No. 81 April 2012

 This document is available in Word and PDF.

JISC Legal Monthly Newsletter: April 2012

Legal Guidance for ICT Use in Education, Research and External Engagement

JISCLegal Logo

 

Welcome to the April 2012 JISC Legal Monthly Newsletter (No 81) and a Happy Easter to all! This month's news includes items on Google privacy, Twitter and data protection breaches.

For anyone who missed our Mobile Technologies and the Law webcast the recordings will be available shortly. Thank you to everyone who completed our webcast feedback form. The lucky winner of the Kindle 3G is Marc Bennett from Newcastle University.

JISC Legal Plus continues to offer great value expert
in-house training on FOI, copyright, data protection and e-safety to colleges and universities. If your institution is looking for relevant sector-specific expertise in these significant areas then our on-site staff development packages are for you. Find out the details of JISC Legal Plus at – http://jiscleg.al/JISCLegalPlus

News

True Cost of FOI Requests Published

JISC infoNet has announced the results of its recent research project aimed at discovering the true cost to an HE institution of processing an FOI request. The project tracked 36 requests received by seven HEIs from across England and Scotland during January 2012. As a result of the data generated by this project it was determined that the average FOI request costs a university £99 to process rising to £121 when salary on costs are added and takes an average of 5 hours 2 minutes to complete. Extensive analysis of the data provides further information on the salary grades of staff involved, how much each stage of the process costs and compares the experiences of different institutions responding to the same ‘round robin’ requests amongst much more. Further details on the JISC infoNet website.

Turning a Resource into an Open Educational Resource (OER)

The OER IPR Support Project has created an animated film illustrating the steps involved in embedding open licences in educational resources and some of the associated IPR issues. This resource will be of interest to staff in colleges and universities involved in creating open educational resources.

Implementing the Cookies Regulations - Public Sector Guidance

Guidance has been issued by the Government Digital Service (GDS) for government departments and other public sector bodies that are required to comply with the Privacy & Electronic Communication Regulations (PECR). From 26 May 2012 all website owners with a UK presence, are required to obtain informed consent from website users and subscribers in order to store information on their devices. Essentially only cookies that are deemed ‘strictly necessary’ for a service requested by the user are exempted from this consent requirement. The guidance focuses on ensuring that the main objective of the new regulation, the protection of website users’ online privacy, is satisfied by public sector websites. As well as specific advice the document sets out a recommended template for a 'Use of Cookies' policy. The guidance can be accessed on the GDS website. And further information and analysis is available on the JANET Regulatory Developments Blog. Information specific to FE and HE on how to comply with the new cookie law is available in the JISC Legal papers - Cookies - Six Months Until Enforcement (25/11/2011) and What Does the New "Cookie" Legislation Require us to do? (15/12/2011).

Solutions to Simpler Copyright Licensing Sought

The need for simpler copyright licensing in the world of digital media has been identified in the Digital Copyright Exchange Feasibility Study Phase 1 diagnostic report published on 27 March. There is also a recognition that educational establishments have to deal with a particularly complex matrix of licences. The final report is due to be issued in July 2012. Scotland’s Colleges were amongst the organisations who responded to the January 2012 call for evidence. Phase two of the study is due to begin in April and is tasked with looking at a range of possible solutions to the problems identified including a Digital Copyright Exchange. This will culminate in a final report expected in July.

Twitter Comments Lead to Jail Sentence

A student who admitted posting racially offensive comments on social networking site, Twitter, has been sentenced to 56 days imprisonment. The student admitted inciting racial hatred over the remarks that he made which left the judge with no alternative other than to impose an immediate jail term. This news story highlights to colleges and universities the potential seriousness of the sending of illegal messages, even through something as 'frivolous' as Twitter, which can ultimately result in imprisonment. More details on this story are available from the BBC website.

Successful Twitter Libel Case

A former cricketer has been awarded damages of £90,000 plus legal costs by the High Court, in England, after suing over a defamatory tweet alleging that he was involved in match-fixing. The judge said that "it is obvious that an allegation that a professional cricketer is a match-fixer goes to the core attributes of his personality and, if true, entirely destroys his reputation for integrity". This news story serves as a reminder to those working in FE and HE on the potential dangers of using social network sites to disseminate comments that may be construed as defamatory. More details on this news item are available from the BBC website. For more information on defamation or indeed Web 2.0, then please visit the JISC Legal website.

Negligent Employees and Contractors Cause Most UK Data Breaches

Symantec, a security research company, has produced a report focusing on the causes of UK data breaches. It concluded that 36 UK firms notified the Information Commissioner in 2011 because of data breaches and 36% of those had come about as a result of ‘a negligent employee or contractor’. The other breaches were due to ‘system glitches’ and malicious or criminal attacks, 33% and 31% respectively. The Out-Law article is a useful reminder to institutions to ensure data security measures, policies, processes and training are robust and up to date. For more information on your legal obligations in collecting and processing personal data, please refer to the JISC Legal website. http://jiscleg.al/DataProtection

Security and the Cloud - Networkshop 40 York

JISC Legal is contributing to the Security and the Cloud session at Networkshop 40 in York on Thursday 5th of April at 9.00am. Networkshop is a technical conference for staff in education and research. This session will highlight the legal changes taking place that concern those providing computing solutions for colleges and universities. It will examine the areas including responsibility for ‘personal data’ in the cloud, the new EU Data Protection Directive - enhanced rights for individuals and tough penalties for non-compliance, privacy - the right to be forgotten and cookies – new consent requirements. The session is designed to indicate what the legal obligations are for institutions and to assist how to stay legally compliant and ensure that legal issues don’t hinder innovation in cloud computing.

Orphan Works Reforms Developing

The EU Parliament’s Legal Affairs committee has voted in favour of reforming copyright legislation in order to make available ‘orphan works’ in online archives. Further, the committee voted to backdraft legislation that would allow institutions to digitise works, if following a ‘diligent’ search, the rightsholder could not be identified or located. Such a change in the law would enable the use of archive material that would previously not have been permitted to be used because of doubt about ownership. More details on this news story are available on the Outlaw website.

ECJ Ruling on 'Communication to the Public' Muddies Copyright Waters

The European Court of Justice concluded that ‘communication to the public’ did ‘not cover the broadcasting, free of charge…within dental practices engaged in professional economic activity…for the benefit of patients…without any active choice…’ In this case a licence was not required as patients were not considered a ‘public’ but rather a ‘determinate circle’ and insignificant number. The broadcast was in no way related to treatment or income of the dentist and customers were not receptive to the broadcast itself. So, playing background music free of charge in this case was not subject to any additional licence fee. The court differentiated this case with a recent decision involving a hotel operator, where the communications reached a ‘new public’, a ‘fairly large number of persons’ and resulted in economic benefit. The judgment and Out-Law article will be of interest to institutions, particularly with reference to the legal definition of ‘public’, although unlikely to affect current practice where institutions are required to hold PPL and PRS licences.

Cookies, Consent and Behavioural Advertising

The World Wide Web Consortium (W3C)’s Do Not Track proposals (DNT) are “one of the most promising initiatives” to make behavioural advertising comply with European laws on data protection and cookies. This is the opinion of the Article 29 Working Party (WP29) expressed in a letter to advertising bodies on 1 March 2012. According to the WP29, Do Not Track settings in a browser must mean that users are no longer tracked, instead of just not being shown targeted advertisements. Consent can only be provided if users of all browsers have made an active and informed choice to allow or disallow tracking. W3C plans to publish the detailed Do Not Track standards by June 2012. This development is a step towards standards that will enable a user's browser settings to be used to manage consent to cookies. It is likely though that a website will have to treat a browser that doesn’t support DNT or whose user decided to ignore the selection screen, as having chosen not to be tracked. Further details can be found on the Regulatory Developments blog.

US Extradition of Student for Copyright Infringement Approved

Home Secretary Teresa May has approved the decision to extradite a student accused of copyright infringement to the US. Richard O’Dwyer faces charges of copyright infringement related to providing links to copyright infringing material. He is accused of providing links to film and TV clips via his website TVShack. This case highlights the risks in providing links to copyright infringing material, and although the case hinges on the United States' law rather than our own, there will nonetheless be risk. This is particularly so where links are systematically provided, and where their provision has a commercial aspect, such as revenue earning through advertising which the US Immigration and Customs Enforcement claim is the case here. Further details are available from Out-Law.com. JISC Legal provides resources on copyright to aid colleges and universities in raising student and staff awareness of copyright law.

Recent ICO Conference Papers Now Available

For those who were not at the recent ICO Data Protection Officer Conference on 06 March 2012 the ICO has helpfully made the presentations and papers available on their website. Of interest to those responsible for data protection in colleges and universities include the slides on cloud computing, and a paper on recent tribunal case law focussing on the meaning and extent of personal data and its disclosure. There is also information on what a data controller should do if a data breach occurs, on reporting an incident, and what to expect from the ICO in his investigatory process. The conference papers are available on the ICO website. JISC Legal has a Cloud Computing and the Law Toolkit looking at cloud computing in an FE and HE context and also FAQ’s and other guidance available from the data protection area of our website.

Call to Implement Text Mining Exception to Copyright

Changes to copyright law could enable researchers in UK universities to gain new knowledge that would otherwise remain undiscovered. This is one of the findings of the JISC report "Value and benefits of text mining". In order to be ‘mined’, text must be accessed, copied, analysed, annotated and related to existing information and understanding. Even if the user has access rights to the material, making annotated copies can be an infringement under current copyright law without the permission of the copyright holder. Introducing an exception to support text mining and analytics for non-commercial research as recommended by the Hargreaves Review could facilitate wider access to currently inaccessible information and enable academic institutions to realise economic and research benefit, the report states.

Unencrypted Memory Sticks Result in Data Protection Breach

A Scottish charity was found to have breached the Data Protection Act following the theft of unencrypted memory sticks and papers containing personal data from an employee's home. The ICO investigation found that the charity had no specific guidance for home workers on keeping personal data secure, and portable media devices used to store sensitive personal information were not routinely encrypted. The decision is a reminder to FE and HE institutions of the importance of having in place policies and procedures for employees working from home. The decision is available on the ICO website. For further information regarding security, mobile devices and data protection refer to JISC Legal's guidance paper. http://jiscleg.al/SecurityMobileDevicesandDP

Universities Bridging the Gap between Innovation and Industry

Thirteen UK universities have been awarded more than £750,000 to support projects that are helping to develop new ideas from the drawing board into the market place. Awards within the 2012 Fast Forward Competition are designed to improve the management of intellectual property and knowledge exchange and encourage innovative approaches to knowledge transfer from university research to real world products and services. Further details of the awards are available on the Intellectual Property Office website. Guidance and information for FE and HE institutions on the management of intellectual property is available in the knowledge exchange section of the JISC Legal website.

JISC TechDis Simple Copyright Consultation Guide

In order to promote participation and to simplify matters concerning the on-going consultation on proposals to amend the UK’s copyright system, JISC TechDis has worked with experts within the field to produce their simple ‘How to’ guide. The guide aims to help and support those seeking to respond to the consultation quickly and intelligently paying particular attention to the five key areas of the consultation that have the most impact or opportunity for disabled people. Those from FE and HE keen on taking part in the consultation may wish to refer to this guide for assistance. The consultation closes on 21 March 2012. More details on this story and access to the guide are available on the JISC TechDis website.

Google Privacy Row Rumbles On

David Smith, the UK data protection head, has added his views to ongoing privacy concerns regarding Google’s use of personal information. In The Guardian article, Smith claims the privacy policy is too vague and does not clarify what will happen to individuals’ personal data. ‘The requirement under the UK Data Protection Act is for a company to tell people what it actually intends to do with their data, not just what it might do at some unspecified point in future.’ Smith also feels that the ‘right to be forgotten’ being proposed in European legislation is not currently reflected by Google and that it must ‘act in a fair and reasonable way’. Currently, Google is not liable where defamatory content is published but this may change following the decision by CNIL, the French regulator, at the end of March. Changes in Google’s approach to privacy are likely to be of interest to all staff and learners in accessing and using specific tools and searches.

Failed Pupils' Photos on Show in School Canteen

Thirty pupils who failed to meet GCSE targets had their photos and names posted onto a wall of a school canteen. The Daily Mail article states that both parents and pupils found the ‘rogue’ gallery to be humiliating and a way to bully children to achieve higher grades. The gallery has since been removed and Chris Harris, head of Larkmead School in Abingdon claims the intention was to support and help pupils. Institutions are reminded to consider carefully data protection law when posting photos, grades or other identifiable information on notice boards or online. For more information on data protection, refer to our JISC Legal guidance http://jiscleg.al/dataprotection

Skydiver Lands in Court

The Patents Court recently confirmed that copyright in a film will be jointly held by the producer and the principal director unless there is an agreement to the contrary. A skydiver engaged a cameraman to film a tandem sky dive over Mount Everest, and then used the footage in a documentary broadcast on Danish television. The cameraman used footage in a YouTube video, and each claimed the other’s use was infringing. The court found there was no agreement between the parties as to who would own copyright in the film footage. In the absence of an agreement, ownership was governed by the Copyright, Designs and Patents Act 1988, which states the first owner of copyright in a film is the producer and the principal director. It was held that the cameraman was the director (exercising creative control), and the skydiver was the producer (making the arrangements for the film). The court held the parties jointly owned copyright in the film footage. Both parties were therefore infringing copyright as they each reproduced the film footage without the consent of the other party. The case highlights the importance for colleges and universities to agree in writing the ownership of intellectual property rights when commissioning work. The full judgement is available on the BAILII website. JISC Legal provides guidance on copyright law: http://jiscleg.al/copyrightIPR.

Information in Private Email Account Disclosed Under FOI

A recent well publicised decision of the Information Commissioner has found that an email, although sent from a private email account, was held on behalf of the public authority for the purpose of FOI legislation. This meant that the information contained in it would require to be disclosed unless an exemption to disclosure applied. The ICO’s decision said that the nature of the email information in the private account would be a highly relevant factor in deciding whether it is held i.e the purpose of the email has to be considered and whether the majority of the contents comprise business information of the public authority as opposed to private or personal information of the email account holder. This decision has relevance to colleges and universities where a new staff member is employed on a temporary basis, e.g. to cover staff illness or his official work account is not yet available and a personal email account is being used for business purposes. The ICO has relevant guidance: Official information held in private email accounts in this area and it is suggested that public authorities should have internal procedures in place to deal with this situation should it arise.

Google not a Publisher for Blogging Purposes

The High Court recently ruled that the search giant Google wasn’t responsible for defamatory material posted on its blogging site. In his ruling the judge stated that, based on the evidence, Google’s role as a platform provider was purely a passive one therefore it was not liable at common law as a publisher. Further, in terms of the Defamation Act 1996, the judge also concluded that Google was not a publisher. Institutions who host email discussion groups, for example, may be considered secondary publishers, and depending on the circumstances, could be found responsible for defamatory comments posted using their service. However, such liability can be avoided if you can show that you acted as a mere conduit or caches or host of the material. It is therefore important for colleges and universities to keep up-to-date with the latest legal developments in this area. More details on this news story and access to the ruling can be accessed on the Out-Law website. JISC Legal has more information on this topic which you may also wish to access: http://jiscleg.al/LegalPositions

UK ISPs lose Digital Economy Act Appeal

BT and Talk Talk have lost an appeal over controversial measures to tackle copyright infringement online - a decision welcomed by rights holders. The internet service providers (ISPs) had argued the UK's Digital Economy Act was incompatible with European law and put an unfair burden on them to pay the costs of the rights-holders' crackdown on illegal downloading. The Act will mean ISPs will have to send warning letters to alleged illegal file downloaders, as well as potentially cutting users off. Further details are available on the BBC website. Also in the JISC Legal article - The Digital Economy Act 2010: Implications for UK Colleges and Universities (23/07/2010).

Stalking to Become a Crime

It is expected that David Cameron will announce this week his plans to make stalking a crime, with six months imprisonment and a £5000 fine for those found guilty of the offence. More serious cases could result in up to five years in prison and an unlimited fine. Last year, even though 786 were found guilty of stalking, only 170 were jailed. These statistics lead rights groups to claim that current legislation, the Protection from Harassment Act 1997, is not up to the job. In Scotland, stalking was recognised as a serious crime in 2010. The Guardian article will be welcomed by any staff or learners who have been subjected to stalking in an online or offline environment.

You Can Run But You Can't Hide Via Facebook

For the first time, the English High Court has held that Facebook can be used to serve a legal claim where one of the parties in a commercial action was difficult to locate. The Facebook account belonged to the party concerned and was known to be in use. In 2009 another High Court judge, Mr Justice Lewiston, permitted an injunction to be served on Twitter. The Telegraph article illustrates the growing acceptance of social networks as a vehicle for communication and emphasises the need for heightened privacy settings for staff and learners in FE and HE.

Google Implements New Privacy Policy

Google implemented changes to its privacy policy yesterday which mean that private data collected by one Google service can be shared with its other platforms including YouTube, Gmail and Blogger. The new privacy policy, which users cannot opt out of unless they stop using Google services, will enable Google to tailor search results and target users with advertising. The consolidated policy promoted by Google as being simple, clear and transparent is to be investigated by EU data authorities with respect to its compliance with EU data protection laws. The BBC News Story will be of interest to FE and HE institutions using or considering using Google services. JISC Legal has guidance on Data Protection http://jiscleg.al/DataProtection

University to Train all Staff in Data Protection

Durham University breached the Data Protection Act after disclosing personal information in training materials published on its website the Information Commissioner’s Office (ICO) has said. The personal data included details such as names, addresses and dates of birth of a number of former students and staff. As part of its remedial action the University has now committed to ensuring that all staff receive appropriate training on how to follow the organisation’s data protection guidance. It will also make sure that documents containing personal data will not be published on the University’s website. Investigations found that only around 20% of the university's staff had accessed the online training materials available to them. For FE and HE institutions this case highlights the importance of ensuring that all staff are made aware of the institution's personal data policies and are appropriately trained how to follow those policies. The details of the Durham University undertaking is available on the ICO website at - http://www.ico.gov.uk/news/latest_news/2012/university-published-personal-data-in-online-training-manual-01032012.aspx.

In this Newsletter:

Latest News

Our Training

Guidance

Latest Events

Contact Details

Subscription Details

 

Publications

Guidance that may be of interest to you ...

Publications this month include our

Legal Use of Mobile Technologies in FE and HE: a Checklist (14/03/12)

The most recent JISC Legal publications can be found at http://jiscleg.al/AllGuidance

 

Latest Events

Events that might interest you...

 

Cloud Computing and the Law Webcast (30 May 2012, 2pm)

This two hour JISC Legal webcast is designed to examine the legal challenges for colleges and universities that are considering the use of cloud computing services.

 

Our Training

JISC Legal Plus - Expert training in ICT law delivered direct to you

Do remember that we provide in-house training in ICT law. Our JISC Legal Plus trainers deliver staff development packages are designed to give you and your colleagues the legal understanding necessary for the digital age. Visit http://jiscleg.al/JISCLegalPlus

Contact Details

JISC Legal
Information Services Directorate
University of Strathclyde
Alexander Turnbull Building
155 George Street
Glasgow G1 1RD

0141 548 4939

feedback@jisclegal.ac.uk
www.jisclegal.ac.uk

JISC Legal is a JISC Advance service and is hosted by the University of Strathclyde,

a charitable body, registered in Scotland, with registration number SC015263.

Posted on 04/04/2012

Posted in: Newsletter