Internet legal developments to look out for in 2022

Another instalment of my annual round-up of what is on the horizon for UK internet law [Updated 29 April and 2 November 2022]. It does stray a little beyond our shores, noting some significant EU developments (pre-Brexit habits die hard). As always, it does not include data protection (too big, not really my field).

Draft Online Safety Bill The UK government published its draft Online Safety Bill in May 2021. The Parliamentary Joint Pre-Legislative Scrutiny Committee published its report on the draft Bill on 14 December 2021. A sub-committee of the Commons DCMS Select Committee also published a report on 24 January 2022, as did the Lords Communications and Digital Committee Inquiry on Freedom of Expression Online on 22 July 2021.

The government is expected to introduced a Bill into Parliament by on 17 March 2022. The Bill had its Second Reading on 19 April 2022. Its Report Stage is paused, likely to be recommenced this month.  Among many things for which the draft legislation is notable, its abandonment of the ECD Article 15 prohibition on general monitoring obligations stands out.

EU Digital Services Act The European Commission published its proposals for a Digital Services Act and a Digital Markets Act on 15 December 2020. The proposed Digital Services Act includes replacements for Articles 12 to 15 of the ECommerce Directive.  Following a vote in the European Parliament on 20 January 2022, the proposed legislation will now entered the trilogue stage. Political agreement was reached on 23 April 2022. The final text was published in the Official Journal on 27 October 2022.

Terrorist content The EU Regulation on addressing the dissemination of terrorist content online will come into effect on 7 June 2022.

Erosion of intermediary liability shields by omission One by-product of Brexit is that the UK is no longer bound to implement the conduit, caching and hosting shields provided by the EU eCommerce Directive. The government says that it “is committed to upholding the liability protections now that the transition period has ended”.

However, implementation of that policy requires every new piece of legislation that could impose liability on an intermediary explicitly to include the protections. If that is not done, then, owing to the fact that the original Electronic Commerce Directive Regulations 2002 do not have prospective effect, the protections will not apply to that new source of liability.

Two examples are already progressing though Parliament: the statutory codification of the public nuisance offence in the Policing Bill (which, following Royal Assent, came into force on 26 June 2022), and the electronic election imprints offences in the Elections Bill (Royal Assent 28 April 2022, not yet in force), neither of which includes the conduit, caching and hosting shields.

Such omissions have been known in the past, and were cured by statutory instrument under the European Communities Act 1972. That option is no longer available. As time goes on, accretion of such omissions in new legislation will gradually erode the intermediary protections to which the government is committed.

Law Commission Reports The Law Commission has issued two Reports making recommendations that are relevant to online speech. The first is its Report on Reform of the Communications Offences (notably, recommending replacing S.127 Communications Act 2003 and  the Malicious Communications Act 1988 with a new harm-based offence). The second report is on Hate Crime Laws. The recommendations on communications offences, at least, are being considered for incorporation have been included in the Online Safety Bill.

Copyright The Polish government’s challenge to Article 17 (Poland v Parliament and Council, Case C-401/19) is pending was decided on 26 April 2022. Poland argued that Article 17 makes it necessary for OSSPs, in order to avoid liability, to carry out prior automatic filtering of content uploaded online by users, and therefore to introduce preventive control mechanisms. It contended that such mechanisms undermine the essence of the right to freedom of expression and information and do not comply with the requirement that limitations imposed on that right be proportionate and necessary.

The Advocate-General’s Opinion was delivered on 15 July 2021. It was something of an Opinion of Solomon: recommending that the challenge be rejected, but only on the basis that the Directive is implemented in a way that minimises false positives. The Advocate General also, in a postscript, challenged aspects of the Article 17 guidance issued by the Commission subsequent to the drafting of the Opinion. The judgment largely followed the Opinion, dismissing the challenge but on the basis of an interpretation of Article 17 that included strict safeguards against removal of lawful content.

Policing Bill The Police, Crime, Sentencing and Courts Bill has ignited significant controversy over its impact on street protests, including through its statutory codification of the common law offence of public nuisance. The potential application of the new statutory offence to online speech, however, has gone virtually unnoticed.  

Product Security and Telecommunications Infrastructure Bill An honourable mention for this Bill: a framework for imposing all kinds of security requirements on (among other things) internet-connectable products.

Back from the dead? The Digital Economy Act 2017 The non-commencement of the age verification provisions of the Digital Economy Act 2017 has long been a source of controversy. In November 2021 the High Court gave permission to two members of the public to commence judicial review proceedings. This may now in practice have been overtaken by the inclusion of pornography sites in the Online Safety Bill.

Cross-border data access The US and the UK signed a Data Access Agreement on 3 October 2019, providing domestic law comfort zones for service providers to respond to data access demands from authorities located in the other country. No announcement has yet been made that Agreement has entered into operation. It came into force on 3 October 2022.

The Second Additional Protocol to the Convention on Cybercrime on enhanced co-operation and disclosure of electronic evidence is was open for signature from 12 May 2022 and presented to the UK Parliament in July 2022.

State communications surveillance The kaleidoscopic mosaic of cases capable of affecting the UK’s Investigatory Powers Act 2016 (IP Act) continues to reshape itself. In this field CJEU judgments will continue to be relevant in principle, since they form the backdrop to future reviews of the European Commission’s June 2021 UK data protection adequacy decision.

Domestically, Liberty has a pending judicial review of the IP Act bulk powers and data retention powers. Some EU law aspects (including bulk powers) were stayed pending the Privacy International reference to the CJEU. Those aspects are now proceeding and, according to Liberty, are likely to be in court in early 2022. The Divisional Court rejected the claim that the IP Act data retention powers provide for the general and indiscriminate retention of traffic and location data, contrary to EU law. That point may in due course come before the Court of Appeal. The Divisional Court gave judgment on the stayed aspects on 24 June 2022. Liberty's claims were rejected except for one aspect concerning the need for prior independent authorisation for access to some retained data. 

Investigatory Powers Act review The second half of 2022 will see the Secretary of State preparing the report on the operation of the IP Act required under Section 260 of the Act.

Electronic transactions The pandemic focused attention on legal obstacles to transacting electronically and remotely. Whilst uncommon in commercial transactions, some impediments do exist and, in a few cases, were temporarily relaxed. That may pave the way for permanent changes in due course.

Although the question typically asked is whether electronic signatures can be used, the most significant obstacles tend to be presented by surrounding formalities rather than signature requirements themselves. A case in point is the physical presence requirement for witnessing deeds, which stands in the way of remote witnessing by video or screen-sharing. The Law Commission Report on Electronic Execution of Documents recommended that the government should set up an Industry Working Group to look at that and other issues. The Working Group has now been formed. It issued an Interim Report on 1 February 2022.

[Updated 29 April 2022 and 2 November 2022.]

Internet legal developments to look out for in 2021

Seven years ago I started to take an annual look at what the coming year might hold for internet law in the UK. This exercise has always, perforce, included EU law. With Brexit now fully upon us future developments in EU law will no longer form part of UK law. Nevertheless, they remain potentially influential: not least, because the 2018 EU Withdrawal Act provides that UK courts may have regard to anything relevant done by the CJEU, another EU entity or the EU after 31 December. In any case I am partial to a bit of comparative law. So this survey will continue to keep significant EU law developments on its radar.

What can we expect in 2021?

Copyright

Digital Single Market EU Member States are due to implement the Digital Copyright Directive by 7 June 2021. This includes the so-called snippet tax (the press publishers’ right) and the Article 17 rules for online sharing service providers (OSSPs). The UK is not obliged to implement the Directive and has said that it has no plans to do so. Any future changes to the UK copyright framework will be “considered as part of the usual domestic policy process”.

The Polish government’s challenge to Article 17 (Poland v Parliament and Council, Case C-401/19) is pending. Poland argues that Article 17 makes it necessary for OSSPs, in order to avoid liability, to carry out prior automatic filtering of content uploaded online by users, and therefore to introduce preventive control mechanisms. It contends that such mechanisms undermine the essence of the right to freedom of expression and information and do not comply with the requirement that limitations imposed on that right be proportionate and necessary.

Linking and communication to the public The UK case of Warner Music/Sony Music v TuneIn is due to come before the Court of Appeal early in 2021.

Pending CJEU copyright cases Several copyright references are pending before the EU Court of Justice.

The YouTube and Uploaded cases (C-682/18 Peterson v YouTube and C-683/18 Elsevier v Cyando) referred from the German Federal Supreme Court include questions around the communication to the public right, as do C-392/19 VG Bild-Kunst v Preussischer Kulturbesitz (Germany, BGH), C-442/19 Brein v News Service Europe (Netherlands, Supreme Court) and C-597/19 Mircom v Telenet (Belgium). Advocate General Opinions have been delivered in YouTube/Cyando, VG Bildt-Kunst and Mircom.

YouTube/Cyando and Brein v News Service Europe also raise questions about copyright injunctions against intermediaries, as does C-500/19 Puls 4 TV.

Linking, search metadata and database right

C-762/19 CV-Online Latvia is a CJEU referral from Riga Regional Court concerning database right. The defendant search engine finds websites that publish job advertisements and uses hyperlinks to redirect users to the source websites, including that of the applicant. The defendant’s search results also include information - hyperlink, job, employer, geographical location of the job, and date – obtained from metatags on the applicant’s website published as Schema.org microdata. The questions for the CJEU are whether (a) the use of a hyperlink constitutes re-utilisation and (b) the use of the metatag data constitutes extraction, for the purposes of database right infringement.

Online intermediary liability

The UK government published its Full Consultation Response to the Online Harms White Paper on 15 December 2020, paving the way for a draft Online Safety Bill in 2021. The government has indicated that the draft Bill will be subject to pre-legislative scrutiny.

The German Federal Supreme Court has referred two cases (YouTube and Cyando – see above) to the CJEU asking questions about (among other things) the applicability of the ECommerce Directive hosting protections to UGC sharing sites. The Advocate General’s Opinion in these cases has been published.

Brein v News Service Europe and Puls 4 TV (see above for both) also ask questions around the Article 14 hosting protection, including whether it is precluded if communication to the public is found.

The European Commission published its proposals for a Digital Services Act and a Digital Markets Act on 15 December 2020. The proposed Digital Services Act includes replacements for Articles 12 to 15 of the ECommerce Directive.  The proposals will now proceed through the EU legislative process.

The European Commission’s Proposal for a Regulation on preventing the dissemination of terrorist content online is nearing the final stages of its legislative process, the Council and Parliament having reached political agreement on 10 December 2020. The proposed Regulation is notable for requiring one hour takedown response times and also for proactive monitoring obligations - potentially derogating from the ECommerce Directive Article 15 prohibition on imposing general monitoring obligations on conduits, caches and hosts.

The prospect of a post-Brexit UK-US trade agreement has prompted speculation that such an agreement might require the UK to adopt a provision equivalent to the US S.230 Communications Decency Act. However, if the US-Mexico-Canada Agreement precedent were adopted in such an agreement, that would appear not to follow (as explained here).

Cross-border 

The US and the UK signed a Data Access Agreement on 3 October 2019, providing domestic law comfort zones for service providers to respond to data access demands from authorities located in the other country. No announcement has yet been made that Agreement has entered into operation. The Agreement has potential relevance in the context of a post-Brexit UK data protection adequacy decision by the European Commission.

Discussions continue on a Second Protocol to the Cybercrime Convention, on evidence in the cloud.

State surveillance of communications

The kaleidoscopic mosaic of cases capable of affecting the UK’s Investigatory Powers Act 2016 (IP Act) continues to reshape itself. In this field CJEU judgments remain particularly relevant, since they form the backdrop to any data protection adequacy decision that the European Commission might adopt in respect of the UK post-Brexit. The recently agreed UK-EU Trade and Co-operation Agreement provides a period of up to 6 months for the Commission to propose and adopt an adequacy decision.

Relevant CJEU judgments now include, most recently, Privacy International (Case C-623/17), La Quadrature du Net (C-511/18 and C-512/18), and Ordre des barreaux francophones et germanophone (C-520/18) (see discussion here and here).

Domestically, Liberty has a pending judicial review of the IP Act bulk powers and data retention powers. Some EU law aspects (including bulk powers) were stayed pending the Privacy International reference to the CJEU. The Divisional Court rejected the claim that the IP Act data retention powers provide for the general and indiscriminate retention of traffic and location data, contrary to EU law. That point may in due course come before the Court of Appeal.

In the European Court of Human Rights, Big Brother Watch and various other NGOs challenged the pre-IP Act bulk interception regime under the Regulation of Investigatory Powers Act (RIPA). The ECtHR gave a Chamber judgment on 13 September 2018. That and the Swedish Rattvisa case were subsequently referred to the ECtHR Grand Chamber and await judgment. If the BBW Chamber judgment had become final it could have affected the IP Act in as many as three separate ways.

In response to one of the BBW findings the government has said that it will introduce ‘thematic’ certification by the Secretary of State of requests to examine bulk secondary data of individuals believed to be within the British Islands.

Software - goods or services?

Judgment is pending in the CJEU on a referral from the UK Supreme Court asking whether software supplied electronically as a download and not on any tangible medium constitutes goods and/or a sale for the purposes of the Commercial Agents Regulations (C-410/19 Computer Associates (UK) Ltd v The Software Incubator Ltd). The Advocate General’s Opinion was delivered on 17 December 2020.

Law Commission projects

The Law Commission has in train several projects that have the potential to affect online activity.

It is expected to make recommendations on reform of the criminal law relating to Harmful Online Communications in early 2021. The government has said that it will consider, where appropriate, implementing the Law Commission’s final recommendations through the forthcoming Online Safety Bill. The Law Commission issued a consultation paper in September 2020 (consultation closed 18 December 2020).

The Law Commission has also issued a Consultation Paper on Hate Crime Laws, which while not specifically focused on online behaviour inevitably includes it (consultation closed 24 December 2020).

It has recently launched a Call for Evidence on Smart Contracts (closing 31 March 2021) and is also in the early stages of a project on Digital Assets.

Electronic transactions

The pandemic has focused attention on legal obstacles to transacting electronically and remotely. Whilst uncommon in commercial transactions, some impediments do exist and, in a few cases, have been temporarily relaxed. That may pave the way for permanent changes in due course.

Although the question typically asked is whether electronic signatures can be used, the most significant obstacles tend to be presented by surrounding formalities rather than signature requirements themselves. A case in point is the physical presence requirement for witnessing deeds, which stands in the way of remote witnessing by video or screen-sharing. The Law Commission Report on Electronic Execution of Documents recommended that the government should set up an Industry Working Group to look at that and other issues.

Data Protection 

Traditionally this survey does not cover data protection (too big, and a dense specialism in its own right). On this occasion, however, the Lloyd v Google appeal pending in the UK Supreme Court should not pass without notice.

ePrivacy

EU Member States had to implement the Directive establishing the European Electronic Communications Code (EECD) by 21 December 2020. The Code brings ‘over the top’ messaging applications into the scope of ‘electronic communications services’ for the purpose of the EU telecommunications regulatory framework. As a result, the communications confidentiality provisions of the ePrivacy Directive also came into scope, affecting practices such as scanning to detect child abuse images. In order to enable such practices to continue, the European Commission proposed temporary legislation derogating from the ePrivacy Directive prohibitions. The proposed Regulation missed the 21 December deadline and continues through the EU legislative process.

Meanwhile there is as yet no conclusion to the long drawn out attempt to reach consensus on a proposed replacement for the ePrivacy Directive itself. 

[Updated 29 December 2020 to add sections on Data Protection and ePrivacy.] 

Internet legal developments to look out for in 2019

A bumper crop of pending litigation and legislative initiatives for the coming year (without even thinking about Brexit).

EU copyright reform

-         The proposed Directive on Copyright in the Digital Single Market is currently embroiled in trialogue discussions between Commission, Council and Parliament. It continues to excite controversy over the publishers’ ancillary right and the clash between Article 13 and the ECommerce Directive's intermediary liability provisions. [Directive adopted on 15 April 2019. Implementation by Member States due 24 months after publication in the Official Journal.]

-         Political agreement was reached on 13 December 2018 to a Directive (originally proposed as a Regulation) extending the country of origin provisions of the Satellite and Cable Broadcasting Directive to online radio and news broadcasts. Formal approval of a definitive text should follow in due course. [The Directive was adopted on 15 April 2019.]

EU online business The European Commission has proposed a Regulation on promoting fairness and transparency for business users of online intermediation services. It would lay down transparency and redress rules for the benefit of business users of online intermediation services and of corporate website users of online search engines. The legislation would cover online marketplaces, online software application stores, online social media and search engines. The Council of the EU reached a common position on the draft Regulation on 29 November 2018. [The Parliament and Council reached political agreement on the proposed Regulation on 12 April 2019.]

Telecoms privacy The proposed EU ePrivacy Regulation continues to make a choppy voyage through the EU legislative process.

Intermediary liability The UK government has published its Internet Safety Strategy Green Paper, the precursor to a White Paper to be published in winter 2018-2019 which will include intermediary liability, duties and responsibilities. In parallel the House of Lords Communications Committee is conducting an inquiry on internet regulation, including intermediary liability. A House of Commons Committee examining Disinformation and Fake News has also touched on the topic. Before that the UK Committee on Standards in Public Life suggested that Brexit presents an opportunity to depart from the intermediary liability protections of the ECommerce Directive. [The government published its Online Harms White Paper on 8 April 2019.]

On 12 September 2018 the European Commission published a Proposal for a Regulation on preventing the dissemination of terrorist content online. This followed its September 2017 Communication on Tackling Illegal Content Online and March 2018 Recommendation on Measures to Effectively Tackle Illegal Content Online. It is notable for one hour takedown response times and the ability for Member States to derogate from the ECommerce Directive Article 15 prohibition on imposing general monitoring obligations on conduits, caches and hosts.

The Austrian Supreme Court has referred to the CJEU questions on whether a hosting intermediary can be required to prevent access to similar content and on extraterritoriality (C-18/18 - Glawischnig-Piesczek). The German Federal Supreme Court has referred two cases (YouTube and Uploaded) to the CJEU asking questions about (among other things) the applicability of the ECommerce Directive intermediary protections to UGC sharing sites.

Pending CJEU copyright cases Several copyright references are pending in the EU Court of Justice. Issues under consideration include whether the EU Charter of Fundamental Rights can be relied upon to justify exceptions or limitations beyond those in the Copyright Directive (Spiegel Online GmbH v Volker Beck, C-516/17;  Funke Medien (Case C-469/17) (Advocate General Opinion 25 October 2018 here) and Pelham Case 476/17) (Advocate General Opinion 12 December 2018 here); and whether a link to a PDF amounts to publication for the purposes of the quotation exception (Spiegel Online GmbH v Volker Beck, C-516/17). The Dutch Tom Kabinet case on secondhand e-book trading has been referred to the CJEU (Case C-263/18). The YouTube and Uploaded cases pending from the German Federal Supreme Court include questions around the communication to the public right.

Online pornography The Digital Economy Act 2017 grants powers to a regulator (subsequently designated to be the British Board of Film Classification) to determine age control mechanisms for internet sites that make ‘R18’ pornography available; and to direct ISPs to block such sites that either do not comply with age verification or contain material that would not be granted an R18 certificate. The process of putting in place the administrative arrangements is continuing. [The regime will come into force on 15 July 2019.]

Cross-border liability and jurisdiction The French CNIL/Google case on search engine de-indexing has raised significant issues on extraterritoriality, including whether Google can be required to de-index on a global basis. The Conseil d'Etat has referred various questions about this to the CJEU [Case C-507/17; Advocate General Opinion delivered 10 January 2019]. C-18/18 Glawischnig-Piesczek, a reference from the Austrian Supreme Court, also raises territoriality questions in the context of Article 15 of the ECommerce Directive.

In the law enforcement field the EU has proposed a Regulation on EU Production and Preservation Orders (the ‘e-Evidence Regulation’) and associated Directive that would set up a regime for some cross-border requests direct to service providers. The UK has said that it will not opt in the Regulation. US-UK bilateral negotiations on direct cross-border access to data are continuing'. The Crime (Overseas Production Orders) Bill, which would put in place a mechanism enabling UK authorities to make cross-border requests under such a bilateral agreement is progressing through Parliament and received Royal Assent on 12 February 2019]. [Meanwhile discussions continue on a Second Protocol to the Cybercrime Convention, on evidence in the cloud]

Online state surveillance The UK’s Investigatory Powers Act 2016 (IP Act), has come almost completely into force, including amendments following the Watson/Tele2 decision of the CJEU. However the arrangements for a new Office for Communications Data Authorisation to approve requests for communications data have yet to be put in place.

Meanwhile a pending reference to the CJEU from the Investigatory Powers Tribunal raises questions as to whether the Watson decision applies to national security, and if so how; whether mandatorily retained data have to be held within the EU; and whether those whose data have been accessed have to be notified.

Liberty has a pending judicial review of the IP Act bulk powers and data retention powers, due to resume in June 2019. It has been granted permission to appeal to the Court of Appeal on the question whether the data retention powers constitute illegitimate generalised and indiscriminate retention.

The IP Act (in particular the bulk powers provisions) may be indirectly affected by cases in the CJEU (challenges to the EU-US PrivacyShield and to the Belgian communications data retention regime), in the European Court of Human Rights (in which Big Brother Watch and various other NGOs challenge the existing RIPA bulk interception regime) and by an attempted judicial review by Privacy International of an Investigatory Powers Tribunal decision on equipment interference powers.

The ECtHR gave a Chamber judgment in the BBW case on 13 September 2018. If the judgment had becomes final it could have affected the IP Act in as many as three separate ways. However the NGOs successfully have lodged an appliedcation for the judgment to be referred to the ECtHR Grand Chamber, as did the applicants in the Swedish Rattvisa case, in which judgment was given on 19 June 2018. The two cases are therefore now pending before the Grand Chamber.

In the Privacy International equipment interference case, the Court of Appeal held that the Investigatory Powers Tribunal decision was not susceptible of judicial review.  [On further appeal the Supreme Court held on 15 May 2019 that the IPT decision was susceptible of judicial review. The litigation will now continue.]

Compliance of the UK’s surveillance laws with EU Charter fundamental rights will be a factor in any data protection adequacy decision that is sought once the UK becomes a non-EU third country post-Brexit.

[Here is an updated mindmap of challenges to the UK surveillance regime:]

[Software - goods or services? Pending appeal to UK Supreme Court as to whether software supplied electronically as a download and not on any tangible medium is goods for the purposes of the Commercial Agents Regulations. Computer Associates (UK) Ltd v The Software Incubator Ltd Hearing  28 March 2019.]

[Updated 28 Dec 2018 to add due date of AG Opinion in Google v CNIL, 2 January 2019 to add the CJEU reference on the Belgian communications data retention regime and the pending Supreme Court decision on ouster; 4 Jan 2019 to add the AG Opinion in Pelham; 14 Jan 2019 to add Rattvisa application to refer to ECtHR Grand Chamber; 15 Jan 2019 to add AG Opinion in Google v CNIL and Computer Associates v Software Incubator appeal; 16 Jan 2019 to add Cybercrime Convention; 14 May 2019, various updates; 21 May 2019, updated to add result of Privacy International Supreme Court appeal and update mindmap.] 

Cyberleagle Christmas Quiz

[Updated with answers, 1 January 2018]

15 questions to illuminate the festive season. Answers in the New Year. (Remember that this is an English law blog). 

Tech teasers 

1. How many data definitions does the Investigatory Powers Act 2016 (IP Act) contain?

Twenty-one: Communications data, Relevant communications data, Entity data, Events data, Internet connection record, Postal data, Private information, Secondary data, Systems data, Related systems data, Equipment data, Overseas-related equipment data, Identifying data, Target data, Authorisation data, Protected data, Personal data, Sensitive personal data, Targeted data, Content, and Data. 

2. A technical capability notice (TCN) under the IP Act could prevent a message service from providing end to end encryption to its users. True, False or Maybe?

Maybe. A TCN could require the provider to have a capability to remove electronic protection applied by it if, among other things, that is technically feasible. The most significant question is whether the message service provider is regarded as itself applying the E2E encryption. If so, then a TCN could possibly be used to require such a provider to adopt a different model. If the user is regarded as applying the encryption then a TCN could not be used. 

3. Under the IP Act a TCN requiring installation of a permanent equipment interference capability could be served on a telecommunications operator but not a device manufacturer. True, False or Maybe?

True. Device manufacturers are outside the scope of TCNs. If a device manufacturer provides a telecommunications service (for instance where a phone manufacturer also provides its own messaging service) then it could be within scope, but only for its telecommunications service activities. 

4. Who made a hash of a hashtag?

In an interview in March 2017 Home Secretary Amber Rudd famously referred to the need for assistance from those who ‘understand the necessary hashtags’.  A week later a Home Office Minister explained that she had intended to refer to image hashing, not hashtags. So strictly speaking she made a hashtag of a hash.

Brave new world

5. Who marked the new era of post-Snowden transparency by holding a private stakeholder-only consultation on a potentially contentious IP Act draft Statutory Instrument?

As required by the IP Act the Home Secretary consulted various specified stakeholders on draft technical capability regulations (see 2 and 3 above) prior to laying them before Parliament for approval. The consultation was conducted privately, excluding the general public and civil society groups. However the Open Rights Group obtained and published a copy of the draft regulations.

6. Who received an early lesson in the independence of the new Investigatory Powers Commissioner?

GCHQ. Its November 2017 approach to the Investigatory Powers Commissioner to discuss the possibility of a protocol for reducing evidential issues in Investigatory Powers Tribunal or other cases was politely but firmly rebuffed. 

The penumbra of ECJ jurisdiction
  
7. The EU Court of Justice (CJEU) judgment in Watson/Tele2 was issued 22 days after the IP Act received Royal Assent. How long elapsed before the Home Office published proposals to amend the Act to take account of the decision?

344 days. The Consultation was published on 30 November 2017.

8. The Investigatory Powers Tribunal has recently made a referral to the CJEU. What is the main question that the CJEU will have to answer about the scope of its Watson decision?  

Paraphrased, the main question is whether national security is excluded from the Watson decision as being outside the scope of EU law.

9. What change was made in the IP Act’s bulk powers, compared with S.8(4) RIPA, that would render the CJEU’s Q.8 answer especially significant?

In the IP Act the purposes for which the bulk powers may be exercised are all framed by reference to national security. In RIPA (as amended by DRIPA 2014) the serious crime purpose does not have to be related to national security. 

10. After Brexit we won't need to worry about CJEU surveillance judgments, even if we exit the EU with no deal. True, False or Maybe? 

False, at least if the UK wishes to have a data protection adequacy determination that would enable EU countries to transfer personal data to the UK. As the USA discovered in Schrems, a third country’s surveillance regime can be a significant factor in an adequacy determination.

Copyright offline and online

11. Tweeting a link to infringing material is itself an infringement of copyright. True, False or Maybe?  

Maybe, depending on whether (a) you know that the material is infringing; or (b) you are linking for financial gain, in which case you would be rebuttably presumed to know. This is the result of the CJEU’s decision in GS Media.

12. Reading an infringing copy of a paper book is not copyright infringement. Viewing an infringing copy online is. True, False or Maybe?

True, at least if what you do online is sufficiently deliberate and knowing.  EU copyright law treats screen and buffer copies as engaging the reproduction right. The CJEU in Filmspeler held that the user of a multimedia player add-on containing links to infringing movies infringed the reproduction right by viewing an infringing copy accessed via the link.  This was because, as a rule, the purchaser of such a player deliberately and in full knowledge of the circumstances accessed a free and unauthorised offer of protected works. This took the activity outside the Copyright Directive’s exception for transient and temporary copies. The same reasoning can be applied to an online book.

13. Whereas selling a set-top box equipped with PVR facilities is legal, providing a cloud-based remote PVR service infringes copyright. True, False or Maybe?

True. Established by the CJEU in VCAST, 29 November 2017.

14. Format-shifting infringes copyright. True, False or Maybe?

True.  Seven years after the Hargreaves Review identified this as an aspect of copyright that puts the law into confusion and disrepute, format shifting remains an infringement.

15. Illegal downloading is a crime. True, False or Maybe?

False. A user who downloads without the permission of the copyright owner commits a civil infringement of copyright, but without more that is not a crime.  In 2014 PIPCU (the Police Intellectual Property Crime Unit) deployed replacement website ads proclaiming that ‘Illegal downloading is a crime’. PIPCU later explained this on the basis that “Downloading falls within s.45 of the Serious Crime Act 2007 if it encourages s.107 CDPA 1988 offences”.