Digital Single Market and Cloud Services: the legal implications of the Cloud on copyright laws and CSPs’ liability
Kluwer Copyright Blog
March 14, 2019
Please refer to this post as:, ‘Digital Single Market and Cloud Services: the legal implications of the Cloud on copyright laws and CSPs’ liability’, Kluwer Copyright Blog, March 14 2019, http://copyrightblog.kluweriplaw.com/2019/03/14/digital-single-market-and-cloud-services-the-legal-implications-of-the-cloud-on-copyright-laws-and-csps-liability/
Cloud Services are often used for communicating, distributing and reproducing digital content, since IP based devices are nowadays a common means for exploiting such content and the IP connection between client devices and servers is made simpler with the use of virtualized resources in Cloud. We noted in a previous post (see here) that some Member States are introducing new rules aimed at defining Cloud Services and the legal requirements for making Cloud Service Providers (CSPs) eligible for offering Cloud Services to Public Administrations. There are also issues related to Cloud Services and copyright laws, namely the rights of reproduction, distribution and communication to the public. This post highlights some conclusions of an interdisciplinary study, recently published in Italy, focused on the legal, regulatory, economic and technical implications of the Cloud (available here).
Active and passive role of CSPs in private copying
CSPs are relatively new intermediaries acting as “service providers” within the meaning of Directive 2000/31/EC (i.e. any natural or legal person providing an information society service). They are commonly envisaged as the suppliers of the virtualized technical infrastructures where digital content can be stored, distributed or communicated to the public and where computing resources can be shared between a number of clients. Thus, CSPs are usually not seen as having responsibility for illicit activities conducted through their means, since their role is considered merely passive in providing the technical infrastructure used by clients.
It is worth noting that in a recent EU case (C-265/16, V-CAST) and during the process of approval of the new EU Copyright Directive, there are signs of evolution in the categorization of CSPs, with a distinction between “active” CSPs and “passive” CSPs. This process does not seem very different from developments in the categorization of hosting service providers, where a higher level of responsibility is required for those providers which play an “active” role.
In the case between V-Cast and RTI, the CJEU ruled that V-Cast’s video-recording service using Cloud storage was illicit in light of the Infosoc Directive. Specifically, the Court ruled that the Infosoc Directive, in particular Article 5(2)(b) thereof, must be interpreted as precluding national legislation which permits a commercial undertaking to provide private individuals with a Cloud service for the remote recording of private copies of works protected by copyright, by means of a computer system, by actively involving itself in the recording without the rightholder’s consent. An interesting aspect of this decision seems to be the distinction drawn by the Court between “active” and “passive” Cloud Service Providers. Indeed, by describing the conditions under which the active CSP can be found liable, the Court seems to be also implicitly enucleating the conditions under which the passive CSP cannot be considered liable.
The Court has clarified that in order to apply the exception for private copying it is not necessary that the technical means used for reproduction purposes are directly available to the users; they can also be provided by third party operators. The core element for ascertaining the correct legal interpretation is the type of activity offered by V-Cast to its users. In the Court’s opinion, such activity cannot be considered to be a mere supply of Cloud storage. V-Cast was offering a more comprehensive service, inclusive of the (unauthorized) access to the RTI broadcasts over DTT, their reproduction and conversion into another format for distribution over the Internet, and their storage, at users’ request, in a Cloud storage service for subsequent access by users.
Although the Court’s judgment is very specific and tailored to the V-Cast service, it is also interesting to understand what can be arguable reading this judgment a contrario. The mere provision of Cloud storage services for audio-visual content, with reproductions made at the individual request of end-users, could be considered, under certain conditions, to be covered by the private copying exception since: (i) it is not a necessary requisite that the users possess the reproduction means or equipment, given that such reproduction can also be made via means or equipment made available by third-party operators (§ 35 of the judgment); (ii) a provider which merely organizes the reproduction on behalf of the users could be considered within the limits of the private copying exception, where the provider does not play an active role and does not interfere with other exclusive rights, such as communication to the public (§ 37-38 of the judgment).
The distinction between active and passive CSPs forms part of the discussions around the proposal for a new Copyright Directive in the Digital Single Market, at least according to the Amendments to said Directive adopted by the European Parliament on 12 September 2018 (see here). With Amendment 143 for introducing a new Recital 37 a, the European Parliament has proposed introducing a definition of an Online Content Sharing Service Provider, which should encompass those Providers whose main purposes are to store and give the public access to or to stream significant amounts of copyright protected content uploaded / made available by users, and that optimise content, and promote for profit making purposes, including amongst others displaying, tagging, curating, and sequencing, the uploaded works or other subject-matter, irrespective of the means used therefor, and therefore act in an active way.
In its proposal of amendments, the European Parliament has expressly also mentioned that “Providers of cloud services for individual use which do not provide direct access to the public … should not be considered online content sharing service providers within the meaning of this Directive”. This provision, if approved, should be for the benefit of mere Cloud storage services, such as Dropbox or iCloud, where the request for reproduction is made by private users and access to the stored contents is limited to users with an account associated with those stored contents. This approach is aligned with the conclusions of the CJEU in the V-Cast case, at least in terms of the Court’s view on the features of an active CSP, and is a clear sign of the emerging distinction, from a legal standpoint, between active and passive CSPs.
Last month, the European Commission confirmed that a political agreement on a new Copyright Directive in the Digital Single Market has been reached with the Council and the Parliament (see here). The exclusion of passive CSPs from the definition of Online Content Sharing Service Provider seems to be confirmed by the text resulting from the Trilogue (see here). The agreed text must now be formally confirmed by the European Parliament and the Council. The decision of the Parliament is expected by the end of March. Once confirmed and published in the Official Journal of the EU, the Member States will have 24 months to transpose the new rules into their national legislation.
Distribution of digital content via Cloud
The Cloud is also profoundly changing the way digital content circulates. In fact, very often, digital content does not actually circulate at all, since it resides on the Cloud and what circulates is more precisely the legitimacy of accessing such content. This characteristic led, first in the USA and then also in Europe, to the growth of a secondary market for the resale of “used” digital content. Among the most popular channels for the sale of digital content (music files, video files, apps, etc.) there are e-marketplaces such as iTunes, Apple App Store, Google Play, Amazon App Store, etc. Through these sales channels, users can access digital content directly on their devices via the Internet (mainly smartphones and tablets).
Although there is no specific case law in the European Union on the resale of digital content, the CJEU has analyzed a similar case relating to the resale of software (C–128/11). In this case, UsedSoft, the Court made it clear that, under certain conditions, used software can be resold. UsedSoft is a German company specializing in the marketing of used licenses, including Oracle licenses. Oracle, a leading US distributor of software, requested in Germany the cessation of the sale by UsedSoft of used licenses on its software. The Court of Justice seems to have to some extent legitimized certain of UsedSoft’s commercial methods (at least where UsedSoft allows the assignment of the entire set of software licenses and the simultaneous cancellation of the software licenses from the originator’s memory, allowing the download of the software by the assignee from the Oracle server).
The Court has argued that the interpretation of art. 4.2 of the Software Directive in light of the principle of equal treatment confirms that the exhaustion of the right of distribution is effective following the first sale of a copy of a program in the Union by the copyright holder or with his consent, regardless of whether the sale relates to a tangible or intangible copy of the program.
For the Court, however, it is not lawful to resell in part the licenses for the work stations that the licensees do not use, since in this case there would be a violation of the exclusive right of reproduction, which does not allow the creation of a new copy in favor of the assignee of software licenses.
The practical impact of this decision on the software market (and subsequent rulings by the Court of Justice in the same line, see C–166/15) will perhaps be limited because the supply of software is increasingly moving towards software as a service. Software resale will therefore not be a major issue in the long run. The resale of digital content (where the resale of the software is only a component) will probably retain its relevance and the Court of Justice will likely be called on to give less sectoral indications than those concerning the interpretation of the Software Directive. In this light the pronouncement in UsedSoft can probably be read together with another judgment of the Court of Justice (C‑355/12, Nintendo). Although focused on a different area of law, namely the legitimacy under Directive 2001/29 /EC of the protective measures employed by Nintendo on its gaming consoles and the systems that incorporate the games themselves (CD-ROM or DVD-ROM), the Court has clarified that videogames by their nature “constitute complex matter comprising not only a computer program but also graphic and sound elements, which, although encrypted in computer language, have a unique creative value which cannot be reduced to that encryption“. It therefore seems that digital content, including video games, is eligible for protection both on the basis of the Infosoc Directive and on the basis of the Software Directive, and this complex nature could also offer arguments to support the extension of the conclusions reached on the issue of resale of the software to the resale of other digital content as well.
Communication to the public and right to portability of online content services
As for the relationship between Cloud, communication to the public of digital content and the impact on the principle of territoriality, Regulation 2017/1128/EU on cross-border portability of online content services (the Portability Regulation) should be taken into consideration. The Portability Regulation introduces, with direct applicability in all Member States, the right for users of online content services to access content even when they are temporarily resident in a Member State other than the one in which the subscription to the service has been activated and the content is normally used.
Obviously, these services for accessing audiovisual content via the Cloud are, by their nature, suitable for cross-border access, since the content is “resident” on content delivery networks that can be located anywhere. The EU legislator has taken into consideration this feature of communication via Cloud that makes the provision of these cross-border services possible and, given the principle of territoriality of the exploitation of works protected by copyright, has introduced a fictio iuris pursuant to which the act of exploitation of online content is considered to have taken place in Italy, for example, even if this actually takes place in another Member State.
It seems worth noting that Recital 23 of the Portability Regulation mentions the possibility for the service provider to allow the subscriber access to content legitimately distributed in the Member State in which the subscriber is temporarily present (“This Regulation, and in particular the legal mechanism by which the provision of, access to and use of an online content service are deemed to occur in the subscriber’s Member State of residence, does not prevent a provider from enabling the subscriber to additionally access and use the content lawfully offered by the provider in the Member State where the subscriber is temporarily present”). And this would seem to be in addition (and not alternatively) to the portability of the content under the fictio iuris referred to in Article 4 of the Rules. As in, Netflix could allow its Italian customers temporarily residing in Germany to access (via portability) the “Italian” Netflix and/or to directly access the “German” Netflix (consider that often the content is available in several languages or with more subtitles).
Recital 23 is of relevance for the interpretation of the Portability Regulation. In fact, it is an indication that the EU legislature aims at the so called “useful effect” on the consumer, regardless of the way to overcome the limits of today’s system focused on the territoriality of the exploitation of works protected by copyright. This aspect is even more evident when read in conjunction with Recital 12 of the Portability Regulation, where the objective is “to adapt the harmonised legal framework on copyright and related rights […] without affecting the high level of protection guaranteed by copyright and related rights in the Union, without changing the existing licensing models, such as territorial licensing”.
In light of this reconstruction, therefore, there seem to be concrete indicators to argue that with the Portability Regulation the EU legislator has not aimed so much at rewriting the rules of copyright and subverting its principles, but at placing obligations on the providers of online content services – justified in terms of consumer protection – aimed at enabling Cloud services to operate according to their actual cross-border potential, regardless of the limits of copyright.