Web 2.0 and legal issues factsheet
From Digipedia
| How useful is this article to you? 1 (not useful) - 5 (very useful) |
| Current average rating: 0 |
| Please login or create an account to rate this article |
OVERVIEW
There are many legal issues that need to be addressed by public sector bodies when dealing with digital content, the risk of which increase with Web 2.0 engagement. These issues include defamatory, race hate, terrorist-encouraging and pornographic materials being posted, identity theft and privacy/data protection.
This article is the Web 2.0 and Legal Issues Factsheet. It is based upon a similar document created by the JISC funded Web2Rights Project and adapted for Strategic Content Alliance sponsors and other organisations across the public sector. It is designed to form part of a toolkit that can be further adapted to suit specific requirements and issued to content creators and content users across the public sector who are responsible for rights management and rights clearances. The Factsheet provides a brief overview of some of the other types of legal issues that public sector bodies may encounter when engaging with digital content.
Data Protection
If you are dealing with information about individuals then you will need to consider the Data Protection Act 1998. This Act applies to personal data about living, identifiable individuals. Thus, if you collate information about users (for instance people contributing to a wiki), which might include personal details such as name and e-mail address, then the Data Protection Act will apply. The Act imposes obligations on the data controller. A data controller is the organisation that makes the decisions as to how and why personal data is to be processed. Processing data includes reading, using, amending, storing and deleting the data. Even where the information is passed to a third party to be processed, the data controller will remain liable for the obligations under the Data Protection Act where the controller is the entity that specifies what should be done with the data during processing. If you use, store and/or delete information about the users then it is likely you fall under the definition of data controller.
Data Protection Principles
The Act requires the data controller to act in accordance with eight principles:
- Personal data shall be processed fairly and lawfully
- Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
- Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
- Personal data shall be accurate and, where necessary, kept up to date.
- Personal data processed for any purpose or purposes shall not be kept for longer than is *necessary for that purpose or those purposes.
Personal data shall be processed in accordance with the rights of data subjects under this Act.
- Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
- Personal data shall not be transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
Sensitive Personal Data
Where personal data is ‘sensitive’, then the data controller has additional responsibilities. Data becomes sensitive if it includes any of the following types of information about an identifiable, living individual:
- racial or ethnic origin
- political opinions
- religious beliefs
- trade union membership
- physical of mental health
- sexual life
- commission of offences or alleged offences
In general, consent to processing such data can only be granted with explicit written consent of contributors obtained before processing the data. Any plan developed for the purposes of defining the organisation’s copyright strategy can be used to define a data protection strategy. Most useful Data Protection Compliance Check List retrieved from Web2Rights
Freedom of Information
Public sector bodies are subject to the Freedom of Information Act 2000 (or, for Scottish-based institutions, the Freedom of Information (Scotland) Act 2002). This requires institutions to have adopted a publications scheme, giving details of routinely produced information and how it may be obtained, and it requires institutions to supply information upon request (subject to certain exceptions).
Further information on the Freedom of Information legislation is available in the JISC Legal Freedom of Information Overview paper and the JISC Legal Essentials paper
Accessibility
Accessibility laws are in place to ensure that services are accessible by users with disabilities. The Disability Discrimination Act 1995 (as amended by the Special Educational Needs and Disability Act 2001) requires service providers (including those offering education services) to ensure the accessibility of their services by users with disabilities. This includes a proactive duty to consider accessibility, and a requirement to make reasonable adjustments where necessarily to allow access. Although the legal duty applies in relation to users with disabilities, accessibility should be seen in a positive light as benefiting all.
Prevention of Terrorism
The Terrorism Act 2006 aims to outlaw incitement to terrorist activities and will include incitement through websites and email communications and is of relevance to the educational sector. The Terrorism Act 2006 contains a comprehensive package of measures designed to ensure that the police, intelligence agencies and courts have the tools they require to tackle terrorism and bring perpetrators to justice. Although not specifically information technology related, new criminal offences have been created including:
- Acts Preparatory to Terrorism
- 8Encouragement to Terrorism
- Dissemination of Terrorist Publications
- Terrorist training offences
Many of these crimes may be committed or facilitated by computer use and public sector bodies should play their part in ensuring that such crimes are not committed or facilitated on their computer systems. Reporting suspicious activity to the police is essential. Universities and colleges are being urged by the UK government to take seriously the problem of extremism on their campuses. Practical guidance has been issued which points out universities and colleges responsibilities within the law and clarifies the legal position.
E-Security
This is generally taken to mean the laws and technologies involved in keeping information secure. Issues that may arise and their relationship to specific legal regulations include:
- The lawful interception of data under controlled conditions (The Regulation of Investigatory Powers Act (2000) and Regulation of Investigatory Powers (Scotland) Act (2000) (RIPA) and the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 (Lawful Business Regulations))
- Security of personal data (Data Protection Act 1998);
- Regulating the information to be made available via cookies and other tracking devices (The Privacy and Electronic Communications (EC Directive) Regulations 2003 (the Anti-Terrorism Crime and Security Act 2001)
- Also of relevance are the Prevention of Terrorism Act 2005 and the Terrorism Act 1996 (which permit orders to be made in specified circumstances prohibiting the use of inter alia the Internet), and the Human Rights Act 1998.
Incitement of Racial Hatred
Inciting either racial or religious hatred is a criminal offence. Publishing and disseminating online materials that are likely to incite such hatred is also a criminal offence. As corporate entities, public sector bodies have a responsibility not to publish and disseminate racist materials in any format including electronically. As well as the likely reputational damage, public sector bodies have a general statutory duty under The Race Relations Act 1976 (as amended), in carrying out their functions, to consider the need to eliminate unlawful discrimination and to promote equality of opportunity and good relations between people of different racial groups. Incitement to racial hatred is governed by section 21 of the Public Order Act 1986, whilst the Racial and Religious Hatred Act 2006 makes it illegal to threaten people because of their religion, or to stir up hatred against a person because of their faith. It is designed to fill gaps in the current laws, which makes it illegal to threaten people on the basis of race or ethnic background. This Act extends to England and Wales only.
Defamatory, obscene and other unlawful content
Of particular concern to the providers of next generation technologies may be the potential liability for hosting infringing material (for example if contributors post defamatory or obscene material or works which infringe copyright). The E- commerce Directive and Regulations provide for some immunity against liability for a service provider which hosts, caches or acts as a conduit for unlawful content so long as certain criteria are met. Broadly the service provider who hosts or caches unlawful information will not be liable for damages or for any other pecuniary remedy or for any criminal sanction so long as they do not have actual knowledge of the unlawful activity or information and is not aware of facts or circumstances from which it would have been apparent that the activity or information was unlawful. Neither should the service provider have had a hand in transmitting or in any way altering the information. Please note that the E-Commerce Directive and Regulations do not apply to ISP's located outside the European Union. So if the plan is to use an ISP located in the US, make sure that the service complies with the legislation of the country where the ISP is located.
Although the rules are somewhat complex (for instance they do not state what is meant by expeditiously, nor how actual knowledge is obtained by a service provider), in general service providers have sought to mitigate liability that might arise by putting into place a notice and take down procedure and by making the service subject to specific terms and conditions (which usually exclude liability of the service provider. Such terms and conditions can be found on the website of the service provider. Most notice and take down procedures provide that when a service provider receives notice that allegedly infringing material is on the site and/or on the equipment operated by the service provider, then the material is removed. While instituting such a procedure is good practice, there are factors that providers of Web 2.0 technologies within the public sector might like to consider:
- The procedure for taking down allegedly infringing material. Will any investigation be made as to the identity and provenance of the complainer prior to removing the material?
- Put-back Procedure. Will the service provider consider instituting a ‘put-back’ procedure whereby the material is automatically re-instated should it be found to be non-infringing?
A number of jurisdictions are starting to require service providers to install filtering software (dealing notably with material that infringes copyright) in order to maintain immunity from suit. Whereas liability in these cases tends to arise where the provider of the next generation technology is profiting from a business model that infringes copyright belonging to third parties (such as a service that makes clips of videos available profiting from advertising revenue) some thought might be given to the possibility of building filtering tools in educational Web 2.0 technologies.
Contempt of Court
Although perhaps less likely to arise than the other issues with regards to the legal issues arising from engagement with next generation technologies, disregard for the authority of the courts of justice e.g. ignoring a court order is criminal offence
Links to IPR Toolkit Resources as PDFs
Background papers
Reports
Practical tools
3.4 Top Tips for Issuing Licences
3.5 Top Tips for Requesting Licences
3.8 Template Email Permissions Form
3.9 IPR Template Permission Letter
3.10 Rights Management Template
3.12 Model Contractual Clauses for Requesting Permission from Staff
3.13 Example Consortium Agreement
3.14 Model Contractual Clauses for Requesting Permission from Students/Volunteers
3.15 Model contractual clauses for requesting permission from freelancers/subcontractors
3.16 Template Terms and Conditions of Service
Template policy statements
2.1 Draft Institutional IPR Policy Statements
2.2 IPR and Licensing Blue Print for Funding Bodies and Recipients of Funding
Related Digipedia links
IPR policy statement for the public sector
Orphan works and risk management
Web 2.0 and legal issues factsheet
Further information
General resources
Intellectual Property Office: Overview of the legislative framework and policy issues/developments regarding Intellectual Property Rights
Office for Public Sector Information: Information about Crown Copyright material, click use licence for reusing Crown Copyright material and access to the consolidated copyright legislation.
British Library Business and IP Centre: Provision of resources, support and advice relating to the creation and exploitation of IP within a business context
Licensing schemes and open content licensing initiatives
Copyright Licensing Agency (CLA)
Design and Artists Copyright Society (DACS)
Resources for health professionals
Resources for schools, colleges and universities
JISC Digital Media Online Image Finding Tutorial: Interactive tool providing information about how to find images online which can be used with the least amount of restrictions
Web2Rights Project: JISC funded project providing interactive copyright and other legal issues tools, resources and charts for use by JISC funded projects
JISC Casper: Interactive tools and associated resources for dealing with copyright issues in schools and projects who are reusing content
JISC IPR and Web2.0 Animation: IPR and Web2.0 animation commissioned by JISC and built around the Web2Rights project deliverables
Becta: Information about IPR for schools
JISC IPR Consultancy: Briefing documents about IPR and monthly IPR Newsletter
JISC Open Content Licences Overview Paper: Overview paper providing guidance about the use of open content licences for JISC funded projects
JISC Model Licence Interactive: Interactive tool which provides an overview of the benefits of the JISC Model Licence
TrustDR Project: JISC funded project providing supporting documentation relating to the establishment of a digital rights management system for repositories
JISC Legal: Support for HEIs and FEIs on legal issues
OSS Watch: Support for HEIs and FEIs on open source licences
Resources for the cultural heritage sector
Collections Link: Comprehensive resources relating to IP and licensing for cultural heritage bodies
Harvested links
- Copyright Essentials
- A Collections Trust factsheet providing an introduction to copyright law for the non-specialist collections manager. [?]
- Training Course: Copyright Essentials
- This training course provided by Museums Galleries Scotland offers an introduction to the principles of copyright within the context of caring for collections. It offers basic and practical training, [?]
- New guide to copyright for cultural heritage organisations
- The Collections Trust is delighted to announce the publication of a new guide to copyright for cultural heritage organisations. [?]
- Collections Management Network website
- Collections Management Network (CMNetwork) is a consortium of consultants, advisers and trainers with expertise in collections management. We work together to provide practical, authoritative, cost ef [?] <span id="fck_dom_range_temp_1287584946184_396" />
[[Role::newcomer]] [[Role::strategy manager]] [[Role::policy maker]] [[Role::project manager]] [[Role::content manager]] [[Role::acquisitions manager]] [[Goal::managing]] [[Goal::copyright]] [[Goal::IPR]] [[Goal::legal]] [[Level::basic]] [[Level::medium]] [[Level::deep]]
