LegalIssues
From MashupCamp
Discussion on IP - what is IP - Pal gives an overview for UK. Paul M (solicitor from the UK - IP speciality) led the conversation. Lots of folks contributed. Brought up a minefield of issues. Clare Dillon took notes and apologises if they don't make sense - please feel free to add it your own comments and improve them!
Attendees: Paul M John Sheridan Clare Dillon Milton Case (please add your own name)
Notes:
IP allows you to protect intangible stuff - but you can't protect ideas (e.g. the da vinci code case) - but you can trademark formats - difficult though.
trademark - you register a trademark for certain goods and services
if your name was mr apple - you'd have to be pretty famous to be able to protect your mark - difficult if you have a generic name.
If you had a mashup - how could you protect your format? If you had a yahoo pipe with steps - you are making money - someone comes along and uses exactly the same steps. But Yahoo pipes wants you to do that - you clone an existing one and add on
A lot of this will be contained within the terms and conditions of each service provider. E.g. Flickr has creative commons built in - gives people control over what they want to do with it. You have choices over how people can use it. IBM? If IBM had hosted services - they would have t&cs (there is an alpha version with loads of disclaimers) - it's the person who make them available to people who have to make the T&cs
Interesting - people doing screen scraping or publishing RSS feeds - if they give permission to read, do they give permission to republish?
People tend to use standard T&Cs copied from other sites. Often say you can use it in your own web site - but not use it elsewhere. Creative commons you can search for photo, music and text. You may see something like that develop for feeds of data - what can I use in non-commercial basis etc.
In the case where someone A scrapes a site and extracts data, then provides a service and someone B then unknowingly uses it in their mash up - both A & B are liable and could get sued. Onus is on B to check where data is coming from.
Yahoo news - all automated - if you comply with l millenium copyright act - notice and take down terms and conditions - you can automatically gather the data feeds as long as you take them down when notice is served. Same available in EU - ecommerce regulations.
Fair use tersm and conditions too - ok if you are using data to parody, but not if you were using it for commercial reasons.
What are common catch-outs - people are relying on exemptions of the regulations - e.g. exemption available if you can show you are hosting, caching or acting as a conduit (without knowledge of what's happening on your site). But the jury is out here on some of these things (needs more definition) - re. the google/YouTube case in the US.
Commonly thought to be a turnaround of 2/3 days required to be in compliance with the notice and take down process.
When you are in the US - CA there is a lot of activity around drafting some laws for the IT.
So what happens if you say your site is only for use in the US - but someone else uses it? E.g. defamation law - one of the big newspapers in New York and was sued for defamation in Australia - and Australia courts accepted jurisdiction. A website can A relationship between the provider and user can state under which jurisdiction they are operating. But not all terms are enforceable.
In ireland - there is some content not allowed to make available in Ireland - but if you host in the US, and someone views in Ireland - that's ok! Paul: You can't rely on that - a judge will see through it - so you have to be careful.
With mashups - you can personalise a lot of the apps- e.g. track cellphone usage - will this be a bigger issue moving forward? Paul: a lot of social networks, people giving info away - but people getting burned and a lot of people closing down their pages (e.g. facebook). There are human rights that can be applied to your info - you can expect your info to be private - so there are good arguments that people can't take that and use it indiscriminately. But if you put up your phone number and say 'give me a call' you waive your rights. And there are a lot of judges who are not very well versed with technology.
Which jurisdiction should you choose if you do? English courts are pretty well respected - similarly in the US - you want a jurisdiction where there is a good legal system who will back you up.
Do you have to be a legal entity in the jurisdiction that you choose? you could choose to use French law if you have French clients - for example - Turkish clients can use English laws. (Though perhaps there is something in Irish law which makes this is the case). There was one example int he room with an Irish company who can trade under T&Cs with where the client is. But there are examples of greek and russian companies working together and using English jurisdiction. Once both parties acknowledge it seems to work...
Defamation law is going to be governed in the country where it hits. Particularly if the contract is silent about it. Then you look at where the damage occurs. There are already sites which are blocked - e.g. Universal film downloads counldn't be accessed by the UK because it wasn't licensed for there...
A question came up about the Serena platform - they are going to host services and make money from that. If people create a service, can they take it off without any considerations? Someone buys the idea of your service? Serena doesn't own the idea or IP - it resides with the creator. Challenge for Serena is how to provide template protection. Facebook is a model that uses a double contract presentation. IP has to belong to the masher.
For example, you go to Facebook app, and want to use the ilike or whatever - when you download that app - you are presented with 2 contracts - one from facebook (spercedes all tersm) second if from app provider to you. It allows Facebook not to examine contract of masher or consumer - but masher can add additional terms. But Most jurisdicition have concept of 'offer' - but someone in Russia doesn't have to comply!Huge issue is that there are some cases where you can't enforce T&Cs.
In webs T&Cs - you can write whatever you want, but doesn't necessarily mean they can be held as binding.
In UK - there have been cases recently where consumers have said terms are unfair and they have won.
Note that you can't hide your terms in 8pt script - there is a duty on you as a provider to make it clear. Ie Consumers can argue that certain clauses are illegal because they have been hidden. However, you could sue though (and perhaps lose).
Upshot: If you are creating a mashup for commercial use - you have to carefully read the service providers to make sure you are ok!
Can you change how you use data you gather? If you have a notification clause - if not you can't without breaking T&Cs with your users.
For personal data - ownership is a little difficult. Most terms around processes. For example - people have rights to know what is being done with their personal data - how is it being used. You can access it - they control it. And they have certain liabilities associated with that. They have to get consent to make certain use of it.
With an API - if you are sucking down data and use it out of context (e.g. AIM users)
One big issue - all cool if you are over 18 - but for folks under 18 - whole load of other issues. Need to think about legally about over 18 content. E.g. Facebook can shut you down without notice as data controller if you are doing anything dodgy.
In Irish law the data processor (how it is kept) is different to data controller (how it is used) .
Starting out need ot ask yourself - where are your users? Are there trade treaties with other countries under which you can be brought to court and touched by laws in the US/UK for example - you can be made responsible for damages from other jurisdictions.
Once you have liabilities against you in the US - they can certainly come over and try to enforce that through the Irish courts. Issue is around can someone buy something from you or close you down? E.g. if your data is hosted in the US - access restricted Copyright issue important - data from ad driven site - what happens if you suck in data and republish.
If you are using someone's RSS feeds - and they say 'I don't want it used in your mash-up' - they need to contact you and tell you that. Look at the blog world (track backs etc.) - a lot of history. In mashups - is there a way to build up list of credits - would that be good practice. If you sucked in google search - to drive something else... but
Is there a website like 'ad aware'? where you can learn more about where your search data is being used.
Using mashups for financial tradings a no-no until they resolve the idea of knowing where the data is coming from (frames doesn't give you the URL check). Rely on the user understanding lack of info - and what that means. Each country has different requirements for age verifications. Are there best practices for age verification? What is happening in CA? Look at the legislation, e.g. the governer's page - e.g. privacy policies - forward thinking in this space.
Until you solve the authentication issue - trust - a lot of these issues will persist. Issues will become more exaggerated with iphones.
How much effort do these sites behind the scenes to check this? Is facebook checking which highschool you go to and whether your age 'makes sense'? And swtiching off accounts if they don't. Attorney General did set up dummy sites of kids and sent 'mothers' to complain to see what facebook would do - they did nothing - so they were sued - but now dropped because Facebook agreed to implement processes.
Xbox live another issue.
Hopefully - this will be part of the curriculum - safety online. We will all have two identities in the future - that comes with responsibilities.
Large companies - mashup tools vendors - are going to put money behind how to get into their tools - because these issues will have to get solved before people will use them (e.g. double contracts processes) But what about the folks outside these tools - does each individual have to go consult an international lawyer?
Will some site crop up with best practices - hopefully!!
There are already kids writing mashups - people who are offering data - need to give a little more advice and feedback on how to use their data!!
Is there any way to put copyright info on the data you own? For example - what if the police wanted to protect data about crimes (to stop revenge crimes maybe?)
Step 1 - some kind of terms. Step 2 - Terms are somehow agreed with before data is used. Terms that are considered reasobnable in your country. Or for example send an email to verify you are you. Should enforce a click through with T&Cs Step 3 - Use something like adobe DRM or PDF.
But there are guys who can take anything on your screen - and if it comes across the wires - they'll mash it up!
