The popularity of cloud computing is increasing and with it the amount of copyright-protected material which is saved and edited with cloud computing services. Here is an overview of how cloud computing and the law on copyright interact.
1. What are the issues cloud computing and copyright law?
A large amount of data stored in the cloud is protected by copyright law. These include films, texts, photographs, computer games and computer programmes.
Under copyright law, a person who creates a work is automatically the copyright holder. Their rights are protected and they may use their work as they see fit, including storing it in the cloud.
For any other person, however, the reproduction of a work is generally prohibited, even in the cloud. There are, however, a number of exceptions to this prohibition.
2. Cloud computing overview:
Cloud computing is generally composed of three elements:
- SaaS (Software as a Service) describes the provision of software by the cloud service to the user. The user interacts with this software through an internet browser. Examples include Google Mail and Yahoo
- IaaS (Infrastructure as a Service) describes the use of third-party server space to store files
- PaaS (Platform as a Service) is a platform for software developers
3. Copyright and SaaS
This has led a small number of lawyers in Germany to adopt the view that, in such cases, a person who uses SaaS services commits a copyright infringement.
Advocates of this position argue that the cloud software is temporarily stored in a computer’s random access memory, which amounts to a reproduction under copyright law. If the cloud provider fails to grant exploitation rights, the reproduction is illegal. This would give cloud providers a right to demand cessation of use and compensation.
The predominant view held in the literature, however, is that such a temporary reproduction does not breach copyright law.
There are two legal arguments here:
Firstly, supporters of this position argue that § 44a of the German Copyright Act applies. This allows for brief and temporary reproductions of a technical nature to be made, provided they have no independent commercial value.
Secondly, § 69d(1) of the German Copyright Act, specifically permits an authorised person to reproduce the software, in cases where it is necessary in order to allow a computer programme to be used in accordance with its intended purpose. However, there is some doubt as to whether a user can be an “authorised person”.
There is also an increasingly held view that the main act of reproduction takes place in the cloud and not in users’ RAM; and any reproduction which does occur in the RAM, is small and insignificant. As a result, users do not create a copy and therefore do not breach copyright law.
However, as there is currently no case law in this area, the legal position is disputed.
4. Copyright and IaaS
If the rules on use are exceeded by a user, they may receive a warning letter or even face court action for breaching copyright.
b. Statutory rules on private copies
While protecting the rights of creators, statute does provide for exceptions. This means that in certain circumstances, an individual may download and upload copyright protected files to the cloud without obtaining copyright holder’s consent.
Under copyright law an individual has the right to reproduce a copyright-protected work provided it is only for private purposes and in limited numbers.
“Private purposes” refers to use within a person’s private environment. This includes sharing a copyright-protected file with close friends and relatives.
It does not include making a copyright-protected work publicly available, which requires the consent of the copyright owner. If consent is not obtained, the reproduction infringes copyright.
For example, uploading a copyright-protected file to a cloud provider and allowing close friends access, would not constitute a copyright infringement. Allowing all your friends on Facebook access to the same file, would breach copyright, as the friends are unlikely to all be close friends or relatives.
c. Exceptions to the right to make a private copy
I. Technical measures
The right to make a private copy is excluded if a work is protected with technical measures to prevent it being copied; so-called Digital Rights Management technologies. Many DVDs, e-books and computer games are protected by such technologies.
Under the circumvention prohibition contained in § 95a German Copyright Act, a user is prohibited from attempting to circumvent the technical protection measures.
As many cloud providers allow for films, books or music, to be downloaded more than once if users have purchased them, the non-circumvention rule can be considered less critical.
Nevertheless, the same files are often protected by non-circumvention technologies to prevent them being transferred to other users (e.g. friends). Circumventing these measures in this situation would then be illegal.
Also, many cloud providers restrict access to purchased content to a particular time frame. Users can view a film, for example, for a certain number of days as often as they like and then access is restricted. Such a restriction also counts as a technical measure, the circumvention of which is illegal.
II. Illegal source
It should also be noted that the right to make a private copy does not apply if the source from which the copy is to be made has clearly been created illegally.
5. Copyright and PaaS
PaaS presents less of a problem in terms of copyright. This is because a developer is the creator of a work and therefore automatically the copyright owner. The work is not used by an end-user.
6. Cloud providers
There also questions about whether a cloud provider breaches copyright through offering copyright protected files for download.
Here, the main reproduction rights of a copyright-protected work should be regulated by contract with the copyright holder.
If not, the same considerations concerning reproduction and making a work publicly available apply as discussed above.
It is therefore highly advisable for cloud service providers to ensure that agreements with copyright holders cover the rights to make works publicly available and general rights to cover usage within a cloud context.
7. Obligations on cloud providers
In a recent court decision in Germany, the file hoster Rapishare was ordered to police the internet.
The court found that if file hosters are informed about a particular profile which contains files that breach copyright, they are obliged to block that account. In addition, Rapidshare was ordered to monitor the internet for links to copyright-protected material on its website.
By analogy, it may be possible that the German courts would one day find themselves having to reach a similar judgment with regard to cloud providers.