Infringement & the Internet
November 20, 2006 | 12:00am
In the US, the first major attack was the bombing of the Math Center at the University of Wisconsin. There were deaths and injuries recorded. Damage was estimated at $1.6 million (a big amount at that time); there were injuries and deaths, and 20 years of data/content was destroyed.
Computer content, and now, Internet content, has been the cause of many computer bashings. Nowadays, when content is vast because Internet storage has become huge (sometimes unfathomably so), the damage wrought can be massive.
As I said earlier, the application of laws and regulations throughout the world is still in a state of flux. National jurisdictions have addressed infringement and damage through traditional criminal and civil legislation and, in connection with the Internet, superficially. The universal law or the uniform fundamental set of rules to govern every member of the global telecommunity is still in a state of flux.
The application of Germany’s telecom statute, Teledientsgesetz, is in flux. Of course, everyone knows that Internet laws extend Internet service providers’ content liability, but the specifics of this have still to be set. In a case involving Internet content, the president of CompuServe Germany was found responsible for a breach of the penal code, despite the fact that CompuServe Germany did not operate as a service provider but as an intermediary between German customers and CompuServe USA.
Furthermore, the German court required CompuServe Germany to request CompuServe USA to prevent certain Internet content from reaching the German public. For a while the latter complied with the request but subsequently resumed its prior activity.
On appeal, CompuServe put forth the liability protections contained in the Teledientsgesetz. Surprisingly, the court argued that the Teledientsgesetz was not applicable on the grounds that CompuServe Germany was a technical intermediary, not an ISP. However, a subsequent appeal by CompuServe Germany was successful. Since the Teledientsgesetz is still in flux, it is advisable for the ISPs to undertake a review of the current status of the Teledientsgesetz, if the ISP intends to service the German market.
The United Kingdom was the first European Union member to limit liability of the ISPs. The English Defamation Act of 1996 explicitly states that an ISP is not the publisher of the defamatory statements, and consequently cannot be held liable if it can be shown that the ISP did not know or reasonably could not have known of the defamatory content.
In 2000, a Mr. Godfrey sued Demon, an ISP that had posted newsgroup material wrongly identified as authored by him and which the court ruled was "squalid, obscene, and defamatory." There was evidence presented that Godfrey had contacted Demon requesting that the latter remove the improperly attributed content. Subsequently, after the material was deleted, Godfrey sued Demon for libel. The court ruled that because Demon "hosted" the site that received the libelous content, it was not yet included within the purview of the act’s protected group of carriers or access providers that merely handle the material, and that "accessing" was tantamount to publication of the statement. The judgment was appealed by Demon.
The fundamental value of this case should revolve around how future courts will review the legal obligation of the ISPs once they have been given notice.
The same fundamental principle applies in the US, but being in flux, and since fundamentally, traditional laws, rules and regulations apply, it is difficult to make sweeping statements, since we are dealing with Internet content. Also, in directing an Internet site toward the English market, an ISP should consider separating the management of newsgroups from its other business activities. And the newsgroups unit should put a procedure in place to deal with libelous content.
In the case of personal data stored on the Internet, how are these data protected from disclosure? Organizations that store personal data are fundamentally protected from liability for disclosure if the data are of certain types. From my own personal study, and culling from the voluminous information available, these include: a) data provided for a medical diagnosis; b) data of vital interest to a government organization; c) data necessary for legal claims or defenses; d) data necessary in the pursuit of legitimate activities of a non-profit organization or foundation; and e) data necessary to carry out the obligations set forth by law.
The US and the EU have set standards for personal data stored on the Internet, with the intention of standardizing data protection across the length and breadth of the global community of nations. Another objective is to limit the transfer of information to non-member countries that do not provide adequate protection. These standards could result in cutting off data streams to countries that do not have data protection.
The challenge here is to find the means and the process that ensure trustworthy e-commerce while preserving effective data protection.
Until such time that the US and the EU achieve an agreement on personal data-storage standards, this necessary precedent for the standards that other countries will have to meet may not come to fruition.
Businesses around the world are divided with respect to how to proceed on this issue of personal data-storage standards. Some have followed those of the US and others have adopted those of the EU. The Philippines still has to make a categorical choice on the matter.
Countries are as divided as businesses on this issue. For instance, Canada is planning to introduce a European-style data-protection regime, while Australia is close to adopting the US view that the state is usually responsible for violating personal-data security when necessary. Most countries of the EU have a tradition that the state is the protector of personal data.
European Union businesses now send information within the EU without violating EU protocols, but they must still have to deal with national laws within specific countries. And such compliance has turned out to be an expensive and cumbersome process for quite a number of international firms. It has become a complex and tentative situation because the EU issuances/directions have created uncertainties in companies engaged in cross-border data transfers, because of the lack of implementing rules and guidelines.
We are all in agreement that the Internet is essentially borderless. But as the interest and involvement in e-commerce grows – which includes the Philippines after our E-Commerce Law was passed – so does the need of customers for protection, which has steadily increased.
Bear in mind that existing data-protection laws originate from the time when the US and Europe first implemented the general use of computers, followed by Asia and the rest of the world. Those laws were typically technology-specific. The widespread – in fact, the global – use of the Internet has rendered them obsolete.
The different jurisdictions of the global telecommunity have to enact personal data-protection statutes that are equally applicable to the Internet and to all other communication and storage technologies.
BrandSpace Articles
<
>
