Category Archives: Legal

CEPIC clarification on the Copyright DSM Directive

It is still time to reach a balanced solution for a fair value sharing in a digital environment

On O5 July 2018 the European Parliament voted against the negotiation proposed by the Legal Affairs Committee, adopted on 20 June 2018, for the EU Copyright Directive proposal.  CEPIC regrets this rejection following four years of tireless work with EU institutions but will continue to work towards a balanced solution for a fair online marketplace for the creative sector and against online piracy.

Giving a free pass to platforms to override copyright kills creativity. Copyright is not against freedom of expression and innovation but, to the contrary creativity is the best nexus of cultural diversity and freedom of expression.

Images online

CEPIC represents hundreds of picture agencies and hundreds of thousands of photographers. CEPIC’s members have been digitizing visual content from the advent of the Internet. They license the resulting digital asset for all kinds of commercial uses, to newspapers, magazines, advertising, broadcasters, off and on-line, etc.

Images are widely shared online via search engines, social media and other aggregators and have highly contributed to make the Internet the vibrant and engaging place we enjoy today.

However, we have seen, over the last decade how heavy weight social media platforms (online content sharing service providers), which have built their success upon the posting and sharing of unlicensed images hide behind safe harbour provisions to avoid fairly compensating rights holders  for the use of their content and shift the liability onto the individual user. These platforms have contributed to fuel the internet with unlicensed content and deprive copyright holders of a stream of revenue.

What is referred as the “value gap” for most copyright material such as music and videos is more accurately called a “value block” for images as there is currently no opportunity for image providers to participate in any type of revenue scheme online. The situation of image providers is exacerbated by the practice of intermediaries distributing user up-loaded content by facilitating “framing”, or embedding.

According to CEPIC members 85% of images shared online by visual search systems are unlawful copies. Once uploaded or framed legitimately on a website, an image will be shared thousands of times leading, according to CEPIC members, to an economic harm of a couple of thousands euros per image. This free “availability” of images has been one major factor leading to decreasing value of images and to the demise of an entire sector.

Copyright online

CEPIC therefore welcomed the provisions in the proposed Copyright Directive which promotes effective licensing agreements between platforms and right holders with the possible, but non-mandatory implementation of effective technologies. It should be stressed that the draft Directive has gone through a long-detailed review of two years and has led to a positive vote of the Legal Affairs Committee on 20 June 2018, taking into account the conclusions of four other Committees.

We therefore regret the fact that MEPs have been targeted by a coordinated campaign of misinformation against the text of article 13 proposed by the JURI Committee, in a scale rarely seen before and in a clear attempt to obstruct the progress of the legislation that is vital for the protection of copyright online. Valid decisions cannot be based on scaremongering and mass intimidation. Clearly this situation calls for clarification.

If the Directive is approved, it will provide a better functioning online marketplace which will aim to:

–          Reinforce the position of right holders to negotiate licensing agreements and be remunerated for the online exploitation of their content on sharing platforms;

–          Fix the value gap by sharing the revenues to creators from the use of their content in online platforms;

–          Create a level playing field in Europe’s Digital Single Market which will stimulate creation of high-quality content;

–          Improve transparency online and give more control to creators by allowing them to determine whether, and under which conditions, their work is used online.

It will NOT:

–            End popular memes, parody or pastiche

Caricatures, parody or pastiche are protected by an optional exception – under Article 5(3)(k) of the 2001 InfoSoc Directive, allowing reproduction and communication of such content to the public and guaranteeing the authors’ freedom of expression.

Therefore, Article 13 of the proposed Copyright Directive will not affect the application of this exception. It only creates an obligation at the level of online platforms and not on their users who will be able to access and post their content.

The proposed Copyright Directive only adds the possibility for authors of memes or parodic content to tackle over-removal by online platforms through the mandatory redress mechanism included in the proposal which means that in case parodic content is removed, the creators of this content will be able to contest the removal and ask the content to be published based on the parody exception in place.

–            Filter the Internet. The proposal does not impose mandatory up-load filters and censorship in the internet.

In fact, the European Data Protection Supervisor has concluded, in its formal comments on the text of Article 13 proposed by JURI report 29.06.2018, that the balance of fundamental rights is preserved by Article 13, considering that the text requires Member States to ensure:

o   that any measure to be put in place must be “proportionate”;

o   the balance between fundamental rights of users and rightholders is preserved and;

o   that no general monitoring obligation of information transmitted or stored is imposed.

The proposal is not targeting users and their capacity to upload content in the internet. It targets large platforms, which have become major sources of access to copyright-protected content to collaborate with rightsholders. These platforms are required to put in place “effective and proportionate measures…in collaboration with the right-holders” to allow the functioning of agreements reached on the use of copyright-protected content, or to prevent the availability of unauthorised content if right-holders prefer not to have their content available on such platforms.

In fact, platforms, such as YouTube already use content ID technology to identify copyright protected content which allows authors to be paid when their content is used online. Other platforms, large and small, resort to third party technology to implement a “Take Down and Stay Down” service. We simply ask that this is standard across all online content sharing service providers.

–          Add an additional burden and barrier of entry on start-ups and other small businesses:

o  Firstly, the directive only targets platforms “with large amounts of user up-loaded content”

o  Secondly, the measures implemented are requested to be “proportionate”

We are facing a crucial time for the future of the creative industry as the Copyright Reform is being voted on. Copyright laws need to be modernised in order to protect the livelihoods of creators.

We will stay mobilized to start negotiating in order to lift all uncertainties left by the overwhelming misinformation campaign orchestrated by those opposed to the Copyright Directive and provide all information for a fair and informed vote on September 12th, 2018.

 

About CEPIC
CEPIC is a European not-for-profit trade association in the field of image rights. CEPIC was founded in 1993 to present a unified voice to advise and lobby on new legislation emerging from Brussels. It was registered as an EEIG (Economic European Interest Group) in Paris in 1999. As the Centre of the Picture Industry, CEPIC brings together nearly 600 picture agencies and photo libraries in 20 countries across Europe, both within and outside the European Union. It has affiliates in North America and Asia. It has among its membership the larger global players such as Getty or Reuters. Through its membership, CEPIC represents more than 250.000 authors in direct licensing.

For more information contact:
Sylvie Fodor
Executive Director
s.fodor@cepic.org
+ 49 177 2332 514
www.cepic.org

Copyright Law Rejected in EU Vote

A controversial bill in the EU seeking a rewrite of Europe’s copyright laws giving creators more power to restrict how their content is distributed has been rejected by lawmakers.  The vote was 318 against the legislation, known as The Copyright Directive, while 278 voted in favor, and 31 abstained, taking the reforms back to the drawing board.

The reforms to the law had two elements deemed particularly controversial by critics, Article 11 and Article 13.

Article 11, also called “link tax,” would force internet giants such as YouTube, Google, and Facebook to pay for using news snippets from publishers on their platforms.

Perhaps most contested is Article 13, which would require companies to monitor all content uploaded online to their platform to check it for copyright infringement. Critics said this could lead to the removal of internet memes, which often use copyrighted images.

The New York Times has a comprehensive article about the bill here.

 

Tech Giants Win a Battle Over Copyright Rules in Europe

https://mobile.nytimes.com/2018/07/05/business/eu-parliament-copyright.html

European Parliament lawmakers rejected a bill backed by news outlets and music publishers to restrict the use of their content on platforms like YouTube and Facebook.Frederick Florin/Agence France-Presse — Getty Images

 

It’s a fight nearly as old as the internet.

On one side are news organizations, broadcasters and music companies that want to control how their content spreads across the web, and to be paid more for it. On the other are tech companies such as Facebook and Google, which argue that they funnel viewers and advertising revenue to media outlets, and free-speech advocates, who say that regulating the internet would set a dangerous precedent and limit access to information.

That battle flared up in Europe on Thursday. Two powerful industries faced off — technology against media, platforms against publishers — in an unusually aggressive lobbying campaign in the European Parliament over a bill that would impose some of the world’s strictest copyright laws, which would have required tech companies to filter out unlicensed content and pay for its use.

On this occasion, tech prevailed; the proposal was voted down.

The decision came amid broader efforts in Brussels to rein in tech giants. European regulators have already brought in tough new privacy rules, and are considering enhancing them. They have hit Silicon Valley companies with hefty antitrust fines, and are investigating them over their tax practices and handling of data. And like elsewhere in the world, they are increasingly skeptical of the argument made by internet companies that they are simply impartial platforms that cannot be held responsible for what is posted on their pages.

“Making content available on the internet does not come without responsibility,” said Eleonora Rosati, an associate professor on intellectual property law at the University of Southampton’s law school in England, who has been tracking the bill. “Rights holders want to control how their content is made available, shared and indexed.”

But after a well-coordinated effort by companies including Facebook, Google, Reddit and Wikipedia, as well as a grass-roots campaign by backers of an open internet, the European Parliament on Thursday rejected the proposed copyright law. Though lawmakers can still revise the bill and call another vote, the result is a blow to media companies that had believed that, if ever there was a good time to impose tougher rules on tech giants, this was it.

Media businesses like Axel Springer of Germany have become frustrated because even as their content has spread online, it is platforms like YouTube, owned by Google, and Facebook that have grown into advertising powerhouses on the back of the material.

Those media companies have been seeking a rewrite of Europe’s copyright laws that would give them more power to restrict how their content is distributed. They also cited concerns that Silicon Valley was not playing a strong enough gatekeeper role when it came to curtailing hate speech, violent extremism and fake news.

Supporters of the bill argued that stricter copyright laws would give content creators more leverage against internet behemoths such as Google. Publishers have long complained that such companies profit from the work of others.

“The real issue is Google’s market power,” said Lionel Bently, a law professor at the University of Cambridge who focuses on copyright. “The content industry feels it can’t negotiate on a level playing field.”

Influential policymakers in Brussels such as the president of the European Commission, Jean-Claude Juncker, have seemed receptive to such arguments. A proposal was put forward to require websites to use filtering technology to block unlicensed content from being posted and to obligate them to pay fees for news articles and other material posted online.

The proposed rules would have added up to a sweeping change to copyright law.

Operators of websites have long been protected from liability when unlicensed content is posted by a user. Instead, they are required only to remove infringing material once it is brought to their attention. In effect, if someone posts a movie clip on YouTube, or shares the text of an article on Reddit, those websites are not held legally liable.

The new European proposals would put more responsibility on website owners, creating a potentially costly problem for sites that depend on user-generated material.

The most contentious provision of the plans would require websites to use filtering software to screen such content before it was posted. YouTube already has a system to weed out unlicensed material, but the European rules would have gone further by requiring others to use similar tools. Another requirement, favored by book and news publishers, would prevent websites from using pieces of their content without authorization.

Critics of the bill argued that it would lead to many unforeseen consequences, warning that it could even affect satirical content or the use of images in internet memes. They said it would restrict what was available online, and some described a provision requiring permission before websites used publishers’ content as a “link tax.”

“There’s no way that those algorithmic filters are going to be able to decide that something is fair use, parody, a meme or a mash-up,” said Danny O’Brien, international director of the Electronic Frontier Foundation, a digital rights nonprofit group that opposed the bill.

In defeating the proposal, the technology industry showed that it still held considerable influence, even as it has faced widespread criticism over privacy violations, the spread of misinformation, accusations of anticompetitive business practices and concerns about smartphone overuse.

The coalition against the proposal that came together over the past month was similar to defenders of net neutrality in the United States, a mix of corporate giants and open internet activists. They said the copyright bill would limit the access to information and would overburden operators of websites, especially those without the resources of an American tech giant, with the costly task of screening user-generated content before posting it.

Wikipedia blocked access to articles on its site in many European countries and encouraged its users to call on their representatives in the European Parliament to vote against the proposal. Scientists credited with creating the internet sent a letter urging that it be rejected. Even David Kaye, the United Nations rapporteur on the protection of freedom of expression, raised concerns.

Wikipedia said on its website that the measure “threatens online freedom and creates obstacles to accessing the web, imposing new barriers, filters and restrictions.”

Lobbying ahead of the vote was “extraordinary, something we don’t experience on a normal basis here in the Parliament,” said Umberto Gambini, a senior aide to Ramon Tremosa, a Spanish member of the European Parliament.

Mr. Gambini said he had received hundreds of messages from individuals and organizations attempting to win Mr. Tremosa’s support. There was one from a Polish business group, he said, another from an artists’ organization, and others still from news publishers and associations representing tech companies.

He added that one message had come from the musician Paul McCartney, who wrote to members of the European Parliament in support of the tighter copyright rules.

But Mr. McCartney’s efforts were in vain: Mr. Tremosa ultimately opposed the bill.

BREAKING: High Court To Tackle Copyright Registration Circuit Split

The U.S. Supreme Court on Thursday agreed to resolve a long-simmering circuit split over whether copyright owners must fully register their works before suing.

The justices granted a petition for writ of certiorari in the case of Fourth Estate Public Benefit Corp. v. Wall-Street.com LLC, allowing them to answer a question that has split the circuits: What exactly the Copyright Act means when it says a work must be “registered” prior to the filing an infringement lawsuit.

In several circuits, copyright owners can sue as soon as they file the application paperwork with the U.S. Copyright Office; in others, they can’t sue until the office actually registers or takes action on the application, which can take many months if they don’t pay a significant fee for expedited handling.

Fourth Estate, a journalism collective, sued Wall-Street.com for reposting articles without permission in March 2016. But a federal judge tossed the case two months later, saying Fourth Estate had filed its lawsuit before it had fully registered the copyrights for the articles.

The Eleventh Circuit affirmed that decision in May, telling Fourth Estate that “filing an application does not amount to registration.”

The ruling came after the U.S. solicitor general urged the justices to tackle the issue and affirm the Eleventh Circuit’s position.

“The text, structure, and history of the Copyright Act confirm that the register must have acted on an application for copyright registration — either by approving or refusing registration — before the copyright owner may institute a copyright-infringement suit,” the government wrote. “Petitioner’s contrary arguments are unavailing.”

General Data Protection Regulation Form

The General Data Protection Regulation, GDPR,  that goes into effect on May 25, 2018 will require companies that do business in the EU to provide a form to the companies that they are dealing with.  This regulation strengthens the privacy rights of individuals living in the European Union (not only E.U. citizens) and applies to anyone who does business with those persons, even if that simply means collecting data for marketing purposes.

Here is a form that you can use to facilitate this process.

GDPR Privacy Policy Form

FORM PRIVACY POLICY – May 2018

THIS FORM PRIVACY POLICY SHOULD BE MODIFIED TO CONFORM TO YOUR ACTUAL USE OF INFORMATION IN EACH INSTANCE.  DO NOT USE THIS FORM WITHOUT REVIEWING IT CAREFULLY AND MAKING SURE ALL USAGE OF INFORMATION IS ACCURATE.  YOU SHOULD REVIEW THIS FORM WITH YOUR ATTORNEY.  ITEMS IN BRACKETS SHOULD BE CUSTOMIZED TO YOUR BUSINESS OR DELETED AS THEY MAY APPLY TO SPECIALIZED SERVICES THAT ARE NOT APPLICABLE TO ALL DMLA MEMBERS.

DUE TO THE RECENT EUROPEAN GENERAL DATA PROTECTION REGULATION, WHICH IS IN EFFECT AS OF MAY 25, 2018, CERTAIN ADDITIONAL COMPLIANCE REQUIREMENTS MAY BE NECESSARY IF YOUR WEBSITE IS USED IN THE EUROPEAN ECONOMIC AREA. FOR EXAMPLE, IF YOUR COMPANY COLLECTS CERTAIN “SPECIALIZED” PERSONAL DATA SUCH AS GENETICS, RACE OR ETHNICITY DATA, POLITICAL OPINIONS, ETC., YOU ARE REQUIRED TO APPOINT A “DATA PROTECTION OFFICER.” IF YOUR COMPANY HAS MORE THAN 250 EMPLOYEES, YOU WILL BE REQUIRED TO KEEP MORE DETAILED RECORDS OF WHAT DATA YOU COLLECT AND HOW YOU USE IT, SUCH AS YOUR REASONS FOR PROCESSING THE DATA, A DESCRIPTION OF DATA BEING PROCESSED, DETAILS ON RECIPIENTS OF THE DATA, DURATION OF RETENTION, DETAILS ON TRANSFERS OUTSIDE OF THE EU, AND AN OVERVIEW OF THE SECURITY MEASURES YOU EMPLOY.

[INSERT COMPANY NAME] (“Company”, “we”, or “Us”) is committed to respecting your privacy. This Privacy Policy describes how Company collects, uses, and retains personal information to enable us to do business with you and improve our services. “Personal Information” includes any information that relates to, identifies, or can be used to identify, contact, or locate the person to whom such information pertains.

The terms of this policy apply to [all of Company’s websites/Company’s website: http://www.______.com/ ([collectively] the “Site”), unless different terms are otherwise specified or provided to you

By using this Site, you understand and agree to the terms of this Privacy Policy. This Site is operated in [the United States/_______] and may be accessed abroad. For data protection purposes, Company is the controller and, unless otherwise noted, is also the processor of data. Personal Information collected may be retained, and may be stored, processed, accessed, and used in jurisdictions whose privacy laws may be different and less protective than those of your home jurisdiction.

We do not sell, rent, or share your Personal Information to or with third parties in any way other than as disclosed in this Privacy Policy.

UPDATING YOUR PERSONAL INFORMATION AND PRIVACY PREFERENCES

Upon request Company will provide you with information about whether we hold, or process on behalf of a third party, any of your Personal Information. To request this information please contact us at [privacy@company.com].

You have the right to access and correct or revise your Personal Information and privacy preferences at any time [by visiting the “_______” section of the Site and/or] by contacting us at [privacy@compay.com]. We will respond to your request within a reasonable period of time.

WHAT PERSONAL INFORMATION WE COLLECT AND RETAIN FROM CUSTOMERS

When you visit this Site some Personal Information may be collected automatically as part of the Site’s operation. This information may include your IP (Internet Protocol), your browser type, access times,[ the website that referred you to us,] and navigational information such as the pages you view on the Site. We collect information about your use of the Site and our other customers in the aggregate to learn more about how our Site is used by our customers in order to improve our service and our Site.

When you register online with us, we collect the Personal Information you provide to us, including your name, address, job title, company name and company type, phone number, email address, password, and [INSERT ANYTHING ELSE YOU COLLECT]. You may choose not to provide this information by not registering with us, however certain products and services on the Site are only available to you upon registration. Registration enables you to access higher resolution content [and to enter into a license to use content for comp purposes].

[If you use our mobile apps, we collect information on the type of device you use, and operating system version. We do not ask for, access, or track any location-based information from your mobile device at any time.]

If a password is used to protect your account and Personal Information, it is your responsibility to keep your password confidential.

PERSONAL INFORMATION WE COLLECT AND RETAIN FROM CONTRIBUTORS

In addition to the Personal Information collected from general users of the Site, if you contribute content to us for licensing you may be asked to provide your Personal Information such as your name, phone number, primary address, and email address. We may verify this information by asking you to [upload a scan of a government issued ID (which will be stored securely on our servers), or] provide a credit card number.

In order to pay you and report sales to you, you will be asked to provide certain Personal Information such as payment information, payment method, payment emails, tax information; [INSERT WHAT OTHER INFORMATION YOU NEED].

Some of this information is mandatory and if you choose not to disclose, we may not be able to engage in any activity with you.

HOW WE USE YOUR PERSONAL INFORMATION

When you license content from us, we collect your username, password, full name, telephone number, email address and postal address, [company name, company title,] credit card number, and other Personal Information to process your orders and complete the license transaction, for license transaction history record keeping purposes, or to receive products or services. Your email address is used to confirm the licensing transaction.

We may contact you using your email or other Personal Information to respond to customer requests and inform you of special offers services.

We may ask you questions relating to your user preferences in order to better serve you and improve the use of our Site. Providing information regarding your usage and preferences is always voluntary.

We may contact you to administer promotions or sweepstakes you enter and notify you of the results.

We collect Personal Information regarding your orders, your use of the Site, and other account information as part of your sales history with us.

We may disclose to carefully-chosen third parties navigational and transactional information in the form of anonymous, aggregate usage statistics and demographics, but only in forms that do not reveal your identity or other confidential information.

We may contact you to investigate or take any action regarding illegal activity or any violations of our terms of service.

We may disclose Personal Information if required by law (for example, to comply with a subpoena, warrant, court order, or legal process) or when necessary to protect our rights, avoid litigation, protect your safety or the safety of others, investigate fraud, and/or respond to a government request. We may also disclose information about you if we determine that such disclosure should be made for reasons of national security, law enforcement, or other issues of public importance.

DATA RETENTION

We will retain your Personal Information for as long as your account is active, your information is needed to provide you services, or as required to fulfill our legal obligations, resolve disputes, and enforce our agreements. If you wish to delete your account or request that we no longer use your information to provide you services contact us at [privacy@company.com]. We will respond to your request within [30 days].

If you are a contributor and have submitted model releases with any content, we will retain the releases to comply with our legal obligations, dispute resolutions, licensing transactions, or to enforce our contractual obligations. We will not publicly disclose any Personal Information regarding any model.

ABOUT COOKIES

When you visit Company’s Site, a text file called a cookie is placed in the browser directory of your computer’s hard drive. A cookie is information that a website can store on your web browser and later retrieve. The information that cookies collect includes the date and time of your visit, your registration information and your navigational and licensing information. It allows the web browser to recognize the pages you have been to when you are visiting the Site and allows you to quickly return to viewed pages. We may also use “web beacons” that monitor your use of our Site. Web beacons are small strings of code that provide a method for delivering a graphic image on a web page for the purpose of transferring data, such as the IP  address of the computer that downloaded the page on which the web beacon appears, the URL (Uniform Resource Locator) of the page on which the web beacon appears, the time the page containing the web beacon was viewed, the types of browser that fetched the web beacon and the identification number of any cookie on the computer previously placed by that server.

When corresponding with you via HTML capable e-mail, web beacons let us know whether you received and opened our e-mail.

You may adjust your browser to reject cookies from us or from any other website. Additionally, by setting your web browser to display HTML e-mails as text only, you may be able to prevent the use of some web beacons. Please consult the “Help” section of your browser for more information. [However, certain areas of our Site can only be accessed in conjunction with cookies or similar devices and you should be aware that disabling cookies or similar devices might prevent you from accessing some of our content.]

DIRECT MARKETING

If at any time you decide that you do not want to receive marketing emails from us you will have the option of opting out and/or unsubscribing from our emails and mailing lists by adjusting [your “Personal Information Preferences”] as follows: [(1) checking or unchecking the appropriate box on your online registration form [or the “xxxxxx” page of the Site]; (2)[ contacting your Account Executive]; or (3) sending an email to [privacy@company.com]]. If you chose not to receive marketing emails, you may continue to receive transactional or account emails (e.g., purchase confirmations and account balance statements).

FORUMS & OTHER INTERACTIVE SERVICES

Our websites may include discussion forums or other interactive areas or services, including blogs, chat rooms, bulletin boards, message boards, online hosting or storage services, or other areas or services in which you or third parties create, post or store any content, messages, comments, materials or other items on the sites (“Interactive Areas”). If you use an Interactive Area, you should be aware that these areas are open to the public and any personal information you post or provide at registration may be viewable by others. We are not responsible for personal information you submit in connection with the Interactive Areas, nor are we responsible for how others might use that information, including to send you unsolicited messages. Interactive Area postings may be retained indefinitely. If at any time you would like to remove a posting, please email us at [privacy@company.com]. Keep in mind that removal of a posting from an Interactive Area does not mean that the posting will be deleted from our systems.

SECURITY OF OUR DATA

Whenever you submit an order to Company, you can do so over a secure (i.e., encrypted) connection. This ensures that your personal information is not at risk. Additionally, we encrypt your credit card information and store it in a secure location, which can be accessed only by authorized personnel. As no method of transmission over the Internet, or method of electronic storage is 100% secure, while Company uses commercially reasonable methods to protect your personal information, we cannot guarantee that it is absolutely secure. In the unlikely event that an unauthorized third-party compromises Company’s security measures, Company will not be responsible for any damages directly or indirectly caused by an unauthorized third party’s ability to view, use or disseminate your information.

REVIEWING, UPDATING, OR CORRECTING YOUR INFORMATION

If at any point you wish to access your personal information to (1) change your preferences, (2) review the accuracy, or (3) correct, supplement or modify your information, you may make a written request to [insert email address].

CHANGES IN PRIVACY POLICY

Company reserves the right to amend the Privacy Policy from time to time at its sole discretion and will provide notice by email or on the home page of the Site when we make material changes to this Privacy Policy prior to the change becoming effective.

LINKS TO THIRD PARTY SITES

Our Site includes links to other sites whose privacy practices may differ from those of Company. If you submit personal information to any of those sites, your information is governed by their privacy policies. Please review the privacy policy of any Web site you visit.

SOCIAL MEDIA

On some pages, we allow you to share Personal Information with third parties, such as social networks like Facebook. In these instances, you are agreeing to the data being shared and the shared data is subject to the privacy policies of the third parties. We do not control and do not assume any responsibility for the use of personal information by such third parties. For more information about the third party’s purpose and scope of their use of personal information in connection with sharing features, please visit the privacy policies of such third parties.

REFERRAL PROGRAM EMAILS

If you choose to use our referral service to tell a friend about our Site, we will ask you for your friend’s name and email address. We will automatically send your friend a one-time email inviting him or her to visit the Site. We store this information for the sole purpose of sending this one-time email and tracking the success of our referral program.

Your friend may contact [privacy@company.com] to request that we remove this information from our database.

CHILDREN

We do not intend to solicit or collect Personal Information from anyone under the age of 18. If you are under 18, do not enter information on this site or engage our services. If you believe a child of yours under the age of 18 has entered Personal Information please contact [INSERT EMAIL] to have the data removed and terminate the child’s account.

CONTACT INFORMATION

Individuals located in certain countries, including the European Economic Area, have certain statutory rights in relation to their Personal Information. Subject to any exemptions provided by law, if you live in this area you have the right to request access to your Personal Information, as well as to seek to update, delete, or correct this Information.

[If you have any questions about this Privacy Policy, the practices of this site, or your dealings with this Web site, you can contact our Data Protection Officer at ______________][privacy@company.com].

You can contact Company by emailing [INSERT EMAIL, PHONE, and ADDRESS].

SOME COMPANIES ELECT TO SUBSCRIBE TO A SERVICE THAT ALLOWS YOU TO SELF-CERTIFY THAT YOUR PRIVACY POLICY IS COMPLIANT WITH GDRP AND OTHER INTERNATIONAL DATA PROTECTION LAWS. ONE SERVICES IS PRIVACY SHIELD.  IF YOU ELECT TO SUBSCRIBE TO PRIVACY SHIELD YOU MAY ADD THESE PARAGRAPHS, AND TO SUBSCRIBE, YOUR PRIVACY POLICY WILL BE REVIEWED.

PRIVACY SHIELD

Company has certified under the EU-U.S. and Swiss-U.S. Privacy Shield frameworks (individually and collectively, “Privacy Shield”). Company complies with the Privacy Shield as set forth by the U.S. Department of Commerce regarding the collection, use, transfer and retention of personal information from European Union member countries and Switzerland. Company has certified that it adheres to the Privacy Shield based on Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. To learn more about the Privacy Shield programs, and to view our certification pages, please visit https://www.privacyshield.gov/. If you would like to exercise any of your data protection rights (including the right to have your personal information disclosed or deleted), please contact us using the “Contact Information” below.

U.S. FEDERAL TRADE COMMISSION ENFORCEMENT

Company’s commitments under the Privacy Shield are subject to the investigatory and enforcement powers of the United States Federal Trade Commission.

General Data Protection Regulation Explained

There is some confusion over the GDPR, the General Data Protection Regulation,  that goes into effect on May 25, 2018. This regulation strengthens the privacy rights of individuals living in the European Union (not only E.U. citizens) and applies to anyone who does business with those persons, even if that simply means collecting data for marketing purposes.

Nancy Wolff, DMLA Counsel, has written a comprehensive explanation of the regulation that you can read here.

GDPR Explained

by Nancy Wolff, DMLA Counsel

You may have noticed an increase in urgent messages from companies updating their privacy policies in anticipation of the upcoming deadline to become GDPR compliant. “GDPR” refers to a new European Union law – the General Data Protection Regulation that goes into effect on May 25, 2018. This regulation strengthens the privacy rights of individuals living in the European Union (not only E.U. citizens) and applies to anyone who does business with those persons, even if that simply means collecting data for marketing purposes.

Privacy is becoming more and more of a global issue, and the E.U. is leading the way in attempting to protect personal data. The policies behind the GDPR aim to increase transparency, in terms of both what personal data is collected and how it may be used, and the accountability of those who maintain and use that personal data. The regulation is complex and extensive and includes steep penalties for those who are not compliant – up to €20,000,000 or 4% of global revenue from the previous year, whichever is greater.

But before you think the solution is to simply exclude all European residents from your client base, or have a panic attack, it is important to recognize that the E.U. “privacy police” are unlikely to expect immediate full compliance or have the operational capacity to scrutinize every business transacting with E.U. residents. Your goal should be to reevaluate your privacy practices to be as compliant as possible given your type of business and your use of personal data.

The stock industry is not a business that primarily engages in personal data collection. The purpose of the industry is to aggregate and license content on behalf of contributors to those who legitimately incorporate it in their publishing, marketing, or other media works. Stock companies should continue to use best practices regarding the security of personal data, obtaining proper consent from those who they send marketing communications, and updating privacy policies to accurately reflect how information is used and how an individual can contact someone in your company about what personal data is collected. (A new sample privacy policy that can be modified to comply with your company’s practices will be provided shortly). There is a common understanding in recent literature published about the GDPR that many industries will be provided a soft launch period, despite the fact that the regulation has been published since 2016.

At its highest level, the GDPR requires any company who collect personal data to maintain it securely, and to provide transparency in what ways it may use the personal data. The definition of “personal data” is quite broad and includes anyinformationthat relates to an identifiable person. See GDPR, Art. 4, Sec. 1. The individuals whose data is collected are called “data subjects.” See GDPR, Art. 4, Sec. 1. Those who collect data are called “controllers.” See GDPR, Art. 4, Sec. 7. Those who process data for controllers are referred to as “processers.” See GDPR, Art. 4, Sec. 8.  Any content library with contributors, distributors, customers and model releases, is a controller and needs to keep its records that contain personal data secure.

The first step toward GDPR compliance is to audit your data practices. Make a list of what personal data you collect and how you use that data. Then, when you update your privacy policy, you can use that list to make sure that you have provided adequate disclosure of how you use the personal data.The regulations require that the notice is not written in legalese but inclear and plain language.In general, you should not collect or retain information that you have no legitimate business purpose to collect.

The privacy notice should address the following to sufficiently inform the data subject:

  • Who is collecting the data?
  • What data is being collected?
  • What is the legal basis for processing the data?
  • Will the data be shared with any third parties?
  • How will the information be used?
  • How long will the data be stored for?
  • What rights does the data subject have?
  • How can the data subject raise a complaint?

Further, if someone from the E.U. requests information about the personal data you collect, you have an obligation to respond to requests within 1 month and may not charge the data subject for responding. You also need to give the E.U. resident the ability to update that information and the ability to remove the information if there is no legitimate reason to maintain that personal data.Additionally,any data breach of personal information must be reported within 72 hours.

Individuals subject to the GDPR can enforce these new rules, as it provides for a private right of action, but there must be some material damage.

In terms of marketing to customers or potential customers in the E.U., the consent rule under the GDPR is an “opt-in” instead of “opt-out” rule. Consent must be very clear and cannot be buried in terms and conditions. There should be a separate check box for marketing and promotions and for accepting terms and conditions.

It is too soon to know how these new regulations will impact the image licensing industry. To some extent all photographs of recognizable people contain personal data. Some have asked whether the new “right to be forgotten” will affect the industry and whether models or subjects could request that images be erased or consent withdrawn. While these regulations have not been officially interpreted yet, this kind of overly broad interpretation would be contrary to the purpose of the regulations – which is to address privacy issues with data collection.

The regulations do acknowledge that there are legitimate business reasons to retain certain personal information. The licensing of editorial as well as commercial images by image libraries serves an important business and newsgathering function and model releases are required to be retained for many business and legal purposes, and are necessary to produce in the event of a claim. Further, the “right to be forgotten” is not absolute and the regulations acknowledge that other rights, such as the right to freedom of expression and information, including processing for journalistic purposes and the purposes of academic, artistic or literary expression must be reconciled with this right. These exceptions should insulate the licensing of images and restrict persons from demanding that images be removed.

This article is intended to be a broad overview of this new regulation and not a complete description of the GDPR or any company’s obligations. You are encouraged to seek further advice and there are many websites offering insights. Importantly, the regulations have not been interpreted and we will continue to monitor this topic. The GDPR will be included in the DMLA legal panel at the DMLA Annual meeting in October.

Keep Fighting for Artists’ Rights!

The letters that are being sent are starting to make a difference so don’t stop!

More members of the House Judiciary Committee need to be paying attention to H.R. 3945 – CASE Act!

Keep up the fight by sending a letter each week! The more we send, the closer we’ll be to getting the copyright protection YOU deserve!

You can find your a sample letter and your representative here.  It’s easy.  Just do it!

SUPPORT NEEDED FOR CASE ACT!!

I’m sure that you’re aware we been working for the last few years with a group of other associations on what is now the CASE Act (HR#3945) the SMALL CLAIMS TRIBUNAL BILL, a bill by Representatives Hakeem Jeffries (D-NY), Tom Marino (R-PA), Doug Collins (R-GA), Lamar Smith (R-TX), Judy Chu (D-CA), and Ted Lieu (D-CA). The bill is ready for write-up and we are now awaiting a date for that to happen based on a couple of issues still being worked out, but it looks like it could be as early as next week.

It has come to our attention that so far only about 2200 letters have been received by the Copyright Alliance platform which is less than 5 letters per member of Congress–barely even noticeable. We have been told by the players on the Hill that the passage of this bill will come down to grassroots support and this is a very poor showing. They need to see that we are behind this important bill for creators!

We need every member and their photographers and their adult children, friends and neighbors to send letters to their representatives!

I am asking you to send out a plea to your staff and photographers to help us get this bill passed by contacting their representatives. It is really easy. There are letters ready for them to use here. If we fail and small claims doesn’t make it through this year, it will be very difficult to get it passed in subsequent years. THIS IS OUR CHANCE! Please help all creators protect their copyrights!

Thanks so much for your help!