US [NOT] Proposing to Eliminate Secondary Liability from ACTA?

Sean Flynn
September 2, 2010

According to Inside U.S. Trade (August 27, 2010), the U.S. has adopted "a major policy shift" and "proposed removing controversial language from the Anticounterfeiting Trade Agreement (ACTA) that would have required signatories to impose secondary liability on Internet firms for intellectual property rights infringements by individuals." On closer read of the ACTA text as we know it,  the truth may be that secondary liability is not going away at all. 

The July leaked text of ACTA contains a chapter on "Enforcement Procedures in the Digital Environment" composed of seven major subsections. Sections one through three identify obligations of countries to enforce copyright law on the internet, and sections four through seven mainly require punishment of people who evade digital rights management hardware or software or define the exceptions to such obligations.

The best interpretation of the news may be that the U.S. proposes to remove what is labeled as section 2 and 3 in the July leaked text.

Section 2 requires secondary liability and section 3 defines safe harbors from liability for implementing notice take down ("removing or disabling access") and other procedures. USTR Kirk described the inclusion of ISP liability in ACTA as a US priority in a letter to Senator Wyden, and essentially said that the US position is that you have to define a liability requirement in order to have the safe harbors:

"In order for a 'safe-harbor' approach to ISP liability (such as provided in relevant U.S. law) to be meaningful, there must necessarily be some form of potential secondary liability against which the 'safe harbor' provides shelter. Thus, in connection with consideration of limitations on ISP liability in the ACTA, we find it helpful for our trading partners to confirm the existence in their respective legal systems of some relevant form of secondary liability."

The notice and take down requirement is based on a controversial provision of the Digital Millennium Copyright Act (DMCA). The inclusion of a notice and take down requirement in ACTA was recently criticized by the Article 29 Data Protection Working Party in the EU for promoting ISP action which would "interfere with the freedom of expression of individuals, as has happened in the US," and also because it "raises concerns about the disclosure of individuals' data to third parties."

The big question is how much of the rest of ACTA's secondary liability requirements remain, what interpretation the US will use of them when it unilaterally adjudicates ACTA compliance through special 301. (For a description of special 301 and how the U.S. uses it to push controversial interpretations of trade agreements, see Flynn, Special 301 of the Trade Act).

Subparagraph 1 of the digital chapter requires that each Party ensure that criminal and civil enforcement procedures are available "so as to permit effective action against an act of . . .  infringement which takes place" on the internet. Nothing in the news today suggests that this was removed.

The proposal may also leave in place Japan's proposal for a 3 quarter, stating that each party "promote the development of mutually supportive relationships between online service providers and right holders" to deal effectively with "infringement which takes place by means of the Internet, including the encouragement of establishing guidelines for the actions which should be taken."

There are also secondary liability sections in other parts of ACTA that could be interpreted to cover ISPs:

In the civil enforcement chapter, the EU/CH proposal under injunctions would extend injunctions to "intermediaries whose services are used by a third party to infringe"

In civil enforcement Art. 2.5, the EU/CH/J proposal includes provisional measures "in relation to an intermediary whose services are used by a third party to infringe"

Both of these proposals extend to all copyright infringement, not just infringement on a commercial scale.

And the damages section extends liability to anyone who "with reasonable grounds to know, engaged in infringing activity" - which could be an ISP who has notice of allegedly infringing material.

So if all these provisions stay in place, one rational interpretation of the agreement would be that ISPs are liable for damages and injunctions as "intermediaries" and that countries are required to implement something like notice and take down to comply with the remaining sections 1 and 3 quarter of the digital chapter. The U.S. could argue that a system to establish "guidelines for the actions which should be taken" (section 3 quarter) "to permit effective action against an act of . . .  infringement which takes place" on the internet (section 1) would be one of imposing secondary liability on ISPs combined with safe harbors for implementing notice and take down procedures. Indeed, that has long been the US position. (Kirk to Wyden: "We are seeking legal incentives similar to, and consistent with, those found in relevant U.S. law (see 17 USC Sec. 512).

There is a precedent for this kind of "change means more of the same" interpretation by USTR. In the TRIPS negotiations, the US proposed specific language for the Article 39.3 to require "data exclusivity" - a special marketing monopoly prohibiting reliance on safety and efficacy data of originator drug companies for a period of time. Other countries balked and stripped the proposal out of the Article, leaving only a vague requirement that countries provide for protection of such date from "unfair commercial use." After the agreement was finalized, the US has implemented an interpretation in its Special 301 adjudications that the "only" interpretation of the vague data protection rule left in TRIPS Art. 39.3 is that it requires data exclusivity. (see Flynn, Public Health Submission to USTR 301 2010).

This possibility deserves a footnote about Canada.

Canada has a (now relatively informal) "notice and notice" system, which it is considering implementing through statute. This is a system through which ISPs can potentially avoid liability by giving notice to the user of copyright complaints, rather than taking down the material itself. Will the U.S. continue to put Canada on its Special 301 watch lists post-ACTA because notice and notice does not comply with the principles enshrined in the digital chapter of ACTA? It would not surprise me. And I doubt the US would consider any country to have an "effective" system for addressing infringement on the internet under Digital section 1 if it does not have secondary liability for ISPs.

So in the next leaked text on this issue, don't just look at the digital chapter sections 2 and 3. Look at what remains in 1 and 3 quarter as well as what is left in the civil enforcement and damages sections. 

Permalink :