Safe Harbor Protection – Website Liability

A “safe harbor” is defined as a harbor considered safe for a ship during a storm at sea, or any place or situation that offers refuge or protection. A safe harbor is also a provision of a statute or a regulation that specifies that certain conduct will be deemed not to violate a given rule. Websites that host content are always at risk of someone posting an image they don’t own, or music they haven’t licensed, or content they haven’t created. The Digital Millennium Copyright Act of 1998 (DMCA) provides websites with protection from liability for material posted by their users. This protection is legally referred to as a safe harbor.

I have previously written on how a DMCA take down notice works. This article is intended to educate website operators how to ensure they are able to fully afford themselves protection under the DMCA safe harbor provisions of the law.

To cite a specific example, liability can arise when a user posts artwork or content they do not own on a designated page of a website (on a chamber of commerce website, for example). It may be difficult, or even impossible, for a website operator to monitor and police every piece of content its users post. By virtue of the website displaying potential infringing material, the website is potentially liable for copyright infringement. The good news is that a DMCA safe harbor will protect a compliant business from copyright infringement claims, monetary damages and attorneys’ fees. This protection from liability is only available to the business if the legal requirements set forth in the DMCA law are closely followed.

The most common legal issues arise with businesses with interactive websites, individual user pages, online communities, message boards, or blog comments. For these types of businesses, it is critical to verify compliance with the DMCA safe harbor requirements. Failure to strictly comply with the DMCA safe harbor provisions can substantially increase potential business liability for the actions of its website users.

Designate a DMCA Agent

The first step is to designate an agent with the United States Copyright Office. This agent will receive notifications of claimed infringement and will be the person responsible for compliance with the take down notice requirements. The Copyright Office website has a short form to name a DMCA agent which should be completed and filed with the Copyright Office.

The form includes the name of the agent, mailing address, email address, and phone number. Some businesses set up a separate phone number or email address for this purpose so that they can quickly identify any call or email sent to the address as high priority. The DMCA agent should be someone in the business that has the ability to either take down infringing material from a website, or direct someone promptly to remove the material. In some circumstances, usually with high content websites, attorneys will serve as DMCA agents for their clients.

Posting the DMCA Agent Information

Once a DMCA agent has been filed with the Copyright Office, the agent must also be identified on the business website. Traditionally, this information is posted on a website’s Terms of Use page. The DMCA agent information should include the name, address, email address and phone number of the DMCA agent, but could also include a fax number or other means of contact. This should be the same information that is listed on the DMCA agent designation form filed with the Copyright Office.

This is the way a complaining party will contact the business about potentially infringing material, so it is critical that this information is complete, correct and up to date at all times. In the event any of this information changes on the business website, an amended form should be filed with the Copyright Office.

Remove Known Infringing Material

A business that knowingly posts or permits posting of infringing material on its site is at a significant risk of infringement claims. A business is not required to review and analyze every piece of information on its website for copyright compliance. The exception is if a business has actual knowledge of infringing material on its site, the business must remove the infringing material or disable access to it. As a general rule it is best for a business to immediately remove infringing material once they become aware of it.

Take Down Notice Procedures

If a business is in compliance with the requirements of the DMCA, a copyright owner’s only recourse upon finding user-submitted infringing material on the business website is to follow the statutory notice and take down procedures. It is critical that the business also follow these statutory procedures. For a detailed discussion of these procedures, please read this article.

In general, if a business receives a Take Down Notice from a purported copyright owner claiming the website is posting infringing material, the business should immediately remove the infringing material from the website or disable access to it. After removing or disabling access to the infringing material, the business is required to take reasonable steps to notify the user that the infringing material has been removed or disabled.

Counter-Notice from User

If a user truly owns rights to the material, or believes that it owns the material, the DMCA provides that they are able to provide a “counter-notice” to the business. In the event a business receives such a counter-notice, the business is required to forward a copy of the counter-notice to the claimed copyright owner and inform the claimed copyright owner that the alleged infringing material will be replaced unless the claimed copyright owner files a lawsuit. The business then can replace the material within 10-14 days of receipt of the counter-notice, unless a lawsuit is filed by the claimed copyright owner.

The DMCA provides very specific requirements for the counter-notice by a user, so a business is not required to comply unless the user is in compliance with the requirements. A user counter-notice should include: (i) a signed written document; (ii) identification of the removed material and the location of the material prior to removal; (iii) a statement under penalty of perjury that the user has a good faith belief that the material was removed or disabled as a result of mistake or misidentification; (iv) the user’s name, address, and telephone number; (v) and a statement that the user will accept service of process and consents to the jurisdiction of the applicable Federal District Court.

Terminate Repeat Offenders

In some circumstances there will be a user who posts infringing material more than once, even after the business removes it from the website. Under the DMCA, a repeat offender should be terminated from access to the website. An industry standard for defining a repeat offender is a user who has been notified of infringing activity more than twice and/or has had a user submission removed from the website more than twice. This may seem harsh, but the reality is that in order to take advantage of the DMCA safe harbor protections, a business must strictly comply.

Therefore, on the third strike, the user’s account should be suspended and the user should be denied access to their account. Most businesses simply suspend the user’s account, but some delete the account altogether. The critical element is to ensure that the user will not be able to create a new account under the same email address.

As these requirements are highly technical, it is advised that a business consult with an attorney experienced in this area of the law, especially in the event a business receives a Take Down Notice or a Counter-Notice. In order to ensure complete protection under the terms of the DMCA safe harbor laws, a business must ensure strict compliance with the requirements of the DMCA.

Leave a Reply

Your email address will not be published. Required fields are marked *