Informationoverlord

The EU’s Article 29 Data Protection Working Party has sent public letters to the three major search engines – Google , Microsoft  and Yahoo!  saying that although it welcomes their efforts to bring their data retention policies in line with the law, they are all still in breach of the EU’s data protection directive.

The Working party tells Google that it should reduce the period at which it “anonymizes” IP addresses in it’s server logs to 6 months instead of the 9 months it agreed to reduce them to. It also states that Google’s method of anonymisation is not adequate – Google deletes the last octet of the IP-addresses.

According to the Working Party ’such a partial deletion does not prevent identifiability of data subjects.’ In addition to this, They were not happy with Google’s cookie retention practices, where Google retains cookies for a period of 18 months. ‘This would allow for the correlation of individual search queries for a considerable length of time. It also appears to allow for easy retrieval of IP-addresses, every time a user makes a new query within those 18 months.’ The Working party letter states.

The Working party is bit more gentle on Microsoft and applauded its willingness to reduce the retention period of cookies and IP addresses to 6 months, pending on the willingness of other search engines to follow suit. However, like Google, Microsoft retains Cookie date for 18 months, which again still left room for ‘the cross-matching of search queries for a considerable length of time.’ The Working party also questioned the effectiveness of Microsoft’s anonymisation claims.

Yahoo! had pledged to reduce their retention time to 90 days with limited exceptions for fraud, security, and legal obligations, which pleased the Working party, who welcomed the move to deleting the full IP-address from the first full dataset after 90 days instead of just deleting the last octet, but again there were concerns. ‘a partial deletion of the personal data contained in search logs does not constitute true anonymisation.’ the Working party points out. Also,as with Google and Microsoft it says they were not provided with enough information to technically assess the quality of their anonymisation policy.

Here there was a clear call to all three search engines to review their anonymisation claims and make the process verifiable, preferably by developing a credible audit process involving an external and independent auditing entity. ‘The actual techniques of anonymisation deserve an open debate, open to  public scrutiny, in light of the expanding body of research on the failures of anonymisation.’, states the Working party.

The Working party also recognises the transatlantic of the issue and states that it has forwarded its concerns to the Federal Trade Commission (FTC), and asked the FTC to use its authority to examine the compatibility of this behaviour with section 5 of the Federal Trade Commission Act.

It’s good how long you can get away with breaking the law isn’t it. Look forward to the responses from Google and Co.

I, like many of my fellow information/library colleagues, use the EU’s TED (Tenders Electronic Daily) service. For those familiar with TED it is the online version of the ‘Supplement to the Official Journal of the European Union’, dedicated to European public procurement. And yes, it is about as exciting as it sounds.

Now, in common with many sites, you can create saved searches and have these emailed to you or take an RSS feed of the search .

Now if you take the feed you can subscribe to in IE7 or MS Outlook

(actually on a separate note, have you ever tried doing that? According to Outlook ” Using Microsoft Office Outlook 2007 to subscribe to an RSS Feed is quick and easy and does not involve a registration process or fee.” Infact it is so easy that when you click on FILE, TOOLS, or ACTIONS there is no mention of RSS anywhere. That’s because part of this quick and easy process involves you knowing that you have to do the following:

1. On the Tools menu, click Account Settings.
2. On the RSS Feeds tab, click New.
3. In the New RSS Feed dialog box, type or press CTRL+V to paste the URL of the RSS Feed. For example, http://www.example.com/feed/main.xml.
4. Click Add.
5. Click OK.

Yes, it is not a long process, but WHY do I have to go into my account settings to add an RSS feed?)

But I digress. Back with my TED feed. If you try to add it to your iGoogle page, Google Reader, Netvibes or indeed anything non-Microsoft it seems to me, you’re told the link “does not provide a feed” / “sorry, no feeds found at this url” etc

Conclusion: TED RSS feeds = FAIL

And that is the good news because the email update is even worse. For example, today I got an email telling me:

Here are 5 result documents published on TED corresponding to your alert … published in 053/2010 on 2010-03-17:

Ok, that seems fine (or fine if you ignore fact that today in the 26th and according to the rss feed there is more up-to-date content than stuff from the 17th that the email is alerting me to) until below the five items it then adds …

The total number of documents matching your criteria is 17. To view all the results please Click here.

What? The whole point of my wanting an email update is so I don’t have to visit the site needlessly. With this update I still need to visit the site if there are more than 5 items matching my profile just to check that the ones they have omitted are not of use to me. What value is that providing exactly? I really do wonder sometimes how people that set these things up ever got jobs. They might as well send me an email each day saying ‘There might be some stuff on our site today that may be of interest to you … then again, there might not’. In fact I’d suggest that is what TED start doing instead.

Conclusion: TED Email alerts = FAIL

Well it happened quicker than I thought, but the European Parliament (EP) and the Council of Ministers reached an agreement on EU Telecoms Reform, by the end of the first day of the conciliation procedure.

The two sides reached a quite comprise over the clause to guarantee access to the internet.

The newly agreed Article 1(3)a of the new Framework Directive, now reads:

“Measures taken by Member States regarding end-users’ access to or use of services and applications through electronic communications networks shall respect the fundamental rights and freedoms of natural persons, as guaranteed by the European Convention for the Protection of Human Rights and Fundamental Freedoms and general principles of Community law.

Any of these measures regarding end-users’ access to or use of services and applications through electronic communications networks liable to restrict those fundamental rights or freedoms may only be imposed if they are appropriate, proportionate and necessary within a democratic society, and their implementation shall be subject to adequate procedural safeguards in conformity with the European Convention for the Protection of Human Rights and Fundamental Freedoms and general principles of Community law, including effective judicial review and due process. Accordingly, these measures may only be taken with due respect for the principle of presumption of innocence and the right to privacy. A prior fair and impartial procedure shall be guaranteed, including the right to be heard of the person or persons concerned, subject to the need for appropriate conditions and procedural arrangements in duly substantiated cases of urgency in conformity with the European Convention for the Protection of Human Rights and Fundamental Freedoms . The right to an effective and timely judicial review shall be guaranteed.”

This text is watered down from the EP original amendment that the “prior ruling” must be by “judicial authorities”, although thankfully the “presumption of innocence” that the Council also wanted dropped remains in place.

Following final votes in Parliament and Council in November, the whole telecoms package, which includes the creation of a new European Telecom Authority (BEREC), increased power for the Commission to oversee regulatory remedies proposed by national regulators, powers for national regulators to impose a ‘functional separation’ remedy, and a consumer right to port telephone numbers within 1 day, could come into force in early 2010. EU countries will then have 18 months to incorporate the new provisions into their national legislation.

It looks like the European Commission is now set to get its way and EU member states will get a French style 3 Strikes rule for alleged internet illegal filesharers and the like.

Just as it was announced that the conciliation procedure was set to start between member states and the European Parliament (EP) over the latter’s insistence that an amendment that guaranteed that an internet user’s internet access could not be restricted without a court ruling - which read:

“that no restriction may be imposed on the fundamental rights and freedoms of end-users, without a prior ruling by the judicial authorities, notably in accordance with Article 11 of the Charter of Fundamental Rights of the European Union on freedom of expression and information, save when public security is threatened where the ruling may be subsequent.”

It seems the EP have now capitulated and offered up a new text that removes the need for a court order to be required prior to cutting off someone’s internet access. The new text reads:

“Any such measures liable to restrict those fundamental rights or freedoms may only be taken in exceptional circumstances and imposed if they are necessary, appropriate and proportionate within a democratic society, and shall be subject to adequate procedural safeguards in conformity with the European Convention for the Protection of Human Rights and Fundamental Freedoms and with general principles of Community law, including effective judicial protection and due process. In particular, any measures may only be adopted as a result of a prior, fair and impartial procedure ensuring inter alia that the principle of presumption of innocence and the right to be heard of the person or persons concerned be fully respected. Furthermore, the right to an effective and timely judicial review shall be guaranteed.”

Member States can still opt to have a requirement that a court order is needed, but it will no longer be a requirement.

The new text was penned by MEP Catherine Trautmann, who was responsible for the report that included the original amendment. Of her new text she says “Parliament’s delegation has agreed a compromise proposal that will serve as a basis for negotiations and towards which the Council and the Commission will be able to converge.”

The move should mean that the conciliation procedure that will take place between the Parliament and the Council between 4 November and 30 December should now be no more than a formality, as the council is unlikely to push for further amendments that might risk the amendment being agreed. None agreement on the clause would scupper the whole telecoms package, as the EU takes an all or nothing approach to passing law.

So, it looks like despite voting infavour of the original amendment twice in large numbers the ‘elected’ part of the EU is going to allow the ‘non elected’ part to get its own way. Would love to say I’m surprised, but I’m not. It was always going to happen.

Meanwhile, perfectly on cue, the French constitutional court approved the country’s “three-strikes” law (Hadopi), which will sever the Internet connections of those found to have been repeatedly infringing copyrights on file-sharing networks.

Update

According to a report by the excellent mLex, my view that the Member States would not try to push for more changes was wrong. They report that they still want to remove any mention of a “prior” judicial review, “presumption of innocence” and that measures may only be adopted “in exceptional circumstances” from the clause, instead adding in a number of exceptions to the latter requirement to involve the courts at all for “national security, defence, public security, and the prevention, investigation, detection and prosecution of criminals.” Drive that truck through that list now. A brave (or stupid) move by the member states who risk the EP reverting back to their original position.

According to the BBC the French National Assembly has passed the Hadopi law (by 296 to 233) which will implement a three strikes rule that would cut internet access to anyone ‘caught’ illegal file sharing. A new state agency, the Hadopi, would first send illegal file-sharers a warning e-mail, then a letter, and finally cut off their connection for a year if they were caught a third time.

The move comes as the UK music and film industries are putting pressure on Lord Carter to add a similar recommendation to his Digital Britain report.

The French move is a risky one, as it puts it on collision course with the European Union. Last week the European Parliament (EP) reinstated one of its first reading amendments for the EU’s new telecoms regulatory package by reinstating an amendment that guaranteed that an internet user’s internet access could not be restricted without a court ruling. “no restriction may be imposed on the fundamental rights and freedoms of end users, without a prior ruling by the judicial authorities (…) save when public security is threatened.”

The French Law which does not involve the accused person having their internet access blocked by any judicial authority would immediately be in breach of that law (if adopted). However: EU telecoms ministers, who have a final say on the EU legislation, could reject the amendment at a meeting on 12 June, but this would delay agreement and adoption of the whole telecom reform package for months. Also, as chances are there will be 12-24 months for Member States to implement any agreed new telecoms package; and that the infringement process of the European Commission is tediously slow (Countries are still only just being found in breach of EU law for the European Court of Justice for infringing the telecoms framework that was in place before the current one (which was passed in 2002); regardless of what the Commission eventually decides on this issue France may still go ahead with this plan.

The European Court of Justice has dismissed Ireland’s challenge of the legal basis for the data retention directive (2006/24/EC). Ireland was arguing that the European Commission did not have the power to adopt the directive as the matter should have been adopted under the ‘third pillar’ which deals with matters concerning public security and the activities of the State in areas of criminal law.

The ECJ concluded that the legal basis for the directive was correct because whilst the directive is connected to policing it does not actually cover policing functions, but instead covers the activities of service providers in the internal market.

The ECJ has essentially followed the advice of Advocate General (AG) Bot who had recommended that the European Court of Justice dismiss the appeal stating that the obligation to retain data for investigations of serious crimes was not sufficient to remove the measure from the Community pillar as the directive’s purpose was to harmonise the conditions under which communications providers must retain traffic and location data, not to harmonise the conditions under which the law-enforcement authorities may access, use and exchange that retained data.

Andy Burnham seems to have been finally hooked by the Music Industry and now wants to support calls for extending the term of protection for recorded performances from 50 years. At the moment he is still stopping short of the EU’s proposal to extend it to 95 years, instead calling for “An extension to match more closely a performer’s expected lifetime, perhaps something like 70 years, for example, given that most people make their best work in their 20s and 30s”.

The justification for this?

“There is a moral case for performers benefiting from their work throughout their entire lifetime … It’s only right that someone who created or contributed to something of real value gets to benefit for the full course of their life.”

I’m sorry? It’s only right? Why?

I’m really sorry, but if you are going to go down this road then computer programmers, book printers, and house builders, and more should be added into a widened protection. It really does make as much sense to include them if this the rationale behind it. No, silly, it’s all about copyright.

“the legal concept of copyright has underpinned our creative industries for decades, and is essential to rewarding talent and creativity”

Let me say, once again, these rights were granted to act as an incentive to produce new recordings by allowing those producing the sound recordings a reasonable period to recoup their investment. These rights are economic not moral - unlike the case of songwriters/authors who get longer protection (life of the author plus 70 years). The temporary monopoly granted in the form of such a protection to sound recordings is a valid one, but this has to be balanced with benefits to society, which means the right should be limited to allow the producers of the sound recording a reasonable time to recoup the cost of producing the recording. If a record is going to make back its money it will usually do so quite quickly. The protection is not there to compensate producers for records that never recoup the cost of producing them.

Commenting on Andy Burnham’s decision to support the extension of copyright for sound recordings, Liberal Democrat Shadow Culture, Media and Sport Secretary, Don Foster thinks it is Christmas stating that: “This is a long overdue U-turn. The Government has finally woken up to the financial difficulties many of our musicians are facing.Ministers must now seek to implement the European Commission’s proposals as a matter of urgency.” I’m sure there is an equally pointless response from the tory front bench too.

Burnham was speaking at the UK music Creator’s Conference. Charlie McCreevy - the man behind the EU’s proposals - was also there. And our Charlie had some harsh words for our UK academics (who did things like doing economic analysis of the proposals): “There are a lot of academics here in the UK who engage in general considerations on the length of copyright. But what they seem to be neglecting in their deliberations is that we are talking about real people here, not abstract concepts. It’s pretty straightforward where I am coming from – and that’s about as far away from an academic ivory tower as you can get. We are talking about livelihoods and payment for work rendered.”

I don’t know about you, but my tear ducts are filling up again.

And he’s right. He said ” We are talking about livelihoods and payment for work rendered.” Can not argue with that, and guess what Charlie, the performers have been paid for the service rendered. If they were a session musician they will have got paid their fee; if they were the performer they would have almost certainly signed over their rights to the record label. In both cases they have still been paid for the work rendered, and if there are any problems it once again comes back to the contracts they signed, nothing else.

I presume Charlie is talking about people such as those at The Centre for Intellectual Property and Information Law at Cambridge University that assessed the economic evidence for the case for an extension of the copyright term in sound recordings for the Gower Report on IP and found the case “to be weak.” Also, this bunch of trouble makers that had to twist the arms of some of their fellow ivory tower dwellers across Europe, such as Professor P. Bernt Hugenholtz, of the Institute for Information Law who produced two major studies for the EU on copyright published in 2006 and 2007. ( Some of this work made it into this article that I have linked to before) who also concluded that a copyright term extension would be a bad idea.

Charlie also welcomes the proposed amendment to include film actors into the extension. Can my Mom be added in too?

Some people argue that the idea of the so-called session musician fund in the proposals makes it all worthwhile. Fine, I have no problem with that proposal, and there is absolutely no reason why it cannot be done within the current legal and contractual framework. It wont be, but it could be.

I actually have the solution. Let’s just make copyright (and related rights - as that is what we are actually talking about in this instance) last forever. Problem solved.

A great day for the music ‘Industry’ yesterday. The proof that lobbying works has been born out by the announcement from the European Commission that it will push ahead with plans to extend the term of protection for recorded performances and the record itself from 50 to 95 years - to help make things fairer. It is proposing an amendment to Directive 2006/116/EC.

The extended term would benefit performers who could continue earning money over an additional period. A 95-year term would bridge the income gap that performers face when they turn 70, just as their early performances recorded in their 20s would lose protection. I know I sound like a broken record on this one, but copyright protection / related rights protection is not a pension plan, nor was it intended to be.

They will continue to be eligible for broadcast remuneration, remuneration for performances in public places, such as bars and discotheques, and compensation payments for private copying of their performances.

The extended term would also benefit the record producers. It would generate additional revenue from the sale of records in shops and on the Internet. This should allow producers to adapt to the rapidly changing business environment which is characterised by a fast decline in physical sales (- 30% over the past five yeas) and the comparatively slow growth of online sales revenue. This will allow the industry to adapt to the rapidly changing business environment? Ah, so 50yr protection didn’t allow them to do that but 95yr protection will. Got ya. The recent payola scandals in the US clearly also Cleary show where that potential enhanced investment can go.

In the one moment of sanity a ‘use it or lose it’ clause will also be introduced at the current 50yr mark and if the record producer doesn’t make the work available that would otherwise fall into the public domain then the rights will revert to the performers. Likewise ‘orphan works’ may benefit and be ‘released’ into the Public Domain, rather than bundled into the extended period of protection. If this works as it could it will at least provide some limited benefit

There is some added protection for co-written material. According to the proposed rule the term of protection of a musical composition shall expire 70 years after the death of the last surviving author, be it the author of the lyrics or the composer of the music. I will concede that there may be some logic in this, but as the Impact review even realises this does increase the legislative and administrative burden on Member States and create legal uncertainty, because the term of protection to the term of protection would no longer be linked to a certain and uniform date. This also muddies the waters on authors rights.

The proposals will also see record companies set aside at least 20% of the revenue that accrues during the extended term for session musicians.

I just had to read what the impact assessment said to find out how we got here.

In trying to decide on the best way forward the commission assessed all their options against six operational objectives: (1) gradually align authors’ and performers’ protection; (2) incrementally increase the remuneration of performers; (3) diminish the discrepancies in protection between the EU and US; (4) incrementally increase A&R resources, i.e., the development of new talent; (5) ensure availability of music at reasonable prices; and (6) encourage digitisation of back catalogue.

The options were:

a) Do Nothing
b) Extend the term of performers to ‘life or 50 years’, whichever is longer.
c) Extend current term of protection to 95 years for performers and record companies.
d) Leave term alone, and create an ‘unwaivable’ right to remuneration to which performers would remain entitled even after having transferred their making available right to a record producer.
e) Leave term alone, and strengthen performers’ moral rights. The scope of their moral rights could be harmonised to include a right to restrict derogatory uses of their performances
f) Leave term alone, and ensure that ‘use it or lose it’ clauses are included in agreements between performers and record labels. This means that, if a record company is unwilling to re-release a performance during the extended term, the performer can move to another record company or exploit the record himself.
g) Extend term and create a fund for session musicians with 20% contributions from record companies for the ‘extended period’ from their increased revenues.

So, things we need to consider:

We hear of the poor session musician who has only be able to eat over the last 50yrs because of the money he/she has been receiving, but under the current 50yr regime will suddenly “find it more difficult to devote time to their artistic career, as they generally respond to small increase in revenues, such as provided by the income flows mentioned above, by devoting more time to their creative activities. They will also lose protection just when online retailing promises a new source of revenue.” What a load of old bollocks. As highlighted by the excellent article Never Forever: Why Extending the Term of Protection for Sound Recordings is a Bad Idea [2008] E.I.P.R Issue 5 - as most recordings have no commercial value after 50 years, the number of performers this would actually benefit is, at best, questionable.

“Once protection has ended, performers no longer receive any income from these sound recordings. For session musicians and lesser known artists that means that income from those sound recordings stops when performers are at the most vulnerable period of their lives (retirement).” Again, related rights protection is NOT a pension/retirement fund. Try saving some money like the rest of us, and take your state pension. Also as the case above the number of performers/musicians genuinely affected by this will be very small.

You’ll all be pleased to learn that the term extension does no harm to consumers because: “Empirical studies show that the price of sound recordings that are out of copyright is not lower than that of sound recordings in copyright.” Indeed, one of my favourite sections of the IA is where they talk about why the ‘do thing’ option is a non-starter:

“The only beneficiary of the ‘do nothing’ scenario would be ‘public domain’ record companies who could progressively re-issue sound recordings from the period between 1957 and 1967 without paying royalties to performers. As there is little evidence that records in which the rights of performers and producers have expired are cheaper than those still protected, the ‘do nothing’ option would lead to a shift in economic income from performers to “public domain” companies.”
‘Public Domain’ companies are obviously not loved by the Commission. How dare they come in and make money off the backs of performers without making their prices cheaper. Also the IA also seems to think if Public Domain companies can’t make any money, there is no incentive to digitise these out of copyright works. Conversely the main beneficiary of the proposed approach will be the ‘traditional’ record companies, Remember, the rights we are talking about are supposed to act as an incentive to produce new recordings by allowing those producing the sound recordings to recoup the investment. Apparently the best incentive is to give the producers almost 100 years to recoup that investment. Ever get the idea you are in the wrong business?

Of course the US protects performers for longer - thanks to Sonny Bono - so now we have to otherwise our artists are at a disadvantage and EU artists will just stop making music.

“Record companies argue that their main problem is a decrease in revenues following large scale piracy over the internet (Haven’t heard that one before). They also point out that record producers in the USA and other countries in the world enjoy a much longer term of protection. This, they argue, will divert creative efforts away from Europe and toward those markets that grant longer periods of protection and thus income. They point to a tendency for record producers to orient their productions to cater to the taste of those jurisdictions where most revenue could be achieved.” They point to, and we accept because they wouldn’t lie to us now would they. You heard it here first, unless we have a term extension people will make records for the American market.

The UK government, who have still been saying that the Gowers Review was right and we don’t need to extend the term - whilst really wanting to go throw most of Gower’s findings out of a window, will love that they can now say, Europe made us do it.

This early day motion has 8 signatures so far:

Mr John Whittingdale
Michael Connarty
Mr Jeremy Hunt
Mr Don Foster
John Robertson
Pete Wishart
Mr Edward Vaizey
Janet Anderson

That this House welcomes the proposal by the EU Commissioner for Internal Market and Services that copyright terms for sound recordings should be extended from the current 50 years to 95 years; notes that performers will be the main beneficiaries of an extension through the provision of a fund for musicians from the extra money earned in the long-term; further notes that the proposal requires copyright holders to publish their works or else license others to do so, which will ensure that music remains available to consumers; believes that the proposal will mean that British and European musical creativity is properly rewarded and will redress some of the existing unfairness faced by perfomers compared to composers and songwriters in the copyright system while giving European performers the same rights as those enjoyed by performers in most other countries; and calls on the Government to give the proposal its full support at future meetings of the European Council.

[Early day motions (EDMs) are formal motions submitted for debate in the House of Commons. However, very few EDMs are actually debated]

The latest issue of Computer and Telecommunications Law Review has an excellent overview of the new EU Audiovisual Media Services Directive. Stephen Ridgway of Denton Wilde Sapte skilfully outlines: the main aspects/scope of the new law; how it differs from the Television without Frontiers Directive which it replaces/updates; and the challenges member states face in implementing the Directive.

He points out that the lack of clarity in the wording of the Directive ( a fault common to a number of EU Directives) means that a measure aimed at harmonising regulation across member states could have the opposite effect - the ill conceived Data Retention Directive is already heading this way. He correctly, in my view, highlights the main problem for this as the introduction of a new two-tier regulatory framework and the already blurring lines between what are linear (TV Broadcasts) and non-linear (On-Demand) services.

Services such as YouTube were (rightly in my view) exempted from regulation as video sharing sites were classed as user-generated content that is non-commercial in nature. However, this does cause potential problems. Ridgway points to the examples of Lonelygirl15 and Kate Modern as the kinds of short on-demand clips that could find themselves seen as sufficiently ‘television-like’ to be covered by the Directive.

Along with Elizabeth McEneaney’s article - The Audiovisual Media Services Directive - Ent.L.R., Issue 3, 2008 (p59-61), the best yet for helping lawyer and non-lawyer alike get a understanding of the AVMS. Recommended.

The Audiovisual Media Services Directive - what does it mean, is it necessary and what are the challenges to its implementation? - Stephen Ridgway. C.T.L.R. 2008, 14(4), 108-113