Pirate Bay - the end?

Pirate Bay have announced that they are likely to be selling the business to the Swedish company Global Gaming Factory X AB according to the company's press release the transaction is schedule to complete for August 2009. Their CEO, Hans Pandeya, is quoted as saying:

"We would like to introduce models which entail that content providers and copyright owners get paid for content that is downloaded via the site"

I read that as meaning that the nature of the site will change dramatically, although Pirate Bay's own blog comments that if the new owners change the site dramatically, no-one will continue to use it.

Pirate Bay loses appeal

According to the Swedish Court Service website, the four defendants in the Pirate Bay case have lost their appeal. The Svea Court of Appeal decided that, despite some criticism of the way in which the judges in the trial had proceeded, the trial was fair.

I have yet to read a reasoned decision so I am relying on the press release. One line of reasoning seems to have gone as follows: the presiding judge was a member of two organisations operating in the field of intellectual property. Let us say, for the sake of argumen, that the judge’s membership of these organisations showed that he was in favour of the enforcement of intellectual property and would thus be supportive of rights holders. That does not, thought the court, prevent a fair trial because intellectual property rights are legal rights in Sweden as the law stands. Being in favour of them merely means being in favour of the law.

An analogous argument might be used in a case in which a judge who was in favour of private property rights and their enforcement should still be allowed to sit on a case of theft, or for eviction of trespassers.

Having said that the court appears to have thought that information like this (membership of relevant associations)  ought to have been available at the earliest stage, so that it can be properly dealt with then rather than on appeal.

I remain sceptical as to whether the judge (Tomas Norström) really was biased in any way. The Swedish Association for the Protection of Industrial Property and the Swedish Copyright Association do not look (to me) like industry organisations that pursue infringers of intellectual property, but rather more like the sorts of organisations that lawyers routinely get involved in for the better exchange of ideas and study of a subject.

Members are likely to have a lot of different affiliations, work against each other in practice on many occasions and the mere fact that A and B are both members of such an assocaition doesn’t mean they will even like each other. I certainly can’t stand the sight of some people in the same professional bodies as myself.

The trouble is I haven’t seen a good analysis of the two Swedish bodies to be sure. I look forward to reading the full decision of the Court of Appeal (if it becomes available) to make up my own mind.

Where does this leave the Pirate Bay four? If the press release is to be believed, there is no appeal but proceedings in the European Court of Human Rights are sure to follow.

Technorati Tags: pirate bay, copyright, P2P, music file sharing

Social Networking Sites and Data Protection

The Article 29 Data Protection Working Group has published its opinion on the relationship between the Data Protection Directive and Social Networking Sites (SNS).

A key point to take away is that operators of SNS are data controllers rather than merely data processors, so that they are more likely to be subject to European data protection law than if they were merely “data processors”.

Who is the working party?

The working party was set up by by the data protection directive as an advisory body. Its opinions are not legally binding, but they are likely to be persuasive and the Commission must respond them.

Key points

The response to the opinion (so far) has concentrated on the view that SNS operators are probably data controllers. I’ll have more to say about that at the end of this post.

For me the most interesting points are:

• SNS operators are usually data controllers
• … and so are many third party application providers
• … as indeed will be many users
• privacy should be the default setting
• release of profile information beyond a user’s selected friends should never be implicit
• third party applications should not by default be given access to all an individual’s profile information, but only what is necessary for that application to work

It seems to me that this signals a tougher line to SNS like facebook which will not be able to get away with, for example, a completely cavalier attitude to third party applications.

There are a couple of specific points of interest.

Users

Almost anything about someone is “personal data” but most individuals using an SNS won’t be subject to the Directive because it excludes processing “by a natural person in the course of a purely personal or household activity”.

The working group notes an increased use of SNS for other purposes such as for businesses or campaigning. Those would fall outside the household exception and such users would need to comply with the Act.

The Working Group makes three recommendations on this point:

- SNS providers provide adequate warnings to users about the privacy risks to themselves and to others when they upload information on the SNS - SNS users should also be reminded that uploading information about other individuals may impinge upon their privacy and data protection rights; - SNS users should be advised by SNS that if they wish to upload pictures or information about other individuals, this should be done with the individual’s consent.

Which seems entirely positive. Strictly speaking you don’t always need an individual’s permission to process their data, so the last point is not quite right, though it is good practice. What the Directive does require is that individual’s are notified of the processing, which could be done by a tagging system.

Having said that, the Directive was not (I think) written with uses of SNS in mind. I suspect that more difficulties will follow.

Controller vs Processor

The Directive makes a distinction between “controllers” on the one hand “processors” on the other. A controller is an entity which “alone or jointly with others determines the purposes and means of the processing of personal data.”

In the context of an SNS you might argue that it is the users of the site who decide the purpose and means of processing the data, the operator of the site provides nothing more than an environment for the users to do what they wish (post pictures, disclose information about themselves and so on). In other words, they are just a processor.

The Working Party thinks not. Amongst other things sites like facebook decide what use is to be made of data contributed to the site for the purposes of advertising and marketing.

This matters for two reasons: first because it is on the controller (not the processor) that most of the obligations of the directive are imposed; but second because the location of the controller affects whether or not the directive applies at all.

How far does the Directive reach?

The answer to that question applies in article 4 of the directive which states:

(a) the processing is carried out in the context of the activities of an establishment of the controller on the territory of the Member State; when the same controller is established on the territory of several Member States, he must take the necessary measures to ensure that each of these establishments complies with the obligations laid down by the national law applicable; (b) the controller is not established on the Member State’s territory, but in a place where its national law applies by virtue of international public law; (c) the controller is not established on Community territory and, for purposes of processing personal data makes use of equipment, automated or otherwise, situated on the territory of the said Member State, unless such equipment is used only for purposes of transit through the territory of the Community.

The first two provisions give little difficult: if your processing is being carried out in/with or by an establishment of yours in a member state (or somewhere else that state’s law applies) then unsurprisingly you have to comply with the Directive.

The odd one is (c). The Working Group have previously in their opinion on search engines said that storing a cookie in a user’s browser amounts to “making use of” equipment (the user’s browser) so that wherever on the plant a data controller might be, if their processing of the data involves cookies they will be subject to the directive.

I am not entirely convinced by that argument. It would require any such site to have a designated representative in every member state from which anyone were to browse them (under article 4(2)). It also seems to me that what the directive means is that if you process the data in question in a member state then the directive applies to the processing of that data in that member state. A cookie will necessarily contain much personal data of itself.

Conclusion

The opinion seems to me to be useful. It is relatively short and an easy read. Let us hope that it contributes to the pressure on sites like facebook to put their house in order.

The Civil Procedure Rules

The Civil Procedure Rules (or CPR) are the rules governing the conduct of cases in the civil courts of England and Wales. An up to date version is available from the Ministry of Justice's website.

There's no getting away from it: there are a lot of rules and being familiar with them is difficult and something that lawyers, in particular litigators, are paid well to do. I do not advise anyone to try DIY litigation based on reading through the rules but I appreciate sometimes there is no option. There is absolutely no substitute for reading the rules. I see numerous questions asked on internet forums and in briefs sent to me which are easily resolved by reading the rules.

When do the rules apply?

• The rules do not (for the most part) apply to criminal cases which have their own set of rules (the Criminal Procedure Rules unsurprisingly)
• The rules only apply to proceedings in certain courts: county courts, the High Court and the Civil Division of the Court of Appeal.
• Tribunals, such as employment tribunals have their own rules of procedure
• Certain kinds of case (such as insolvency) are excluded by the rules: for a full list see CPR 2.1. There's more subtlety here. Some of these kinds of case piggy-back on the CPR. For example the insolvency rules incorporate chunks of the CPR.

Finding your way around the rules

The CPR is divided into numbered "parts" which are subdivided into "rules". For example rule 3 of part 5, written CPR 5.3 states that a signature required by the rules may be printed by computer. Most rules come together with one or more "practice directions" which tend to be more practical or detailed instructions on what to do in any particular situation. You should almost always read the practice direction that accompanies any rule.

Think of the rules as telling a story. The characters are:

• the Claimant - who has started proceedings
• the Defendant - who is the person being sued
• any Additional Parties - who have been brought in as additional Claimants or Defendants during proceedings

If you try reading through you will find yourself immediately confronted with a considerable amount of peculiar vocabulary used in a technical way by the court. Fortunately there is a glossary and an index.

The two most useful terms to know are:

• file - frequently a rule will require someone to "file" a document, this just means sending it to the court.
• serve - on the other hand means sending something to someone other than the court (usually another party)

General rules

Parts 1-6 contain some important general rules. Part 1 is all about the "overriding objective" which the court is supposed to bear in mind when it is deciding what to do.

The other parts are mostly self-explanatory, although Part 3 has a rather understated title. It deals with the things a court may do to manage a case. In practice a court may do almost anything, though whether it will is another matter.

Getting a case under way

Before you start a claim you should make sure you have complied with any pre-action protocol if there is no specific pre-action protocol for your case then you need to make sure you comply with the practice direction on pre-action conduct.

• A case is usually kicked off with a claim form (Part 7) though certain kinds of claim need to be started with a different kind of claim form (Part 8)
• The Defendant will need to decide how to respond the claim form (Parts 9-11)
• ... and then maybe file and serve a Defence (Part 15 - which also deals with how a Claimant can serve a "Reply" to the Defence).
• If the Defendant doesn't respond or file and serve a Defence in time then the Claimant might want to obtain judgment in default (Part 12) which the Defendant might then want to try to set aside (Part 13).
• In all this the Claimant and Defendant will be sending back and forth "statements of case", for example: the Claim Form, the Particulars of Claim, the Defence and maybe a Reply. There are unsurprisingly rules about what these should look like in Part 16
• Mistakes happen and sometimes it is necessary to correct (or completely alter) statements of case, for which see Part 17.
• The Claimant may have written an entirely unhelpful or confusing claim, or the Defendant a wholly inadequate Defence, there are sometimes ways to force the other side to say a little more by way of a Request for Further Information under Part 18.
• Bringing more parties into the claim (for example where the Defendant wants to get someone else to contribute to any damages they are forced to pay) is then dealt with under Part 19.
• Finally part 20 is a gem. It deals with a really crucial power that parties have at any time to make an offer (a kind of bet) with the other side. If the other party does not accept the offer but fails to beat it they may be punished in costs.

Continuing the case

Parts 21-22 give some more general information. Parts 23-30 deal with "interim" matters - things that may come up during the conduct of a case. CPR 23 is particularly important since it deals with applications to the court which are very common.

Parts 31-35 deal with evidence. CPR 36 is a crucial part dealing with how to make an offer (a kind of bet) to the other party to threaten them with costs sanctions if they don't beat it. CPR 38 is also vital to know about - it governs how you get out of a case. All this leads up to CPR 39 (the hearing) and CPR 40 (the judgment).

After judgment

The parts following deal with various matters that follow a judgment and also deal with certain kinds of specialist proceeding. The most crucial being:

• CPR 43-48 are all about costs. The amount you hope the other side will have to pay you for your legal costs (and of course vice versa).
• CPR 52 deals with appeals - relevant if you want to try to dispute the judgment or if you opponent does.
• CPR 70-79 deal with different methods of enforcing a judgment, though CPR 75-77 and 79 should not normally be relevant to you (if you are bringing proceedings under the Prevention of Terrorism Act 2005 you know more than I do).

Other rules

In the bad old days, before the CPR, the county courts had one set of rules and the supreme court (including the High Court and Court of Appeal) had another. The idea of the CPR was to unify the two systems into one. This has not quite happened and you will see that attached to the end of the CPR are two schedules: one for the Rules of the Supreme Court (RSC) and the other for the County Court Rules (CCR). These still apply but are likely only to be relevant when dealing with enforcement.

Some courts have, in addition to the CPR, their own Court Guides which give detailed instructions on what the court expects in litigation.

Useful Links

• Roger Horne has put together a site called YAWS which has rather more cross-referencing than the official website and also cross-references some case law that is available online.