Counting Chromosomes
A blog of random musings on genealogy, genetics, science, and history

There is no such thing as an "international copyright" that will automatically protect an author's writings throughout the world. Protection against unauthorized use in a particular country depends on the national laws of that country. However, most countries offer protection to foreign works under certain conditions that have been greatly simplified by international copyright treaties and conventions.
     —the United States Copyright Office

Handcuffed at Keyboard

Just as we were all getting over the serious and painful surgery on May 25 that was enactment of the GDPR (General Data Protection Regulation), we have a new issue on the immediate horizon. Just three days from now, June 20-21, at the European Parliament meeting in Brussels, up for an initial vote on plenary approval is the controversial "Directive on Copyright in the Digital Single Market," EU Interinstitutional File: 2016/0280 (COD).

In particular, Chapter 2, Article 13 (pages 56 through 60 of the 66-page proposal) is drawing not only ire, but some dire warnings from many open-information notables like Wikipedia's Jimmy Wales; the Worldwide Web's creator, Sir Tim Berners-Lee; and Brewster Kahle, founder of the Internet Archive and Alexa. In essence, Article 13 says, among other things, that providers of web services are responsible for screening everything people post online to make certain none of it infringes on copyrighted material.

Let that sink in for just a moment. At issue is not copyright protection or protecting the rights of the original creator of works. At issue is that Article 13 would have the website owner/maintainer responsible—and liable—for screening everything people post onto their sites to make certain none of it is a potential infringement of copyright.

And let's be clear, international copyright, rights and permissions, and intellectual property law is not simple, straightforward matter. Attorneys who deal with it are specialists and few organizations—certainly not small and midsize operations—have such specialists on staff. Even when the matter may seem straightforward to the logical person, and one contained completely within the United States, it may take years and a trip to a federal appeals court to straighten out. Witness the strange case of a company called Righthaven that was created solely to slap copyright infringement lawsuits on people who were never culpable. The company, termed a "copyright troll," was handed its death sentence a few years ago by the Court of Appeals for the Ninth Circuit. The company's assets had been seized, its domain name and copyrights sold off, and the money paid to defense lawyers; its appelate attempt was its last gasp.


Things get even muddier when different countries are involved. Despite the Berne Convention for the Protection of Literary and Artistic Works (Berne Convention) and the Universal Copyright Convention (UCC), there is no international standard for what constitutes a copyrighted or protected work, much less how multinational enforcement works. The United States Copyright Office notes:

There is no such thing as an "international copyright" that will automatically protect an author's writings throughout the world. Protection against unauthorized use in a particular country depends on the national laws of that country. However, most countries offer protection to foreign works under certain conditions that have been greatly simplified by international copyright treaties and conventions.

However, this would be a European Union directive—affecting activities operated within EU member nations and available to any EU residents—not a mutually agreed international treaty, and it seems glaringly to step into the area of enforcement and punitive disciplinary action, not just legal protection. The GDPR had the same type of, in my opinion, broad overreach, but we saw nothing from other countries contesting it or repudiating it.

And we now know some of the aftermath of the GDPR. Rather than spend the money needed to comply, many companies chose to simply remove services for which compliance would be prohibitive...or simply to try to summarily block all Internet traffic from EU countries. There was even a website—since forced to close—called GDPR Shield that offered simple tools like JavaScript code to block visitors from EU nations. But hundreds of companies did choose to block EU visitors and stop doing business in those countries, companies ranging from Verve and Drawbridge to the Los Angeles Times and the Chicago Tribune. A new study by international law firm McDermott Will & Emery in conjunction with think-tank the Ponemon Institute found that large companies spent, on average, $13 million each preparing for and implementing GDPR rules.

How much time, effort, and money can and will organizations now spend in order to be compliant with yet another EU mandate following closely on the heals of the last one? From Bloomberg News several weeks ago:

A provision of the draft proposal, Article 13, could force tech companies to either heavily filter user-uploaded content or shutter their websites, attorneys told Bloomberg Law. Smaller companies, in particular, won't have the resources to invest in technologies needed to comply, they said. ...Companies would have to invest in costly—and potentially unreliable—software programs to filter out infringing material, attorneys say. A March 23 draft from the council, for example, would require companies to make 'best efforts to prevent the availability' of infringing content.

The Electronic Frontier Foundation writes: "By requiring Internet platforms to perform automatic filtering on all of the content that their users upload, Article 13 takes an unprecedented step towards the transformation of the Internet from an open platform for sharing and innovation, into a tool for the automated surveillance and control of its users."

Academia is also also deeply concerned. The Max Planck Institute for Innovation and Competition writes that "...obliging certain platforms to apply technology that identifies and filters all the data of each of its users before the upload on the publicly available services is contrary to Article 15 of the InfoSoc Directive as well as the European Charter of Fundamental Rights."

EDRi Balanced Copyright
From European Digital Rights (EDRi), click to visit the EDRi website

We saw with the GDPR and we see again here position statements, external to the text of the proposal itself, that the regulations aren't targeted at the little guy. Most of the onerous clamp-down focuses on "online content sharing service providers." The directive's definition of the term seems lacking. Article 2, Item 5 states: "'online content sharing service provider' means a provider of an information society service whose main or one of the main purposes is to store and give the public access to a large amount of works or other subject-matter uploaded by its users which it organises and promotes for profit-making purposes."

The term "information society service," likely unfamiliar to any in the U.S., has been redefined several times in the short history of the EU, which was founded with enactment of the Maastricht Treaty in late 1993. The latest iteration, and to which the copyright proposal references, is EU Directive 2015/1535, issued 9 September 2015. Article 1(1)(b) reads:

(b)

'service' means any Information Society service, that is to say, any service normally provided for remuneration, at a distance, by electronic means and at the individual request of a recipient of services.

For the purposes of this definition:

(i)

'at a distance' means that the service is provided without the parties being simultaneously present;

(ii)

'by electronic means' means that the service is sent initially and received at its destination by means of electronic equipment for the processing (including digital compression) and storage of data, and entirely transmitted, conveyed and received by wire, by radio, by optical means or by other electromagnetic means;

(iii)

'at the individual request of a recipient of services' means that the service is provided through the transmission of data on individual request.

An indicative list of services not covered by this definition is set out in Annex I;...

 
Annex I of that directive is of little to no help with the matter at hand for proposal 2016/0280 (COD). It attempts to describe the distinctions of "at a distance," "by electronic means," and "at the individual request of a recipient of services." It provides rather useless clarifications of things that would not be considered an "information society service," things like: medical examinations or treatment at a doctor's; plane ticket reservation at a travel agency in the physical presence of the customer; electronic games made available in a video arcade where the customer is physically present; automatic cash or ticket dispensing machines; access to road networks, car parks, etc.; distribution of CD-ROMs or software on diskettes; voice telephony services; television broadcasting services; and radio broadcasting services. In other words, Annex I is as current to the 2018 digital marketplace as was its predecessor directive of 20 years ago, EU Directive 98/34/EC, published 20 July 1998.

When I read 2016/0280 (COD) and EU Directive 2015/1535, two terms that seem conspicuously undefined are "organises and promotes for profit-making purposes," and "for remuneration." What constitutes "profit-making" or "remuneration"? For example, WikiTree is a large genealogical website that is not formally organized in the U.S. as a nonprofit corporation but it does not charge end-users for its services; it does, though, have a revenue stream adequate to keep it operational. A number of genealogy sites and family associations are not formally organized as nonprofits, and though they may not charge to access their sites, many accept donations to fund their efforts.

Many organizations that are formally incorporated as 501(c)(3) nonprofits do have dues or fees required of members and end-users in order to access some or all of their online data. Coming to mind are just a few: the National Genealogical Society, the New England Historic Genealogical Society, the New York Genealogical and Biographical Society, and the Texas State Historical Association.

What is and isn't "profit" and/or "remuneration" is defined by accountants, lawyers, and legislators, not by Webster's...and it differs considerably among various nations. Nothing about the law is ever, "Oh, you know what we mean; everybody knows what that means."

In Article 2, Item 5 of the new proposal, does "give the public access" mean free, unpaid access; for-fee access; or both or either? Who or what determines "main or one of the main purposes"? Ancestry.com allows me to upload files and text to the profiles in my tree—I probably wouldn't use it if I couldn't do so—but is that Ancestry's "main or one of the main purposes"? If the "information society service" doesn't store the data/information on its own servers and infrastructure but acts as collator or aggregator, does that make a difference? Since the Internet Wayback Machine has captured over 332 billion webpages that may no longer appear on a Google search, does it qualify as an "online content sharing service provider"? What constitutes "a large amount of works or other subject-matter"; large in relation to the available archives at my one-name study, or large relative to YouTube?

Too, it's important that anyone reviewing this proposed directive keep in mind that it legally incorporates, by reference, an impressive 13 other standing EU directives. The result is that your reading enjoyment of the 66-page proposal is augmented by those 13 additional directives that you must read in order to properly frame this one. A prime example, mentioned above, is EU Directive 2015/1535. As an aid, here is a complete reading list (note that two of the existing directives are specifically and materially amended by Title V, Article 17 of the proposed 2016/0280 (COD); these directives are indicated by an asterisk):

  • Directive 93/83/EEC
  • Directive 95/46/EC
  • *Directive 96/9/EC
  • Directive 2000/31/EC
  • *Directive 2001/29/EC
  • Directive 2002/58/EC
  • Directive 2006/115/EC
  • Directive 2009/24/EC
  • Directive 2009/136/EC
  • Directive 2012/28/EU
  • Directive 2014/26/EU
  • Directive 2015/1535
  • Directive 2016/679

Though not an attorney, I've had a fair amount of involvement over the years in legislation at the U.S. state level. The outcome can sometimes seem quite cumbersome--largely because it's less difficult politically to add clarification to an existing law than it is to rewrite it completely, so some chapters and sections can come to look like an accretive mass of bloviation--but the goal is always to be as unambiguous as possible. If the definition of a thing, an act, or an actor is not clear and unambiguous, the bill will never pass into a calendars hearing, much less onto the governor's desk. If unclear, judicial application of a law is open to interpretation, something we try to avoid.

Perhaps the ambiguity seen in this proposal as well as in the GDPR is by the very nature of the European Union. No EU directive or regulation I've read is exactly what I would describe as pellucid. It sets out the rationale for its intervention in Item 44:

"The objectives of this Directive, namely the modernisation of certain aspects of the Union copyright framework to take account of technological developments and new channels of distribution of protected content in the internal market, cannot be sufficiently achieved by Member States but can rather, by reason of their scale, effects and cross-border dimension, be better achieved at Union level. Therefore, the Union may adopt measures in accordance with the principle of subsidiarity as set out in Article 5 of the Treaty on European Union."

Do the sovereign nations of the EU, who have been able to negotiate and come to treaty agreements with other nations in the past, to work cooperatively and vigorously with the rest of the world, understand that their own Union is of the opinion that they are now no longer significant enough to "sufficiently achieve" this on their own?

But let's back up a bit to Item 28d:

"Given the increasing importance of the ability to offer flexible licensing solutions in the digital age, and the increasing use of such schemes in Member States, it is beneficial to further clarify in Union law the status of licensing mechanisms allowing collective management organisations to conclude licences, on a voluntary basis, irrespective of whether all rightholders have authorised the organisation to do so. Member States should have the ability to maintain and introduce such schemes in accordance with their legal traditions, practices or circumstances, subject to the safeguards provided for in this Directive and in full respect of Union law and their international obligations related to copyright. These schemes would only have effect in the territory of the Member State concerned, unless otherwise provided for in Union law."

The emphasis is mine, and it seems to me that this is an engineered "out" for EU member nations to be able to determine what is and is not authorized and/or licensed use under their own copyright laws. The GDPR is an EU "regulation," not a "directive," so has differing force/degree of law. But we know the deleterious business impact the GDPR had outside of the EU, and trepidation in me says to read with caution all qualifications allowed only to EU Member Nations. Perhaps due in no small part to this, some of the voices of criticism we see of this proposal are coming from institutions and academia in the UK. Brexit is looming; 11:00 p.m. UTC on 29 March 2019 will arrive very, very quickly.

Last on today's soapbox is a full-circle back to the actual intent of the proposed directive. I've had friendly discussions with people who staunchly defend that there is nothing wrong with strengthening worldwide copyright protection laws. I wholly agree. They point to Item 3 of the proposal as the true intention:

"However, legal uncertainty remains, for both rightholders and users, as regards certain uses, including cross-border uses, of works and other subject-matter in the digital environment. As set out in the Communication of the Commission entitled 'Towards a modern, more European copyright framework,' in some areas it is necessary to adapt and supplement the current Union copyright framework keeping a high level of protection of copyright and related rights."

I opened this post by saying, "At issue is not copyright protection or protecting the rights of the original creator of works." To see why I say this proposal is not about actual copyright protection, let's look at Item 37a, which begins: "The definition of an online content sharing service provider under this Directive targets only online services which play an important role on the online content market by competing with other online content services..." Again, emphasis mine. Why is targeting any specifically defined retail or wholesale marketplace necessary in order to have "a high level of protection of copyright and related rights"? Copyright is about rights of the original creator of a work, or the entity to whom that original creator has transferred all, partial, or temporary permissions. Shouldn't the protection of copyright and related rights be universal, regardless of the supply chain or distribution systems? Does that distinction really lend itself to protection of the copyright holder, or is it merely a blatant attempt to legislatively level, for centrist gain, a global economic market? Heck; the French were the ones who invented laissez faire economics, that transactions between private parties should be free from overreaching governmental regulations, privileges, tariffs, and subsidies.

If we wanted a final confirmation that 2016/0280 (COD) is not about copyright protection but about governmental copyright regulation, let's have a look at the closing portion of that same Item 37a:

In order to ensure the high level of copyright protection and to avoid the possible application of the liability exemption mechanism provided for in this Directive, this Directive should not apply to services the main purpose of which is to engage in or to facilitate copyright piracy.

"In order to ensure the high level of copyright protection...this Directive should not apply to services the main purpose of which is to engage in or to facilitate copyright piracy." How exactly does specific exclusion of copyright piracy do anything at all to improve copyright protection?

The question, of course, is rhetorical.
 

Some references and links of interest: