Internet service providers (ISPs) generally have DMCA safe harbor immunity from copyright infringement liability for third-party content. ISPs include website host providers and forums among other online service providers. However, this immunity does not arise automatically.
Generally ISPs: 1) cannot have actual knowledge of the infringing material or activity; 2) cannot be aware of facts or circumstances from which infringement is apparent; and 3) the provider must act expeditiously to remove the claimed infringing content. Finally, ISPs cannot benefit financially from the infringement.
In light of a recent Fourth Circuit decision, BMG Rights Mgmt LLC v. Cox Communications Inc. (4th Cir. 2018), this is a good time for ISPs to revisit several important lessons to ensure safe harbor immunity under the DMCA.
1. ISPs must designate a DMCA agent with the U.S. Copyright Office.
Under Section 512 of the Act, service providers must designate an agent to receive notice of any infringement claims and register the agent’s contact information with the U.S. Copyright Office (a DMCA Registration). Service providers must also include this information on their website along with complying with the ‘Notice-and-Takedown’ requirements of the Act. This mean website operators that allow users to submit or post content must designate an agent to receive this notice and provide the contact information to the Copyright Office. This also means that upon notification of claimed infringement, website operators must promptly remove, or disable access to, the material in question.
2016 Revised Electronic DMCA Agent Registration
Late in 2016, an amendment was made to the DMCA requiring electronic registration (or re-registration) of an ISP’s designated agent. Many ISPs believed that their prior “paper” registration would satisfy the new requirement. This is not the case. ISPs must register (or re-register) electronically with the U.S. Copyright Office even if previously registered via paper application prior to January 1st, 2018. Failing to do so can jeopardize DMCA safe harbor immunity. As the defendant in Cox Communications found out the hard way after the jury awarded the plaintiff $25M, this mistake can be costly. The registration fee is only $6.
What Are The Renewal Requirements?
An ISP’s designation will expire and become invalid three years after it is registered unless the service provider renews the designation with the Copyright Office by either amending it to correct or update all relevant information or re-submitting it without amendment to confirm nothing has changed.
2. All service providers must include a DMCA Policy on their website.
Under Section 512 of the Act, service providers must include designated agent contact information on their website along with complying with the ‘Notice-and-Takedown’ requirements of the Act. Among other items, this policy should state your website’s intent to comply with the DMCA Notice and Takedown requirements, provide agent contact information and should provide a mechanism for Counter-Notice and Put-back, as required under the DMCA Act. This policy should be available on a separate page by using a prominent link labeled “DMCA” or “DMCA Policy.”
3. There must be a Repeat Infringers Policy.
The decision in Cox Communications clarifies registration with the Copyright Office is not the only requirement to obtain safe harbor immunity. The court ruled that an ISP was not entitled to DMCA immunity from copyright infringement for third-party postings through its service since it failed to implement a reasonable policy to remove repeat infringers. The DMCA requires website operators to have “adopted and reasonably implemented . . . a policy that provides for the termination in appropriate circumstances of subscribers . . . who are repeat infringers.” 17 U.S.C. § 512(i)(1)(A). The DMCA’s legislative history makes clear that Congress conditioned immunity on ISPs adopting a protocol to deal with repeat infringers.
The policy posted by Cox adopted allowed for 13 violations before being suspended for infringement. Cox also failed to enforce its own policy, letting repeat infringers back to using the service after short suspensions. Presumably, this decision was made based on losing revenue. (Discovery in the case is full of examples showing that Cox Communications had no intention of carrying out its policy and was concerned only with its own revenues.) The evidence in this case essentially showed that the DMCA policy was illusory.
The Court rejected the argument that the DMCA’s repeat-infringer-policy requirement is limited to infringers already found infringing by a court. The Court clarified that neither a lawsuit nor a court decision should be required before an ISP must meaningfully enforce its repeat infringer policy.
4. DMCA Polices must be enforced consistently without deviation in each instance.
5. Don’t ignore takedown notices.
The plaintiff in Cox Communications, BMG Rights Management, hired a service, Rightscorp, to send takedown notices to ISPs. The record showed that Cox Communications had a practice of ignoring the notices from Rightscorp because the notices contained settlement offers it likely felt was a scheme. This was a factor that the court ultimately felt severed DMCA immunity. The lesson for ISPs is simple: don’t ignore take-down notices and follow your own policy.