DMCA Safe Harbor Framework Scope of DMCA Protection Where an OSP qualifies for a DMCA safe harbor and complies with its procedural requirements, the safe harbor:
(17 U.S.C. § 512(a) to (d), (j), (k)(2).)
Courts have held that the DMCA's safe harbor protections may shield OSPs from liability for:
(Viacom Int'l, Inc. v. YouTube, Inc., 676 F.3d 19 (2d Cir. 2012); Perfect 10, Inc. v. Amazon.com, Inc., 508 F.3d 1146, 1175 (9th Cir. 2007).).
The DMCA provides safe harbors for four OSP activities:
To qualify for DMCA safe harbor protection, an OSP must meet certain threshold requirements that include:
(17 U.S.C. § 512(i).).
The OSP also must designate an agent to receive notices of alleged infringement to be eligible for any of the safe harbors, except for the safe harbor for transitory communications. (17 U.S.C. § 512(b)(2)(E), (c)(2), (d)(3); 37 C.F.R. § 201.38(a).).
The DMCA sets out two definitions of service provider: - The safe harbor for transitory communications applies a relatively narrow definition. - The other three safe harbors apply a broader definition.
The safe harbor for transitory communications protects a smaller category of OSPs than the other safe harbors . For this safe harbor, the DMCA defines service provider to include only entities providing transmission, routing, or connections for digital online communications that:
Are between or among points specified by the user.
Send material chosen by the user.
Do not modify the content of the material sent or received.
(17 U.S.C. § 512(k)(1)(A).)
This definition is based on the definition of "telecommunications" in the Communications Act of 1934 and aims to cover an OSP only when it is acting as a mere conduit for communications. This definition includes providers of network connectivity but does not include, for example, website operators or hosting service providers. It may protect, for example: Providers of broadband networks, including cable modem and fiber optic; Dial-up internet service provider; Subject to certain additional conditions, universities providing internet or other network access for faculty and students.
For the other three safe harbors, the statute defines service provider more broadly to include, in addition to entities that qualify under the safe harbor for transitory communications (see Service Provider Definition for Safe Harbor for Transitory Communications), entities that provide or operate facilities for:
(17 U.S.C. § 512(k)(1)(B).).
This definition includes, for example, providers of: Internet access, website hosting, websites, online forums, email services.
One court characterized this definition as being so broad that it is difficult to imagine any OSP that would not fall under the definition (In re Aimster Copyright Litig., 252 F. Supp. 2d 634, 658 (N.D. Ill. 2002), aff'd, 334 F.3d 643, 655 (7th Cir. 2003)).
To qualify under any safe harbor, the service provider must have a policy for terminating repeat infringers' use of its service. The service provider must both:
(17 U.S.C. § 512(i)(1)(A).).
Website operators typically inform their subscribers and account holders of the policy in a separate section of their comprehensive website terms and conditions or in a stand-alone website copyright policy. The DMCA does not require written repeat infringers policies, and service providers are only obligated to inform users of a policy of terminating repeat infringers in appropriate circumstances. Ventura Content, Ltd. v. Motherless, Inc., 885 F.3d 597, 615-19 (9th Cir. 2018).
Courts have held that a repeat infringers policy is reasonably implemented if the service provider:
See Perfect 10, Inc. v. CCBill LLC, 488 F.3d 1102, 1109-10 (9th Cir. 2007).
Because DMCA safe harbor protection is not conditioned on a service provider policing its users, a service provider's knowledge of repeat infringement has been found relevant in determining whether it has reasonably implemented a repeat infringers policy. See Capitol Records, Inc. v. MP3Tunes, LLC, 821 F. Supp. 2d 627, 638 (S.D.N.Y. 2011); Corbis Corp. v. Amazon.com, Inc., 351 F. Supp. 2d 1090, 1104-06 (W.D. Wash. 2004), abrogated in part on other grounds, Cosmetic Ideas, Inc. v. IAC/Interactivecorp., 606 F.3d 612, 621 (9th Cir. 2010). A repeat infringer is any user that repeatedly uploads or downloads copyrighted material for personal use, and the user does not need to know that the material is infringing. EMI Christian Music Grp., Inc. v. MP3tunes, LLC, 840 F.3d 69 (2d Cir. 2016), amended and superseded by 844 F.3d 79 (2d Cir. 2016), cert. denied, 137 S. Ct. 2269 (2017), reh'g denied, 138 S. Ct. 43 (2017)). Notices of infringement that do not substantially comply with the DMCA's takedown notice requirements have been held not to be sufficient evidence of repeat infringement (CCBill, 488 F.3d at 1111-13).
However, courts have declined to find that repeat infringers policies had been reasonably implemented where the service provider, for example:
The safe harbors for storing material at the direction of users, information location tools, and in some cases, system caching, are only available if the service provider has designated an agent to receive notices of alleged infringement (17 U.S.C. § 512(b)(2)(E), (c)(2), (d)(3); 37 C.F.R. § 201.38(a)).
The safe harbor for transitory communications does not require designation of an agent. However, any service provider seeking protection under the DMCA should consider designating an agent to preserve the availability of the other safe harbors if the service provider fails to qualify for the safe harbor for transitory communications. In addition, properly designating an agent may be a factor in determining whether a service provider has reasonably implemented a repeat infringers policy (see Ellison, 357 F.3d at 1080; see also Repeat Infringers Policy).
The service provider must comply with all statutory and regulatory requirements for designating an agent. These include:
(17 U.S.C. § 512(c)(2).)
The agent does not have to be an individual person. A service provider may instead designate, for example, a department within an organization (37 C.F.R. § 201.38(b)(3); see Hendrickson v. eBay, Inc., 165 F. Supp. 2d 1082 (C.D. Cal. 2001)).
Website operators typically provide their designated agent information in either or both:
The DMCA further requires that the following information be included in a publicly available location on the website and registered with the Copyright Office:
(37 C.F.R. § 201.38(b).)
The Copyright Office provides information on the requirements and process for registering an agent on its website. As of December 2016, the US Copyright Office implemented an electronic system to designate and search for agents to receive notifications of claimed infringement and does not accept paper designations (37 C.F.R. § 201.38(c), (e)(1)).
Under the new electronic system:
(37 C.F.R. § 201.38(c), (e).) The Copyright Office website includes links to both the old directory and new directory of service providers' designated agents. (see, for example, Standard Document, Website Copyright (DMCA) Policy).
Section 512(c) of the DMCA provides a safe harbor for service providers storing material on their systems or networks at the direction of users (17 U.S.C. § 512(c)). It shields service providers from liability for copyright infringement that occurs "by reason of the storage at the direction of a user" (see Scope of "By Reason of the Storage at the Direction of a User"). It has been broadly interpreted to extend, for example, to:
To qualify for this safe harbor, the service provider must:
The express language of this safe harbor shields the service provider from liability for copyright infringement "by reason of the storage at the direction of a user." Courts have generally interpreted this language to cover certain activities beyond mere storage where those activities occur by reason of the storage. For example, providing a user-generated content feature on a website anticipates that the service provider, in addition to storing the content, will perform functions necessary to make the content accessible to other users. Courts have found these activities to include automatic processes used to facilitate access to content uploaded by users, including, for example:
See UMG Recordings, Inc. v. Shelter Capital Partners LLC, 718 F.3d 1006, 1015-20 (9th Cir. 2013); Viacom, 676 F.3d at 38-40.
At least one court found that even where a person screened uploaded material before posting it on a website, the upload and storage were still at the direction of the user where the service provider was not involved in a selection process but only screened to ensure material was consistent with the website's purpose and for obvious infringement. See CoStar Group, Inc. v. LoopNet, Inc., 164 F. Supp. 2d 688, 701-702 (D. Md. 2001), aff'd, 373 F.3d 544 (4th Cir. 2004).
While not ruling on the question, in Viacom v. YouTube, the Second Circuit suggested that syndicating or licensing content and other business transactions are outside the scope of "storage at the direction of a user" (676 F.3d at 40).
To qualify for the safe harbor for storing material at the direction of users, the service provider must:
Not have actual knowledge of the infringement.
Not be aware of facts or circumstances that make the infringement apparent (commonly called red flag knowledge).
On acquiring actual or red flag knowledge of infringement, expeditiously take steps to take down the infringing material.
(17 U.S.C. § 512(c)(1)(A), (C).) These knowledge requirements also apply to the safe harbor for information location tools (see Safe Harbor for Information Location Tools). DMCA Takedown Notice as Knowledge A compliant DMCA takedown notice may provide the service provider with actual or red flag knowledge of infringement. However, with certain exceptions, the DMCA precludes a trier of fact from considering a non-compliant notice in determining whether a service provider had knowledge of particular infringing activity (17 U.S.C. § 512(c)(3)(B)). Therefore, a copyright owner relying on a notice of infringement to show actual or red flag knowledge bears the burden of ensuring that the notice complies with the DMCA's requirements (see, for example, Corbis, 351 F. Supp. 2d at 1107; Shelter Capital, 718 F.3d at 1024-26). Knowledge of Specific Infringements Both actual and red flag knowledge require that the service provider have knowledge of specific infringements. The DMCA also expressly provides that the safe harbor for storing material at the direction of users does not require a service provider to affirmatively monitor for or investigate infringement (17 U.S.C. § 512(m)). Courts have held the following to be insufficient to establish the type of knowledge that would disqualify a service provider from this safe harbor:
General knowledge that the service provider's service can be used to share infringing material (Shelter Capital, 718 F.3d at 1022).
General awareness of the occurrence of non-specific instances of infringement (MP3Tunes, 821 F. Supp. 2d at 644-45).
Notices that are not substantially DMCA-compliant (MP3Tunes, 821 F. Supp. 2d at 644-45).
Third-party notices of alleged infringement, without evidence of blatant infringement (Corbis, 351 F. Supp. 2d at 1107-09).
However, a service provider cannot avoid liability by remaining willfully blind to infringement (see, for example, Viacom, 676 F.3d at 34-35).
An otherwise eligible service provider is disqualified from protection under the safe harbor for storing material at the direction of users if it both:
(17 U.S.C. § 512(c)(1)(B).) Both prongs must be satisfied for a service provider to be disqualified from the safe harbor under this provision (see, for example, Hendrickson, 165 F. Supp. 2d at 1093 (C.D. Cal. 2001)). This requirement also applies to the safe harbor for information location tools (See Safe Harbor for Information Location Tools).
Courts generally have interpreted the right and ability to control infringing activity under the DMCA to require more than the ability to remove or disable access to infringing materials. Engaging in voluntary monitoring to identify obvious infringements also has been held not to be the type of control contemplated by the statute (see Hendrickson, 165 F. Supp. 2d at 1093-94.) However, one court found that a provider of services to websites that were part of its "network" had the right and ability to control infringing activity on those websites where, among other things, the provider:
Pre-screened websites.
Gave extensive content and technical advice to the website operators.
Exercised quality control across the websites.
(Perfect 10, Inc. v. Cybernet Ventures, Inc., 213 F. Supp. 2d 1146, 1181-82 (C.D. Cal. 2002).) In Viacom v. YouTube, the Second Circuit held that it is possible for a service provider to have the right and ability to control infringing activity without having knowledge of specific infringements (676 F.3d at 36). Direct Financial Benefit A service provider with the right and ability to control infringing activity on its service does not lose safe harbor protection under Section 512(c)(1)(B) unless it also receives a direct financial benefit from the infringement. Courts have held that a direct financial benefit exists only where the infringing activity is a draw for users and not just an added benefit. On this basis, courts have not found a direct financial benefit to exist where, for example:
The service provider did not charge for the service at issue but earned revenue from other aspects of its service (CoStar, 164 F. Supp. 2d at 704-705, aff'd, 373 F.3d 544.
The plaintiff provided no evidence that the service provider attracted or retained subscribers resulting from the infringement (Ellison, 357 F.3d at 1079).
The service received income from providing all users with access to its services and not directly from allowing infringing activity (Wolk v. Kodak Imaging Network, Inc., 2011 WL 940056, at *7 (S.D.N.Y. Mar. 17, 2011)).
However, a direct financial benefit may exist if a service provider's income is directly related to the number of users that sign up for its service from infringing sites (see Cybernet, 213 F. Supp. 2d at 1181-82).
Section 512(d) of the DMCA provides a safe harbor for service providers referring or linking users to another location that contains infringing material or activity. Its protections apply broadly, for example, to the following: search engines, online directories, indices, yperlinks. 17 U.S.C. § 512(d).
As with the safe harbor for storing material at the direction of users, this safe harbor requires that the service provider:
17 U.S.C. § 512(d).
Ironically, as discussed in our 2021 alert, market studies have found that 1
2023-11-15 15:46:32.808441[:10]
2023-11-15 15:46:31.146569[:10]
2023-11-15 15:46:32.565006[:10]
Stay Connected