expecting Microsoft to assess whether or not account holders were US citizens, when receiving a disclosure request. Accordingly the court decided that the ECPA applied to any documents stored in the USA.

Increased Protection for Data?

Following this decision any data stored in the USA will be protected by the provisions of the ECPA, regardless of the citizenship of the data owner. This may help to alleviate some of the concerns being raised in Europe about the inadequacy of data protection provisions in the USA. However, if the server on which the data is stored is located outside of the USA the data will not be protected.


On a practical level, data owners often have no idea where their data is actually being stored, so this rule may be of little assistance in protecting their data. Also, service providers will need to know exactly where all data is stored in order to correctly respond to disclosure requests.

Filed Under: Data Protection, Internet Law

Proposed Change to Liability for Online Comments

January 10, 2012 By 2 Comments

The Joint Committee on the Defamation Bill, a Parliamentary committee reviewing proposed new UK defamation laws recommends that web hosts and ISPs should be allowed to keep allegedly defamatory comments online, as long as the author of the comment is identified and a notice of complaint is published alongside the comment.

Current Law

Currently web hosts and ISPs must immediately remove online comments upon gaining actual knowledge that the comments are defamatory i.e. they are informed that the comments are defamatory or they moderate comments on the website. Failure to remove defamatory comments exposes the web host or ISP to a claim for damages for defamation.

Under the provisions of the E-Commerce Regulations web hosts can currently avoid liability for defamation if they act as a mere conduit or cache or host material. This generally covers service providers who:

  • do not initiate the transmission of defamatory comments;
  • do not select who receives the comments; or 
  • do not select or modify information in the transmission of the comments. 

Proposed Changes

Due to the above, many service providers do not moderate comments or content on websites to avoid having “actual knowledge” of defamatory comments. In order to remove this disincentive to moderate websites, the Parliamentary committee has proposed that there should be different rules for dealing with defamation which depend upon whether or not a comment is made anonymously.

Anonymous Comments

Upon receipt of a complaint a web host or ISP should immediately take down anonymous comments unless;

  • the ISP believes that it is in the public interest for the material to remain on the website i.e. whistle blowing; or 
  • the author promptly responds positively to a request to identify themselves, then a notice of complaint should be posted. 

Anonymous authors of comments can be sued for defamation if they can be identified, and web hosts or ISPs that refuse to take down anonymous material can also be sued.

Identified Author Comments

Upon receipt of a complaint a web host or ISP should;

  • publish a complaint notice beside the comment; and
  • then have a judge decide whether or not the comment should be removed.

Liability

If web hosts and ISPs comply with the above they should not be liable for online comments. However, if they fail to comply with the above anonymous authors of comments should be sued for defamation if they can be identified, and hosts or ISPs that refuse to take down anonymous material could also be sued as publisher of the material.

Filed Under: Internet Law, Online PR, online public relations, social media

Escrow Agreement needed when providing Software via a Website?

December 9, 2011 By Leave a Comment

As a website operator you may want to consider offering escrow agreements to your customers, particularly if you run SaaS (software as a service) applications via your website, which are critical to your customer’s business.

What is Escrow

Escrow refers to a third party holding a copy of the software source code on behalf of the customer and the supplier.

What is an Escrow Agent

An escrow agent is a third party who stores a copy of the software source code. The escrow agent will release a copy of the source code to the customer if any of the events set out in the escrow agreement occur.

Why use Escrow

This is usually a customer driven requirement resulting from the fact that the source code for the SaaS software, the expertise to implement it and rights to the software are only licensed to, and not owned by, the customer for the term of the SaaS agreement.

Customers are concerned that the supplier may:

  • fail to maintain the software;
  • transfer ownership of intellectual property rights in the software;
  • become insolvent;
  • or become unable to carry on supporting and maintaining the software for some other reason.

By having an escrow agreement in place the customer has the right to continue to use the software, if the supplier is in default of its obligations under the SaaS agreement i.e. it no longer operates the website.

Advantages of an Escrow Agreement

Having an escrow agreement in place protects all parties involved in the development, supply and use of business critical SaaS applications. It provides customers with peace of mind for securing long-term availability of a critical software application by enabling customers to update software and fix any bugs even if the supplier is no longer able to support them.

Disadvantages of an Escrow Agreement

Having the right to use the software under an escrow agreement is in reality of little use if the customer does not have the know-how and resources to actually use, maintain and support the source code itself.

Also, the costs of setting up an escrow agreement and maintaining it are relatively expensive. Escrow costs are usually paid for by the customer.

Filed Under: Internet Business, Internet Law, SaaS

Google Analytics, German Customer and Extra Privacy Statement Requirements

November 25, 2011 By Leave a Comment

If your website uses Google analytics and you provide services to customers based in Germany you are now required to provide specific information to users in order to comply with recent changes to German data protection law.

Google Analytics and German Data Protection

Google analytics collects statistics about website users by „tracking” an individual’s use of a website. This information is then made available to website operators free of charge. Following an agreement between Google and the German data protection authorities it is now the responsibility of the operators of websites to implement certain measures when using Google analytics.

Making your Website Compliant

Under German data protection law website users must be able to stop user profiles being created and prevent their complete IP address from being saved, unless they have specifically consented to this. If you are a website operator you now need to include the following in your privacy policy:

  • inform users that you use Google analytics; and
  • advise users that they can turn off Google analytics tracking in their browser settings

In addition you should use a Google software solution that masks the IP address of the user – this blog post from Google Analytics explains what website owners can do.

Application to UK and US Websites

Although this is a German data protection issue, if your website is directed at German customers, or the majority of your customers are located in Germany, it is advisable to make these changes in order to avoid any potential breach of German data protection law.

Filed Under: Data Protection, Google Analytics, Internet Law

Website – Recommended Legal Requirements

October 24, 2011 By 2 Comments

Following on from my previous article on the mandatory legal requirements for UK websites, I recommend adding the following non-mandatory information to your website.

Terms of Use/Disclaimer

Set out the rules applicable to persons using and accessing the goods and services on your website. For example state who may access the website e.g. consumers, businesses, over 18s.

You should also aim to limit your liability for information on the website. For example state which law applies, your limits on liability etc. However, please note that you cannot exclude or limit certain liabilities in particular circumstances – particularly in relation to consumers, injuries caused by or defects in your goods and services.

Copyright Notice

Protect the information on your website by inserting a copyright notice “© company name 2010. All rights reserved.” Without this notice, it may be difficult in some countries to take any action against a copyright infringement.

Mandatory Legal Requirements - a shortened list is shown below, click to see the full mandatory requirements 

  • About Us/Contact Information
  • Registration under the Data Protection Act
  • Privacy Policy
  • Disabled Access to your Website
  • Trade Marks and Logos
  • Copyright
  • Online Payment
Filed Under: Internet Law, Web Design

Website – Mandatory Legal Requirements

October 13, 2011 By 2 Comments

Does your website comply with the various legal requirements in the UK? Below, I have set out the main UK legal requirements that you should currently be complying with.

About Us/Contact Information

You must provide the following information in an easily accessible position on your website:

  • your legal name e.g. XYZ Ltd
  • your geographical address
  • contact details e.g. telephone number, fax number and email address
  • which country your business is registered in and the registration number 
  • details of any supervisory body which regulates your business e.g. the FSA. For regulated bodies more detailed information is required.
  • where you are registered for VAT and your VAT number
  • clear details of prices and whether or not delivery and/or tax is included 

Registration under the Data Protection Act

If you collect any personal data on your website – e.g. email address, name or address of a living individual, you will be processing personal data and must register as a data controller under the Data Protection Act. It is a criminal offence not to register.

Privacy Policy

If you are collecting, storing or processing personal data you need to set out how and why you are doing this to comply with the 8 principles of the Data Protection Act. In particular if you are sending marketing emails to potential customers you need to ensure that you have obtained specific consent, BEFORE such emails are sent. Consent should be covered in your privacy policy and the registration process on your website.

Disabled Access to your Website

If you offer goods or services on your website you need to make your website accessible to disabled users. Level 1 compliance with the WC3 standard will usually suffice.

Trade Marks and Logos

Do not use other people’s trademarks or logos without their consent on your website or you could be liable to pay damages for trademark infringements.

Copyright

Do not use other people’s content without their consent on your website, or you could be liable to pay damages for copyright infringements. If you have links to other people’s content, make sure that this is permitted in their terms of use and ensure that the information opens in a new frame.

Online Payment

If you accept online payment for goods or services you must provide customers with specific information about their right to cancel, VAT and prices, refunds and defective goods PRIOR to the sale being concluded.

Summary

The above are examples of the main legal requirements for websites in the UK. This is a very complicated area of law and the specific rules that apply to you will depend on what goods and services you are offering, whether you are acting BTB (business to business) or BTC (business to customer), where you are based, where your customers are located and many other factors.

Filed Under: Internet Law, Web Design