DMCA Safe Harbor
The Digital Millennium Copyright Act (“DMCA”) is a law that blog, chat room or other interactive website operators must understand and follow. Internet service providers (ISPs) generally have DMCA safe harbor immunity from copyright infringement liability for third-party content. ISPs include website host providers, search engines, blogs, forums and other online service providers. For DMCA safe harbor purposes, an ISP is a provider of one of the following categories of services:
- Transitory communications– facilitating data or content that is merely transmitted or routed; provided an automatic, technical process is used without the ability to select or edit the content or data. If an ISP is able to choose what content is shown to some extent, or modify the content, the exemption will not be available. Most service providers don‟t fall under this narrowly defined category.
- System caching– temporary storage of unmodified data made available by a third-party on a system or network controlled or operated by or for the ISP, done in the form of “caching”.
- Storage of content-operating a system or network controlled or operated by or for the ISP (i.e. hosting websites or forums allowing users to post content). Under the “storage” exemption, the ISP may be exempt if it does not have knowledge of an infringement (or is not aware of facts or circumstances from which infringing activity might be apparent) and does not have the right and ability to control the infringing activity.
- Information location tools such as search engines, directories, indexes, etc. Under this exemption, in order to qualify the provider must lack the requisite knowledge or ability to control the material, or cannot receive financial benefit from the infringing activity if it does have the right to control the content. It must also take down any infringing materials immediately upon notification.
However, DMCA safe harbor immunity does not arise automatically. In light of a recent Fourth Circuit decision, BMG Rights Mgmt LLC v. Cox Communications Inc. (4th Cir. 2018), ISPs should revisit the following important lessons to ensure DMCA safe harbor immunity.
1. ISPs must designate a DMCA agent with the U.S. Copyright Office.
Under Section 512 of the Act, ISPs must designate an agent to receive notice of any infringement claims and register the agent’s contact information with the U.S. Copyright Office (a DMCA Registration). Service providers must also include this information on their website along with complying with the ‘Notice-and-Takedown’ requirements of the Act. This mean website operators that allow users to submit or post content must designate an agent to receive this notice and provide the contact information to the Copyright Office. This also means that upon notification of claimed infringement, website operators must promptly remove, or disable access to, the material in question.
2016 Revised Electronic DMCA Agent Registration
Late in 2016, an amendment was made to the DMCA requiring electronic registration (or re-registration) of an ISP’s designated agent. Many ISPs believed that their prior “paper” registration would satisfy the new requirement. This is not the case. ISPs must register (or re-register) electronically with the U.S. Copyright Office even if previously registered via paper application prior to January 1st, 2018. Failing to do so can jeopardize DMCA safe harbor immunity. As the defendant in Cox Communications found out the hard way after the jury awarded the plaintiff $25M, this mistake can be costly. The registration fee is only $6.
What Are The Renewal Requirements?
An ISP’s designation will expire and become invalid three years after it is registered unless the service provider renews the designation with the Copyright Office by either amending it to correct or update all relevant information or re-submitting it without amendment to confirm nothing has changed.
2. All service providers must include a DMCA Policy on their website.
Under Section 512 of the Act, service providers must include designated agent contact information on their website along with complying with the ‘Notice-and-Takedown’ requirements of the Act. Among other items, this policy should state your website’s intent to comply with the DMCA Notice and Takedown requirements, provide agent contact information and should provide a mechanism for Counter-Notice and Put-back, as required under the DMCA Act. This policy should be available on a separate page by using a prominent link labeled “DMCA” or “DMCA Policy.” This also means that upon notification of any claimed infringement, ISPs must promptly remove, or disable access to, the material in question. ISPs also must include a ‘Counter-Notice and Putback’ mechanism to restore access to any material when a counter-notice contesting the infringement claim is received by any user/content provider.
3. There must be a Repeat Infringers Policy.
The decision in Cox Communications clarifies registration with the Copyright Office is not the only requirement to obtain safe harbor immunity. The court ruled that an ISP was not entitled to DMCA immunity from copyright infringement for third-party postings through its service since it failed to implement a reasonable policy to remove repeat infringers. The DMCA requires website operators to have “adopted and reasonably implemented . . . a policy that provides for the termination in appropriate circumstances of subscribers . . . who are repeat infringers.” 17 U.S.C. § 512(i)(1)(A). The DMCA’s legislative history makes clear that Congress conditioned immunity on ISPs adopting a protocol to deal with repeat infringers.
The policy posted by Cox adopted allowed for 13 violations before being suspended for infringement. Cox also failed to enforce its own policy, letting repeat infringers back to using the service after short suspensions. Presumably, this decision was made based on losing revenue. (Discovery in the case is full of examples showing that Cox Communications had no intention of carrying out its policy and was concerned only with its own revenues.) The evidence in this case essentially showed that the DMCA policy was illusory.
The Court rejected the argument that the DMCA’s repeat-infringer-policy requirement is limited to infringers already found infringing by a court. The Court clarified that neither a lawsuit nor a court decision should be required before an ISP must meaningfully enforce its repeat infringer policy.
4. DMCA Polices must be enforced consistently without deviation in each instance.
This is self explanatory really. If an ISP simply engages in selective enforcement, this inconsistency can certainly come back to haunt them as the Court in Cox Communications demonstrated.
5. Don’t ignore takedown notices.
The plaintiff in Cox Communications, BMG Rights Management, hired a service, Rightscorp, to send takedown notices to ISPs. The record showed that Cox Communications had a practice of ignoring the notices from Rightscorp because the notices contained settlement offers it likely felt was a scheme. This was a factor that the court ultimately felt severed DMCA immunity. The lesson for ISPs is simple: don’t ignore take-down notices and follow your own policy.
6. ISPs cannot have actual knowledge of the infringing content or activity.
This point is pretty obvious-ISPs cannot be aware of facts or circumstances from which infringement is apparent. Along those same lines, ISPs cannot benefit financially from the infringement.
7. ISPs must remove infringing content expediently once notification is received (and no objection is made by the content poster).