Digital media and the law

“Law 2.0”, “digital media law”. Great tag lines but is it all “sound and fury”, signifying nothing new? After all, there are plenty of examples of how existing laws are being applied to the online world. Are the law and Web 2.0 an odd couple fated to be forever out of sync? Alternatively, are we moving slowly but inexorably to a position where the law will move seamlessly between the digital and physical worlds?

In exploring these themes, I want to examine whether there is anything really new and whether the world of Law 2.0 has distinctive features and, if so, what the messages are for the media industries and business generally.

Liability for third party content

Liability for third party content, including user generated content, is the hot potato of Law 2.0. To what extent should search engines, social network sites, forum operators, etc, be liable for content they make available? To what extent can they claim exemption under the ISP immunities?

The current legal framework in the EU is under strain and there are two main reasons. First, the law is pre-Web 2.0: it was developed in the mid to late 1990’s, before the growth of search engines and social networks. Second, advances in software to search and filter content have raised questions about whether service providers need to take any active steps to detect and remove illegal content in order to rely on the exemptions.

The E-Commerce Directive contains three categories of exemption for ISPs and other intermediaries from civil and criminal liability for carrying or hosting illegal content. The immunity is ”˜across the board’, applying to all kinds of liability including copyright infringement and defamation.

There are several key points to note about these ISP immunities, which are built around the principle of ”˜hear no evil, see no evil, do no evil’:

The “mere conduit” exemption applies provided that the ISP doesn’t initiate or interfere with the transmission.

The caching and hosting exemptions require the service provider to act “expeditiously” to remove or disable access to unlawful content in certain circumstances.

Article 15 removes any obligation on service providers to monitor content in order to qualify for these immunities.

However, in a recent case in Belgium the Court imposed a duty on an ISP to use filtering technology in order to claim the exemptions. This case suggests that technological advances will impact on how the exemptions are interpreted, thereby encouraging intermediaries to take a proactive role in dealing with illegal content.

Even if an intermediary is granted immunity from liability under one of the exemptions, rights owners may seek injunctions against intermediaries as a way of getting at a primary infringer. In a recent case, a chat forum operator was ordered to reveal the identities of certain members of the site who had posted defamatory comments. In deciding whether to grant this type of order, a court will consider the individuals’ right to respect for their private life and their rights and freedoms under the Data Protection Act 1998. This brings us neatly on to ”¦


Search engines and social network sites have become aggregators and users of personal information. The law is struggling to hit the right balance in this area. Data protection laws vary across jurisdictions and often seem over-complex and too focused on a “tick the box” approach.

Privacy and data protection are moving up the business and legal agenda. Social network sites need advertising revenues; advertisers want eyeballs and, more than that, data about user’s preferences, interests, purchasing habits. That’s why some groups are calling for a comprehensive review of data protection laws.

But before we change the law, we should address some fundamental questions: (1) do users understand how their data is being used? (2) do they care? Probably, the answer to both is “no”. How many users of Facebook realise that unless they change default settings, details are published to your “friends” via the Mini-Feed and News Feeds whenever the user edits his or her profile information, joins a network etc? And with the increasing use of third party applications, that data can find itself in the hands of third parties outside Facebook.

Data protection law is built on the notion of consent: that we agree – through “opt in” or “opt-out” – to the use of our data. Legal compliance is achieved through a combination of user terms and conditions, privacy policies and default settings, which potentially enable sites to share data with affiliates etc. Data protection compliance, with a focus on (informed) consent, is located at the commercial heart of Law 2.0.


What does jurisdiction mean where there are no geographic boundaries or divisions between the real and virtual worlds? The answer is – quite a lot. There are several international legal instruments that apply to cross border disputes. Brussels I (to work out which country’s courts have jurisdiction); and Rome I (contractual disputes) and Rome 2 (non-contractual disputes, eg copyright infringement), to decide which country’s laws apply to the dispute.

Asynchronous law

This is a permanent state suffered by the law (and lawyers!) whereby the law is always behind – and even occasionally ahead – but never in sync with the online world. Typically, it takes about 5 to 10 years for new legislation to move from initial idea to adoption as law and for the Courts to work out what it means.


This could also be called “fastlaw”. It comprises ways of shaping policy without introducing formal legislation. Examples are Codes of Conduct and Recommendations introduced by the European Commission. These give a clear message on how online businesses should respond to market changes without a legislative “big stick”. This is useful in a rapidly changing and uncertain world where legislation will either be too slow or plain wrong.

This trend is increasingly apparent in the world of self regulation, admittedly being pushed along by media owners. The Principles of User Generated Content Services and YouTube Video Identification tool are the leading examples.

Technical standards

In the digital world, technical standards play a major role in determining how digital goods and services are exchanged. Although legislation may provide the overall legal framework for what can and can’t be done with copyright content, standards control what happens. In that sense, standards are a kind of “de facto” law.

Digital Rights Management (DRM) is “an umbrella term for a range of technologies for managing the buying and selling of intellectual property rights in digital form” (EPS, now part of the Outsell Group). In the Web 2.0 world, sites such as Facebook are becoming platforms for the exchange and delivery of content.

In this environment, machines have to speak to machines – the “semantic web”. Here, DRM is an enabler. It is about the application of a machine-readable language and grammar to digital content in order to describe the rights that are associated with the intellectual property. It may be “copy without restrictions”; “copy three times”; “store and delete copies from cache after a given period”, etc. And it’s possible that these permissions will not be enforced through technical protection measures.

So we may be seeing the role of DRM changing from policeman to accountant, helping to make sure that the right guy gets paid, who could be anyone from the solo digital photographer or designer through to “big media”.


The European Union’s upcoming Audiovisual Media Services Directive distinguishes between revised, “traditional style” regulation of television broadcasting (“linear services”) and a so-called “light touch” approach for on-demand services (“non-linear services”). Getting the right approach to infrastructure and content regulation is, needless to say, a major challenge.

“It’s the content, silly”

It’s no so much that content (or, for that matter, the consumer) is king. If “paradigm shift” means anything in the context of the Web, it’s that content is no longer tied to a specific method or platform of delivery. Digital audio, podcast, e-book, CD, print on paper, mobile music, TV etc. What this does is place the need for a strategic approach to the creation, protection and management of intellectual property assets at the top of the business agenda. In the work we’re doing for clients, this message has really hit home.

Laurence Kaye is an expert lawyer in the fields of digital law, intellectual property and media law and runs his own firm Laurence Kaye Solicitors. He was one of the first lawyers in the UK to specialise in internet law. He is recognised in Chambers Guide to the UK Legal Profession 2007 as a leader in the fields of Media and Entertainment and Information Technology law. He is Chairman of the Society for Computers & Law’s Internet Interest group and writes a blog on digital media law at