Copyright balance, technological protection measures, rights management information, and fair dealing

Copyright balance, rightsowners v usersThe law of copyright seeks to balance the interests of various members of the copyright community: the authors of copyright works, the big content companies to which they license or transfer their rights, and the societies which collect their royalties; platforms and intermediaries which facilitate online distribution of and access to copyright content; and users (whether individual, or heritage, or education, etc) who wish not only to use but to build upon existing works. Legislation such as the Copyright and Related Rights Act, 2000 [CRRA], and the InfoSoc Directive (Directive 2001/29/EC of the European Parliament and of the Council of 22 May 2001 on the harmonisation of certain aspects of copyright and related rights in the information society (OJ L 167, 22.6.2001, p. 10–19)), have sought to get these balances right, but are often criticised for failing to strike them in appropriate places. Again, it was a theme of Modernising Copyright (2013) (pdf, via here), the Report of the Copyright Review Committee [CRC Report], that reforms to the 2000 Act should balance the interests of all of the various members of the copyright community (full disclosure, I was the Chair of that committee). So, for example, in the context of technological measures for the protection of copyright or for the management of copyright information, the CRC Report recommended not only that the legal rules underpinning such measures be strengthened, but also that there would be a practical remedy where such measures operated to prevent someone from undertaking acts permitted by the exceptions provided in the copyright legislation. Shockingly, when the government came to legislate on foot of the CRC Report, in this area as in so many others, they ignored the carefully crafted balance drawn here between rightsowners and users. Instead, section 38 of the Copyright and Other Intellectual Property Law Provisions Act 2019 [COIPLPA], inserting a new section 377 CRRA, strengthened the position of rightsowners without any corresponding protections for users. And when it came time to implement the Digital Single Market Directive (Directive (EU) 2019/790 of the European Parliament and of the Council of 17 April 2019 on copyright and related rights in the Digital Single Market and amending Directives 96/9/EC and 2001/29/EC (OJ L 130, 17.5.2019, p. 92–125)), the minimal Irish implementation did not address any of the inadequacies in COIPLPA.

However, all may not be lost. In 1395804 Ontario Ltd (Blacklock’s Reporter) v Canada (Attorney General) 2024 FC 829 (CanLII) (31 May 2024) [Blacklock’s Reporter] (noted here by Michael Geist; picked up on Law360 and Slashdot), Roy J in the the Federal Court of Canada has effectively held that technological protection measures cannot defeat users seeking to rely on the exceptions provided in the copyright legislation. Blacklock’s Reporter [Blacklock’s] is an online news service, to which an officer of Parks Canada, a Canadian government agency, purchased a password-based subscription. She shared articles from the service with her colleagues, to conduct research, verify accuracy, and consider whether a response was required. Blacklock’s claimed that the sharing of the articles infringed their copyright, and that sharing a password was a circumvention of their technological protection measures contrary to section 41.1(1)(a) of the Copyright Act 1985 (as amended). The Attorney General (on behalf of Parks Canada) replied that the sharing of the articles did not infringe copyright as it amounted to fair dealing for the purposes of research, within the meaning of section 29 of the 1985 Act (as amended), and that Blacklock’s technological protection measures could not defeat the agency’s fair dealing. Roy J held that the agency did not infringe Blacklock’s copyright because it did indeed constitute fair dealing of the purposes of research (following a related earlier case of 1395804 Ontario Ltd v Canada (Attorney General) [2017] 2 FCR 256, 2016 FC 1255 (CanLII) (10 November 2016), and referring to the Supreme Court of Canada case of CCH Canadian Ltd v Law Society of Upper Canada [2004] 1 SCR 339, 2004 SCC 13 (4 March 2004)). He was slow to accept that, on the evidence, a password constituted a technological protection measure; but he concluded that, fair dealing and technological protection measures were meant to co-exist in some harmony so long as the dealing is fair, and that such measures cannot negative fair dealing. Geist draws two conclusions:

First, rights holders cannot merely rely on password protecting their works in order to qualify for the anti-circumvention rules in the Copyright Act. That does not mean their works are not protected by copyright. They clearly still are. However, it does mean that if they seek the rely on anti-circumvention legislation, the technological protection measure must be a technology, device or component that must be effective in controlling access to the work or restricting the doing of some act. That isn’t a password.

Second, fair dealing still applies even in cases involving the anti-circumvention provisions. For years, many have argued for a specific exception to clarify that circumvention was permitted for fair dealing purposes, essentially making the case that users should not lose their fair dealing rights the moment a rights holder places a digital lock on their work. The Federal Court has concluded that the fair dealing rights have remained there all along and that the Copyright Act’s anti-circumvention rules must be interpreted in a manner consistent with those rights. The case could still be appealed, but for now the court has restored a critical aspect of the copyright balance after more than a decade of uncertainty and concern.

On the other hand, Blacklock’s shareholders said the “biggest corporation in the land, the Government of Canada, gained new powers to steal from the littlest publisher”; Tom Korski, Managing Editor of Blacklock’s, said the Roy J effectively sanctioned “electronic shoplifting”; and Holly Doan, publisher/owner of Blacklock’s, said they “are concerned about widespread rip-offs following this ruling”. Catherine Swift adds that it is a “foolish” decision that “cannot possibly” be allowed to stand; Neil Turkewitz called the decision “plain crazy” and “truly bad public policy”; and Peter Varley rolled out the tired (misquoted) Dickensian trope that he “can smell when the law is an ass”. More prosaically, Barry Sookman said that the case was “riddled with flaws”; I look forward to his blogpost on this point.

Meanwhile, David Hamer said that “the judge’s close analysis of the evidence (and lack thereof) and precedent law provides a complete answer” to Blacklock’s objections. Howard Knopf adds of the decision that “its correctness and common sense are commendable”. And Michael Geist replies that the “court doesn’t permit unlimited sharing of passwords. What it does is rightly restore the copyright balance by ensuring fair dealing is still considered when digital locks are used to limit user rights”.

CRC Report Cover (Thumbnail)There are at least two significant lessons for Irish law to be drawn from Blacklock’s Reporter. The first concerns the text of the legislation relating to circumvention of technological protection measures. In Canada, section 41.1(1)(a) of the Copyright Act 1985 provides that it is an infringement to “circumvent” technological protection measure (emphasis added), whereas in Ireland, section 377 CRRA (as inserted by section 38 COIPLPA) provides that it is an infringement to “remove or alter” rights management information (emphasis added). To “circumvent” seems to encompass more devices or techniques than merely to “remove or alter”. Moreover, there is a difference between “technological protection measures” and “rights management information”. For example, section 370 CRRA makes circumvention of rights protection measures a criminal offence, and the CRC Report recommended that it should also amount to a civil infringement of copyright. In particular, section 10 of the draft Bill in the CRC Report provided that it would infringe copyright to “circumvent[] … rights protection measures in a work”. Section 376 CRRA also makes the removal or alteration of rights management information a criminal offence. The CRC Report’s recommendation in respect of the circumvention of rights protection measures was referred to in the context of this section, but we did not explicitly provide in section 10 of our draft Bill that the removal or alteration of rights management information should also amount to a civil infringement of copyright. In retrospect, I think we could have been clearer, and that we should have explicitly provided for this in section 10 of our draft Bill. Hence, we recommended that the circumvention of rights protection measures should amount to a civil infringement of copyright, but we were unnecessarily silent on the question of whether the removal or alteration of rights management information should also amount to the same thing. We should have explicitly said that the circumvention of rights protection and the removal or alteration of rights management information should both amount to civil infringements of copyright. I regret that we did not. In the event, COIPLPA does the converse: section 377 CRRA, as inserted by section 38 COIPLPA, provides that the removal or alteration “rights management information” amounts to a civil infringement of copyright, but it is silent on the question whether the circumvention of rights protection measures should also amount to the same thing. This is unfortunate. Since many devices or techniques remove or alter “rights protection measures” without in any way removing or altering “rights management information”, the latter is at best a subset of the former. From the perspective of the rightsowners, of course, some protection is better than none, and it is more than had been provided for in the CRRA before COIPLPA. Nevertheless, COIPLPA should have gone further: it too should have explicitly provided that the circumvention of rights protection and the removal or alteration of rights management information should both amount to civil infringements of copyright. I regret that it does not. Overall, then, the Irish civil remedies are far less than those provided for in Canada, because the Irish remedies are for “removal or alteration” rather than “contravention”, and they are for the removal or alteration of “rights management information” rather than of “rights protection measures”.

Data security technology template vector with shield iconThe second lesson for Irish law that can be drawn from Blacklock’s Reporter concerns the exercise of exceptions and limitations upon technological protection measures. In Ireland, the matter is covered by section 374 CRRA:

(1) Nothing in this Chapter shall be construed as operating to prevent any person from undertaking the acts permitted
(a) in relation to works protected by copyright under Chapter 6 of Part II,
(b) in relation to performances, by Chapter 4 of Part III, or
(c) in relation to databases, by Chapter 8 of Part V,
or from undertaking any act of circumvention required to effect such permitted acts.

The references to the other Chapters are to the provisions relating to exceptions to and limitations upon copyright, performance rights, and database rights. It was the absence of any equivalent provision in Canadian law that led Roy J in Blacklock’s Reporter to consider the impact of the fair dealing for research exception itself upon the anti-circumvention provisions, and he held resoundingly that the latter could not frustrate the former. Conversely, this provision forecloses any of the criticisms that have been levelled at that decision. However, in Ireland at the moment, as explained above, circumvention has criminal but not civi consequences. It was suggested above that circumvention should also amount to a civil infringement of copyright. If and when the law is amended in this respect, section 374 should apply to such civil claims. If there is any ambiguity in the application of section 374 CRRA, then Roy J’s reasoning in Blacklock’s Reporter suggests that it should be resolved in favour of the user. Moreover, we have also seen above that, by virtue of section 377 CRRA as inserted by section 38 COIPLPA, the removal or alteration of rights management information not only has criminal consequences but also amounts to civil infringements of copyright. But there is no equivalent of section 374 in this context. If and when the law is amended, an equivalent to section 374 should provide that nothing in the CRRA chapter on rights management information should be construed as operating to prevent any person from undertaking any of the exceptions or limitations provided by CRRA. In the interim, the application by analogy of Roy J’s reasoning in Blacklock’s Reporter to this context suggests that the CRRA chapter on rights management information should not be allowed to frustrate the exercise of the exceptions or limitations provided by CRRA.

Section 374 provides no remedy where technological protection measures in fact prevent a person from undertaking any exception or limitation permitted by the CRRA. In the UK, section 296ZE of the Copyright, Designs and Patents Act 1988 (as inserted by the Copyright and Related Rights Regulations 2003 (SI No 2003 of 2498)) provides an elaborate remedy, such that, where technological protection measures prevent a user from performing an exception, the user can complain to the Secretary of State, who can give directions to resolve the issue. Broadly adopting the structure, though not all of the intricate detail, of section 296ZE CPDA, the CRC Report recommend that a similar remedy should be added to section 374. Sadly, this was omitted from COIPLPA. If and when the law is amended as suggested above to provide for an equivalent of section 374 in the context of rights management information, that equivalent should be built on section 374 as amended along the lines suggested here.

There is, therefore, much unfinished business relating to technological protection measures and rights management information at Irish law. Some of the issues may be resolved by analogy with Blacklock’s Reporter. But comprehensive statutory reform is needed, to ensure that the balance between rightsowners and users in this context is struck in the appropriate place. Such reform cannot come quickly enough. But I’m not going to hold my breath. Meanwhile,