Welcome to the April 2012 JISC Legal Monthly Newsletter (No 81) and a Happy Easter to all! This month's news includes items on Google privacy, Twitter and data protection breaches.
For anyone who missed our Mobile Technologies and the Law webcast the recordings will be available shortly. Thank you to everyone who completed our webcast feedback form. The lucky winner of the Kindle 3G is Marc Bennett from Newcastle University.
JISC Legal Plus continues to offer great value expert
in-house training on FOI, copyright, data protection and e-safety to colleges and universities. If your institution is looking for relevant sector-specific expertise in these significant areas then our on-site staff development packages are for you. Find out the details of JISC Legal Plus at – http://jiscleg.al/JISCLegalPlus
True Cost of FOI Requests Published
JISC infoNet has announced the results of its recent research project aimed at discovering the true cost to an HE institution of processing an FOI request. The project tracked 36 requests received by seven HEIs from across England and Scotland during January 2012. As a result of the data generated by this project it was determined that the average FOI request costs a university £99 to process rising to £121 when salary on costs are added and takes an average of 5 hours 2 minutes to complete. Extensive analysis of the data provides further information on the salary grades of staff involved, how much each stage of the process costs and compares the experiences of different institutions responding to the same ‘round robin’ requests amongst much more. Further details on the JISC infoNet website.
Turning a Resource into an Open Educational Resource (OER)
The OER IPR Support Project has created an animated film illustrating the steps involved in embedding open licences in educational resources and some of the associated IPR issues. This resource will be of interest to staff in colleges and universities involved in creating open educational resources.
Implementing the Cookies Regulations - Public Sector Guidance
Solutions to Simpler Copyright Licensing Sought
The need for simpler copyright licensing in the world of digital media has been identified in the Digital Copyright Exchange Feasibility Study Phase 1 diagnostic report published on 27 March. There is also a recognition that educational establishments have to deal with a particularly complex matrix of licences. The final report is due to be issued in July 2012. Scotland’s Colleges were amongst the organisations who responded to the January 2012 call for evidence. Phase two of the study is due to begin in April and is tasked with looking at a range of possible solutions to the problems identified including a Digital Copyright Exchange. This will culminate in a final report expected in July.
Twitter Comments Lead to Jail Sentence
A student who admitted posting racially offensive comments on social networking site, Twitter, has been sentenced to 56 days imprisonment. The student admitted inciting racial hatred over the remarks that he made which left the judge with no alternative other than to impose an immediate jail term. This news story highlights to colleges and universities the potential seriousness of the sending of illegal messages, even through something as 'frivolous' as Twitter, which can ultimately result in imprisonment. More details on this story are available from the BBC website.
Successful Twitter Libel Case
A former cricketer has been awarded damages of £90,000 plus legal costs by the High Court, in England, after suing over a defamatory tweet alleging that he was involved in match-fixing. The judge said that "it is obvious that an allegation that a professional cricketer is a match-fixer goes to the core attributes of his personality and, if true, entirely destroys his reputation for integrity". This news story serves as a reminder to those working in FE and HE on the potential dangers of using social network sites to disseminate comments that may be construed as defamatory. More details on this news item are available from the BBC website. For more information on defamation or indeed Web 2.0, then please visit the JISC Legal website.
Negligent Employees and Contractors Cause Most UK Data Breaches
Symantec, a security research company, has produced a report focusing on the causes of UK data breaches. It concluded that 36 UK firms notified the Information Commissioner in 2011 because of data breaches and 36% of those had come about as a result of ‘a negligent employee or contractor’. The other breaches were due to ‘system glitches’ and malicious or criminal attacks, 33% and 31% respectively. The Out-Law article is a useful reminder to institutions to ensure data security measures, policies, processes and training are robust and up to date. For more information on your legal obligations in collecting and processing personal data, please refer to the JISC Legal website. http://jiscleg.al/DataProtection
Security and the Cloud - Networkshop 40 York
JISC Legal is contributing to the Security and the Cloud session at Networkshop 40 in York on Thursday 5th of April at 9.00am. Networkshop is a technical conference for staff in education and research. This session will highlight the legal changes taking place that concern those providing computing solutions for colleges and universities. It will examine the areas including responsibility for ‘personal data’ in the cloud, the new EU Data Protection Directive - enhanced rights for individuals and tough penalties for non-compliance, privacy - the right to be forgotten and cookies – new consent requirements. The session is designed to indicate what the legal obligations are for institutions and to assist how to stay legally compliant and ensure that legal issues don’t hinder innovation in cloud computing.
Orphan Works Reforms Developing
The EU Parliament’s Legal Affairs committee has voted in favour of reforming copyright legislation in order to make available ‘orphan works’ in online archives. Further, the committee voted to backdraft legislation that would allow institutions to digitise works, if following a ‘diligent’ search, the rightsholder could not be identified or located. Such a change in the law would enable the use of archive material that would previously not have been permitted to be used because of doubt about ownership. More details on this news story are available on the Outlaw website.
ECJ Ruling on 'Communication to the Public' Muddies Copyright Waters
The European Court of Justice concluded that ‘communication to the public’ did ‘not cover the broadcasting, free of charge…within dental practices engaged in professional economic activity…for the benefit of patients…without any active choice…’ In this case a licence was not required as patients were not considered a ‘public’ but rather a ‘determinate circle’ and insignificant number. The broadcast was in no way related to treatment or income of the dentist and customers were not receptive to the broadcast itself. So, playing background music free of charge in this case was not subject to any additional licence fee. The court differentiated this case with a recent decision involving a hotel operator, where the communications reached a ‘new public’, a ‘fairly large number of persons’ and resulted in economic benefit. The judgment and Out-Law article will be of interest to institutions, particularly with reference to the legal definition of ‘public’, although unlikely to affect current practice where institutions are required to hold PPL and PRS licences.
Cookies, Consent and Behavioural Advertising
The World Wide Web Consortium (W3C)’s Do Not Track proposals (DNT) are “one of the most promising initiatives” to make behavioural advertising comply with European laws on data protection and cookies. This is the opinion of the Article 29 Working Party (WP29) expressed in a letter to advertising bodies on 1 March 2012. According to the WP29, Do Not Track settings in a browser must mean that users are no longer tracked, instead of just not being shown targeted advertisements. Consent can only be provided if users of all browsers have made an active and informed choice to allow or disallow tracking. W3C plans to publish the detailed Do Not Track standards by June 2012. This development is a step towards standards that will enable a user's browser settings to be used to manage consent to cookies. It is likely though that a website will have to treat a browser that doesn’t support DNT or whose user decided to ignore the selection screen, as having chosen not to be tracked. Further details can be found on the Regulatory Developments blog.
US Extradition of Student for Copyright Infringement Approved
Home Secretary Teresa May has approved the decision to extradite a student accused of copyright infringement to the US. Richard O’Dwyer faces charges of copyright infringement related to providing links to copyright infringing material. He is accused of providing links to film and TV clips via his website TVShack. This case highlights the risks in providing links to copyright infringing material, and although the case hinges on the United States' law rather than our own, there will nonetheless be risk. This is particularly so where links are systematically provided, and where their provision has a commercial aspect, such as revenue earning through advertising which the US Immigration and Customs Enforcement claim is the case here. Further details are available from Out-Law.com. JISC Legal provides resources on copyright to aid colleges and universities in raising student and staff awareness of copyright law.
Recent ICO Conference Papers Now Available
For those who were not at the recent ICO Data Protection Officer Conference on 06 March 2012 the ICO has helpfully made the presentations and papers available on their website. Of interest to those responsible for data protection in colleges and universities include the slides on cloud computing, and a paper on recent tribunal case law focussing on the meaning and extent of personal data and its disclosure. There is also information on what a data controller should do if a data breach occurs, on reporting an incident, and what to expect from the ICO in his investigatory process. The conference papers are available on the ICO website. JISC Legal has a Cloud Computing and the Law Toolkit looking at cloud computing in an FE and HE context and also FAQ’s and other guidance available from the data protection area of our website.
Call to Implement Text Mining Exception to Copyright
Changes to copyright law could enable researchers in UK universities to gain new knowledge that would otherwise remain undiscovered. This is one of the findings of the JISC report "Value and benefits of text mining". In order to be ‘mined’, text must be accessed, copied, analysed, annotated and related to existing information and understanding. Even if the user has access rights to the material, making annotated copies can be an infringement under current copyright law without the permission of the copyright holder. Introducing an exception to support text mining and analytics for non-commercial research as recommended by the Hargreaves Review could facilitate wider access to currently inaccessible information and enable academic institutions to realise economic and research benefit, the report states.
Unencrypted Memory Sticks Result in Data Protection Breach
A Scottish charity was found to have breached the Data Protection Act following the theft of unencrypted memory sticks and papers containing personal data from an employee's home. The ICO investigation found that the charity had no specific guidance for home workers on keeping personal data secure, and portable media devices used to store sensitive personal information were not routinely encrypted. The decision is a reminder to FE and HE institutions of the importance of having in place policies and procedures for employees working from home. The decision is available on the ICO website. For further information regarding security, mobile devices and data protection refer to JISC Legal's guidance paper. http://jiscleg.al/SecurityMobileDevicesandDP
Universities Bridging the Gap between Innovation and Industry
Thirteen UK universities have been awarded more than £750,000 to support projects that are helping to develop new ideas from the drawing board into the market place. Awards within the 2012 Fast Forward Competition are designed to improve the management of intellectual property and knowledge exchange and encourage innovative approaches to knowledge transfer from university research to real world products and services. Further details of the awards are available on the Intellectual Property Office website. Guidance and information for FE and HE institutions on the management of intellectual property is available in the knowledge exchange section of the JISC Legal website.
JISC TechDis Simple Copyright Consultation Guide
In order to promote participation and to simplify matters concerning the on-going consultation on proposals to amend the UK’s copyright system, JISC TechDis has worked with experts within the field to produce their simple ‘How to’ guide. The guide aims to help and support those seeking to respond to the consultation quickly and intelligently paying particular attention to the five key areas of the consultation that have the most impact or opportunity for disabled people. Those from FE and HE keen on taking part in the consultation may wish to refer to this guide for assistance. The consultation closes on 21 March 2012. More details on this story and access to the guide are available on the JISC TechDis website.
Google Privacy Row Rumbles On
Failed Pupils' Photos on Show in School Canteen
Thirty pupils who failed to meet GCSE targets had their photos and names posted onto a wall of a school canteen. The Daily Mail article states that both parents and pupils found the ‘rogue’ gallery to be humiliating and a way to bully children to achieve higher grades. The gallery has since been removed and Chris Harris, head of Larkmead School in Abingdon claims the intention was to support and help pupils. Institutions are reminded to consider carefully data protection law when posting photos, grades or other identifiable information on notice boards or online. For more information on data protection, refer to our JISC Legal guidance http://jiscleg.al/dataprotection
Skydiver Lands in Court
The Patents Court recently confirmed that copyright in a film will be jointly held by the producer and the principal director unless there is an agreement to the contrary. A skydiver engaged a cameraman to film a tandem sky dive over Mount Everest, and then used the footage in a documentary broadcast on Danish television. The cameraman used footage in a YouTube video, and each claimed the other’s use was infringing. The court found there was no agreement between the parties as to who would own copyright in the film footage. In the absence of an agreement, ownership was governed by the Copyright, Designs and Patents Act 1988, which states the first owner of copyright in a film is the producer and the principal director. It was held that the cameraman was the director (exercising creative control), and the skydiver was the producer (making the arrangements for the film). The court held the parties jointly owned copyright in the film footage. Both parties were therefore infringing copyright as they each reproduced the film footage without the consent of the other party. The case highlights the importance for colleges and universities to agree in writing the ownership of intellectual property rights when commissioning work. The full judgement is available on the BAILII website. JISC Legal provides guidance on copyright law: http://jiscleg.al/copyrightIPR.
Information in Private Email Account Disclosed Under FOI
A recent well publicised decision of the Information Commissioner has found that an email, although sent from a private email account, was held on behalf of the public authority for the purpose of FOI legislation. This meant that the information contained in it would require to be disclosed unless an exemption to disclosure applied. The ICO’s decision said that the nature of the email information in the private account would be a highly relevant factor in deciding whether it is held i.e the purpose of the email has to be considered and whether the majority of the contents comprise business information of the public authority as opposed to private or personal information of the email account holder. This decision has relevance to colleges and universities where a new staff member is employed on a temporary basis, e.g. to cover staff illness or his official work account is not yet available and a personal email account is being used for business purposes. The ICO has relevant guidance: Official information held in private email accounts in this area and it is suggested that public authorities should have internal procedures in place to deal with this situation should it arise.
Google not a Publisher for Blogging Purposes
The High Court recently ruled that the search giant Google wasn’t responsible for defamatory material posted on its blogging site. In his ruling the judge stated that, based on the evidence, Google’s role as a platform provider was purely a passive one therefore it was not liable at common law as a publisher. Further, in terms of the Defamation Act 1996, the judge also concluded that Google was not a publisher. Institutions who host email discussion groups, for example, may be considered secondary publishers, and depending on the circumstances, could be found responsible for defamatory comments posted using their service. However, such liability can be avoided if you can show that you acted as a mere conduit or caches or host of the material. It is therefore important for colleges and universities to keep up-to-date with the latest legal developments in this area. More details on this news story and access to the ruling can be accessed on the Out-Law website. JISC Legal has more information on this topic which you may also wish to access: http://jiscleg.al/LegalPositions
UK ISPs lose Digital Economy Act Appeal
BT and Talk Talk have lost an appeal over controversial measures to tackle copyright infringement online - a decision welcomed by rights holders. The internet service providers (ISPs) had argued the UK's Digital Economy Act was incompatible with European law and put an unfair burden on them to pay the costs of the rights-holders' crackdown on illegal downloading. The Act will mean ISPs will have to send warning letters to alleged illegal file downloaders, as well as potentially cutting users off. Further details are available on the BBC website. Also in the JISC Legal article - The Digital Economy Act 2010: Implications for UK Colleges and Universities (23/07/2010).
Stalking to Become a Crime
It is expected that David Cameron will announce this week his plans to make stalking a crime, with six months imprisonment and a £5000 fine for those found guilty of the offence. More serious cases could result in up to five years in prison and an unlimited fine. Last year, even though 786 were found guilty of stalking, only 170 were jailed. These statistics lead rights groups to claim that current legislation, the Protection from Harassment Act 1997, is not up to the job. In Scotland, stalking was recognised as a serious crime in 2010. The Guardian article will be welcomed by any staff or learners who have been subjected to stalking in an online or offline environment.
You Can Run But You Can't Hide Via Facebook
For the first time, the English High Court has held that Facebook can be used to serve a legal claim where one of the parties in a commercial action was difficult to locate. The Facebook account belonged to the party concerned and was known to be in use. In 2009 another High Court judge, Mr Justice Lewiston, permitted an injunction to be served on Twitter. The Telegraph article illustrates the growing acceptance of social networks as a vehicle for communication and emphasises the need for heightened privacy settings for staff and learners in FE and HE.
University to Train all Staff in Data Protection
Durham University breached the Data Protection Act after disclosing personal information in training materials published on its website the Information Commissioner’s Office (ICO) has said. The personal data included details such as names, addresses and dates of birth of a number of former students and staff. As part of its remedial action the University has now committed to ensuring that all staff receive appropriate training on how to follow the organisation’s data protection guidance. It will also make sure that documents containing personal data will not be published on the University’s website. Investigations found that only around 20% of the university's staff had accessed the online training materials available to them. For FE and HE institutions this case highlights the importance of ensuring that all staff are made aware of the institution's personal data policies and are appropriately trained how to follow those policies. The details of the Durham University undertaking is available on the ICO website at - http://www.ico.gov.uk/news/latest_news/2012/university-published-personal-data-in-online-training-manual-01032012.aspx.