DMCA Safe Harbor Requirements
Internet service providers must follow the DMCA safe harbor requirements to enjoy protection from user copyright infringement claims. The Digital Millennium Copyright Act (or “DMCA”) is a law that blog, chat room or other interactive website operators must understand. Internet service providers (ISPs) generally have protection under the DMCA safe harbor provision from copyright infringement liability for third-party content.
ISPs include website host providers, search engines, blogs, forums and other online service providers. For DMCA safe harbor purposes, an ISP is a provider of one of the following categories of services:
- Transitory communications– facilitating data or content that is merely transmitted or routed; provided an automatic, technical process is used without the ability to select or edit the content or data. If an ISP is able to choose what content is shown to some extent, or modify the content, the exemption will not be available. Most service providers don‟t fall under this narrowly defined category.
- System caching– temporary storage of unmodified data made available by a third-party on a system or network controlled or operated by or for the ISP, done in the form of “caching”.
- Storage of content-operating a system or network controlled or operated by or for the ISP (i.e. hosting websites or forums allowing users to post content). Under the “storage” exemption, the ISP may be exempt if it does not have knowledge of an infringement (or is not aware of facts or circumstances from which infringing activity might be apparent) and does not have the right and ability to control the infringing activity.
- Information location tools such as search engines, directories, indexes, etc. Under this exemption, in order to qualify the provider must lack the requisite knowledge or ability to control the material, or cannot receive financial benefit from the infringing activity if it does have the right to control the content. It must also take down any infringing materials immediately upon notification.
However, DMCA safe harbor copyright immunity doesn’t arise automatically and can be forfeited once obtained. ISPs should revisit the following important lessons to ensure it meets the DMCA safe harbor requirements.
1. ISPs must designate a DMCA agent with the U.S. Copyright Office.
Under Section 512 of the Act, ISPs must designate an agent to receive notice of any infringement claims and register the agent’s contact information with the U.S. Copyright Office (a DMCA Registration). Service providers must also include this information on their website along with complying with the ‘Notice-and-Takedown’ requirements of the Act. This mean website operators that allow users to submit or post content must designate an agent to receive this notice and provide the agent contact information to the Copyright Office. Contact information includes the agent’s name (or department if not an individual), address, phone number and email address.
2016 Revised Electronic DMCA Agent Registration
Late in 2016, an amendment was made to the DMCA requiring electronic registration (or re-registration) of an ISP’s designated agent. Many ISPs believed that their prior “paper” registration would satisfy the new requirement. This is not the case. ISPs must register (or re-register) electronically with the U.S. Copyright Office even if previously registered via paper application prior to January 1st, 2018. Failing to do so can jeopardize DMCA safe harbor immunity. As the defendant in Cox Communications found out the hard way after the jury awarded the plaintiff $25M due to willful contributory copyright infringement, this mistake can be very costly. The registration fee is only $6.
What Are The DMCA Agent Renewal Requirements?
An ISP’s designation will expire and become invalid three years after it is registered unless the service provider renews the designation with the Copyright Office by either amending it to correct or update all relevant information or re-submitting it without amendment to confirm nothing has changed.
2. ISPs must include a DMCA Policy on their website.
Under Section 512 of the Act, service providers must include designated agent contact information on their website or app along with complying with the ‘Notice-and-Takedown’ requirements of the Act. Among other items, this policy should state your website’s intent to comply with the DMCA Notice and Takedown requirements, provide agent contact information and should provide a mechanism for Counter-Notice and Put-back, as required under the DMCA Act. This policy should be available on a separate page by using a prominent link labeled “DMCA” or “DMCA Policy.” This also means that upon notification of any claimed infringement, ISPs must promptly remove, or disable access to, the material in question. ISPs also must include a ‘Counter-Notice and Putback’ mechanism to restore access to any material when a counter-notice contesting the infringement claim is received by any user/content provider.
3. There must be a Repeat Infringers Policy.
The decision in Cox Communications clarifies registration with the Copyright Office is not the only requirement to obtain safe harbor immunity. The court ruled that an ISP was not entitled to DMCA immunity from copyright infringement for third-party postings through its service since it failed to implement a reasonable policy to remove repeat infringers. The DMCA requires website operators to have “adopted and reasonably implemented . . . a policy that provides for the termination in appropriate circumstances of subscribers . . . who are repeat infringers.” 17 U.S.C. § 512(i)(1)(A). The DMCA’s legislative history makes clear that Congress conditioned immunity on ISPs adopting a protocol to deal with repeat infringers.
The policy posted by Cox adopted allowed for 13 violations before being suspended for infringement. Cox also failed to enforce its own policy, letting repeat infringers back to using the service after short suspensions. Presumably, this decision was made based on losing revenue. (Discovery in the case is full of examples showing that Cox Communications had no intention of carrying out its policy and was concerned only with its own revenues.) The evidence in this case essentially showed that the DMCA policy was illusory. The Fourth Circuit rejected the argument that the DMCA’s repeat-infringer-policy requirement is limited to infringers already found infringing by a court. The Court also clarified that neither a lawsuit nor a court decision should be required before an ISP must meaningfully enforce its repeat infringer policy.
MP3 loses its DMCA Safe Harbor Shield in 2020
In a decision that builds upon the Cox Communications ruling, the Second Circuit Appeals Court decided MP3Tunes, LLC lost its immunity under the safe harbor provision in EMI Christian Music Group Inc. et al. v. MP3tunes, LLC, 844 F.3d 79 (2d Cir. 2016). Several record companies and music publishers sued MP3tunes and its CEO, alleging that two of its internet music services infringed their copyrights in thousands of sound recordings and musical compositions by allowing its users to upload and store songs.
The district court earlier ruled, in part, that MP3tunes qualified for the DMCA’s safe harbor protection and had reasonably implemented a repeat infringer policy. But, the Second Circuit overturned that decision in October 2020. The Second Circuit thought that the lower court the definition of a repeat infringer should not be limited to those who willfully infringe copyrights. While noting the DMCA doesn’t explicitly define a repeat infringer, it said that the legislative history of the law “indicates that a ‘repeat infringer’ does not need to know of the infringing nature of its online activities, or to upload rather than download content.”
In order to follow the DMCA safe harbor requirements, the Second Circuit in this case stated there is no “amorphous” duty on a service provider to actively monitor or act on only a “generalized awareness” of infringement. The copyright owner must show the service provider had knowledge of the infringement (or of facts and circumstances from which infringing activity was obvious) and failed to take down the infringing matter. “In other words, a copyright owner must point to a defendant’s ‘actual knowledge or awareness of facts or circumstances that indicate specific and identifiable instances of infringement.” Based on this rule, the court affirmed the jury verdict against MP3tunes with respect to its knowledge and willful blindness.
4. DMCA Polices must be enforced consistently in each instance.
This is self explanatory really. If an ISP simply engages in selective enforcement, this inconsistency can certainly come back to haunt them as the Court in Cox Communications demonstrated.
5. Don’t ignore takedown notices.
The plaintiff in Cox Communications hired a service, Rightscorp, to send takedown notices to ISPs. The record showed that Cox Communications had a practice of ignoring the notices from Rightscorp because the notices contained settlement offers it likely felt was a scheme. This was a factor that the Fourth Circuit Court ultimately felt severed DMCA immunity. The lesson for ISPs is simple: don’t ignore take-down notices and follow your own policy.
What if you receive a notice and it doesn’t contain each bit of information?
Most ISPs are (and generally should be) flexible and accept the filing if it generally complies. ISPs receive immunity by following the compliance procedure, so it simply not worth the risk of losing DMCA immunity by refusing to comply.
ISPs should keep a record of an email address for all people who leave comments or posts should be kept. Make sure to include the complaint in the message so the user can view the claim. In the vast majority of cases, this will end the compliance process. Most users who post allegedly infringing content don’t realize they are breaking the law. When alerted to this fact, they will almost always panic and either apologize or not respond at all.
6. ISPs cannot have actual knowledge of the infringing content or activity.
This point is pretty obvious-ISPs cannot be aware of facts or circumstances from which infringement is apparent. Along those same lines, ISPs cannot benefit financially from the infringement.
7. ISPs must remove infringing content expediently once notification is received (and no objection is made by the content poster).
The Cox Communications and MP3tunes decisions have clarified that the burden is squarely on ISPs to develop an internal mechanism to combat infringement.
8. Forward Any DMCA Counter-Notices
What if a user does respond? Do they have any rights under the DMCA? Yes. The user has the right to challenge the takedown notice by filing a “counter-notice.” In the notice, the user states that the copyright owner has made a mistake in submitting a complaint. The counter-notice must be a written communication provided to the designated agent that includes substantially the following:
- A physical or electronic signature of the subscriber.
- Identification of the material that has been removed or to which access has been disabled and the location at which the material appeared before it was removed or access to it was disabled.
- A statement under penalty of perjury that the subscriber has a good faith belief that the material was removed or disabled as a result of mistake or misidentification of the material to be removed or disabled.
- The subscriber’s name, address, and telephone number, and a statement that the subscriber consents to the jurisdiction of Federal District Court for the judicial district in which the address is located, or if the subscriber’s address is outside of the United States, for any judicial district in which the service provider may be found, and that the subscriber will accept service of process from the person who provided notification under subsection (c)(1)(C) or an agent of such person.
Once an ISP receives a counter-notice, it must forward it to the copyright owner using the email address used to contact the agent. The notice must contain a statement indicating that the ISP will repost the content on the subject website or app in 10 to 14 days. An ISP must do this unless it receives a court order or lawsuit from the copyright owner.
Following the DMCA safe harbor requirements affords an ISP with immunity from copyright infringement liability. Deviating from these requirements can end up resulting in a costly jury verdict.