Essential Law for Information Professionals [4 ed.] 9781783304370, 9781783304363

Citation preview

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:55 Page i

Essential law for information professionals

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:55 Page ii

Every purchase of a Facet book helps to fund CILIP’s advocacy, awareness and accreditation programmes for information professionals

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:55 Page iii

Essential law for information professionals FOURTH EDITION

Paul Pedley

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:55 Page iv

© Paul Pedley 2019 Published by Facet Publishing, 7 Ridgmount Street, London WC1E 7AE www.facetpublishing.co.uk Facet Publishing is wholly owned by CILIP: the Library and Information Association. Paul Pedley has asserted his right under the Copyright Designs and Patents Act 1988 to be identified as the author of this work. Except as otherwise permitted under the Copyright Designs and Patents Act 1988 this publication may only be reproduced, stored or transmitted in any form or by any means, with the prior written permission of the publisher, or, in the case of reprographic reproduction, in accordance with the terms of a licence issued by The Copyright Licensing Agency. Enquiries concerning reproduction outside those terms should be sent to Facet Publishing, 7 Ridgmount Street, London WC1E 7AE. British Library Cataloguing in Publication Data A catalogue record for this book is available from the British Library. ISBN 978-1-78330-435-6 (paperback) ISBN 978-1-78330-436-3 (hardback) ISBN 978-1-78330-437-0 (e-book) First published 2003 Second edition 2006 Third edition 2011 This fourth edition 2019 Text printed on FSC accredited material.

Typeset in 10/13 pt University Old Style and Humanist 521 by Flagholme Publishing Services. Printed and made in Great Britain by CPI Group (UK) Ltd, Croydon, CR0 4YY.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:55 Page v

Dedication

This book is dedicated to the memory of Justin Arundale. During what was then The Library Association’s Members’ Day 2001, Justin approached me about jointly authoring a book on essential law for information professionals, and so this was his idea. I would very much like to record my thanks to him for his help, advice and encouragement during the initial planning stages. But before he had a chance to contribute to the book, Justin died (on 12 September 2002). As a result, I missed the opportunity that we would otherwise have had of being able to continue the exchange of ideas and thoughts about a topic that both of us had found to be so interesting.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:55 Page vi

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:55 Page vii

Contents

Disclaimer List of figures and tables Table of statutes, etc. Table of cases Abbreviations Glossary of terms Preface

xvii xix xxiii xxxi xxxv xli xlv

1 1.1

General law and background ...............................................................1 Legal system 1 1.1.1 Common law system 4 1.1.2 Civil law system 4 1.2 Court system 5 1.2.1 England and Wales 5 1.2.2 Scotland 6 1.2.3 Northern Ireland 6 1.2.4 Judicial reviews 7 1.2.5 Tribunals 7 1.3 Sources of law 8 1.3.1 Progress of UK legislation 9 1.3.2 Law reports 11 1.3.3 Public international law 12 1.3.4 Websites 12 1.4 Legal concepts/terminology 13 1.4.1 Criminal law 13 1.4.2 Civil law 13 1.4.3 Tort (England, Wales, Northern Ireland)/Delict (Scotland) 14 1.4.4 Contract law 14 1.4.5 Property 16 1.5 Conclusions 16 References 17 2 2.1 2.2 2.3

Library law...........................................................................................19 Localism Act 2011 19 Public Services (Social Value) Act 2012 20 Sustainable Communities Act 2007 and Sustainable Communities 21 Act 2007 (Amendment) Act 2010

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:55 Page viii

VIII

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

2.4 Public Libraries and Museums Act 1964 2.5 Local byelaws 2.6 Literary and Scientific Institutions Act 1854 2.7 Library Offences Act 1898 2.8 Prison library service 2.9 School library service 2.10 Equality Act 2010 (section 149: Public sector equality duty) References 3 3.1

3.2 3.3

22 24 24 25 26 26 27 28

Copyright.............................................................................................29 General principles 29 3.1.1 Copyright ownership 31 3.1.2 Term of protection 31 3.1.2.1 Unpublished works and the 2039 rule 31 Economic and moral rights 34 3.2.1 Risk management 35 Legislative framework 36 3.3.1 Berne Convention for the Protection of Literary and 36 Artistic Works 3.3.2 Universal Copyright Convention 37 3.3.3 Trade-Related Aspects of Intellectual Property Rights 37 3.3.4 World Intellectual Property Organization Copyright Treaty 38 3.3.5 European directives on copyright matters 38 3.3.5.1 On the legal protection of computer programs 38 3.3.5.2 On rental and lending right 39 3.3.5.3 Harmonising the term of copyright protection 39 3.3.5.4 On the legal protection of databases 39 3.3.5.5 On the harmonisation of certain aspects of 39 copyright and related rights 3.3.5.6 On the resale right for the benefit of the 39 author of an original work of art 3.3.5.7 On the enforcement of intellectual property 40 rights 3.3.5.8 Directive on the term of protection of copyright 40 and certain related rights amending the previous 2006 Directive (‘Term Directive’) 3.3.5.9 Directive on certain permitted uses of orphan works 41 3.3.5.10 Directive on collective management of copyright 41 and related rights and multi-territorial licensing of rights in musical works for online use in the internal market

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:55 Page ix

CONTENTS

3.4

3.5

3.3.5.11 Directive on certain permitted uses of certain works and other subject matter protected by copyright and related rights for the benefit of persons who are blind, visually impaired or otherwise print-disabled 3.3.6 European Regulations on copyright matters 3.3.6.1 Regulation on the cross-border exchange between the Union and third countries of accessible format copies of certain works and other subject matter protected by copyright and related rights for the benefit of persons who are blind, visually impaired or otherwise print-disabled 3.3.6.2 Regulation on cross-border portability of online content services in the internal market The Intellectual Property (Copyright and Related Rights) (Amendment) (EU Exit) Regulations 2019 3.3.7 UK legislation 3.3.8 Supplementary case law Acts permitted in relation to copyright works 3.4.1 Fair dealing 3.4.1.1 What is substantial? 3.4.2 Non-commercial research 3.4.3 Private study 3.4.4 Illustration for instruction 3.4.5 Quotation 3.4.6 Criticism and review 3.4.7 News reporting 3.4.8 Caricature, parody and pastiche 3.4.9 Text and data mining for non-commercial research 3.4.10 The library provisions in the CDPA 3.4.10.1 Copying by librarians on behalf of their users 3.4.10.2 Libraries and educational establishments making works available through dedicated terminals Licensing 3.5.1 Copyright Licensing Agency 3.5.2 NLA Media Access 3.5.3 Design Artists Copyright Society 3.5.4 Ordnance Survey 3.5.5 The National Archives 3.5.6 Creative Commons

IX

42

43 43

43 45 46 47 47 48 49 51 52 52 53 53 54 54 55 55 58 59 60 61 62 64 64 65 67

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:55 Page x

X

3.6

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

Digital copyright 3.6.1 Internet 3.6.2 Right of communication to the public 3.6.3 Hyperlinking and deep linking 3.6.4 Database regulations 3.6.5 Archiving and preservation of digital content 3.6.6 Licensing of electronic resources 3.6.7 Digital rights management systems 3.6.8 Digital signatures and copyright declaration forms 3.7 Copyright clearance 3.7.1 Databases of rights owners 3.7.2 Orphan works 3.7.2.1 Orphan works licences 3.8 Open access 3.8.1 Further information 3.9 Ethical and professional issues and conflicts 3.10 Further information References

69 70 71 71 74 75 76 76 78 80 82 84 85 92 95 95 96 98

4 4.1 4.2

Legal deposit .......................................................................................99 Introduction 99 General principles 100 4.2.1 Print material 101 4.2.2 Non-print material 101 4.3 Enforcement 102 4.4 Copyright and use of legal deposit material 103 4.5 Online defamation 104 4.6 The future 104 4.7 Further information 105 References 105 5 5.1 5.2 5.3 5.4 5.5

Breach of confidence ........................................................................107 General principles 107 Obligation of confidence and the Freedom of Information Act 109 Remedies 111 Trade secrets 111 Case law on breach of confidence 112

6 6.1 6.2

Contracts and licensing agreements................................................115 General principles 115 Negotiating licences 118 6.2.1 Factors that can make or break a deal 125

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:55 Page xi

CONTENTS

Consortia and standard licences Technology solutions Use of passwords for licensed products 6.5.1 Usage data 6.6 Further information References

XI

6.3 6.4 6.5

126 127 128 128 129 129

7 7.1 7.2

Data protection.................................................................................131 Introduction 131 General principles 132 7.2.1 The GDPR and the DPA 2018 are constantly evolving 133 7.2.2 Related legislation 134 The six data protection principles 136 7.3.1 First principle 137 7.3.2 Second principle 137 7.3.3 Third principle 137 7.3.4 Fourth principle 137 7.3.5 Fifth principle 137 7.3.6 Sixth principle 138 Accountability 138 7.4.1 Documentation requirements 140 7.4.2 Codes of conduct 142 7.4.3 Certification 143 Processing of personal data 144 7.5.1 Legal bases for processing 144 7.5.2 Processing of special categories (sensitive personal data) 145 7.5.3 Consent 147 7.5.4 Transfers of personal data to a third country or an 149 international organisation Exemptions 152 Privacy notices 155 Register of fee payers 156 Rights of the data subject 157 7.9.1 Compensation 160 7.9.2 Credit reference agencies 160 Data breaches 161 7.10.1 Causes of data breaches 163 Data protection impact assessments 163 Fines and prosecutions 164 7.12.1 Prosecutions 164 Data protection issues for libraries 165

7.3

7.4

7.5

7.6 7.7 7.8 7.9

7.10 7.11 7.12 7.13

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:55 Page xii

XII

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

7.13.1 E-books – privacy concerns 7.13.2 Electoral roll information in libraries 7.13.3 Radio Frequency Identification 7.13.4 Outsourcing 7.14 Data protection standards 7.15 How to protect your information 7.16 Identity theft 7.17 Further information References

166 167 168 170 171 172 173 174 175

8 Privacy ...............................................................................................177 8.1 General principles 177 8.2 Obligation of confidence versus breach of privacy 179 8.3 Codes of practice 180 8.4 Injunctions 181 8.5 Privacy and libraries 181 8.6 Case law 184 8.7 Further information 187 References 187 9 9.1 9.2 9.3 9.4 9.5 9.6 9.7 9.8 9.9 9.10 9.11 9.12

9.13 9.14

Freedom of information....................................................................189 General principles of freedom of information 189 The Freedom of Information Act 2000 (FOIA) 191 9.2.1 Local authorities 193 Publication schemes 195 Datasets 197 Copyright implications of the FOIA 198 Freedom of information and library and information professionals 200 Freedom of information rights and request procedures 202 Exemptions and appeals 203 Enforcement 207 The Environmental Information Regulations 2004 (EIR) 208 9.10.1 What is environmental information? 208 Freedom of information in Scotland 210 Freedom of information and data protection 213 9.12.1 Fees and charges 213 9.12.2 The time limit for responding to requests 214 9.12.3 The exemptions 214 European Union documents 214 Further information and keeping up to date 215 9.14.1 Organisations 215 9.14.2 Journals 216

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:55 Page xiii

CONTENTS

9.14.3 News feeds References

XIII

216 216

10 Human rights ....................................................................................219 10.1 General principles 219 10.1.1 Human Rights Act 1998 220 10.1.2 Fundamental Rights Agency 222 10.2 Guiding principles for library and information professionals 223 10.3 Human rights and data protection 223 10.4 Human rights and copyright 224 10.5 Human rights and freedom of expression 228 10.6 Further information 230 References 230 11 11.1 11.2 11.3

Re-use of public sector information .................................................233 Background 233 General principles 234 Public task 236 11.3.1 The ‘public task’ of public sector libraries 237 11.4 UK government licensing framework 237 11.4.1 UK Open Government Licence 238 11.4.2 The non-commercial government licence 240 11.4.3 The charged licence 240 11.5 Right to data 240 11.6 Charging 241 11.6.1 Public/private partnerships and exclusivity deals 242 11.7 Complaints procedure 243 11.8 New Open Data and PSI Directive 243 11.9 Further information 244 11.9.1 Organisations 244 11.9.2 Publications 245 References 245 12 12.1 12.2 12.3 12.4 12.5

Defamation........................................................................................247 Introduction 247 General principles 247 Slander 248 Libel 249 Defences to libel 251 12.5.1 Truth 252 12.5.2 Honest opinion (previously known as fair comment) 252

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:55 Page xiv

XIV

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

12.5.3 Publication on a matter of public interest (Defamation Act 2013 section 4) 12.5.4 Operators of websites who didn’t post the statement on the website (Defamation Act 2013 section 5) 12.5.5 Peer-reviewed statements in scientific or academic journals (Defamation Act 2013 section 6) 12.5.6 Privilege (Defamation Act 2013 section 7) 12.5.7 The offer to make amends 12.6 Remedies 12.6.1 Civil action for damages 12.6.2 Costs 12.6.3 An injunction/interdict to prevent repetition 12.7 Defamation and the internet 12.7.1 The liability of internet service providers for other people’s material 12.7.2 The application of the limitation period to online archives and the introduction of the single publication rule 12.7.3 Exposure of internet publishers to liability in other jurisdictions 12.7.4 The risk of prosecution for contempt of court 12.7.5 Social networking sites 12.7.6 E-mail libel 12.8 Checklist References Notes

253 254 255 255 255 256 256 257 257 257 257 261 262 265 265 266 267 268 268

13 Professional liability ..........................................................................269 13.1 General principles 269 13.2 Contract 274 13.3 Tort (delict in Scotland) 275 13.4 Liability and electronic information 277 13.5 Liability for copyright infringement 278 13.6 Risk management 279 13.7 Indemnity and insurance 281 References 282 14 14.1 14.2 14.3 14.4

Cybersecurity and cybercrime .........................................................283 Background 283 Cybersecurity and cyber essentials 286 Council of Europe Convention on Cybercrime 288 The Computer Misuse Act 1990 289

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:55 Page xv

CONTENTS

The Network and Information Systems Regulations Hacking Viruses, worms and Trojans Intellectual property infringement 14.8.1 Plagiarism 14.8.2 Software piracy 14.8.3 Making illegal downloads of music files 14.8.4 Other examples of copyright abuse 14.9 Pornography 14.10 Fraud 14.10.1 Phishing 14.10.2 Pharming 14.11 Denial of service attacks 14.12 Acceptable use policies 14.13 Communications Act 2003 References

XV

14.5 14.6 14.7 14.8

294 295 295 296 296 296 296 297 297 301 301 301 302 302 303 304

15 15.1 15.2 15.3 15.4 15.5

Disability discrimination ...................................................................305 General principles 305 Copyright and the disability exceptions 310 The Right to Read 313 Website accessibility 313 Further information 316

16 16.1 16.2 16.3

Other legal issues relevant to librarians ..........................................319 Introduction 319 Police, surveillance and libraries 319 Cloud computing 323 16.3.1 Escrow agreements 325 16.3.2 Data protection issues 325 16.3.3 Ownership of the data 326 16.4 Stocking extremist/controversial literature 326 16.5 Censorship 330 16.6 Theft or mutilation of rare books 331 16.6.1 Examples of theft by library users 332 16.6.2 Examples of theft by library staff 332 16.7 Lending of audio books and e-books by public libraries 333 16.8 Further information 335 References 336

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:55 Page xvi

XVI

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

Appendices Appendix 1 Brexit and the orphan works exception Appendix 2 CILIP's ethical framework

337 339

Index............................................................................................................341

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:55 Page xvii

Disclaimer

Paul Pedley is not a lawyer and is not able to give legal advice. The contents of this book are intended to raise awareness of key legal issues affecting information professionals, but the book does not constitute legal advice and should not be relied upon in that way.

Copyright notice Crown Copyright material is reproduced with the permission of the Controller of HMSO and the Queen’s Printer for Scotland.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:55 Page xviii

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:55 Page xix

List of figures and tables

General law and background 1.1 1.2 1.3

Devolved and reserved matters in Scotland Reserved matters in Wales What establishes a contract?

1 2 14

Copyright 3.1 3.2 3.3 3.4 3.5 3.6 3.7 3.8 3.9 3.10

What is protected by copyright? Terms of protection for different types of work Berne three-step test What is fair dealing? Guidance on what you are allowed to copy What constitutes copying for a commercial purpose? Exception for library staff to copy on behalf of a user who completes a declaration form Sample copyright declaration form The different types of hyperlinks Points to consider when deep linking

30 32 37 48 51 52 57

Exclusive rights set out in the Berne Convention (as amended in Paris, 1971) Implementation in the UK of European Directives and Regulations The library exceptions Checklist of things to consider when hyperlinking Features of the IPO’s orphan works licensing scheme Payments due to the IPO on orphan works licences

36

59 71 72

Table 3.1 3.2 3.3 3.4 3.5 3.6

44 55 72 86 88

Legal deposit 4.1 4.2 4.3

Legal deposit libraries Layout of the Legal Deposit Libraries Act 2003 CDPA Section 44A: Legal deposit libraries

100 100 103

Breach of confidence 5.1

Freedom of Information Act 2000, section 41 exemption

110

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:55 Page xx

XX

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

Contracts and licensing agreements 6.1

Contract clauses

122

Data protection 7.1 7.2 7.3 7.4 7.5 7.6 7.7 7.8 7.9 7.10 7.11 7.12 7.13 7.14 7.15 7.16 7.17 7.18 7.19

Definitions of ‘personal data’ and ‘identifiable living individual’/‘identifiable natural person’ What constitutes ‘personal data’? Definitions of ‘filing system’ The six principles of ‘good information handling’ Accountability requirements Documentation requirements Legal basis for data processing How the legal basis for processing can affect an individual’s rights Special categories of personal data (sensitive personal data) Conditions for the processing of special category data Definition of consent Data protection exemptions What should be in a data protection/privacy statement Sample letter requesting a copy of personal information held by a company The rights of the natural person Police and security services powers to scrutinise library records Five steps to protecting your privacy online Preference services Tips for avoiding becoming a victim of identity theft

132 133 133 136 139 141 144 145 146 146 148 153 155 157 158 165 172 172 174

Privacy 8.1 8.2

Articles 8 and 10 of the European Convention on Human Rights Library examples using the eight privacy types identified by Koops et al. (2017)

178 183

Freedom of information 9.1 9.2 9.3 9.4 9.5 9.6 9.7

Public authorities covered by the FOIA Obligations of Public Authorities under the FOIA Classes of information Freedom of information requests procedure FOI exemptions Exemptions under the Freedom of Information (Scotland) Act 2002 How to access European Union information

191 193 195 203 204 211 215

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:55 Page xxi

LIST OF FIGURES AND TABLES

XXI

Human Rights 10.1 10.2 10.3

Three different types of rights Articles 8 and 10 of the European Convention on Human Rights School libraries’ use of thumbprints in place of library cards

221 222 224

Re-use of Public Sector Information 11.1 11.2

Main elements of the scheme for reusing public sector information Key features of the Open Government Licence

235 239

Defamation 12.1

The Reynolds defence

253

Cybersecurity and cybercrime 14.1 14.2 14.3

Key information professional skills in cybersecurity Offences covered by the Council of Europe Convention on Cybercrime Penalties for CMA offences

287 289 292

Disability discrimination 15.1 15.2

Promotional material Compliance checklist

308 309

Other legal issues relevant to librarians 16.1

Cloud computing contract and service level agreement checklist

326

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:55 Page xxii

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:55 Page xxiii

Table of statutes, etc.

Acts of Parliament Broadcasting Act 1990 46 Broadcasting Act 1996 46 City of London Corporation (Open Spaces) Act 2018 8 Civic Government (Scotland) Act 1982 300 Communications Act 2003 303 Computer Misuse Act 1990 289–294 Co-operative and Community Benefit Societies Act 2014 26 Copyright Act 1911 99, 101 Copyright, Designs and Patents Act 1988 Chapter 3. Also 103, 115, 116, 117, 198, 225, 226, 279, 310, 311, 333, 334, 335, 337 Copyright, etc. and Trade Marks (Offences and Enforcement) Act 2002 35, 46 Counter Terrorism and Border Security Act 2018 328, 329 Criminal Justice and Immigration Act 2008 300 Criminal Justice and Public Order Act 1994 297 Data Protection Act 2018 Chapter 7. Also xlv, 8, 9, 66, 111, 180, 202, 208, 210, 213, 214, 224, 235, 239, 303, 325 Defamation Act 1996 252, 255, 257, 258, 260, 261 Defamation Act 2013 xlv, 247, 248, 251, 252–255, 259, 261–264 Digital Economy Act 2010 333 Digital Economy Act 2017 46, 156, 333 Enterprise and Regulatory Reform Act 2013 92, 226 Equality Act 2010 xlv, 27, 305, 306, 308, 314, 316 Fraud Act 2006 301 Freedom of Information (Amendment) (Scotland) Act 2013 212 Freedom of Information (Scotland) Act 2002 191, 211, 213, 217 Freedom of Information Act 2000 Chapter 9. Also xlv, 8, 67, 107, 109-111, 124, 125, 179, 235, 236, 239, 241 Friendly Societies Act 1974 26 Government of Wales Act 1998 2 Government of Wales Act 2006 2, 3 Human Rights Act 1998 4, 108, 220 Intelligence Services Act 1994 165, 323

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:55 Page xxiv

XXIV

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

Interpretation Act 1978 112 Legal Deposit Libraries Act 2003 46, 56, 99, 100, 104 Library Offences Act 1898 25 Limitation Act 1980 57 Literary and Scientific Institutions Act 1854 24 Localism Act 2011 19 Obscene Publications Act 1959 297, 298 Obscene Publications Act 1964 297, 298 Police and Criminal Evidence Act 1984 165, 320 Police and Justice Act 2006 290, 302 Protection of Children Act 1978 298 Protection of Freedoms Act 2012 197, 224, 241 Public Libraries and Museums Act 1964 7, 22, 23, 24, 26 Public Records (Northern Ireland) Act 1923 193 Public Records Act 1958 193 Public Services (Social Value) Act 2012 20 Regulation of Investigatory Powers Act 2000 165 Representation of the People Act 2000 167, 168 Reverter of Sites Act 1987 24 Serious Crime Act 2015 290, 291, 302 Statistics and Registration Service Act 2007 241 Supply of Goods and Services Act 1982 15 Sustainable Communities Act 2007 21 Sustainable Communities Act 2007 (Amendment) Act 2010 21 Terrorism Act 2000 165, 322 Terrorism Act 2006 322, 327–330 Trusts of Land and Appointment of Trustees Act 1996 24 Unfair Contract Terms Act 1977 15, 118, 119 Wales Act 2017 2 Welsh Language Act 1993 196, 197

Statutory Instruments The Artist’s Resale Right (Amendment) Regulations 2009: SI 2009/2792 The Artist’s Resale Right (Amendment) Regulations 2011: SI 2011/2873 The Artist’s Resale Right Regulations 2006: SI 2006/346 The Collective Management of Copyright (EU Directive) Regulations 2016: SI 2016/221 The Consumer Contracts (Information, Cancellation, and Additional Charges) Regulations 2013: SI 2013/3134

40, 44 40, 44 40 44, 47 180

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:55 Page xxv

TABLE OF STATUTES, ETC.

XXV

The Copyright (Amendment) Regulations 2016: SI 2016/1210 47 The Copyright (Computer Programs) Regulations 1992: 44, 46, 117 SI 1992/3233 The Copyright (Educational Establishments) Order 2005: SI 2005/223 52 The Copyright (Free Public Showing or Playing) (Amendment) 47 Regulations 2016: SI 2016/565 The Copyright (Public Administration) Regulations 2014: SI 2014/1385 46 The Copyright (Regulation of Relevant Licensing Bodies) Regulations 46 2014: SI 2014/898 The Copyright and Duration of Rights in Performances (Amendment) 44, 46 Regulations 2014: SI 2014/434 The Copyright and Duration of Rights in Performances Regulations 44 2013: SI 2013/1782 The Copyright and Performances (Application to Other Countries) 47 Order 2016: SI 2016/1219 The Copyright and Related Rights (Marrakesh Treaty, etc.) 43, 44, 45, 47, 310, (Amendment) Regulations 2018: SI 2018/995 311, 312 The Copyright and Related Rights Regulations 1996: 44, 46, 333 SI 1996/2967 The Copyright and Related Rights Regulations 2003: 36, 44, 46, 70, 75, SI 2003/2498 77, 127 The Copyright and Rights in Databases Regulations 1997: 44, 46, 70, 74, 103, SI 1997/3032 116, 198, 311 The Copyright and Rights in Performances (Certain Permitted 44, 47, 337 Uses of Orphan Works) Regulations 2014 SI 2014/2861 The Copyright and Rights in Performances (Disability) Regulations 46 2014: SI 2014/1384 The Copyright and Rights in Performances (Extended Collective 46, 92 Licensing) Regulations 2014: SI 2014/2588 The Copyright and Rights in Performances (Licensing of Orphan Works) 47 Regulations 2014: SI 2014/2863 The Copyright and Rights in Performances (Quotation and Parody) 46 Regulations 2014: SI 2014/2356 The Copyright and Rights in Performances (Research, Education, 46 Libraries and Archives) Regulations 2014: SI 2014/1372 The Copyright, Designs and Patents Act 1988 (Amendment) 46 Regulations 2010: SI 2010/2694 The Data Protection (Charges and Information) Regulations 2018: 156 SI 2018/480 The Data Protection, Privacy and Electronic Communications xlv, 135 (Amendments, etc.) (EU Exit) Regulations 2019: SI 2019/419

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:55 Page xxvi

XXVI

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

The Data Protection, Privacy and Electronic Communications (Amendments, etc.) (EU Exit) (No. 2) Regulations 2019: SI 2019/485 xlv, 135 The Defamation (Operators of Websites) Regulations 2013: 254, 259 SI 2013/3028 The Duration of Copyright and Rights in Performances Regulations 44, 46 1995: SI 1995/3297 The Electronic Commerce (EC Directive) Regulations 2002: 259 SI 2002/2013 The Environmental Information (Scotland) Amendment Regulations 208 2013: SSI 2013/127 The Environmental Information (Scotland) Regulations 2004: 208 SSI 2004/520 The Environmental Information Regulations 2004: SI 2004/3391 8, 208 The Freedom of Information (Release of Datasets for Re-use) (Fees) 202, 214 Regulations 2013: SI 2013/1977 The Freedom of Information Act 2000 (Amendment) (EU Exit) xlv Regulations 2018: SI 2018/1353 The Freedom of Information and Data Protection (Appropriate 202, 214 Limit and Fees) Regulations 2004: SI 2004/3244 The Intellectual Property (Copyright and Related Rights) xlv, 47 (Amendment) (EU Exit) Regulations 2019: SI 2019/605 The Intellectual Property (Enforcement, etc.) Regulations 2006: 44, 46 SI 2006/1028 The Legal Deposit Libraries (Non-Print Works) Regulations 2013: 99, 100, 101 SI 2013/777 The Legal Deposit Libraries Act (Commencement Order) 2004: 100 SI 2004/130 The Network and Information Systems Regulations 2018: 294 SI 2018/506 The Police and Justice Act 2006 (Commencement No. 9) 291, 302 Order 2008: SI 2008/2503 The Privacy and Electronic Communications (EC Directive) 135 (Amendment) (No 2) Regulations 2016: SI 2016/1177 The Privacy and Electronic Communications (EC Directive) 135 (Amendment) Regulations 2004: SI 2004/1039 The Privacy and Electronic Communications (EC Directive) 135 (Amendment) Regulations 2011: SI 2011/1208 The Privacy and Electronic Communications (EC Directive) 135 (Amendment) Regulations 2015: SI 2015/355 The Privacy and Electronic Communications (EC Directive) 135 (Amendment) Regulations 2016: SI 2016/524

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:55 Page xxvii

TABLE OF STATUTES, ETC.

XXVII

The Privacy and Electronic Communications (EC Directive) 135 Regulations 2003: SI 2003/2426 The Privacy and Electronic Communications (Amendment) 135 Regulations 2018: SI 2018/1189 The Privacy and Electronic Communications (Amendment) (No. 2) 135 Regulations 2018: SI 2018/1396 The Public Lending Right Scheme 1982 (Commencement of 333 Variation and Amendment) Order 2014: SI 2014/1945 The Public Lending Right Scheme 1982 (Commencement of 333, 335 Variations) (No. 2) Order 2018: SI 2018/691 The Public Sector Bodies (Websites and Mobile Applications) 314 (No. 2) Accessibility Regulations 2018: SI 2018/952 The Public Sector Bodies (Websites and Mobile Applications) 314 Accessibility Regulations 2018: SI 2018/852 The Regulation of Investigatory Powers (Directed Surveillance 322 and Covert Human Intelligence Sources) (Amendment) Order 2015: SI 2015/937 The Regulation of Investigatory Powers (Directed Surveillance 322 and Covert Human Intelligence Sources) Order 2010: SI 2010/521 The Representation of the People (England and Wales) (Amendment) 167 Regulations 2002: SI 2002/1871 The Representation of the People (England and Wales) (Amendment) 168 Regulations 2006: SI 2006/752 The Representation of the People (Scotland) (Amendment) 168 Regulations 2006: SI 2006/834 The Re-use of Public Sector Information Regulations 2015: 234, 235, 241, 243 SI 2015/1415 The Sustainable Communities (Parish Councils) Order 2013: 21 SI 2013/2275 The Sustainable Communities Regulations 2012: SI 2012/1523 21 The Trade Secrets (Enforcement, etc.) Regulations 2018: SI 2018/597 112 The Unfair Terms in Consumer Contracts Regulations 1999: 16 SI 1999/2083

International treaties and conventions Berne Convention for the Protection of Literary and Artistic Works 30, 36 Convention on Access to Information, Public Participation in 208 Decision-Making and Access to Justice in Environmental Matters (Aarhus Convention) Convention on Cybercrime 285, 288, 289

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:55 Page xxviii

XXVIII

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

European Convention on Human Rights

1, 3, 17, 33, 133, 177, 178, 220, 222, 230 The International Covenant on Civil and Political Rights 263 Marrakesh Treaty 42, 43, 45, 47, 310, 312 Trade Related Aspects of Intellectual Property Rights 37, 98 Treaty of Lisbon 215 Universal Copyright Convention 30, 37 Universal Declaration of Human Rights 29, 98, 224 WIPO Copyright Treaty 38 WIPO Performances and Phonograms Treaty 38

European directives 90/313/EEC on the freedom of access to information on the 208 environment 95/46/EC on the protection of individuals with regard to the 134 processing of personal data and on the free movement of such data 96/9/EC on the legal protection of databases 39, 44, 74, 116 2000/31/EC on certain legal aspects of information society 79, 259, 268 services, in particular electronic commerce, in the internal market 2001/29/EC on the harmonisation of certain aspects 36, 38, 39, 44, 70, of copyright and related rights in the information society 74, 77, 127 2001/84/EC on the resale right for the benefit of the author of an 39, 44 original work of art 2002/58/EC covering the processing of personal data and the 135 protection of privacy in the electronic communications sector (directive on privacy and electronic communications) 2003/4/EC on public access to environmental information and 208, 209 repealing Council Directive 90/313/EEC 2003/98/EC on the re-use of public sector information 233, 234, 242, 243 2004/48/EC on the enforcement of intellectual property rights 40, 44 2006/115/EC on rental right and lending right and on certain 39, 44, 333 rights related to copyright in the field of intellectual property (codified version) 2006/116/EC on harmonising the term of protection of copyright and 39, 44 certain related rights (codified version) 2009/24/EC on the legal protection of computer programs 38, 44, 116, 117 (codified version) 2009/136/EC amending Directive 2002/22/EC on universal service and 135 users’ rights relating to electronic communications networks and services, Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:55 Page xxix

TABLE OF STATUTES ETC.

XXIX

communications sector and Regulation (EC) No 2006/2004 on cooperation between national authorities responsible for the enforcement of consumer protection laws 2011/77/EU on the term of protection of copyright and certain 44 related rights amending the previous 2006 Directive 2012/28/EU on certain permitted uses of orphan works 44, 85, 337 2013/37/EU amending Directive 2003/98/EC on the re-use of 234, 242, 243 public sector information 2014/26/EU on collective management of copyright and related rights 44 and multi-territorial licensing of rights in musical works for online use in the internal market 2015/1535/EC laying down a procedure for the provision of 148 information in the field of technical regulations and of rules on Information Society services 2016/943 on the protection of undisclosed know-how and business 112 information (trade secrets) against their unlawful acquisition, use and disclosure 2016/1148 concerning measures for a high common level of security of 294 network and information systems across the Union 2016/2102/EU on the accessibility of the websites and mobile 314 applications of public sector bodies 2017/1564/EU on certain permitted uses of certain works and 44, 310, 311 other subject matter protected by copyright and related rights for the benefit of persons who are blind, visually impaired or otherwise print-disabled and amending Directive 2001/29/EC 2019/790/EU on copyright and related rights in the Digital Single 45 Market and amending Directives 96/9/EC and 2001/29/EC

European regulations 1049/2001 on access to European Parliament, Council and 214 Commission Documents 2016/679 on the protection of natural persons with regard to the 132, 134 processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) 2017/1563 on the cross-border exchange of certain works for 42, 45, 311 the benefit of persons who are blind, visually impaired or otherwise print-disabled (Regulation implementing the Marrakesh Treaty in the EU) 2017/1128 on cross-border portability of online content services in the 43 internal market

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:55 Page xxx

XXX

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

European decisions 2005/222/JHA of 24 February 2005 on attacks against information systems

302

COM DOCS COM (2017) 10 Regulation of the European Parliament and of the Council concerning the respect for private life and the protection of personal data in electronic communications and repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications) COM (2018) 234 Proposal for a Directive of the European Parliament and of the Council on the re-use of public sector information (recast)

135

244

Standards BS 10012: 2017 Specification for a personal information management system ISO 22301 Societal security – Business continuity management systems – Requirements ISO/IEC 27001 Managing information security requirements ISO/IEC 27002 2013 Information technology – security techniques – code of practice for information security controls ISO 27018 Certification for cloud privacy NISO 2015 NISO consensus principles on users’ digital privacy in library, publisher, and software-provider systems (NISO privacy principles)

171 172 171 172 172 187

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:55 Page xxxi

Table of cases

Anns v. London Borough of Merton [1978] AC 728 277 Attorney General v. Jonathan Cape Ltd [1976] QB 752 179 Attorney General v. Observer Ltd [1990] (the Spycatcher case) 113 Avi Reuveni v. Mapa Inc. Belgium 2010 Israel 2011: TA 3560/09, 3561/09 69 BestWater International GmbH v. Michael Mebes and Stefan 74 Potsch C-348/13 British Horseracing Board Ltd & Ors v. William Hill Organization 70 Ltd [2005] EWCA Civ 863 Caparo Industries plc v. Dickman [1990] 2 AC 605 277 Chang v. Virgin Mobile USA LLC 2009 WL 111570 (N.D. Tex. 68 January 16, 2009) Coco v. Clark [1969] RPC 41 108 Deckmyn v. Vandersteen C-201/13 54 Donoghue v. Stevenson [1932] UKHL 100 276 Dow Jones & Company Inc. v. Gutnick [2002] HCA 56 263 Draper v. Lincolnshire County Council [2014] EWHC 2388 (Admin) 28 (17 July 2014) Duchess of Argyll v. Duke of Argyll [1967] Ch 302 108, 113 Economou v. De Freitas [2016] EWHC 1853 (QB) 253 Gillick v. British Broadcasting Corporation [1996] EMLR 267 268 Godfrey v. Demon Internet Ltd [2001] QB 201 259 GS Media v. Sanoma Media Netherlands and Ors C-160/15 74 Hedley Byrne & Co. Ltd v. Heller & Partners Ltd [1963] UKHL 4 276 Her Majesty’s Advocate v. William Frederick Ian Beggs, High Court of 261 Judiciary (2001) HM Stationery Office v. Green Amps Ltd [2007] EWHC 2755 (Ch) 51 Hubbard v. Vosper [1972] 2 QB 84 CA 48 Infopaq v. Danske Dagblades Forening C-5/08 49 John Doe v. Gonzales 546 U.S. 1301 (2005) 185 Jones v. Kaney [2011] UKSC 13 271 Kaye v. Robertson [1991] FSR 62 109 Kipling v. Genatosan Ltd (1917–23) MCC 203 49 Lady Anne Tennant v. Associated Newspapers Group Ltd [1979] 124 FSR 298 Lichodmapwa v. L’asbl Festival de Theatre de Spa (2010) 68 Loutchansky v. Times Newspapers Ltd & Ors [2001] EWCA Civ 1805 261

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:55 Page xxxii

XXXII

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

Maguire v. Sydney Organising Committee for the Olympic Games [1999] HREOCA 26 Mansell v. Valley Printing [1908] 2 Ch 441 McFadden v. Sony C-484/14 McManus & Ors v. Beckham [2002] EWCA Civ 939 Merrett v. Babb [2001] EWCA Civ 214 (15 February 2001) Mosley v. The United Kingdom – 48009/08 [2011] ECHR 774 (10 May 2011) NLA v. Meltwater and PRCA [2011] EWCA Civ 890 (27 July 2011) Norwich Union v. Western Provident Association Ordnance Survey Northern Ireland v. Automobile Association (2001) Prince Albert v. Strange (1840) 1 Mac & G 25 Pro Sieben Media AG v. Carlton TV [1998] EWCA Civ 2001 Public Relations Consultants Association Ltd v. Newspaper Licensing Agency Ltd C-360/13 Quad/Graphics Inc. v. Southern Adirondack Library System, 664 N.Y.S.2d 225 (1997) R. v. City of Wakefield Metropolitan Council & another ex parte Robertson (16 November 2001) R v. K. [2008] EWCA Crim 185 R. v. London Borough of Ealing and others ex parte Times Newspapers Ltd [1987] 85 LGR 316 R. v. Schofield [2003] R (on the application of Barbara Gordon-Jones) v. Secretary of State for Justice & the Governor of HM Prison Send [2014] EWHC 3997 (Admin) R. (on the application of Evans) and another (Respondents) v. Attorney General (Appellant) [2015] UKSC 21 R. (on the application of Green) v. Gloucestershire County Council and R. (on the application of Rowe and Hird) v. Somerset County Council [2011] EWHC 2687 (Admin), [2011] EWHC 3216 (Admin) R. (Williams and Dorrington) v. Surrey County Council [2012] EWHC 867 (QB) Retail Systems Technology v. Mcguire [2007] IEHC 13 (2 February 2007) Reynolds v. Times Newspapers Ltd and others [1999] UKHL 45 SIA AKKA/LAA v. Latvia (ECtHR application no. 562/05) Simon Draper v. Lincolnshire County Council [2014] EWHC 2388 (Admin) Skuse v. Granada Television Ltd [1996] EMLR 278 Stepstone v. OFiR [2000] EBLR 87 Svensson and Ors v. Retriever Sverige AB C-466/12

315 124 78 249 270 181 63 267 65 108 49 62 185 167 329 7 299 229

208 28

28 124 253 227 7 268 72 74

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:55 Page xxxiii

TABLE OF CASES

Sweeney v. MacMillan [2001] EWHC 460 Tattered Cover v. City of Thornton, 44 P.3d 1044 (Colo. 2002) Technische Universitat Darmstadt v. Eugen Ulmer KG (C-117/13) Tolstoy v. UK (1995) 20 EHRR 442 (13 July 1995) United States of America v. Kevin Eric Curtin 489 F.3d 935 (9th Cir. 2007) United States v. Rumely, 345 US 41 (1953) University of London Press Limited v. University Tutorial Press Ltd (1916) 2 Ch. 601 Veritas Operating Corp v. Microsoft Corp, Western District of Washington Case No. 06-0703, February 20, 2008 Von Hannover v. Germany (ECHR judgment 24 June 2004) Wainwright v. Home Office [2003] UKHL 53 Watford Electronics v. Sanderson [2001] EWCA Civ 317 Weldon v. Times Book Co. Ltd [1911] 28 TLR 143 137

XXXIII

49 184 60 256 184 187 49 49 228 177 119 260

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:55 Page xxxiv

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:55 Page xxxv

Abbreviations

AA AC ACLU ALA ALCS All ER ALPSP APC API ASA ASIS&T BAILII BBC BHB BIC BL CACD CAP CCLINC CCTV CDPA CEO Ch. CILIP CIQM CJEU CLA CMA CMO CPS CPU CRM DA 2013 DACS DCMS DEA

Automobile Association Appeal Cases American Civil Liberties Union American Library Association Authors Licensing and Collecting Society All England Law Reports Association of Learned and Professional Society Publishers Article Processing Charge Application Programming Interfaces Advertising Standards Authority Association for Information Science and Technology British and Irish Legal Information Institute British Broadcasting Corporation British Horseracing Board Book Industry Communication British Library Court of Appeal, Criminal Division Committee of Advertising Practice Community Libraries in North Carolina Consortium closed-circuit television Copyright Designs and Patents Act 1988 Chief Executive Officer Chancery Division Chartered Institute of Library and Information Professionals Centre for Information Quality Management Court of Justice of the European Union Copyright Licensing Agency Computer Misuse Act Collective Management Organisation Crown Prosecution Service Central Processing Unit Collective Rights Management Defamation Act 2013 Design Artists Copyright Society Department for Digital, Culture, Media and Sport Digital Economy Act

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:55 Page xxxvi

XXXVI

DoS DPA DPIA DPO DPP DRM EBLIDA

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

denial-of-service attack Data Protection Act 2018 Data protection impact assessment Data protection officer Director of Public Prosecutions digital rights management European Bureau of Library, Information and Documentation Associations EBLR Electronic Business Law Reports EC European Commission ECHR European Convention on Human Rights ECtHR European Court of Human Rights ECJ European Court of Justice ECR European Court Reports EEA European Economic Area EEC European Economic Community EIR Environmental Information Regulations 2004 EIRENE European Information Researchers Network EMLR Entertainment and Media Law Reports ERO Electoral Registration Officer EU European Union EUIPO European Union Intellectual Property Office Euratom European Atomic Energy Community EuroCAUCE European Coalition Against Unsolicited Commercial E-mail EWCA England and Wales Court of Appeal EWHC England and Wales High Court Fam. Family Division FAQs frequently asked questions FOB Firms Out of Business FOIA Freedom of Information Act 2000 FOI(S)A Freedom of Information (Scotland) Act 2002 FRA European Union Agency for Fundamental Rights FSR Fleet Street Reports GATT General Agreement on Tariffs and Trade GATS General Agreement on Trade in Services GDPR General Data Protection Regulation GCHQ Government Communications Headquarters GMO Genetically Modified Organisms HaaS Hardware as a Service HCA High Court of Australia HMG Her Majesty’s Government

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:55 Page xxxvii

ABBREVIATIONS

HMSO HRA HREOC IaaS ICO ICOLC IEHC IFLA INSPIRE IP IPO IPR ISP JISC LDLA LGA LGR LISU LOCKSS Mac & G MLA MPA MPAA MSP NALC NHS NLA OA OES OFT OGL OPSI OS PA PACE PFI PII

XXXVII

Her Majesty’s Stationery Office (now incorporated into The National Archives) Human Rights Act 1998 (Australia’s) Human Rights and Equal Opportunities Commission Infrastructure as a Service Information Commissioner’s Office International Coalition of Library Consortia High Court of Ireland decisions International Federation of Library Associations Infrastructure for Spatial Information in the European Community Internet Protocol Intellectual Property Office intellectual property rights internet service provider Joint Information Systems Committee Legal Deposit Libraries Act 2003 Local Government Association Local Government Reports Library and Information Statistics Unit Lots of Copies Keep Stuff Safe Macnaghten & Gordon’s Chancery Reports Museums Libraries and Archives Council Music Publishers Association Motion Picture Association of America Member of the Scottish Parliament National Association of Local Councils National Health Service NLA Media Access Open access operators of essential services Office of Fair Trading Open government licence Office for Public Sector Information (now incorporated into The National Archives) Ordnance Survey Publishers Association Police and Criminal Evidence Act 1984 private finance initiative personally identifiable information

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:55 Page xxxviii

XXXVIII

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

PLA PLMA PLS PRCA PSI QB RAT RDSP RFID RIPA RMI RNIB RPC RPSI RUSA SaaS SCIP SIS SMS SSID TFEU TLR TPM TPS TRIPS TSO UCC UCE UCTA UKGLF UKHL UKOP UKSC UKSG UNESCO URI URL VAT VHF VPN

public library authority Public Libraries and Museums Act 1964 Publishers Licensing Services Public Relations Consultants Association prison service instruction Queen’s Bench Division Remote access tool relevant digital service provider Radio Frequency Identification Regulation of Investigatory Powers Act 2000 Rights Management Information Royal National Institute of the Blind Reports of Patent Cases Re-use of Public Sector Information Reference and User Services Association Software as a Service Strategic and Competitive Intelligence Professionals Secret Intelligence Service Short Message Service Service Set Identifier Treaty on the Functioning of the European Union Times Law Reports Technical protection measure Telephone Preference Service Trade Related Aspects of Intellectual Property Rights The Stationery Office Universal Copyright Convention University of Central England Unfair Contract Terms Act 1977 United Kingdom Government Licensing Framework United Kingdom House of Lords United Kingdom Official Publications (a product published by TSO) United Kingdom Supreme Court United Kingdom Serials Group United Nations Educational, Scientific and Cultural Organization Uniform Resource Indicator Uniform Resource Locator value added tax Very High Frequency Virtual Private Network

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:55 Page xxxix

ABBREVIATIONS

WATCH WIPO WPA WTO

Writers Artists and Their Copyright Holders World Intellectual Property Organization Wi-Fi Protected Access World Trade Organization

XXXIX

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:55 Page xl

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:55 Page xli

Glossary of terms

‘Acquis communautaire’ – See https://ec.europa.eu/digital-single-market/en/ eu-copyright-legislation. The body of EU law (or Community legislation). Artist’s resale right – See Droit de suite. Botnets – A network of private computers infected with malicious software and controlled as a group without the knowledge of the computer’s owner. Civil law – There are several different meanings for the phrase ‘civil law’. Civil law – in contrast to criminal law – deals with disputes between individuals or organisations. The state’s role is simply to provide the means by which they can be resolved. The phrase is also used in the context of the legal system, contrasting the civil law with the common law system. The civil law system is used by most of Continental Europe and parts of Latin America, and in this system the law is written down in statutes in a very logical and organised (codified) way across all the subject areas. In such systems, precedent (reference to previous judicial decisions) is not normally recognised as a primary source of law, although it can be used as a supplementary source. Common law – English law is called common law because it aims to be the same, whichever court made the decision. It is based on the principle of deciding cases by precedent, rather than to written statutes drafted by legislative bodies. Computer misuse – Can refer to a wide range of activities including accessing inappropriate material on the internet (such as pornographic material), inappropriate use of e-mail, hacking, spreading viruses, fraud, theft, copyright abuse, or the use of a computer to harass others. Contract – A contract is an agreement between two or more parties. It creates a legally binding obligation upon the parties involved. It is a promise, or set of promises, which the law will enforce. Criminal law – The branch of law that defines crimes and fixes punishments for them. A crime is an offence where the state acts against the individual in order to defend a collective interest. Punishments for crimes are fines, probation, community service or a prison sentence. Cyber bullying – A form of bullying or harassment which uses electronic means. Cyber espionage – Use of computer networks to obtain illicit access to confidential information. It is the act of obtaining secrets and information without the knowledge or permission of the holder from individuals,

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:55 Page xlii

XLII

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

competitors, governments and enemies. Cyber terrorism – The politically motivated use of computers and the internet to conduct violent acts which result in or threaten the loss of life or significant bodily harm. Cybercrime – The use of any computer networks to commit crime. Defamation – The act of damaging the reputation of another by means of false or malicious communications, whether written or spoken. Delict – A wilful wrong, similar to the common law concept of tort. Denial-of-service attack (DoS) – Massive quantities of otherwise normal messages or page requests are sent to an internet host, with the result that the server is overloaded, is unable to deal with legitimate requests and in effect becomes unavailable. Dooced – Being sacked for something you wrote on your personal blog or website. Droit de suite (‘artist’s resale right’) – A right which entitles authors and their successors in title to a percentage of the sale price, net of tax, whenever original works of art, in which copyright subsists, are re-sold in transactions involving art market professionals. Escrow agreement – See Technology escrow agreement. Interdict – A Scottish term for a temporary restraint. Legal deposit – The legal requirement for publishers to deposit with the British Library and the five other legal deposit libraries. Lending – Making available for use for a limited period of time and not for direct or indirect economic or commercial advantage. Libel – A written defamation. Orphan works – Works where the rights holder is either difficult or even impossible to identify or locate. Pharming – The ability to connect to a PC with the intention of retrieving ‘sensitive’ information and keystrokes, in order to trap log-in names and passwords. Phishing – The fraudulent acquisition, through deception, of sensitive personal information such as passwords and credit card details, by masquerading as someone trustworthy with a genuine need for that information. Precedent – The principle of deciding cases by reference to previous judicial decisions. Public domain – The public domain comprises the body of all creative works in which no person or organisation has any proprietary interest. Ratting – Hacking into a computer to take control of its functions. Derived from RAT or remote access tool. Rental – Making something available for use for a limited period of time and for direct or indirect economic or commercial advantage. Revenge porn – Posting on the internet sexually explicit images or videos

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:55 Page xliii

GLOSSARY OF TERMS

XLIII

without the consent of the subject, in order to cause them distress or embarrassment. Typically carried out by a former sexual partner. Slander – Oral defamation; the use of the spoken word to injure another person’s reputation. Smishing – Fraudulent messages sent over SMS (text messaging). The word is a combination of the terms ‘SMS’ and ‘phishing’ Social engineering – The use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes. Spoofed websites – A website that is deliberately designed to look like a legitimate site, sometimes using components from that legitimate site. Spyware – A category of malicious software that is designed to intercept or take over control of a PC’s operation without the knowledge or consent of the computer user. The term is used to refer to software that subverts the computer’s operation for the benefit of a third party. Sui generis – A Latin term which literally means ‘of its own kind [or type]’, constituting a class of its own. In relation to database rights, it refers to the rights that were newly created in order to protect databases. Swatting – An internet crime or prank whereby someone finds your address and then makes a hoax call to the emergency services in an attempt to get them to dispatch police officers or other emergency services staff to your address. Technology escrow agreement – An arrangement between two or more contracting parties to provide an independent, trusted third party with the source code, which would only be released by the trusted third party if particular contractual provisions are triggered (such as in the event of a service provider going into administration). It is a means of protecting against software vendor failure. Tort – A civil wrong that provides individuals with a cause of action for damages in respect of the breach of a legal duty. Trojans – A type of malware that is often disguised as legitimate software in order to gain access to a computer or system. Viruses – Malicious programs which spread themselves into other executable code or documents to infect vulnerable systems and gain control of a computer to steal sensitive data. Vishing – The fraudulent practice of making telephone calls or leaving voice messages claiming to be from a reputable company with the intention of inducing an individual to reveal personal information. Worms – A form of malicious software that replicates as it moves across computers, leaving a copy of itself in the memory of each infected computer.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:55 Page xliv

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:55 Page xlv

Preface

Key updates since the previous edition It is eight years since the publication of the 3rd edition of Essential Law for Information Professionals. The book incorporates the changes that have taken place in those intervening years – in terms of new statute law, new case law and new case studies, and examples of how the law works in practice. This 4th edition reflects the law as it stands at the time of writing (April 2019). The book contains a new chapter entitled ‘Library law’ (Chapter 2). This looks at the types of library service that are underpinned by statutory duties. It also covers legislation such as the Equality Act 2010 with its public sector equality duty, which has been used in a number of legal cases relating to local government cutbacks that have had a huge impact upon public libraries. The General Data Protection Regulation (GDPR) came into force in May 2018. It represents the most radical overhaul of data protection legislation for twenty years and led to the UK passing the Data Protection Act 2018. Chapter 7 of the book, which covers data protection, has been almost entirely re-written to reflect these legislative changes. The chapter covering defamation (Chapter 12) reflects the changes to defamation law introduced by the Defamation Act 2013.

Brexit The text for this book was completed in early April 2019 at a time of huge political turmoil. The UK government were originally scheduled to leave the European Union on 29 March 2019. That did not happen and at the time of writing there is still uncertainty as to Brexit. I would, therefore, like to draw attention to legislation relevant to library and information professionals which has been put in place in anticipation of the UK leaving the European Union. This includes: • The Freedom of Information Act 2000 (Amendment) (EU Exit) Regulations 2018: SI 2018/1353 • The Intellectual Property (Copyright and Related Rights) (Amendment) (EU Exit) Regulations 2019: SI 2019/605 • The Data Protection, Privacy and Electronic Communications (Amendments, etc.) (EU Exit) Regulations 2019: SI 2019/419

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:55 Page xlvi

XLVI

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

• The Data Protection, Privacy and Electronic Communications (Amendments, etc.) (EU Exit) (No. 2) Regulations 2019: SI 2019/485.

Brexit and orphan works At the time of writing, it is anticipated that the orphan works exception will no longer be available. The orphan works copyright exception is a cross-border provision which was set up in conjunction with a database managed by the EUIPO. It applies across EU member state borders. In the event of the UK leaving the European Union, it will not be able to make use of the exception. There are licensing solutions available for orphan works which would legitimise the copying of orphan works. The Intellectual Property Office issue orphan works licences (see Section 3.7.2). In addition, it is possible for licensing bodies/collecting societies to apply to the IPO for approval to offer orphan works licences as a result of legislation enabling extended collective licensing. In view of the fact that the orphan works exception had not been removed from the statute book at the time of writing, and because of the ongoing Brexit negotiations, the text relating to the orphan works exception has been moved to an appendix at the end of the book (Appendix 1).

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:55 Page 1

CHAPTER 1

General law and background

Contents 1.1 1.2 1.3 1.4 1.5

Legal system Court system Sources of law Legal concepts and terminology Conclusions

1.1

Legal system

The United Kingdom consists of three distinct jurisdictions, each with its own court system and legal profession: England and Wales, Scotland, and Northern Ireland. When the Labour Party came to power in 1997, they embarked on a number of constitutional reforms. These included the introduction of freedom of information legislation, the implementation of the European Convention on Human Rights (ECHR) into UK law, replacing the Law Lords with the Supreme Court as the highest court in the land, and a programme of devolved government. As a result, there is a separate Scottish Parliament and a Welsh Assembly. Northern Ireland already had its own Assembly. The Scottish Parliament legislates in areas of domestic policy but matters best dealt with at UK level remain reserved to the UK parliament and government. Devolved matters include:

Reserved matters include:

Agriculture, forestry and fisheries

Benefits and social security

Education and training

Broadcasting

Environment

Constitution

Health and social services

Defence

Housing

Employment

Land use planning

Equal opportunities

Law and order

Foreign policy

Local government

Immigration

Sport and the arts

Trade and industry

Figure 1.1 Devolved and reserved matters in Scotland

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:55 Page 2

2

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

Reserved matters include:

The Government of Wales Act 1998 gave the Welsh Assembly powers to legislate in domestic Immigration areas and the Assembly’s powers Defence of the realm were strengthened firstly under Constitution the Government of Wales Act Foreign affairs 2006, and again under The Wales Act 2017. There are still a number Immigration and nationality of legal tests that must be passed Crime, public order and policy under the reserved powers model, Consumer protection for example, Acts of the Assembly must not relate to any reserved Laws around child sex abuse matter set out in Schedule 7A of Out of control dogs the 2006 Act as amended by the Law regarding possession of knives Wales Act 2017 (such as modern Fiscal, economic and monetary policy slavery, electricity, road and rail transport, medicines). In addition, Figure 1.2 Reserved matters in Wales Assembly Acts must not breach any of the restrictions set out in Schedule 7B of the 2006 Act as amended – so, for example, they must not modify private law (such as contract, tort, property) unless it is for a devolved purpose, or modify certain criminal offences (such as any sexual offences). Instead of telling the Assembly what it can do, the legislation sets out the things that it cannot do – the ‘reservations’. While the legislation only sets out details of matters that are reserved to the Westminster Parliament, one can deduce from this those areas that are devolved. They would include areas such as: Employment

• Some tax raising powers • Roads and motorways, speed limits, bus route regulation • Some aspects of energy such as granting or refusing planning permission for power plants and energy generating schemes up to 350 megawatts; approving any new oil and gas schemes in Wales, including permission to give the go ahead for fracking plans; licensing for any new coal mines • Tourism. The previous legislation listed 20 subjects which had been devolved. These were: 1 2 3 4

Agriculture, fisheries, forestry and rural development Ancient monuments and historic buildings Culture Economic development

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:55 Page 3

GENERAL LAW AND BACKGROUND

5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20

3

Education and training Environment Fire and rescue services and promotion of fire safety Food Health and health services Highways and transport Housing Local government National Assembly for Wales Public administration Social welfare Sport and recreation Tourism Town and country planning Water and flood defence Welsh language

It would, however, be misleading to list broad topic areas that are devolved, because of the way in which the legislation works. The following examples show how careful and precise one needs to be about what has been devolved: • Sport and recreation was one of the 20 subject areas listed as being devolved under the conferred powers model. But under the reserved powers model, the legislation lists the safety of sports grounds as a reserved matter. • Another subject area previously listed as devolved is culture. But the Government of Wales Act 2006 schedule 7A list of reservations (as amended) stipulates that broadcasting and other media and the British Broadcasting Corporation are reserved matters. Legislation put forward by the Welsh Assembly Government is subject to scrutiny and approval by the National Assembly for Wales. Initially, the National Assembly didn’t have full law-making powers and the Welsh Assembly could only pass subordinate legislation. Limited law-making powers were gained through the Government of Wales Act 2006 and these were enhanced following a referendum held on 3 March 2011 in which two thirds (63.5%) of those who voted gave a resounding yes to the motion: ‘Do you want the Assembly now to be able to make laws on all matters in the 20 subject areas it has powers for?’ The Welsh Assembly are now able to make laws, known as Acts of the Assembly, on all matters for which it has devolved powers, without needing the UK Parliament’s agreement. The UK is a signatory of the European Convention on Human Rights (ECHR)

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:55 Page 4

4

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

(Council of Europe, 1950) and this was incorporated into UK law through the Human Rights Act 1998. There is no written constitution as such for the UK. The constitutional law of the UK consists of statute law and case law. In November 2010, a Cabinet manual was published setting out the main laws, rules and conventions affecting the conduct and operation of government (Cabinet Office, 2010). Some commentators saw this as a step towards a written constitution, whilst others saw it merely as a document explaining how government operates. In addition, there are international treaties and conventions to which the UK is a signatory and which have binding force. There are two basic systems of law: the common law system, which is used in England and Wales, and the civil law system, which is used by most of Continental Europe and parts of Latin America. The legal systems of England, Wales and Northern Ireland are very similar. Scotland has a hybrid system of civil and common law.

1.1.1 Common law system English law is called common law because it aims to be the same, whichever court makes the decision. It began soon after the Norman Conquest of 1066, when the king and court travelled around the country hearing grievances. The common law system is based on the principle of deciding cases by reference to previous judicial decisions (known as ‘precedents’), rather than to written statutes drafted by legislative bodies. A body of English law evolved from the 12th century onwards. Reported cases present specific problems out of which a point of law is extracted. Formulation of the law is bottom-up from a specific event to a general principle. Judicial decisions accumulate around a particular kind of dispute and general rules or precedents emerge. These precedents are binding on other courts at the same or a lower level in the hierarchy. The same decision must result from another situation in which the material or relevant facts are the same. The law evolves by means of opinion changing as to which facts are relevant; and by novel situations arising.

1.1.2 Civil law system The civil law system is used by most of Continental Europe and parts of Latin America. The law is written down in statutes in a very logical and organised (codified) way across all the subject areas. In such systems, precedent is not normally recognised as a source of law, although it can be used as a supplementary source. This results in a top-down system of a codified law book, which is based upon broad principles and then broken down into legal topics similar to those of the common law countries.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:55 Page 5

GENERAL LAW AND BACKGROUND

5

In the civil law system, case law is illustrative, as the court relies more on commentaries from professors and judges published in books and journal articles. The civil law system – which is based on ancient Roman law – arose from many countries being given the Napoleonic code when occupied during the Napoleonic era. Since then, national laws have diverged, but remain basically similar.

1.2

Court system

England and Wales, Scotland and Northern Ireland have their own hierarchy of courts, although they are all divided into two sections – criminal and civil.

1.2.1 England and Wales In England and Wales, the lowest criminal courts are the Magistrates’ Courts, which deal with minor offences. More serious cases are heard in the Crown Court in front of a judge and jury. The Crown Court also hears cases that are appealed from the Magistrates’ Courts on factual points. Cases can be appealed on points of law to the High Court (Queen’s Bench Division (QBD)). Appeals against conviction and sentence go to the Court of Appeal, Criminal Division (CACD). Civil cases at first instance are heard in the County Courts for minor claims. More serious cases are dealt with by the High Court, which is divided into three divisions: 1 The QBD hears civil claims involving tort, such as personal injury, other negligence actions and contracts. 2 The Chancery Division hears cases involving areas such as land, wills, and trusts; as well as intellectual property, company and tax cases. 3 The Family Division hears cases relating to family law, such as divorce. Cases may be appealed to the Court of Appeal (Civil Division) and in turn these may be appealed to the Supreme Court. It should be noted, however, that appeals can only be brought with permission – either from the judge hearing the original case or from a Court of Appeal judge. The Supreme Court hears appeals on arguable points of law of the greatest public importance, for the whole of the United Kingdom in civil cases, and for England, Wales and Northern Ireland in criminal cases. In October 2009, it replaced the system of Law Lords operating as a committee of the House of Lords as the highest court in the United Kingdom. Moving the UK’s top court from Parliament was an integral part of demonstrating its independence from government.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:55 Page 6

6

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

Civil court procedure Procedure in the civil courts is governed by the Civil Procedure Rules, consisting of rules and practice directions. The Civil Procedure Rules make up a procedural code whose overriding aim is to enable the courts to deal with cases justly: http://www.justice.gov.uk/courts/procedure-rules/civil/rules.

1.2.2 Scotland In Scotland there is something known as the ‘simple procedure’ which is a court process designed to provide a speedy, inexpensive and informal way to resolve disputes where the monetary value does not exceed £5,000. A claim is made in the sheriff court by a claimant. The party against whom the claim is made is known as a respondent. The final decision in a claim is made by a sheriff or a summary sheriff. From 28 November 2016 simple procedure replaced the small claims procedure. It also replaced the summary cause procedure but only where it relates to actions for payment, delivery or for recovery of possession of moveable property, or actions which order someone to do something specific. Where the value of the claim is over £5,000 the ordinary cause procedure should be followed. The Outer House of the Court of Session can hear most types of civil case. The Inner House of the Court of Session is generally the court of appeal from the Outer House, sheriffs and certain tribunals. Thereafter, appeals in civil cases can be made to the Supreme Court. There are three levels of court procedure in criminal matters in Scotland. The lowest criminal courts are the District Courts, which are presided over by justices of peace and in some cases stipendiary magistrates. These courts deal with minor offences such as breach of the peace and shoplifting, and their powers to sentence are limited. Next are the Sheriff Courts, which deal with minor offences (where a sheriff presides), while more serious offences, except murder and rape, are dealt with by a sheriff sitting with a jury. A sheriff sitting alone has limited sentencing powers in comparison to a sheriff sitting with a jury. The most serious criminal offences in Scotland are heard by the High Court of Justiciary.

1.2.3 Northern Ireland The highest court in Northern Ireland is the Court of Judicature, which consists of the Court of Appeal, the High Court and the Crown Court. There are then the lower courts: the County Courts, with criminal and civil jurisdiction, and the Magistrates’ Courts. Cases, which start in either the Crown Court or the High Court, can be appealed to the Court of Appeal in Belfast; and, where leave is given, to the Supreme Court of the United Kingdom. Cases which start in either

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:55 Page 7

GENERAL LAW AND BACKGROUND

7

the County Courts or the Magistrates’ Courts can only be appealed as far as the Court of Appeal in Belfast; and unlike the equivalent in England and Wales, this is not split into a Civil Division and a Criminal Division.

1.2.4 Judicial reviews The QBD of the High Court has a supervisory role in which it is responsible for supervising subordinate bodies and tribunals in the exercise of their powers. This is achieved primarily by means of the procedure known as judicial review in which the decisions of any inferior court, tribunal or other decision-making public body may be challenged or called into question on any one of four possible grounds, although the fourth ground – legitimate expectation – is very rare: 1 Illegality: where the decision maker acted beyond their powers. 2 Unfairness: where there has been a procedural irregularity or breach of natural justice, such as not permitting applicants to put their case properly, or bias. 3 Irrationality: where the decision that has been reached is one that no properly informed decision-maker could rationally reach. 4 Legitimate expectation (a public body may, by its own statements or conduct, be required to act in a certain way, where there is a legitimate expectation as to the way in which it will act). A couple of examples relevant to library and information professionals of where judicial reviews have been used to challenge decisions include: • The case of R. v. London Borough of Ealing, ex parte Times Newspapers Ltd [1987] 85 LGR 316, where the decision of several libraries to ban The Times on political grounds (specifically, in support of print workers in an industrial dispute) was challenged (see Section 2.4) because of their legal duty under the Public Libraries and Museums Act 1964 to provide a comprehensive and efficient library service. • In Simon Draper v. Lincolnshire County Council [2014] EWHC 2388 (Admin), the High Court handed down a decision quashing the plans by Lincolnshire County Council to make £2 million pounds’ worth of cuts to the library service. Mr Justice Collins concluded that the means by which Lincolnshire decided and reached its decision in December 2013 was flawed.

1.2.5 Tribunals In addition to the courts, there are also a number of specialised tribunals, which hear appeals on decisions made by various public bodies and government

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:55 Page 8

8

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

departments. Tribunals cover areas such as employment, immigration, social security, tax and land. Three tribunals relate to areas of law covered in this book: 1 The First-tier Tribunal (Information Rights), formerly the Information Tribunal, hears appeals arising from decisions and notices issued by the Information Commissioner under the Freedom of Information Act 2000, the Data Protection Act 2018, the Privacy and Electronic Communications (EC Directive) Regulations 2003 and the Environmental Information Regulations 2004. 2 The Investigatory Powers Tribunal investigates and determines complaints which allege that public authorities or law enforcement agencies have unlawfully used covert techniques and infringed our right to privacy, as well as claims against the security and intelligence agencies for conduct which breaches a wider range of our human rights. 3 The other tribunal relevant to the topics covered in this book is the Copyright Tribunal (see Section 3.5). The Tribunal’s principal task is adjudicating disputes between collective licensing agencies and natural or legal persons who consider that they have been unreasonably refused a licence or have been offered a licence with unreasonable terms.

1.3

Sources of law

Statutory legislation and case law are the primary sources of law, with textbooks, journal articles, encyclopedias, indices and digests making up a body of secondary sources. Legislation in the UK can apply to the country as a whole; or, bearing in mind the impact of devolved government, there can also be Scottish legislation, Welsh legislation and Northern Irish legislation. United Kingdom primary legislation consists of public and general acts, and local and personal acts – such as ones that are of specific and limited nature – for example, The City of London Corporation (Open Spaces) Act 2018. Acts of Parliament typically have a section just before any schedules, which is headed ‘short title, commencement, extent’ and which outlines the short title the Act is known by, the arrangements for the coming into force of the Act, and whether the Act applies to particular countries. Either there will be an extent section at the end of the Act setting out the geographical extent of the Act; or else it will be silent on the matter, in which case the Act applies to the whole of the UK. When considering Acts of Parliament, one needs to ask whether an Act is yet in force – few Acts come into force immediately on being passed. The reader should look for a commencement section at the end of the Act (which would appear before any schedules). It will either give a specific day for commencement or else it will refer to ‘a day to be appointed’ which will then be

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:55 Page 9

GENERAL LAW AND BACKGROUND

9

prescribed in one or more commencement orders in the form of statutory instruments. If the Act doesn’t contain a commencement section, this means that the Act came into force on the date it received Royal Assent. Where an Act has been brought into force, the question to ask is whether the Act is still – wholly or partly – in force. This isn’t always easy to establish. For example, an Act could be repealed by another Act, but one would then need to check whether the repealing Act has yet come into force. There are a number of commercially available annotated versions of statutes such as Halsbury’s Statutes or the Blackstone’s Statutes Series, or those available on the online services Lexis (http://www.lexisnexis.co.uk/en-uk/home.page) or Westlaw (https://login.westlaw.co.uk/maf/wluk/app/authentication/signon).

1.3.1 Progress of UK legislation UK bills can start in either the House of Commons or the House of Lords, although bills whose main purpose is taxation or expenditure start in the House of Commons. Some bills may have been preceded by a consultation document (Green Paper) and/or by a statement of policy (White Paper), although this is optional. Bills are broken up into clauses whereas Acts of Parliament are broken up into sections. In the introductory part of the Act it will set out its purpose in a series of provisions. For example, the Data Protection Act 2018 (http://www.legislation.gov.uk/ukpga/2018/12/introduction/enacted) says: An Act to make provision for the regulation of the processing of information relating to individuals; to make provision in connection with the Information Commissioner’s functions under certain regulations relating to information; to make provision for a direct marketing code of practice; and for connected purposes. Her Majesty’s Government’s (HMG) consultation principles 2018 https://assets. publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/ file/691383/Consultation_Principles__1_.pdf says ‘Give enough information to ensure that those consulted understand the issues and can give informed responses. Include validated impact assessments of the costs and benefits of the options being considered when possible; this might be required where proposals have an impact on business or the voluntary sector’, and that the duration of a consultation exercise should last for a proportionate amount of time. Bills are drafted by lawyers in the Office of the Parliamentary Counsel, which is part of the Cabinet Office. The Order Paper, also known as the Order of Business, in the House of Commons is published each sitting day. It lists the business of the House, and it contains a Notice of Presentation of the Bill and this is the first reading of the Bill. The Minister or a government whip then

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:55 Page 10

10

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

names a day for the Bill’s second reading. The Bill is then allocated a Bill number – for example, Finance (No. 2) Bill (HC Bill 134) of session 2017-2019. The text of Bills can be found on the internet (https://services.parliament.uk/bills/). Explanatory notes are published to accompany Bills. These normally include a summary of the main purpose of the Bill and a commentary on individual clauses and schedules. See, for example, the Finance (No. 2) Bill explanatory notes: https://assets.publishing.service.gov.uk/government/uploads/system/ uploads/attachment_data/file/664009/explanatory_notes.pdf. The second reading debate is announced by the Leader of the House in a Business Statement. The second reading is the time for the House to consider the principles of the Bill. The debate on second reading is published in Hansard (https://hansard.parliament.uk/). After the second reading, the Bill has its Committee stage. This would normally take place in a Standing Committee, but it may be taken in a committee of the whole House or a Special Standing Committee depending on the nature of the Bill. The next stage is the consideration or report stage. The House can make further amendments to the Bill at that stage, but does not consider the clauses and schedules to which no amendments have been tabled. The final Commons stage of the Bill is the third reading. This enables the House to take an overview of the Bill as amended in Committee. No amendments can be made at this stage. Once it has passed its third reading in the Commons, the Bill is then sent to the House of Lords. The legislative process in the House of Lords is broadly similar to that in the House of Commons. However, there are a few important differences: 1 After the second reading, bills are usually submitted to a committee of the whole House. 2 There is no guillotine and debate on amendments is unrestricted. 3 Amendments can be made at the third reading as well as at Committee and consideration stage. The House of Lords and House of Commons must finally agree the text of each Bill. In practice, in order for this to happen a Bill can travel backwards and forwards between the two houses several times. This is known as ‘ping-pong’ which refers to the to and fro of amendments to Bills between the House of Commons and the House of Lords. If the Lords have not amended a Commons Bill, they must inform the Commons of that fact. Once the text of a Bill has been approved by both houses, the Bill is then submitted for Royal Assent. The UK Parliament website (https://services. parliament.uk/bills/) can be used in order to monitor the progress of Bills through Parliament.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:55 Page 11

GENERAL LAW AND BACKGROUND

11

Statutory Instruments are regulations, orders or rules made under the authority of an Act of Parliament. They often provide the detail required for the application of the Statute such as what forms to fill in, the level of fees to be paid or provisions for the commencement of an Act (i.e. when it comes into force). Statutory instruments are ‘revoked’ rather than ‘repealed’. In addition to primary legislation in the form of Acts of Parliament and Statutory Instruments, there is also a body of what one might refer to as ‘quasilegislation’ and other regulatory materials. This would include codes of practice, departmental circulars and material emanating from governmental or nongovernmental bodies that would have relevance in legal proceedings – particularly where questions of standards or reasonableness are in issue (see, for example, the codes of practice in Section 8.3).

1.3.2 Law reports Cases in the courts are reported in numerous series of law reports. Until 1865, case reporting in England was undertaken by private court reporters and the resultant publications were known as the nominate reports because they were usually known by the name of the reporter. These have been gathered together in a collection called the English Reports. In 1865, the reporting of cases was systematised by the Incorporated Council of Law Reporting, which started publishing series of reports organised according to the court, collectively known as The Law Reports. These are recognised as being the most authoritative in the hierarchy of reports. The main series of law reports in England and Wales are: • The Law Reports 1865– (in four separate series: Chancery Division [Ch.], Appeal Cases [AC], Family Division [Fam.], Queen’s Bench [QB]) • Weekly Law Reports 1954– • All England Law Reports 1936– . In Scotland, the Scottish Council of Law Reporting (a non-profit-making body) produces the most authoritative law reports, but commercial publishing companies undertake most reporting. The main reports are the Session Cases and these commenced in their present form in 1907. Previously, like the English Law Reports, the reports were known by the names of the court reporter and were collectively referred to as the nominate reports. The other common reports are: • Scots Law Times • Scottish Civil Law Reports 1987–

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:55 Page 12

12

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

• Scottish Criminal Case Reports 1981– • Greens Weekly Digest 1986– . In Northern Ireland the official law reports are the Northern Ireland Law Reports. There are also the Northern Ireland Judgments Bulletin, the Irish Reports and the Irish Law Times Reports. In addition, there are many specialised reports covering different areas of law. The most comprehensive list of citations in the UK is Donald Raistrick’s Index to Legal Citations and Abbreviations (4th edn, 2013, Sweet & Maxwell). The starting point for research on English law is Halsbury’s Laws of England. When using sources of legal information it is vital to make sure that the books, journal articles or web pages you use are up to date, or that at the very least you are aware of the changes that have taken place since they were written. TIP: Bear in mind that the law is changing rapidly in the areas covered by this book. The free web-based sources may not have been annotated or amended, so it is often necessary to use commercial subscription services in order to get the most up-to-date information. Textbooks and other secondary sources aren’t formal sources of law, but they do nevertheless have relevance in the courts. Writings by highly regarded authors are frequently cited in court as persuasive sources. There are a number of guides to legal research. These include: • Clinch, P. (2013) Legal Research: a practitioner’s handbook, 2nd edn, Wildy, Simmonds & Hill. • Knowles, J. (2012) Effective Legal Research, 3rd edn, Sweet & Maxwell.

1.3.3 Public international law The law governing the legal relations between states is known as ‘public international law’ and it is distinct from internal domestic law. Public international law covers topics such as the recognition of states, the law of war, treaty making and diplomatic immunity. It can also apply to individuals where it operates at an international level but only through international courts and tribunals. This covers areas such as the law on asylum, human rights or war crimes. Sources of public international law include treaties and the case law of international courts and tribunals.

1.3.4 Websites Parliamentary websites

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:55 Page 13

GENERAL LAW AND BACKGROUND

• • • • •

13

United Kingdom Parliament: www.parliament.uk. Northern Ireland Assembly: www.niassembly.gov.uk. Welsh Government: www.wales.gov.uk. Scottish Parliament: http://www.parliament.scot/. Tynwald (Parliament of the Isle of Man): www.tynwald.org.im.

Government, legislation and law report sites • Gov.uk is a portal to the websites of government services and information: www.gov.uk. • The texts of statutes and statutory instruments can be found here: www.legislation.gov.uk. • Parliament website for bills: http://services.parliament.uk/bills. • BAILII (British and Irish Legal Information Institute) provides access to British and Irish legal cases and legislation: https://www.bailii.org. • Supreme Court judgments: https://www.supremecourt.uk/decided-cases/. • Courts & Tribunals Judiciary https://www.judiciary.uk/judgments/. • Scottish Court Service: https://www.scotcourts.gov.uk/search-judgments. • Judiciary NI: https://judiciaryni.uk/judicial-decisions.

1.4 Legal concepts and terminology 1.4.1 Criminal law A crime is defined as an offence where the state acts against the individual to defend a collective interest. Criminal law is the branch of law that defines crimes and fixes punishments for them. The punishments are fines, probation, community service (which are seen as alternatives to custody) or a prison sentence. Also included in criminal law are rules and procedures for preventing and investigating crimes and prosecuting criminals, as well as the regulations governing the constitution of courts, the conduct of trials, the organisation of police forces and the administration of penal institutions. In general, the criminal law of most modern societies classifies crimes as: offences against the safety of the society; offences against the administration of justice; offences against the public welfare; offences against property; and offences threatening the lives or safety of people.

1.4.2 Civil law Civil law deals with disputes between individuals or organisations. The state’s role is simply to provide the means by which they can be resolved. ‘Civil law’, in the context of distinguishing between civil law on the one hand and criminal law on the other, has a different meaning to that of the legal system known as the ‘civil law system’, which is used in most of Continental Europe (see Section 1.1.2). A civil claim results in a remedy, such as the payment of damages by way

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:55 Page 14

14

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

of compensation being granted to one party against the other, or restitution – injunction/interdict.

1.4.3 Tort (England, Wales, Northern Ireland)/Delict (Scotland) When a contract (see Section 1.4.4) cannot apply, third-party agreements called torts might apply. These encompass mainly obligations and duties of care. These duties of care are owed to those foreseeably affected by one’s actions, balanced by a concern not to extend this to remote and generalised effects. A standard test of reasonableness has to be applied, whereby you must take reasonable care to avoid all acts and omissions that you can reasonably foresee would be likely to injure your neighbour. Torts are essentially civil wrongs that provide individuals with a cause of action for damages in respect of the breach of a legal duty. They include negligence and, as far as information professionals are concerned, professional negligence, which covers things like the accuracy of information; and they would also include defamation. In deciding whether an information professional’s actions were negligent, they would be judged against the actions of their fellow professionals (see Chapter 13). Basically, rights in tort are civil rights of action that are available for the recovery of unliquidated damages by persons who have sustained injury or loss from acts or statements or omissions of others in breach of a duty or in contravention of a right imposed or conferred by law, rather than by contract. Damage includes economic as well as physical damage.

1.4.4 Contract law A contract, in law, is an agreement that creates an obligation binding upon the parties involved. It is a promise or set of promises that the law will enforce. To constitute a valid contract, there must be two or more separate and definite parties to the contract. There must be an offer, acceptance, intention to create legal relations (and capacity to do so) and consideration (although consideration is not required in Scotland) supporting those promises. Contracts are agreements between two (or more) parties tailored to fit the needs of the transaction involved. Essentially there must be performance of certain obligations in return for a ‘consideration’ (what supports the promises that have been made). 1 2 3 4

Offer Acceptance Intention to contract Consideration

Figure 1.3 What establishes a contract?

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 15

GENERAL LAW AND BACKGROUND

15

One party offers to do something for the other party and the other party accepts this offer. The essential elements of a contract are: 1. Offer – the proposal to make a deal. This offer must be communicated clearly to the other party and remain open until it is either accepted, rejected, withdrawn or has expired. 2. Acceptance – this is the acknowledgement by the other party that they have accepted the offer. Where a qualified acceptance is made, this amounts to a rejection of the original offer and is instead regarded as a counter-offer, which also requires acceptance. 3. Intention to create legal relations (and capacity to do so). 4. Consideration – this is what supports the promises made. It is the legal benefit that one person receives and the legal detriment on the other person. This could, for example, take the form of money, property or services. Consideration is not necessary for a contract in Scots law. Contracts arise where the parties reach agreement as to the fundamental features of the transaction; this is often referred to as ‘consensus in idem’ (meeting of the minds). To determine whether agreement has been reached, contracts in Scotland are analysed in terms of offer and acceptance. The contract doesn’t have to be a signed document. It could be entered into orally, although this does make it more difficult to establish whether or not there is a contract. A written contract contains the terms and conditions of the agreement and can be used in any dispute, although the very fact that someone has a carefully worded written contract can help prevent a dispute occurring because a written contract sets out clearly the rights and obligations of the parties. Certain classes of contracts, however, in order to be enforceable, must be written and signed. These include contracts involving the sale and transfer of real estate and contracts to guarantee or answer for the miscarriage, debt or default of another person. In England, Wales and Northern Ireland, the Supply of Goods and Services Act 1982 implies terms into a contract, such as implying that the service must be carried out with reasonable care and skill. Customers in Scotland continue to rely on their common law rights. However, please note that the parties can agree that the implied rights should not apply to the provision of the service but any exclusion or restriction shall be subject to the terms of the Unfair Contract Terms Act 1977 (UCTA) (www.legislation.gov.uk/ukpga/1977/50). Under the UCTA, a person cannot exclude or restrict his liability for the death or personal injury resulting from negligence. Only if the exclusion clauses satisfy a test of reasonableness can someone exclude or restrict liability for other loss or damage resulting from negligence. It would be for the party seeking to impose a

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 16

16

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

contract term to demonstrate to the court that it was reasonable, should they be challenged. It should be noted, however, that the UCTA specifically excludes intellectual property rights from its main provisions. In Schedule 1, it says that so far as section 2 (negligence liability), section 3 (liability arising in contract), section 4 (unreasonable indemnity clauses) and section 7 (miscellaneous contracts under which goods pass) are concerned, that they do not apply to any contract so far as it relates to the creation or transfer of a right or interest in any patent, trade mark, copyright (or design right), registered design, technical or commercial information or other intellectual property, or relates to the termination of any such right or interest. The Unfair Terms in Consumer Contracts Regulations 1999: SI 1999/2083 provides that a term which has not been individually negotiated in a consumer contract is unfair if, contrary to the requirement of good faith, it causes a significant imbalance in the rights and obligations of the parties to the detriment of the consumer. Chapter 6 considers contracts and licensing in more detail, especially as they relate to the work of information professionals, such as contracts for searching online databases or having access to proprietary information.

1.4.5 Property The concept of property is formulated as an exclusionary right to prevent others from making use of either tangible or intangible ‘things’. Intellectual property laws, for example, cover the areas of copyright, patents, trade and service marks and designs. They specify rights to control who may copy, perform, show or play a work, reproduce an invention or benefit from the creative promotion of a brand. These property rights are qualified rather than absolute rights. The interests of other stakeholders, or a broad public interest will override, limit or in some way modify what can be done. Hence there will be exceptions to the exclusive intellectual property rights (IPRs).

1.5

Conclusions

It is important to recognise that where legal matters are concerned, there are very few clearly right or wrong answers, hence the reason for many issues having to be resolved in court. Dealing with legal issues is often a matter of risk management and how organisations and individuals can minimise the risk of legal action being taken against them. In contracts there will often be a jurisdiction clause and this will usually specify that in the event of a dispute the matter will be considered under the law of England and Wales, as there isn’t a law of the United Kingdom as such. Having said that, the law of England, Wales, Scotland and Northern Ireland is

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 17

GENERAL LAW AND BACKGROUND

17

uniform in many respects, although that isn’t always the case bearing in mind the impact of devolution. This book is based upon the laws of the UK. Whilst it will be of interest to information professionals working in other parts of the world, the reader should bear in mind that it is written from a UK perspective.

References Cabinet Office (2010) Cabinet Manual, https://www.gov.uk/government/publications/cabinet-manual. Council of Europe (1950) The European Convention on Human Rights, HRI, http://www.hri.org/docs/ECHR50.html. Parliament.uk (2019) Hansard, https://hansard.parliament.uk/. Raistrick, D. (2013) Index to Legal Citations and Abbreviations, 4th edn, Sweet & Maxwell.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 18

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 19

CHAPTER 2

Library law

Contents 2.1 2.2 2.3

Localism Act 2011 Public Services (Social Value) Act 2012 Sustainable Communities Act 2007 and Sustainable Communities Act 2007 (Amendment) Act 2010 2.4 Public Libraries and Museums Act 1964 2.5 Local byelaws 2.6 Literary and Scientific Institutions Act 1854 2.7 Library Offences Act 1898 2.8 Prison library service 2.9 School library service 2.10 Equality Act 2010 (section 149: Public sector equality duty) References This chapter outlines key elements of the legislative framework governing the work of libraries. It covers laws that could impinge on the professional life of librarians.

2.1

Localism Act 2011

The Localism Act 2011 (Part 5 (Community empowerment), Chapter 3 (Assets of community value)) provides for a scheme called ‘assets of community value’ (the ‘right to bid’). This requires district and unitary councils to maintain a list of ‘community assets’. It is also known as the ‘community right to bid’. The first stage of the community right to bid is the nomination of a community asset. Parish councils and community organisations may nominate land or buildings to their local authority. ‘Assets of community value’ covers buildings and amenities that are integral to the communities that use them, such as a village shop, a pub, a community centre or a library. There are numerous examples of libraries being nominated as assets of community value. When listed assets come up for sale or change of ownership, the Localism Act 2011 gives local community groups time to develop a bid and raise the money required to buy the asset when it comes onto the open market. The right to bid

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 20

20

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

only applies when an asset’s owner decides to dispose of it. There is no compulsion on the owner to sell it. The scheme does not give first refusal to the community group, unlike the equivalent scheme in Scotland. It is not a community right to buy the asset, just a right to bid for it. This means that the local community bid may not be the successful one. Certain types of land, most notably residential property, are exempt from being placed on the register. Owners of property placed on the register may appeal against its listing and can claim compensation if they can demonstrate that its value has been reduced as a result of being nominated as an asset of community value. Also, certain types of transfer of land or assets do not count as ‘disposals’ for the purposes of the legislation. The community right to bid extends to England; the Welsh Government has not yet commenced it with regard to Wales. The Community Right to Challenge enables local communities to formally express interest in taking over the running of a particular local service where they believe they could do so effectively. Library services fall within the range of services to which this right applies. The Community Knowledge Hub for libraries https://libraries. communityknowledgehub.org.uk brings together expert guidance and resources to support organisations working through community enterprise, community asset ownership and community rights. Publications available through the hub include: • Understanding community asset transfer: a guide for community organisations, Locality, 2018, https://locality.org.uk/wp-content/uploads/2018/03/ Understanding-Community-Assets-Transfer-Guide-for-CommunityOrganisations.pdf. • Choosing a legal structure: a toolkit for community organisations, Russell-Cooke Solicitors, Locality, 2018, https://locality.org.uk/wpcontent/uploads/2018/03/Choosing-a-legal-structure-toolkit.pdf.

2.2

Public Services (Social Value) Act 2012

The Public Services (Social Value) Act requires local authorities and other commissioners of public services to consider how their services can benefit people living in the local community. Councils have an obligation before they start the procurement process to consider how the procurement of services contracts with a life value of more than £173,934 might improve the economic, social and environmental wellbeing of the area affected by the proposed contract, and how it might act to secure this improvement. The monetary figure comes from EU procurement thresholds. In terms of social value, things for contract bidders to consider might include:

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 21

LIBRARY LAW

21

• How does their submission contribute to the health and wellbeing of local residents and address inequalities? • How does their submission take account of equality and diversity in the provision and operation of services? • What additional social value offer elements will they be providing during the lifetime of the contract? • What measures will they be taking to make libraries available to targeted groups that would otherwise struggle to access such facilities? The Act also requires commissioners to consider consulting on the services to be procured. The government believes that wider consultation will not only develop stronger relationships between service providers and the authorities but will also enable people to say what they want from a particular public service. This will result in the best service for the local community. It makes it easier for charities and social enterprises to help deliver better public services. The duty of best value requires councils to consider overall value – including social value – when considering service provision. Government guidance includes a requirement for councils not to commission services from, give grants to or sell assets to individuals or organisations that are considered extremist according to the definition used by the Government’s Extremism Task Force (Revised Best Value Statutory Guidance, Department for Communities and Local Government, March 2015). Libraries Unlimited, the University of Exeter Business School, the Real Ideas Organisation (RIO) and Open Data Institute (ODI) Devon have undertaken research to understand how libraries can learn to develop a better understanding of their ‘social value’, that is the difference that libraries make to the people and communities they serve. Published in 2019 the report is entitled Unlimited Value: leading practice in unlimited value creation (Libraries Unlimited et al.).

2.3

Sustainable Communities Act 2007 and Sustainable Communities Act 2007 (Amendment) Act 2010

The Sustainable Communities Act 2007 (which was amended by the Sustainable Communities Act 2007 (Amendment) Act 2010 and by several statutory instruments (SI 2013/2275, SI 2012/1523, SI 2008/2694)) provides an opportunity for councils to submit proposals to central government to remove legislative or other barriers that prevent them from improving the economic, social and environmental wellbeing of their area. Individuals or community groups can use the barrier busting process to submit ideas on how local services can be delivered better (https://www.gov.uk/ government/publications/sustainable-communities-act-and-barrier-busting).

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 22

22

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

• A council must opt-in to using the Act. • Community groups can submit ideas to the council that would promote the sustainability of the community, and which need government action in order to achieve that result. • Proposals could be made direct to government, instead of having to go through a ‘selector’ (the Local Government Association (LGA) or National Association of Local Councils (NALC)) as was the case under the original Act. • The power to submit proposals was extended to parish and town councils as of 14 October 2013. • The government is forced to negotiate with a view to reaching agreement. • The Act only extends to England and Wales.

2.4

Public Libraries and Museums Act 1964

The Public Libraries and Museums Act 1964 (PLMA) governs public library services in England and Wales. The key obligations set out in the Act are that local authorities must: • Provide a comprehensive and efficient library service for all people that would like to use it (Section 7(1)). • Promote the service (Section 7(2)(b)). • Lend books and other printed material free of charge for those who live, work or study in the area (Section 8(3)).

Statutory duty of local authorities to provide a comprehensive library service The PLMA places a statutory duty on local authorities to provide comprehensive and efficient library services and allows the Secretary of State to monitor and inspect library services: Section 7(1): ‘It shall be the duty of every library authority to provide a comprehensive and efficient library service for all persons desiring to make use thereof’. Section 7(1) goes on to make clear that this duty only extends to people living, working or being educated within the area. Section 7(2)(a) sets out a specific duty to provide a sufficient number, range and quality of books (and other library materials) to meet the needs of adults and children ‘by the keeping of adequate stocks, by arrangements with other library authorities, and by any other appropriate means, that facilities are available for the borrowing of, or reference to, books

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 23

LIBRARY LAW

23

and other printed matter, and pictures, gramophone records, films and other materials, sufficient in number, range and quality to meet the general requirements and any special requirements both of adults and children’.

R v. London Borough of Ealing and others ex parte Times Newspapers Ltd and others (1987) 85 LGR 316 The decision of several libraries to ban The Times on political grounds (specifically, in support of print workers in an industrial dispute) was held to be an unlawful abuse of the libraries’ powers granted under the 1964 Act. The actions of the three councils were successfully challenged in the courts. The ulterior political motive of the local authorities in refusing to stock News International titles was irrelevant to their statutory duty to provide ‘a comprehensive and efficient library service’; and was deemed to be an abuse of their statutory powers. In March 2011, the Department for Communities and Local Government (DCLG) launched a Review of Statutory Duties Placed on Local Government in which respondents were invited to comment on the duties and to challenge government on those that they felt were burdensome or no longer needed. DCLG had identified 1,294 statutory duties that central government places on local authorities and invited people to comment on what duties are vital to keep, what duties should be repealed and what burdens have been created through particular duties and associated regulations and guidance. Three of the 1,294 statutory duties apply to public library services in England. All three of these duties are held by the DCMS under the Public Libraries and Museums Act 1964. The three duties that apply to public library services (under the 1964 Public Libraries and Museums Act) are: 1 To provide information and facilities for the inspection of library premises, stocks, records, as the Secretary of State requires (Public Libraries and Museums Act 1964, Section 1(2)). Function: Necessary for Secretary of State to fulfil duty to superintend library service. 2 To provide a comprehensive and efficient library service (Public Libraries and Museums Act 1964, Section 7). Function: Secure provision of local library services. 3 Supplemental provisions as to transfers of officers, assets and liabilities (Public Libraries and Museums Act 1964, Section 11). Function: Provisions provide, for example, continuity of employment for transferring employees. This secures consistency across library transfers, etc, and in line with other local authority employment legislation.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 24

24

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

2.5

Local byelaws

Under section 19 of the Public Libraries and Museums Act 1964, local authorities may make byelaws regulating the use of library facilities run by each authority under the Act. The Society of Chief Librarians revised the model library byelaws for England (https://www.gov.uk/government/uploads/system/uploads/attachment_data/file /639679/Byelaws_Guidance.docx) to reflect changes in how people use libraries whilst maintaining suitable protections. The set of model library byelaws was approved by the Secretary of State for Digital, Culture, Media and Sport. The model library byelaws are intended to help libraries deliver their service within a safe and comfortable environment, to safeguard library property and to make libraries pleasant places for everyone. They assist the library workforce in their daily role, they can be used when necessary to deal with the more extreme cases of behaviour experienced and they allow for flexibility in dealing with local concerns. They only apply to statutory libraries operated by or on behalf of local authorities.

2.6

Literary and Scientific Institutions Act 1854 (LSIA)

This Victorian statute came under the spotlight as a result of the government’s austerity measures which led many local authorities to draw up plans to sell off long established museums and libraries in order to make ends meet. The legislation was amended by the Reverter of Sites Act 1987 and by the Trusts of Land and Appointment of Trustees Act 1996. Section 4 of LSIA 1854 is a reversion section which states: Provided, that upon any land so granted by way of gift as aforesaid, or any part thereof, ceasing to be used for the purposes of the institution, the same shall thereupon immediately revert to and become again a portion of the estate or manor or possessions of the Duchy, as the case may be to all intents and purposes as fully as if this Act or any such grant as aforesaid had not been passed or made, except that where the institution shall be removed to another site the land not originally part of the possessions of either of the Duchies aforesaid may be exchanged or sold for the benefit of the said institution, and the money received for equality of exchange or on the sale may be applied towards the erection or establishment of the institution upon the new site. The amendments to the legislation made by the Reverter of Sites Act 1987 led to the abolition of the rights of reverter which were replaced by a trust for sale in favour of the persons to whom the ownership of the land would previously have reverted. The Reverter of Sites Act 1987, section 1:

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 25

LIBRARY LAW

25

1 Right of reverter replaced by trust. (1) Where any relevant enactment provides for land to revert to the ownership of any person at any time, being a time when the land ceases, or has ceased for a specified period, to be used for particular purposes, that enactment shall have effect, and (subject to subsection (4) below) shall be deemed always to have had effect, as if it provided (instead of for the reverter) for the land to be vested after that time, on the trust arising under this section, in the persons in whom it was vested immediately before that time. (2) Subject to the following provisions of this Act, the trust arising under this section in relation to any land is a trust for the persons who (but for this Act) would from time to time be entitled to the ownership of the land by virtue of its reverter with a power, without consulting them, to sell the land and to stand possessed of the net proceeds of sale (after payment of costs and expenses) and of the net rents and profits until sale (after payment of rates, taxes, costs of insurance, repairs and other outgoings) in trust for those persons; but they shall not be entitled by reason of their interest to occupy the land. The concern is that the amended law will result in the proceeds of any sales of libraries and museums by councils being held on trust for the original grantor or their successors or assigns (rather than the land having to be given back). Every situation will be different because it will require close examination of the specific terms of each deed of gift, sale or exchange under LSIA 1854.

Further information (2011) Councils in a bind as library sell-off falls foul of Victorian law, Financial Times, 29 March. Letman, P. (2011) Can they sell the libraries?, New Law Journal, 13 May.

2.7

Libraries Offences Act 1898

The Act says that: Any person who, in any library or reading-room to which this Act applies, to the annoyance or disturbance of any person using the same,— (1) (2) (4)

behaves in a disorderly manner; uses violent, abusive, or obscene language; or who, after proper warning, persists in remaining therein beyond the hours fixed for the closing of such library or reading-room,

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 26

26

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

shall be liable on summary conviction to a penalty not exceeding level 1 on the standard scale. The forty-shilling fine has been replaced by a fine not exceeding level 1 on the standard scale. At the time of writing, this equates to a fine of £200. The Act is still in force, though only to a limited degree: • It no longer extends to public libraries, which are dealt with under the Public Libraries and Museums Act 1964. • The Act doesn’t apply to Scotland or Ireland. • It only covers libraries maintained by trade unions or industrial, provident or friendly societies: ‘any library or reading-room maintained by a Society that is a registered society within the meaning of the Co-operative and Community Benefit Societies Act 2014, or is registered under the Friendly Societies Act 1974 or by any registered Trade Union’ (Libraries Offences Act 1898 section 3).

2.8

Prison library service

There is a statutory requirement for prison libraries (which is set out in a prison service instruction). Prison governors must ensure as a minimum that a prisoner’s statutory entitlement to library provision is met. Access to the library must be weekly, for a minimum duration of thirty minutes. Local arrangements will dictate what will be the most appropriate times for access to libraries. Prison establishments and library service providers must ensure that these arrangements are reflected in the Service Level Agreements. The Prison Service Instruction (PSI) (National Offender Management Service AI 02/2015 https://www.justice.gov.uk/downloads/offenders/psipso/psi2015/psi-02-2015-prison-library-service.pdf) explains the processes for the provision of a library service in prison establishments to support prisoner resettlement, rehabilitation and purposeful activity. It emphasises provision that supports literacy and reading for pleasure. Libraries in prisons in England and Wales may be provided by a range of suppliers that might include the local Public Library Authority (PLA); or directly by the establishment; or through other appropriate arrangements in agreement with the Prison Governor. (See also the legal case on access to books in prison in Section 10.5.)

2.9

School library service

There is no statutory requirement for schools in England to have a school library

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 27

LIBRARY LAW

27

and often the decision as to whether or not to have one will depend upon the head teacher. School libraries have been found to impact pupils’ general academic attainment, reading and writing skills, plus wider learning skills, as well as their scores in history, mathematics and science. School libraries have also been found to have an impact on pupils’ reading enjoyment, reading behaviour and attitudes towards reading. Motivation and attitudes in particular have been connected to library use (see Teravainen & Clark, School Libraries: a literature review of current provision and evidence of impact, National Literacy Trust research report, June 2017).

2.10

Equality Act 2010 (section 149: Public sector equality duty)

The public sector equality duty requires public bodies to have due regard to the need to eliminate discrimination, advance equality of opportunity and foster good relations between different people when carrying out their activities. The characteristics that are protected in relation to the public sector equality duty are: • • • • • • • •

Age Disability Gender reassignment Pregnancy and maternity Race Religion or belief Sex Sexual orientation.

Marriage and civil partnership are also protected characteristics under the Act but are not covered by the public sector equality duty. People can use the public sector equality duty to challenge policies or decisions made by a public authority which they think discriminates against them or disadvantages them because of who they are. The courts understand the need for councils to be able to balance their books and make savings where necessary, but it is essential for councils to fully take into account their equality duty in order to be able to demonstrate that the decisions they take are sound. The courts will examine the process that a council has gone through. It is important for councils to document all the factors involved in their considerations. The equality duty needs to be addressed throughout the decision-making process. It is not sufficient for a council to act on its experience

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 28

28

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

and local knowledge. A thorough analysis of local needs is required. Lawyers would be looking at what is referred to as ‘directing the mind’ to. If a council was planning to relocate library facilities, for example, they would need to understand the implications of the relocation on vulnerable communities within the area. How well do the proposed changes meet the needs of local people, both now and in the future? It is important to consult widely on the possible options and to give time for communities to be able to generate their own proposals, which could be an alternative or which could supplement and complement the existing proposed changes. In Draper v. Lincolnshire County Council [2014] EWHC 2388 (Admin) (17 July 2014), the court argued that: The key is a reasonable ability to access the service by all residents of the county. This means that distances and time taken to reach a library must be reasonable and any particular problems, whether physical disabilities, or created by age or family considerations, must be capable of being met. In R. (on the application of Green) v. Gloucestershire County Council and R. (on the application of Rowe and Hird) v. Somerset County Council [2011] EWHC 2687 (Admin), [2011] EWHC 3216 (Admin), and R. (Williams and Dorrington) v. Surrey County Council [2012] EWHC 867 (QB), the High Court held that the decisions of the authorities needed to be quashed on the basis that the decisions were unlawful on the grounds of a failure to comply with the public sector equality duty in section 149 of the Equalities Act 2010.

References Department for Communities and Local Government (2015) Revised Best Value Statutory Guidance, March. Department for Communities and Local Government (2011) Review of Statutory Duties Placed on Local Government. Libraries Unlimited et al. (2019) Unlimited Value: Leading practice in unlimited value creation, http://blogs.exeter.ac.uk/unlimitedvalue/download/381. National Offender Management Service, Prison Service Instruction (PSI) AI 02/2015, www.justice.gov.uk/downloads/offenders/psipso/psi-2015/ psi-02-2015-prison-library-service.pdf. Society of Chief Librarians (2017) Model Library Byelaws for England, https://www.gov.uk/government/uploads/system/uploads/attachment_ data/file/639679/Byelaws_Guidance.docx, August. Teravainen, A. and Clark, C. (2017) School Libraries: a literature review of current provision and evidence of impact, National Literacy Trust research report, June.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 29

CHAPTER 3

Copyright

Contents 3.1 General principles 3.2 Economic and moral rights 3.3 Legislative framework 3.4 Acts permitted in relation to copyright works 3.5 Licensing 3.6 Digital copyright 3.7 Copyright clearance 3.8 Open access 3.9 Ethical and professional issues and conflicts 3.10 Further information References

3.1

General principles

Copyright is the right to prevent the copying of work that has been created by intellectual effort. It protects information and ideas where these have been reduced into the form of a ‘work’. Copyright is augmented by ‘database right’ – a sui generis right to prevent extraction and reutilisation of all or a substantial part of a database. Copyright subsists in: • Original literary, dramatic, musical or artistic works. • Sound recordings, films or broadcasts. • The typographical arrangement of published editions. Article 27 of the Universal Declaration of Human Rights (http://un.org/en/ universal-declaration-human-rights), adopted by the United Nations General Assembly on 10 December 1948, says: (1) Everyone has the right freely to participate in the cultural life of the community, to enjoy the arts and to share in scientific advancement and its benefits.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 30

30

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

(2) Everyone has the right to the protection of the moral and material interests resulting from any scientific, literary or artistic production of which he is the author. Category/Species

Examples

Literary works

Books, poems, tables, compilations, computer programs, words of a song, letters, memoranda, e-mails

Artistic works

Paintings, drawings, diagrams, maps, charts, plans, engravings, etchings, lithographs, woodcuts, photographs, sculptures, collages, works of artistic craftsmanship

Dramatic works

Plays, libretto of an opera, works of dance/ choreography, mime

Musical works

Musical notation

Sound recordings

Music CDs, MP3 files, talking books

Films

Videos

Broadcasts

Television and radio broadcasts, whether terrestrial, satellite or cable

Typographical arrangement

Layout of published editions

Figure 3.1 What is protected by copyright? There are clearly tensions between the need to give authors protection for their work and the need to allow people access to material for the betterment of society, to promote education, science and scholarship. That is why the monopoly rights that the law confers on the owners of copyright have several built-in safeguards. These include a number of permitted acts or copyright exceptions such as fair dealing (see Section 3.4.1). Another safeguard is putting a limit on the period of copyright protection, after which works enter the public domain. (The public domain comprises the body of all creative works in which no person or organisation has any proprietary interest.) Copyright protection is automatic. It is not necessary to go through a registration process before copyright can be claimed. The corollary of this is that there isn’t a comprehensive database of works protected by copyright with details of their rights owners. Legal deposit (see Chapter 4) is not a prerequisite for claiming copyright protection. One myth is that if there is no copyright symbol on a work then it is not protected by copyright. Most countries (177 states as at April 2019) around the world are signatories to the Berne Convention for the Protection of Literary and Artistic Works (www.wipo.int/treaties/en/ip/berne/) and this provides for the automatic protection of works, without any formality. The Universal Copyright Convention (UCC) of 1952 does require the use of the © symbol in

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 31

COPYRIGHT

31

order for works to have protection, but apart from Cambodia, all the other signatories to the UCC are also signatories of the Berne Convention; and as Cambodia is a member of the World Trade Organization it is also obliged to observe the terms of the Berne Convention, which stipulates that copyright protection is automatic. TIP: Even though copyright protection is automatic, it is nevertheless advisable to put a copyright notice on a work that you create because this will serve as a reminder to those who make use of that work of the need to respect your rights. You could use the copyright notice to tell potential users both the nature and the amount of copying that you are willing to permit. For example: ‘You are allowed to redistribute this newsletter in its entirety, on a non-commercial basis. This includes making it available (in full and as published) on your corporate intranet. However, individual sections may not be copied and/or distributed without the prior written agreement of the publishers.’

3.1.1 Copyright ownership In general, the author of a work is the first owner of any copyright in it. However, where the work is made by an employee in the course of their employment, the employer is the first owner of any copyright in the work subject to any express written agreement to the contrary. This only applies to employees, not to contractors, so the mere fact that a work has been commissioned and paid for does not give the ownership of the copyright to the commissioning party. It is important, therefore, to ensure that appropriate mechanisms are in place to deal with the ownership of the rights in content. For example, an organisation may wish to publish information on a website. That information may come from a number of sources such as external developers, consultants and internal employees. The organisation in question will therefore need to be sure that it secures assignments of rights from any third parties, and they should also be certain that any employees created the content during the course of their employment. It is all too often the case in practice that assignments are not obtained, which can cause problems if the organisation wishes to sell, copy or license any of the copyright. It is therefore of the utmost importance that organisations regularly audit their rights to ascertain any ownership difficulties.

3.1.2 Term of protection 3.1.2.1 Unpublished works and the 2039 rule The term of copyright protection in text-based works that were still unpublished when the current statute (the CDPA 1988) came into force in 1989 is 2039. It

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 32

32

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

Category

Materials included in category Lifetime of Copyright Protection

Literary Works

Written works. Includes lyrics, tables, compilations, computer programs, letters, memoranda, e-mail and WWW pages.

Dramatic Works

Plays, works of dance and mime, Author’s life plus 70 years after and also the libretto of an opera. death.

Musical Works

Musical scores

Artistic Works

Graphic works (painting, drawing, diagram, map, chart, plan, engraving, etching, lithograph, woodcut), photographs (not part of a moving film), sculpture, collage, works of architecture (buildings and models for buildings) and artistic craftsmanship (e.g. jewellery).

Databases

Collections of independent works, data or other materials, which (a) are arranged in a systematic or methodical way, or (b) are individually accessible by electronic or other means.

Author’s life plus 70 years after death.

Author’s life plus 70 years after death. Author’s/creator’s life plus 70 years after death.

Copyright in a database lasts for 70 years from the end of the calendar year in which the author of the database dies. In addition, there is a database right for 15 years from when the database is made or, if the database is published during this time, for 15 years from publication.

Sound Recordings

Regardless of medium or the 70 years from first publication. device on which they are played. If a sound recording is not published or communicated to the public, copyright lasts for 50 years from when the recording was made.

Films

Any medium from which a moving image may be reproduced.

70 years from death of whoever is the last to survive from: principle director, author of dialogue, composer of film music.

Figure 3.2 Terms of protection for different types of work

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 33

COPYRIGHT

33

Category

Materials included in category Lifetime of Copyright Protection

Broadcasts

Transmissions via wireless telegraphy through the air (not via cable or wires), includes satellite transmissions.

50 years from when broadcast first made.

Published Editions

The typography and layout of a literary, dramatic or musical work.

25 years from first publication.

Crown Copyright

All works made by Her Majesty or by an officer or servant of the Crown in the course of his or her duties.

Published work: 50 years from the end of the year when first published (if the work was commercially published, within 75 years of the end of the year in which it was made). Unpublished work:125 years beyond the year it was created.

Parliamentary Copyright

All works made by or under the 50 years from the end of the direction or control of the House calendar year. of Commons or House of Lords.

Figure 3.2 Continued means that in practice, because of the complex transitional provisions set out in Schedule 1 of the CDPA, some very old unpublished works are protected by copyright until 2039, even though their authors may have died hundreds of years ago. It is especially important in archives, where most of the material is classified as being unpublished. In 2014, the government proposed to replace the 2039 term of protection with the standard term from commencement of the implementing regulations in other words the term of protection would be the author’s lifetime plus 70 years. In 2014, the Intellectual Property Office (IPO) undertook a consultation about the proposed change. However, a number of respondents raised some concerns with the policy and its potential negative impact on owners of copyright works and the IPO chose not to change the 2039 rule. The human rights of the copyright holder were raised as a reason to reject the proposed changes, on the grounds that it could be deemed as a deprivation of property. Article 1 of Protocol No. 1 of the European Convention on Human Rights relates to the protection of property and places an obligation on a State not to interfere with the peaceful enjoyment of property; not to deprive a person of their possessions; and not to subject a person’s possessions to control. The right to property is not an absolute right, as it says that ‘No one shall be deprived of his possessions except in the public interest and subject to the conditions provided for by law and by the general principles of international law’.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 34

34

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

Libraries and museums around the country were concerned that if the law wasn’t changed, it would mean they were unable to display materials in their collections, such as World War I diaries and letters. The Intellectual Property Office published a ‘Copyright notice: public exhibition of copyright works’ (Copyright notice number 5/2015) in which they stated that ‘in the UK, public exhibition is not an act restricted by copyright. This means that it is not an infringement of copyright to put a literary, dramatic, musical or artistic work on public display (for example, in a display cabinet in a museum or gallery)’. The guidance makes clear, however, that whilst it is lawful to exhibit a work, it would usually be an infringement of copyright to perform such a work in public and that the term ‘performance’ would include delivery of the work in lectures, addresses, speeches or sermons, as well as any mode of visual or acoustic presentation.

3.2

Economic and moral rights

Section 16(1) of the Copyright Designs and Patents Act 1988 (CDPA) sets out the ‘economic’ rights that a copyright owner has. These are the exclusive rights to: • • • • • •

Copy the work (which includes storing the work electronically). Issue copies of the work to the public. Rent or lend the work to the public. Perform, show or play the work in public. Communicate the work to the public (by electronic means). Make an adaptation or translation of the work.

If anyone other than the copyright owner does any of these activities without permission or licence, unless it is under one of the statutory exceptions, it would be a primary infringement of the copyright. There are also some acts that could be said to be secondary infringements (CDPA, sections 22–6): • • • • •

Importing an infringing copy. Possessing or dealing with an infringing copy. Providing the means for making infringing copies. Permitting the use of premises for infringing performance. Providing apparatus for infringing performance.

In addition to a series of economic rights, the author has moral rights (see sections 77–85 of the CDPA):

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 35

COPYRIGHT

35

• The right of paternity (the right to be identified as author or director) (section 77). • The right of integrity (the right to object to derogatory treatment of the work) (section 80). • The right to object to false attribution (section 84). • The right of disclosure (the right to privacy of certain films and photographs) (section 85). The right of paternity is the right of the author to be identified as such. This right of attribution or paternity is not infringed unless the author has asserted their right to be identified as the author of the work. That is why you will often find a statement at the beginning of a book along the lines of: ‘Joe Bloggs asserts his right to be identified as the author of this work in accordance with the terms of the Copyright, Designs and Patents Act 1988 (CDPA)’. The right of integrity is the right of the author to prevent or object to derogatory treatment of their work. The right to object to false attribution is the right of persons not to have literary, dramatic or musical works falsely attributed to them; and this right applies both to copyright owners and non-copyright owners alike. The right of disclosure is the right to privacy of a person who commissions the taking of a photograph or the making of a film for private and domestic purposes. There are remedies available for copyright infringement, both civil and criminal. The Copyright, etc., and Trade Marks (Offences and Enforcement) Act 2002 was passed in order to harmonise and rationalise enforcement provisions dealing with copyright and trade mark theft. The maximum penalties for wilful copyright infringement were brought into line with those already provided for wilful trade mark infringement. Consequently, people could potentially face up to ten years in prison, where previously the maximum prison sentence was two years. The maximum statutory fine for offences under sections 107 (criminal liability for making or dealing with infringing articles) and 198 (criminal liability for making, dealing with or using illicit recordings) of the CDPA are unlimited (http://www.gov.uk/government/publications/intellectual-property-offences/ intellectual-property-offences). The range of available remedies for infringement are set out in Chapter VI of the CDPA. These include damages, an injunction, delivery up of infringing copies, an account of profits or an undertaking to take out an appropriate licence.

3.2.1 Risk management Where copyright infringement occurs, people need to consider the risks involved. They should take into account not only the financial consequences of

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 36

36

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

infringement, but also the potential risk of having a public relations disaster on their hands and the damage that could be done to their organisation’s reputation.

3.3

Legislative framework

The legislative and regulatory framework for UK copyright consists of three key components. These are: 1 International treaties and conventions to which the UK is a signatory. 2 UK legislation in the form of Acts of Parliament and Statutory Instruments. 3 Case law, which clarifies how the law applies in a particular set of circumstances.

3.3.1 Berne Convention for the Protection of Literary and Artistic Works The 1886 Berne Copyright Convention for the Protection of Literary and Artistic Works is the main international agreement governing copyright. Most countries including the UK are signatories (177 states as at April 2019). A full contents list of the treaty can be found at www.wipo.int/treaties/en/ShowResults.jsp? treaty_id=15. Under the Convention, authors are entitled to some basic rights of protection for their intellectual output. Berne recognises the need for people to have access to protected works and it allows exceptions and limitations to the exclusive rights (see Table 3.1), although these must pass a three-step test (see Figure 3.3). The test is significant because a substantially similar form of words is used in Article 5(5) of Copyright Directive 2001/29/EC, which was implemented in the UK through the Copyright and Related Rights Regulations 2003 (SI 2003/2498). In short, it means that any copyright exceptions or permitted acts are only allowed within UK copyright law so long as they meet this three step-test. Table 3.1 Exclusive rights set out in the Berne Convention (as amended in Paris, 1971) • Translation

(Article 8)

• Reproduction

(Article 9)

• Public performance

(Article 11)

• Communication to the public

(Article 11)

• Recording of musical works

(Article 12)

• Broadcasting

(Article 11)

• Cinematic adaptations

(Article 14)

• Adaptations, arrangements, and other alterations (Article 12) • Moral rights

(Article 6)

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 37

COPYRIGHT

37

1. That the exception only applies in special (defined) cases 2. Provided that such reproduction does not conflict with the normal exploitation of the work 3. And does not unreasonably prejudice the legitimate interests of the author.

Figure 3.3 Berne three-step test The Berne Convention is based upon three principles: 1 Reciprocal protection. Among Berne members, each state must protect the works of others to the same level as in their own countries, provided the term accorded is not longer than that for its own works. 2 Minimum standards for duration and scope of rights are the author’s life plus 50 years or, for anonymous works, 50 years after making available to the public. 3 Automatic protection, with no registration.

3.3.2 Universal Copyright Convention The UCC was agreed at a 1952 UNESCO conference in Geneva. The main features of the convention are that: 1 Works of a given country must carry a copyright notice to secure protection in other UCC countries – it was this convention that established the copyright symbol © (as mentioned previously, all of the signatories to the UCC – apart from Cambodia – are also signed up to the Berne Convention which says that copyright protection is automatic; and whilst Cambodia is not a signatory to the Berne Convention, it is required to follow the Convention by virtue of its membership of the World Trade Organization). 2 Foreign works must be treated as though they are national works – the ‘national treatment’ principle. 3 A minimum term of protection of life plus 25 years. 4 The author’s translation rights may be subjected to compulsory licensing. The two conventions are not mutually exclusive and the UK is a member of both the Berne Convention and the UCC.

3.3.3 Trade-Related Aspects of Intellectual Property Rights The World Trade Organization (WTO) signed an agreement in 1994 which had an annex known as Trade Related Aspects of Intellectual Property Rights (TRIPS) (WTO, 1994). This is designed to ensure that intellectual property rights do not themselves become barriers to legitimate trade.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 38

38

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

The three main features of the agreement are: 1 The minimum standards of protection to be provided by each member on: a the subject matter to be provided b the rights to be conferred c permissible exceptions to those rights d the minimum duration of protection. 2 The production of general principles applicable to all IPR enforcement procedures in order that rights holders can effectively enforce their rights. 3 The agreement that disputes between WTO members about TRIPS obligations will be subject to the WTO’s dispute settlement procedures. The TRIPS agreement is often described as one of the three ‘pillars’ of the WTO, alongside the Agreements on Trade in Goods (GATT) and Trade in Services (GATS). There is a TRIPS council comprising all WTO members, which is responsible for monitoring the operation of the agreement and how members comply with their obligations to it. The UK is a signatory of TRIPS.

3.3.4 World Intellectual Property Organization Copyright Treaty The World Intellectual Property Organization (WIPO) is a United Nations body that is responsible for administering many of the international conventions on intellectual property. In December 1996, the WIPO Copyright Treaty and the WIPO Performances and Phonograms Treaty were adopted. The WIPO Copyright Treaty of 1996 introduced a new right of communication to the public and it also gave legal protection and legal remedies against circumvention of technological measures, in order to prevent unauthorised access to works. The European Directive on the harmonisation of certain aspects of copyright and related rights [2001/29/EC] implemented the 1996 WIPO treaties in the European Union.

3.3.5 European directives on copyright matters During its membership of the European Union, changes to UK copyright law were largely the result of developments at a European level. Table 3.2 on page 44 lists European copyright directives and how they have been implemented in UK law. The European directives which have been implemented into UK law are:

3.3.5.1 On the legal protection of computer programs [2009/24/EC replaces 91/250/EEC]

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 39

COPYRIGHT

39

Computer programs are protected as literary works, which gives them the full protection of the Berne Convention. The term ‘computer program’ includes preparatory design work leading to the development of a program, provided that the nature of the preparatory work is such that a computer program can result from it at a later stage.

3.3.5.2 On rental and lending right [2006/115/EC replaces 92/100/EEC] Authors and performers have an exclusive right to authorise or prohibit rental and lending of their works. ‘Rental’ means making available for use for a limited period of time and for direct or indirect economic or commercial advantage. ‘Lending’ means making available for use for a limited period of time and not for direct or indirect economic or commercial advantage. Libraries are generally allowed to lend books. (Section 40A of the CDPA states that copyright is not infringed by the lending of books, audio books and e-books by a public library if the books are within the public lending right scheme, and Section 36A of the CDPA says that copyright in a work is not infringed by the lending of copies of the work by an educational establishment.) See https://www.legislation.gov.uk/ ukpga/1988/48/contents.

3.3.5.3 Harmonising the term of copyright protection [2006/116/EC replaces 93/98/EEC] This extended the term of protection for copyright literary, dramatic, musical and artistic works and films from 50 to 70 years after the year of the death of the author. It also gave a new right – publication right – to works in which copyright had expired and which had not previously been published.

3.3.5.4 On the legal protection of databases [96/9/EC] This introduced a new form of sui generis property protection for databases to prevent unfair extraction and reutilisation of their contents (see Section 3.6.4).

3.3.5.5 On the harmonisation of certain aspects of copyright and related rights [2001/29/EC] This enabled the EU and its member states to ratify the provisions of the two 1996 WIPO treaties – the Copyright Treaty and the Performers and Producers of Phonograms Treaty – and updated the law to incorporate new technology, including internet practices.

3.3.5.6 On the resale right for the benefit of the author of an original work of art (droit de suite) [2001/84/EC]

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 40

40

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

This provides an artist with a right to receive a royalty based on the price obtained for any resale of an original work of art, subsequent to the first transfer by the artist. The right does not apply, however, to resales between individuals acting in their private capacity, without the participation of an art market professional; and to resales by persons acting in their private capacity to museums that are not-for-profit and are open to the public. Resale of a work of art incurs a royalty of between 0.25% and 4% depending upon the sale price. However, the total amount of resale royalty payable on the sale must not in any event exceed 12,500 EUR. An artwork must sell for more than 1,000 EUR to qualify for a royalty. The Directive has been implemented in the UK through The Artist’s Resale Right Regulations 2006 SI 2006/346 and came into force for living artists on 1 January 2006. The Artist’s Resale Right (Amendment) Regulations 2009 SI 2009/2792 delayed until January 2012 the application of the 2006 Regulations to the estates of deceased artists in the UK. Further changes were made by The Artist’s Resale Right (Amendment) Regulations 2011 SI 2011/2873.

✒ Useful resource Guidance on how the Artist’s Resale Right works can be found at http://gov.uk/guidance/artists-resale-right.

3.3.5.7 On the enforcement of intellectual property rights [2004/48/EC] This requires all member states to apply effective, dissuasive and proportionate remedies and penalties against those engaged in counterfeiting and piracy and to create a level playing field for right holders in the EU.

3.3.5.8 Directive on the term of protection of copyright and certain related rights amending the previous 2006 Directive (‘Term Directive’), 27 September 2011 Extends the term of protection for performers and sound recordings to 70 years. Aims to bring the protections for performers more in line with those of authors. It benefits performers who will be able to earn money for a longer period of time and also benefits record producers who will generate additional revenue from the sale of records in shops and on the internet. ‘Use it or lose it’ clauses now have to be included in the contracts linking performers to their record companies. It means that performers get their rights back if the record producer does not market the sound recording during the extended period. Finally, record companies are required to set up a fund into which they have to pay 20% of the revenues earned during the extended period and the money from the fund will be used to help session musicians.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 41

COPYRIGHT

41

3.3.5.9 Directive on certain permitted uses of orphan works (‘Orphan Works Directive’), 25 October 2012 The Directive provides Europe’s publicly accessible libraries, educational establishments and museums, archives, film or audio heritage institutions, and public service broadcasting organisations with the appropriate legal framework to provide online cross-border access to orphan works contained in their collections. It creates a copyright exception for organisations of the type listed above to reproduce and make available to the public orphan works, provided that the use made fulfils their public interest missions. At the time of writing (April 2019), it is anticipated that the orphan works exception will no longer be available for the UK. The orphan works copyright exception is a cross-border provision which was set up in conjunction with a database managed by the EUIPO. It applies across EU member state borders. In the event of the UK leaving the European Union, it will not be able to make use of the exception. In view of the fact that the orphan works exception had not been removed from the statute book at the time of writing, and because of the ongoing Brexit negotiations, the text relating to the orphan works exception has been moved to an appendix at the end of the book (Appendix 1).

✒ Useful resource An EU-wide database for orphan works provides for a single harmonised point of access to information about orphan works for beneficiary organisations, right holders and the general public: https://euipo.europa.eu/ohimportal/en/web/observatory/orphan-works-db. In addition to the copyright exception for orphan works, there are several UK licensing solutions for orphan works and these are supported by an orphan works register.

✒ Useful resource Orphan works register: https://orphanworkslicensing.service.gov.uk/ view-register.

3.3.5.10 Directive on collective management of copyright and related rights and multi-territorial licensing of rights in musical works for online use in the internal market (‘CRM Directive’), 26 February 2014

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 42

42

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

The aim of the Directive is to provide co-ordination of the national rules concerning access to the activity of managing copyright and related rights by collective management organisations. The Directive aims to ensure that rights holders have a say in the management of their rights and envisages a better functioning of the CMOs as a result of common standards across the EU. It also aims to ease the multi-territorial licensing by the CMOs of author’s rights in musical works for online use.

3.3.5.11 Directive on certain permitted uses of certain works and other subject matter protected by copyright and related rights for the benefit of persons who are blind, visually impaired or otherwise print-disabled (implements the Marrakesh Treaty in the EU), 13 September 2017 The aim of the Directive is to improve the availability of works (such as books, journals, newspapers, magazines and audiobooks) in accessible formats for beneficiaries throughout the European Union. The exception can be used either by beneficiaries or by institutions (‘authorised entities’) responsible for fulfilling their needs on a non-profit basis. Along with Regulation 2017/1563, the Directive implements the Marrakesh Treaty into the EU’s legal framework. Article 2(2) of the Directive defines a ‘beneficiary person’ as being a person who: (a) (b)

(c)

(d)

is blind has a visual impairment which cannot be improved so as to give the person visual function substantially equivalent to that of a person who has no such impairment, and who is, as a result, unable to read printed works to substantially the same degree as a person without such an impairment has a perceptual or reading disability and is, as a result, unable to read printed works to substantially the same degree as a person without such disability; or is otherwise unable, due to a physical disability, to hold or manipulate a book or to focus or move their eyes to the extent that would be normally acceptable for reading.

Article 2(4) defines an ‘authorised entity’ as: … an entity that is authorised or recognised by a Member State to provide education, instructional training, adaptive reading or information access to beneficiary persons on a non-profit basis. It also includes a public

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 43

COPYRIGHT

43

institution or non-profit organisation that provides the same services to beneficiary persons as one of its primary activities, institutional obligations or as part of its public-interest missions.

3.3.6 European Regulations on copyright matters 3.3.6.1 Regulation on the cross-border exchange between the Union and third countries of accessible format copies of certain works and other subject matter protected by copyright and related rights for the benefit of persons who are blind, visually impaired or otherwise print-disabled (implements the Marrakesh Treaty in the EU), 13 September 2017 People who are blind, visually impaired or otherwise print disabled within the European Union and from other countries will be able to access more books and other print material in accessible formats, including adapted audio books and ebooks, from across the European Union and the rest of the world. The UK implemented the Marrakesh treaty into UK law through The Copyright and Related Rights (Marrakesh Treaty, etc.) (Amendment) Regulations 2018 SI 2018/995.

3.3.6.2 Regulation on cross-border portability of online content services in the internal market (Portability Regulation), 14 June 2017 The Regulation aims to ensure that subscribers can access and use portable online content services – such as films, sport, broadcasts, music, e-books and games – that are lawfully provided in their member state of residence, when they are temporarily present in other EU countries. All providers who offer paid online content services are required to follow the cross-border portability rules. Services which are provided without payment (such as the online services of public television or radio broadcasters) can decide whether or not they want to also provide portability to their subscribers. The Portability of Online Content Services Regulations 2018: SI 2018/249 implemented the EU Regulation in the UK. However, these regulations will be revoked by The Intellectual Property (Copyright and Related Rights) (Amendment) (EU Exit) Regulations 2019 in the event of the UK leaving the European Union because it is not possible for UK online content services to allow UK subscribers to access services under the Regulation if the UK has exited from the EU.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 44

44

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

Table 3.2 Implementation in the UK of European Directives and Regulations Directive

Topic

Statutory instrument

2001/29/EU

Directive on the harmonisation of SI 2003/2498 certain aspects of copyright and related rights in the information society

2001/84/EC

Directive on the resale right for the benefit of the author of an original work of art

2006/346 as amended by SI 2009/2792 and SI 2011/2873

2004/48/EC

Directive on the enforcement of intellectual property rights

SI 2006/1028

2006/115/EC

Directive on rental and lending right

SI 1996/2967

2009/24/EC

Directive on the legal protection of computer programs

SI 1992/3233

2011/77/EU

Directive on the term of protection of SI 2013/1782 (See also the copyright and certain related rights amending SI 2014/434) amending the previous 2006 Directive

2012/28/EU

Directive on certain permitted uses of SI 2014/2861 (This will be orphan works revoked in the event of the UK leaving the European Union)

2014/26/EU

Directive on collective management of SI 2016/221 copyright and related rights and multiterritorial licensing of rights in musical works for online use in the internal market

2017/1564/EU Directive on certain permitted uses of SI 2018/995 certain works and other subject matter for the benefit of persons who are blind, visually impaired or otherwise print-disabled 2019/790

Directive on copyright and related rights in the Digital Single Market and amending Directives 96/9/EC and 2001/29/EC

96/9/EC

Directive on the legal protection of databases

93/83/EEC

Directive on the co-ordination of SI 1996/2967 certain rules concerning copyright and rights related to copyright applicable to satellite broadcasting and cable retransmission

2006/116/EC

Directive on harmonising the term of protection of copyright and certain related rights

SI 1997/3032, amended by SI 2003/2501

SI 1995/3297

(Continued)

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 45

COPYRIGHT

45

Table 3.2 Continued Regulation

Topic

Statutory instrument

2017/1563

Regulation on the cross-border exchange between the Union and third countries of accessible format copies of certain works and other subject matter protected by copyright and related rights for the benefit of persons who are blind, visually impaired or otherwise print-disabled (implementing the Marrakesh Treaty)

SI 2018/995

There is also a directive 2019/790 on copyright and related rights in the Digital Single Market and amending Directives 96/9/EC and 2001/29/EC. The aims of this directive are: • To bring up to date and to harmonise some important exceptions to the copyright rules in the fields of research, education and preservation of cultural heritage; • to foster quality journalism; • to ensure that those who create and invest in the production of content have a say in whether and how their content is made available by online platforms and get paid for their content; • To increase transparency and balance in the contractual relationships between the creators (authors and performers) and their producers and publishers. Joint statement by Vice-President Ansip and Commissioner Gabriel on the European Parliament’s vote to start negotiations on modern copyright rules, 12 September 2018 http://europa.eu/rapid/press-release_STATEMENT-18-5761_en.htm Two clauses that have caused considerable controversy are: • Article 15, which should enable an original publisher to levy a fee from an Internet service that re-publishes excerpts (that are more than just very short excerpts) from that publisher’s publications • Article 17, which holds larger technology companies responsible for material posted without a copyright licence.

The Intellectual Property (Copyright and Related Rights) (Amendment) (EU Exit) Regulations 2019 In the event of the UK leaving the European Union, this instrument will ensure

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 46

46

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

retained EU law contains appropriate references to the ‘European Union’, ‘Member State’, etc., which does not presuppose the UK’s membership of the EU. Additionally, the instrument aims to give continued effect to cross-border mechanisms and their underlying policies wherever possible. Where this is not possible (e.g. because the policy concerns a reciprocal obligation operating between EU Member States), the mechanism is given unilateral effect within the United Kingdom. Where it would not be appropriate to give unilateral effect (as it would create adverse consequences for UK businesses if preserved in a onesided way), the mechanism is brought to an end.

3.3.7 UK legislation The principal UK copyright legislation is the CDPA, which came into force on 1 August 1989. The CDPA has been amended on a number of occasions both by Acts of Parliament including the Broadcasting Acts of 1990 and 1996, the Copyright, etc., and Trade Marks (Offences and Enforcement) Act 2002, the Legal Deposit Libraries Act 2003 and the Digital Economy Act 2017, as well as by many statutory instruments including: • SI 1992/3233 – The Copyright (Computer Programs) Regulations 1992 • SI 1995/3297 – The Duration of Copyright and Rights in Performances Regulations 1995 • SI 1996/2967 – The Copyright and Related Rights Regulations 1996 • SI 1997/3032 – The Copyright and Rights in Databases Regulations 1997 • SI 2003/2498 – The Copyright and Related Rights Regulations 2003 • SI 2006/1028 – The Intellectual Property (Enforcement, etc.) Regulations 2006 • SI 2010/2694 – The Copyright, Designs and Patents Act 1988 (Amendment) Regulations 2010 • SI 2014/434 The Copyright and Duration of Rights in Performances (Amendment) Regulations 2014 • SI 2014/898 The Copyright (Regulation of Relevant Licensing Bodies) Regulations 2014 • SI 2014/1372 The Copyright and Rights in Performances (Research, Education, Libraries and Archives) Regulations 2014 • SI 2014/1384 The Copyright and Rights in Performances (Disability) Regulations 2014 • SI 2014/1385 The Copyright (Public Administration) Regulations 2014 • SI 2014/2356 The Copyright and Rights in Performances (Quotation and Parody) Regulations 2014 • SI 2014/2588 The Copyright and Rights in Performances (Extended Collective Licensing) Regulations 2014

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 47

COPYRIGHT

47

• SI 2014/2861 The Copyright and Rights in Performances (Certain Permitted Uses of Orphan Works) Regulations 2014 • SI 2014/2863 The Copyright and Rights in Performances (Licensing of Orphan Works) Regulations 2014 • SI 2016/221 The Collective Management of Copyright (EU Directive) Regulations 2016 • SI 2016/565 The Copyright (Free Public Showing or Playing) (Amendment) Regulations 2016 • SI 2016/1210 The Copyright (Amendment) Regulations 2016 • SI 2016/1219 The Copyright and Performances (Application to Other Countries) Order 2016 • SI 2018/995 The Copyright and Related Rights (Marrakesh Treaty, etc.) (Amendment) Regulations 2018 • SI 2019/605 The Intellectual Property (Copyright and Related Rights) (Amendment) (EU Exit) Regulations 2019. Bearing in mind that the CDPA 1988 has been amended many times, it is essential to ensure that you consult an up-to-date copy of the legislation which incorporates all those amendments. The Intellectual Property Office is responsible for developing and carrying out UK policy on all aspects of intellectual property. The Copyright and IP Enforcement Directorate of the Intellectual Property Office deals with policy on copyright. They develop UK law on intellectual property and promote UK interests in international efforts to harmonise and simplify intellectual property law.

3.3.8 Supplementary case law No matter how well a piece of legislation is drafted, there will always be grey areas of interpretation or situations requiring further clarification about how the law applies to a particular set of circumstances, so the third component in the regulatory and legislative regime for copyright is that of case law. Under the English common law tradition, case law plays a key role. Many copyright cases are not settled in court but are instead agreed informally as out of court settlements. In these instances, no legal precedent is set and we are usually none the wiser as to the terms of the settlement.

3.4

Acts permitted in relation to copyright works

Chapter III of the CDPA covers acts permitted in relation to copyright works, otherwise known as exceptions. All of the UK’s copyright exceptions are subject to the Berne three-step test (see Figure 3.3 on page 37). The main copyright exceptions of interest to librarians have been the fair

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 48

48

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

dealing exceptions (see Section 3.4.1), and – for librarians working in not-forprofit libraries – the library exceptions.

3.4.1 Fair dealing Fair dealing is effectively a ‘defence’ against accusations of infringement rather than a licence to copy (see Figure 3.4). Section 29(1) of the CDPA says that ‘Fair dealing with a work for the purposes of research for a non-commercial purpose does not infringe any copyright in the work provided that it is accompanied by a sufficient acknowledgement’, while section 29(1C) says that ‘Fair dealing with a work for the purposes of private study does not infringe any copyright in the work’. Tucked away in a section of minor definitions (section 178) there is a definition which makes it clear that private study is also non-commercial: ‘“Private study” does not include any study that is directly or indirectly for a commercial purpose’. The problem is that the CDPA does not define what is meant by the phrases 'fair dealing' or 'non-commercial purpose'. It is therefore left for the courts to decide on a case-by-case basis whether or not a particular instance of copying was fair – a point made by Lord Denning in Hubbard v. Vosper [1972] 2 QB 84 CA, which pre-dates the CDPA. • Fair dealing has not been defined by statute. • It must fit into one of the following categories: 1. research for a non-commercial purpose 2. private study 3. criticism and review 4. quotation 5. reporting current events 6. caricature, parody or pastiche 7. illustration for instruction. • Multiple copying would not normally be considered to be fair dealing. • Courts are left to decide what constitutes ‘fair dealing’ on a case-by-case basis. • It relates to quality as well as quantity of what is copied.

Figure 3.4 What is fair dealing? The term ‘fair dealing’ is commonly thought to mean that the copying must not unfairly deprive the copyright owner of income for their intellectual property. Copyright owners earn income not just from sales of the original work, but also from copying undertaken under licensing schemes operated by collective licensing societies such as the Copyright Licensing Agency (CLA). This income is a just return for the creative work of the author and the financial investment made by the publisher. Section 16 of the CDPA makes clear that copyright is not infringed unless the whole or a substantial part of a work has been copied. The problem is that the

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 49

COPYRIGHT

49

legislation doesn’t define ‘substantial’, but what we are clear about is that ‘substantial’ is not viewed in purely quantitative terms. It is also related to the qualitative nature of the extract being copied.

3.4.1.1 What is substantial? Every situation will be different, but here are examples from legal cases: 1 Eleven-word extracts from newspaper articles can infringe copyright (ECJ judgment in Infopaq v. Dankse Dagblades Forening, Case C-5/08, 16 July 2009). 2 An extract of 250 words from James Joyce’s Ulysses, which represented less than a thousandth of the work (Sweeney v. MacMillan Publishers Ltd [2001] EWHC Ch 460). They were substantial because their inclusion made the text original and distinct. 3 Four lines of Kipling’s 32-line poem If (Kipling v. Genatosan 1917). The lines were important because they formed an essential part of the crescendo in the poem. 4 Fifty-four lines from a computer program which constituted 0.03% of the program (Veritas Operating Corp v. Microsoft Corp, 2008). 5 Thirty seconds from an hour-long interview (Pro Sieben Media AG v. Carlton TV [1998] FSR 43). The case involved a documentary produced by Carlton TV entitled Selling Babies which attacked cheque-book journalism. Pro-Sieben had arranged an exclusive contract for an interview with Mandy Allwood who was pregnant with octuplets. The documentary used a 30second sample of the Pro-Sieben interview with a clip showing Ms Allwood and her boyfriend purchasing eight teddy bears. The Pro-Sieben logo was displayed on the clip although there was no acknowledgement of their ownership of the copyright. When making decisions it is helpful to bear in mind the much-cited dictum of Judge Petersen in University of London Press Limited v. University Tutorial Press Ltd (1916) 2 Ch. 601: ‘What is worth copying is prima facie worth protecting’. TIP: Key points about fair dealing If you rely on the fair dealing exceptions to justify copying activity, then you should minimise the risks of copyright infringement by considering the following points: 1.

To be considered ‘fair dealing’, the copying must fit within one of the following categories: 1. research for a non-commercial purpose – section 29(1)

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 50

50

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

2.

3.

4.

5.

6.

2. private study – section 29(1c) 3. criticism and review – section 30(1) 4. quotation – section 30(1ZA) 5. reporting current events – section 30(2) (this does not cover photographs) 6. caricature, parody or pastiche – section 30A(1) 7. illustration for instruction – section 32(1). Multiple copying for the purpose of non-commercial research or private study would not normally be considered to be fair, nor would systematic single copying. Therefore, the copying should normally be restricted to making a single copy. The CILIP copyright poster states that the amount you copy must be ‘fair and justifiable’, and the accompanying copyright guidance states that ‘this should be judged on a case by case basis, but 5% of a published work could possibly be reasonable’. If the copying is likely to have a significant economic impact upon the copyright owner, then it would not be considered to be fair dealing. Ask yourself whether you intend to copy a ‘substantial’ part. The legislation does not define what is meant by ‘substantial’, although it is clear from case law that it relates not just to quantity but also to quality. For example, if you were to copy a two-page executive summary from a market research report and that contained the most valuable findings from the report, the rights owner might argue that the copying was unfair. What is the purpose of the copying? If the copying is undertaken to support research for a commercial purpose, then fair dealing for research cannot be used as a defence (see Figure 3.4).

Copyright legislation does not set out percentages or numbers of words that can legitimately be copied under the exceptions. The only place where a percentage is given is in section 36 of the CDPA and it is largely irrelevant because: • It relates only to educational establishments, and • Is only applicable where there is no licensing scheme in place; and there are a number of licences. For example, the CLA has a number of licensing schemes in place for the educational sector. The exception is limited to works that are not covered by the available licensing schemes. Section 36(5) of the CDPA on reprographic copying by educational establishments of passages from published works says that:

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 51

COPYRIGHT

51

Not more than five per cent of a work may be copied under this section by or on behalf of an educational establishment in any period of 12 months, and for these purposes a work which incorporates another work is to be treated as a single work. (www.legislation.gov.uk/ukpga/1988/48/section/36) Figure 3.5 sets out recommended copying limits that can be used by anyone, not just educational establishments. However, they should be given with a health warning to the effect that they are merely guidance and a court would make a judgment about what was fair dealing based on the specific circumstances of each individual case. In other words, it is not possible to come up with a set of copying limits which would be foolproof and which would work in every single situation. Fair dealing for research for non-commercial purposes and private study only Books: Up to a maximum of 5% of extracts or one complete chapter Journals: One article from a single issue of a journal

Figure 3.5 Guidance on what you are allowed to copy Where the copying is undertaken within the scope of the fair dealing provisions, this would normally require acknowledgement. However, section 29(1B) does say that ‘no acknowledgement is required in connection with fair dealing for the purposes mentioned in subsection (1) where this would be impossible for reasons of practicality or otherwise’ and section 30(3) similarly says that ‘no acknowledgement is required in connection with the reporting of current events by means of a sound recording, film or broadcast where this would be impossible for reasons of practicality or otherwise’.

3.4.2 Non-commercial research You are allowed to copy limited extracts of works when the use is noncommercial research. Such use is only permitted when it is ‘fair dealing’. That would rule out copying the whole of a work, as that would not generally be considered to be fair dealing. The exception can be used to copy from all types of copyright works. If you use this exception to copy from a work, you must provide a sufficient acknowledgement. The legislation does not provide us with a definition of what is meant by copying ‘for a commercial purpose’, but it was explored in the case HM Stationery Office v. Green Amps Ltd [2007] EWHC 2755 (Ch). We do have a number of helpful pointers as to what research for a commercial purpose means:

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 52

52

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

• Copying for a commercial purpose has not been defined by statute. • The test is whether the research is for a commercial purpose, not whether it is done by a commercial body. • When deciding whether or not research has a non-commercial purpose, businesses will only need to consider what is known at the time of copying. • Some research in a commercial environment could be classed as non-commercial.

Figure 3.6 What constitutes copying for a commercial purpose? • The test is whether the research is for a commercial purpose, not whether it is done by a commercial body. • Research carried out may have no immediate commercial goal but may possibly have an unforeseen commercial application at a later date. However, the law cannot expect you to do more than decide what the case is on the day you ask for the copy. • If there is no commercial purpose on the day the copy is requested, then it would seem reasonable for the user to provide a copyright declaration stating that the purpose of the copying is non-commercial (see Figure 3.8 on page 59), which is required for all copying under the library exception whereby librarians can copy from published works on behalf of their users (CDPA section 42A). • If it is known that research is directly funded by a commercial organisation and related to a product or service that will be going into the market, then it is likely to be for a commercial purpose.

3.4.3 Private study Section 30(1C) of the CDPA says that ‘fair dealing with a work for the purposes of private study does not infringe any copy in the work’. Section 178 (minor definitions) says that ‘private study does not include any study which is directly or indirectly for a commercial purpose’.

3.4.4 Illustration for instruction Illustration for instruction is one of the six education exceptions (CDPA 1988, sections 32–36A). It is the only one of the six which can be used more widely than just being used by educational establishments. (The other educational exceptions are only for the benefit of educational establishments as specified in The Copyright (Educational Establishments) Order 2005/223.) The exception covers copying which is: • Solely for the purpose of illustration for instruction. • For a non-commercial purpose. • By a person giving or receiving instruction (or preparing for giving or receiving instruction).

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 53

COPYRIGHT

53

• The use must be fair dealing. • Accompanied by a sufficient acknowledgement, unless this would be impossible for reasons of practicality or otherwise. The phrase ‘giving or receiving instruction’ includes setting examination questions, communicating the questions to pupils and answering the questions. There is a phrase in the illustration for instruction exception at section 32(3) to prevent contract override: ‘to the extent that a term of a contract purports to prevent or restrict the doing of any act which, by virtue of this section, would not infringe copyright, that term is unenforceable’. The IPO issued guidance entitled Exceptions to copyright: education and teaching (2014) (https://assets.publishing.service.gov.uk/government/uploads/system/ uploads/attachment_data/file/375951/Education_and_Teaching.pdf) which states that ‘minor uses, such as displaying a few lines of poetry on an interactive whiteboard, are permitted, but uses which would undermine sales of teaching materials still need a licence’.

3.4.5 Quotation The quotation exception permits people to quote from the works of others without the permission of the owner, as long as the use is proportionate and fair. It is worth noting that the exception covers the use of a quotation whether it be for a commercial or a non-commercial purpose. The following conditions apply to the exception: • The work must have been made available to the public. • The use of the quotation must be fair dealing with the work. • The extent of the quotation must be no more than is required by the specific purpose for which it is used. • The quotation must be accompanied by a sufficient acknowledgement (unless this would be impossible for reasons of practicality or otherwise).

3.4.6 Criticism and review The section 30(1) exception for criticism or review covers copying so long as: • The copying is fair dealing with the work. • A sufficient acknowledgement is made, unless this would be impossible for reasons of practicality or otherwise. • The work has been made available to the public. In order to qualify as a valid piece of criticism or review, it needs to demonstrate that it is a genuine critique or review of the work. The excerpts that are copied

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 54

54

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

should be short, rather than long, and should only be used where they are needed for the purpose of doing the review. The exception is not limited to reviewing or criticising the style or content of a particular work. Indeed, it could cover criticism of the ideas to be found in the work and their social or moral implications.

3.4.7 News reporting CDPA section 30(2) says that: Fair dealing with a work (other than a photograph) for the purpose of reporting current events does not infringe any copyright in the work provided that (subject to subsection (3)) it is accompanied by a sufficient acknowledgement. The key points about the exception are: • It is subject to fair dealing. • It covers works other than photographs. • It requires the use of the work to be accompanied by a sufficient acknowledgement, although section 30(3) makes clear that ‘No acknowledgement is required in connection with the reporting of current events by means of a sound recording, film or broadcast where this would be impossible for reasons of practicality or otherwise’.

3.4.8 Caricature, parody and pastiche Copyright law allows people to make some limited, reasonable use of creative content protected by copyright, for the purpose of caricature, parody or pastiche, without having to obtain the permission of the rights holder. It is worth noting that the exception covers both commercial and non-commercial uses. Key characteristics of the exception include the following: • It is restricted to uses that are ‘fair dealing’ with the work – the use must be fair and proportionate. • The parody work must not be substitutable for the original work nor must it damage the commercial exploitation of the work. • It covers uses for both commercial and non-commercial purposes. The CJEU case Deckmyn v. Vandersteen C-201/13 helps to clarify the way in which the exception works. The characteristics of a parody are:

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 55

COPYRIGHT

55

• • • •

It evokes an existing work. It is noticeably different from the existing work. It constitutes an expression of humour or mockery. It need not display an original character of its own, other than that of displaying noticeable differences with respect to the work that it is parodying. • The use of the exception must strike a fair balance between the interests and rights of authors and other rights holders on the one hand, and the freedom of expression of the person who wishes to rely on the exception on the other hand. • If the parody conveys a discriminatory message, the rights holder of the parodied work has a legitimate interest in ensuring that their work is not associated with such a message.

3.4.9 Text and data mining for non-commercial research CDPA section 29A has a copying exception for the purposes of data and text analysis. There are a number of requirements that need to be fulfilled for the use of the exception to be legitimate: • It applies where the research is for a non-commercial purpose. • The person must have lawful access to the work (whether under licence or otherwise). • The exception cannot be overridden by contract. • The exception is subject to proper attribution, unless this would be impossible for reasons of practicality or otherwise.

3.4.10 The Library Provisions in the CDPA In 2014, the library exceptions were completely re-written. Only the exception relating to the lending of copies by libraries or archives (in section 40A) remained intact from what were previously sections 38-43. The library provisions in the current version of the CDPA 1988 appear as sections 40A-44B: Table 3.3 The library exceptions CDPA 1988 Exception section

What it relates to

40A

Lending of copies by libraries or archives

Libraries or archives Specifically relates to public libraries and public lending right scheme. Covers books, audio-books, e-books

40B

Libraries and educational establishments, etc: making works available through dedicated terminals

Institutions covered are libraries, archives, museums and educational establishments

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 56

56

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

Table 3.3 Continued CDPA 1988 Exception section

What it relates to

41

Copying by librarians: supply of single copies to other libraries

Librarians working in libraries that are not conducted for profit

42

Copyright by librarians, etc: replacement copies of works

Librarians, archivists or the curators of libraries, archives or museums

42A

Copying by librarians: single copies of published works

Librarians working in libraries that are not conducted for profit

43

Copying by librarians or archivists: single copies of unpublished works Sections 40A to 43: interpretation

Librarians or archivists

43A

‘Library’ means a library which is publicly accessible or a library of an educational establishment. ‘Museum’ includes a gallery References to a librarian, archivists, or curator include a person acting on behalf of a librarian, archivist or curator

44

Copy of work required to be made Copies of works made and deposited as condition for export in an appropriate library or archive

44A

Legal deposit libraries

44B

Permitted uses of orphan works (It Relevant bodies are defined in is anticipated that the orphan works Schedule CDPA 1988 Schedule ZA1: exception will not be available in the • A publicly accessible library, event of the UK leaving the educational establishment or European Union.) museum • An archive • A film or audio heritage institution or • A public service broadcasting organisation.

‘Deposit library’ defined in section 7 of the Legal Deposit Libraries Act 2003 (references to a deposit library include references to the Faculty of Advocates)

Libraries have special privileges to copy: • For their readers (sections 42A and 43). • For other libraries (section 41): — requires a library not conducted for profit to make a request before a copy can be supplied. — where the librarian supplying the copy does not know, or could not

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 57

COPYRIGHT

57

• Only applies to not-for-profit libraries. • Provides an indemnity for librarians copying on behalf of their users so long as the conditions are met. • Only applies to copying for non-commercial research purposes or private study. • Library users must provide the librarian with a declaration in writing which includes the information specified in section 42A(3) for published works (see Figure 3.8 for what must be covered in the copyright declaration) or section 43(2) for unpublished works. • It is important to retain the statutory declaration because it is the librarian’s indemnity. The minimum period that these should be kept for would be six years plus the current year, taking account of the Limitation Act 1980. • Librarians should be cautious about giving out advice to their users on what constitutes copying for a non-commercial purpose. They must not knowingly be party to advising or telling people how to fill in the declaration or they could be jointly liable for any infringement.

Figure 3.7 Exception for library staff to copy on behalf of a user who completes a declaration form reasonably find out, the name and address of a person entitled to authorise the making of the copy of the work. • For preservation (section 42) under the following conditions: — the work is in the permanent collection for the purposes of reference on the institution’s premises, is included in a part of the collection which is not accessible to the public, or which is available on loan only to other libraries, archives or museums. — where it is not reasonably practicable to purchase a copy of the item. • For replacement (section 42) of all or part of a work for a not-for-profit library provided that each of the following conditions are met: — the copy is required to replace an item that has been lost, damaged or destroyed. — the work being replaced was in the permanent collection for reference only or which was available on loan only to other libraries. — a copy cannot reasonably be purchased. — where an institution makes a charge for supplying a copy to another library, archive or museum, the sum charged must be calculated by reference to the costs attributable to the production of the copy. • For making works available through dedicated terminals (section 40B). Libraries have special privileges to copy certain unpublished works (section 43). This is possible if the following conditions are met: • The document was deposited before it was published. • The copyright owner has not prohibited copying and at the time of making the copy the librarian or archivist is – or ought to be – aware of that fact. • Where a library or archive makes a charge for supplying a copy under this

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 58

58

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

section, the sum charged must be calculated by reference to the costs attributable to the production of the copy. • A statutory declaration is completed, which must state: — the name of the person who requires the copy and the material which that person requires. — A statement that the person has not previously been supplied with a copy of that material by any library or archive. — A statement that the person requires the copy for the purposes of research for a non-commercial purpose or private study, will use it only for those purposes and will not supply the copy to any other person.

3.4.10.1 Copying by librarians on behalf of their users The library exceptions cover copying undertaken by library staff on behalf of their users, whether they are local users or interlibrary users. The individual users themselves cannot claim it. Under the library exception in section 42A, library staff can make one copy of an article from an issue of a periodical or a reasonable proportion of a nonperiodical published work provided that a number of conditions are met: • The user must provide the librarian with a written declaration (see the sample declaration form in Figure 3.8) containing the information set out in section 42A(3). • If the user is charged for the copy made, the sum charged must be calculated by reference to the costs attributable to the production of the copy. • No more than one article from a periodical issue can be copied or a reasonable proportion of a non-periodical work. • The librarian must be satisfied that the criteria set out in the legislation are met. If the declaration is false, the copy is an infringing copy and the reader is responsible for that infringement, as if they had made the copy themselves. The CDPA contains over 50 exceptions. For example, there are exceptions relating to public administration which permit copying for parliamentary and judicial proceedings (section 45), Royal Commissions and statutory enquiries (section 46), material open to public inspection or on an official register (section 47), material communicated to the Crown in the course of public business (section 48), public records (section 49) and acts done under statutory authority (section 50). The majority of the exceptions are limited to copying for a non-commercial purpose. It is likely that the business community will often experience difficulty

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 59

COPYRIGHT

59

trying to fit their copying into the copyright exceptions or permitted acts, and they are advised to look to the copyright licences offered by the collective licensing societies as a possible solution. DECLARATION: COPY OF ARTICLE OR PART OF PUBLISHED WORK To: The Librarian of………………………………………….Library [Address of Library] Please supply me with a copy of: * the article in the periodical, the particulars of which are [ ] * the reasonable portion of the published work, the particulars of which are [ ] required by me for the purposes of research for a non-commercial purpose or private study. 2. I declare that: (a) I have not previously been supplied with a copy of the same material by you or any other librarian; (b) I will not use the copy except for research for a non-commercial purpose or private study and will not supply a copy of it to any other person; and (c) to the best of my knowledge no other person with whom I work or study has made or intends to make, at or about the same time as this request, a request for substantially the same material for substantially the same purpose. 3. I understand that if the declaration is false in a material particular the copy supplied to me by you will be an infringing copy and that I shall be liable for infringement of copyright as if I had made the copy myself. Date ……………………… Name …………………………… Address ………………………... ………………………… ………………………… * Delete whichever is inappropriate

Figure 3.8 Sample copyright declaration form

3.4.10.2 Libraries and educational establishments making works available through dedicated terminals Section 40B of the CDPA 1988 provides an exception permitting copying of works in order to make them available through dedicated terminals:

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 60

60

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

• The work must have been lawfully acquired by the institution. • It must be communicated or made available to individual members of the public for the purposes of research and private study. • The work must be communicated or made available in compliance with any purchase or licensing terms to which it is subject (in other words, this exception could be overridden by the terms of a contract). • The access is limited to where it is made on the premises of the institution at an electronic terminal. The legislation doesn’t spell out clearly the extent to which the section 40B exception can be used. However, the ECJ case Technische Universitat Darmstadt v. Eugen Ulmer KG (C-117/13) does help clarify how the exception works: • The exception would not authorise the printing out or downloading of material from a work which has been digitised and made available through a dedicated terminal. It would not, for example, permit a user to download a copy of the work onto a USB stick. • A library can use the exception to digitise content from its collections, as long as this is in line with any licensing or purchase terms. • The library would be able to use the exception to justify the copying of more than nothing and less than everything in its collection. The problem is that it is unclear where the limits would lie.

3.5

Licensing

What copyright law does not allow can often be done with the copyright owner’s consent through an appropriate licence. Copyright licences offer a way in which the licensee can be given rights that are over and above what copyright law would have permitted, and this is often in exchange for a payment (a licence fee). However, there are also copyright licences that are completely free of charge. Examples of free licences include the Open Government Licence, the Open Parliament Licence and the Creative Commons licences. The CDPA allows for the setting-up of collective licensing bodies such as the Copyright Licensing Agency (CLA) or NLA Media Access (NLA). Where there is a dispute between a collecting society and users or groups representing users, these can be referred to the Copyright Tribunal. The Copyright Tribunal’s primary purpose is to resolve commercial licensing disputes between copyright owners or their agents (collecting societies) and people who use copyrighted material in their business. The Tribunal is a nondepartmental public body, sponsored by the Department for Business, Energy and Industrial Strategy. Decisions of the Copyright Tribunal are appealable to the High Court (or in Scotland to the Court of Session) only on a point of law.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 61

COPYRIGHT

61

Details of the Copyright Tribunal’s hearing procedure and listed cases can be found at https://gov.uk/government/organisations/copyright-tribunal.

3.5.1 Copyright Licensing Agency The CLA is one of the UK’s largest reproduction rights organisations. It is a notfor-profit company that was set up in 1983 by Publishers Licensing Services (PLS) and the Authors Licensing and Collecting Society (ALCS). The CLA also works closely with the Design Artists Copyright Society (DACS). The CLA offers a range of licences, according to the type of organisation. The licences available include ones for business, law firms, pharmaceutical companies, public bodies, higher education, further education and schools. There is also a licence available for media monitoring organisations. As required by section 136 of the CDPA (implied indemnity in schemes or licences for reprographic copying), licence holders are given an indemnity against liability for infringement for reprographic copying provided that the licence terms are complied with.

✒ Useful resource The CLA maintains a ‘list of excluded categories in addition to the list of excluded works’ (https://cla.co.uk/excluded-works) that lists the publishers and/or the individual titles that cannot be copied under the terms of the licence agreement. The ‘excluded categories’ cover material such as maps and charts, newspapers, printed music, workbooks, work cards or assignment sheets.

TIP: Even if a work isn’t specifically mentioned in the CLA’s list of excluded works, care should be taken to see if the work itself has a note on it about copyright. One of the excluded categories covers any work on which the copyright owner has expressly and prominently stipulated that it may not be copied under a CLA licence. CLA has a multinational licence which means that they are able to license global organisations. It is available to UK or overseas headquartered companies. It extends the permissions to the overseas sites and employees within a business so that they can enjoy the same rights as UK employees. The licence is especially useful for large organisations that require consistent copyright terms across all global sites, and also for companies that have subsidiary offices based in territories where there is no collective licence available for commercial organisations.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 62

62

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

The CLA’s licence fee is usually based on a rate per professional employee and the interpretation of what is meant by a ‘professional employee’ will differ from sector to sector. However, the small business licence is the one licence that is not based upon a rate per professional employee. Small businesses are instead charged a flat fee based upon the total number of staff. There are two bands – one for businesses employing up to 10 people and the other for those employing between 11 and 50 employees. The small business licence incorporates the same terms as the business licence.

3.5.2 NLA Media Access Set up in January 1996, NLA Media Access (NLA) operates a licensing scheme to collect royalties on behalf of newspaper publishers. The NLA licence covers UK national and regional papers, international newspapers, news websites and magazines. There are a number of different types of licence available such as the business licence, educational establishment licence, public relations licence, charity licence, republishing licence or the web end-user licence. NLA offers a basic licence to cover occasional copying of both the printed and online versions of the national newspapers plus any five regional newspapers. They also offer a frequent copying licence to cover regular copying and distribution of articles within an organisation, including content supplied by a third party, such as a public relations consultancy or media monitoring organisation.

Public Relations Consultants Association Ltd v. Newspaper Licensing Agency Ltd C-360/13 Meltwater provide a media monitoring service to clients. Websites are scanned for the occurrence of particular words or phrases that the client wishes to monitor, and where the word/phrase appears Meltwater sends the client a hyperlink to each relevant article, along with the opening words of the article and an extract from the article showing the context within which the word or phrase appears. During 2009, the NLA proposed two new licensing schemes, one for media monitoring organisations and the other for end-users of those monitoring services. The NLA contended that end-users would need to take out a licence if they wanted to make use of media monitoring services; otherwise they would be infringing copyright in the material by receiving and reading Meltwater News. The rationale for this is that by clicking on a link to the article they would be making a copy of the article within the meaning of section 17 of the CDPA 1988, and by forwarding Meltwater News or its contents to clients they would be issuing copies to the public within the meaning of section 18 of the CDPA 1988.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 63

COPYRIGHT

63

In December 2009, Meltwater Group announced that it had referred the NLA to the Copyright Tribunal over the reasonableness of those licences. At the time of referring the dispute to the Copyright Tribunal, Jorn Lyseggen, CEO of Meltwater Group, said: ‘The NLA’s attempt to license our clients is essentially a tax on receiving these internet links. This fee is not only unjust and unreasonable, it is contrary to the very spirit of the internet.’ Meanwhile, the NLA launched a High Court action (NLA v. Meltwater and PRCA [2010] EWHC 3099 (Ch)) in order to get legal clarity on aggregator and end-user licences. The case went to the Court of Appeal ((Newspaper Licensing Agency Ltd & Ors v. Meltwater Holding BV & Ors [2011] EWCA Civ 890 (27 July 2011)) and to the Supreme Court ([2013] UKSC 18) who referred a number of questions to the European Court of Justice (C-360/13) for consideration. The European Court of Justice held that: • viewing freely available copyrighted material on websites is not an act of copyright infringement and does not require rights holders’ permission, even if a rights holder objects to the activity. • the technical process behind displaying content on users’ screens and storing the content as a ‘cache’ file on a computer’s hard drive does involve making copies of content but it falls within the exception for the making of temporary copies and can therefore be done without the rights holders’ permission. • The Court said that the temporary copying exception under EU copyright laws could be applied to the practice of internet browsing because the activity constitutes a ‘special case’ that does ‘not conflict with a normal exploitation’ of copyrighted material and does not ‘unreasonably prejudice the legitimate interests of the rightholder’. • The publishers of websites have to ensure that they obtain authorisation from the relevant copyright holders if they make available works protected by copyright. ‘In those circumstances, there is no justification for requiring internet users to obtain another authorisation allowing them to avail themselves of the same communication as that already authorised by the copyright holder in question.’ • Under EU copyright laws rights holders are entitled to charge licence fees to those that make copies of their copyrighted works. But the Copyright Directive also provides that rights holders may not charge fees if these are temporary copies and are ‘an integral and essential part of a technological process whose sole purpose is to enable [either] a transmission in a network between third parties by an intermediary, or a lawful use of a [copyright] work’, providing the copy has ‘no independent economic significance’. • This decision applies only to browsing and does not legitimise the printing out or downloading of website content without the permission of copyright owners.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 64

64

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

3.5.3 Design Artists Copyright Society Formed in 1983, DACS represents visual creators, artists and photographers. It licenses the use of artistic works such as photographs, sculptures, charts, maps, cartoons and diagrams. DACS also pursues cases of copyright infringement on behalf of its members. Many artists create their works as a result of a commission – they might directly administer and control their primary rights, but they may not be able to control their secondary rights. DACS manages this for them through ‘Payback’, an annual service that distributes royalties to visual artists whose work has been reproduced in UK books or magazines or on certain television channels. DACS also offers a dedicated service for collecting the resale royalties due to UK artists under Artist’s Resale Right (droit de suite). If an artist signs up to the service, DACS will monitor sales of their work by auction houses, galleries and dealers and collect the royalties on their behalf.

3.5.4 Ordnance Survey The Ordnance Survey (OS) provides a licensing system for people to be able to make use of their mapping products (such as maps and aerial photographs). Customers ranging from solicitors, shopkeepers and estate agents through to engineers use these licences. Users pay an annual fee in order to be able to make unlimited copies of maps for internal business use or to publish OS mapping in leaflets, in brochures and on web pages.

✒ Useful resource OS OpenData is a suite of data products providing a set of free digital maps of Great Britain. It allows users to: download a wide range of mapping and geographic information for free reuse direct to their computers; view maps and boundary information for the whole country; and develop web-map applications using OS’s OS OpenSpace API (Application Programming Interface). The OS OpenData products are available for anyone to use, for any purpose. The only stipulation is that you acknowledge Ordnance Survey if you make use of the products. OS OpenData currently consists of 14 products: • • • • • • •

OS Open Greenspace OS Open Zoomstack OS Open Map – Local OS Names API OS Open Roads OS VectorMap District OS Open Rivers

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 65

COPYRIGHT

• • • • • • •

65

OS Terrain 50 1:250,000 Scale Colour Raster OS Open Names Boundary-Line Code-Point Open MiniScale GB Overview Maps.

(https://www.ordnancesurvey.co.uk/business-andgovernment/products/opendata.html).

Ordnance Survey Northern Ireland v. Automobile Association (2001) Background: OS launched a High Court action against the Automobile Association (AA) in 1996 after they were caught copying dozens of OS maps. Cartographers at OS trapped the copiers by putting faults, such as tiny kinks in rivers, in dozens of maps. These faults helped to prove that 26 million published guides, which the AA claimed as its own work, were straightforward copies. In 2000, the AA had already admitted breaching Crown copyright of 64 maps and agreed to pay £875,000 compensation. In this separate case, more than 500 publications were involved, with more than 300 million copies printed. Outcome: The AA agreed to pay £20 million in compensation. The money was to be paid over a period of two years and covered backdated royalties, interest, legal costs and an advance on the AA’s coming royalties for the next year.

3.5.5 The National Archives The National Archives is a non-ministerial department and the official archive and publisher for the UK Government for England and Wales. It incorporates the Public Record Office, the Royal Commission on Historical Manuscripts, Her Majesty’s Stationery Office (HMSO) and the Office of Public Sector Information all of which joined together to form a single organisation. The National Archives is at the heart of information policy, setting standards, delivering access and encouraging reuse of public sector information (see Chapter 11). The agency provides online access to UK legislation, oversees the UK government licensing framework – including the open government licence – and provides advice and guidance on official publishing and Crown copyright. The Open Government Licence is a simple set of terms and conditions that facilitates the re-use of a wide range of public sector information free of charge. There is no need to register or apply to use the OGL. Users simply need to

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 66

66

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

ensure that their use of information complies with the licence terms, which state that users should where possible provide a link back to the OGL. It is important to bear in mind that the Open Government Licence is only one of three different licence types that make up the UK government licensing framework (see Section 11.4), albeit that it is the most commonly used of the three licences. The other licences that make up the framework are the noncommercial licence and the charged licence. TIP: Do not assume that government information is automatically covered by the Open Government Licence. Always look out for a statement making clear that the information is being made available under the Open Government Licence or look for the OGL symbol. Under the terms of the Open Government Licence (www.nationalarchives. gov.uk/doc/open-government-licence/version/3), users are free to: • Copy, publish, distribute and transmit the information. • Adapt the information. • Exploit the information commercially, for example, by combining it with other Information, or by including it in their own product or application. There are a number of conditions that need to be met by users of Crown copyright material under the terms of the Open Government Licence: • Acknowledge the source of the information by including any attribution statement specified by the Information Provider(s) and, where possible, provide a link to the licence. • Ensure that they do not use the information in a way that suggests any official status or that the Information Provider endorses them or their use of the information. • Ensure that they do not mislead others or misrepresent the information or its source. • Ensure that their use of the Information does not breach the Data Protection Act 2018 or the Privacy and Electronic Communications (EC Directive) Regulations 2003 (as amended). The National Archives issues guidance to government departments, agencies and all users of Crown copyright-protected material (see http:// www.nationalarchives.gov.uk/documents/information-management/crowncopyright-an-overview-for-government-departments.pdf). As far as parliamentary copyright is concerned, a significant amount of

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 67

COPYRIGHT

67

content covered by parliamentary copyright is covered by the Open Parliament Licence (www.parliament.uk/site-information/copyright/open-parliamentlicence/). What the licence does not cover, though, are: • Personal data in the information. • Information that has neither been published nor disclosed under information access legislation (including the Freedom of Information Acts for the UK and Scotland) by or with the consent of the licensor. • The Royal Arms and the Crowned Portcullis. • Third party rights the licensor is not authorised to licence. • Information subject to other intellectual property rights, including patents, trademarks and design rights.

3.5.6 Creative Commons Creative Commons licences try to achieve a point inbetween all rights reserved and no rights reserved. They can be summed up as ‘some rights reserved’ because the content owner reserves some rights of control. The licences try to make it as easy as possible to understand what they cover by adopting four symbols. Each licence consists of a combination of these symbols, for example BY ND (attribution, no derivative works). These symbols and their definitions are: 1 Attribution (BY). You let others copy, distribute, display and perform your copyrighted work – and derivative works based upon it – but only if they give credit the way you request. 2 No derivative works (ND). You let others copy, distribute, display and perform only verbatim copies of your work, not derivative works based upon it. 3 Non-commercial (NC). You let others copy, distribute, display and perform your work – and derivative works based upon it – but for non-commercial purposes only. 4 Share alike (SA). You allow others to distribute derivative works only under a licence identical to the licence that governs your work. Licences cannot feature both the SA and ND options because by its very nature, the SA requirement applies only to derivative works. Creative Commons aims to make copyrighted material more accessible in the digital environment and does this by getting content owners who participate in the Commons to label their material with a CC symbol representing the terms upon which the material may be reutilised. This enables users to see straight away precisely what rights they have to reproduce, communicate, cut, paste and remix the content.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 68

68

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

✒ Useful resource There is a Creative Commons add-in for Microsoft Office available for download from the Microsoft website (https://www.microsoft.com/en-gb/ download/details.aspx?id=13303) that makes it easy for licence information to be embedded in Microsoft Word, Excel and PowerPoint documents. Where documents that have licensing information embedded in their metadata are published to the internet, this machine-readable data makes it possible for search engines to provide search forms where a user can specify that they want to limit their search to Creative Commons licensed content. The Open Government Licence (see also Section 11.4.1) is interoperable with widely used models such as Creative Commons and Open Data Commons and as such supports the inclusion of machine-readable description and semantic web properties. A Creative Commons licence cannot make infringing material lawful. If a section of material is included in a Creative Commons licensed work and there wasn’t a licence in place or any other permission to use it, then this may be a breach of copyright. In such circumstances, the Creative Commons licence would be invalid with regard to the infringing elements of the licensed work and any additional use of the infringing elements would be a further breach of copyright.

Chang v. Virgin Mobile USA LLC 2009 WL 111570 (N.D. Tex. January 16, 2009) A photograph of Alison Chang was posted on Flickr under a Creative Commons Attribution 2.0 licence. The photograph of the teenager was then used by Virgin Australia in an advertising campaign. Alison Chang’s parents brought a lawsuit, claiming that Virgin violated their daughter’s right to privacy by using a photograph of her for commercial purposes without her or her parents’ permission. The photographer also sued on the grounds that the Creative Commons failed ‘to adequately educate and warn him [...] of the meaning of commercial use and the ramifications and effects of entering into a license allowing such use’. The claims against the Creative Commons Corporation were subsequently withdrawn and the case against Virgin Australia in the US courts was dismissed for lack of jurisdiction. There have been a number of court cases in different countries, which have established the enforceability of Creative Commons licences: • In Lichodmapwa v. L’asbl Festival de Theatre de Spa (2010), a Belgian court awarded Lichodmapwa 4,500 EUR for infringement of a song

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 69

COPYRIGHT

69

(‘Abatchouck’) released under a CC BY-NC-ND licence. Lichodmapwa claimed that the theatre company had violated all three of the licence conditions when it used an extract from the song in a commercial advert without any attribution. • In 2007, Bulgarian blogger Elenko Elenkov filed a lawsuit against the newspaper 24 Hours for using one of his photos licensed under a CC BY-SA licence without mentioning him or the licence used. The Sofia City Courts ruled in favour of the blogger. • Adam Curry v. Weekend. In 2006, a Dutch court ruled that photographs that had been posted on Flickr under a CC BY-NC-SA licence should not have been reproduced by the Dutch magazine without permission. The publisher faces a fine of 1,000 EUR for each subsequent violation if they publish any of Curry’s pictures without permission again. • Avi Reuveni v. Mapa Inc. Belgium 2010 Israel 2011: TA 3560/09, 3561/09 An Israeli court enforced CC BY-NC-ND licences relating to 15 copyrighted photographs that had been uploaded to Flickr and awarded the plaintiffs the equivalent of US$12,500 in damages. The defendant was also ordered to pay half of the plaintiffs’ court fees and US$2,500 for the plaintiff’s legal costs.

✒ Useful resource There is a Creative Commons case law database at https://labs.creativecommons.org/caselaw/ comprising of case law and legal scholarship exploring legal issues surrounding the Creative Commons licences.

✒ Useful resource OpenAttribute (http://openattribute.com) provides a set of tools for a range of platforms to make it as easy as possible for people to comply with the terms of the licences so that reusing and properly attributing open content is as easy as cut and paste.

3.6

Digital copyright

Works which are published in electronic form, such as electronic journals, PDF documents on the internet, online databases or websites, are protected by copyright law.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 70

70

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

3.6.1 Internet In a single web page there can be many different copyrights. For example: • The textual articles, HTML coding and metadata are literary works. • The graphics are artistic works. • The sound files containing musical works are protected as sound recordings. The web page would also benefit from the exclusive right of the copyright owner to communicate their work to the public by electronic means. TIP: People wishing to undertake copying of material on the internet which falls outside any of the permitted acts should check to see if there is a copyright notice on the web page. If the copying they wish to undertake is not covered in the copyright notice, or if there is no copyright notice on the website, then you should ask for permission by contacting the webmaster. Librarians need to be mindful of both copyright and database right when copying material on the internet. Many websites will fall under the definition of a database which appears in The Copyright Rights in Databases Regulations 1997 (SI 1997/3032) and will therefore have the protection of database right (see Section 3.6.4). An important legal case that dealt with database right is British Horseracing Board (BHB) v. William Hill EWCA (Civ) 863. The ECJ judgment (C-203/02) shows that in order for database right to apply there must have been a substantial investment in the obtaining, verification and presentation of the contents of the database, and that this must be distinct from any investment involved in the creation of the contents of the database. Copying in relation to any description of work includes the making of copies which are transient or are incidental to some other use of the work (CDPA, section 17(6)). When you look at a web page, for example, you will have automatically made more than one copy simply by virtue of the way in which the technology works – the copy that you see on the screen as well as the copy that is automatically saved to your web browser’s cache, even before you think about downloading or printing a copy. It is for this reason that Directive 2001/29/EC has one mandatory exception. Article 5.1 requires member states to provide an exception to the reproduction right for certain temporary acts which are transient or incidental, and so regulation 8(1) of SI 2003/2498 inserts section 28A into the CDPA: Copyright in a literary work, other than a computer program or a database, or in a dramatic, musical or artistic work, the typographical

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 71

COPYRIGHT

71

arrangement of a published edition, a sound recording or a film, is not infringed by the making of a temporary copy which is transient or incidental, which is an integral and essential part of a technological process and the sole purpose of which is to enable— (a) a transmission of the work in a network between third parties by an intermediary; or (b) a lawful use of the work; and which has no independent economic significance. (https://www.legislation.gov.uk/ukpga/1988/48/section/28A).

3.6.2 Right of communication to the public The copyright owner has an exclusive right to communicate their work to the public. It covers broadcasting the work and also making the work available by electronic transmission so that members of the public may access it from a place and at a time individually chosen by them. If you want to include another person’s content on your website it is essential that you obtain their permission. Remedies available to a copyright owner who finds that someone has made use of his or her content without permission include damages and an injunction to stop the inclusion of the material on the website.

3.6.3 Hyperlinking and deep linking Hyperlinking is an integral part of the way in which the web works, allowing people either to jump from one website to another or to navigate from one page within a site to another page on the same site. There have been a number of legal cases that have considered the use of hyperlinks, and in particular deep links, and whether or not these are legitimate. 1. ‘Linking’ which takes you to the home page of a particular website or very close to the top of the site’s hierarchy is known as ‘shallow linking’. 2. ‘Deep linking’ is a link that takes you directly to a specific page (or part of a page) of a website. 3. ‘Framing’ occurs where a webpage is linked to what appears in a ‘frame’ of the original website visited.

Figure 3.9 The different types of hyperlinks The use of deep links can be problematic for several reasons: 1. If the website that you are linking to has banner advertisements on the home page for which the site owner gets an income based upon the number

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 72

72

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

of ‘click-throughs’, it could be argued that, by deep linking within the site, you are depriving the site owner of income. 2. By deep linking to a page within a site, you might be said to be encouraging people to go directly to a page when the site owner might want you to see a set of terms and conditions before viewing any pages on their site. Indeed, by getting people to circumvent the page containing terms and conditions of use, you might actually be stopping people from seeing if the site owner has clearly stated in those terms and conditions that deep linking is not permitted. 3. Linking may be judged to be an infringement of database right. In Stepstone v. OFiR [2000 EBLR 87], a German court took the view that Stepstone’s website, which provided a database of job vacancies, was protected by the database right, and that OFiR’s activities amounted to the repeated and systematic extraction of insubstantial parts of Stepstone’s database, which prejudiced Stepstone’s legitimate interests. 4. The use of frames technology can also be problematic. With frames it is possible to link from one website to another without users realising that they have linked through to an external site. This could suggest a false association with the other site or lead to an accusation of passing off someone else’s content as though it were your own. • • • • • • •

Make it clear what is being done and who you are linking to. Ideally the hyperlink should open up in a new page/window. Use a disclaimer about the content of external sites. Check the website’s terms and conditions for the sites you wish to link to. Do not circumvent anti-linking measures. Link to the home page if sufficient. Avoid commercially unfair deep linking (i.e. that will lead you to benefit commercially at the expense of the owner of the site you are linking to). • Inform the content owner that you wish to link to their site. This is a matter of good ‘netiquette’ and may lead to them creating a reciprocal link from their website. • Don’t link to content which infringes copyright, is defamatory or libellous, is blasphemous, is obscene, incites racial hatred or encourages terrorist activity.

Figure 3.10 Points to consider when deep linking

Table 3.4 Checklist of things to consider when hyperlinking Is the content accessible? Does the hyperlink allow access to works that have been made freely available on another website? The hyperlink is a ‘communication to the public’ if it allows users to circumvent the restrictive measures taken by the site where the protected work is posted in order to restrict the public’s access to its own subscribers.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 73

COPYRIGHT

73

Table 3.4 Continued Has the content been published with the rights holder’s consent

It must be established whether the intervention at issue enables a public to be reached which cannot be considered to have been included in the public for which the right holder had previously given his consent. It will not always be easy for the operator of a website to check that the right holder has given their consent.

Was there a profitmaking intention?

The profit-making nature of a communication to the public is relevant. When hyperlinks are posted for profit, it may be expected that the person who posted such a link should carry out the checks necessary to ensure that the work concerned is not illegally published. So, where links are posted for profit, there will be a presumption that this was done in the full knowledge of the protected nature of the work and of the possible lack of the copyright holder’s consent to publication on the internet.

Was there actual knowledge that the content linked to is unlawful?

Knowledge of the illegality of the publication on the other website must be presumed if the hyperlinks are provided for profit. When someone posts a hyperlink to a work that is freely available on another website, and is not pursuing a profit motive, they do not know and cannot reasonably know that the work has been published on the internet without the consent of the copyright holder.

Does the hyperlink represent an act of communication to the public?

The posting of a hyperlink on a website to works protected by copyright and published without the author’s consent on another website does not constitute a ‘communication to the public’ when the person who posts that link does not seek financial gain and acts without knowledge that those works have been published illegally. The concept of ‘communication to the public’ requires an individual assessment, which must take account of several complementary criteria: (1) The deliberate nature of the intervention – the user makes an act of communication when it intervenes, in full knowledge of the consequences of its action, in order to give access to a protected work to its customers. (2) The concept of the ‘public’ covers an indeterminate number of potential viewers and implies a fairly large number of people. (3) The profit-making nature of the communication to the public is relevant. (4) Does it constitute a communication to a new public? Acts of retransmission are restricted acts only insofar as the retransmissions reach a ‘new public’, that is a public which was not taken into account by the authors of the protected works when they authorised their use by the communication to the original public. (5) If a hyperlinker links to content on the web fully in the knowledge that the content was posted online without the consent of the copyright holder, that would constitute a communication to the public.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 74

74

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

There have been a number of significant ECJ cases which have considered the legality of hyperlinking. These include: • Svensson and Ors v. Retriever Sverige AB C-466/12 • BestWater International GmbH v. Michael Mebes and Stefan Potsch C348/13 • GS Media v. Sanoma Media Netherlands and Ors C-160/15. BestWater C-348/13 considered the question of whether a website operator who embeds video content protected by copyright into his website using framing technology infringes the copyright. The court held that embedding a copyright protected work on a website through framing technology cannot be considered to be a communication to the public according to Article 3(1) 2001/29/EC as long as the copyright protected work is not communicated to a new public nor communicated by technical means that differ from the technical means of the initial communication.

3.6.4 Database regulations The Copyright and Rights in Databases Regulations (SI 1997/3032) came into force on 1 January 1998. They implement Council Directive 96/9/EC on the legal protection of databases. The regulations introduced a new right – database right – which subsists if there has been a substantial investment in obtaining, verifying and presenting the contents of the database. In order for a database to qualify additionally for full copyright protection, it must be the author’s own intellectual creation by virtue of the selection and arrangement of the contents. Databases could potentially qualify for copyright, for database right, for both, or for neither. The regulations do not consider a ‘database’ to be limited to electronic information, but rather as any collection of independent works, data or other materials which are arranged in a systematic or methodical way and are individually accessible by electronic or other means. Collections of data such as directories, encyclopedias, statistical databases, online collections of journals, multimedia collections and many websites would fit this definition of a database. As with copyright, there are a number of exceptions to database right. However, the number of exceptions is far fewer than is the case for copyright. Fair dealing with a database is permitted so long as the person extracting the material is a lawful user of the database, that their purpose is illustration for teaching, research or private study and not for any commercial purpose, and that the source is indicated. The regulations state that ‘the doing of anything in relation to a database for the purposes of research for a commercial purpose is

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 75

COPYRIGHT

75

not fair dealing with the database’ (www.legislation.gov.uk/uksi/1997/ 3032/part/II/made). This was the first time that such a distinction had been made in UK copyright law and this principle was extended in SI 2003/2498 to cover other copyright-protected material. Schedule 1 of the database regulations sets out a number of exceptions to database right for public administration and these relate to: 1 2 3 4 5 6

Parliamentary and judicial proceedings. Royal Commissions and statutory inquiries. Material open to public inspection or on an official register. Material communicated to the Crown in the course of public business. Public records. Acts done under statutory authority.

In the case of copyright, the protection for a database would normally be for 70 years from the end of the year of death of the author. In the case of database right, the period of protection would be for 15 years from its creation or from its being made available to the public if this occurs during the 15-year period. Importantly, a substantial new investment would qualify the database for a new 15-year term of protection. Many ‘databases’ are maintained continuously and this can involve a significant investment. As such, they can potentially end up being protected for an indefinite period.

3.6.5 Archiving and preservation of digital content Section 42 of the CDPA allows a librarian, archivist or curator of a library, archive or museum to make a copy of an item in that institution’s permanent collection in order to preserve or replace that item; or where an item in the permanent collection of another library, archive or museum has been lost, destroyed or damaged, a copy can be made to replace the item in that collection. Key points: • The exception covers all types of copyright works. • Covers works held in the permanent collection (but not available for loan to the public). • Where it is not reasonably practicable to purchase a replacement copy. • References to a library, archive or museum relate to one which is not conducted for profit. • The exception would permit format shifting. Section 42 of the CDPA does have several very specific conditions:

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 76

76

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

42(2) The first condition is that the item is— (a) included in the part of the collection kept wholly or mainly for the purposes of reference on the institution’s premises, (b) included in a part of the collection not accessible to the public, or (c) available on loan only to other libraries, archives or museums. (3) The second condition is that it is not reasonably practicable to purchase a copy of the item to achieve either of the purposes mentioned in subsection (1). These provisions assist libraries and archives who may wish to minimise the wear and tear of fragile items or to replace lost, destroyed or damaged items in their permanent collections. The aim is to allow libraries and archives to use technology to preserve valuable material before it deteriorates or the format in which it is stored becomes obsolete.

3.6.6 Licensing of electronic resources One of the problems with electronic information is that its use is normally governed by a licence or contract rather than by copyright law and these licences often differ on key points from one supplier to another. It is for this reason that initiatives have been undertaken to try and come up with a standard licence for electronic resources.

✒ Useful resources These initiatives include John Cox Associates (www.licensingmodels.com), ICOLC (International Coalition of Library Consortia) statement of current perspective and preferred practices for the selection and purchase of electronic information (http://icolc.net), and JISC model licences https://www.jisc-collections.ac.uk/Support/How-Model-Licences-work/. With digital information, as with hard-copy information, it is important to make a distinction between single copying and multiple copying. If, for example, you send an e-mail to several people containing a scanned item in which you do not own the rights, you will have undertaken multiple copying and the exceptions for fair dealing for a non-commercial purpose or for private study would not cover this.

3.6.7 Digital rights management systems Digital rights management (DRM) systems can provide a technological solution

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 77

COPYRIGHT

77

for rights owners wishing to ensure that their intellectual property is not copied or re-disseminated in an unauthorised manner. They provide robust and reliable tamper-proof mechanisms for controlling the use of copyright material. There are two key elements to a DRM system, which can be summed up by the formula DRM = RMI + TPM. That is, a DRM system consists of both rights management information as well as a technical protection measure. In principle, the copyright exceptions or permitted acts apply to digital information. However, if the rights owners have made use of technical measures to prevent access to their work(s), the copyright exceptions are rendered worthless, because it would be illegal to try and break any copy protection that is in place. SI 2003/2498 implements the provisions of Directive 2001/29/EC into UK law, making it an offence to break through a technical protection measure or to remove or alter electronic rights management information. CDPA 1988 section 296ZE sets out the remedy that is available where effective technological measures prevent a person from carrying out a permitted act. Basically, the person affected can issue a notice of complaint to the Secretary of State for Business, Energy and Industrial Strategy if they believe that they are entitled to make use of a copyright exception but are being prevented from doing so because of a technical measure attached to a work. The Secretary of State can then give directions to the publisher to rectify the situation. There is a formal complaints process relating to situations where a technical protection measure prevents someone from benefiting from a copyright exception. The details of the process can be found at https://www.gov.uk/ government/publications/technological-protection-measures-tpms-complaintsprocess. In order to be eligible for the complaints process, conditions apply: • The work you are complaining about must be a work that is protected by copyright (but the complaints process does not cover copyright protected software). • You must have lawful access to the work – for example you could have purchased a lawful copy of the work or you could have been given it as a gift. • The TPM must be preventing you from benefitting from one of the eligible exceptions. • Before using the complaints process you would be expected to have contacted the rights holder to try to agree a solution. It is, however, unclear as to what scenarios might arise in which the legislation can be used, because section 297ZE(9) states that:

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 78

78

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

This section does not apply to copyright works made available to the public on agreed contractual terms in such a way that members of the public may access them from a place and at a time individually chosen by them. The situation is slightly different for those wishing to benefit from the disability exceptions (see Section 15.2).

3.6.8 Digital signatures and copyright declaration forms The CDPA 1988 permits librarians to copy on behalf of their users (from published works under section 42A and from unpublished works under section 43). There is a requirement for the person requesting the material to provide the librarian with a written declaration, but neither section 42A nor section 43 require a ‘signature’ or ‘digital signature’. TIP: Secure wi-fi networks Where libraries offer wireless internet access it is harder to tackle infringement than is the case with wired internet access, especially at the higher levels of bandwidth. However, there are steps that can be taken to limit infringement: • • • •

Changing the administrator password. Turning off the network’s name or Service Set Identifier (SSID). Enabling Wi-Fi Protected Access (WPA2) encryption. If the router has this feature, reducing the range of the signal in order to limit the distance from your location that the signal can reach.

Wireless internet access can be vulnerable to use by criminals with hackers ‘piggybacking’ onto the internet connection, stealing usernames and passwords and undertaking illegal activities including copyright infringement.

McFadden v. Sony C-484/14 The operator of a shop who offers a wi-fi network free of charge to the public is not liable for copyright infringements committed by users of that network. Mr Tobias McFadden was the owner of a business in Munich, Germany, where he offered access to a wi-fi network to the general public free of charge in order to draw the attention of potential customers to his goods and services. In 2010, a musical work was unlawfully offered for downloading via the

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 79

COPYRIGHT

79

internet connection. Mr McFadden was not the actual party who infringed the copyright, but the copyright infringement was possible because his wi-fi network had not been made secure. Intermediate providers of mere conduit services are exempt from liability for unlawful acts committed by a third party with respect to the information transmitted, so long as three cumulative conditions are met (see the Ecommerce Directive 2000/31/EC). These are that the provider: (a) Does not initiate the transmission; (b) Does not select the receiver of the transmission; and (c) Does not select or modify the information contained in the transmission. Monitoring information transmitted via a given network would not be justifiable, nor would the complete termination of the internet connection without there being consideration given to the adoption of less restrictive measures. It was a matter for McFadden to decide how to comply with an order requiring that he ‘prevent third parties from making a particular copyrightprotected work or parts thereof available to the general public from an online (peer-to-peer) exchange platform via an internet connection’. However, the CJEU acknowledged that in this case his ‘choice is limited to a single measure’, preventing anonymous use of his network. The court ruled that: • The copyright holder is not entitled to claim compensation on the grounds that the network was used by third parties to infringe its rights • The copyright holder can seek before a national authority or court to have a service provider ordered to end, or prevent, any infringement of copyright committed by its customers • An injunction ordering the internet connection to be secured by means of a password is capable of ensuring a balance between the intellectual property rights of rightsholders on the one hand and the freedom to conduct a business of access providers and the freedom of information of the network users. TIP: Acceptable use policy Libraries should have an acceptable use policy in place and make sure that it covers all types of uses of the institutional IT facilities and systems, whether they be on- or off-site and whether the users are permanent staff, freelancers, students, visitors or contractors. In order to be effective: • •

The policy needs to be drawn to the attention of users. The policy needs to be enforced – take disciplinary procedures and

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 80

80

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

•

where appropriate legal action against those who breach the organisation’s acceptable use policy or code of conduct. It is also important to ensure that the policy is enforced in a consistent manner.

TIP: Authentication Libraries can make sure that users are required to authenticate themselves before gaining unrestricted internet access and that logs are kept as appropriate, whilst conforming to the requirements of the Data Protection Act. A few sources of information on user authentication and managing the identity of users are: https://community.jisc.ac.uk/library/janet-policies/user-authentication and the guest and public network access factsheet (version 4, issued July 2016 which is available via the same URL). TIP: Monitor and manage new software installations An easy way to prevent users file-sharing from a particular machine is to prevent them from being able to install the ‘BitTorrent client’ software required for file-sharing. This isn’t possible for wireless networks, where users are using their own hardware. TIP: Education Libraries can reduce the risk of copyright infringements by educating users on the correct and incorrect uses of copyright materials of all kinds. Ensure that all users of the organisation’s applications, software, systems or networks (including remote users and visitors) are aware of these policies and the need to comply with them, for example, by providing a landing page that requires active consent to terms and conditions, prior to access being permitted.

3.7

Copyright clearance

Copyright is an automatic right. There is no formal process that a creator has to go through before copyright is granted. As a result, there isn’t a comprehensive register available for locating the creator or rights holder in a work in order to seek their explicit permission to copy material. And even if there were, it would have to be kept up to date if people were to rely on it because the author as first owner of copyright in a work may not be the current owner. Copyright is a property right, it can be bought, sold or given away to someone else. This would require an agreement in writing.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 81

COPYRIGHT

81

TIP: Consider whether or not clearance is required, because there are a number of reasons why copyright clearance might not be necessary, such as: •

• • • •

Where the material is in the public domain (although it is important to remember that both the typographical rights and the copyright relating to the content itself must have expired). It is a government publication covered by the Open Government Licence. It is a parliamentary publication covered by the Open Parliament Licence. The copying may be covered by a licence that your organisation already holds. It is governed by a Creative Commons licence which covers the type of usage that you are intending to make of the work.

You will need to consider who owns or controls the rights in the material. This could be: • • • •

The creator of the material or his/her heirs. The creator’s employer. Anyone else to whom the rights in the material have been sold, or otherwise transferred or licensed. A collective licensing society which has been asked to collect fees on behalf of the rights holder.

For a work that has been commercially published, the starting point for permission seeking would be the publisher. If they don’t hold the rights, they can generally refer you to whoever they think holds the rights. If, for whatever reason, they were not the rights holder, then the next step would be to try and locate the author. Another option is to contact the appropriate collecting society. Organisations such as the PLS (www.pls.org.uk), the ALCS (www.alcs.co.uk) and DACS (www.dacs.co.uk) are responsible for distributing monies to their members and as such they need to have up-to-date and accurate records in order to ensure that any monies collected on their behalf are distributed to the correct rights owner. As a result, the collecting societies might be able to help with tracing a particular rights owner. In the case of the PLS, they have a database – PLS Clear https://plsclear.com/ – which lets you search for an item by title, by author, by ISBN, by ISSN, or by keyword. In the case of DACS, they have a

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 82

82

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

searchable database of visual artists: https://www.dacs.org.uk/licensingworks/artist-search. The Society of Authors (www.societyofauthors.org) manages the estates of a number of well-known authors. If after a lot of searching you have still not been able to trace the rights owner, you might consider placing an advertisement in a relevant journal.

3.7.1 Databases of rights owners ✒ Useful resources There are a number of databases that can be used in order to trace rights owners. These include: • WATCH (Writers Artists and their Copyright Holders) http://norman.hrc.utexas.edu/watch WATCH primarily contains the names and addresses of copyright holders or contact persons for authors and artists whose archives are housed, in whole or in part, in libraries and archives in North America and the United Kingdom. The objective in making the database available is to provide information to scholars about whom to contact for permission to publish text and images that still enjoy copyright protection. • FOB (Firms Out of Business) http://norman.hrc.utexas.edu/watch/fob.cfm FOB is a companion to WATCH. It aims to record information about printing and publishing companies, magazines, literary agencies and similar organisations that are no longer in existence and the successor organisations that might own any surviving rights. The Intellectual Property Office has produced guidance on carrying out a diligent search: https://www.gov.uk/government/publications/orphan-worksdiligent-search-guidance-for-applicants. There are separate sets of guidance for: • • • • • • •

Film, music and sound. Film footage (production level). Printed music. Literary works. Unpublished literary works. Still visual art. Photographs.

Each set of guidance contains a checklist of sources to be searched which is appropriate for that particular type or category of works.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 83

COPYRIGHT

83

When contacting the rights holder in order to obtain permission, provide them with the following information: • • • • • •

Author and title of the extract you want to reproduce. Page range. Date of publication (plus volume and issue numbers for journals). ISBN/ISSN. Publisher’s name. Number of copies to be made.

You might also include: • Format of the copies. • Levels of protection available (e.g. individual passwords are needed to be able to access the file). • Whether you subscribe to the journal or hold copies of the book. • Your reference to the request (to identify it quickly). TIP: If you are going to request copyright clearance from rights holders on a regular basis you should consider developing a standard form for this purpose. If you have tried all avenues to trace the publisher and the author, and failed, then the decision to digitise the materials comes down to a risk assessment. The orphan works legislation which was passed in 2014 provides a lawful means of applying for a licence to cover your use of works for which you cannot identify or locate the rights owners; and for certain types of institution, there is a copyright exception. (See Appendix 1 for further details of the exception. However, please note that the exception will no longer be available in the event of the UK leaving the EU). TIP: If you do decide to go ahead without permission, you are taking a risk. You should first have made every ‘reasonable’ effort in order to trace the rights holder and have kept good records of your efforts. That way, if you are challenged about the copying you have done, it will help to show that you were acting in good faith. But as there is now a legal mechanism in place for the copying of orphan works, if you were to go ahead without making use of those lawful solutions, the question will arise as to why you did not make use of it.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 84

84

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

3.7.2 Orphan works ‘Orphan work’ is the term that has come to be used in order to describe a work where the rights holder is either difficult or even impossible to identify or locate. The orphan works problem tends to be more prevalent amongst older works where the copyright term far exceeds the ‘commercial’ life of the work. It also tends to be the case that the less commercially successful a work has proved to be, the more administrative effort is required to search for possible authors. Examples of orphan works can include the following: • • • • •

Obscure works of literature or art. Copyright works coming to the end of their protection period. Anonymous or pseudonymous works. Works not traditionally published. Works no longer commercially published.

The orphan work issue is linked to the lack of appropriate attribution of authorship in many creative sectors. It is especially problematic in the area of visual art and photography. Where people wish to make use of a work that is protected by copyright and that use would not be covered by one of the copyright exceptions or permitted acts, it requires the permission of the copyright holder. The problem with orphan works is that if a library undertakes a reasonable search for the copyright owner but the rights owner still cannot be located, they are unable to get the permission of the copyright owner directly. In 2014, the UK implemented measures that provide a lawful means by which orphan works can be used. These measures include several licensing solutions, including licences offered by the Intellectual Property Office, as well as the potential for licences to be offered by the collecting societies as a result of extended collective licensing. There are several factors that can lead to a work being an orphan work: 1 When there is no information about the author on the work itself. Books and journals will normally have ISBNs and ISSNs, respectively, but for some types of material there won’t be any markings along similar lines. It is highly likely that there won’t be any information about the author on photographs, for example. In addition to ISBNs and ISSNs, there are other identifier systems. They include: a b c d

ISAN for audio-visual material ISMN for sheet music ISWC for musical scores ISRC for sound recordings.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 85

COPYRIGHT

85

2 The term of copyright is dependent upon the date of the death of the author. It isn’t always easy to know when an author died and therefore to know when the work comes out of copyright protection. 3 The author is known, but has died, and there is no information about his or her heirs. 4 The company that held the copyright no longer exists. Indeed, the Gowers Review (HM Treasury, 2006) uses the word ‘abandonware’ to describe when businesses go bankrupt or merge and where any information about copyright ownership gets lost. 5 The author is no longer the rights owner. Since October 2014 there have been a number of legally compliant means of copying orphan works: 1 There is a copyright exception (CDPA 1988 section 44B), although this is only available for non-commercial use of orphan works by publicly accessible libraries, educational establishments, museums, archives, film or heritage institutions, and public service broadcasting organisations. This can be traced back to the European Commission and specifically to Directive 2012/28/EU. (NB: At the time of writing – April 2019 – it is anticipated that this exception will be removed from the statute book in the event of the UK leaving the EU. See Appendix 1.) 2 The Intellectual Property Office provides orphan works licences. Both the copyright exception and the UK orphan works licensing scheme are designed to complement one another, but they are separate and distinct. The licensing scheme derives from the UK government. 3 The third solution is extended collective licensing. Section 116B(1) of the CDPA 1988 says that: ‘The Secretary of State may by regulations provide for a licensing body that applies to the Secretary of State under the regulations to be authorised to grant copyright licences in respect of works in which copyright is not owned by the body or a person on whose behalf the body acts’.

3.7.2.1 Orphan works licences 3.7.2.1.1 Introduction Before applying for a licence to copy an orphan work ask yourself: 1 2 3 4

Is it likely that the work is still in copyright? Does my intended use fall within one of the copyright exceptions? Is there a non-orphan work that I could use instead? Could I commission a new work?

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 86

86

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

Table 3.5 Features of the IPO’s orphan works licensing scheme Orphan Works Licence Who is it for?

Anyone.

What types of material does it cover?

All types of work.

What sorts of uses?

Can cover commercial or non-commercial uses.

Is there a cost?

Yes, and this consists of an application processing charge plus the licence fee.

What if the rights owner turns up?

Within two months of being satisfied that the rights holder has been identified, the authorising body (the IPO) will pay to the rights holder a sum equal to the licence fee paid by the licensee. The licence continues for the remainder of its unexpired term or until the expiration of the notice period as set out in the licence.

How long does the permission to use the work last for?

For up to seven years. Potentially this could be renewed for a further seven-year period.

Coverage

UK only.

Requirements

A diligent search is required. If the licence is renewed, then an updated diligent search needs to be undertaken.

3.7.2.1.2 Licensing of orphan works Details of the orphan works licensing scheme are available at www.gov.uk/guidance/copyright-orphan-works. Administered by the UK IPO (www.gov.uk/ipo), the scheme: • Uses an electronic application system. • Uses a searchable register of the licences granted: https://www.orphanworkslicensing.service.gov.uk/view-register. The IPO’s role as the authorising body (in place of the absent rights holder) is to: • • • • •

Consider applications to use works. Determine licence fees. Grant licences to use works. Hold monies for a specified period (eight years). After the eight-year period expires, the unclaimed licence fees can be used to cover the set-up and running of the orphan works scheme, with any surplus being used to fund social, cultural and educational activities.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 87

COPYRIGHT

87

3.7.2.1.3 Features of the orphan works licences • They apply only for use within the UK. • They can be for either commercial or non-commercial use. • They are non-exclusive. There is a statutory prohibition against the grant of exclusive licences. • They can last for up to seven years. • A diligent search must be undertaken. • It will be possible to renew them (but this would require an updated diligent search to be completed). • They cover all types of works. • Sub-licensing is not permitted. • The licence may be granted subject to conditions. • The IPO has the discretion to vary the licence terms during its term. Orphan works licences are not freely transferable. However, the IPO as the authorising body may allow licence transfer where there are compelling reasons to do so. 3.7.2.1.4 Licence application The licence application can only be completed online. Applicants must show that a diligent search for the rights holders in the work has been conducted and they must specify how they intend to use the orphan work. The applicant will also need: • A debit or credit card to pay the application fee, payable at the time of submitting their application and, if the licence application is approved, they will later need their payment card in order to pay the licence fee. • Information about the work, including the title, if there is one, as well as a description of the work, along with details of whether it has been previously published and information about its provenance (i.e. how the applicant came by the work). • Any information they have about right holders. • If the work is a photograph or other piece of still visual art, an image to upload. 3.7.2.1.5 Orphan works licence costs The cost of obtaining a licence consists of two separate and distinct charges: 1 An application fee, which is the fee paid to cover the administrative costs of processing the licence application. This fee is payable at the time when the

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 88

88

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

licence application is submitted. It is non-refundable, regardless of whether or not the licence application is approved. 2 There is then the fee to cover the cost of the licence itself (if the licence application is approved). This will depend upon the nature of the work and the use that is being licensed. The IPO is entitled to charge a ‘reasonable licence fee’ for the licence term and it has worked closely with sectorspecific groups in order to ascertain potential licence fees, as well as looking at the prices charged for using similar non-orphan works in the same way. Table 3.6 Payments due to the IPO on orphan works licences Application fee Method of payment When payment is made

Amount

Licence fee

Credit or debit card using a secure payment process. At the time of submitting the licence application.

Credit or debit card using a secure payment process. Once the licence application has been approved, prior to the licence being issued. The fee structure is tiered Non-commercial licences with a charge for one item have a nominal fee of £0.10 set at £20, or up to 30 items per work. within the same application, Licence fees for commercial where the cost for 30 items use are calculated to take is £80. account of market rates. VAT is payable on licence fees.

3.7.2.1.6 Commercial versus non-commercial use If you apply for ‘non-commercial’ use of an orphan work, you will be able to use that work for any of the uses listed below, as long as the circumstances of your particular use are non-commercial: • • • • • • • •

Free hand-outs for a live event, exhibition or similar. Use in a live event, exhibition or similar. In a newsletter, bulletin, e-newsletter or e-bulletin. In non-commercial promotional material – print and digital. Digitised and made available online, including on social media. Preservation purposes. Use on stage or in performance. Educational purposes – use in learning/ training materials, including elearning. • Use in a thesis/dissertation. • Personal use.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 89

COPYRIGHT

89

The licence fee for non-commercial use is significantly lower than for commercial use, with a set licence fee of 10 pence per work for all non-commercial uses. ‘Commercial use’ covers any use either by individuals or by organisations that makes money from the work, such as selling copies of the work or directly charging for access. The use would be deemed to be commercial whether any charges were intended to make a profit or merely to cover costs. As well as activities that generate revenue, such as merchandising or selling copies of a publication, commercial use would also cover any other uses that are commercial in nature, such as any use in commercial advertising, marketing or promotion activities. Where the use was to promote a free exhibition of which the work was a part, this would not be commercial use, whereas the use of an orphan work, such as a photograph on a poster, to promote or market an exhibition where there was a charge would be commercial. When considering whether a particular use is commercial or not, what matters is whether the use itself is thought to be commercial (where it is aimed at making a profit from the use of the work). It is irrelevant whether or not the applicant is a not-for-profit organisation. There isn’t a flat fee for commercial uses of orphan works. However, Orphan Works: review of the first twelve months (IPO, 2015) gives an indication of the likely costs involved. It refers to seven licences being issued for the commercial use of 35 works at a cost of £7,980.77 excluding VAT. That works out at an average of £228 per work. 3.7.2.1.7 Orphan works register

✒ Useful resource The IPO maintains an orphan works register: www.orphanworkslicensing.service.gov.uk/view-register. It contains details of: • Applications for orphan works licences. • Licences that have been granted. • Applications that have been refused. The register can be used by rights holders wishing to check whether any of their works are being considered as potential orphans or have been licensed for use after the diligent search. However, the onus for finding rights holders is on the potential licensee. The following information is displayed on the register: • Applicant or licensee name. • Applicant or licensee country.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 90

90

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

• • • • • • • • • • • •

Application number. Application date. Status of application. Title or short description. Full description. Category. Type of work. Museum, gallery, library or archive where work held. Publication, broadcast and/or distribution dates. Uses. Known identifiers. Known creators or rights holders.

As the authorising body, the IPO is required to make the register available to the public by electronic means and free of charge. 3.7.2.1.8 Reasons why an orphan works licence may be refused A licence may be refused: • Where the diligent search is inadequate. • Where the IPO considers that the proposed adaptation or use of the work is not appropriate. • Where it would not be in the public interest to grant a licence for that use. • On ‘any other reasonable ground’. In the case of adaptation, this would be relevant where the use involves addition, modification or deletion to the work. It might, for example, involve resizing or cropping a photograph, or recolouring an artwork, and the use might potentially be deemed to be a derogatory use of the work. In the case of inappropriate use, this would cover where the use might be seen as offensive, in poor taste or contentious, having regard to the circumstances of the case. 3.7.2.1.9 Complaints and appeals A rights holder has a right of appeal to the First-Tier Tribunal where it considers that the IPO has acted improperly or failed to comply with its obligations under the regulations. An orphan licensee can appeal to the Copyright Tribunal (whose rules of procedure can be found at https://gov.uk/guidance/copyrighttribunal-applications-procedure) on a number of grounds: • If the IPO refuses to grant a licence.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 91

COPYRIGHT

91

• Because of any conditions imposed by the IPO in connection with the licence that has been granted. • In respect of the licence fee amount. If someone is unhappy with the final response to their complaint and it’s not something that can be appealed to the Copyright Tribunal or the First-Tier Tribunal, they can refer their complaint to the Parliamentary and Health Service Ombudsman. 3.7.2.1.10 Extended collective licensing The collecting societies represent particular groups of rights holders, from whom they have been given a mandate. The problem with orphan works is that by their very nature, there is no-one around to give the collecting society such a mandate. Extended collective licensing is a way of solving this problem, because it means that where a collecting society covers a category of works they are then able to apply to the Secretary of State for the ability to represent all rightsowners of that type of material, unless the rightsowner comes forward and says that they do not want to be represented by that collecting society. In this way a licence can be issued for the use of orphan works by a collecting society, even though they haven’t been given a mandate directly from the rights holder in the orphan work. The Secretary of State can authorise licensing bodies to operate an extended collective licensing scheme. The authorisation is for a period of up to five years and it could be issued subject to conditions: • The authorisation will specify the relevant works to which it applies and the permitted use. • The authorised body will already license content within that category of work and have significant representation within it. • It must have adequate opt-out arrangements. • It must have appropriate means for publicising the scheme and for contacting non-member rights holders. • It will have the informed consent of a substantial proportion of its members to the proposed extended collective licensing scheme. • It will be required to operate in accordance with its code of practice. Collecting societies that have been authorised to operate an extended collective licensing scheme will: • Issue non-exclusive licences. • Charge an administration fee or ‘processing charge’ within the overall licence cost which goes towards the general costs of the licensing society.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 92

92

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

• Distribute monies from the licence fee to rights holders. In order to pave the way for extended collective licensing schemes, legislation was required in order to exonerate organisations offering a scheme from civil and, potentially, criminal liability: • Section 77 of the Enterprise and Regulatory Reform Act 2013 inserts sections 116A–116D into the CDPA 1988 covering orphan works licensing and extended collective licensing. • SI 2014/2588: The Copyright (Extended Collective Licensing) Regulations facilitate the setting up of extended licensing schemes operated by the collective licensing societies which would permit uses of orphan works that would otherwise infringe. 3.7.2.1.11 Retention and application of undistributed licence fees Where the rights owners haven’t been located within three years of the end of the year in which the licence fee was received, the licensing society must pass the net licence fee (after their administration costs) to the designated account of the Secretary of State. Regulation 19 of SI 2014/2588 deals with retention and application of undistributed licence fees. Specifically, Regulation 19(3) says: The Secretary of State must retain any net licence fee, which has not been distributed by the relevant licensing body, for a period of 8 years from the date of authorisation of the Extended Collective Licensing Scheme and may then determine the use of the net licence fee, including, by applying some or all of the net licence fee to fund social, cultural and educational activities for the benefit of non-member right holders. The National Archives, 2018

3.8

Open access

Open access is an alternative to the traditional method of publishing scholarly papers. It refers to the availability of peer-reviewed literature on the internet free of charge, permitting any user to read, download, copy, distribute, print, search or link to the full texts of the articles. With the advent of the world wide web in the early 1990s, the internet opened up the possibility of research being made available and accessible around the world, where the running costs for hosting collections of scholarly papers would be low and where the research can potentially be made available without a charge being made to readers. Authors get the benefit of their research being available to a wider audience and wider access to the research can in turn

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 93

COPYRIGHT

93

lead to much wider research impact. Scholarship is a conversation, but it is one where you can only take part in a full and meaningful way if you know what people are saying – in other words, if you have uninhibited access to the research content that scholars are producing. Authors write for scholarly journals without pay, motivated by a desire to make an impact rather than to make money. The impact factor is measured by the average number of citations that journals get over a two-year window. It is a metric which is entrenched in the evaluation system. Open access challenges the current system whereby research paid for with public funding is only available through expensive paywalls. These paywalls restrict access to what many regard as being a public good. If everyone were to have access to the research without there being any access restrictions, they would potentially be able to share their knowledge, contribute and further develop ideas. Free and unencumbered access democratises research. Some research funders make it a condition of getting a research award that their output is made available on open access. For example, in 2014 the Bill & Melinda Gates Foundation announced that all research that receives full or partial funding from the Foundation is required to submit that research to open access journals. The open access ideal was set out in the landmark 2002 Budapest Open Access Initiative statement (https://www.budapestopenaccessinitiative.org/). In October 2003, the Berlin Declaration on Open Access to Knowledge in the Sciences and Humanities was signed by the Max Planck Society and several other large German and international research organisations. Signatories to the Berlin Declaration agreed to make progress by: • Encouraging their researchers or grant recipients to publish their work according to the principles of open access. • Encouraging cultural institutions to support open access by providing their resources on the internet. • Developing means and ways to evaluate open access contributions in order to maintain the standards of quality assurance and good scientific practice and by advocating that such publications be recognised in promotion and tenure evaluation. Open access can be achieved in one of two ways: 1 Articles are published in open access journals which don’t levy a subscription charge to the user. 2 The articles are deposited in a subject-based or an institutional electronic repository that is accessible from remote locations without any access restrictions.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 94

94

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

There are two distinct types of open access – green access and gold access: • Gold open access makes the final publisher version of an article freely and permanently accessible for everyone, immediately after publication. Copyright for the article is retained by the authors. The publication has a licence intended to maximise reuse, such as CC-BY. Gold OA articles can be published either in fully OA journals (where all the content is published OA) or hybrid journals (a subscription-based journal that offers an OA option which authors can choose if they wish). An additional article processing charge (APC) may be imposed by the publisher. • Green open access (also known as ‘self-archiving’) is the practice of placing a version of an author’s manuscript in a repository, making it freely accessible for everyone. The version that can be deposited into a repository is dependent on the funder or publisher. It is usually the final author version as accepted for publication. The copyright for these articles may sit with the publisher of, or the society affiliated with, the title and there are restrictions as to how the work can be reused. Access may be subject to a publisher embargo period. Universities routinely enter into licence agreements for access to scholarly articles which contain confidentiality clauses preventing disclosure of the price they have paid. This reduces price transparency and runs the risk of institutions paying more as a result. It prevents collective bargaining and helps to maintain an unfair market. Sci-Hub – which is generally thought of as a pirate website – was developed as a reaction against the existence of paywalls. In 2017, there were 150 million downloads of scientific publications on Sci-Hub. In 2015, academic publisher Elsevier filed a legal complaint in New York City against Sci-Hub alleging copyright infringement. The subsequent lawsuit led to a loss of the original scihub.org domain. However, Sci-Hub has used a number of domains, some of which have been blocked in certain countries. Just as with the traditional publishing market, some open access journals are peer-reviewed. This is when the papers are submitted, reviewed, authenticated and finally published. Peer-reviewed open access journals are subject to thorough quality controls, and many are supported by editors who organise the refereeing process. Academic institutions aren’t able to stock all of the journal titles that are relevant to their research staff for a number of reasons which, when considered together, amount to the so-called ‘serials crisis’. The serials crisis was a key driver for the adoption of open access as it emphasised:

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 95

COPYRIGHT

95

• The large number of journals published. • That journal prices increase at a much faster pace than the rate of inflation. • Constraints on library budgets. Financial considerations are, however, not the only driver for the adoption of open access. In fact, one of the main motives is to grant academic peers and scientific collaborators rapid access to discoveries in their same field of study by publishing online. The general principles of open access require authors to grant an irrevocable right for anybody to download, copy, redistribute and view the content that is submitted. Copyright still subsists within the published material so there are important considerations that need to be kept in mind: • Any copying and redistribution of the content should always include the proper attribution to the author. • The author’s moral right of integrity does not permit modification of a work. • The copyright policy would not normally permit printing of the material in large numbers, especially if this was for commercial use, although a suitable number of private printouts is generally permitted.

✒ Useful resource The SHERPA website has drawn together links to the publishers’ copyright and self-archiving policies: http://www.sherpa.ac.uk/romeo/index.php.

✒ Useful resource A useful directory of open access journals can be found at: https://www.doaj.org.

3.8.1 Further information Paywall: the business of scholarship (2018) https://vimeo.com/273358286. cOAlition S: an initiative to make full and immediate open access to research publications a reality. It is built around Plan S, which consists of one target and 10 principles. https://www.scienceeurope.org/coalition-s/.

3.9

Ethical and professional issues and conflicts

Library and information service professionals find themselves in a difficult

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 96

96

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

situation playing the role of ‘piggy in the middle’, acting as guardians of intellectual property whilst at the same time being committed to supporting their users’ needs to gain access to copyright works and the ideas that they contain. CILIP’s Ethical Principles and Code of Professional Practice for Library and Information Professionals (2009) states that information professionals should strive to achieve an appropriate balance within the law, between demands from information users, the need to respect confidentiality, the terms of their employment, the public good and the responsibilities outlined in the Code. It also says that information professionals should defend the legitimate needs and interests of information users, while upholding the moral and legal rights of the creators and distributors of intellectual property. The key point here is that the commitment to providing their users with information has to be tempered by the need to do so within the limits of the law, which includes respecting copyright law. CILIP’s ethical framework (2018, see Appendix 2) which supersedes the earlier set of ethical principles and code of professional practice does not have anything similar for information professionals. However, there is a section entitled ‘CILIP’s commitments’ which lists at C7: ‘the development of balanced and fair open access and copyright systems’. It is not the role of the librarian or information professional to police the copying undertaken by their users on behalf of rights owners. However, librarians should do everything they can to ensure copyright compliance within their organisation. This could, for example, include: • Putting up the CILIP posters next to photocopying machines or publicly accessible computers. • Including guidance about copyright on your intranet. • Developing a set of frequently asked questions (FAQs) about copyright, which cover the activities that users are most likely to wish to undertake. • Making the users of electronic products aware of the key points of the terms and conditions of the licence agreement(s).

3.10

Further information

CILIP 7 Ridgmount Street, London WC1E 7AE Tel: 020 7255 0620 (CILIP Information Services) Website: www.cilip.org.uk E-mail: [email protected] (members only) Copyright Licensing Agency 5th Floor, Shackleton House

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 97

COPYRIGHT

97

4 Battlebridge Lane London SE1 2HX Tel: 020 7400 3100 Fax: 020 7400 3101 E-mail: [email protected] Website: www.cla.co.uk Design Artists Copyright Society 33 Old Bethnal Green Road, London E2 6AA Tel: 020 7336 8811 Website: www.dacs.org.uk European Commission – Digital Single Market: Copyright https://ec.europa.eu/digital-single-market/en/copyright Intellectual Property Office Tel: 0300 300 2000 E-mail: [email protected] Website: www.ipo.gov.uk European IPR helpdesk https://iprhelpdesk.eu (offers free-of-charge, first-line support on IP matters to beneficiaries of EU-funded research projects and EU SMEs involved in transnational partnership agreements). NLA Media Access Mount Pleasant House, Lonsdale Gardens, Tunbridge Wells TN1 1HJ Tel: 01892 525273 E-mail: [email protected] Website: www.nla.co.uk National Archives The National Archives, Kew, Richmond, Surrey TW9 4DU Tel: 020 8876 3444 Website: www.nationalarchives.gov.uk/contact-us Ordnance Survey Explorer House, Adanac Drive, Southampton SO16 0AS Tel: 03456 050505 E-mail: [email protected] Website: https://www.ordnancesurvey.co.uk/forms/contact-form-secure

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 98

98

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

Parliamentary and Health Services Ombudsman Millbank Tower, Millbank, London SW1P 4QP Tel: 0345 015 4033 Email: [email protected] Website: www.ombudsman.org.uk World Intellectual Property Organization 34 chemin des Colombettes, CH-1211 Geneva 20, Switzerland Tel: 0041 22 338 9111 E-mail: [email protected] Website: www.wipo.int IFLA statement on copyright education and copyright literacy, IFLA, 2018. Handbook on copyright and related rights issues for libraries, eIFL.net, 2009.

References CILIP (2009) Ethical Principles and Code of Professional Practice for Library and Information Professionals, https://web.archive.org/web/20120727084349/http://www.cilip.org.uk/ get-involved/policy/ethics/pages/principles.aspx. CILIP (2018) Ethical Framework, https://cdn.ymaws.com/www.cilip.org.uk/resource/resmgr/cilip/policy/ new_ethical_framework/cilip_s_ethical_framework.pdf. The full text of the framework is reproduced in Appendix 2. CILIP (2018) Ethical Framework: clarifying notes, https://cdn.ymaws.com/www.cilip.org.uk/resource/resmgr/cilip/policy/ new_ethical_framework/ethical_framework_clarifying.pdf. HM Treasury (2006) The Gowers Review of Intellectual Property, TSO. IPO (2015) Orphan Works: review of the first twelve months, https://assets.publishing.service.gov.uk/government/uploads/system/ uploads/attachment_data/file/487209/orphan-works-annual-report.pdf. UN (2011) Universal Declaration of Human Rights, http://www.un.org/en/universal-declaration-human-rights/index.html. WTO (1994) Agreement on Trade-Related Aspects of Intellectual Property Rights, https://www.wto.org/english/docs_e/legal_e/27-trips_01_e.htm.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 99

CHAPTER 4

Legal deposit

Contents 4.1 Introduction 4.2 General principles 4.3 Enforcement 4.4 Copyright and use of legal deposit material 4.5 Online defamation 4.6 The future 4.7 Further information References

4.1

Introduction

Legal deposit has existed in English law since 1662. The system of legal deposit helps to ensure that the nation’s published output is collected systematically in order to be able to preserve the material for use by future generations and make it available for readers within the legal deposit libraries (see Figure 4.1). There has been a rapid growth in the publication of material in non-print forms in recent years and unless these forms of publishing are covered by the legal deposit legislation, the danger would be that we might lose an important part of the UK’s national heritage. The legal deposit legislation set out in the Copyright Act 1911 was designed to ensure that the legal deposit libraries received a copy of everything published in the UK. However, by only covering material that was printed in hard copy, the Act ceased to be adequate to ensure the continuation of a comprehensive archive of the nation’s published material. For that reason, a number of people lobbied for the scope of the legislation to be extended to electronic content. This ultimately led to the passing of the Legal Deposit Libraries Act 2003 (LDLA). The Act is merely enabling legislation and requires the Secretary of State to pass subsidiary legislation to bring its provisions into effect. However, no legislation was passed to implement the provisions of the Act with regard to digital content until the Legal Deposit Libraries (Non-Print Works) Regulations 2013: SI 2013/777.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 100

100

4.2

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

General principles

‘Legal deposit’ is the legal requirement for publishers to deposit with the British Library and the five other legal deposit libraries (see Figure 4.1) a single copy of each publication. The system is governed by the LDLA. The Legal Deposit Libraries Bill received British Library Royal Assent on 31 October 2003. The proNational Library of Scotland visions for print publications commenced on National Library of Wales 1 February 2004, with the coming into force Bodleian Library, Oxford of the Legal Deposit Libraries Act Cambridge University Library Trinity College, Dublin (Commencement) Order 2004: SI 2004/130. The provisions relating to non-print works Figure 4.1 Legal deposit libraries came into force on 6 April 2013, with the coming into force of The Legal Deposit Libraries (Non-Print Works) Regulations 2013: SI 2013/777. The 2013 Regulations relate to works published online and works published offline. They do not cover works consisting only or predominantly of a sound recording or film or both; work which contains personal data and which is only made available to a restricted group of persons; nor does it cover a work which was published before the Regulations were made. The DCMS is the relevant government department or principle owner of the Act and they are responsible for legislation in this field. The LDLA sets out a ‘duty to deposit’ under which anyone who publishes in the UK a work to which the Act applies, ‘must, at his own expense, deliver a copy of it to an address specified (generally or in a particular case) by any deposit library entitled to delivery under this section’ (section 1(1) of the Legal Deposit Libraries Act 2003). • Duty on publishers to deposit (sections 1–3). • New and alternative editions – deposit restricted to one edition and one medium (section 2). • Printed publications – carried over with only minor amendments from 1911 Act affecting British Library (section 4) and five other libraries (section 5). • Non-print publications (sections 6–8). • New consequential exceptions to the Copyright Designs and Patents Act 1988 and Copyright and Rights in Databases Regulations 1997 (section 8). • Exemptions from liability for publishers in respect of breach of contract, and infringements of copyright, publication right or database right (section 9). • Exemptions from liability for publishers and libraries for defamation (section 10). • The making of Regulations under the Act relating to Scotland and Wales (section 12).

Figure 4.2 Layout of the Legal Deposit Libraries Act 2003

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 101

LEGAL DEPOSIT

101

4.2.1 Print material The LDLA re-enacted (with minor amendments) the obligation in the Copyright Act 1911 to deposit printed publications in the six legal deposit libraries. A copy of each book or serial or other printed publication which is published in the UK is required to be deposited, free of charge, in the British Library. The copy must be delivered to the British Library within a month of publication and the copy must be of the same quality as the best copies published in the United Kingdom at that time. The British Library Board must provide a receipt for the deposited printed works received. In addition, the other five legal deposit libraries (Figure 4.1) are each entitled to receive, on request, one free copy of any book or other printed publication published in the UK providing that they make a claim in writing within a year of the date of publication. In respect of works that are published in print, the Act applies to: • • • •

Books (including pamphlets, magazines and newspapers). Sheet music or letterpress. Maps, plans, charts or tables. Any part of any such work.

4.2.2 Non-print material The 2003 Act was drafted so that it would be flexible enough to cover the diverse and complex nature of the publishing industry in the 21st century. It ensures that forms of publication developed in the future can be incorporated into legal deposit, without the need to return to primary legislation. The LDLA gives the Secretary of State specific powers to make regulations which will cover the deposit (or harvesting) of publications in different formats. If the work is published in a medium other than print, then the Act only applies if the work is of a ‘prescribed description’ and these descriptions will be specified by regulation. The Legal Deposit Libraries (Non-Print Works) Regulations 2013: SI 2013/777 sets out in regulation 13 the non-print works to which the Act applies. The duty to deliver non-print work under the 2003 Act only applies to work which is published in the United Kingdom. Under the regulations an online work is published in the United Kingdom when: • It is made available to the public from a website with a domain name which relates to the United Kingdom or a place within the United Kingdom; or • It is made available to the public by a person and any of that person’s activities in relation to the creation or publication of the work take place within the United Kingdom.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 102

102

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

One of the key considerations borne in mind when extending the scope of legal deposit to cover digital content was the potential costs to business of the Regulations as drafted, in order to ensure that the cost of deposit to publishers should not be disproportionate to the public benefit of deposit, as required under the LDLA. An impact assessment was produced: https://www. legislation.gov.uk/ukia/2013/1166/pdfs/ukia_20131166_en.pdf. The impact assessment states that: … publishers depositing works will be potentially giving up part of their prerogative under copyright to exploit works and benefit from the investment they have made in them. To minimise this loss access to all archived copies would be limited to the physical premises of the deposit libraries and to a certain number of people at any one time. For particularly high value/low volume publications embargoes could be agreed for a period of time. In addition, publishers can save money by substituting more costly print formats for less costly online non-print formats. If one takes an international perspective and looks at the legal deposit laws of other countries, there are broadly speaking three potential options for a policy on access to the material gathered from websites under legal deposit. These are: 1 A ‘dark archive’. This is where the material is collected but is not made accessible, or at least not until an embargo period is over. 2 White or ‘open’ archive. This is where the material is entirely open to the public. 3 ‘Grey archive’. This provides controlled access to the content under certain conditions. There may be legal reasons why access is denied: • • • •

Access could be restricted where a court order demands it. The publication in question may incite racial hatred. It might incite terrorism. Defamatory content.

4.3

Enforcement

Section 3 of the LDLA sets out the provisions regarding enforcement. If a publisher fails to deposit, the library will be able to apply to the county court (or to the sheriff court in Scotland) for an order requiring deposit. In those instances where such an order would not be effective or appropriate, the court

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 103

LEGAL DEPOSIT

103

may make an order requiring the publisher to make a payment of not more than the cost of making good the failure to comply.

4.4

Copyright and use of legal deposit material

Section 7 of the LDLA provides that the libraries, persons acting on their behalf and readers may not do certain activities unless authorised by regulations. These activities are: • • • • • •

Using the material. Copying it. Adapting any accompanying computer program or database. Lending it to a third party. Transferring it to a third party. Disposing of it.

The regulations may in particular make provision for the purposes for which the deposited material may be used; the time at which readers may first use the material (thereby allowing embargoes to be established); and the description of readers that may use the material at any one time (which will enable cross-library limits to be imposed if there is a secure network, in addition to limiting the number of people that may access the material simultaneously in any particular library). The LDLA inserts section 44A into the CDPA. It additionally inserts a new exception to database right into the Copyright and Rights in Databases Regulations 1997: SI 1997/3032 in respect of activities permitted by regulations made under section 7. (1) Copyright is not infringed by the copying of a work from the internet by a deposit library or person acting on its behalf if– (a) the work is of a description prescribed by regulations under section 10(5) of the 2003 Act, (b) its publication on the internet, or a person publishing it there, is connected with the United Kingdom in a manner so prescribed, and (c) the copying is done in accordance with any conditions so prescribed. (2) Copyright is not infringed by the doing of anything in relation to relevant material permitted to be done under regulations under section 7 of the 2003 Act. (3) The Secretary of State may by regulations make provision excluding, in relation to prescribed activities done in relation to relevant material, the application of such of the provisions of this Chapter as are prescribed. (4) Regulations under subsection (3) may in particular make provision prescribing activities–

Figure 4.3 CDPA Section 44A: Legal deposit libraries

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 104

104

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

(a) done for a prescribed purpose, (b) done by prescribed descriptions of reader, (c) done in relation to prescribed descriptions of relevant material, (d) done other than in accordance with prescribed conditions. (5) Regulations under this section may make different provision for different purposes. (6) Regulations under this section shall be made by statutory instrument which shall be subject to annulment in pursuance of a resolution of either House of Parliament. (7) In this section(a) ‘the 2003 Act’ means the Legal Deposit Libraries Act 2003; (b) ‘deposit library’, ‘reader’ and ‘relevant material’ have the same meaning as in section 7 of the 2003 Act; (c) ‘prescribed’ means prescribed by regulations made by the Secretary of State. (www.legislation.gov.uk/ukpga/1988/48/section/44A)

Figure 4.3 Continued

4.5

Online defamation

Section 10 of the LDLA provides that any liability of the deposit libraries for defamation resulting from prescribed activities relating to deposited works will arise only where they know or ought to know that the material is defamatory and have had a reasonable opportunity to prevent activities giving rise to the claims for defamation. Section 10(1) of the Act says: A deposit library, or a person acting on its behalf, is not liable in damages, or subject to any criminal liability, for defamation arising out of the doing by a relevant person of an activity listed in section 7(2) in relation to a copy of a work delivered under section 1. https://www.legislation.gov.uk/ukpga/2003/28/section/10

4.6

The future

In order to collect the cultural and intellectual outputs of the UK for posterity, the British Library needs to be aware of all digital publications and any perceived trends and changes. They ‘have recently identified what have been termed “emerging formats”, where failure to collect and preserve content could result in a significant loss of the UK’s published record in that there is no print equivalent in whole or in part’ (Akeroyd et al., 2017). In particular, the following have been identified: • ‘Book Apps’. • Interactive narratives (books which enable the reader to interact with the ‘story’ as they go along, so that the narrative can be tailored or customised to suit the reader’s wishes).

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 105

LEGAL DEPOSIT

105

• Structured data (large structured sets of persistent data usually associated with software to update and query the data).

4.7

Further information

DCMS (2013) Guidance on the Legal Deposit Libraries (Non-Print Works) Regulations 2013. Digital Preservation Coalition (2017) Non-Print Legal Deposit Digital Preservation Review: Final Report. Gooding, P., Terras, M. and Berube, L. (2018) Legal Deposit Web Archives and the Digital Humanities: a universe of lost opportunity?, Digital Humanities 2018, Mexico City, Mexico, 26–29 June 2018, 590–592. http://eprints.gla.ac.uk/168229/.

References Akeroyd, J., Canty, N. and Watkinson, A. (2017) Research to Support the British Library’s Work on ‘Emerging Formats’, CIBER Research.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 106

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 107

CHAPTER 5

Breach of confidence

Contents 5.1 5.2 5.3 5.4 5.5

General principles Obligation of confidence and the Freedom of Information Act Remedies Trade secrets Case law on breach of confidence

5.1

General principles

The common law tort of breach of confidence deals with unauthorised use or disclosure of certain types of information and provides protection for that information to be kept secret. This branch of the law is based upon the principle that a person who has obtained information in confidence should not take unfair advantage of it. The main means used to achieve this is the interim injunction (interdict in Scotland), which is an order of the court directing a party to refrain from disclosing the confidential information. A document may be considered confidential where there is: • An obligation of non-disclosure within a particular document. • A duty in certain papers involving professional relationships. • A duty of confidence, which arises where a reasonable individual may determine that a document contains confidential material. Breach of confidence is most commonly used to prevent publication of private material. The law protects confidential information from unauthorised disclosure and an injunction may be granted unless you can show that the publication is in the public interest, usually by exposing some wrongdoing. The injunction can in extreme circumstances be against the whole world, such as the injunction granted to protect the new identities of the killers of James Bulger. In the James Bulger case, Dame Elizabeth Butler-Sloss gave the killers of James Bulger the right to privacy throughout their life. The media were already prevented from publishing their identities as a result of information obtained from those who owed the pair a duty of confidence, such as police officers and

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 108

108

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

probation service officials. But Dame Elizabeth went further and said the pair had an absolute right to privacy. In another legal case from May 2003, the child killer Mary Bell and her daughter won a high court injunction guaranteeing them lifelong anonymity. There are three elements of a breach of confidence. In Coco v. Clark [1969] RPC 41, Mr Justice Megarry said: 1 The information must have ‘the necessary quality of confidence’ – namely, it must not be something which is public property and public knowledge. 2 The information must have been imparted in circumstances imposing an obligation of confidence. 3 There must be an unauthorised use of that information to the detriment of the party communicating it. If someone wishes to seek redress for disclosure of confidential information, then each of these elements must be present. Furthermore: 1 Companies use breach of confidence to protect sensitive commercial information and trade secrets. 2 Governments use breach of confidence to protect information they regard as secret. 3 Individuals use it for the same purpose and also to protect their privacy. The duty of confidence is, as a general rule, also imposed on a third party who is in possession of information that they know is subject to an obligation of confidence (see Section 5.5 – Prince Albert v. Strange and Duchess of Argyll v. Duke of Argyll). If this were not the law, the right would be of little practical value. There would, for example, be no point in imposing a duty of confidence in respect of the secrets of the marital bed if newspapers were free to publish those secrets when they were betrayed to them by the unfaithful partner in the marriage. Similarly, when trade secrets are betrayed by a confidant to a third party, it is usually the third party who is to exploit the information, and it is the activity of the third party that must be stopped in order to protect the owner of the trade secret. The use of breach of confidence by individuals wishing to protect their privacy was boosted by the implementation of the ECHR in UK law through the Human Rights Act 1998 (HRA), which gives individuals a right to privacy. People have a right to a private life (Article 8 of the ECHR). They also have a right to freedom of expression (Article 10 of the ECHR). These rights will regularly compete with one another, but neither of them are absolute rights. UK governments have tended to support self-regulation as the best possible form of

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 109

BREACH OF CONFIDENCE

109

regulation for the press and as the best possible way of balancing those sometimes conflicting demands.

Kaye v. Robertson [1991] F.S.R 62 A reporter and a photographer tricked their way into the private hospital room of the actor Gorden Kaye who was lying there semi-conscious (he had been injured after a tree fell onto his car during the Burns Day storms of 1990). They did so in order to ‘interview’ and photograph him. The court held that there was no actionable right to privacy in English law and that no breach of confidence had taken place because there wasn’t a recognised relationship between Mr Kaye and the journalists (such as that between a doctor and his patient), which could be used in order to impose an obligation to keep confidential what Mr Kaye had said. This case might be seen as the low-point in the laws of privacy and breach of confidence, but since that time a lot has happened with the implementation of the HRA and case law, which has further refined and developed the laws relating to privacy and breach of confidence. Indeed, for a ‘breach of confidence’ action to succeed, there is no longer a need for there to be a confidential relationship.

5.2

Obligation of confidence and the Freedom of Information Act

Section 41 of the Freedom of Information Act 2000 (FOIA) provides for an exemption for information provided in confidence. With the exemption, the duty to confirm or deny does not arise if, or to the extent that, the confirmation or denial that would have to be given in order to comply would constitute an actionable breach of confidence. There are two components to the exemption: 1 The information must have been obtained by the public authority from another person. A person may be an individual, a company, a local authority or any other ‘legal entity’. The exemption does not cover information that the public authority has generated itself, although another exemption may apply. 2 Disclosure of the information would give rise to an actionable breach of confidence. In other words, if the public authority disclosed the information, the provider or a third party could take the authority to court. For the precise wording of this exemption see Figure 5.1. There is guidance available on the exemption for information provided in confidence from the Information Commissioner (Information provided in confidence (section 41), ICO, 2017, https://ico.org.uk/media/for-organisations/ documents/1432163/information-provided-in-confidence-section-41.pdf).

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 110

110

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

41. (1) Information is exempt information if– (a) it was obtained by the public authority from any other person (including another public authority), and (b) the disclosure of the information to the public (otherwise than under this Act) by the public authority holding it would constitute a breach of confidence actionable by that or any other person. (2) The duty to confirm or deny does not arise if, or to the extent that, the confirmation or denial that would have to be given to comply with section 1(1)(a) would (apart from this Act) constitute an actionable breach of confidence.

Figure 5.1 Freedom of Information Act 2000, section 41 exemption

This exemption qualifies the right of access under the Act by reference to the common law action for ‘breach of confidence’. According to that action, if a person who holds information is under a duty to keep that information confidential, there will be a ‘breach of confidence’ if that person makes an unauthorised disclosure of the information. The concept of ‘breach of confidence’ has its roots in the notion that a person who agrees to keep information confidential should be obliged to respect that confidence. However, the law has now extended beyond this: the courts recognise that a duty of confidence may also arise due to the confidential nature of the information itself or the circumstances in which it was obtained. The concept of ‘breach of confidence’ recognises that unauthorised disclosure of confidential information may cause substantial harm. The law protects these interests by requiring the information to be kept confidential: if information is disclosed in breach of a duty of confidence, the courts may award damages (or another remedy) to the person whose interests were protected by the duty. The section 45 code of practice (ICO, 2018) contains guidance on freedom of information and confidentiality obligations. Paragraph 67 states that ‘It is common for contracts involving non-public authority contractors to contain confidentiality clauses, restricting the disclosure of contract terms, value and performance details. However, FOIA places limits on the enforceability of these clauses’. Indeed, the guidance points out that public authorities are not able to contract their way out of their obligations under the FOIA. Paragraph 69 of the guidance says that ‘When a public authority enters into a contract, it should let the other party know before the contract is drawn up that part or all of the contract may need to be disclosed if a request under FOIA is received’. Simply because information has been provided in confidence it does not automatically follow that the information will be exempt under section 41 of the FOIA. In some cases, the disclosure of information pursuant to a request may affect the legal rights of a third party – for example, where information is subject to the

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 111

BREACH OF CONFIDENCE

111

common law duty of confidence or where it constitutes ‘personal data’ within the meaning of the Data Protection Act 2018 (DPA). Public authorities must always remember that, unless an exemption provided for in the DPA applies in relation to any particular information, they will be obliged to disclose that information in response to a request. A public authority should only accept information from third parties in confidence if it is necessary to obtain that information in connection with the exercise of any of the authority’s functions and it would not otherwise be provided. Acceptance of any confidentiality provisions must be for good reasons, capable of being justified to the Information Commissioner.

5.3

Remedies

The main means of ensuring that information obtained in confidence is not unfairly taken advantage of is the use of an injunction (interdict in Scotland). A prohibitory injunction can be used in order to direct the party to refrain from disclosing the information. There are several remedies available to the courts: • • • •

Fines. Court order to reveal source. Court order that a confidential matter be ‘delivered up’ or destroyed. Account for the profits where a person misusing confidential information may be asked to account to the person who confided the information. • Damages claim by the person whose confidences have been breached in the publication of confidential material. • Contempt of court action where injunction/interdict is breached.

5.4

Trade secrets

Trade secrets take the form of a wide range of information types. They can, for example, include: • • • •

Commercial data such as customer information. Business plans and market strategies. Technological information such as process know-how. Product information such as the formulas for recipes, ingredients and manufacturing techniques and methods.

Unlike patents, trade marks, designs and copyright, trade secrets have no expiry date. Provided that you are able to prevent the information from leaking out, they can in theory last for many years – decades or even centuries. A key benefit of a trade secret is that there is no legal obligation to disclose information, whereas patents, trade marks and designs can be viewed by the

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 112

112

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

public. In the case of a patent, for example, whilst it is possible to legally prevent others from copying the work, it does not prevent them from looking at the specification and trying to work around it. Trade secrets are protected in the UK by the law of confidence. The unlawful acquisition, use or disclosure of a trade secret would give rise to a civil action for breach of confidence. The Trade Secrets (Enforcement, etc.) Regulations 2018: SI 2018/597 implement provisions from the European Union’s trade secrets Directive (2016/943) on the protection of undisclosed know-how and business information (trade secrets) against their unlawful acquisition, use and disclosure. The Intellectual Property Office took the view that most of the substantive provisions of the Directive already existed in UK law. The 2018 Regulations are therefore concerned primarily with limitation and prescription periods, procedural issues and remedies. Regulation 2 defines ‘trade secret’ as: … information which – (a) is secret in the sense that it is not, as a body or in the precise configuration and assembly of its components, generally known among or readily accessible to, persons within the circles that normally deal with the kind of information in question, (b) has commercial value because it is secret, and (c) has been subject to reasonable steps under the circumstances, by the person lawfully in control of the information, to keep it secret. Regulation 2 defines an ‘infringer’ as ‘a person who has unlawfully acquired, used or disclosed a trade secret’. The definition does not spell out that this refers to a natural or legal person. However, the definition does include a body of persons corporate or unincorporated by virtue of the Interpretation Act 1978. Regulation 3(1) says that ‘the acquisition, use or disclosure of a trade secret is unlawful where the acquisition, use or disclosure constitutes a breach of confidence in confidential information’. In order to limit the risks of a trade secret being leaked, it is important to avoid sharing the information with other people as far as possible, and where it is necessary to share the information with others, to use a non-disclosure agreement because this type of agreement is legally binding and legal action could be taken if the other party were to disclose any of the information.

5.5

Case law on breach of confidence

Prince Albert v. Strange ChD 8 February 1849 – Etchings and drawings by Queen Victoria and Prince Albert were obtained by a person named Brown. A public

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 113

BREACH OF CONFIDENCE

113

viewing of the etchings was scheduled. An injunction restraining publication of a catalogue listing of the sketches was granted by the court. William Strange, a printer and publisher, wanted to print them in a popular magazine and an injunction prohibiting publication was taken out. Lord Cottenham agreed that there was a right of privacy in property and that the defendant had no right to use and publish them even if he had acquired copies of the works. Duchess of Argyll v. Duke of Argyll [1967] Ch 302 – This case concerns the marital relationship. The Duke and Duchess got divorced and the Duke was in need of ready money. The Duchess obtained an injunction against the revelation of marital confidences, thereby preventing the Duke from selling his story of their married life to the press. The marital bond implies confidentiality. Attorney General v. Observer Ltd [1990] – Known more commonly as the Spycatcher case. Peter Wright, the author of the book ‘Spycatcher’, signed the Official Secrets Act 1911 when he worked for British intelligence. The information in the book was no longer operationally sensitive, but his obligation was supposed to be for life and was therefore enforced, which would have meant recall of all copies of the book. This decision was influenced by the fact that the author had an outstanding pension dispute with the British government. This implied that publication was for personal gain as much if not more than for public interest. A duty of confidence precludes disclosure to others. If a third party (such as a newspaper) were to obtain the confidential information, they too would be similarly bound by the duty of confidence if they knew that it was confidential. This would be the case unless the confidential information was already known to the general public or if the duty to keep the information secret was outweighed by a public interest in the information being released. Coco v. A N Clark (Engineers) Ltd [1969] RPC 41; [1968] FSR 415 – This case concerned the invention of a motorcycle engine. It was offered to a firm for a manufacturing agreement without the protection of a patent. Coco offered his prototype to Clark’s firm to manufacture – they said ‘no’ and then brought out a model with a very similar engine. Coco alleged the design was copied and brought a motion for an interlocutory injunction to prevent the defendants from being able to misuse the information that had been communicated to them in confidence. This was a key case and the essential features required for a judgment of breach of confidence were spelled out: 1 Information must be of a confidential nature; 2 Must be imparted in circumstances that imply obligation of confidence; and 3 Unauthorised use of the information is to the disadvantage of the originator.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 114

114

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

The court further laid down that: • Confidentiality could not arise in respect of information which was generally accessible. • Confidentiality could not apply to useless or trivial information. • The public interest in confidentiality could be outweighed by some other countervailing public interest.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 115

CHAPTER 6

Contracts and licensing agreements

Contents 6.1 General principles 6.2 Negotiating licences 6.3 Consortia and standard licences 6.4 Technology solutions 6.5 Use of passwords for licensed products 6.6 Further information References

6.1

General principles

Information professionals need to be able to negotiate licence agreements with information providers, because licences are the means by which access to digital information products is usually controlled. Information professionals are in the business of providing access to information. They also have an obligation to respect the moral and legal rights of the creators and distributors of intellectual property. Some would argue that copyright exceptions and limitations have been rendered practically meaningless in the digital arena. How, for example, are the limitations and exceptions to be applied in the digital environment in view of the widespread deployment of technological protection measures? The exceptions available under the CDPA are extremely limited in scope. To get around these limitations, information professionals are increasingly turning to licences as the means of providing access to works. Licences are binding on both parties. They are governed by the law of contract and enable information professionals to reach agreement with rights holders to permit their users to have access to electronic information services, such as online databases, ejournals, or websites, in ways that meet their users’ needs. It is important to point out that a licence does not confer ownership rights. It merely specifies the conditions upon which databases and other copyright works can be used and exploited and by whom. There needs to be a mindshift from ownership to leasing. Licensees are merely provided with access to content for a limited period of time. Typically, the licences that information professionals

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 116

116

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

negotiate are non-exclusive, granting the same rights to many different users. Where there is a contract, a licence or a set of terms and conditions in place this will normally override copyright law. There isn’t a clause in the CDPA 1988 (as amended) which comprehensively protects all of the copyright exceptions and which applies in all circumstances. There are instead a number of instances where specific exceptions are accompanied by wording along the lines of: To the extent that a term of a contract purports to prevent or restrict the making of a copy which, by virtue of this paragraph, would not infringe any right conferred by this Chapter, that term is unenforceable. Substantially the same form of words appears for several copyright exceptions, following changes that were made in 2014. These include (but aren’t limited to) the following: • Section 29A(5): Copies for text and data analysis for non-commercial research. • Section 30(4): Quotation. • Section 30A(2): Caricature, parody or pastiche. • Section 31F(8) says that there is a no contractual override provision for each of the following: — Section 31A: Disabled persons: copies of works for personal use. — Section 31B: Making, communicating, making available, distributing or lending of accessible copies by authorised bodies. — Section 31BA: Making, communicating, making available, distributing or lending of intermediate copies by authorised bodies. • Section 32(3): Illustration for instruction. • Section 41(5): Copying by librarians: supply of single copies to other libraries. • Section 42(7): Copying by librarians, etc: replacement copies of works. • Section 42A(6): Copying by librarians: single copies of published works. • Section 75(2): Recording of broadcast for archival purposes. Two instances of where the permitted acts cannot be overridden by a contract can be traced back to European directives (the database Directive 96/9/EC and the software Directive 2009/24/EC). Databases: The Copyright and Rights in Databases Regulations 1997: SI 1997:3032 (http://www.legislation.gov.uk/uksi/1997/3032/contents/made) implemented the database Directive in the UK. Regulation 19 says:

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 117

CONTRACTS AND LICENSING AGREEMENTS

117

Avoidance of certain terms affecting lawful users 19. – (1) A lawful user of a database which has been made available to the public in any manner shall be entitled to extract or re-utilize insubstantial parts of the contents of the database for any purpose. (2) Where under an agreement a person has a right to use a database, or part of a database, which has been made available to the public in any manner, any term or condition in the agreement shall be void in so far as it purports to prevent that person from extracting or re-utilizing insubstantial parts of the contents of the database, or of that part of the database, for any purpose. Software: Another place in the legislation where copyright cannot be overridden by a contract is with regard to software. The Copyright (Computer Programs) Regulations 1992: SI 1992/3233 implemented Directive 91/250/EEC (which was subsequently codified into Directive 2009/24/EC) and inserted section 50A into the CDPA 1988. Section 50A of the CDPA 1988 says: 50A.—(1) It is not an infringement of copyright for a lawful user of a copy of a computer program to make any back up copy of it which it is necessary for him to have for the purposes of his lawful use. (2) For the purposes of this section and sections 50B, 50BA and 50C a person is a lawful user of a computer program if (whether under a licence to do any acts restricted by the copyright in the program or otherwise), he has a right to use the program. (3) Where an act is permitted under this section, it is irrelevant whether or not there exists any term or condition in an agreement which purports to prohibit or restrict the act (such terms being, by virtue of section 296A, void). There are similar provisions preventing contract override for the following software exceptions: • Section 50B(4): Decompilation. • Section 50BA(2): Observing, studying and testing of computer programs. • Section 50D(2:) Acts permitted in relation to databases.

Copying and use of extracts of works by educational establishments One of the copyright exceptions relating to education also has a no contract override clause. Section 36(7) of the CDPA (Copying and use of extracts of works by educational establishments) says:

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 118

118

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

The terms of a licence granted to an educational establishment authorising acts permitted by this section are of no effect so far as they purport to restrict the proportion of a work which may be copied (whether on payment or free of charge) to less than that which would be permitted by this section. This particular exception is of limited value because: • It is only available for use by educational establishments. • It only covers acts for which there is no licence available to authorise the copying in question. • It only permits copying of no more than 5% of a work within any period of 12 months.

6.2

Negotiating licences TIP: It may sound trite to say it, but it is important to read the licence terms thoroughly. When one receives a licence for signature, rather than automatically signing the agreement this should be viewed as the starting point of a negotiation process.

There are some instances, though, where there is no scope for negotiation – such as ‘click-through’ or ‘shrink-wrap’ licences. There are also instances where websites display a set of terms and conditions without requiring the user to click on an ‘I agree’ button before gaining access to the contents of the site. In such instances, the question arises as to whether or not the user has entered into an enforceable contract.

✒ Useful resource The Electronic Frontier Foundation has produced The Clicks That Bind: ways users ‘agree’ to online terms of service (Bayley, 2009), which sets out best practice for click-wrap agreements intending to create a contractual relationship. Information professionals do need to be extremely careful when signing licence agreements. It would be wrong to assume that if an agreement contains terms you consider to be unfair that the courts would overturn it. There are very limited circumstances in which the courts would overturn an unfair contract term. Under the Unfair Contract Terms Act 1977 (http://www.legislation. gov.uk/ukpga/1977/50/contents), a person cannot exclude or restrict their

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 119

CONTRACTS AND LICENSING AGREEMENTS

119

liability for the death or personal injury resulting from negligence. They can exclude or restrict liability for other loss or damage resulting from negligence but only if the exclusion clauses satisfy a test of reasonableness. It would be for the party seeking to impose a contract term to demonstrate to the court that it was reasonable, should they be challenged. In any case, the Unfair Contract Terms Act 1977 specifically excludes any form of intellectual property rights from its main provisions. Schedule 1 to the Act says that as far as the following sections are concerned, they do not apply to any contract so far as it relates to the creation or transfer of a right or interest in any patent, trade mark, copyright or design right; any registered design, technical or commercial information or other intellectual property; or the termination of any such right or interest: • • • •

Section 2: Negligence liability. Section 3: Liability arising in contract. Section 4: Unreasonable indemnity clauses. Section 7: Miscellaneous contracts under which goods pass.

In the Court of Appeal ruling in Watford Electronics v. Sanderson [2001] EWCA Civ 317, paragraph 55 (www.bailii.org/ew/cases/EWCA/Civ/2001/317.html), Lord Justice Chadwick said that the courts should be reluctant to interfere in contractual relationships where each party has freely entered into a contract and where each party enjoys reasonably equal bargaining power: Where experienced businessmen representing substantial companies of equal bargaining power negotiate an agreement, they may be taken to have had regard to the matters known to them. They should, in my view, be taken to be the best judge of the commercial fairness of the agreement which they have made; including the fairness of each of the terms in that agreement. They should be taken to be the best judge on the question whether the terms of the agreement are reasonable. The court should not assume that either is likely to commit his company to an agreement which he thinks is unfair, or which he thinks includes unreasonable terms. Unless satisfied that one party has, in effect, taken unfair advantage of the other – or that a term is so unreasonable that it cannot properly have been understood or considered – the court should not interfere. TIP: It is essential that you read and understand the whole agreement. You cannot get out of contractual terms on the basis that you didn’t read that particular term. For example, the licence agreement might be 13 pages long, but unless

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 120

120

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

you spend time reading it in detail you won’t spot that on page 8 it makes clear that the agreement automatically renews unless you give 3 months’ notice of your intention to terminate the agreement. In these instances, you might want to consider handing in the signed agreement and the cancellation notice at the same time, in order to have maximum flexibility at the time when the licence agreement is due for renewal. But this will not always be the best approach (see below). TIP: Using the technique of submitting a cancellation notice along with the signed agreement as a way of avoiding automatic renewal will not always be in your best interests and can actually turn out to be a costly mistake. Consider the following scenario: The licence in question relates to an online product that you have been subscribing to for several years. In the intervening time between the date on which you initially took out a subscription and the present day, the vendor has changed the wording of the licence that they now use. If you were to cancel the contract and subsequently take out a new subscription, it turns out to be a costly mistake because the licence now includes a much higher minimum monthly subscription fee than the one specified in the contract that you cancelled. In other words, while it will normally be to your advantage to prevent contracts from auto-renewing, there are some occasions on which you are financially better off remembering not to trigger a contract cancellation to avoid auto-renewal. You also need to be careful about signing a licence agreement if there is anything that you don’t fully understand (see Figure 6.1 for a typical structure found in licence agreements, as well as some of the key legal terms used). It is no defence to say that the agreement is invalid because you didn’t understand a particular clause. If there is something that you don’t understand, ask the supplier for clarification or, if you have one, refer it to your in-house legal team. Licence agreements are often written in technical language or ‘legalese’ and can therefore seem quite intimidating and difficult for the layman to understand. It is worth reading through a few standard licence agreements (such as the ones at www.licensingmodels.com) in order to become familiar with the layout of licences used for online products. If you want a vendor to insert a clause, or if you want an existing clause to be reworded, it is well worth looking at:

✒ Useful resource Analysis of 100 contracts offered to the British Library (https://web.archive.org/web/20130116053450/http://pressandpolicy.bl.uk/I mageLibrary/detail.aspx?MediaDetailsID=691): The BL examined 100

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 121

CONTRACTS AND LICENSING AGREEMENTS

121

licences that had been offered to them and matched them against seven criteria: 1. 2. 3. 4. 5. 6. 7.

Archiving. Printing. Downloading and electronic copying. Fair dealing. Visually impaired. Inter-library loan. Exceptions (does the licence cross refer to any exception in UK law or that of another jurisdiction?).

What is especially useful is that the precise form of words found in the contracts is reproduced in the British Library document. This is a valuable resource because you might be able to find a form of words which expresses precisely what you want to achieve on a particular issue.

TIP: Keep all documentation from the negotiation process: negotiations can sometimes be quite lengthy and involve discussion over very specific points. Where this is the case, there is likely to be a certain amount of correspondence in the form of letters and e-mails that relates to the licence and this should be kept on file. You might, for example, have asked for clarification on access restrictions, service content or acceptable download limits. You might have sought clarification on whether the definition of authorised users enables you to send information from the online service to your clients; or to staff in your overseas offices. You might even have managed to negotiate a special deal with your account manager, which will give you the option of renewing the service at the same rate as for the current subscription period. It is essential to retain all this documentation, not just the licence. Even where the clarification was given orally, you should keep a written record. You don’t want to rely solely on staff working for the information provider being aware of what has been agreed, because having everything carefully documented will come in extremely useful if your account manager moves on to another job or if a dispute arises. There are several documents on licensing matters which information professionals will find particularly helpful when negotiating licences.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 122

122

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

✒ Useful resources In May 2001, the International Federation of Library Associations (IFLA) approved a set of licensing principles (https://www.ifla.org/publications/iflalicensing-principles-2001) which should prevail in the contractual relationship and written contracts between libraries and information providers. These principles touch upon aspects such as the applicable law, access, usage, users and pricing. The European Bureau of Library, Information and Documentation Associations (EBLIDA) has published a helpful guide entitled Licensing Digital Resources: how to avoid the legal pitfalls (Giavarra, 2001) which is full of practical tips and advice: www.eblida.org/Activities/Publication/Licensing_digital_resources.pdf. Negotiating Licenses for Digital Resources by Fiona Durrant, 2006, Facet Publishing. Finally, it is worth mentioning Lesley Ellen Harris’s book Licensing Digital Content: a practical guide for librarians, 3rd edn, 2018, ALA Editions. Parties: The full contractual names of the parties to the licence. Key definitions: Essential terms are defined (e.g. Authorised Users, Licensed Materials, Library Premises, Secure Network, Term, Permitted Purpose, Licence Fee, Intellectual Property, etc.). Services: Description of the material to be licensed. This is also likely to explain how the form and content may change during the contract period, particularly if the provider is an information aggregator who is reliant on data from a range of publishers. However, you should check carefully how you will be told about any changes and whether you are happy with those arrangements. Usage rights and prohibited uses: Sets out precisely what authorised users are entitled to do with the licensed materials such as access, use, display, download, print; and any restrictions on their use such as removing copyright notices or altering, adapting or modifying the licensed materials. Warranties and indemnities: It is essential that the licence contains a warranty confirming that the licensor has the legal right to license use of the copyright material and that this does not infringe any third party IPRs. The warranty should also be backed up by an indemnity to this effect. Term and termination: Sets out the subscription period and the conditions under which either party can terminate the licence. Force majeure: This ‘Act of God’ clause excuses the supplier for circumstances beyond its reasonable control (such as riot, war, flood, etc.). Legal jurisdiction and dispute resolution: This clause makes clear which law governs interpretation of the licence and any arrangements for the resolution of disputes. Fees and payment: The subscription price, payment arrangements and details of any other charges, such as taxes. Assignment: Whether or not the licence is transferable, either by the licensor or by yourself to another third party. Schedules: There may be one or more schedules appended to the main licence agreement setting out additional terms and conditions.

Figure 6.1 Contract clauses

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 123

CONTRACTS AND LICENSING AGREEMENTS

123

There are a number of key issues that need to be considered when you negotiate a licence for an information product. These include: 1 Applicable law: This should preferably be the national law of where your organisation is located. If you were based in the UK, for example, you would not want the applicable law to be that of a state in the USA, otherwise if there is a problem relating to the interpretation of your licence, you could end up having to travel to a US court in order to plead your case. 2 Ensure that statutory rights are recognised: To avoid any doubt, the licence should contain a term which explicitly acknowledges that nothing in the licence prevents the licensee from dealing with the licensed materials in ways which are expressly permitted by statute: TIP: This agreement is without prejudice to any acts which the licensee is permitted to carry out by the terms of the Copyright, Designs and Patents Act 1988 and nothing herein shall be construed as affecting or diminishing such permitted acts in any way whatsoever. 3 Perpetual access to the licensed material: When libraries subscribe to a journal in hard copy, even if they cancel their subscription, they still have the back issues available for future reference. This is not automatically the case with electronic products. Are there any arrangements outlined in the licence agreement for perpetual access? Does it, for example, have a clause along the lines that ‘on termination of this licence, the publisher shall provide continuing access for authorised users to that part of the licensed materials which was published and paid for within the subscription period’? Both publishers and the users of their services have tried to come up with solutions to this issue. For example, the site licence policy of some publishers provides customers with post-cancellation rights to content associated with their licensed publications, subject to payment of an annual access fee. The UK LOCKSS Alliance is a cooperative activity of UK libraries that are committed to identify, negotiate and build local archives of material that librarians and academic scholars deem significant (http://www.lockssalliance.ac.uk). LOCKSS (http://lockss.org) – ‘Lots of Copies Keep Stuff Safe’ – is a low cost system that preserves access to a library’s online journals in a local ‘LOCKSS box’ in a manner acceptable to publishers. 4 Warranties and indemnities: The licence should contain a clear warranty that the publisher/licensor is the owner of the intellectual property rights in the licensed material and/or that they have the authority to grant the

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 124

124

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

licence. This helps to protect the library against an author who subsequently claims that they are the real owner of the intellectual property rights; or against claims from a new owner that you have to buy a fresh licence from them. It is also common to have a clause that the licence will not be assigned to a third party without the agreement of the licensee. Indemnities back up a warranty with a promise to insure or compensate the other party against losses and expenses arising from a breach of the warranty. The licence should indemnify the library against any action by a third party over the intellectual property rights that are being licensed. This indemnity should cover all of the losses, damages, costs and expenses that are incurred, including legal expenses, on a full indemnity basis. Having in place warranties and indemnities relating to the information provider having the right to license your use of the intellectual property is very important. There have been several legal cases in which people took out a licence with the wrong person: • Retail Systems Technology v. Mcguire [2007] IEHC 13 (2 February 2007). • Lady Anne Tennant v. Associated Newspapers [1979] FSR 298 (involving the Daily Mail’s use of photographs of Princess Margaret, although the judge said that the Mail should have doubted the source of the licence anyway). • Mansell v. Valley Printing [1908] 2 Ch 441, in which a publisher relied on permission from a person who owned no rights and was found to have infringed. 5 End-users: The library should not incur legal liability for each and every infringement by an authorised user. It is perfectly reasonable to ask the library to notify the publisher/licensor of any infringement that comes to the library’s notice and for them to co-operate with the publisher/licensor to prevent further abuse. Of course, if the library condoned or encouraged a breach to continue after being notified of the breach by the publisher/licensor, then they would be held liable. 6 Non-cancellation clauses: For example, there should be no penalty for cancelling the print version in order to sign up to the electronic version of an information source. 7 Non-disclosure clauses: If the licence contains a non-disclosure clause, it needs to be clear what information is subject to the obligation of confidence and you need to decide whether this is reasonable. There are obviously some things – most notably the price – which are in the supplier’s interests to keep confidential, especially if you have negotiated a preferential rate. Public authorities should bear in mind their obligations under the FOIA;

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 125

CONTRACTS AND LICENSING AGREEMENTS

125

and vendors should recognise that public authorities can’t simply ‘contract out’ of their FOIA obligations. 8 Termination clause: Licences should always contain a clause that sets out the mechanism or circumstances in which the licence terminates. 9 ‘Reasonable endeavours’ and ‘best endeavours’ clauses: The phrases ‘reasonable endeavours’ and ‘best endeavours’ (sometimes expressed as ‘reasonable efforts’ and ‘best efforts’) are ambiguous and should, wherever possible, be avoided. It is important that the terms in a contract provide both parties with legal certainty, especially terms dealing with price, quantity, time, obligation and performance of the contract. An obligation to use reasonable endeavours probably requires the relevant party to take one reasonable course, not all of them, whereas an obligation to use best endeavours probably requires that party to take all the reasonable courses that they can. Would ‘all reasonable endeavours’ equate to the same thing as ‘best endeavours’? For the avoidance of doubt, it is best that the contract is as unambiguous as possible. If ‘reasonable endeavours’/‘best endeavours’ type phrases are used, it would be best if the contract expressly spells out a specific set of steps that the person subject to the obligation is required to do as part of using their reasonable or best endeavours to perform the obligation. Both sides will usually have some things which are non-negotiable, and which could therefore be potential deal breakers. It is important for both sides to be clear about what they are trying to achieve with the licence agreement, and to be upfront about what is non-negotiable. If an issue is a deal breaker, then the party which feels so strongly about that issue needs to recognise it, and know when negotiation isn’t going to resolve the issue and that it’s therefore time to walk away.

6.2.1 Factors that can make or break a deal • • • • • • • • • • •

Applicable law. Warranties and indemnities. Remote access. Price. Access by walk-in users. Inter-library loan. Fair use. Archival access/perpetual rights. Adequate definition of authorised user. IP access. Definition of university/campus as single site.

.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 126

126

6.3

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

Consortia and standard licences

Negotiating licences can be extremely time-consuming. If you have to negotiate separate licences with each information provider, this is not only going to take up a lot of time but also create practical issues relating to compliance. Can you really be expected to know each of the licences you have signed up to inside out, especially if you have to take account of the terms and conditions in the licences for a large number of products? Consortia purchasing and/or the use of standard licences is recognition of the amount of time and effort involved in negotiating licence terms, as well as the expertise required. There are numerous initiatives to produce a standard form of licence:

✒ Useful resource 1. Licensingmodels.com is an initiative led by several subscription agents. Model standard licences for use by publishers, librarians and subscription agents for electronic resources have been created. There are licences covering the whole range of library types: single academic institutions, academic consortia, public libraries and corporate and other special libraries; and one licence on e-books and journal archives. 2. In the academic sector, the JISC often negotiates access to digital materials on behalf of interested universities. There are several JISC model licences. These include the JISC Model Licences for journals, for datasets and for e-books (https://www.jisccollections.ac.uk/Support/How-Model-Licences-work/). 3. The International Coalition of Library Consortia (ICOLC) (https://icolc.net) produced a statement of current perspective and preferred practices for the selection and purchase of electronic information back in 1998. This was primarily aimed at the higher education community. There are several updates to the original statement: • Update No. 1: new developments in e-journal licensing, December 2001. • Update No. 2: Pricing and Economics, October 2004, https://icolc.net/statement/statement-current-perspective-andpreferred-practices-selection-and-purchase-electronic. These generic tools are intended to cover different products and different types of use and set out the more routine conditions of use, but leave a limited number of commercial issues – such as price per access or territory – to be added by different suppliers.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 127

CONTRACTS AND LICENSING AGREEMENTS

127

The corporate sector has not tended to work together to create consortia in order to negotiate agreements with information providers. There are a number of reasons for this. The sector is quite disparate, consisting of a wide range of organisational types: media, law, property, professional services, engineering, pharmaceutical, etc. Many commercial organisations will not want their competitors to know of any specially negotiated contractual terms, especially not the price agreed, and may even be cagey about what services they subscribe to. One example of where the corporate sector has worked together is the sample licence for electronic journals produced by the Pharma Documentation Ring (www.p-d-r.com). Some large companies have produced a standard licence agreement for the supply of online information services. They have used their buying power to persuade information providers to let them have access to their products using the standard licence agreement that they, the customer, have drafted.

6.4

Technology solutions

Compliance with the terms and conditions of licences for electronic products is a major concern for both publishers and librarians, and suppliers will increasingly look to the available technology to control access to and the functionality available to the users of electronic information products. SI 2003/2498, which implements EU Directive 2001/29/EC, recognises digital rights management systems and promotes their adoption, protection and use. Where a library purchases a journal article or book in electronic format, the supplier might require them to accept a set of terms and conditions restricting access to, and use of, the item being purchased. But they might not rely solely on a set of terms and conditions to protect their intellectual property. Rather, they might use the technology to build in security settings. Examples of how this could be applied in practice might include building in settings such as: • Any use of the file is limited to the machine on which it is downloaded. • Printing is set to one copy only. • Saving and viewing of the article is permitted, but for a limited period of time. • Forwarding and copying functions are disabled. • Annotations and conversion to speech are permitted. • Encrypted data which ensures that the material can only be read by one person who has been given access to the software that decodes the data.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 128

128

6.5

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

Use of passwords for licensed products TIP: Be careful about your use of passwords for online databases, making sure that you comply with the terms of the licence agreement.

In February 2009, the Financial Times took legal action against one of their customers – Blackstone Group – for sharing passwords, eventually reaching a successful out-of-court settlement, rumoured to be a six-figure sum (Owen, 2009a, 2009b). In May 2010, the investment data provider Ipreo alleged that Goldman Sachs had infringed their copyright and that Goldman Sachs employees had shared log-ins intended only for a named contact. Ipreo alleged that at least two Goldman Sachs employees, and possibly more, illegally accessed its Bigdough contacts and profiles database over 200 times, downloading substantial amounts of data using log-in credentials belonging to someone else (Vijayan, 2010). It is important to be absolutely clear what type of contract you have – whether it is for a single user or for multiple users – and to abide by the contract terms. Where it is for multiple users, you should know whether it works on the basis of a set number of nominated individuals being allocated specific user IDs and passwords, or if it is based on a set number of concurrent users.

6.5.1 Usage data When taking out a licence for an electronic product it is important to bear in mind usage data. Does the product automatically give you, as the administrator, access to the usage data of everyone who uses the product and does it do so in the format you require? If not, it might be necessary to include a clause in the contract requiring the vendor to supply you with usage data on a regular basis. Being able to monitor the usage levels, you are then in a position to spot if the usage for a particular user is suspiciously high and will be able to take preemptive action as necessary, such as changing the password if you think it might have been shared with someone else. TIP: Make sure that you have access to usage data for the key online resources you subscribe to. In some instances, usage data will be accessible directly from within the product, sometimes it requires access to a separate module, but sometimes the only way to guarantee that you are able to see the usage data is to ensure that there is a clause in the contract requiring the information provider to supply you with the data on a regular basis.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 129

CONTRACTS AND LICENSING AGREEMENTS

6.6

129

Further information

Bebbington, L. (2001) Managing Content: licensing, copyright and privacy issues in managing electronic resources, Legal Information Management, 1 (2), 4–13. International Coalition of Library Consortia (ICOLC) Statement of Current Perspective and Preferential Practices for the Selection and Purchase of Electronic Information. Geleynse, J. P. J. (1999) Licensing principles, consortia, and practical experiences, LIBER Quarterly: The Journal of the European Research Libraries, 9 (4), 402–412, https://pure.uvt.nl/portal/files/1012888/licensing.pdf. LIBLICENSE: licensing digital information http://liblicense.crl.edu. US Principles for Licensing Electronic Resources (1997) http://arl.org/storage/documents/publications/licensing-principles1997.pdf. UKSG (Serials, Serials e-news, lis-e-journals): www.uksg.org.

References Bayley, E. (2009) The Clicks That Bind: ways users ‘agree’ to online terms of service, Electronic Frontier Foundation, http://www.eff.org/wp/clicks-bind-ways-users-agree-online-terms-service. Durrant, F. (2006) Negotiating Licences for Digital Resources, Facet Publishing. Giavarra, E. (2001) Licensing Digital Resources: how to avoid the legal pitfalls, 2nd edn, EBLIDA. Harris, L. E. (2018) Licensing Digital Content: a practical guide for librarians, 3rd edn, American Library Association. Owen, T. B. (2009a) FT Gets Tough on Multiple Log-ins, VIP Magazine, 7 February. Owen, T. B. (2009b) Tighter DIY Policing of FT Usage?, VIP Magazine, 22 April. Vijayan, J. (2010) Ipreo Sues Goldman Sachs for Data Theft, Computerworld, 7 May, http://www.computerworld.com/s/article/9176441/Ipreo_sues_ Goldman_Sachs_for_data_theft.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 130

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 131

CHAPTER 7

Data protection

Contents 7.1 Introduction 7.2 General principles 7.3 The six data protection principles 7.4 Accountability 7.5 Processing of personal data 7.6 Exemptions 7.7 Privacy notices 7.8 Register of fee payers 7.9 Rights of the data subject 7.10 Data breaches 7.11 Data protection impact assessments 7.12 Fines and prosecutions 7.13 Data protection issues for libraries 7.14 Data protection standards 7.15 How to protect your information 7.16 Identity theft 7.17 Further information References

7.1

Introduction

Information professionals process personal data as part of their daily work. Examples include the maintenance of user registration and circulation records or management statistics on usage of the information service. In addition to the need to comply with data protection law, CILIP members also need to abide by CILIP’s Ethical Framework (2018, see Appendix 2 for the full text of the framework). The framework states that ‘as an ethical information professional I make a commitment to uphold, promote and defend … the confidentiality of information provided by clients or users and the right of all individuals to privacy’ (A6). There is also a set of accompanying notes, Ethical Framework: clarifying notes (CILIP, 2018), which says that: ‘Privacy underpins human dignity and other key values such as freedom of association and freedom of speech … The right to

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 132

132

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

privacy can only be limited by law when it is necessary to do so in a democratic society for reasons such as national security, public safety, the prevention of crime or protection of the rights and freedoms of others. Any limitation on this right must be proportionate’ and that confidentiality is ‘The state of keeping or being kept secret or private’. The clarifying notes ask the question: ‘What does this mean for professional practice?’ and go on to answer that question by saying: As recognised by IFLA in its Code of Ethics for Librarians and other Information Workers, library and information professionals should respect personal privacy, and the protection of personal data necessarily shared between individuals and institutions. The relationship between the library and the user is one of confidentiality and appropriate measures should be taken to ensure that user data is not shared beyond the original transaction without their consent.

7.2 General principles The Data Protection Act 2018 (DPA) provides a comprehensive legal framework for data protection in the UK, in accordance with the General Data Protection Regulation (EU Regulation 2016/679). As DPA section 2(1) says ‘The GDPR, the applied GDPR and this Act protect individuals with regard to the processing of personal data’. The DPA (and the GDPR) came into force on 25 May 2018 and sets out how personal data should be handled. As far as the DPA is concerned, personal data means data that relates to an identified or identifiable living individual. Section 3(2) of the DPA 2018

GDPR article 4 (1)

‘Personal data’ means any information relating to an identified or identifiable living individual (subject to subsection (14)(c)).

‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’).

‘Identifiable living individual’ means a living individual who can be identified, directly or indirectly, in particular by reference to— an identifier such as a name, an identification number, location data or an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the individual.

An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Figure 7.1 Definitions of ‘personal data’ and ‘identifiable living individual’/‘identifiable natural person’

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 133

DATA PROTECTION

133

In cases where the information in question can be linked to an identifiable individual, the following are examples of personal data: • • • • •

Information about the medical history of an individual. An individual’s salary details. Information concerning an individual’s tax liabilities. Information comprising an individual’s bank statements. Information about an individuals’ spending preferences.

Figure 7.2 What constitutes ‘personal data’? The principle of protecting personal data is enshrined in Article 8 of the European Convention on Human Rights: ‘Everyone has the right to respect for his private and family life, his home and his correspondence’. It is important to recognise that the UK’s data protection legislation is based on these human rights foundations. There are examples of records which will be personal data where the information is not obviously about an individual but is instead about the activities of an individual. Personal bank statements or itemised telephone bills are a good example of this. In such cases, the data being processed would be considered to be personal data where it is being processed – or where it could easily be processed – in order to learn, record or decide something about an identifiable individual. The provisions of the DPA cover the processing of personal data by computer systems or paper-based structured filing systems. Section 3(7) of the DPA 2018 defines ‘filing system’ as:

Article 4(6) of the GDPR defines ‘filing system’ as:

‘… any structured set of personal data which is accessible according to specific criteria, whether held by automated means or manually and whether centralised, decentralised or dispersed on a functional or geographical basis’.

‘… any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographic basis’.

Figure 7.3 Definitions of ‘filing system’ There are also some circumstances in which unstructured data is also covered, although these relate to the processing of manual unstructured personal data held by an FOI public authority.

7.2.1 The GDPR and the DPA 2018 are constantly evolving It is inevitable that the regulatory environment surrounding data protection will

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 134

134

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

adapt and evolve over time. The EU’s General Data Protection Regulation and the UK’s Data Protection Act 2018 should be thought of as live documents which are in a constant process of evolution for a number of reasons. Firstly, the supervisory authority (in the UK the supervisory authority is the ICO) is an agency that can specify enforcement or remedial action in the event that an organisation acts outside of the boundaries of the data protection legislation. Secondly, cases can be brought before the courts, with the potential for new legal precedents to be set. Thirdly, the legislation can be amended. The text of the DPA 2018 can be amended by statutory instrument or by other statutes/Acts of Parliament. It is important, therefore, not to rely exclusively on the text of the DPA 2018 as originally passed, but to ensure that you take account of any amending legislation, as well as any enforcement action, or relevant case law. The GDPR has many benefits and advantages: • A consistent law across the EU, thereby making compliance easier. • The ability for organisations to interact with a single supervisory authority. • A clear basis from which organisations are able to demonstrate their trustworthiness to their users, customers and employees (bearing in mind the accountability principle and the documentation requirements to demonstrate compliance). • It also gives individuals better control over their data.

7.2.2 Related legislation GDPR Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data repeals Directive 95/46/EC. It is better known as the General Data Protection Regulation or GDPR.

Law enforcement data Directive The GDPR is only one component of the EU’s data reform package. Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA (better known as the law enforcement data Directive or the police and criminal justice data protection Directive), focuses on the protection of natural persons when their data is processed for preventing,

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 135

DATA PROTECTION

135

investigating and prosecuting criminal offences, governing law enforcement agencies and how they process data in the performance of their tasks. The law enforcement data protection Directive entered into force in May 2016 and member states had two years within which to transpose the legislation. Part 3 of the Data Protection Act 2018 implements the law enforcement Directive in the UK.

ePrivacy Directive Directive 2002/58/EC, concerning the processing of personal data and the protection of privacy in the electronic communications sector (better known as the ePrivacy Directive), was implemented in the UK by The Privacy and Electronic Communications (EC Directive) Regulations: SI 2003/2426. These were subsequently amended by: • The Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2004: SI 2004/1039. • Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011: SI 2011/1208 (as a result of Directive 2009/136/EC). • The Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2015: SI 2015/355. • The Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2016: SI 2016/524. • The Privacy and Electronic Communications (EC Directive) (Amendment) (No 2) Regulations 2016: SI 2016/1177. • The Privacy and Electronic Communications (Amendment) Regulations 2018: SI 2018/1189. • The Privacy and Electronic Communications (Amendment) (No. 2) Regulations 2018: SI 2018/1396. • The Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019: SI 2019/419. • The Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) (No. 2) Regulations 2019: SI 2019/485. The ePrivacy Directive is being replaced by a new ePrivacy Regulation COM (2017) 10 final. This focuses on trust: • It assures the security and confidentiality of data and metadata as it is communicated. • It streamlines the rules relating to the acceptance of cookies online. • It bans unsolicited communications, providing a safeguard against spam.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 136

136

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

7.3

The six data protection principles

The GDPR (Article 5) and the DPA 2018 (Chapter 2) outline six data protection principles that organisations need to follow when collecting, processing and storing individuals’ personal data (see Figure 7.4). GDPR Article 5

DPA 2018

Known as

1

(a) Processed lawfully, fairly and in a transparent manner

the processing of personal data for any of the law enforcement purposes must be lawful and fair (s35)

Lawfulness, fairness and transparency

2

(b) Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes

the law enforcement purpose Purpose for which personal data is limitation collected on any occasion must be specified, explicit and legitimate, and personal data so collected must not be processed in a manner that is incompatible with the purpose for which it was collected (s36)

3

(c) Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed

personal data processed for any of the law enforcement purposes must be adequate, relevant and not excessive in relation to the purpose for which it is collected (s37)

4

(d) Accurate and, where …must be accurate and, necessary, kept up to date; where necessary, kept up to every reasonable step date (s38) must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay

5

(e) Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed

Data minimisation

Accuracy

must be kept for no longer Storage limitation than is necessary for the purpose for which it is processed. Appropriate time limits must be established for the periodic review of the need for the continued storage of personal data for any of the law enforcement purposes (s39)

Figure 7.4 The six principles of ‘good information handling’

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 137

DATA PROTECTION

6

GDPR Article 5

DPA 2018

(f) Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures

must be so processed in a Integrity and manner that ensures confidentiality appropriate security of the personal data, using appropriate technical or organisational measures... (this) includes protection against unauthorised or unlawful processing and against accidental loss, destruction or damage (s40)

137

Known as

Figure 7.4 Continued

7.3.1 First principle The processing of personal data should be fair and lawful. The information must be processed in a way that complies with the general law and in a manner which is fair to individuals.

7.3.2 Second principle Data must only be obtained for a purpose which is specified, explicit and legitimate, and the personal data collected must not be processed in a manner which is incompatible with the purpose for which it was collected.

7.3.3 Third principle Personal data must be adequate, relevant and not excessive in relation to the purpose for which it is processed. You should only collect the minimum data necessary to fulfil the purpose for which you are processing it. When designing online forms, for example, you will need to think carefully about which fields are compulsory and which fields are optional.

7.3.4 Fourth principle Personal data shall be accurate and where necessary kept up to date. This requires data controllers to take reasonable steps to ensure the accuracy of the data. Upon a data subject’s request, you should correct, change or delete inaccurate details.

7.3.5 Fifth principle Personal data should not be kept for longer than is necessary for the purpose for which it is collected. DPA 2018 section 39(2) says that ‘Appropriate time limits must be established for the periodic review of the need for the continued storage of

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 138

138

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

personal data for any of the law enforcement purposes’. Data controllers should have a clear policy on how long they keep data and at the end of that period the data should be reviewed or destroyed as appropriate.

7.3.6 Sixth principle DPA 2018 section 40 says that: … personal data processed for any of the law enforcement purposes must be so processed in a manner that ensures appropriate security of the personal data, using appropriate technical or organisational measures (and, in this principle, ‘appropriate security’ includes protection against unauthorised or unlawful processing and against accidental loss, destruction or damage). Examples of organisational measures in libraries might include the need for library staff to be careful about the positioning of computer terminals at enquiry desks, ensuring that third parties cannot see what’s on the screen, or avoiding speaking on the telephone about a library user’s record within earshot of third parties.

7.4

Accountability

Although it isn’t listed as one of the six, the ICO says that ‘accountability is one of the data protection principles – it makes you responsible for complying with the GDPR and says that you must be able to demonstrate your compliance’ (https://ico.org.uk/for-organisations/guide-to-the-general-data-protectionregulation-gdpr/accountability-and-governance/). Article 5(2) of the GDPR and DPA 2018 Schedule 1 Part 4 make clear that data controllers are responsible for, and must be able to demonstrate compliance with the six principles shown above relating to the processing of personal data. In other words, they must be held accountable for their processing of personal data. Interestingly, the text of the DPA 2018 makes no mention of the word ‘accountability’ apart from four references to Acts of Parliament which incor porate the word within their titles. There are requirements set out in the GDPR which provide institutions with various ways in which they are able to demonstrate their accountability. These include:

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 139

DATA PROTECTION

139

DPA 2018

GDPR

Compliance measure

Comment

Section 59(5–7)

Article 28

Contracts with data processors

Sets out what should be stipulated in a contract or other legal act which is binding on the processor with regard to the controller.

E.g. sections Article 30 42(3–4), 44(7), 45(7), 48(7), 61, 67

Documentation about processing activities

The legislation sets out the information that must be contained in the records of processing activities.

Section 57

Article 25

Data protection by design and default

This is where an organisation shows that it is implementing technical and organisational measures to ensure that the data protection principles are being implemented and that any risks to the rights and freedoms of data subjects are minimised.

Section 64

Article 35

Data protection impact Where it is likely that a assessments (DPIA) type of processing will result in a high risk to the rights and freedoms of individuals, data controllers are required to carry out a data protection impact assessment, that is, an assessment of the impact of the envisaged processing operations on the protection of personal data.

Sections 69–71

Articles 37–39

Data protection officers

Figure 7.5 Accountability requirements

Data controllers must designate a data protection officer. Depending on the size and function of the organisation, the DPO could be part-time or fulltime, or one DPO could be appointed to work on behalf of several controllers.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 140

140

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

DPA 2018

GDPR

Compliance measure

Comment

Schedule 6 (31–34) Article 40–43 Codes of conduct and certification

GDPR encourages the use of codes of conduct or certification, as ways of demonstrating compliance with GDPR when processing personal data. Codes of conduct and certification can be developed and awarded by competent supervisory authorities.

Sections 67–68

Where a data breach occurs, the data controller is required to notify the Information Commissioner without undue delay and where feasible, not later than 72 hours after becoming aware of it. In the case of unreported data breaches, being able to demonstrate that the personal data breach is unlikely to result in a high risk to the rights and freedoms of natural persons.

Article 33

Data breach notification

Figure 7.5 Continued

7.4.1 Documentation requirements Supervisory authorities need access to information about processing activities in the event of an investigation or a complaint. Organisations need to document what data they are processing, why and how they are managing it. As a controller, an organisation must be sure that a processor will be able to effectively meet GDPR requirements and participate in an audit or investigation at the controller’s request. Opposite are some of the specific documentation requirements that an organisation needs to keep in order to comply with the legislation. TIP: The ICO has documentation templates (in spreadsheet format) for data controllers and for data processors which give you a sense of the kind of detail that needs to be kept. https://ico.org.uk/for-organisations/guide-to-the-general-data-protectionregulation-gdpr/accountability-and-governance/documentation

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 141

DATA PROTECTION

141

DPA 2018 section 44

GDPR Article 13

• The controller must make available to data subjects the following information (whether by making the information generally available to the public or in any other way)— — the identity and the contact details of the controller; — where applicable, the contact details of the data protection officer (see sections 69 to 71); — the purposes for which the controller processes personal data; • the existence of the rights of data subjects to request from the controller— — access to personal data (see section 45), — rectification of personal data (see section 46), and — erasure of personal data or the restriction of its processing (see section 47); — the existence of the right to lodge a complaint with the Commissioner and the contact details of the Commissioner. • The controller must also, in specific cases for the purpose of enabling the exercise of a data subject’s rights under this Part, give the data subject the following— — information about the legal basis for the processing; — information about the period for which the personal data will be stored or, where that is not possible, about the criteria used to determine that period; — where applicable, information about the categories of

Information to be provided where personal data are collected from the data subject 1. Where personal data relating to a data subject are collected from the data subject, the controller shall, at the time when personal data are obtained, provide the data subject with all of the following information: (a) the identity and the contact details of the controller and, where applicable, of the controller's representative; (b) the contact details of the data protection officer, where applicable; (c) the purposes of the processing for which the personal data are intended as well as the legal basis for the processing; (d) where the processing is based on point (f) of Article 6(1), the legitimate interests pursued by the controller or by a third party; (e) the recipients or categories of recipients of the personal data, if any; (f) where applicable, the fact that the controller intends to transfer personal data to a third country or international organisation and the existence or absence of an adequacy decision by the Commission, or in the case of transfers referred to in Article 46 or 47, or the second subparagraph of Article 49(1), reference to the appropriate or suitable safeguards and the means by which to obtain a copy of them or where they have been made available. 2. In addition to the information referred to in paragraph 1, the controller shall, at the time when personal data are obtained, provide the data subject with the following further information necessary to ensure fair and transparent processing: (a) the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period; (b) the existence of the right to request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability; (c) where the processing is based on point (a) of

Figure 7.6 Documentation requirements

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 142

142

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

DPA 2018 section 44 recipients of the personal data (including recipients in third countries or international organisations); — such further information as is necessary to enable the exercise of the data subject’s rights under this Part.

GDPR Article 13 Article 6(1) or point (a) of Article 9(2), the existence of the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal; (d) the right to lodge a complaint with a supervisory authority; (e) whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether the data subject is obliged to provide the personal data and of the possible consequences of failure to provide such data; (f) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

Figure 7.6 Continued

7.4.2 Codes of conduct GDPR Article 40 (see also DPA Schedule 6 – modifications to the GDPR) supports the drawing up of codes of conduct to help people properly apply the legislation to their sectors and the specific needs of micro, small and mediumsized enterprises. Article 40(2) says that associations and other bodies representing categories of controllers or processors may prepare, amend, or extend codes of conduct. These codes would have regard to: (a) (b) (c) (d) (e) (f) (g)

(h) (i)

fair and transparent processing; the legitimate interests pursued by controllers in specific contexts; the collection of personal data; the pseudonymisation of personal data; the information provided to the public and to data subjects; the exercise of the rights of data subjects; the information provided to, and the protection of, children, and the manner in which the consent of the holders of parental responsibility over children is to be obtained; the measures and procedures referred to in Articles 24 and 25 and the measures to ensure security of processing referred to in Article 32; the notification of personal data breaches to supervisory authorities

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 143

DATA PROTECTION

(j) (k)

143

and the communication of such personal data breaches to data subjects; the transfer of personal data to third countries or international organisations; or out-of-court proceedings and other dispute resolution procedures for resolving disputes between controllers and data subjects with regard to processing, without prejudice to the rights of data subjects pursuant to Articles 77 and 79.

Supervisory authorities can accredit associations. They can also revoke that accreditation if the association does not meet the conditions for accreditation.

7.4.3 Certification Articles 42 and 43 of the GDPR/DPA 2018 (section 17 and Schedule 6 (modifications to the GDPR) Part 1 section 34) make provision for certification bodies. Member States can establish data protection certification mechanisms for the purpose of demonstrating compliance with the requirements in the GDPR. Certificates can be issued by the supervisory authority or by certification providers. All the compliance steps listed above would help the supervisory authority to verify an organisation’s compliance with the GDPR/DPA 2018. Even before the implementation of the new data protection legislation, many organisations had for some time been keeping records about the data they held. For example, they might have detailed data inventories and/or information risk registers.

Data inventories These are usually maintained by IT departments and contain details about the data that an organisation holds. They are likely to include: • A description of what the data consists of (such as customer names, addresses, dates of birth) and whether it includes sensitive data (such as information about a person’s health, or their ethnicity). • Why, where and how the data is being processed. • Who holds responsibility for its management. • Volume and storage mechanism (digital/paper based). • Backups being performed on it (including location of the backup). • Retention schedules.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 144

144

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

Information risk registers These contain details of the risks to an organisation when it processes data. The register will include: • • • • •

A description of the risk The data involved in the processing. The purpose for processing. The protections in place to mitigate the risks that have been identified. Categorisation of the level of severity of the risk (e.g. low, medium, high).

7.5

Processing of personal data

The GDPR and the DPA regulate the processing of information about individuals. They define processing widely to cover everything that can be done with personal information such as the obtaining, recording, holding, disclosing, blocking, erasure or destruction of personal data.

7.5.1 Legal bases for data processing There are six legal bases for the processing of data about a ‘natural person’, as defined under Article 6 of the GDPR (or ‘identifiable living individual’ as defined in the DPA 2018 section 3(2)). Article 6 of the GDPR (lawfulness of processing) is cross-referenced throughout the DPA 2018, see for example section 8.

Legal basis for data processing

GDPR

Comment

1.

Performance of a contract

Article 6(1)(b)

Covers both the providing of data before entering into a contract as well as the processing afterwards of data in accordance with that contract.

2.

Legal obligations

Article 6(1)(c)

To meet a legal or regulatory obligation of the data controller.

3.

Performance of a task in the public interest

Article 6(1)(e)

This obligation includes processing necessary for the administration of justice; the exercise of a function of either House of Parliament; the exercise of a function conferred on a person by an enactment or rule of law; the exercise of a function of the Crown; or an activity that supports or promotes democratic engagement.

Figure 7.7 Legal basis for data processing

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 145

DATA PROTECTION

145

Legal basis for data processing

GDPR

Comment

4.

Consent from the individual

Article 6(1)(a)

‘Consent’ means a freely given, specific, informed and unambiguous indication of the individual’s wishes by which the individual, by a statement or by a clear affirmative action, signifies agreement to their data being processed.

5.

Legitimate interest

Article 6(1)(f)

The legitimate interest should not override the natural person’s interests or fundamental rights and freedoms.

6.

Protect the vital interests of an individual

Article 6(1)(d)

This condition is met if the processing is necessary to protect the vital interests of an individual, and the data subject is physically or legally incapable of giving consent.

Figure 7.7 Continued The lawful basis for your processing can also affect which rights are available to individuals. The ICO has produced a table summarising this: Right to erasure

Right to portability

Right to object

Consent

X (but right to withdraw consent)

Contract

X

Legal obligation

X

Vital interests Public task Legitimate interests

X

X

X

X

X

X X

Figure 7.8 How the legal basis for processing can affect an individual’s rights. Source: https://ico.org.uk/for-organisations/guide-to-the-general-dataprotection-regulation-gdpr/lawful-basis-for-processing/ (reproduced under the Open Government Licence)

7.5.2 Processing of special categories of data (sensitive personal data) ‘Special categories of data’ are listed in Article 9 of the GDPR/section 35(8) of the DPA 2018. They cover the processing of the following types of personal data:

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 146

146 • • • • • • • • •

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS Racial or ethnic origin. Political opinion. Religious or philosophical beliefs. Genetic data which uniquely identifies an individual. Biometric data which uniquely identifies an individual. Trade union membership. Health data. Sex life. Sexual orientation.

Figure 7.9 Special categories of personal data (sensitive personal data) If you are processing special category data, you need to identify both a lawful basis for general processing (under GDPR Article 6) and an additional condition (under GDPR Article 9) for processing this type of data (and to document this). These do not have to be linked. Schedule 9 of the DPA 2018 covers the conditions for processing under Part 4 (Intelligence service processing), while Schedule 8 covers the conditions for sensitive processing under Part 3 (law enforcement processing). DPA sections 9–11 and Schedule 1 (special categories of personal data and criminal convictions, etc., data) deal with sensitive processing. There are ten conditions for processing special category data in the GDPR itself, but the Data Protection Act 2018 introduces several additional conditions and safeguards. GDPR

DPA 2018

Condition

Article 9(2)(a)

Schedule 1 The data subject has given their explicit (Part 3 deals specifically consent. with conditions relating to criminal convictions)

Article 9(2)(b) Schedule 1 Part 1

Required by law to process the data for employment, social security and social protection purposes.

Article 9(2)(c)

Processing is necessary to protect the vital interests of the data subject or another person, where the data subject is physically or legally incapable of giving consent.

Schedule 1 Part 3

Article 9(2)(d) Schedule 1 Part 3

Processing is carried out in the course of its legitimate activities by any foundation, association or other non-profit body which exists for political, philosophical, religious or trade union purposes. (Relates only to processing of the data of members or former members who have regular contact with it).

Figure 7.10 Conditions for the processing of special category data

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 147

DATA PROTECTION GDPR

DPA 2018

147

Condition

Article 9(2)(e) Schedule 1 Part 3 and Schedule 8

Processing relates to personal data which are manifestly made public by the data subject.

Article 9(2)(f)

Schedule 1 Part 3

Processing is necessary for the establishment, exercise or defence of legal claims or wherever courts are acting in their judicial capacity.

Article 9(2)(g)

Schedule 1 Part 2

Processing is necessary for reasons of substantial public interest.

Article 9(2)(h) Schedule 1 Part 1

Processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services.

Article 9(2)(i)

Schedule 1 Part 1

Processing is necessary for reasons of public interest in the area of public health.

Article 9(2)(j)

Schedule 1 Part 1

Processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes and in accordance with Article 89(1).

The Data Protection Act 2018 adds several more specific conditions and safeguards: Schedule 1 Part 1

Specific conditions for the various employment, health and research purposes under Articles 9(2)(b), (h), (i) and (j).

Schedule 1 Part 2

Specific ‘substantial public interest’ conditions for Article 9(2)(g). In some cases, you must also have an ‘appropriate policy document’ in place to rely on these conditions.

Figure 7.10 Conditions for the processing of special category data

7.5.3 Consent The GDPR requires consent to be clear, unambiguous, positive consent, given by the natural person without coercion. It can be withdrawn just as easily as it was first granted. For example, if the data subject opts in to receive a newsletter or regular update email, they should be able to unsubscribe from those emails at a later date if they so wish, and the process for unsubscribing should be just as easy as the initial subscription process.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 148

148

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

DPA 2018 section 84(2)

GDPR Article 4(11)

‘Consent’, in relation to the processing of personal data relating to an individual, means a freely given, specific, informed and unambiguous indication of the individual’s wishes by which the individual, by a statement or by a clear affirmative action, signifies agreement to the processing of the personal data.

‘Consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Figure 7.11 Definition of consent The stipulation that consent needs to be in the form of a clear affirmative act means, for example, that this would not cover the use of pre-ticked boxes used to authorise data sharing with other companies. In such a scenario, it would be necessary for the boxes to be left blank, and for the data subject to actively and consciously opt-in to the data sharing. Article 7(4) of the GDPR says: When assessing whether consent is freely given, utmost account shall be taken of whether, inter alia, the performance of a contract, including the provision of a service, is conditional on consent to the processing of personal data that is not necessary for the performance of that contract. In other words, people cannot be forced into giving consent for additional data processing that is over and above what is required for the performance of the contract on the grounds that it is a condition of performing the contract. If the data being requested is over and above what is required to perform the contract, consent would not have been freely given and the justification used would be invalid.

7.5.3.1 Children The processing of children’s data is lawful if they have given their consent and have reached the appropriate age. The GDPR sets the age as being at least 16 years old, but member states are allowed to specify a lower age provided that it is no less than 13. The UK opted for the lowest possible age permitted under GDPR, namely 13. If the child is any younger than the appropriate age, parental consent is required. The rules relating to children govern the use of ‘information society services’ (GDPR Article 8(1)/DPA 2018 section 9), which are defined in Directive 2015/1535 as being ‘any service normally provided for remuneration, at a distance, by means of electronic equipment for the processing (including digital compression) and storage of data, and at the individual request of a recipient of a service’. This would include the use of social networks such as Facebook.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 149

DATA PROTECTION

149

The rationale as to why it is so important for information society services to check the age of users is explained in Recital 38 of the GDPR: Children merit specific protection with regard to their personal data, as they may be less aware of the risks, consequences and safeguards concerned and their rights in relation to the processing of personal data. Such specific protection should, in particular, apply to the use of personal data of children for the purposes of marketing or creating personality or user profiles and the collection of personal data with regard to children when using services offered directly to a child.

7.5.4 Transfers of personal data to a third country or an international organisation Personal data routinely flows back and forth as part of people going about their daily lives. These data flows occur between companies and their customers, between government institutions and the citizens they serve, and libraries are not exempt from this. Data flows can occur in many different ways. For example, the personal data could flow within a single institution or between different institutions. It can take place within a single country or across national boundaries. Cross-border data flows can occur within the European Economic Area (the EU plus Norway, Iceland and Liechtenstein) or between EEA countries and ‘third countries’. (The term ‘third countries’ refers to countries or territories that are not member states of the European Economic Area.) Libraries rely on external vendors in order to deliver the services that they offer. They rely, for example, on the providers of a range of technologies such as library management systems, discovery services or e-book aggregators. These vendors may be based outside the European Economic Area or may store the data outside the EEA. Personal data flows back and forth in a library context and these data flows can occur both within and beyond national boundaries: • Libraries rely on the internet in order to offer digital services to their users. Library vendors may make use of cloud computing. • A number of libraries use an outsourcing model where the data resides with the outsourcing provider. There is a danger that any attempts to regulate the flow of personal data is completely undermined if it is allowed to flow from an EEA country to a country or region which has fewer safeguards in place. For this reason, there are strict rules in place to govern what are known as ‘restricted transfers’, that is transfers of personal data to third countries and international organisations.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 150

150

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

GDPR Chapter V and Chapter 5 of the DPA 2018 deal with transfers of personal data to third countries and international organisations. They set out the ways in which transfers of personal data to third countries can legitimately take place: 1

Where the European Commission has made an ‘adequacy decision’ about the country or international organisation (GDPR Article 45/DPA 2018 section 74). 2 Where the transfer is covered by ‘appropriate safeguards’ (GDPR Article 46/DPA 2018 section 75): 3 A legally binding and enforceable instrument between public authorities or bodies. 4 Binding corporate rules – these are legally binding instruments covering the transfer of data between organisations forming part of a corporate group and which may operate in third countries. Their purpose is to ensure that a data controller in a corporate group applies a consistent form of protection both within the EEA and in third countries, as it binds members based in a third country to the GDPR’s requirements around any such international transfers. Binding corporate rules must be approved by supervisory authorities; be legally binding and enforceable by all members of the group and their employees; and must give enforceable rights directly to data subjects when their data is being processed. These would include the right to complain about the processing to the supervisory authorities and the courts. And they would also have the right to seek compensation for a breach of the binding corporate rules. 5 Standard data protection clauses adopted by the Commission. 6 Standard data protection clauses adopted by a supervisory authority and approved by the Commission. 7 An approved code of conduct together with binding and enforceable commitments of the receiver outside the EU. 8 Certification under an approved certification mechanism together with binding and enforceable commitments of the receiver outside the EU. 9 Contractual clauses authorised by a supervisory authority. 10 Administrative arrangements between public authorities or bodies which include enforceable and effective rights for the individuals whose personal data is transferred, and which have been authorised by a supervisory authority. 11 Where the restricted transfer is covered by an exception (GDPR Article 49(1)/DPA 2018 section 18). The EU has recognised the adequacy of the protection of personal data for the following countries:

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 151

DATA PROTECTION

• • • • • • • • • • • •

151

Andorra Argentina Canada (commercial organisations) Faroe Islands Guernsey Isle of Man Israel Jersey New Zealand Switzerland Uruguay USA (companies signed up to the privacy shield framework).

The European Commission will review their adequacy determination at least every four years.

✒ Useful resource For up-to-date information on EC decisions on the adequacy of the protection of personal data in third countries, visit https://ec.europa.eu/info/law/law-topic/data-protection/data-transfersoutside-eu/adequacy-protection-personal-data-non-eu-countries_en. A transfer of personal data outside the protection of the GDPR is referred to as a ‘restricted transfer’. There are exceptions in place which permit restricted transfers of personal data. You would, of course, still need to comply with the rest of the GDPR. The available exceptions (GDPR Article 49(1)) are: 1 The individual has given his or her explicit consent to the transfer. 2 You have a contract with the individual and the transfer is necessary for you to perform that contract. 3 You have (or are entering into) a contract with an individual which benefits another individual whose data is being transferred. The transfer is necessary for you to either enter into that contract or perform that contract. 4 The transfer is necessary for important reasons of public interest. 5 To establish if you have a legal claim, to make a legal claim or to defend a legal claim. 6 To protect the vital interests of an individual who is physically or legally incapable of giving consent. 7 The transfer is being made from a public register. 8 You are making a one-off transfer which concerns only a limited number of data subjects and it is in your compelling legitimate interests.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 152

152

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

For point 8 above, the relevant text from the GDPR (Article 49(1)) states: Where a transfer could not be based on a provision in Article 45 or 46, including the provisions on binding corporate rules, and none of the derogations for a specific situation referred to in the first subparagraph of this paragraph is applicable, a transfer to a third country or an international organisation may take place only if the transfer is not repetitive, concerns only a limited number of data subjects, is necessary for the purposes of compelling legitimate interests pursued by the controller which are not overridden by the interests or rights and freedoms of the data subject, and the controller has assessed all the circumstances surrounding the data transfer and has on the basis of that assessment provided suitable safeguards with regard to the protection of personal data. The controller shall inform the supervisory authority of the transfer. By virtue of section 18 of the DPA 2018, the Secretary of State can issue regulations which set out the circumstances under which a transfer of personal data to a third country can take place (for the purposes of GDPR Article 49(1)). The GDPR is extra-territorial, because it relates to data about EU citizens wherever it may be processed in the world.

7.6

Exemptions

The exemptions in the DPA 2018 cover: • • • • • • •

Crime, law and public protection. Regulation, parliament and the judiciary. Journalism, research and archiving. Health, social work, education and child abuse. Finance, management and negotiations. References and exams. Subject access requests – information about other people.

The exemptions can relieve those who process personal data of their obligations for things such as: • • • • •

The right to be informed. The right of access. Dealing with other individual rights. Reporting personal data breaches. Complying with the principles.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 153

DATA PROTECTION

153

Some exemptions apply to only one of the above, but others can exempt you from several things. Domestic purposes is not an exemption as such, simply because it isn’t covered by the GDPR. Personal data processed in the course of a purely personal or household activity is outside the scope of the GDPR where there is no connection to a professional or commercial activity. Exemption

DPA 2018

Crime, law and public protection Crime and taxation: general

Schedule 2 Part 1(2)

Crime and taxation: risk assessment systems

Schedule 2 Part 1(3)

Information required to be disclosed by law or in connection with legal proceedings Legal professional privilege

Schedule 2 Part 1(5)

Self-incrimination

Schedule 2 Part 4(20)

Schedule 2 Part 4(19)

Disclosure prohibited or restricted by an enactment Immigration

Schedule 2 Part 1(4)

Functions designed to protect the public

Schedule 2 Part 2(7)

Audit functions

Schedule 2 Part 2(8)

Bank of England functions

Schedule 2 Part 2(9)

Regulation, parliament and the judiciary Regulatory functions relating to legal services, the health service and children’s services

Schedule 2 Part 2(10)

Other regulatory functions

Schedule 2 Part 2(11)

Parliamentary privilege

Schedule 2 Part 2(13)

Judicial appointments, independence and proceedings

Schedule 2 Part 2(14)

Crown honours, dignities and appointments

Schedule 2 Part 2(15)

Journalism, research and archiving Journalistic, academic, artistic and literary purposes

Schedule 2 Part 5(26)

Research and statistics

Schedule 2 Part 5(27)

Archiving in the public interest

Schedule 2 Part 5(28)

Health, social work, education and child abuse Health data – processed by a court

Schedule 3 Part 2(3)

Health data – an individual’s expectations and wishes

Schedule 3 Part 2(4)

Health data – serious harm

Schedule 3 Part 2(5)

Health data – restriction of the right of access

Schedule 3 Part 2(6)

Figure 7.12 Data protection exemptions

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 154

154

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

Exemption

DPA 2018

Social work data – processed by a court

Schedule 3 Part 3(9)

Social work data – an individual’s expectations and wishes

Schedule 3 Part 3(10)

Social work data – serious harm

Schedule 3 Part 3(11)

Social work data – restriction of the right of access

Schedule 3 Part 3(12)

Education data – processed by a court

Schedule 3 Part 4(18)

Education data – serious harm

Schedule 3 Part 4(19)

Education data – restriction of the right of access

Schedule 3 Part 4(20)

Child abuse data

Schedule 3 Part 5(21)

Finance, management and negotiations Corporate finance

Schedule 2 Part 4(21)

Management forecasts

Schedule 2 Part 4(22)

Negotiations

Schedule 2 Part 4(23)

References and exams Confidential references

Schedule 2 Part 4(24)

Exam scripts and exam marks

Schedule 2 Part 4(25)

Subject access requests – information about other people Protection of the rights of others

Schedule 2 Part 3

Figure 7.12 Continued

Archiving Schedule 2 Part 6 of the DPA 2018 covers the topic of archiving in the public interest and states that: Archiving in the public interest 28 (1) The listed GDPR provisions do not apply to personal data processed for archiving purposes in the public interest to the extent that the application of those provisions would prevent or seriously impair the achievement of those purposes. Meanwhile the explanatory notes to the DPA 2018 state that: The new Act exercises all of the derogations in Article 89(2) and (3) of the GDPR, and retains the relevant conditions, to ensure that research organisations and archiving services do not have to respond to subject access requests when this would seriously impair or prevent them from fulfilling their purposes. Further, the Act contains provision to exercise derogations so that research organisations do not have to comply with an

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 155

DATA PROTECTION

155

individual’s rights to rectify, restrict further processing and object to processing where this would seriously impede their ability to complete their work, and providing that appropriate organisational safeguards are in place to keep the data secure.

7.7

Privacy notices

Article 12 of the GDPR requires data controllers to provide data subjects with information about the processing of their personal data. The information must be provided in a concise, transparent, intelligible and easily accessible form, using clear and plain language, in particular for any information addressed specifically to a child. The information should be: • Provided in writing (which includes providing by electronic means). • It may be provided orally so long as the identity of the data subject has been proven. A privacy notice would need to take into account two different scenarios: 1 Cases where personal data has been collected from the data subject (Article 13.) 2 Cases where the personal data has not been collected from the data subject (Article 14). • • • • • • • • • • • • • • •

The name and contact details of our organisation. The name and contact details of our representative (if applicable). The contact details of our data protection officer (if applicable). The purposes of the processing. The lawful basis for the processing. The legitimate interests for the processing (if applicable). The categories of personal data obtained (if the personal data is not obtained from the individual it relates to). The recipients or categories of recipients of the personal data. The details of transfers of the personal data to any third countries or international organisations (if applicable). The retention periods for the personal data. The rights available to individuals in respect of the processing. The right to withdraw consent (if applicable). The right to lodge a complaint with a supervisory authority. The source of the personal data (if the personal data is not obtained from the individual it relates to). The details of whether individuals are under a statutory or contractual obligation to provide the personal data (if applicable, and if the personal data is collected from the individual it relates to).

Figure 7.13 What should be in a data protection/privacy statement

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 156

156

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

• The details of the existence of automated decision-making, including profiling (if applicable). Section 44 of the DPA 2018 sets out the data controller’s duty to provide information to data subjects. A data protection notice or statement must be available to data subjects before they are asked to complete their details online. Source: http://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulationgdpr/individual-rights/right-to-be-informed (reproduced under the Open Government Licence)

Figure 7.13 Continued

7.8

Register of fee payers

Since the coming into force of the Data Protection Act 2018, it has not been necessary for firms to ‘notify’ the ICO that they process personal data. However, under section 108 of the Digital Economy Act 2017, data controllers do have to pay the ICO a fee: • Tier 1 – small and medium firms that don’t process large volumes of data (£40). • Tier 2 – small and medium firms that process large volumes of data (£60). • Tier 3 – large businesses (£2,900). If you have charitable status, you will always fall within tier 1 regardless of size. The arrangements are set out in the Data Protection (Charges and Information) Regulations 2018: SI 2018/480. Failure to pay the required fee will result in a fixed penalty.

✒ Useful resource The ICO has a gadget for calculating how much you need to pay www.ico.org.uk/for-organisations/how-much-will-i-need-to-pay/y.

✒ Useful resource A register of fee payers is available on the website www.ico.org.uk/aboutthe-ico/what-we-do/register-of-fee-payers. Each entry consists of: • • • • •

The name and address of the controller. The data protection registration number. The level of fee paid. The date the registration is due to expire. Any other trading names of the organisation.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 157

DATA PROTECTION

157

• The name and contact details for the DPO, if the ICO has been told one and if they have consented to this.

7.9

Rights of the data subject

The GDPR and DPA give certain rights to individuals. Individuals are allowed to find out what information is held about them on computer and in some paper records. This is known as the ‘right of access’. To assert this right, the individual will need to write to the data controller at the organisation which they believe holds the information. They should ask for a copy of all the information held about them to which the legislation applies (see Figure 7.14). If they are not sure who to write to within an organisation, it is best to address it to the Data Protection Officer, Company Secretary, or Chief Executive. Letter template [Your full address] [Phone number] [The date] [Name and address of the organisation] Dear Sir or Madam Subject access request [Your full name and address and any other details to help identify you and the data you want.] Please supply the data about me that I am entitled to under data protection law relating to: [give specific details of the data you want, for example: • • • • •

my personnel file emails between ‘person A’ and ‘person B’ (from 1 June 2017 to 1 Sept 2017) my medical records (between 2014 and 2017) held by ‘Dr C’ at ‘hospital D’ CCTV camera situated at (‘location E’) on 23 May 2017 between 11am and 5pm copies of statements (between 2013 and 2017) held in account number xxxxx.]

If you need any more data from me, or a fee, please let me know as soon as possible. It may be helpful for you to know that data protection law requires you to respond to a request for data within one calendar month. If you do not normally deal with these requests, please pass this letter to your Data Protection Officer, or relevant staff member. If you need advice on dealing with this request, the Information Commissioner’s Office can assist you. Its website is ico.org.uk or it can be contacted on 0303 123 1113. Yours faithfully, [Signature]

Figure 7.14 Sample letter requesting a copy of personal information held by a company Source: www.ico.org.uk/your-data-matters/your-right-of-access (reproduced under the Open Government Licence)

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 158

158

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

In many cases the data subject will be asked to provide further details in order to confirm their identity. It will obviously help if the data subject provides the data controller with these details as quickly as possible. In response, the data subject should receive a copy of the information held about them within one calendar month, although this period can be extended to three months taking into account the complexity and number of requests. It is best for data subjects to send their request by recorded delivery in the first instance. It is important for them to keep a copy of the letter and any further correspondence. A copy of your personal data should be provided free of charge. An organisation can only charge a fee if it thinks that the request is ‘manifestly unfounded or excessive’. Where that is the case, it can ask for a reasonable fee to cover the administrative costs associated with fulfilling the request. It is also possible to charge a fee if an individual requests further copies of their data following an initial request. Again, the fee must be based on the administrative costs of providing further copies. The rights of individuals are established throughout the whole of Chapter III of GDPR, where they are specified with stipulations regarding how and when organisations must honour those rights, and some limitations to those rights. It is important to bear in mind that the “rights” are not absolute rights.

1.

Right

DPA 2018

GDPR

Comments

The right of access

section 45

Article 15 A data subject is entitled to obtain from the data controller confirmation as to whether or not personal data concerning him or her is being processed, and where that is the case access to the personal data and information regarding the purposes of and legal basis for the processing; the categories of personal data concerned; the recipients or categories of recipients to whom the personal data has been disclosed; and the period for which it is envisaged that the personal data will be stored. The information must be provided for free although a ‘reasonable fee’ may be applied when a request is manifestly unfounded or excessive, particularly if it is repetitive. The time limit to respond is one month, or three months taking into account the complexity and number of requests.

Figure 7.15 The rights of the natural person

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 159

DATA PROTECTION

159

Right

DPA 2018

GDPR

2.

The right to rectification

section 46

Article 16 If requested by a data subject, a data controller must rectify without undue delay inaccurate personal data relating to the data subject.

3.

The right to section 47 erasure (also referred to as the right to be forgotten)

Article 17 Controllers can keep data if it is needed to fulfil legal obligations, but they must restrict the processing of it.

4.

The right to restrict processing

Article 18 Where a data subject contests the accuracy of personal data, but it is not possible to ascertain whether it is accurate or not, the controller must restrict its processing.

5.

Rights sections concerning 49–50 automated processing and profiling

Article 22 There is a right to object to the results of automated data processing or profiling. The individual has the right to request the intervention of a human in any decisionmaking process. It includes the right to be given an explanation as to how any automated decisions taken about you have been made.

6.

The right to data portability

Not mentioned in Chapter 3: rights of the data subject

Article 20 The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services where processing is based on consent or performance of a contract. It allows them to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability. The personal data must be provided free of charge and in a structured, commonly used and machine readable form.

7.

The right to object

section 99

Article 21 Individuals have an absolute right to stop their data being used for direct marketing. In other cases where the right to object applies it may be possible to continue processing where you can show that you have a compelling reason for doing so.

section 47

Figure 7.15 Continued

Comments

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 160

160

8.

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS Right

DPA 2018

GDPR

Comments

The right to be informed

section 93

Articles The data controller must give the data 13 and 14 subject the following information: (a) The identity and the contact details of the controller (b) The legal basis on which, and the purposes for which, the controller processes personal data (c) The categories of personal data relating to the data subject that are being processed (d) The recipients or the categories of recipients of the personal data (if applicable) (e) The right to lodge a complaint with the Commissioner and the contact details of the Commissioner (f) How to exercise rights under Chapter III of the DPA 2018 (g) Any other information needed to secure that the personal data is processed fairly and transparently.

Figure 7.15 Continued

7.9.1 Compensation If a data controller fails to meet its GDPR obligations it may have to pay compensation under Article 82 of the GDPR/DPA 2018 section 168. Data subjects are entitled to claim compensation for material or non-material damage through the courts if damage has been caused as a result of a data controller not meeting any requirements of the DPA, and in particular if they have broken any of the data protection principles. If damage is proved, the court may also order compensation for any associated distress.

7.9.2 Credit reference agencies Credit reference agencies hold information to enable credit grantors to exchange information with each other about their customers. Section 13 of the DPA 2018 concerns the obligations of credit reference agencies (confirmation of processing, access to data and safeguards for third country transfers). Section 13 concerns the treatment of right of access requests by data subjects under Article 15 of the GDPR when the data controller is a credit reference agency. The credit reference agencies have access to the electoral roll and publicly available financial information which will have a bearing on an individual’s credit-worthiness, including County Court judgments and Scottish decrees. If an individual wants to see the information that the credit reference agencies hold about their financial standing – their ‘credit file’ – the main credit reference agencies are:

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 161

DATA PROTECTION

161

• Equifax Ltd, Customer Service Centre, PO Box 10036, Leicester, LE3 4FS. • Experian Ltd, Customer Support Centre, PO Box 9000, Nottingham NG80 7WF. • TransUnion, Customer Services Team, PO Box 491, Leeds LS3 1WZ. Under the Data Protection Act 2018 you have the right to: • Request a copy of your credit report. • Dispute inaccurate information on your credit file. The data subject needs to provide the credit reference agency with their full name and address, including postcode, any other addresses they have lived at during the last six years, and details of any other names they have used/been known by in that time. The credit reference agency will only send a data subject information about their financial situation, unless they specifically request other information.

7.10

Data breaches

Article 33 of the GDPR/section 67 of the DPA 2018 sets a time limit of 72 hours after data controllers become aware of a data breach within which they are required to report the breach to the supervisory authority. This is only applicable if the data breach is likely to result in a risk to the rights and freedoms of natural persons. If the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms, data controllers must also inform those individuals without undue delay. If there is a delay in reporting a data breach which goes beyond the 72-hour limit, the data controller is required to explain why. Section 67(1) of the DPA 2018 says: If a controller becomes aware of a personal data breach in relation to personal data for which the controller is responsible, the controller must notify the breach to the Commissioner— • without undue delay, and • where feasible, not later than 72 hours after becoming aware of it. Section 67(4) of the DPA stipulates that the notification must include: • a description of the nature of the personal data breach including, where possible, the categories and approximate number of data subjects concerned and the categories and approximate number of personal data records concerned; • the name and contact details of the data protection officer or other

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 162

162

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

contact point from whom more information can be obtained; • a description of the likely consequences of the personal data breach; • a description of the measures taken or proposed to be taken by the controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects. You should ensure you have robust breach detection, investigation and internal reporting procedures in place. This will facilitate decision-making about whether or not you need to notify the relevant supervisory authority and the affected individuals. You must also keep a record of any personal data breaches, regardless of whether you are required to notify. Data breach examples involving libraries: • Students and former students at Trinity College Dublin were warned that some of their data may have been compromised after a breach at the college’s library. A file containing student and staff names, addresses, ID numbers and email addresses was inadvertently made accessible on the college network. It was there for over a year and a half before the error was discovered (Source: Data breach at Trinity College Dublin, thejournal.ie, 29 April 2011.) • In August 2009, data on 51,000 users of libraries participating in the Community Libraries in North Carolina Consortium (CCLINC) was accessed by a computer hacker. Some of the user records included social security numbers or drivers’ licence numbers. (Source: North Carolina community college library user’s data exposed, https://www.databreaches.net/hacker-hits-nc-community-college-system/ and S C Magazine, 2009.) To give an example of a failed attempt to access library user data, during 2015/2016 the British Library withstood a brute force attack on its systems over a four-day period, in which the attacker attempted to obtain customer data. The attack was unsuccessful and no data was lost (Source: British Library Annual Report 2015/2016, page 61). The British Library has a risk register (British Library Board (2016) Risk management, paper no: BLB 16/08, 9 February 2016, https://bl.uk/aboutus/foi/ pubsch/pubscheme4/BLB1608.pdf). It lists as one of its potential risks the possibility that the library suffers a cyberattack, systems failure or data loss. In order to minimise the risks, they have a number of risk controls in place. These include:

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 163

DATA PROTECTION

163

• A range of hardware and software defence, monitoring and alerting provisions. • Regular audits, security and penetration tests. • IT security function established with trained staff in place.

7.10.1 Causes of data breaches There are a number of potential causes of data breaches affecting the personal data of library users. These include: • • • •

Software upgrade glitch. Ransomware. Misconfigured database. Insider threat (this can manifest itself either in the form of intentional staff actions or in the form of human error or inadvertent staff actions). • Hacking attack. • Denial of service attacks. • Lost or stolen laptop.

7.11

Data protection impact assessments

Article 35 of the GDPR/DPA 2018 section 64 require data protection impact assessments (DPIA) to be undertaken where data controllers intend to process personal data in a way which could result in a high risk to the rights and freedoms of data subjects. The DPIA must be undertaken prior to the processing taking place. According to DPA 2018, section 64(3), data protection impact assessment must include the following: • • • •

A general description of the envisaged processing operations; An assessment of the risks to the rights and freedoms of data subjects; The measures envisaged to address those risks; Safeguards, security measures and mechanisms to ensure the protection of personal data and to demonstrate compliance with the legislation.

In deciding whether a type of processing is likely to result in a high risk to the rights and freedoms of individuals, the controller must take into account the nature, scope, context and purposes of the processing. Where libraries are about to introduce a completely new service or are planning to overhaul an existing service, they need to consider the possible data protection implications. Could the planned changes result in a high risk to the rights and freedoms of library users? Imagine, for example, a new library management system being installed within a library consortium or a single

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 164

164

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

library management system being installed across all public libraries within an entire country. This could potentially generate several risks to the rights and freedoms of library users if it doesn’t contain adequate protections such as: • Audit Trail functionality facilitating the generation of logs for all look ups and edits. • Individual unique log-on usernames and passwords assigned to every individual user rather than generic logins. • Functionality where staff are automatically prompted to change their passwords on a regular basis.

7.12

Fines and prosecutions

Failure to comply with an information notice, an assessment notice or an enforcement notice issued by the ICO would lead to a fine. The maximum penalty applicable for a business would be what is known in the legislation as the ‘higher maximum amount’. The highest possible penalty is 20 million euros or 4% of the undertaking’s total annual worldwide turnover in the preceding financial year, whichever is higher, or in any other case, 20 million euros. Penalty notices for failures to comply with the data protection legislation could result in a fine of either the ‘higher maximum amount’ or the ‘standard maximum amount’. The standard maximum amount is 10 million euros or 2% of the undertaking’s total annual worldwide turnover in the preceding financial year, whichever is higher or in any other case, 10 million euros. The distinction between when the maximum amount of the penalty is the ‘higher maximum amount’ and when it is the ‘standard maximum amount’ is set out in Article 83 of the GDPR/section 157 of the DPA 2018. The Act also gives the Secretary of State regulation-making powers, whereby they could pass subsidiary legislation in the form of statutory instruments, which would specify additional failures that incur a financial penalty.

7.12.1 Prosecution Proceedings for an offence under the DPA 2018 can only be instituted by the Information Commissioner or by or with the consent of the Director of Public Prosecutions (DPA section 197). There is a time limit of 3 years for such proceedings to be brought, beginning with the day on which the offence was committed. Directors can be held liable for data protection offences, where the director, manager, secretary, officer or person as well as the body corporate is guilty of the offence (see section 198 of the DPA 2018).

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 165

DATA PROTECTION

7.13

165

Data protection issues for libraries

Library and information services are likely to process personal data as part of their day-to-day operations. Examples might include: • • • • • •

User registration records containing user names and addresses. Circulation records. Reservation requests. Browsing histories, caches and cookies (on library computers). Staff records, including payroll and pension records. Management statistics on usage of the information service.

CILIP’s Ethical Framework (2018) states that as an ethical information professional ‘I make a commitment to uphold, promote and defend the confidentiality of information provided by clients or users and the right of all individuals to privacy’. Librarians recognise the importance of protecting the personal data of their users, which is both a legal and ethical obligation. In a survey about data protection in libraries (Bailey, 2018), participants were asked whether they felt data protection management was an important element of library and information services. The survey was based on 162 responses. The data showed that only 2% disagreed that data protection was an important element of library and information services, whilst an overall majority of 85% agreed or strongly agreed. In 2005, CILIP obtained legal advice on rights of access to confidential information on library users following a number of instances where police had sought information from CILIP members on library users’ activities. The advice, which was provided by public law and human rights specialist James Eadie of Blackstone Chambers, on instructions from Bates Wells Solicitors, confirmed that: • All library sectors can be investigated. • Police and security services investigating serious crime or terrorism in England and Wales have the right to seek information on books borrowed or internet sites accessed by certain library users. • Police and security services can also mount surveillance operations in libraries if they believe that national security is at risk, to prevent or detect crime, or in the interests of public safety. According to the legal advice obtained by CILIP, the police could apply for an order authorising access to library records under the Police and Criminal Evidence Act 1984 (as amended), where an indictable offence has been committed, or under the Terrorism Act 2000, where they believed that the material was likely to be of substantial value to a terrorist investigation. Surveillance operations in libraries are also possible under the Regulation of Investigatory Powers Act 2000 (as amended). This could include monitoring a person’s activities or communications, recording anything monitored with a surveillance device and engaging in covert surveillance to obtain private information about a person. Finally, under the Intelligence Services Act 1994 (as amended), the Secretary of State can issue a warrant authorising the security services to take action to protect national security against threats such as terrorism or to support the police.

Figure 7.16 Police and security services powers to scrutinise library records

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 166

166

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

There are a number of codes of practice relating to covert surveillance and covert human intelligence sources: https://www.gov.uk/government/publications/ covert-surveillance-and-covert-human-intelligence-sources-codes-of-practice.

✒ Useful resource In 2009, CILIP issued a set of guidelines entitled User Privacy in Libraries – guidelines for the reflective practitioner (https://archive.cilip.org.uk/sites/default/files/documents/Privacy_June_AW.pdf), which were produced in order to help CILIP members adhere to the Ethical Principles and Code of Professional Practice with regard to user privacy. A new CILIP Ethical Framework was issued in 2018.

7.13.1 E-books – privacy concerns In 2010, the Electronic Frontier Foundation put together an E-Book Buyer’s Guide to E-Book Privacy. It is a helpful side-by-side comparison of the privacy policies of e-book device manufacturers and distributors. It covers policies regarding searches, purchases, tracking of what you’ve read and annotated, and sharing of information externally. It looks at the following aspects of a user’s privacy with regard to each of the e-book providers: • • • • • •

Can they monitor what you’re reading? Can they keep track of book searches? Can they keep track of book purchases? With whom can they share the information collected? Do customers have any control over the information? Can customers access, correct, or delete the information?

Neil Richards (2015, 123) speaks of the ‘e-reader privacy paradox’. He cites the example of Fifty Shades of Grey, where print editions were hard to find in Britain and the United States, but the book sold millions of copies as an e-book. The author’s agent noted that ‘in the 21st century, women have the ability to read this kind of material without anybody knowing what they’re reading, because they can read them on their ipads and kindle’ (Bosman, 2012). E-readers create the illusion of intellectual privacy in the physical world, while threatening intellectual privacy in the digital one (Richards, 2015, 124). People may choose to read a book like Fifty Shades of Grey on public transport using an e-reader device in preference to using the printed book format because it affords them a level of privacy where people sitting near to them have no idea what they are reading. But the truth is that this is something of an illusion – or what

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 167

DATA PROTECTION

167

Richards refers to as the e-privacy paradox – because if, for example, they are using a Kindle, Amazon knows exactly what they are reading and how quickly they are getting through the text.

✒ Useful resource Ozer, N. (2010) Digital books: a new chapter for reader privacy, ACLU of Northern California.

7.13.2 Electoral roll information in libraries In R. v. City of Wakefield Metropolitan Council & another ex parte Robertson (16 November 2001), an elector brought a case to court against his local electoral registration officer (ERO) in Wakefield. Mr Robertson was concerned that if he registered to vote he would have no right to object to the sale of his details for marketing purposes. In finding in Mr Robertson’s favour, the court ruled that the use of the electoral register for commercial purposes without an individual right of objection was in breach of the DPA. The Robertson case led to the creation of two different versions of the electoral register. The Representation of the People Act 2000, along with The Representation of the People (England and Wales) (Amendment) Regulations 2002: SI 2002/1871, established the framework for the two versions. The full register contains everyone’s details. It is available only for electoral and a limited range of other purposes. The open/edited register does not include the details of those who have chosen to ‘opt out’. It is the open/edited version of the register which is available for sale for any purpose. In 2014, individual electoral registration was introduced in England, Scotland and Wales. It replaced the previous electoral arrangements whereby one person in each household registered everyone to vote with a requirement for people to register individually. People are now responsible for their own registration, including the choice as to whether or not they wish to be included on the ‘open’ (edited) register. Libraries and archive units can request copies of the full electoral register. Following the Robertson case, public librarians wanted clarification about how this would affect the making available of the registers in public libraries for inspection and consultation. The judge did say that EROs must consider and anticipate the purposes for which personal data are intended to be processed. The current version of the full electoral register held in a library can be inspected by anyone under supervision but cannot be searched electronically and only handwritten notes can be taken.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 168

168

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

The full editions of all the electoral registers since they were first produced under the Representation of the People Act 1832 and registers from that time through to the present day are available in the British Library in paper and digital form. The supply of a free copy of the full register to the British Library and restrictions on its use are covered in SI 2006/752 and SI 2006/834; while the supply of a free copy of the full register to the National Library of Scotland and restrictions on its use are covered in SI 2006/834: • The Representation of the People (England and Wales) (Amendment) Regulations 2006: SI 2006/752 • The Representation of the People (Scotland) (Amendment) Regulations 2006: SI 2006/834

7.13.3 Radio Frequency Identification Radio Frequency Identification (RFID) refers to tiny devices that can be fitted to any goods. They comprise a microchip and an antenna, which are capable of transmitting messages to ‘readers’. The readers use the message in accordance with their programmers’ instructions. Libraries use RFID for a number of reasons: • • • • • • •

Annual stocktaking. Rapid checking that books are shelved in the correct area. Searching for specific items using a scanner. Self check-out of items. Self-return of items. Security. Library membership cards.

RFID can be employed as an electronic article surveillance system. A tag is applied to the items that are being monitored and a detection corridor is set up at the exit to the library. If someone attempts to remove an item from the library illicitly, an alarm is triggered and a member of the library staff can check out why the alarm went off. With RFID technology in place, it is also possible to undertake a stock check extremely quickly. In order to read UK tags (VHF), the reader needs to be in very close proximity to the item. However, the use of RFID tags in libraries and elsewhere has raised fears over civil liberties. Privacy campaigners are concerned that tags could be used for more sinister purposes, such as monitoring the whereabouts of customers and building profiles of customers’ shopping preferences (or indeed their reading tastes) without their knowledge.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 169

DATA PROTECTION

169

There is an identified risk to privacy through the unauthorised reading of RFID tags. This could lead to: • Obtaining information about your tastes, interests, sexual orientation, political opinions. • Using an RFID tag on a library book to track your movements. The EU Mandate M/436 identifies the risks to privacy from RFID. It requires libraries to: • • • • •

Undertake frequent Privacy Impact Assessments (PIAs). Warn users about RFID and risks to their privacy. Display signage with warning logo. Develop a Privacy Policy to explain what the library is doing to protect privacy. Mitigate the risks by developing improved technology, e.g. new RFID tags, encryption.

The organisation Book Industry Communication Ltd (BIC) (www.bic.org.uk) has looked closely at the implications of using RFID technology in libraries. They have produced a toolkit consisting of: • • • •

Privacy policy. Logo. Poster. Sample text for websites, emails and RFID kiosk printed receipts.

BIC have also produced an 11-step checklist to ensure RFID privacy: 1 2 3 4 5 6 7 8 9 10 11

No personal data is stored on the RFID tags. Inform library users. Label all RFID hardware. Put up notices and signage. Develop an RFID Privacy Policy. Inform all new and renewing members. Include a link to the Policy web pages and appropriate emails. Discuss with RFID vendors. Monitor these measures for effectiveness. Create a designated role of ‘privacy officer’. Sign the (BIC) Code of Practice.

The use of RFID in libraries is identified as being high risk in the context of the EU’s Mandate M/436. This is because unlike retail RFID tags, which are

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 170

170

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

switched off during purchase, the RFID tags on library books are always switched on so that once the tagged items return to the library, they can be read as part of the self-return process. Adequate and proper security measures should be in place in order to avoid the information on RFID tags being read by an unauthorised third party. It is essential to ensure compliance both with data protection law as well as industry best practice. The Article 29 Working Party (which was replaced by the European Data Protection Board) has warned that RFID tags could ‘violate human dignity’. The committee said that RFID systems are ‘very susceptible to attacks’, and that it would be possible for people owning a radar to detect passports, banknotes, books, medicines or personal belongings of people in a crowd should those objects have microchips. Under most scenarios, the committee says that consent from individuals will be the only legal ground available to data controllers justifying the use of RFID technology (EC, 2011).

Further information on RFID BIC (2017) BIC RFID privacy in libraries: privacy policy. BIC (2017) BIC RFID privacy in libraries: code of practice. BIC (2017) BIC RFID privacy poster for libraries. Fortune, M. (2015) Exploring the Potential of RFID and Mobile Technology in your Library, Facet Publishing. European Commission (2011) Privacy and Data Protection Impact Assessment Framework for RFID Applications, https://ec.europa.eu/digital-single-market/en/news/privacy-and-dataprotection-impact-assessment-framework-rfid-applications.

7.13.4 Outsourcing A number of library services have been outsourced and this has implications for protecting the personal data of library users. Some people argue that outsourcing increases the risk to the security of confidential information, whereas others argue that outsourcing a library service reduces the risks involved. Brown (2014) undertook a survey of six law firms that had outsourced their libraries and said that ‘none of the law firms considered that outsourcing posed a greater risk to the security of confidential information. On the contrary, all six law firms believed that the outsourced service model strengthened the security of information because outsourced service providers had introduced security procedures for the first time in place of the system of trust that had been relied upon to protect information within law firms previously’. A data controller may choose to use another organisation to process personal data on its behalf. In such circumstances, the data controller remains responsible

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 171

DATA PROTECTION

171

for ensuring its processing complies with the DPA, whether it processes the data in-house or engages a data processor. In order to safeguard the data subjects’ rights and the data protection principles, particularly the sixth data protection principle on keeping the data secure, the GDPR specifies that a processor must be governed by a contract or other legal act under EU or Member State Law (Article 28). The contract will determine how the controller directs the processor to process the data. It is binding and must include details of: • • • • •

The subject matter of the processing, its nature and duration. The purpose of processing. The type of personal data and categories of data. The obligations and rights of the controller. Technical and organisational measures that ensure data is processed in line with individuals’ rights. • The data security measures required. There are circumstances in which a data controller employs a data processor, but the data processor in turn sub-contracts some of the work to another processor. Where this happens, the same data protection obligations that are set out in the contract between the controller and the processor are imposed on the other data processor (the sub-contractor). If the sub-contractor fails to fulfil its data protection obligations, the initial processor remains fully liable to the data controller for the performance of the other processor’s obligations.

7.14

Data protection standards

BS 10012: 2017: specification for a personal information management system This British Standard enables organisations from both the public and private sectors in the UK, to put in place an infrastructure for maintaining and improving compliance with the General Data Protection Regulation (GDPR). It is not a prescriptive Standard but rather it adopts a ‘framework’ approach within which organisations can more effectively manage personal information. Organisations can create bespoke management systems, which include processes to address risk assessment, training and awareness as well as key data protection issues such as the sharing, retention, disposal and disclosure of information. Organisations are encouraged to ensure sufficient guidance and resources are allocated to data protection and that a positive culture exists in which data protection can occur. The Standard follows the classic ‘Plan-Do-Check-Act’ model of continuous improvement as utilised by standards such as ISO/IEC 27001. ISO/IEC 27001: 2013 Information technology – security techniques – information security management systems – requirements

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 172

172

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

Specifies the requirements for organisations to establish, implement, maintain and continually improve security management systems. ISO/IEC 27002: 2013 Information technology – security techniques – code of practice for information security controls Gives guidelines for organisational information security standards and information security management practices. ISO/IEC 27018: 2014 Information technology – security techniques – code of practice of personally identifiable information in public clouds acting as PII processors The standard augments ISO/IEC 27002 controls with specific items for cloud privacy and it also provides security controls for personal data. ISO 22301 specifies the requirements for a management system to protect against, reduce the likelihood of and ensure your business recovers from disruptive incidents.

7.15

How to protect your information

Personal information is a valuable commodity. Think before supplying anyone with your personal data and always ask yourself why an organisation is asking for information about you. Do they need all the information that they have asked for or are they asking for more information than is necessary? You may not have to provide it. They may, for example, be asking about your income, hobbies, interests or family life for possible future marketing campaigns. If someone wants to use your information for a purpose other than the reason for which the data is being collected, you should be told about it and given a choice. Figure 7.17 outlines the steps you should take to protect your privacy online. There are a number of ‘preference services’ which are available if you want to stop unwanted marketing material being sent to you, or if you want to stop receiving uninvited telesales calls (see Figure 7.18). 1. 2. 3. 4.

Limit the disclosure of your personal information. Set up a separate e-mail account for e-commerce activities. Reject cookies planted in your computer by intrusive businesses. Use tools to protect privacy and enable you to surf anonymously (see http://epic.org/privacy/tools.html). 5. Learn about your legal rights and be prepared to use them.

Figure 7.17 Five steps to protecting your privacy online. Source: Privacy@net, Consumers International, 2001 Mailing Preference Service (MPS): DMA House, 70 Margaret Street, London W1W 8SS; 020 77291 3310; www.mpsonline.org.uk Telephone Preference Service: 0345 070 0707; www.tpsonline.org.uk; [email protected]

Figure 7.18 Preference services

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 173

DATA PROTECTION

7.16

173

Identity theft

Identity theft takes place when an individual’s personal information is used fraudulently, without their knowledge or permission, by someone else. It might then be used in order to open a bank account or set up credit cards in the name of the victim. If you become a victim of identity theft, you could find yourself being refused a credit card, a mortgage, or being prevented from setting up a bank account. Indeed, it may only be when you apply for a credit card, bank account or mortgage that you realise that someone has stolen your identity. Victims of identity theft have to spend a considerable amount of time contacting each of the separate companies against which there are bad debts. It is not simply a case of calling up a credit reference agency and asking for the bad debts to be removed from your credit record on the grounds that they were undertaken without your knowledge. If you are a victim of identity theft, report it to Action Fraud (www.actionfraud. police.uk), which is the UK’s national fraud and cybercrime reporting centre. It provides a central point of contact for information about fraud and cybercrime. In order to avoid becoming a victim of identity theft, the best advice would be to look after your personal information very carefully. Be extremely cautious about giving out information such as your mother’s maiden name or your date of birth. If you undertake electronic commerce transactions – such as buying books, music or films online; booking rail tickets, a flight or a holiday on the web – the companies may ask you first to register your details. If the registration process requires you to divulge your mother’s maiden name or your date of birth, think very carefully before giving out the correct information. Are you confident that the information will be held securely? One of the most effective ways of looking after your personal information is to ensure that you have internet security software on your PC and that you update it on a regular basis. This can help protect you against viruses, malware and phishing attempts, and can also block undesirable websites. Another way of safeguarding your personal information is to invest in a shredder. Thieves often steal household waste with the aim of gathering useful snippets of information which can then be used to steal a person’s identity. To minimise the risk, it is advisable to shred documents such as bank statements or council tax bills, as well as marketing literature from financial institutions trying to sell you a particular product in which they have very usefully printed your personal details on the application form. TIP: If anyone becomes a victim of identity theft and is having difficulty resolving matters, it is worth investigating membership of the CIFAS protective registration service (www.cifas.org.uk). This enables a person who is at greater risk of being (or already is) a victim of identity theft to

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 174

174

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

place a protective warning on their credit file. It introduces added precautions for ensuring that any use of a person’s details is genuine. • Think before giving out key information such as your mother’s maiden name or your date of birth. • Password-protect your computer. • Use passwords to protect documents. • Use a VPN in order to ensure that you have a secure internet connection. • Invest in a shredder. • Check your credit record on a regular basis – if your identity has been stolen, the record may show details of bad debts you may otherwise have no knowledge of. • Don’t put anything in your household waste that could be of use to identity thieves. • Set up your computer to lock itself after a period of inactivity. • Encrypt sensitive data. • Keep your computer’s anti-virus/internet security software up to date.

Figure 7.19 Tips for avoiding becoming a victim of identity theft

✒ Useful resources The Community Managed Libraries Peer Network guide on what you need to know about GDPR and how to stay compliant: https://communitylibrariesnetwork.files.wordpress.com/2018/03/what-youneed-to-know-about-gdpr-how-to-stay-compliant.pdf The Fundraising Regulator and the Institute of Fundraising six short guides on GDPR: https://www.institute-of-fundraising.org.uk/guidance/ key-iof-guidance/understanding-gdpr/ IFLA (https://www.ifla.org/publications/node/11549) have produced a briefing on Data Protection in the EU: What Does it Mean for Libraries?: https://www.ifla.org/files/assets/clm/publications/briefing_general_data_ protection_regulation_2018.pdf. For an example of a data protection and sharing arrangement with a community managed library see schedule 5 in Dorset County Council’s agreement with community organisations: https://www.gov.uk/government/uploads/system/uploads/attachment_ data/file/698166/Sample_agreement_between_Dorset_County_Council_ and_community_organisations.pdf.

7.17

Further information

British Standards Institution 389 Chiswick High Road, London W4 4AL Tel: 0345 086 9001

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 175

DATA PROTECTION

175

Website: www.bsigroup.com Department for Digital, Culture, Media & Sport 100 Parliament Street, Westminster, London SW1A 2BQ Tel: 020 7211 6000 Website: www.gov.uk/government/organisations/department-for-digitalculture-media-sport Europa – Justice and Home Affairs – Data Protection Website: http://ec.europa.eu/justice/policies/privacy/index_en.htm_. Information Commissioner’s Office Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF Tel: 0303 123 1113 Fax: 01625 524 510 Website: www.ico.org.uk Ferguson, S. et al. (2015) How Do Libraries Manage the Ethical and Privacy Issues of RFID Implementation? A Qualitative Investigation into the Decision-Making Processes of Ten Libraries, Journal of Librarianship and Information Science, 47 (2), 117–130. IFLA (2017) Briefing: Impact of the General Data Protection Regulation 2018. Korn, N. and Tullo, C. (2018) A Practical Guide to Data Protection for Information Professionals, CILIP. Randall, D. P. and Newell, B. C. (2014) The Panoptic Librarian: the role of video surveillance in the modern library, iConference 2014 Proceedings, https://www.ideals.illinois.edu/handle/2142/47307.

References Bailey, J. (2018) Data Protection Management in Library and Information Services, iConference 2018 Proceedings. Bosman, J. (2012) Discreetly Digital, Erotic Novel Sets American Women Abuzz, New York Times, 9 March. Brown, F. (2014) Outsourcing Law Firm Libraries to Commercial Law Library and Legal Research Services. The UK Experience, Australian Academic & Research Libraries, 45 (3), 176–192, http://dx.doi.org/10.1080/00048623.2014.920130. CILIP (2009) Ethical Principles and Code of Professional Practice for Library and Information Professionals. CILIP (2018) Ethical Framework, https://cdn.ymaws.com/www.cilip.org.uk/ resource/resmgr/cilip/policy/new_ethical_framework/cilip_s_ethical_ framework.pdf.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 176

176

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

CILIP (2018) Ethical Framework: clarifying notes, https://cdn.ymaws.com/www.cilip.org.uk/resource/resmgr/cilip/policy/ new_ethical_framework/ethical_framework_clarifying.pdf. Consumers International (2001) Privacy@net: international comparative study of consumer privacy on the internet. IFLA (last update 2016) Code of Ethics for Librarians and Other Information Workers. Richards, N. (2015) Intellectual Privacy: rethinking civil liberties in the digital age, Oxford University Press.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 177

CHAPTER 8

Privacy

Contents 8.1 General principles 8.2 Obligation of confidence versus breach of privacy 8.3 Codes of practice 8.4 Injunctions 8.5 Privacy and libraries 8.6 Case law Further information References

8.1

General principles

There has never been an absolute ‘right to privacy’ in English law (Wainwright v. Home Office [2003] UKHL 53). The coming into force of the Human Rights Act in October 2000 marked the implementation of the European Convention on Human Rights in the UK. The ECHR states that ‘everyone has the right to respect for his private and family life, his home and his correspondence’. But this is a qualified right, not an absolute right. A number of the rights enshrined in the ECHR conflict with one another and there will always be a tension between them. In particular, the right to privacy (Article 8) and the right to freedom of expression (Article 10) often conflict (see Figure 8.1 on the next page). In every situation, a balance needs to be struck between those two rights and courts need to consider the issues on a case-bycase basis. Since the HRA came into force, the courts have had to interpret existing law in ways that secure these rights. The existing law, however, remains piecemeal, and privacy complaints can be found in actions for breach of confidence, harassment, trespass, malicious falsehood and data protection legislation or pursued under regulatory codes of practice (see Section 8.3). Privacy is a substantive right, whereas data protection is the procedural right through which privacy is achieved. • Data protection and privacy differ both formally and substantially, although there are overlaps.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 178

178

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

Article 8 – Right to respect for private and family life 1. Everyone has the right to respect for his private and family life, his home and his correspondence. 2. There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others. Article 10 – Freedom of expression 1. Everyone has the right to freedom of expression. This right shall include freedom to hold opinions and to receive and impart information and ideas without interference by public authority and regardless of frontiers. This article shall not prevent States from requiring the licensing of broadcasting, television or cinema enterprises. 2. The exercise of these freedoms, since it carries with it duties and responsibilities, may be subject to such formalities, conditions, restrictions or penalties as are prescribed by law and are necessary in a democratic society, in the interests of national security, territorial integrity or public safety, for the prevention of disorder or crime, for the protection of health or morals, for the protection of the reputation or rights of others, for preventing the disclosure of information received in confidence, or for maintaining the authority and impartiality of the judiciary.

Figure 8.1 Articles 8 and 10 of the European Convention on Human Rights • In Europe, data protection gets more attention from policy-makers than other types of privacy. • Data protection applies to the processing of personal data even where privacy is not infringed. • Privacy applies both to the processing of personal and non-personal data, although data protection does not address the latter. • Data protection is broader because it applies automatically each time personal data are processed, whereas privacy is only triggered if there has been an interference with one’s right to privacy. • The proportionality tests for the right to privacy and the right to the protection of personal data may well diverge. Data protection concentrates on informational privacy, whereas there are several types of privacy that are worthy of protection. Koops et al. (2017) identify eight privacy types: 1 2 3 4 5

Bodily privacy. Spatial privacy. Communicational privacy. Proprietary privacy. Intellectual privacy.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 179

PRIVACY

179

6 Decisional privacy. 7 Associational privacy. 8 Behavioural privacy. Koops et al. (2017) treat informational privacy not as a privacy type, but rather as an overlay which runs across each of the eight privacy types that they identified. In other words, each privacy scenario will involve one or more of the eight privacy types listed above and in addition there will always be an informational component.

8.2

Obligation of confidence versus breach of privacy

An obligation of confidence, by definition, arises firstly from the circumstances in which the information is given. By contrast, a right of privacy in respect of information would arise from the nature of the information itself; it would be based on the principle that certain kinds of information are categorised as private and for that reason alone ought not to be disclosed. In many cases where privacy is infringed, this is not the result of a breach of confidence. In the late 1980s, the UK government used the law of confidence to try to silence former members of the security services (in particular Peter Wright, author of Spycatcher) and journalists trying to report their disclosures. It has been established that the public have a legitimate interest to be weighed against other interests in knowing how they have been governed. Until quite recently it had always been accepted that Cabinet deliberations were confidential. Then, in October 2010, the government complied with a ruling by the First-Tier Tribunal (Information Rights) and disclosed the minutes of the 1986 Cabinet meeting where Michael Heseltine resigned over the Westland affair. The minutes had been requested by Martin Rosenbaum of the British Broadcasting Corporation (BBC) in February 2005. It was the first time that Cabinet minutes were disclosed under the FOIA. The previous government vetoed the release of Cabinet minutes on the Iraq war and Cabinet subcommittee minutes on devolution from 1997. The government had fought disclosure of the material on the basis that revealing Cabinet minutes and internal disagreements would damage the convention of collective Cabinet responsibility. But in December 2009, the Information Commissioner ruled in the case of the Cabinet minutes relating to the Westland affair that the balance of the public interest lies in favour of disclosure of some of the information (ICO, 2009). In Attorney General v. Jonathan Cape Ltd [1976] QB 752, which dealt with the publication of Richard Crossman’s diaries, a case was taken by the Attorney General against the publisher for breach of confidence. It was held that the public interest in disclosure outweighed the protection of information given in

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 180

180

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

confidence once the material was sufficiently old. In this particular case, that period was taken to be ten years.

8.3

Codes of practice

There are a number of codes of practice governing the media. In any cases relating to privacy or breach of confidence, the courts have regard to any relevant privacy code. These codes include: • The Editors’ Code of Practice (2018) for newspaper and magazine publishing in the UK: www.ipso.co.uk/editors-code-of-practice • BBC editorial guidelines (2010): www.bbc.co.uk/editorialguidelines • The Ofcom Broadcasting Code (2017): http://ofcom.org.uk/tv-radio-and-ondemand/broadcast-codes/broadcast-code. Ofcom has a duty to apply adequate protection for audiences against unfairness or the infringement of privacy. The Broadcasting Code covers matters relating to taste, decency, fairness and privacy. In considering whether to grant an injunction (interdict in Scotland), courts would have regard to the standards the press has itself set in voluntary codes of practice. Under The Editors Code of Practice (as above) a publication would be expected to justify intrusions into any individual’s private life, which had been made without consent. In September 2010, the 12th edition of The UK Code of Non-Broadcast Advertising and Direct & Promotional Marketing (the Committee of Advertising Practice or ‘CAP Code’) was published. The Code applies to non-broadcast marketing communications in the UK and is endorsed and administered independently by the Advertising Standards Authority (ASA). Under the CAP Code, marketers and third parties must take account of the UK’s Consumer Contracts (Information, Cancellation, and Additional Charges) Regulations 2013: SI 2013/3134, the Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011. As far as the obligation of confidence is concerned, the Code states that ‘the ASA and CAP will on request treat in confidence any genuinely private or secret material supplied unless the courts or officials acting within their statutory powers compel its disclosure’. In September 2010, the first edition of The UK Code of Broadcast Advertising (the ‘BCAP Code’) was launched. It applies to all advertisements (including teleshopping, content on self-promotional television channels, television text and interactive television advertisements) and programme sponsorship credits on radio and television services licensed by Ofcom.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 181

PRIVACY

8.4

181

Injunctions

When an individual seeks to prevent publication of material about themselves, they sometimes go to court to seek an injunction to prevent the information being published. An injunction is a court order requiring a party to do or to refrain from doing certain acts. However, the use of an injunction to prevent publication is a legal remedy which only works if the individual about whom the problematic information relates is aware in advance that someone is intending to publish that information so that they have adequate time to seek a court order to prevent publication from going ahead. There are three main types of injunction: • Traditional injunctions which name the parties involved but prevent publication of the underlying facts. • Anonymised injunctions which permit publication of the existence of the injunction, but not the names of the parties involved or the underlying facts. • Super-injunctions which prevent publication of the names of the parties involved, the facts of the case, and even the very existence of legal proceedings. Concerns were raised over the threat to freedom of expression posed by the use of super-injunctions. Following the publication in 2011 of a report by the Committee on Super-Injunctions, judges became much more cautious about granting super-injunctions and they are therefore increasingly rare. The Report’s findings (Master of the Rolls, 2011) provide guidance to lawyers and journalists on the steps to be followed before a super-injunction or an anonymised injunction is applied for. The report says that judges who are asked to grant injunctions should make sure that the media know about the application in advance and as a result give the media a greater opportunity to contest orders before they happen. Max Mosley took a case to the European Court of Human Rights (Mosley v. United Kingdom 48009/09 [2011] ECHR 774) in which he argued that the privacy of individuals cannot be fully assured without the introduction of a new law on prior notification in which newspapers would be required to notify subjects before publishing details about their private lives. Whilst the judges at the European Court of Human Rights ruled that the publication of the story about Mr Mosley by the News of the World did result in a flagrant and unjustified invasion of his private life, they also ruled that the media were not required to give prior notice of publication.

8.5

Privacy and libraries

Library privacy issues need to be defined more broadly than data privacy.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 182

182

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

Questions of privacy in a library setting also include the physical space, building design and how a building is used because privacy concerns can arise as a result of things such as overheard private conversations in public places, or written documents with sensitive information being left behind in public rooms. Louise Cooke (2018) describes privacy as ‘one of the key ethical and legal concerns of our time’. Michael Gorman (2000) lists privacy as one of eight enduring values of librarians, and he breaks this down into two aspects: • Ensuring the confidentiality of records of library use. • Overcoming technological invasions of library use. Affonso and Sant’Ana (2018) say that ‘privacy issues can be influenced by low user awareness of them, how and where data collection takes place, and the availability of privacy policies becomes essential in digital libraries to raise awareness about this process’: In libraries, privacy is essential as it allows the user to choose and access information without fears, judgments, or punishments. The right to read can be compromised if the individual’s privacy is threatened, and true freedom of choice in libraries requires both a variety of materials and the assurance that interaction and choices are not being monitored. Affonso and Sant’Ana (2018, 171, quoting American Library Association, Privacy, 2017 http://www.ala.org/advocacy/privacy) The professions are subject to obligations of confidentiality. The CILIP Ethical Framework (2018, see Appendix 2) addresses the question of confidentiality saying that as an ethical information professional ‘I make a commitment to uphold, promote and defend: the confidentiality of information provided by clients or users and the right of all individuals to privacy’. Section A.3 of the EIRENE Code of Practice for Information Brokers (1993) says that a broker shall: • Hold the affairs of the client in the strictest confidence, except where the law requires disclosure. • Declare any conflicts of interest if they are likely to undermine confidentiality. • Undertake not to reuse or misuse information gained as part of the client contract for personal or professional gain. CILIP’s User Privacy in Libraries guidelines (2011) include a useful set of web links

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 183

PRIVACY

183

to relevant legislation, guidance and good practice covering topics such as data sharing, personal data security, children and privacy, closed-circuit television (CCTV) in libraries, use of the internet, photography and filming in libraries, and how to handle requests for data. There is also a section on the use of the internet in prison libraries, and the paramount importance of prison security. Privacy type

Meaning of that privacy type Library example

Bodily privacy

Privacy of the person – the physical body and its physical privacy.

Spatial privacy

Privacy expectations around Public access computers housed one’s home (there can in an open plan area without any sometimes be a broad underprivacy screens. standing of home, where it could include business premises).

Communicational privacy

Restricting access to communications such as emails, texts.

A library computer user who has been accessing their email account forgets to log out at the end of a session.

Proprietary privacy

Expectations of reputational privacy.

‘Refgrunt’: librarians venting publicly on blogs, social media, or books about their interactions with library users.

Intellectual privacy

Privacy of thought and mind and A teenager is afraid to check out the development of opinions a book on family breakdowns and beliefs. because of the potential consequences if this were to become known to their parents.

Decisional privacy

Intimate decisions which are primarily of a sexual or procreative nature.

Use of thumbprints as a means of authentication in a school library.

A father requests the library records of his daughter to find out whether she has been reading books about pregnancy.

Associational privacy Freedom to choose who one wishes to interact with – one’s friends, associations, groups and communities.

Someone takes photographs in the library of a well known personality without permission, and it shows who they were with.

Behavioural privacy

The library uses CCTV cameras thereby capturing examples of user behaviour and keeps the recordings for a surprisingly long period of time.

A person’s privacy interests whilst they are conducting visible activities.

Figure 8.2 Library examples using the eight privacy types identified by Koops et al. (2017)

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 184

184

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

TIP: Use clear signposting to direct readers to books on difficult or controversial topics in order to help the user avoid feeling too embarrassed to ask a member of staff. For example, teenage library users may be curious about issues such as: • Alcohol • Depression • LGBTQ • Pregnancy • Relationships. They may feel too embarrassed to ask a member of library staff where to find books on those topics. As a way of enabling access to resources on those topics, whilst at the same time being mindful of the need to uphold privacy and confidentiality, it would be helpful to have a sign or a poster which is prominently displayed listing difficult or controversial subjects alongside their classmark. That way, a teenager would be able to find books on the topic they were looking for without needing to ask a member of staff. They could then use the self-checkout facility if they wanted to borrow any of the items without involving a member of library staff.

8.6

Case law

Tattered Cover v. City of Thornton, 44 P.3d 1044 (Colo. 2002) In this American case, the court ruled that the federal and state constitutions prevent law enforcement from finding out what books an individual has purchased, unless law enforcement is able to show that the information is critical to a prosecution. The court made clear that the right of individuals to purchase and read anonymously whatever books they wish, without the threat of governmental intrusion, lies at the very foundation of our democracy. Justice Michael Bender’s opinion reaffirms the vital role that libraries and bookshops play in promoting the free exchange of ideas, whether or not they are controversial.

United States of America v. Kevin Eric Curtin 489 F.3d 935 (9th Cir. 2007) The majority opinion in United States v. Curtin held that simply possessing reading material can be used as evidence of a defendant’s criminal intent, even without proof that the accused ever read the materials.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 185

PRIVACY

185

Benvenue, Anna L. (2008) Possession of Reading Material and Intent to Commit a Crime in United States v. Curtin, Golden Gate University Law Review, 38 (3), http://digitalcommons.law.ggu.edu/ggulrev/vol38/iss3/7/

John Doe v. Gonzales 546 U.S. 1301 (2005) (the case of the ‘Connecticut Four’) The applicants – a member of the American Library Association (referred to here as ‘John Doe’), the American Civil Liberties Union, and the American Civil Liberties Union Foundation – brought a lawsuit in the district court, alleging that the nondisclosure provision set forth in 18 U. S. C. §2709(c) violates their First Amendment right to freedom of speech. This section, which was amended by the PATRIOT Act 2001, authorises the Federal Bureau of Investigation (FBI) to ‘request the name, address, length of service, and local and long distance toll billing records of a person or entity’ if the FBI asserts in writing that the information sought is ‘relevant to an authorized investigation to protect against international terrorism or clandestine intelligence activities . . . .’ The Library Connection – a consortium of libraries whose executive director was George Christian – had been asked to identify library patrons who had used library computers online at a specific time some months previously. The request was made in the form of a National Security Letter and it included a nondisclosure requirement preventing the recipient from being able to disclose that the FBI had requested the information. In 2006, the United States Second Circuit Court of Appeals in Manhattan dismissed the government’s appeal (to maintain the gagging order) and allowed a lower court judge’s revocation of the nondisclosure order to stand.

Quad/Graphics Inc. v. Southern Adirondack Library System, 664 N.Y.S.2d 225 (1997) Southern Adirondack Library System (SALS) is a cooperative system composed of 30 member libraries located in four upstate New York counties. SALS operated an electronic information service known as ‘Library Without Walls’ (LWW). Users who possessed a valid library card and a personal identification number could access the internet. A library-based computer or a personally owned computer could be used to log online. Quad/Graphics contended that a cadre of its Saratoga Springs-based employees employed the LWW feature during working hours to connect online and explore the Internet for personal purposes. After examining its long distance telephone billing records, Quad/Graphics asserted that unauthorised use between April 1995 and December 1996 has resulted in them incurring over US$23,000 in long distance telephone charges to the LWW telephone line. This

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 186

186

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

led to the loss of 1,770 manhours which were instead devoted to personal use of the internet. Quad/Graphics were able to decipher nine distinct 13-digit identification numbers which had been used to access LWW from its computer system. In an effort to learn the identity of the individuals to whom those nine identification numbers were issued, the company made a request under the Freedom of Information Law (Public Officers Law art 6) to the Saratoga Springs Public Library. The request was rejected by the library on the basis that such information is confidential and may not be voluntarily disclosed. Were the application to be granted, the door would be open to other similar requests made, for example, by a parent who wishes to learn what a child is reading or viewing on the internet via LWW or by a spouse to learn what type of information his or her mate is reviewing at the public library. The court recognised the significance of the problem that the petitioner faced and the difficulty that they had encountered. However, the municipal library system was not required to release library system records under Freedom of Information Law in order to allow a corporate employer to determine the identity of employees who were alleged to have misused corporate computer and telephone systems to take advantage of the library’s free Internet access. There was no criminal complaint before the court and the court would not lightly override the legislature’s expression of public policy of maintaining the confidentiality of library’s records. .

Re Grand Jury Subpoena to Kramerbooks & Afterwords Inc 26 Med. L. Rptr. 1599 (D.D.C. 1998) In 1998, Kramers bookshop successfully fought a subpoena from Kenneth Starr to disclose which books Monica Lewinsky had purchased. ‘The bookstore’s lawyer, Carol L. O’Riordan, would not comment on a report that one book bought by Ms Lewinsky was “Vox”, a 1992 best-selling novel by Nicholson Baker whose theme is telephone sex’ (Stout, D. (1998) Lewinsky’s Bookstore Purchases Are Now Subject of a Subpoena, New York Times, 26 March 1998, https://www.nytimes.com/1998/03/26/us/lewinsky-s-bookstore-purchasesare-now-subject-of-a-subpoena.html). The store owners believed that an investigation into the book-buying habits of one of their customers was an invasion of privacy and a threat to First Amendment freedoms. In the end, however, Kramer’s management and Lewinsky’s lawyers reached an agreement whereby the list of books she purchased would be given to Starr by her lawyers and not the bookstore, thereby protecting the store’s integrity.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 187

PRIVACY

187

United States versus Rumely, 345 US 41 (1953) Edward Rumely represented an organisation known as the Committee for Constitutional Government. He refused to disclose the names of individuals who had made bulk purchases of books, which were of a political nature, for further distribution. The Supreme Court found it unconstitutional to convict a bookseller for refusing ‘to provide the government with a list of individuals who had purchased political books’. Justice Douglas observed: ‘Once the government can demand of a publisher the names of the purchasers of his publications...[f]ear of criticism goes with every person into the bookstall ...[and] inquiry will be discouraged’.

Re Grand Jury Subpoena to Amazon.com 2007 Amazon.com won a legal fight to preserve customer privacy by persuading the court to reject requests for 24,000 customer records made by federal prosecutors in Madison, Wisconsin. A judge ruled that the book buying customers had a first amendment right to keep their reading habits from the government. The subpoena would have permitted the government to peek into the reading habits of specific individuals without their knowledge or permission. ‘The [subpoena’s] chilling effect on expressive e-commerce would frost keyboards across America’, U.S. magistrate judge Stephen Crocker wrote.

8.7

Further information

American Library Association (2016) Library Privacy Guidelines, www.ala.org/advocacy/privacy/toolkit. American Library Association (2011) Privacy Toolkit, www.ala.org/ala/aboutala/offices/oif/iftoolkits/toolkitsprivacy/default.cfm. Magi, T. J. (2006) Protecting Library Patron Confidentiality: checklist of best practices, https://www.ila.org/advocacy/making-your-case/privacy/ confidentiality-best-practices. Newman, B. and Tijerna, B. (2017) Protecting Patron Privacy: a LITA guide, Rowman & Littlefield. NISO (2015) NISO Consensus Principles on Users’ Digital Privacy in Library, Publisher, and Software-Provider Systems (NISO Privacy Principles), https://groups.niso.org/apps/group_public/download.php/16064/NISO%2 0Privacy%20Principles.pdf.

References Affonso, E. P. and Sant'Ana, R. C. G. (2018) Privacy Awareness Issues in User Data Collection by Digital Libraries, IFLA Journal, 44 (3), October 2018, 170–182.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 188

188

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

CILIP (2018) Ethical Framework, https://cdn.ymas.com/www.cilip.org.uk/resource/resmgr/cilip/policy/ new_ethical_framework/cilip_s_ethical_framework.pdf. CILIP (2011) User Privacy in Libraries: guidelines for the reflective practitioner, https://archive.cilip.org.uk/archived-policy-statements/user-privacylibraries-guidelines-reflective-practitioner. Cooke, L. (2018) Privacy, Libraries and the Era of Big Data, IFLA Journal, 44 (3), October 2018, 167. Gorman, M. (2000) Our Enduring Values: librarianship in the 21st century, ALA Editions. ICO (2009) Freedom of Information Act 2000 (Section 50). Koops, B.-J. et al. (2017) Typology of Privacy, University of Pennsylvania Journal of International Law, 38 (2), 483–575.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 189

CHAPTER 9

Freedom of information

Contents 9.1 General principles of freedom of information 9.2 The Freedom of Information Act 2000 (FOIA) 9.3 Publication schemes 9.4 Datasets 9.5 Copyright implications of the FOIA 9.6 Freedom of information and library and information professionals 9.7 Freedom of information rights and request procedures 9.8 Exemptions and appeals 9.9 Enforcement 9.10 The Environmental Information Regulations 2004 (EIR) 9.11 Freedom of information in Scotland 9.12 Freedom of information and data protection 9.13 European Union documents 9.14 Further information and keeping up to date References

9.1

General principles of freedom of information

United Nations General Assembly Resolution 59(i), which was passed at its first session on 14 December 1946, states that: ‘Freedom of information is a fundamental human right and is the touchstone of all the freedoms to which the United Nations is consecrated.’ The legal right to information is not limited to access to information laws, because each country has its own mix of legislation covering areas such as public records/archives, environmental protection, data protection and privacy, state secrets, and media. Openness and transparency are now considered to be an essential part of any modern government. A UNESCO report says that ‘the number of member states with freedom of information laws has risen to 112, with especially strong growth in the Africa and Asia-Pacific regions’ (UNESCO, 2018). An open government backed by a properly implemented and working freedom of information regime provides many benefits both to government

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 190

190

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

bodies as well as to citizens. Freedom of information regimes exist in order to promote transparency and accountability. The public sector, by definition, is funded from the public purse and as such has a responsibility to demonstrate that it is held to account for that expenditure. Key benefits of a fully-fledged freedom of information system are: • • • • •

Participation in public debate. Improved administration and decision-making. Accountability in the spending of public money. Allowing the public to understand decisions made about them. Promoting public health and safety.

In addition to transparency and openness, freedom of information promotes a sense of accountability across the public sector. For example, details of expenditure on taxis, which were released as a result of an FOI request by Paul Hutcheon (Scottish political editor of the Sunday Herald), ultimately led to the resignation of the leader of the Scottish Conservative Party, David McLetchie. The information showed the MSP to have claimed unusually high travel expenses for an Edinburgh-based MSP. In the Westminster Parliament, the ‘expenses scandal’ of 2009 came about as a result of an FOI request made by Heather Brooke for details of a number of high-profile MPs’ expenses. Ms Brooke took the matter to the Information Tribunal and also to the High Court. It ultimately led to the resignation of the Speaker, Michael Martin, and to the convictions and/or imprisonment of a number of ex-MPs and members of the House of Lords: • The former Labour MP David Chaytor was jailed for 18 months for fraudulently claiming more than £20,000 in expenses but was released after serving only a quarter of his sentence. • Former Labour MP Eric Illsley was sentenced to a year in jail after pleading guilty to £14,000 of expenses fraud. • Former Labour MP Jim Devine was jailed for 16 months for expenses fraud. • Elliott Morley, a former Labour MP, was sentenced to 16 months in jail, having pleaded guilty to fraudulently claiming £32,000 in expenses, which included payments for a mortgage on his home in Scunthorpe that had already been paid off. • Lord Taylor of Warwick was convicted of dishonestly claiming over £11,000 in allowances by an 11 to 1 majority verdict and jailed for 12 months. • Lord Hanningfield was found guilty on all six counts of false accounting relating to nearly £14,000 of parliamentary expenses and jailed for nine months.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 191

FREEDOM OF INFORMATION

191

• Former Labour MP Denis MacShane was jailed for six months for expenses fraud after admitting submitting fake receipts amounting to £12,900. The FOIA and the Freedom of Information (Scotland) Act 2002 (FOI(S)A) give citizens the right to see all kinds of information held by the government and other public authorities. Citizens can use this legislation to: • Find out about a problem affecting their community and to check whether an authority is doing enough to deal with it. • See how effective a policy has been. • Find out about the authority’s spending. • Check whether an authority is doing what it says it is. • Learn more about the real reasons for decisions. Public authorities can only withhold information if an exemption in the Act allows them to do so. Even exempt information may have to be disclosed in the public interest. If a member of the public thinks that information has been improperly withheld they can complain to the independent Information Commissioner (or the Scottish Information Commissioner), who can then order disclosure.

9.2

The Freedom of Information Act 2000 (FOIA)

The FOIA gives a general right of access to all types of ‘recorded’ information held by public authorities. It sets out a number of exemptions from that right and it also places a number of obligations on public authorities. Around 100,000 public bodies are covered by the FOIA. The list is set out in Schedule 1 of the Act, and it has been amended by several statutory instruments. The FOIA does not apply to information held by the Security Service, the Secret Intelligence Service (SIS), the Government Communications Headquarters (GCHQ), the Special Forces or any unit or part-unit assisting GCHQ. • Central government and government departments. • Local authorities. • Non-departmental public bodies. • National Health Service (NHS) bodies (hospitals, doctors’ surgeries, dentists, pharmacists and opticians). • Maintained schools. • Colleges.

• • • • • • • •

Universities. Police forces. Prison services. Armed forces. House of Commons. House of Lords. Northern Ireland Assembly. National Assembly for Wales.

Figure 9.1 Public authorities covered by the FOIA

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 192

192

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

As far as libraries are concerned, relevant organisations covered by the FOIA include the British Library, National Library of Wales and Arts Council England; Libraries Northern Ireland; and in Scotland, the National Library of Scotland comes within the remit of the FOI(S)A. The FOIA is enforced by the Information Commissioner whose role is to: promote good practice, approve and advise on the preparation of publication schemes, resolve problems through handling eligible complaints where people think their rights have been breached, provide information as to the public’s rights under the FOIA, and enforce compliance with the FOIA. She is also required to report annually to Parliament. In 2002, the Scottish Executive passed the FOI(S)A, which is overseen by a Scottish Information Commissioner. The Information Commissioner is a ‘corporation sole’ with the powers, authority, duties and responsibilities of the role vested in one person and passing from one holder of that role to another. The ICO is an executive non-departmental public body sponsored by the Department for Digital, Culture, Media & Sport. The Cabinet Office is in charge of freedom of information policy. There are three codes of practice issued under the FOIA and the Environmental Information Regulations (EIR), which provide guidance to public authorities: 1 Freedom of information code of practice providing guidance for public authorities on best practice in meeting their responsibilities under Part 1 of the Act. It sets the standard for all public authorities when considering how to respond to FOI requests (Cabinet Office, 2018). The code covers the following areas: • • • • • • • • •

Right of access. Advice and assistance. Consultation with third parties. Time limits for responding to requests. Internal reviews. Cost limit. Vexatious requests. Publication schemes. Transparency and confidentiality obligations in contracts and outsourced services. • Communicating with a requester. • Datasets. 2 On the management of records, the ICO (2016) aims to give advice to public authorities (and any other organisations whose administrative and

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 193

FREEDOM OF INFORMATION

193

departmental records are subject to the Public Records Act 1958 and the Public Records (Northern Ireland) Act 1923) on keeping, managing and destroying records. Prior to the coming into force of the Transfer of Functions (Information and Public Records) Order 2015, the section 46 Code of Practice was issued by the Lord Chancellor (Ministry of Justice, 2009b). 3 Regulation 16 code of practice – discharge of obligations of public authorities under the EIR (ICO, 2017 and ICO, 2005) https://ico.org.uk/media/for-organisations/documents/2013835/ eir-regulation-16-code-of-practice.pdf and https://ico.org.uk/media/ for-organisations/documents/1644/environmental_information_ regulations_code_of_practice.pdf covers: • Training. • Proactive dissemination of information. • Provision of advice and assistance to persons making requests for information. • Timeliness in dealing with requests for information. • Charges. • Transferring requests for information. • Consultation with third parties. • EIR and public sector contracts. • Accepting information in confidence from third parties. • Consultation with devolved administrations. • Refusal of request. • Review and complaints procedures. Figure 9.2 shows the two main obligations public authorities have under the FOIA. 1. Public authorities must publish certain information proactively (and as part of this they have to produce a ‘publication scheme’ as a guide to the information they hold that is publicly available). 2. They also have a duty to respond to individual requests for information.

Figure 9.2 Obligations of Public Authorities under the FOIA

9.2.1 Local authorities The Local Government Transparency Code 2015 (https://gov.uk/government/ publications/local-government-transparency-code-2015) sets out the minimum data that local authorities should be publishing, the frequency with which it should be published and how it should be published.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 194

194

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

Three principles guided the development of the Code: 1 Demand-led – there are growing expectations that new technologies and publication of data should support transparency and accountability. 2 Open – provision of public data should become integral to local authority engagement with local people so that it drives accountability to them. 3 Timely – the timeliness of making public data available is often of vital importance. Councils are required to publish an organisation chart covering staff in the top three levels of the organisation, including salary details in £5,000 brackets and the maximum salary for the grade. Councils will also be expected to respond to public demand for more information, where residents decide what data is important, so they can see exactly where their taxes go and how their council is performing. The Code states that: … public data should be published in a format and under a licence that allows open re-use, including for commercial and research activities, in order to maximise value to the public. The most recent Open Government Licence published by the National Archives should be used as the recommended standard. Where any copyright or data ownership concerns exist with public data these should be made clear. The Code sets out the minimum datasets that should be released, openly and for reuse, by local authorities as falling within the following themes: • • • • • • • • • • • • •

Expenditure over £500. Government procurement card transactions. Procurement information. Grants to the voluntary, community and social enterprise sector. An organisational chart. Senior salaries. The pay multiple. Trade union facility time. Local land assets. Social housing asset value. Parking accounts and parking spaces. Fraud. The constitution.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 195

FREEDOM OF INFORMATION

9.3

195

Publication schemes

The FOIA places a duty on public authorities to adopt and maintain publication schemes, which must be approved by the Information Commissioner’s Office, and to publish the information that is covered by the scheme. A publication scheme is essentially a guide to information that a public authority routinely publishes or intends to publish. The word ‘publication’ should be defined widely enough to cover not just items to be found in bound or printed form, but also computer printouts, website downloads, etc. The emphasis is on information rather than documents. Such schemes must set out the types of information the authority publishes, the format, and the details of any charges. The ICO has developed a model publication scheme, of which there are two versions. The first version is the one for most public authorities, while the second version is for the small number of public authorities that are only covered for part of the information they hold. The ICO has a set of definition documents and template guides which set out the types of information they would expect particular kinds of authority to publish and list in their guide (https://ico.org.uk/for-organisations/guide-tofreedom-of-information/publication-scheme/definition-documents). The model publication scheme specifies the ‘classes’ of information that the public authority publishes or intends to publish (Figure 9.3). These classes might be described as groupings of information having one or more common characteristics. Each class of information within the scheme commits the public authority to publishing the information that falls within it. It is therefore important that a public authority, and its staff, understand what material is covered and that the coverage is clear to the user. Where it is intended that certain information is not included, this must also be clear to users. Who we are and what we do (organisational information, locations and contacts, constitutional and legal governance). What we spend and how we spend it (financial information relating to projected and actual income and expenditure, tendering, procurement and contracts). What our priorities are and how we are doing (strategy and performance information, plans, assessments, inspections and reviews). How we make decisions (policy proposals and decisions, decision-making processes, internal criteria and procedures, consultations). Our policies and procedures (current written protocols for delivering our functions and responsibilities). Lists and registers (information held in registers required by law and other lists and registers relating to the functions of the authority). The services we offer (advice and guidance, booklets and leaflets, transactions and media releases. A description of the services offered).

Figure 9.3 Classes of information

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 196

196

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

The FOIA has provided a tremendous opportunity for information professionals to play a key part in the development of the guide to information that the public authority will provide under their publication scheme. Information professionals have considerable information management expertise that can be utilised by carrying out information audits so that public authorities can produce a detailed inventory of what they produce. The FOIA increased pressure for public authorities to have effective records management systems in place because only by managing their records in a professional manner can public authorities be confident that they have a comprehensive overview of the information that they hold. Such knowledge can then assist those authorities to respond to requests effectively and to speedily identify cases where an exemption might be relied upon. Public authorities need to have formal records management procedures in place, including the development of proper retention, destruction and archiving policies. Sound principles of information handling and retrieval are the foundation of freedom of information. The code of practice on records management (ICO, 2016) says that ‘Good records management should be seen as a benefit, not a burden. All organisations, public and private, are advised to have good records management in place as part of achieving business efficiency, by making sure that information is easily retrieved and properly documented.’ Freedom of information legislation is only as good as the quality of the records to which it provides access. If information cannot be found when requested, then the access rights set out in the FOIA 2000 are of limited value. Public authorities should be monitoring the access requests that they receive in order to determine whether information that is regularly being requested should be made available routinely. Indeed, it is good practice for authorities to keep a log of requests made for information that is not already included in their publication schemes. It is recommended that information should be on a website wherever possible. However, there may be some information that is not suitable for uploading to a website such as information that is only held in hard copy format or very large files. Public authorities need to be mindful of obligations that they are required to meet from other legislation such as the Equalities Act 2010 or the Welsh Language Act 1993: • Should a requestor require information in other forms or an alternative format, the public authority should make clear that the requester can contact them and they will endeavour to meet the requestor’s requirements. • Where the required information is only normally accessible by attending the public authority’s premises to view/inspect it, there may be good reasons

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 197

FREEDOM OF INFORMATION

197

why it is not possible for the requestor to view the information in person. In such circumstances, every reasonable effort should be made to find an alternative means of communicating the information. • The public authority will normally provide the information requested in the language in which it is held. However, they may be required under another statute to translate certain information and in those circumstances they will need to do that. For example, the Welsh Language Act 1993 gives the Welsh and English language equal status in public life in Wales. The Act requires public bodies providing services to the public in Wales to prepare a Welsh Language Scheme, setting out how it will provide those services in Welsh.

9.4

Datasets

Public authorities are required to pro-actively release data in a way that allows businesses, non-profit organisations and others to reuse the data for social and commercial purposes. In the Protection of Freedoms Act 2012 section 102 (Release and publication of datasets held by public authorities), the legislation requires all public authorities to release datasets in a reusable electronic format. The PFA 2012 achieves this by inserting a new section 11(1A) into the Freedom of Information Act 2000 which requires that in the case of datasets, so far as is reasonably practicable, a public authority must provide the information in an electronic format which is capable of being reused, thereby preventing authorities from deliberately releasing the information in a format that makes data manipulation impossible (such as releasing the data in Adobe PDF format when it was originally a spreadsheet). Under a new section 19(2A) of the FOIA, publication schemes have to include a requirement for the public authority to publish any dataset it holds that is requested by an applicant, and any updated version of the dataset (Act Now, 2011): Section 19(2A) A publication scheme must, in particular, include a requirement for the public authority concerned— (a) to publish— (i) any dataset held by the authority in relation to which a person makes a request for information to the authority, and (ii) any up-dated version held by the authority of such a dataset, unless the authority is satisfied that it is not appropriate for the dataset to be published, (b) where reasonably practicable, to publish any dataset the authority publishes by virtue of paragraph (a) in an electronic form which is capable of re-use,

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 198

198

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

(c) where subject to subsections (2AA) and (2AB) any information in a dataset published by virtue of paragraph (a) is a relevant copyright work in relation to which the authority is the only owner, to make the information available for re-use in accordance with the terms of the specified licence.

9.5

Copyright implications of the FOIA

Most documents disclosed under freedom of information, whether they are covered by a publication scheme or sent to an individual in response to a freedom of information request, will be subject to copyright protection. Both section 50 of the CDPA and Schedule 1 of the Database Regulations (SI 1997/3032) allow the supply of documents under the exceptions of Acts done under statutory authority. Section 50 of the Copyright Designs and Patents Act 1988 (CDPA) says: Acts done under statutory authority 50.—(1) Where the doing of a particular act is specifically authorized by an Act of Parliament, whenever passed, then, unless the Act provides otherwise, the doing of that act does not infringe copyright. (2) Subsection (1) applies in relation to an enactment contained in Northern Ireland legislation as it applies in relation to an Act of Parliament. (3) Nothing in this section shall be construed as excluding any defence of statutory authority otherwise available under or by virtue of any enactment. It isn’t always necessary to make a complete copy of the material. The FOIA authorises the public authority to provide access to the requested material and this need not necessarily be done by copying the information. The requirement set out in the FOIA could, for example, be achieved by the public authority making the item available for inspection at their premises or by providing a summary. Section 11 states: Means by which communication to be made. (1) Where, on making his request for information, the applicant expresses a preference for communication by any one or more of the following means, namely— (a) the provision to the applicant of a copy of the information in permanent form or in another form acceptable to the applicant, (b) the provision to the applicant of a reasonable opportunity to inspect a record containing the information, and

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 199

FREEDOM OF INFORMATION

199

(c) the provision to the applicant of a digest or summary of the information in permanent form or in another form acceptable to the applicant, the public authority shall so far as reasonably practicable give effect to that preference. (1A) Where— (a) an applicant makes a request for information to a public authority in respect of information that is, or forms part of, a dataset held by the public authority, and (b) on making the request for information, the applicant expresses a preference for communication by means of the provision to the applicant of a copy of the information in electronic form, the public authority must, so far as reasonably practicable, provide the information to the applicant in an electronic form which is capable of reuse. With regard to giving permission for datasets to be reused, the Code of Practice under section 45 of the FOIA (Cabinet Office, 2018) says: The public authority should ascertain whether copyright and/or database rights (‘intellectual property’) in the dataset are owned solely by the authority or whether there is a third party interest. Nothing in the Act’s re-use provisions overrides the rights of any third parties who may own intellectual property contained in the datasets. If a public authority grants a licence to re-use a dataset or part of a dataset containing third party intellectual property without the owner’s permission it may constitute an infringement of the third party’s rights. Where there is a third party interest any re-use licence must permit re-use only of those parts of the dataset that the public authority owns. If possible, and subject to any confidentiality requirements, the public authority should identify the requester who owns the remainder of the rights. In some cases the public authority may be able to obtain the third party’s permission to grant the re-use of the third party intellectual property outside the Act. UK government policy is that, wherever possible, Crown copyright material should be made available for re-use. The Open Government Licence is the default licensing model for most Crown copyright information produced by the UK government and supplied without charge. Freedom of information legislation covers the information a public authority holds, rather than focusing exclusively on the information a public authority

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 200

200

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

produces. Public authorities will not necessarily own the copyright in all the material that they release when answering an ad hoc FOI request. A recipient of information requested under the FOIA is not free to further reproduce the material in ways that would breach a third party’s copyright. Under copyright law, the enquirer would not be entitled to make further copies of the documents without obtaining the permission of the copyright owner. In the case of the Environmental Information Regulations (EIR), a public authority is entitled to refuse to disclose information to the extent that its disclosure would adversely affect IPRs (regulation 12(5)(c)). Any IPRs, including copyright-protected material, a patented design or the constituents of a chemical that has yet to be marketed, or other trade secret, may be protected by this exception where a potentially adverse effect can be reasonably anticipated and where the public interest in disclosure does not outweigh the adverse effects.

9.6

Freedom of information and library and information professionals

Library and information professionals are uniquely placed and skilled to defend and deliver freedom of information. CILIP attaches a high value to freedom of information, which is considered to be a core responsibility of its members. CILIP’s position statement on information access states that: CILIP is committed to promoting a society where intellectual activity and creativity, freedom of expression and debate, and access to information are encouraged and nurtured as vital elements underpinning individual and community fulfilment in all aspects of human life. It is the role of a library and information service that is funded from the public purse to provide, as far as resources allow, access to all publicly available information, whether factual or fiction and regardless of media or format, in which its users claim legitimate interest. [In some cases this will be limited to those areas reflecting the primary purpose of a parent institution; in others it will be generalist in nature]. Access should not be restricted on any grounds except that of the law. If publicly available material has not incurred legal penalties then it should not be excluded on moral, political, religious, racial or gender grounds, to satisfy the demands of sectional interest. The legal basis of any restriction on access should always be stated. CILIP (2005) https://archive.cilip.org.uk/sites/default/files/ media/document/2017/2005_foistatement0705_0.pdf CILIP’s Ethical Framework (2018) says that:

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 201

FREEDOM OF INFORMATION

201

As an ethical Information Professional I make a commitment to uphold, promote and defend: […] Preservation and continuity of access to knowledge [A3] Intellectual freedom, including freedom from censorship [A4]. Information professionals have a key role to play in facilitating freedom of access to information. Libraries, information and advice centres of public authorities can provide citizens with details of what freedom of information means to them, they can guide enquirers towards the information which their authority makes routinely available through the publication schemes and they can also alert people to their rights of access to information not covered by the publication schemes. CILIP’s position statement establishes the principle that access to information should not be restricted on any grounds except that of the law (CILIP, 2005). If publicly available material has not incurred legal penalties then it should not be excluded on moral, political, religious, racial or gender grounds, to satisfy the demands of sectional interest. CILIP’s council also endorsed the Council of Europe Guidelines on Public Access to and Freedom of Expression in Networked Information (CILIP, 2011). The Council of Europe Guidelines detail a seven-point approach to the practical issues of enabling and managing access to information in the era of the internet and e-mail. In addition to emphasising the right to unfettered access, they also stress the obligation to support information users in making their choices of information sources and services freely and confidently.

✒ Useful resource The Scottish Information Commissioner’s website has guidance in the form of a set of FAQs on the relationship between libraries, archives and access to information through the FOI(S)A: www.itspublicknowledge.info/FAQ/PublicAuthorityFAQ/LibrariesArchivesFAQ. asp. The guidance addresses each of the following questions: • Is library stock, including books, considered to be information held by an authority within the meaning of the Act? • Can books and other material held by a library be subject to an information request under section 1 of the Act? • Should public authorities create a class in their publication scheme which includes the stock of libraries and archives? • Are library and archive holdings ‘reasonably obtainable’?

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 202

202

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

• Can material in an archive that is not readily accessible, such as uncatalogued material, be subject to section 1 requests? • What happens if access is restricted in accordance with conditions imposed by an outside person or body depositing the material?

9.7

Freedom of information rights and request procedures

The individual’s right of access to information means that anyone, anywhere, can make a request for information from a public authority provided that the request satisfies all the relevant conditions (for procedure see Figure 9.4). The request must include sufficient information to enable the authority to identify the information requested. You do not have to live in the UK or be a British citizen in order to ask for information and you do not have to say why you want the information. There are no limits on the kinds of information you can ask for, although there are limits on the information that the authority has to provide. Applicants have the right to be told what information the public authority holds and they also have the right to receive the information (unless one of the exemptions disqualifies that right). The right of access is fully retrospective. It covers information recorded both before and after the FOIA was passed. Applicants do not have to mention the FOIA or the DPA when requesting information. When making a request under the FOIA, you can specify how you want the information to be given to you and the public authority should give you the information in the form you prefer, if it is reasonably practicable to do this. The FOIA lists three ways in which you might ask for the information to be provided: • As a copy, in permanent form or some other form acceptable to you. • By an opportunity to inspect the information. • As a summary or digest. The authority can consider the cost when deciding how practical your preference is. Public authorities have 20 working days within which to respond to requests. In certain circumstances they can charge a fee, which has to be calculated according to The Freedom of Information and Data Protection (Appropriate Limit and Fees) Regulations 2004: SI 2004/3244 or the Freedom of Information (Release of Datasets for Re-use) (Fees) Regulations 2013: SI 2013/1977. Where a fee is required, the 20 working days is extended by up to three months until the fee is paid.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 203

FREEDOM OF INFORMATION

203

✒ Useful resource For further information on the time limit for responding to requests see the Time limits for compliance under the Freedom of Information Act (section 10): https://ico.org.uk/media/for-organisations/documents/1165/time-forcompliance-foia-guidance.pdf. In the case of the EIR, regulation 7 says: Where a request is made under regulation 5, the public authority may extend the period of 20 working days […] to 40 working days if it reasonably believes that the complexity and volume of the information requested means that it is impracticable either to comply with the request within the earlier period or to make a decision to refuse to do so. When making a request, you must: • Describe the information you would like. • Make the request in writing, for example in a letter or an email. In the case of environmental information, you can make the request verbally or in writing. • Give your real name and give an address to which the authority can reply. This can be a postal or email address. When responding to requests, public authorities: • Must respond to requests promptly and in any event, within 20 working days. • May charge a fee which has to be calculated according to the Fees Regulations, and if a fee is required, the 20 working days will be extended by up to three months until the fee is paid. • Tell the requester whether they hold the information that is being requested. • Must give reasons for their decision where the authority has grounds not to release the information requested and must tell the applicant of their right to complain.

Figure 9.4 Freedom of information requests procedure

9.8

Exemptions and appeals

Whilst the FOIA creates a general right of access to information held by public bodies, it also sets out a series of exemptions where that right is either disapplied or qualified (see Figure 9.5). The exemptions relate to information held for functions such as national security, law enforcement, commercial interests and personal data. Public authorities do need to take care when applying the exemptions. Where a requested document contains some exempt information, only those specific

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 204

204

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

pieces of exempt information can be withheld and the remainder of the document must be released. Usually, the public authority will give you a special notice explaining why it is not providing the information you have asked for. A public authority is not required to give you a full explanation if this would involve giving you information that is itself exempt. So, in some circumstances, you will only be given a partial explanation. However, the notice will explain: • How you can complain to the particular authority about the way your request has been handled. • Your right to ask the Information Commissioner to decide whether your request has been properly dealt with. Most of the exemptions require a public authority to consider a test of prejudice and a public interest test: 1 Some exemptions require you to judge whether disclosure may cause a specific type of harm, for instance, endangering health and safety, prejudicing law enforcement or prejudicing someone’s commercial interests. These are called prejudice-based exemptions. For example, in the case of the section 31 exemption, where a public authority considers the information to be exempt because it is held in connection with law enforcement, they can only withhold that information if its release would prejudice the prevention or detection of a crime. 2. In the case of the ‘public interest test’, this requires a public authority to consider whether the public interest in withholding the exempt information outweighs the public interest in releasing it; and the balance lies in favour of disclosure, in that information may only be withheld if the public interest in withholding it is greater than the public interest in releasing it. 3. Some exemptions apply only to a particular category or class of information, such as information held for criminal investigations or relating to correspondence with the royal family. These are called class-based exemptions. FOIA section 21

Exemption

22

Information intended Qualified for future publication

Information already reasonably accessible

Figure 9.5 FOI exemptions

Qualified or Absolute? Absolute

Public interest Class or prejudice test? test? NO Class YES

‘Reasonableness’ test

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 205

FREEDOM OF INFORMATION

205

FOIA section 22A

Exemption

Qualified or Absolute? Research information Qualified

Public interest Class or prejudice test? test? YES Prejudice test

23 24 26

Security bodies National security Defence; Effectiveness of the armed forces

Absolute Qualified Qualified

NO YES YES

Class Prejudice test Prejudice test

27

International Qualified relations Relations between Qualified the UK government, the Scottish Executive, the Welsh Assembly and the Northern Ireland Executive

YES YES

27(1) Prejudice test 27(2) Class Prejudice test

The economy; the financial interests of the UK, Scottish, Welsh or Northern Ireland administrations Investigations

Qualified

YES

Prejudice test

Qualified

YES

Class

Prejudice to law enforcement Court records

Qualified

YES

Prejudice test

Absolute

NO

Class

Prejudice to audit functions Parliamentary privilege Government policy Prejudice to the effective conduct of public affairs

Qualified

YES

Prejudice

Absolute

NO

Prejudice test

Qualified In most cases this is a qualified exemption. For information held by the House of Commons or the House of Lords it is an absolute exemption

YES YES (apart from where it relates to information held by the House of Commons or the House of Lords)

Class Prejudice test (where the judgment about prejudice must be made by the legally authorised qualified person for that public authority)

28

29

30 31 32 33 34 35 36

Figure 9.5 Continued

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 206

206

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

FOIA section

Exemption

Qualified or Absolute?

Public interest Class or prejudice test? test?

36

Prejudice to the effective conduct of public affairs

In most cases this is a qualified exemption. For information held by the House of Commons or the House of Lords it is an absolute exemption

YES (apart from where it relates to information held by the House of Commons or the House of Lords)

Prejudice test (where the judgment about prejudice must be made by the legally authorised qualified person for that public authority)

37

Communications with the royal family and the granting of honours

Some information subject to the public interest test

Class

38

Absolute (in relation to communications with the monarch, the heir to the throne and the second in line to the succession to the throne) All other information under the scope of this exemption is qualified Qualified

YES

Prejudice test

YES

Class

NO

Class

40(2)

Endangering health and safety Environmental Qualified information Personal information Absolute of the requester Data protection

41

Confidentiality

42

Legal professional Qualified privilege Trade secrets and Qualified prejudice to commercial interests Prohibitions on Absolute disclosure

39 40(1)

43

44

Figure 9.5 Continued

Absolute

NO (but some Prejudice test information that falls under section 40 is subject to the public interest test) NO Prejudice test YES

Prejudice test

YES

43(1) Class 43(2) Prejudice test

NO

Class

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 207

FREEDOM OF INFORMATION

9.9

207

Enforcement

A person who has made a request for information and is unhappy with the response that they have received should first go through the public authority’s own complaints procedure. However, if they are still unhappy, they may apply to the Information Commissioner for a decision as to whether the request has been dealt with according to the FOIA. In response, the Information Commissioner may serve a decision notice on the public authority and applicant setting out any steps that are required in order to comply. The Information Commissioner has the power to serve information notices and enforcement notices on public authorities. In certain circumstances the Information Commissioner may issue a decision or enforcement notice requiring disclosure of information in the public interest. All notices may be appealed to the independent First-Tier Tribunal (Information Rights). However, where the Information Commissioner issues a notice requiring disclosure of the information this may be subject to an ‘executive override’. Only a Minister of the Crown who is in the Cabinet, or a UK Law Officer, can use the ‘ministerial veto’ that overrides a relevant decision of the Information Commissioner requiring disclosure. Section 53(2) of the FOIA requires the accountable person present to present a certificate to the Commissioner and to lay a copy before each House, or the Northern Ireland Assembly or the Welsh Assembly where relevant. The accountable person has 20 working days within which to serve the certificate. There is no right of appeal against the ministerial certificate. The ministerial override should only be used in exceptional circumstances, and if it is ever used, this will be reported to parliament. The ministerial veto was used by Jack Straw in 2009 when the Information Commissioner cited the public interest when ordering the release of the Cabinet minutes of the meetings which authorised the war in Iraq, including the Attorney General’s advice. The information has now been released but only by means of extreme political pressure and in the form of a public inquiry. On another occasion Jack Straw exercised the ministerial veto to prevent the disclosure of 1997 Cabinet Committee minutes on devolution. The matter had been due to be heard at the Information Tribunal on 25 January 2010 but in exercising the ministerial veto ahead of that date, the Tribunal’s role was completely disregarded. The ministerial veto has been used several times: • • • • •

Legal advice on hostilities in Iraq – 24 February 2009 Devolution cabinet minutes – 10 December 2009 Devolution cabinet minutes – 8 February 2012 NHS risk registers – 8 May 2012 Hostilities against Iraq – 2003

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 208

208

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

• Correspondence from Prince Charles – 16 October 2012 • Court of Appeal judgment – March 2014 • HS2 – 30 January 2014 In R. (on the application of Evans) and another (Respondents) v. Attorney General (Appellant) [2015] UKSC 21, the Supreme Court ruled that the veto could only be used if ministers were able to show that the facts or circumstances have changed substantially since the Tribunal’s decision. The Supreme Court also ruled that decisions under the Environmental Information Regulations cannot be vetoed at all, because it is not permitted under the EU Directive (2003/4/EC). Lord Neuberger said that ministers should normally be expected to appeal against decisions of the Commissioner, rather than veto them.

9.10

The Environmental Information Regulations 2004 (EIR)

The EIR came into force on 1 January 2005, coinciding with the implementation of the right of access to information under the FOIA. The regulations clarify and extend previous rights of access to environmental information held by public authorities. The rights in the EIR stem from Council Directive 2003/4/EC of 28 January 2003 on public access to environmental information and repealing Council Directive 90/313/EEC. On 25 June 1998, the European Community signed the United Nations Economic Commission for Europe (UN/ECE) Convention on Access to Information, Public Participation in Decision-Making and Access to Justice in Environmental Matters (the Aarhus Convention). The First-Tier Tribunal (Information Rights) considers appeals from notices issued by the Information Commissioner under the EIR. The Environmental Information (Scotland) Regulations 2004: SSI 2004/520 (EI(S)R) provide for the making available of environmental information held by Scottish authorities. There is also a code of practice on the discharge of functions by public authorities under the EI(S)R and this is enforced by the Scottish Information Commissioner. The Regulations have been amended by The Environmental Information (Scotland) Amendment Regulations 2013: SSI 2013/127. Destroying information with the intention of preventing disclosure is an offence under the FOIA (section 77), the DPA and the EIR (regulation 19).

9.10.1 What is environmental information? The definition of ‘environmental information’ is given in the EIR 2004 regulation 2(4). It covers information in written, visual, oral, electronic or other material form about:

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 209

FREEDOM OF INFORMATION

209

1 The state of the elements of the environment (such as air, atmosphere, water, soil, land, landscape and natural sites, GMOs, biological diversity) and the interactions between them. 2 Substances, energy, noise, radiation or waste including radioactive waste, emissions and discharges into the environment affecting or likely to affect the elements in (1). 3 Measures (including administrative measures, policies, legislation, plans, programmes and environmental agreements) and activities affecting or likely to affect the elements and factors in (1) and (2). 4 Reports on the implementation of environmental legislation. 5 Cost benefit and other economic analyses used within the measures and activities covered in (3). 6 The state of human health and safety, conditions of human life, contamination of the food chain, cultural sites and built structures in as much as they are or may be affected by (1), (2) or (3). There are similarities as well as differences between the UK’s freedom of information regime and the EIR. To put this into context, it should be borne in mind that the FOIA was initiated by the Westminster Parliament, whereas the EIR derives from European legislation (see Directives 313/90/EC and 2003/4/EC which subsequently replaced it). There are two types of exception under the EIR – a group of exceptions based on the category or class of information and another group of exceptions where they would have an adverse effect on xyz. All the EIR exceptions are subject to a public interest test. Refusals can be made if: • • • • •

Information is not held (refer request on) – Regulation 12(4)(a). Request is manifestly unreasonable – Regulation 12(4)(b). Request is too general – Regulation 12(4)(c). Request is for unfinished documents or data – Regulation 12(4)(d). Internal communications – Regulation 12(4)(e).

Refusals may be made if disclosure would adversely affect: • International relations, defence, national security, public safety – Regulation 12(5)(a). • The course of justice, the ability of a person to receive a fair trial or the ability of the public authority to conduct an inquiry of a criminal or disciplinary nature – Regulation 12(5)(b). • Intellectual property rights – Regulation 12(5)(c). • Confidentiality of proceedings where confidentiality is provided by law –

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 210

210

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

Regulation 12(5)(d). • Confidentiality of commercial or industrial information where such confidentiality is provided by law to protect a legitimate economic interest – Regulation 12(5)(e). • The interests of the person who provided the information – Regulation 12(5)(f). • The protection of the environment to which the information relates – Regulation 12(5)(g). Information on emissions cannot be refused under (Regulation 12(5)(d–g). The exceptions listed under regulation 12(5) – exceptions – are based on the harmful consequences of show that disclosing information would harm one of would be necessary to:

the last four points the ‘adversely affect’ disclosure. In order to the interests listed, it

• Identify a negative consequence of the disclosure that is significant and is relevant to the exception being claimed. • Show a link between the disclosure and the negative consequence. • Show that the harm is more likely than not to happen. There is also an exemption where the information is personal data. If it is the personal data of the applicant, the request would be covered instead under the Data Protection Act 2018. Both the EIR and FOIA regimes encourage the proactive dissemination of information and the use of publication schemes. They have the same time limit of 20 working days. Both require public authorities to provide advice and assistance and to provide information in the form and format requested where possible. In terms of the differences between the two regimes, EIR requests do not have to be in writing and can be made orally and they cannot be refused solely on the grounds of cost. Whilst the FOIA does have a public interest test, in the case of the EIR all the exceptions are subject to the public interest test.

9.11

Freedom of information in Scotland

The Scottish Executive’s objectives in passing the FOI(S)A 2002 were to: • Establish a legal right of access to information held by a broad range of Scottish public authorities. • Balance this right with provisions protecting sensitive information. • Establish a fully independent Scottish Information Commissioner to

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 211

FREEDOM OF INFORMATION

211

promote and enforce the freedom of information regime. • Encourage the proactive disclosure of information by Scottish public authorities through a requirement to maintain a publication scheme. • Make provision for the application of the freedom of information regime to historical records. FOI(S)A Part 2 – Exempt information (sections 25–41) Exemptions to which the public interest test does not apply: 25 Information otherwise accessible 26 Prohibitions on disclosure 36(2) Confidentiality (actionable breaches of confidence) 37 Court records, etc. 38 Personal information (paragraphs (a), (c) and (d) and paragraph (b) where the first condition referred to in that paragraph is satisfied). Exemptions to which the public interest test does apply: 27 Information intended for future publication 28 Relations within the United Kingdom 29 Formulation of Scottish Administration policy, etc. 30 Prejudice to effective conduct of public affairs 31 National security and defence 32 International relations 33 Commercial interests and the economy 34 Investigations by Scottish public authorities and proceedings arising out of such investigations 35 Law enforcement 36(1) Confidentiality 38 Personal information (whilst the exemption is mostly absolute, there are two specific situations in section 31(1)(b) which are subject to the public interest test (there is an exemption briefing ‘FOISA: guidance. Section 38 – personal information’ published by the Scottish Information Commissioner)) 39 Health, safety and the environment 40 Audit functions 41 Communications with Her Majesty, etc., and honours.

Figure 9.6 Exemptions under the Freedom of Information (Scotland) Act 2002

The FOI(S)A came into force in January 2005, in line with the rest of the UK. A detailed list of the public authorities covered by the Act is contained in Schedule 1. It includes: • • • •

The Scottish Executive and its agencies. Local authorities. NHS Scotland. Schools, colleges and universities.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 212

212

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

• The police. • The Scottish Parliament. The Act provides for other authorities to be added later, and for organisations to be designated as public authorities if they exercise functions of a public nature or provide a service under contract, which is a function of a public authority. This provision would enable private companies to be brought within the scope of the Act should they be involved in significant work of a public nature such as major private finance initiatives (PFI) contracts. In such cases, only the company’s involvement in work of a public nature would come within the freedom of information remit. As part of the devolution settlement, UK government departments operating in Scotland and cross-border public authorities such as the BBC and the Ministry of Defence are not covered by Scottish freedom of information legislation, but instead by the UK FOIA. Scottish public authorities are required to respond to requests within 20 working days, as is the case with the FOIA. But in certain circumstances the Keeper of the Records of Scotland has 30 working days to respond to requests. Two areas of the 2002 Act were identified as requiring amendment which could only be achieved through primary legislation. The Freedom of Information (Amendment) (Scotland) Act 2013 was passed in order to address these two areas of concern which were: • The order-making power relating to the definition of what constitutes a ‘historical record’ and the lifespans of certain exemptions; and • The ability to prosecute in the event of information not being disclosed due to, for example, alteration, destruction or concealment. Most requests under the FOI(S)A should be dealt with free of charge and where a fee is charged it is likely to be small. If someone has a disability and because of that wants the information in a particular format, an authority cannot pass on to them any extra costs it has to pay in order to provide it in that format. If the cost to the authority is more than £100 but less than £600, the authority can charge the requester 10% of the cost of providing the information, but the first £100 is always free. So the maximum it can charge you in most situations is £50 (this would be where the cost to the authority is £600). For example: • If the cost to the authority is £200, it can only charge you £10: 10% x (£200 – £100). • If the cost to the authority is £600, it can charge you £50: 10% x (£600 – £100).

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 213

FREEDOM OF INFORMATION

213

If the total cost to the authority is more than £600, the authority can refuse your request. If, however, it decides to deal with your request, the authority can charge you the full cost (i.e. up to £15 an hour for staff time plus reasonable photocopying costs) over and above this £600 limit. The authority may be able to advise you how to reduce the costs by making changes to your request. As far as the exemptions are concerned (Figure 9.6), a key difference with the Freedom of Information (Scotland) Act 2002 is that the test is whether the information would prejudice substantially the purpose to which the exemption relates. The prejudice caused would need to be ‘real, actual and of significant substance’ if it were to constitute ‘substantial prejudice’. In other words, the exemptions are harder to justify in Scotland than in England and Wales.

9.12

Freedom of information and data protection

The DPA gives individuals the right to find out what structured information is held about them by organisations in both the public and the private sectors and to obtain a copy of that information. The GDPR does not cover information which is not, or is not intended to be, part of a ‘filing system’. However, under the Data Protection Act 2018 (DPA 2018) unstructured manual information processed only by public authorities constitutes personal data. This includes paper records that are not held as part of a filing system. While such information is personal data under the DPA 2018, it is exempted from most of the principles and obligations in the GDPR and is aimed at ensuring that it is appropriately protected for requests under the Freedom of Information Act 2000. ICO, 2019, https://ico.org.uk/for-organisations/guide-to-data-protection/ guide-to-the-general-data-protection-regulation-gdpr/ what-is-personal-data/what-is-personal-data/. Reproduced under the Open Government Licence v3

9.12.1 Fees and charges Data protection fee In most instances, data controllers cannot charge a fee to comply with a subject access request. There are, however, a few instances where a charge can be made. Where the request is manifestly unfounded or excessive, a ‘reasonable fee’ can be charged to cover the administrative costs of complying with the request. It is also possible to charge a fee if an individual requests further copies of their data following an initial request. Again, the fee must be based on the administrative costs of providing further copies.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 214

214

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

Freedom of information fees In the case of freedom of information requests, many are free of charge. Calculation of fees is undertaken in accordance with The Freedom of Information and Data Protection (Appropriate Limit and Fees) Regulations 2004: SI 2004/3244 and the Freedom of Information (Release of Datasets for Re-use) (Fees) Regulations 2013: SI 2013/1977. The 2004 regulations state that where the prescribed costs are over £600 in the case of government departments and £450 in the case of other public bodies, they are not required to provide the information; but, with the agreement of the enquirer, they can charge the full, prescribed costs for any costs above that threshold. In addition, the full costs for disbursements such as photocopying and postage and packing can be charged back to the enquirer.

9.12.2 The time limit for responding to requests Under data protection legislation, data controllers have one calendar month to respond to requests. However, if the request is complex or if the requester makes more than one request, the response time may be a maximum of three calendar months, starting from the day after receipt. Under the freedom of information legislation, public bodies have 20 working days following receipt of the request within which to provide the information to the enquirer.

9.12.3 The exemptions The third key area where the data protection and freedom of information legislative regimes differ is in the list of exemptions. The exemptions under the FOIA are set out in Figures 9.5; and the exemptions under the FOI(S)A are set out in Figure 9.6. Section 7.6 lists subject access exemptions under the DPA 2018.

9.13

European Union documents

The Amsterdam Treaty introduced Article 255, which gives citizens a right of access to European Parliament, Council and Commission documents. It was under this article on 30 May 2001 that Regulation (EC) No. 1049/2001 was passed on access to European Parliament, Council and Commission documents. The procedure was reviewed in 2007 (European Commission, 2007). People can request access to any unpublished documents (subject to exemptions) as set out in Figure 9.7. The exemptions cover documents which have not been finalised or which are not intended for publication. They also include documents from third parties, received and kept by the Commission.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 215

FREEDOM OF INFORMATION

215

• Make the request in writing and send it by post, fax or e-mail. • Check to see if the document you want is listed in the document register on the Europa server (http://ec.europa.eu/transparency/regdoc/registre.cfm?CL=en). • If it is there, quote the reference number of the document you require. • If it is not, make your request as detailed as possible to help the Commission to be able to identify the document you want. • The request can be made in any one of the official EU languages. • Send the request to the Commission’s Secretariat General or directly to the department responsible. • Receipt of applications will be acknowledged. • Within 15 working days from registration of your application, you will either be sent the document you requested or you will be given the reasons for its total or partial refusal.

Figure 9.7 How to access European Union information With the Treaty of Lisbon (2009), the right of access for citizens to documents (now laid down in Article 15(3) of the Treaty on the Functioning of the European Union (TFEU)) was formally extended to all institutions, bodies, offices and agencies of the European Union.

✒ Useful resource Europe Direct was set up to answer questions of a general nature from the public: http://europa.eu/european-union/contact_en Freephone telephone number: 00800 67891011 Register of Commission documents: http://ec.europa.eu/transparency/regdoc/registre.cfm?CL=en.

9.14 Further information and keeping up to date 9.14.1 Organisations The Campaign for Freedom of Information Free Word Centre, 60 Farringdon Road, London EC1R 3GA Tel: 020 7324 2519 E-mail: [email protected] Website: www.cfoi.org.uk Office of the Information Commissioner Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF Tel: 0303 123 1113 Website: https://ico.org.uk/

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 216

216

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

Scottish Executive – Freedom of Information Unit G-A North, Victoria Quay, Edinburgh EH6 6QQ Tel: 0131 244 2410 E-mail: [email protected] Website: https://www.gov.scot/about/contact-information/how-to-requestinformation/ Scottish Information Commissioner Kinburn Castle, Doubledykes Road, St Andrews, Fife KY16 9DS Tel: 01334 464 610 E-mail: [email protected] Website: www.itspublicknowledge.info Whatdotheyknow.com A forum for making and/or exploring FOI requests.

9.14.2 Journals Freedom of Information (ISSN 1745-1825) https://www.pdpjournals.com/overview-freedom-of-information.

9.14.3 News feeds Out-law.com, RSS feed on freedom of information: www.out-law.com/feeds/out-law_foi.aspx.

References Act Now (2011) Datasets: The new law, https://www.actnow.org.uk/media/newsletters/May_2011.pdf. Cabinet Office (2018) Freedom of Information Code of Practice, www.gov.uk/government/publications/freedom-of-information-code-ofpractice. CILIP (2005) Intellectual Freedom, Access to Information and Censorship (CILIP position statement), https://archive.cilip.org.uk/sites/default/files/media/document/2017/ 2005_foistatement0705_0.pdf. CILIP (2018) Ethical Framework, https://cdn.ymaws.com/www.cilip.org.uk/resource/resmgr/cilip/policy/ new_ethical_framework/cilip_s_ethical_framework.pdf. CILIP (2011) CILIP Statement on Intellectual Freedom, Access to Information and Censorship, https://web.archive.org/web/20130224020744/http://www.cilip.org.uk/ get-involved/advocacy/information-society/foi/Pages/intellfreedom.aspx.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 217

FREEDOM OF INFORMATION

217

CILIP Scotland (2002) Freedom of Information (Scotland) Act 2002: a guide for the information professional. European Commission (2007) Review of the Rules on Access to Documents, http://ec.europa.eu/transparency/revision/index_en.htm. ICO (2005) Code of Practice on the Discharge of the Obligations of Public Authorities Under the Environmental Information Regulations 2004, https://ico.org.uk/media/1644/environmental_information_regulations_ code_of_practice.pdf. ICO (2016) Section 46 Code of Practice – records management, https://ico.org.uk/media/for-organisations/documents/1624142/section46-code-of-practice-records-management-foia-and-eir.pdf. ICO (2017) Regulation 16 Code of Practice – Discharge of obligations of public authorities under the EIR, https://ico.org.uk/media/for-organisations/ documents/2013835/eir-regulation-16-code-of-practice.pdf. ICO (2019) What is Personal Data? https://ico.org.uk/for-organisations/guideto-data-protection/guide-to-the-general-data-protection-regulation-gdpr/ what-is-personal-data/what-is-personal-data. Legislation.gov.uk (2018) Freedom of Information Act 2000: Chapter 36, www.legislation.gov.uk/ukpga/2000/36/contents. UNESCO (2018) World Trends in Freedom of Expression and Media Development: global report 2017/2018, https://en.unesco.org/world-media-trends-2017.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 218

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 219

CHAPTER 10

Human Rights

Contents 10.1 General principles 10.2 Guiding principles for library and information professionals 10.3 Human rights and data protection 10.4 Human rights and copyright 10.5 Human rights and freedom of expression 10.6 Further information References

10.1

General principles

Libraries have an important role to play in raising awareness of and upholding human rights. Indeed, information intersects human rights and social justice in a number of significant ways, and libraries have had to address issues such as: • • • •

Should internet access be seen as a human right? Is information literacy a human right? Considerations relating to the information rich versus the information poor. Freedom of expression and the challenge of censorship.

Jaeger et al. (2015, 1) say that ‘As information and related technologies have become increasingly essential to education, employment, social interaction, and civic participation, greater focus has been placed on the idea that information can be seen as a necessary human right and a core part of social justice’. Sustainable development goal 16.10 (https://sustainabledevelopment.un. org/sdg16) of the United Nations is to: ‘Ensure public access to information and protect fundamental freedoms, in accordance with national legislation and international agreements’. Indicator 16.10.2 is the ‘Number of countries that adopt and implement constitutional, statutory and/or policy guarantees for public access to information’. Meanwhile, Goal 9c of the UN global 2030 Agenda for sustainable development is to ‘Significantly increase access to information and communications technology and strive to provide universal and affordable

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 220

220

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

access to the internet in least developed countries by 2020’. (https:// sustainabledevelopment.un.org/post2015/transformingourworld). The raison d’etre of libraries is to provide access to information. Jaeger et al. (2015) believe that there are three distinct aspects to information access: 1 Physical. Of the three aspects, physical access is the one that has attracted the most attention: access to the document or other form of embodying information. 2 Intellectual. Going beyond whether someone has physical access to information, it is necessary to have intellectual access which means having the ability to understand how to get to the information and having the ability to understand the information itself. 3 Social. Simply because one can physically and intellectually access the required information, it does not necessarily follow that they do access that information or that all users interpret the information in the same way. Information behaviour is influenced by social trust, social motivation and social inclusion.

10.1.1 Human Rights Act 1998 The coming into force of the HRA in October 2000 marked the UK’s implementation of the European Convention on Human Rights (ECHR). In the UK people cannot sue, or be sued by, another individual for breaking the Convention rights. But they may benefit indirectly because the Human Rights Act means that all laws have to be given a meaning and effect which is as close as possible to the Convention rights. Public authorities such as courts and tribunals need to interpret legislation and develop case law in a way which is compatible with the rights set out in the Convention. Since the HRA came into force there have been cases in areas like copyright and data protection where the significance of human rights such as the freedom of expression and the right to privacy have been explored. The passing of the HRA has been described as one of the biggest constitutional changes to British law for centuries. Most of the rights in the ECHR have been included in the HRA. The ECHR was established in the aftermath of World War II by the Council of Europe. It guarantees largely civil and political rights rather than social and economic ones. The Council of Europe is quite separate from the European Union. It has its own Court of Human Rights in Strasbourg. Before the implementation of the Human Rights Act people were already able to go to the Strasbourg court to claim their rights under the ECHR. However, the ECHR was not previously part of the UK’s domestic law, so our courts were not normally able to deal with claims. The HRA represents a unique model for implementing the ECHR. It preserves

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 221

HUMAN RIGHTS

221

a subtle compromise between incorporating the European Convention rights whilst retaining parliamentary sovereignty. It does this by creating a general requirement that all legislation must be read and given effect in a way which is compatible with the convention. It also requires all public authorities to act in compliance with the convention unless prevented from doing so by statute. The Act does not make the convention directly enforceable. It does not allow the convention to override primary legislation, even if there is incompatibility, thus retaining the sovereignty of parliament. If incompatibility occurs, then the higher courts, on appeal, may issue a ‘declaration of incompatibility’, which will then be fast tracked to Parliament for amendment. The HRA does three key things: 1 It makes it unlawful for a public authority, like a government department, local authority or the police, to breach the Convention rights, unless an Act of Parliament means it couldn’t have acted differently. 2 It means that cases can be dealt with in a UK court or tribunal. Previously, anyone who felt that their rights under the Convention had been breached had to go to the European Court of Human Rights in Strasbourg. 3 It says that all UK legislation must be given a meaning that fits with the Convention rights, if that’s possible. If a court decides that this is not possible it will be up to Parliament to decide what to do. Particularly relevant to library and information professionals are Articles 8 and 10 of the ECHR. Article 8 on the right to respect for private and family life is relevant in areas such as data protection and breach of confidence; whilst Article 10 on the right to freedom of expression is relevant in areas such as copyright, freedom of information and libel. It is important to recognise that a number of the rights set out in the Convention are not absolute rights and that restrictions to those rights may be necessary and can be justified in certain circumstances. There are in fact three different types of rights: absolute, limited and qualified rights: 1 Absolute rights are ones which member states cannot remove or limit. An example of an absolute right would be the right to protection against torture. 2 Limited rights are ones which can be limited under specific and finite circumstances. An example of a limited right would be the right to liberty, because this can be restricted where a person is imprisoned once they have been convicted of a crime by a competent court. 3 Qualified rights are rights which require a balance between the rights of the individual and other interests. An example would be Article 10 on freedom of expression. It must always be balanced against Article 8, which protects the right to respect for a person’s private and family life.

Figure 10.1 Three different types of rights

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 222

222

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

Article 8: Right to respect for private and family life 1. Everyone has the right to respect for his private and family life, his home and his correspondence. 2. There shall be no interference by a public authority with the exercise of this right except such as in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals or for the protection of the rights and freedoms of others. Article 10: Freedom of expression 1. Everyone has the right to freedom of expression. This right shall include freedom to hold opinions and to receive and impart information and ideas without interference by public authority and regardless of frontiers …. 2. The exercise of these freedoms, since it carries with it duties and responsibilities, may be subject to such formalities, conditions, restrictions or penalties as are necessary, in a democratic society, in the interests of national security, territorial integrity or public safety, for the prevention of disorder, or crime, for the protection of the reputation or rights of others, for preventing the disclosure of information received in confidence, or for maintaining the authority and impartiality of the judiciary.

Figure 10.2 Articles 8 and 10 of the European Convention on Human Rights The Council of Europe has a directorate covering the information society and action against crime. The directorate covers areas such as freedom of expression, data protection, internet governance and cybercrime.

10.1.2 Fundamental Rights Agency A European Union Agency for Fundamental Rights (FRA) was established in 2007 (http://fra.europa.eu/en). The FRA is an advisory body of the EU. It was created by a legal act of the EU and is based in Vienna, Austria. It helps to ensure that the fundamental rights of people living in the EU are protected. It does this by collecting evidence about the situation of fundamental rights across the European Union and providing advice, based on evidence, about how to improve the situation. The FRA also informs people about their fundamental rights. The Agency focuses on the situation of fundamental rights in the EU and its Member States. Candidate countries and countries which have concluded a stabilisation and association agreement with the EU can also be invited to participate following a special procedure. The FRA liaises on a regular basis with the Council of Europe in order to ensure that there is no unnecessary duplication between the work of the Agency and that of the Council. Both institutions may at times work on either the same or similar issues. The Agency’s data collection and evidence-based analyses may complement the work undertaken by the Council of Europe’s monitoring

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 223

HUMAN RIGHTS

223

bodies. The Council of Europe remains the major point of reference as regards human rights.

✒ Useful resource The FRA maintains a case law database, http://fra.europa.eu/en/case-lawdatabase, which provides a compilation of Court of Justice of the European Union (CJEU) and European Court of Human Rights (ECtHR) case law with direct references to the Charter of Fundamental Rights of the European Union.

10.2

Guiding principles for library and information professionals

All actions of library and information professionals should take place in a framework where human rights are respected. Directly relevant to the work of librarians is the right to freedom of expression, which includes the freedom to hold opinions and to receive and impart information and ideas without interference by public authorities. CILIP’s Ethical Framework (2018) states that ‘as an ethical information professional I make a commitment to uphold, promote and defend … human rights, equalities and diversity, and the equitable treatment of users and colleagues’. See Appendix 2 for the full text of the framework. This commitment should be demonstrated by information professionals regardless of whether we are referring to the hard copy or the electronic environment. The Declaration of the Committee of Ministers (of the Council of Europe) on Human Rights and the Rule of Law in the Information Society (CM(2005)56 final 13 May 2005) states that: Freedom of expression, information and communication should be respected in a digital as well as in a non-digital environment, and should not be subject to restrictions other than those provided for in Article 10 of the ECHR, simply because communication is carried in digital form.

10.3

Human rights and data protection

Article 8 of the ECHR says that everyone has the right to respect for his private and family life, his home and his correspondence. But the Convention makes clear that this has to be balanced against issues of national security, public safety, the prevention of disorder or crime, and so on. One area where human rights and data protection issues converge is the use of thumbprints in place of library cards.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 224

224

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

School libraries throughout the UK have implemented technology, enabling pupils to take out books by scanning their thumbprints instead of using a card. Such systems are intended to replace library cards and save time and money in managing the libraries. However, the use of biometric information in this way to manage loans of library books has raised privacy concerns. In 2006, the Department for Education and Skills (now known as the Department for Education) and the Information Commissioner said that parents could not prevent schools from taking their children’s fingerprints (The Register, 2006). However, the pressure group Privacy International expressed the view that the practice breached both the DPA and the human rights of the individual children concerned. In 2012 there was a change in the law which provides added protections regarding the use of children’s biometric information. Chapter 2 of The Protection of Freedoms Act 2012 requires parental consent before processing of children’s biometric information can be permitted. Under section 26(5) of the Act, even if the parent has consented, a school must not process or continue to process the data if the child objects: ‘... if, at any time, the child – (a) Refuses to participate in, or continue to participate in, anything that involves the processing of the child’s biometric information, or (b) otherwise objects to the processing of that information, The relevant authority must ensure that the information is not processed, irrespective of any consent given by a parent of the child.’ Where a child does object, they must be provided with a reasonable alternative to the biometric system, according to section 26(7).

Figure 10.3 School libraries’ use of thumbprints in place of library cards In a report by Laurant on privacy and human rights, EPIC and Privacy International (2003) stated that ‘Of all the human rights in the international catalogue, privacy is perhaps the most difficult to define and circumscribe’. They further state ‘in one sense, all human rights are aspects of the right to privacy’. Privacy has a functional relationship with liberty, autonomy, selfhood, human relations, equal treatment and trust, and furthers the existence of a free society. If we were to experience limitations on our privacy, for whatever reason, the question would therefore arise as to what other values are being placed at risk, which makes it all the more important to secure the values that form the foundation of our liberal democratic society. Are we, for example, really willing to relinquish privacy and a host of other values in the name of security? What about the questions of necessity and proportionality?

10.4

Human rights and copyright

Article 27 of the Universal Declaration of Human Rights 1948 says:

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 225

HUMAN RIGHTS

(1)

(2)

225

Everyone has the right freely to participate in the cultural life of the community, to enjoy the arts and to share in scientific advancement and its benefits. Everyone has the right to the protection of the moral and material interests resulting from any scientific, literary or artistic production of which he is the author.

This Article demonstrates the difficulty of trying to balance the competing interests of the various stakeholders in copyright law. On the one hand there is the need to respect the IPRs of others, including their right to deploy technical protection measures. On the other hand, there is the fundamental right to freedom of expression and free flow of information, access to knowledge and education and the promotion of scientific research and development. Independent experts from around the world met in Geneva in 2003 for a preparatory conference ahead of the World Summit on the Information Society in order to discuss fundamental human rights in the information society. They produced a statement (PDHRE, 2003) in which paragraphs 22–27 deal with The Public Domain and Intellectual Property Rights: Intellectual property regimes and national and international agreements on patents, copyright and trade marks should not prevail over the right to education and knowledge. This right must indeed be exercised through the concept of fair use, that is, use for non-commercial purposes, especially education, and research. (Para. 26) The information and communication society will not contribute to human development and human rights unless and until access to information is considered a public good to be protected and promoted by the state. Information in the public domain should be easily accessible to support the information society. Intellectual property rights should not be protected as an end in itself, but rather as a means to an end that promotes a rich public domain, shared knowledge, scientific and technical advances, cultural and linguistic diversity and the free flow of information. Public institutions such as libraries and archives, museums, cultural collections and other community-based access points should be strengthened so as to promote the preservation of documentary records and free and equitable access to information. (Para. 27)

Copyright duration and the human right to property In 2013, Parliament approved powers to remove complex rules relating to the period of protection for unpublished works which remained unpublished at the point when the CDPA 1988 came into force. This power (set out in section 76

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 226

226

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

of the Enterprise and Regulatory Reform Act 2013) was introduced with a view to simplifying copyright law in the UK and encouraging the publication of previously unpublished works, while continuing to protect copyright owners for an appropriate period (for more detail about the ‘2039 rule’ see Section 3.1.2.1). The Intellectual Property Office considered the possibility of removing the 2039 rule whereby works that were unpublished at the time of the coming into force of the 1988 CDPA would continue to have copyright protection until 31 December 2039, even if they were hundreds of years old. A consultation paper on reducing the duration of copyright in certain unpublished works was published by the IPO in October 2014. However, several respondents to the consultation suggested that the removal of the copyright granted under the 2039 rule may not be permitted on human rights grounds as it could be deemed a deprivation of property. The Government recognised these concerns and in 2015 published its response to the consultation exercise in which they chose not to switch from the 2039 rule to the standard term of protection – the author’s lifetime plus 70 years – which is what they had originally proposed. The First Protocol of the ECHR in 1952 includes a Right of Property (http://www.echr.coe.int/Documents/Convention_ENG.pdf): Protocol to the Convention for the Protection of Human Rights and Fundamental Freedoms Paris, 20.III.1952 ARTICLE 1 Protection of property Every natural or legal person is entitled to the peaceful enjoyment of his possessions. No one shall be deprived of his possessions except in the public interest and subject to the conditions provided for by law and by the general principles of international law. The preceding provisions shall not, however, in any way impair the right of a State to enforce such laws as it deems necessary to control the use of property in accordance with the general interest or to secure the payment of taxes or other contributions or penalties. The right to property is not an absolute right. It clearly states that no one shall be deprived of his possessions except in the public interest. The government was all set to remove the 2039 rule but changed their minds after a few consultation respondents raised the issue of human rights. This is a good example of the need to balance the competing rights and interests involved.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 227

HUMAN RIGHTS

227

SIA AKKA/LAA v. Latvia (ECtHR application no. 562/05) Background: In the late 1990s, a Latvian collective management organisation (SIA AKKA/LAA – the Latvian name translates as Copyright and Communication Consulting Agency Ltd/Latvian Authors Association) failed to conclude new licence agreements with several broadcasting companies in Latvia. In spite of this, some of the broadcasters continued to use protected musical works. In 2002, SIA AKKA/LAA issued civil proceedings against several of the broadcasters, specifically they lodged a claim for copyright infringement against a private radio station. The radio station lodged a counterclaim arguing that the collective management organisation had abused its dominant position and had fixed an unreasonably high royalty rate. In 2003 the radio station was held to have infringed the author’s rights and they were ordered to conclude a licence agreement for the next three-year period with a royalty rate set at 2% of the radio station’s monthly net turnover. A similar claim was lodged against a stateowned radio company in 2003, which was also ordered by the court to conclude a licence agreement. In bringing the case before the ECtHR, the collecting society relied on two Articles from the Convention. Relying on Article 1 (protection of property) they complained that the decisions of the national courts had restricted the exclusive rights of the authors they represented to freely conclude licence agreements for their works. Relying on Article 6 (right to a fair hearing) they complained about the extension of the limits of the counterclaim in the second set of proceedings. The Court reiterated (in paragraph 41 of the ECtHR judgment) that the protection of intellectual property rights, including the protection of copyright, does fall within the scope of Article 1 of Protocol No. 1 to the Convention which reads: Every natural or legal person is entitled to the peaceful enjoyment of his possessions. No one shall be deprived of his possessions except in the public interest and subject to the conditions provided for by law and by the general principles of international law. The preceding provisions shall not, however, in any way impair the right of a State to enforce such laws as it deems necessary to control the use of property in accordance with the general interest or to secure the payment of taxes or other contributions or penalties. Paragraph 70 of the ECtHR judgment says: It appears from the decisions adopted by the domestic courts that over an extended period of time protected works were being broadcast without a valid licence, and that this situation was to a certain extent due to the

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 228

228

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

applicant organisation’s limited efficiency in carrying out negotiations with the defendants. These observations attest to the domestic court’s efforts to maintain a balance between the rights of the applicant organisation to obtain equitable remuneration from the use of musical work, on the one hand, and the defendants’ interest to obtain a licence allowing them to legally broadcast rights-protected work. In these circumstances the domestic courts’ judgment on the question of public interest could not be considered as manifestly without reasonable foundation. There is no violation of the right to property when national courts order the parties to conclude a licence agreement and set the royalty rate, as long as these measures are lawful, in accordance with the general interest, and fairly balanced. Outcome: The European Court of Human Rights unanimously held: • That there had been no violation of Article 1 of Protocol No. 1 to the Convention; and • That there had been no violation of Article 6(1) of the Convention.

10.5

Human rights and freedom of expression

The case of Von Hannover v. Germany explored the issues relating to freedom of expression (Article 10) and the need to balance this with the right to privacy (Article 8). This is summarised below.

Von Hannover v. Germany (ECHR judgment 24 June 2004) Background: Princess Caroline of Monaco does not hold any official position, although she does sometimes attend public events on behalf of her family. The Federal Constitutional Court in Germany refused to restrain the further publication of photographs which showed Princess Caroline in a variety of public places on the basis that there was a legitimate public interest in how a ‘public figure par excellence’ behaved generally in public. The Princess applied to the ECtHR on the ground that the decision of the German court infringed her right to respect for her private and family life under Article 8 of the Convention. Under German law she had protection for her privacy if she was in a ‘secluded place’ but the way that this was defined was too narrow to give her any assistance. Photographs that the Princess complained about showed her going about activities such as shopping, skiing, playing tennis or riding a horse. The court made a distinction between reporting facts that are capable of contributing to a public or political debate which is of general interest and reporting the details of the private life of an individual who does not exercise official functions.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 229

HUMAN RIGHTS

229

Outcome: The ECHR considered the need to balance the competing interests of the freedom of expression guaranteed by Article 10 with the right of privacy in Article 8 of the Convention. They decided that there had been a violation of Princess Caroline’s right to privacy under Article 8 of the ECHR.

Access to books in prison – R (on the application of Barbara Gordon-Jones) v. Secretary of State for Justice & the Governor of HM Prison Send [2014] EWHC 3997 (Admin) Barbara Gordon-Jones was a prisoner at Send Prison. She challenged restrictions which had been put in place relating to the ability of prisoners to receive or have books for their use. She has a doctorate in English literature and a real love of books. She found restrictions placed on her ability to have available books which are not easily obtainable through the prison library particularly harsh. The judge acknowledged that the books she wanted to read were not those normally required by prisoners. The blanket ban on sending books to prisoners in England and Wales was declared unlawful by the high court. Mr Justice Collins quashed the ban which had been imposed by the then justice secretary (Chris Grayling) and ordered the Secretary of State to amend the policy on what can be sent to prisoners. He said: ‘A book may not only be one which a prisoner may want to read but may be very useful or indeed necessary as part of a rehabilitation process’. Michael Gove replaced Chris Grayling as Justice Secretary and he eased the ban on friends and family sending books to prisoners. Rules lifting restrictions on sending books were further amended to make clear that family, friends and others do not have to send books ordered from four specified retailers. Instead, they are able to send packages directly. These packages are, though, subject to full security checks, including the use of sniffer dogs, and are scanned before being passed on to prisoners. Under the ECHR, the European Court of Human Rights (ECtHR) may grant three types of damages. 1 Costs and expenses. First, compensation may be granted for the costs of the legal procedure itself – lawyers, travel costs, gathering documents, etc. 2 Pecuniary damage. Second, the Court may award damages for direct, material harm. For example, due to a privacy violation, a person has lost his job, or, when the police raids the home of a person without a warrant, they destroy a number of items in that home or damage the property. In such

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 230

230

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

cases, financial compensation may be awarded to the victim in the form of pecuniary damages. 3 Non-pecuniary damage. Third, the ECtHR may award non-pecuniary damages for what could be qualified as dignitary harm. This covers compensation for anxiety, inconvenience and uncertainty relating to the violation. Examples may be the very fact that the state or governmental official obtained certain personal information, even though that information has not been used or abused, or the bodily or psychological integrity of a person is violated. Under the European Convention on Human Rights, privacy is not approached as a concept that plays a role in horizontal relationships (for example between a consumer and a company), but in vertical relationships (between a citizen and a state). The United Nations Declaration on the Rights of Indigenous Peoples (https://www.un.org/development/desa/indigenouspeoples/declaration-onthe-rights-of-indigenous-peoples.html) is the pre-eminent international instrument elaborating on the rights of Indigenous peoples. It contains the minimum standards for the survival, dignity and wellbeing of Indigenous peoples all over the world. At its core, the Declaration is based on the principles of self-determination, good faith and participation in decision-making. Gooda (2010) outlines how the principles of the Declaration can and should influence archival and record keeping practices. He suggests that people need to harness the practical power of human rights. By way of example he believes that it is critical that Aboriginal and Torres Strait Islander peoples are substantive and major stakeholders in determining appropriate archival and record keeping processes for Indigenous culture, cultural property and knowledge.

10.6

Further information

Global Network Initiative (www.globalnetworkinitiative.org) is an initiative to protect and advance freedom of expression and privacy in the ICT sector. GNI helps companies to respect those rights when faced with government pressure to hand over user data, remove content or restrict communications. Internet Rights & Principles Coalition (2014). The charter of human rights and principles for the internet.

References CILIP (2018) Ethical Framework, https://cdn.ymaws.com/www.cilip.org.uk/resource/resmgr/cilip/policy/ new_ethical_framework/cilip_s_ethical_framework.pdf. Council of Europe (2005) Declaration of the Council of Ministers on Human

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 231

HUMAN RIGHTS

231

Rights and the Rule of Law in the Information Society, CM(2005)56 final, 13 May, https://www.coe.int/t/dgap/goodgovernance/activities/public_ participation_internet_governance/Declaration-Information-Society/ 011_DeclarationFinal%20text_en.asp. EPIC and Privacy International (2003) Privacy & Human Rights 2003: An international survey of privacy laws and developments. Gooda, M. (2010) The Practical Power of Human Rights: how international human rights standards can inform archival and record keeping practices, Archival Science, 12 (2), 141–150, https://link.springer.com/article/10.1007%2Fs10502-011-9166-x. Jaeger, P. T., Greene, N. and Gorham, U. (2015) Libraries, Human Rights and Social Justice: enabling access and promoting inclusion, Rowman & Littlefield. PDHRE (2003) Statement on Human Rights, Human Dignity and the Information Society, International Symposium on the Information Society, Human Dignity and Human Rights, Palais des Nations, Geneva, 3-4 November 2003, www.pdhre.org/wsis/statement.doc. The Register (2006) Schools Can Fingerprint Children Without Parental Consent, 7 September, www.theregister.co.uk/2006/09/07/kiddyprinting_allowed.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 232

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 233

CHAPTER 11

The Re-use of Public Sector Information

Contents 11.1 Background 11.2 General principles 11.3 Public task 11.4 UK government licensing framework 11.5 Right to data 11.6 Charging 11.7 Complaints procedure 11.8 New Open Data and PSI Directive 11.9 Further information References

11.1

Background

In a study produced by PIRA (2000), it was estimated that the size of the European information industry was EUR 68 billion whereas by contrast the figure was EUR 750 billion for the USA. The European Commission and others attributed this to the fact that in America federal government information is not subject to copyright and that therefore most federal government information can be re-used with virtually no restrictions. The European Commission judged that there was enormous scope for growth in this area, especially in terms of developing pan-European products and services. Recognising the value that public sector information (PSI) can contribute to the economy, the Commission passed a Directive in 2003 (2003/98/EC) on the re-use of public sector information and this was implemented in the UK through The Re-Use of Public Sector Information Regulations 2005: SI 2005/1515. Article 13 of the 2003 Directive committed the Commission to carrying out a review of the application of the Directive before 1 July 2008. The review led the European Commission to conclude that there was further scope to promote a more open and proactive approach to the re-use of public sector information. Indeed, they considered that Europe’s public administrations were sitting on a goldmine of unrealised economic potential. The Commission therefore launched an open data strategy for Europe, which was anticipated to deliver a

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 234

234

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

EUR 40 billion boost to the EU’s economy each year. The total direct economic value of PSI is expected to increase from a baseline of EUR 52 billion in 2018 for the member states to EUR 194 billion in 2030 (https://ec.europa.eu/digital-single-market/en/proposal-revision-public-sectorinformation-psi-directive). In June 2013, the European Commission passed Directive 2013/37/EU which amended the earlier Directive (2003/98/EC) and this was implemented in the UK in July 2015 through the Re-Use of Public Sector Information Regulations 2015: SI 2015/1415. The RPSI regulations of 2015 brought public sector libraries, museums and archives within the remit of the re-use legislation for the first time.

11.2

General principles

The UK government recognises the importance of public sector information and its social and economic value beyond the purpose for which it was originally created. The public sector therefore needs to ensure that simple licensing processes are in place to enable and encourage civil society, social entrepreneurs and the private sector to reuse this information in order to: • Promote creative and innovative activities, which will deliver social and economic benefits for the UK. • Make government more transparent and open in its activities, ensuring that the public are better informed about the work of the government and the public sector. • Enable more civic and democratic engagement through social enterprise and voluntary and community activities. The main obligations under the Re-Use of Public Sector Information Regulations 2015 are: • Public sector documents that are available for reuse should be readily identifiable. • Documents should generally be available for reuse at marginal cost (although this stipulation does not apply to libraries, museums and archives). • Public sector bodies should deal with applications to reuse information in a timely, open and transparent manner. • The process should be fair, consistent and non-discriminatory. The current legislation on the re-use of public sector information:

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 235

THE RE-USE OF PUBLIC SECTOR INFORMATION

235

• Makes it a general rule that all documents made accessible by public sector bodies can be re-used, unless protected by third party copyright. • Establishes the principle that public bodies should not be allowed to charge more than the costs triggered by the individual request for data (marginal costs). In practice, this means most data is offered for free or virtually for free, unless duly justified (this stipulation does not apply to libraries – for more details see Section 11.6 on charging). • Makes it compulsory to provide data in commonly-used, machine-readable formats, to ensure data can be effectively re-used. • Introduces regulatory oversight to enforce these principles. • Massively expands the reach of the original Directive to include libraries, museums and archives. The scheme to help make the reuse of public sector information both easy and transparent is overseen by The National Archives. The key elements of the scheme are shown in Figure 11.1. • Licence terms: public sector bodies have an obligation to publish licence terms. • Details of charges: where applicable these must be published and must be fair and consistent. • Responses to requests to be within a set time limit of 20 working days (in line with FOIA). • Asset lists: an obligation on public sector bodies to produce a list of its main documents available for re-use with relevant metadata. • Robust complaints procedures: public sector bodies are required to establish an internal complaints procedure to determine complaints arising under the Regulations.

Figure 11.1 Main elements of the scheme for reusing public sector information

Regulation 8(2) of SI 2015/1415 does allow scope for a public body to take longer than 20 working days to respond to a request where the request is extensive or complex: ‘Where documents requested for re-use are extensive in quantity or the request raises complex issues the public sector body may extend the period for responding by such time as is reasonable in the circumstances’. The scope of the Re-Use of Public Sector Information Regulations 2015 differs from the freedom of information regime. Whilst both FOIA and the Re-use Regulations relate to the public sector, the range of public sector bodies covered by the two regimes differs. This isn’t surprising if one bears in mind that the RPSI regulations implement a European directive, whereas the FOIA was initiated by the Westminster parliament. The Regulations cover most of the public sector including:

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 236

236

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

• Central government, including government trading funds and executive agencies. • Local government. • The National Health Service. • Police and crime commissioners. • Parliament. There are, however, some notable exclusions: • Public service broadcasters and their subsidiaries, and other bodies and their subsidiaries for the purposes of the provision of programme services. • Educational and research establishments, including organisations established for the transfer of research results, schools and universities (except university libraries). • Cultural establishments, other than libraries, museums and archives. The FOIA is all about access to information. The Re-Use Regulations go beyond access by dealing with the reuse of that information, for example, by publishing and making the information available to a wider audience. A key point to note is that any information that is exempt under the FOIA is not available for reuse.

11.3

Public task

The term ‘public sector information’ can be defined as being the wide range of information that public sector bodies collect, produce, reproduce and disseminate in many areas of activity while accomplishing their public task. The way in which the public task of an institution is defined is pivotal to the way in which the re-use of public sector information legislation works. Information which falls within the public task is covered by the Regulations and could be made available for re-use under them, however this is not the case for information which falls outside the public task. It is therefore essential for each public body to define its public task. The exclusion for non-public task material is only available where the scope of the public task is ‘transparent and subject to review’ (see Regulation 5(1)). The public task relates to the core role and functions of the public sector body, such as a public sector library or cultural heritage institution. There is no prescribed format for libraries to follow. The style and detail of the public task statement is instead a matter for each public body. The statement must be made public and be open for challenge if others think it is inaccurate or incomplete. Whether or not information is part of a public sector body’s public task is a strong factor in determining whether or not is should be charged for. It also

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 237

THE RE-USE OF PUBLIC SECTOR INFORMATION

237

informs decisions about whether or not to maintain or continue collecting the information.

✒ Useful resource The National Archives publishes guidance on public task statements (National Archives, 2015) http://www.nationalarchives.gov.uk/documents/informationmanagement/guidance-on-public-task-statements.pdf.

11.3.1 The ‘public task’ of public sector libraries The Regulations on re-use only apply to information in libraries which forms part of their ‘public task’. Some local authority library services will have been covered by public task statements issued by their Authorities. However, as the Regulations work differently for cultural public sector bodies, there can be a case for libraries having separate public task statements from their parent local authorities. Sample library statements of public task: • British Library – statement of public task http://www.bl.uk/aboutus/stratpolprog/pubsect-info-regulations/faq/bl-psipublic-task-statement.pdf • Lincolnshire County Council – public task statement: libraries https://www.lincolnshire.gov.uk/residents/discover-libraries/what-we-offer/ public-task-statement-libraries/127444.article • National Library of Scotland – statement of public task https://www.nls.uk/media/1176696/2015-07-statement-of-public-task.pdf • Nottingham Trent University – public task statement https://www4.ntu.ac.uk/library/about_us/public-task-statement/index.html.

11.4

UK government licensing framework

The National Archives has developed the UK Government Licensing Framework (UKGLF). The framework provides a policy and legal overview of the arrangements for licensing the use and re-use of public sector information both in central government and the wider public sector. It sets out best practice and standardises licensing principles. The UKGLF covers a wide spectrum of official information ranging from copyrighted images and text, data, software and source codes for both commercial and non-commercial purposes. The UKGLF sets out the Government’s guiding principles for licensing the use of public sector information which are:

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 238

238

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

• Simplicity of expression – the terms should be expressed in such a way that everyone can understand them easily. • Non-exclusivity – so that access can be provided to a range of users on fair and equal terms. • Fairness of terms. • Non-discrimination – terms are extended fairly to all for similar uses. • The need for acknowledgement and attribution. • The need for transparency by publishing standard licence terms. The UKGLF consists of three different licence types, of which the most heavily used is the open government licence.

11.4.1 UK Open Government Licence Government policy is that public sector information should normally be licensed for use and re-use free of charge. The default position is that ‘free of charge’ should be achieved using the Open Government Licence which permits use and reuse for both commercial and non-commercial purposes. On 30 September 2010, The National Archives launched the first UK Open Government Licence. It is a key element of the government’s commitment to greater transparency. The licence is simple, streamlined and consists of a single set of terms and conditions which provides assurance at a glance to anyone wishing to use or license government information. The licence is completely flexible and works in parallel with other internationally recognised licensing models such as Creative Commons. Since it was originally launched in 2010, the Open Government Licence has developed and evolved through a number of iterations. At the time of writing, version 3 is the current version of the licence terms. The licence is applicable across the entire public sector both in terms of geography – because its coverage includes England, Scotland, Wales and Northern Ireland – as well as by type of public body, whether central government department, local authority or another public body that wishes to make their data more accessible to taxpayers. The Open Government Licence enables free reuse of a broad range of public sector information, including Crown copyright, databases and source codes. In addition, the licence does not require users to register or formally apply for permission to reuse data. The Open Government Licence is available in machine-readable format on The National Archives’ website: www.nationalarchives.gov.uk/doc/opengovernment-licence/version/3.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 239

THE RE-USE OF PUBLIC SECTOR INFORMATION

239

TIP: Check whether the content is governed by the Open Government Licence, because not all government information is available under the terms of that licence (this could be indicated by means of the ‘OGL’ symbol, and/or the information provider may have included a hyperlink to the text of the Open Government Licence). The licence is: • Worldwide. • Royalty free. • Perpetual. • Non-exclusive. It lets you: • Copy, publish, distribute or transmit the information. • Adapt the information. • Exploit the information commercially. What you must do: • Acknowledge the source of the information by including any attribution statement specified by the Information Provider and where possible provide a link to this licence. What you must not do: • Use the information in any way that suggests any official status or that the Information Provider endorses your use of the information. • Mislead others or misrepresent the information or its source. • Use the information in a way which would breach the DPA or The Privacy and Electronic Communications (EC Directive) Regulations 2003. The terms of the licence have been aligned to be interoperable with: • Any Creative Commons Attribution Licence which covers copyright. • Open Data Commons Attribution Licence, which covers database rights and applicable copyright. This licence does not cover the use of: • Personal data in the information. • Information that has neither been published nor disclosed under information access legislation (including the Freedom of Information Acts for the UK and Scotland) by or with the consent of the Information Provider. • Departmental or public sector organisation logos, crests and the Royal Arms except where they form an integral part of a document or dataset. • Military insignia. • Third party rights the Information Provider is not authorised to license. • Information subject to other intellectual property rights, including patents, trade marks, and design rights. • Identity documents such as the British Passport.

Figure 11.2 Key features of the Open Government Licence

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 240

240

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

11.4.2 The non-commercial government licence The UKGLF default position is that public sector information should be licensed for use and re-use free of charge under the OGL which permits both commercial and non-commercial uses. However, there are specific circumstances where information may only be released for use and re-use for non-commercial purposes. The Non-Commercial Government Licence has been developed to meet those situations. Licensees are required to include an attribution statement, usually specified by the Information Provider, in any use of the information. Where a public sector body licenses its information under the Non-Commercial Government Licence, it should insert a visible statement asserting this and provide the NonCommercial Government Licence URI (Uniform Resource Indicator) or URL (Uniform Resource Locator) in the information. ‘Non-commercial use’ is defined as: Use that is not intended for or directed toward commercial advantage or private monetary compensation. For the purposes of the UK Government Licensing Framework, ‘private monetary compensation’ does not include the exchange of the Information for other copyrighted works by means of digital file-sharing or otherwise provided there is no payment of any monetary compensation in connection with the exchange of the Information. (National Archives, 2016)

11.4.3 The charged licence There are some circumstances where it is appropriate to charge for use and reuse. The charged licence is designed for those circumstances. It is the least frequently used of the three licence types that make up the government licensing framework. The chargeable licence is used to license the use and re-use of information subject to copyright or database right for which Information Providers have chosen to charge cost recovery and a reasonable rate of return for its use and reuse. It is only used for Crown copyright information where the Information Provider holds a delegation of authority from the Controller of HMSO to license the information it produces.

11.5

Right to data

In The Coalition: our programme for government (Cabinet Office, 2010) it said: ‘We will create a new “right to data” so that government-held datasets can be requested and used by the public, and then published on a regular basis’.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 241

THE RE-USE OF PUBLIC SECTOR INFORMATION

241

As part of that commitment, the Cabinet Office asked all government departments to develop a plan to give access to datasets on request, and to identify key datasets that they will proactively disclose. Section 102 of The Protection of Freedoms Act 2012 covers the release and publication of datasets held by public authorities. It inserts section 11A into the Freedom of Information Act 2000. Chapter 11 of the Freedom of Information Code of Practice (Cabinet Office, 2018) covers datasets (https://www.gov.uk/ government/publications/freedom-of-information-code-of-practice). The term ‘dataset” is defined in subsection 11(5) of the FOIA (as amended): In this Act ‘dataset’ means information comprising a collection of information held in electronic form where all or most of the information in the collection— (a) has been obtained or recorded for the purpose of providing a public authority with information in connection with the provision of a service by the authority or the carrying out of any other function of the authority, (b) is factual information which— (i) is not the product of analysis or interpretation other than calculation, and (ii) is not an official statistic (within the meaning given by section 6(1) of the Statistics and Registration Service Act 2007), and (c) remains presented in a way that (except for the purpose of forming part of the collection) has not been organised, adapted or otherwise materially altered since it was obtained or recorded. The philosophy behind making datasets of raw public sector information readily available in formats which make it as easy as possible for them to be reused is that people will then be able to add value to that data designing all manner of ingenious and innovative applications and that this process will be worth many millions of pounds to the economy, far more than the amount that the government would be able to make from selling licences to reuse that data. Tim Berners Lee said: ‘the thing people are amazed about with the web is that, when you put something online, you don’t know who is going to use it – but it does get used’ (Crabtree and Chatfield, 2010).

11.6

Charging

Regulation 15 of SI 2015/1415 specifies that a public sector body may charge for permitting re-use, but that any charge for re-use must be limited to the marginal costs incurred in respect of the reproduction, provision and dissemination of documents.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 242

242

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

The stipulation regarding marginal cost does not apply to libraries (including university libraries), museums and archives. Neither does it apply in the case of documents for which the public sector body making the charge is required to generate sufficient revenue to cover a substantial part of the costs relating to their collection, production, reproduction or dissemination. Libraries, museums and archives are permitted to factor into any charges a reasonable return on investment. This means, for example, that when charging to make a digitised collection available for re-use the level of charging could take into account the resources which have been devoted to conservation and digitisation.

11.6.1 Public/private partnerships and exclusivity deals Public sector libraries and cultural heritage institutions often find themselves unable to digitise their collection because of a lack of financial resources and are only able to obtain funding by entering into public/private partnerships. In exchange for providing the library or cultural heritage institution with the financial support necessary for digitisation, the private party is likely to want to retain exclusivity over the objects that are digitised and to impose restrictions on their further reproduction and making available to the public. Recital 31 of Directive 2013/37/EU recognises that a certain period of exclusivity might be necessary in order to give the private partner the possibility to recoup its investment. However, the recital also says that the exclusivity period should be as short as possible and should in general not exceed 10 years. Any public private partnership for the digitisation of cultural resources should grant the partner cultural institution full rights with respect to the posttermination use of digitised cultural resources. The following text was inserted into Article 11 of Directive 2003/98/EU by Directive 2013/37/EU: 2a. Notwithstanding paragraph 1, where an exclusive right relates to digitisation of cultural resources, the period of exclusivity shall in general not exceed 10 years. In case where that period exceeds 10 years, its duration shall be subject to review during the 11th year and, if applicable, every seven years thereafter. The arrangements granting exclusive rights referred to in the first subparagraph shall be transparent and made public. In the case of an exclusive right referred to in the first subparagraph, the public sector body concerned shall be provided free of charge with a copy of the digitised cultural resources as part of those arrangements. That copy shall be available for re-use at the end of the period of exclusivity.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 243

THE RE-USE OF PUBLIC SECTOR INFORMATION

243

It is worth noting that whilst the library or cultural heritage institution must be given a copy free of charge of the digitised cultural resources as part of any public/private partnership arrangement, it does not specify that this copy must be made available free of charge to the public at the end of the period of exclusivity.

11.7

Complaints procedure

When an individual or an organisation has a dispute with a public sector body over PSI, they have the right to redress. There are three separate components to the complaints process. The first stage of this process is for the PSI requestor to make a complaint to the body it is requesting information from. Regulation 17 of SI 2015/1415 requires public sector bodies to establish an internal complaints procedure to determine complaints under the Regulations. If the outcome of this complaint is unsatisfactory for the PSI requestor, the second stage is that they can take their complaint to the ICO, who is responsible for investigating PSI disputes and making binding decisions. If either party disputes the ICO’s decision, the third stage in the complaints process is that the ICO’s decision is appealable to the Information Rights FirstTier Tribunal. There is an exception to the three stage complaints process outlined above. Where the complaint concerns charging above marginal cost, the ICO will investigate the complaint, but will make a recommendation, not a binding decision. If the public sector body decides not to follow the Information Commissioner’s recommendation it must notify the complainant and give its reasons and it is open to the complainant to seek a binding decision from the First-Tier Tribunal. The rationale for the different arrangements in cases where the complaint relates to charging over and above marginal cost is that under the new redress process, only a judicial authority can make a binding decision which affects the funding of a public sector body.

11.8

New Open Data and PSI Directive

One of the features of EU directives is that they are periodically reviewed in order to assess whether or not they have achieved their original objectives and whether any modifications are required. In the case of the re-use of public sector information, the first directive was 2003/98/EC. This was updated by the amending directive 2013/37/EU. At the time of writing, further changes to the way in which the re-use of public sector information is regulated are anticipated. On 25 April 2018, the European Commission adopted a proposal for a

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 244

244

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

revision of the PSI Directive (the Proposal for a directive of the European Parliament and of the council on the re-use of public sector information (recast) COM (2018) 234 final – once adopted, the directive will be called the Open Data and Public Sector Information Directive). It was presented as part of a package of measures aiming to facilitate the creation of a common data space in the EU. This review also fulfils the revision obligation set out in Article 13 of the Directive. On 22 January 2019, negotiators from the European Parliament, the Council of the EU and the European Commission reached an agreement on the revised Directive. Once adopted, the new Directive will: • Identify, by way of adoption of an implementing act, a list of high value datasets, such as geospatial or statistics data, to be provided free of charge. These datasets have a high commercial potential and can speed up the emergence of value-added EU-wide information products and services and the development of AI. • Stimulate the publishing of dynamic data and the uptake of Application Programme Interfaces (APIs). • Limit the exceptions which currently allow public bodies to charge more than the marginal costs of dissemination for the re-use of their data. • Enlarge the scope of the Directive to: — data held by public undertakings, under a specific set of rules. In principle, the Directive will only apply to data which the undertakings make available for re-use. Charges for the re-use of such data can be above marginal costs for dissemination; — research data resulting from public funding – Member States will be asked to develop policies for open access to publicly funded research data. New rules will also facilitate the re-usability of research data that is already contained in open repositories. • Strengthen the transparency requirements for public–private agreements involving public sector information, avoiding exclusive arrangements.

11.9 Further information 11.9.1 Organisations Data Insight Authority Forum Website: www.datainsightauthorityforum.co.uk National Archives Kew, Richmond, Surrey TW9 4DU E-mail: [email protected] Tel: 020 8876 3444 Website: www.nationalarchives.gov.uk

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 245

THE RE-USE OF PUBLIC SECTOR INFORMATION

245

11.9.2 Publications European Commission (2014) Guidelines on Recommended Standard Licences, Datasets and Charging for the Reuse of Documents (2014/C 240/01), https://eur-lex.europa.eu/legal-content/EN/TXT/?uri= CELEX%3A52014XC0724%2801%29. Libraries Task Force (2018) Regulations on the Re-Use of Public Sector Information, https://librariestaskforce.blog.gov.uk/2018/02/22/ regulations-on-the-re-use-of-public-sector-information/. SCONUL et al. (2017) Copyright for Knowledge: implications of the new public sector information regulations for university libraries, www.sconul.ac.uk/sites/default/files/documents/PSI%20briefing.pdf. UK Government Licensing Framework, www.nationalarchives.gov.uk/information-management/re-using-publicsector-information/uk-government-licensing-framework.

References Cabinet Office (2010) The Coalition: our programme for government, web.archive.org/web/201808080503056/https://assets.publishing. service.gov.uk/government/uploads/system/uploads/attachment_data/file/ 78977/coalition_programme_for_government.pdf. Crabtree, J. and Chatfield, T. (2010) Mash the State, Prospect, February, 42–6. National Archives (2011) UK Government Licensing Framework, July 2011, www.nationalarchives.gov.uk/documents/information-management/ uk-government-licensing-framework.pdf. National Archives (2015) Guidance on Public Task Statements, http://www.nationalarchives.gov.uk/documents/informationmanagement/guidance-on-public-task-statements.pdf. National Archives (2016) UK Government Licensing Framework, 5th edn. PIRA (2000) Commercial Exploitation of Europe’s Public Sector Information: final report, http://ec.europa.eu/newsroom/document.cfm?doc_id=1195.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 246

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 247

CHAPTER 12

Defamation

Contents 12.1 Introduction 12.2 General principles 12.3 Slander 12.4 Libel 12.5 Defences to libel 12.6 Remedies 12.7 Defamation and the internet 12.8 Checklist References Notes

12.1

Introduction

Defamation law attempts to strike a balance between society’s interest in freedom of speech and the individual’s interest in maintaining their reputation. It is relevant to information professionals, whether they be responsible for intranets, publicly available websites or online databases; users of their organisation’s internet e-mail system; members of internet e-mail discussion groups; or authors of books or articles in their own right. The Defamation Act 2013 removed the previous presumption in favour of a trial by jury. Section 11 of the DA 2013 works on the basis that the trial should be without a jury unless the court orders otherwise.

12.2

General principles

English law distinguishes between libel (written) and slander (spoken). A statement is defamatory if it tends to: 1 Expose the person to hatred, ridicule or contempt. 2 Cause the person to be shunned or avoided. 3 Lower the person in the estimation of right-thinking members of society generally. 4 Disparage the person in his or her business, trade, office or profession.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 248

248

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

In Scottish law, libel and slander are virtually indistinguishable with regard to both the nature of the wrongs and their consequences. The terminology of Scottish defamation law differs from that of English law. Where individual English litigants enjoy absolute privilege for what they say in court, their Scottish counterparts have only qualified privilege. ‘Exemplary’, or ‘punitive’, damages are not awarded by the Scottish courts. According to D. M. Walker: ‘Absolute privilege protects all statements made in judicial proceedings, whatever the rank of the court or the position of the person sued, so long as it is not a gratuitous observation’ (Walker, 1988, 637–8). However, Walker confirms that in Scotland, a party only has qualified privilege in his pleadings. This also extends to tribunals if the procedures are similar in essence to a court. The Defamation Act 2013 introduced a new requirement that in order to be defamatory, a statement must have caused or be likely to cause serious harm to the reputation of the claimant. Section 1(2) says that ‘for the purposes of this section, harm to the reputation of a body that trades for profit is not “serious harm” unless it has caused or is likely to cause the body serious financial loss’.

12.3

Slander

Slander is oral defamation – the use of the spoken word to injure another person’s reputation. To be the basis of a legal action, a publication of the words complained of must demonstrably have taken place – that is, they must have been uttered within the hearing of a third party. It should be noted that the Scottish position is different as Scots law does not require that a defamatory statement be communicated to third parties before it is actionable. Among statements considered slanderous per se are those that: • Impute the commission of a felony, such as calling someone a murderer. • Impute an individual to be suffering from a communicable disease, such as leprosy. • Are injurious to an individual in their trade or profession – for example, saying that an accountant fiddles the figures. The party charged with the slander may hold, as a defence, that the words spoken were in fact true, inasmuch as true statements result in no injury to reputation. Defining slanderous language is sometimes difficult. The disputed words themselves need not be slanderous but may hold a hidden meaning, or innuendo, that the hearer understands, and that may therefore result in damage to the reputation of the slandered party. A defendant in a slander action cannot claim as a defence that another party had made the slanderous statement and that they were merely repeating the statement; nor can the defendant claim that they gave the name of the informant and expressed no opinion as to the truth.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 249

DEFAMATION

249

In some cases, words that would otherwise be considered actionable, or subject to laws of slander, may be uttered as a privileged communication. Privileged communications are words uttered for a purpose or in a context which is protected by law. Words uttered with qualified privilege for example, when giving an oral reference, are protected as long as the speaker is not motivated by malice. Words uttered with absolute privilege – for example, in parliament – can never be slander.

McManus v. Beckham (2003) Background: On 26 March 2001, Victoria Beckham visited a memorabilia and autograph business (GT’s Recollections) owned by the McManus family based in the Bluewater Shopping Centre in Kent. On seeing a signed photograph of David Beckham in a display cabinet at the entrance, Mrs Beckham said that the signature that they were selling was not that of her husband. She did so in front of other customers, proclaiming loudly that the store was ripping off customers by selling the autograph. The shop owners said this had damaged their reputation and sued Mrs Beckham for slander and malicious falsehood. Outcome: Victoria Beckham paid £155,000 in damages and costs (consisting of £55,000 in damages and £100,000 in legal costs). She issued a statement apologising for the hurt and damage her comments caused to the shop’s owners and she also donated several items of merchandise, which had been signed by David Beckham. (See Independent, 2003; Mirror, 2003.)

12.4

Libel

Defamation published in permanent form (such as writing, printing, drawings, photographs, radio and television broadcasts) is known as libel. You libel someone if you publish a defamatory statement about them, which you cannot defend. ‘Published’ in the legal sense means communicated to a person other than the plaintiff. So, for example, if a manuscript is sent to a publisher it would be deemed to have been published in the legal sense. A ‘defamatory statement’ is one that damages a person’s reputation. For example, it is defamatory to say that someone has committed a criminal offence. The courts will evaluate matters from the perspective of the ordinary person,1 so a statement would not be regarded as defamatory unless it would make ordinary readers think worse of the person concerned. An ordinary person in this context would be someone with the following characteristics: • Not naïve. • Not unduly suspicious. • Able to read between the lines.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 250

250

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

• Capable of reading in an implication more readily than a lawyer. • Capable of indulging in a certain amount of loose thinking. • Not avid for scandal. You can libel individuals, companies, partnerships and businesses. You cannot libel the dead and you cannot libel local authorities or other government bodies, although you can libel the individuals employed by those organisations. It is possible to libel someone even if you do not name them. Only people who are identified by the offending material can sue, but it is important to bear in mind that you might be identifying someone inadvertently. If, for example, there is only one 27-year-old male librarian living in a particular village, then describing him as such could identify him whether you name him or not. Small groups may also be identifiable and all its members may be able to sue. For example, if you were to write that ‘one of the members of the ethics committee has been convicted of murder’ and the ethics committee only consisted of five people this casts suspicion on all five people as it could be referring to any of them. As such the statement would be actionable. In an action for damages for libel, the plaintiff is required to establish that the matter they complain of: • Has been published by the defendant (publication). • Refers to the plaintiff (identification). • Is defamatory (defamatory words or gestures).

Library employee fired for writing a book about the library where she worked Background: Sally Stern-Hamilton wrote a book entitled The Library Diaries, which was written under the pseudonym Ann Miketa. She was a Mason County (Michigan) District library employee. The book was about library patrons and was set in a fictitious Lake Michigan town which she referred to as ‘Denialville’. The agreement with the publisher said that: ‘The author covenants and represents that the said literary work ... contains no matter that, when published, will be libellous or otherwise unlawful...’. She was fired after the book was published. The library said that the book was an attack on easily identifiable library patrons and that it violated their privacy. Ms Stern-Hamilton argued that the library had violated her First Amendment rights to free speech. Outcome: The board of the Mason County District Library reached a US$57,000 settlement in the lawsuit. https://detroit.cbslocal.com/2012/02/18/ mason-county-library-settles-lawsuit-with-writer

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 251

DEFAMATION

251

Former school librarian subject of a libel case Background: In 2017 a former school librarian in New Zealand was the subject of a defamation case. The librarian was behind a letter which accused the school principal of being a bully. In the court case, Justice Collins said that ‘Mrs Leov’s commitment to the library blinded her ability to properly understand her duties and responsibilities to Mrs Newton and the board’. The judge gave the librarian an ultimatum. Either she send a correction and apology to the recipients of the letter and publish a correction and apology in the Marlborough Express and Nelson Mail or else she would be required to pay NZ$100,000 in damages for defaming the school principal. It was the first time a court in New Zealand had ordered a correction and apology under the Defamation Act. The librarian lodged an appeal of the judgment. Outcome: In May 2018, after months of legal discussions, the Leovs and Newton issued a statement saying they had come to a settlement arrangement, which meant the legal proceedings had been completed. Sources: Hill, B. and Peters, D. (2017) School Librarian that Accused Principal of Being a Bully Ordered to Pay $100,000 in Damages for Defaming Her – If She Doesn’t Apologise, The Daily Mail, 30 August. Allen, I. (2017) Former Librarian Appeals Judge’s Recommendation Under Defamation Act, Stuff, 25 September. Eder, J. (2018) Former Principal and Former Librarian Settle Long-Standing Defamation Case, Stuff, 13 May, https://www.stuff.co.nz/national/103816441/ former-principal-and-former-librarian-settle-longstanding-defamation-case. If the plaintiff does this, they establish a prima facie case – that is, they provide sufficient evidence for proof of the case. However, the defendant could still escape liability if they can show they had a good defence.

12.5

Defences to libel

The defences to a libel action are: • Truth (Defamation Act 2013 section 2) (veritas in Scotland – see Section 12.5.1) – being able to prove that what you wrote was substantially true. • Honest opinion (Defamation Act 2013 section 3) – showing it was an honest expression of opinion (see Section 12.5.2). • Publication on a matter of public interest (Defamation Act 2013 section 4) (see Section 12.5.3). • Operators of websites who didn’t post the statement on the website have a defence (Defamation Act 2013 section 5) (see Section 12.5.4).

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 252

252

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

• That it is a peer-reviewed statement in a scientific or academic journal (Defamation Act 2013 section 6) (see Section 12.5.5). • Reports protected by privilege (Defamation Act 2013 section 7) – special protection to which the law determines that certain kinds of report are entitled (see Section 12.5.6) • Offer to make amends (sections 2–4 of the Defamation Act 1996) (see Section 12.5.7).

12.5.1 Truth The law of defamation exists to protect individuals who suffer damage to their reputation. It follows, therefore, that the law does not protect the reputation that a person does not possess. If you can prove that what you have written is true both in substance and in fact, then you have a defence against an action for damages. The Defamation Act 2013 section 2 says: ‘It is a defence to an action for defamation for the defendant to show that the imputation conveyed by the statement complained of is substantially true’. The key point is that you have to be able to prove that what you have written is true. Ultimately, it is not what you know or believe that matters, but rather whether your evidence will stand up in court. It is important to keep safely any supporting documentation such as a notebook, tapes or documents, which might be used in evidence, because you might have to produce this material in court.

12.5.2 Honest opinion (previously known as fair comment) The defence of honest opinion provides for the right of freedom of speech for individuals. For the defence to succeed, a number of statutory conditions need to be satisfied: • The statement complained of is a statement of opinion, not a statement of fact. • The statement must indicate, at least in general terms, the factual basis of the opinion. • The opinion stated must be one that could have been held by an honest person in the possession of the facts. Honest opinion protects the freedom to express an opinion. In some cases, it can be particularly difficult to distinguish between whether a statement is fact or opinion. If you can prove a statement, it is a fact. If you are drawing an inference from the facts, or if there are at least two possible views on the matter, then it is an opinion.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 253

DEFAMATION

253

12.5.3 Publication on a matter of public interest (Defamation Act 2013 section 4) Section 4 of the Defamation Act 2013 states: (1) It is a defence to an action for defamation for the defendant to show that – (a) the statement complained of was, or formed part of, a statement on a matter of public interest; and (b) the defendant reasonably believed that publishing the statement complained of was in the public interest. Section 4 goes on to oblige the court to consider ‘all of the circumstances of the case’ and to ‘make such allowance for editorial judgment as it considers appropriate’. The Explanatory Notes to the Act (http://www.legislation.gov.uk/ukpga/ 2013/26/notes/contents) say that the defence should reflect the principles established in the common law or ‘Reynolds’ defence which it replaced, which included a ten-point ‘checklist’ for responsible journalism. Section 4(6) abolishes the common law defence known as the Reynolds defence because the statutory defence is intended to codify the common law defence. The legal case of Economou v. De Freitas [2016] EWHC 1853 (QB) was the first full trial of the statutory defence of public interest that was introduced by the Defamation Act 2013. 1. The seriousness of the allegation. The more serious the charge, the more the public is misinformed, and the individual harmed, if the allegation is not true. 2. The nature of the information and the extent to which the subject matter is a matter of public concern. 3. The source of the information. Some informants have no direct knowledge of the events. Some have their own axes to grind or are being paid for their stories. 4. The steps taken to verify the information. 5. The status of the information. The allegation may have already been the subject of an investigation which commands respect. 6. The urgency of the matter. News is often a perishable commodity. 7. Whether comment was sought from the plaintiff. They may have information that others do not possess or have not disclosed. An approach to the plaintiff will not always be necessary. 8. Whether the article contained the gist of the plaintiff’s side of the story. 9. The tone of the article. A newspaper can raise queries or call for an investigation. It need not adopt allegations as statements of fact. 10.The circumstances of the publication, including the timing. From Reynolds v. Times Newspapers Ltd and Ors [1999] UKHL 45.

Figure 12.1 The Reynolds defence

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 254

254

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

12.5.4 Operators of websites who didn’t post the statement on the website (Defamation Act 2013 section 5) The legislation is set out in section 5 of the Defamation Act 2013 along with The Defamation (Operators of Websites) Regulations 2013: SI 2013/3028. It is intended to cover posts on websites which have been made by third parties. It provides a defence for website operators that reduces their potential exposure to liability as long as certain conditions are fulfilled. The defence can be defeated if the claimant can show that it was not possible for them to identify the person posting the statement, the claimant gave the operator a notice of complaint in relation to that statement and the operator did not respond to the notice of complaint in accordance with the Regulations (2013/3028). Where a notice of complaint is made, the complainant is required to: • Specify the electronic mail address at which they can be contacted. • Set out the meaning which they attribute to the statement that they are complaining about. • Set out the aspects of the statement which the complainant believes are factually inaccurate or where the opinions are not supported by fact. • Confirm that they do not have sufficient information about the poster to bring proceedings against that person. • Confirm whether they consent to the website operator providing the poster with their name and email address. Having received a notice of complaint, the website operator is required within 48 hours of receiving the notice of complaint to send the poster: • A copy of the notice of complaint (concealing the complainant’s name and e-mail address if the complainant has indicated that they do not consent to this information being provided to the poster). • Notification in writing that the statement complained of may be removed from the locations on the website which were specified in the notice of complaint. Where a website operator has no means of contacting the poster of the defamatory statement, they are required to remove the statement within 48 hours of receiving the notice of complaint. To proceed with an action the complainant would have to show that the operator failed to respond to a notice of complaint. Ultimately the statement needs to be removed from the website – whether

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 255

DEFAMATION

255

that is done by the website operator or another person – and if it isn’t, action against the website operator can be pursued.

12.5.5 Peer-reviewed statements in scientific or academic journals (Defamation Act 2013 section 6) A new defence of qualified privilege was introduced by the Defamation Act 2013 covering the publication of peer-reviewed statements in scientific or academic journals. These are now privileged, so long as: • The statement relates to a scientific or academic matter. • Before publication, an independent review of the statement’s scientific or academic merit was carried out by the editor of the journal and one or more persons with expertise in the scientific or academic matter concerned. • Provided that the statement was not made with malice. Peer-reviewed statements of this kind are privileged whether they are published in electronic form or not.

12.5.6 Privilege (Defamation Act 2013 section 7) Privilege affords a defence for certain types of report whether or not they are true. Many of these are specified by statute, and include fair and accurate reports of court proceedings, parliamentary proceedings, reports in Hansard, public inquiries and international organisations, also a range of public meetings and the findings of governing bodies and associations. ‘Absolute privilege’ means that the statement can in no circumstances be the subject of libel proceedings. It covers contemporary, fair and accurate reports of court proceedings, communications within the government and communications between solicitor and client about legal cases. Proceedings in parliament are similarly protected, because the courts refuse jurisdiction over parliamentary affairs. ‘Qualified privilege’ is available where the defendant acts without malice – that is, acts for the reasons for which the privilege exists, and not principally to harm the plaintiff. It applies generally to all communications that the defendant has a legal or moral duty to make, or makes, in protecting his or her own legitimate interests. Such a defence is wide-ranging and includes references on employees.

12.5.7 The offer to make amends The procedure for the offer to make amends is set out in sections 2–4 of the Defamation Act 1996. The defendant must make an offer in writing to publish a

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 256

256

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

suitable correction and apology and to pay damages and costs. When an offer of amends is made, a claimant must decide whether to accept or reject it. If they accept it, no further proceedings can be taken, except to decide disputes over apologies and the amount of any compensation payable. It is a complete defence at trial unless the claimant is able to prove that the defendant had published the defamatory statement maliciously. Rejecting an offer to make amends would mean that the claimant may only recover damages through the courts if they can prove that there was malice on the part of the defendant. The purpose of the offer to make amends is to provide a quick and cheap means for settling libel actions. It has been characterised as ‘vindication without litigation’. It is no defence to libel to say that you were just reporting what someone else said. Therefore, you cannot avoid liability by the use of words such as ‘alleged’ or ‘claimed’. Nor is it a defence to show that someone has published the allegations before. Newspapers and magazines are liable for the contents of whatever they publish, including material not written by them, such as readers’ letters and advertisements. It isn’t sufficient for newspapers and magazines to ensure that the articles they publish are libel-proof. They also have to pay careful attention to headlines and picture captions because these can be a lucrative source of damages. In the case of picture captions, the words and the pictures should match.

12.6

Remedies

The remedies available are a civil action for damages (which is the main means by which someone who has been defamed can seek redress), the awarding of costs, an injunction (known as interdict in Scotland) to prevent repetition, or an order for compensation.

12.6.1 Civil action for damages Damages can be colossal, even though the Court of Appeal can reduce libel awards. The main aim of a libel claim is in order to compensate the plaintiff for the injury to their reputation. A jury can give additional sums either as ‘aggravated’ damages, if it appears a defendant has behaved malevolently or spitefully, or as ‘exemplary’ or ‘punitive’ damages where a defendant hopes the economic advantages of publication will outweigh any sum awarded. Damages can also be nominal if the libel complained of is trivial (see Walker, 1981, on Delict, as awards are assessed on very different principles in Scotland from England). Malice is irrelevant in awards for damages, although the award may be mitigated where it is shown that there was no malice involved in the defamatory statement. There is also a principle in Scots law that provocation may mitigate. Under the ECHR, damages must be necessary and there are controls on excess – as seen in Tolstoy v. UK (1995) 20 EHRR 442 (13 July 1995).

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 257

DEFAMATION

257

12.6.2 Costs Costs go up all the time. If you were to lose a libel case, then you would have to pay the claimant’s expenses as well as your own, which would be likely to add at least a six-figure sum to the bill for damages. Indeed, in many high-profile libel cases, the costs often exceed the damages.

12.6.3 An injunction/interdict to prevent repetition Any individual or organisation can seek an injunction either to stop initial publication of an article or to prevent any further publication. Injunctions/interdicts may be granted, temporarily and for a short while, ex parte, meaning that only the claimant is represented before the judge. If both parties appear before the judge, the defendant would have to argue on grounds of public interest or, for potential libels, be ready to declare on affidavit that they could justify the story. Injunctions/interdicts against any publication bind all other publications that are aware of the injunction. To breach an injunction is a severe contempt of court that could lead to an offender’s imprisonment. Section 8 of the Defamation Act 1996 introduced a summary procedure under which a judge may dismiss a plaintiff’s claim if it has no realistic prospect of success and there is no reason why it should be tried, or give judgment for the claimant and grant summary relief, which means ordering the defendant to publish a suitable correction and apology and pay damages.

12.7

Defamation and the internet

The Law Commission investigated the application of libel laws to the internet (Law Commission, 2002). In February 2002 they sent out a questionnaire to interested parties, including online publishers, ISPs, barristers and solicitors. The responses highlighted four areas of concern: • The liability of internet service providers for other people’s material (see Section 12.7.1). • The application of the limitation period to online archives (see Section 12.7.2). • The exposure of internet publishers to liability in other jurisdictions (see Section 12.7.3) • The risk of prosecution for contempt of court (see Section 12.7.4).

12.7.1 The liability of internet service providers for other people’s material ISPs offer services such as website hosting and newsgroups where they do not

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 258

258

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

exert editorial control over the material. Where a defamatory statement appears on a website, the ISP is considered to be a ‘secondary publisher’ – they are involved in disseminating the defamatory statement even though they are not the author, editor or commercial publisher. They can be held liable if they exercise discretion over how long material is stored or if they have the power to remove the material. Under section 1(1) of the Defamation Act 1996, an innocent disseminator such as a printer, distributor, broadcaster or ISP who is considered by the law to be a secondary publisher has a defence if they: • Were not the author, editor or publisher of the statement complained of. • Took reasonable care in relation to its publication. • Did not know, and had no reason to believe, that what they did caused or contributed to the publication of a defamatory statement. The section builds upon the common law defence of ‘innocent dissemination’. It does not apply to the author, editor or publisher of a defamatory statement but is intended for distributors. It is of particular relevance to ISPs. However, as soon as a secondary publisher such as an ISP has been told that something on a newsgroup or a web page is defamatory, if they do not promptly take down the disputed content, they cannot use the section 1(1) defence. ISPs have been seen as tactical targets and regularly receive complaints that material on websites and newsgroups is defamatory. In such instances, the safest option for them is to remove the material immediately, even if it appears to be true. Often they remove not just the page in question but the entire website, even though this seems at odds with freedom of speech. In view of the amount of e-mail messages, newsgroup postings or web pages that are uploaded daily, it is doubtful whether it would be practical for ISPs to pre-screen all content; and even if it were possible, whether they could do so in a cost-effective manner. It is, however, more reasonable for ISPs to undertake post-screening. If an ISP is told that material is defamatory, they should act promptly and responsibly by removing the defamatory statements once they have been notified. In their response to the Law Commission consultation process, the industry made three criticisms of the current position: 1 Receiving and reacting to defamation complaints was ‘costly and burdensome’. 2 The industry felt uncomfortable about censoring material that may not in fact be libellous. 3 It was suggested that customers might be attracted to US ISPs, who had

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 259

DEFAMATION

259

greater protection against being held liable for defamation, and who could therefore offer their customers more attractive terms. ISPs should certainly take complaints seriously. In order to protect themselves, they should obtain warranties and indemnities from content providers and post notices such as acceptable use policies on their services. The Electronic Commerce (EC Directive) Regulations 2002: SI 2002/2013 implement the Electronic Commerce Directive 2000/31/EC.2 The Regulations provide that intermediaries such as ISPs and telecommunications carriers are not liable for damages or criminal sanctions for unlawful material provided by third parties where the intermediary: • Is a mere conduit (the intermediary does not initiate the transmission, does not select the receiver of the transmission and does not modify the information it contains). • Simply caches the information as part of automatic, intermediate, temporary storage, without modifying it. • Simply hosts the information (such as a newsgroup or website) so long as the intermediary: — Does not have actual knowledge or awareness of the unlawful activity. — Upon obtaining such knowledge or awareness, acts expeditiously to remove or disable access. The Defamation Act 2013 introduced section 5 to cover situations where an action for defamation is brought against the operator of a website in respect of a statement posted on the website. The Defamation (Operators of Websites) Regulations 2013: SI 2013/3028 set out the procedure to be followed by the operators of websites hosting user-generated content once they have received a notice of complaint relating to allegedly defamatory material (see Section 12.5.4 for details of the defence available to the operators of websites).

Godfrey v. Demon Internet Ltd [2001] QB 201 This case concerns a posting to a newsgroup which was distributed to Usenet subscribers. An unnamed USA resident posted a contribution on another ISP purporting to come from Laurence Godfrey, which the judge described as ‘squalid, obscene and defamatory’. When Dr Godfrey heard of the posting, he informed Demon Internet that the posting was a forgery and asked them to remove it from their Usenet server. They failed to do so and the posting was left on the site for a further ten days until it was automatically removed. Demon Internet argued that they had a purely passive role similar to that of a telephone company. However, it was held that as the defendants had chosen whether to

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 260

260

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

store the material and for how long, they could not be said to have played only a passive role. Following the decision in Godfrey v. Demon Internet [2001] QB 201, ISPs are often seen as tactical targets. They are regularly put on notice of defamatory material and they find themselves facing a difficult choice – whether to surrender in the face of a claim which may be without merit or continue to publish on the basis of indemnities and assurances from primary publishers that the material, although defamatory, is not libellous. TIP: The defence of innocent dissemination also applies to booksellers, libraries and newsagents. The case of Weldon v. Times Book Co. Ltd [1911] 28 TLR 143 indicates that while a library is not expected to review the contents of every book it possesses, some works may call for a more searching examination, taking account of the type of book in question, the reputation of the author and the standing of the publisher. The Law Commission (2002) report on defamation and the internet quotes from a response to their consultation on aspects of defamation procedure by the Booksellers Association of Great Britain and Ireland, which says that the provisions of section 1 of the Defamation Act 1996 have: … encouraged plaintiffs or prospective plaintiffs with dubious claims who are unwilling to commence proceedings against the author or publisher of the allegedly defamatory publications to take or threaten action against booksellers to force them to remove such publications from their shelves. As those plaintiffs and their legal advisers clearly realize, booksellers are not in a position to put forward a substantive defence of justification because they have no direct knowledge of the subject matter of the alleged libel.

Bookshop Libel Fund Two independent bookshops – Housmans Bookshop and Bookmarks Bookshop – faced potentially ruinous legal proceedings for stocking the anti-fascist magazine Searchlight. The Bookshop Libel Fund was originally set up in 1996 to support small shops such as these who were caught up in libel cases. The case is relevant here because of the innocent disseminator defence in section 1(1) of the Defamation Act 1996. The case was first brought in 1996 and six years later the bookshops had to relaunch their appeal for funds as the case was still continuing. British law at the time allowed anyone who claimed they had been libelled to sue any shop, distributor or library handling the allegedly libellous publication, as well as or instead

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 261

DEFAMATION

261

of suing the author, editor and publisher. However, since this case took place, it is important to bear in mind that the Defamation Act 2013 has introduced the ‘serious harm’ hurdle: ‘A statement is not defamatory unless its publication has caused or is likely to cause serious harm to the reputation of the claimant’. (Defamation Act 2013 section 1(1)) Housmans and Bookmarks fought the case with a defence of ‘innocent dissemination’, in effect arguing that it is impossible for bookshops, particularly small independents, to check – and take responsibility for – the content of the thousands of publications in stock at any one time. They felt it was important to try to take a stand, otherwise there might be no end to this sort of ‘legal intimidation’. The litigant had been referred to as a plagiarist in one sentence in a 136-page pamphlet stocked in the shop. He had chosen to sue only the shop, not the author or publisher concerned. Although he had at one stage demanded that the shop pay him £50,000 to drop the case, the jury awarded him just £14. Because he had already rejected a settlement offer higher than that, he was also ordered to pay most of the shop’s legal costs; however, it was not anticipated that he had the resources to do so. Where tactical targeting of this kind does occur, it is open to secondary publishers to protect themselves by seeking indemnities from the primary publisher. The primary publisher could also apply to be joined in the action as a defendant in order to provide the necessary evidence for a defence of justification.

12.7.2 The application of the limitation period to online archives and introduction of the single publication rule The Defamation Act 1996 reduced the limitation period for defamation actions from three years to one year, although courts have discretion to extend that period. However, the application of this limitation to online archives proved to be extremely contentious. For, while the limitation period is one year, in the case of Loutchansky v. Times Newspapers Limited [2001] EWCA Civ 1805, the Court of Appeal held that this limitation period commenced every time someone accessed a defamatory internet page. In other words, every ‘hit’ on an online article could be regarded as a fresh publication of that article. The judgment meant that – had the law not been changed and had the single publication rule not been implemented – a piece put on the internet five years ago could still be the subject of legal action today so long as the relevant pages are accessible. The effect of this was that the limitation period was potentially indefinite. Similarly, in the Scottish case of Her Majesty’s Advocate v. William Frederick Ian Beggs (High Court of Judiciary, 2001) the judge ruled that information held on the internet archives of newspapers was published anew each time someone

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 262

262

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

accessed it. This potentially laid newspaper publishers and editors open to charges of contempt of court unless they removed material relating to the previous convictions and other relevant background material of anyone facing criminal proceedings (see Section 12.7.4). The judge did not take the same view of the paper archives held by public libraries and this distinction takes into account the ease with which material on the internet can be accessed. One also has to bear in mind the way in which certain search engines and websites automatically cache and/or archive the content of a vast number of websites, thus making web pages available even after the site owner has removed the content from their website. This matter is of direct relevance to library and information professionals, who make regular use of online archives in order to carry out their research and enquiry roles, and for whom any reduction in the availability of online archives would hamper their work. The Law Commission’s report Defamation and the Internet: a preliminary investigation (2002) said that ‘online archives have a social utility and it would not be desirable to hinder their development’. The law was changed with the introduction of the single publication rule (section 8 of the Defamation Act 2013) in which the limitation period starts running on the date of the first publication of the defamatory article, even if it continued to be sold or ‘webcast’ for months or years afterwards. Claimants are prevented from bringing an action in relation to publication of the same material by the same publisher after a one-year limitation period from the date of the first publication of that material to the public or a section of the public has passed. If the claimant has not brought an action within that one-year period, the court has discretion to allow him or her to bring an action at a later date in respect of that article. However, the claimant would still be allowed to bring a new claim if the original material was republished by a new publisher, or if the manner of publication was otherwise materially different from the first publication. The explanatory memorandum to the 2013 Act (www.legislation. gov.uk/ukpga/2013/26/notes/contents) says that: … a possible example of this could be where a story has first appeared relatively obscurely in a section of a website where several clicks need to be gone through to access it, but has subsequently been promoted to a position where it can be directly accessed from the home page of the site, thereby increasing considerably the number of hits it receives.

12.7.3 Exposure of internet publishers to liability in other jurisdictions England’s libel laws were regarded as being ‘plaintiff-friendly’. British courts, for example, do not have the First Amendment protections to consider and apply that United States courts do.3 The nightmare scenario for online and internet

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 263

DEFAMATION

263

publishers was for potential litigants to be able to undertake ‘foreign shopping’ or ‘forum shopping’, whereby they could launch an action in a country of their choosing, where the defamation laws were the most stringent. Foreign individuals or companies, for that reason, would have been particularly interested in pursuing a British-based publication. As a result, section 9 of the Defamation Act 2013 (action against a person not domiciled in the UK or a member state, etc.) was introduced to address the issue of libel tourism. Section 9(2) says that: ‘A court does not have jurisdiction to hear and determine an action to which this section applies unless the court is satisfied that, of all the places in which the statement complained of has been published, England and Wales is clearly the most appropriate place in which to bring an action in respect of the statement’. If, for example, an online magazine had defamed someone, and this had resulted in the statement being published 100,000 times in New Zealand, but only 3,000 times in England, that this would be a good argument for coming to the conclusion that the most appropriate jurisdiction within which to bring an action is New Zealand rather than England.

Dow Jones v. Gutnick [2002] HCA 56 In the Australian case Dow Jones & Company Inc. v. Gutnick [2002] HCA 56, the Australian High Court agreed that a person in Victoria was entitled to bring an action for defamation in Victoria in respect of the publication on the internet of an article in Barron’s magazine in October 2000 about the tax affairs of Joseph Gutnick, even though the article was uploaded to the web by Dow Jones in America. The court said potential litigants needed to consider practical issues, such as whether they had assets or reputations in the jurisdiction where the material was published. Otherwise, the court would rule that it was not the appropriate place to hear the case. In Australia, the tort of defamation depends on publication and therefore the fundamental question to be decided was to determine the place of publication of the alleged damaging article. However, the High Court clearly distinguished between jurisdiction and applicable law. It was said that a court may have jurisdiction, but it may equally be bound by the applicable rules of a foreign jurisdiction. In 2004, following out-of-court mediation, lawyers acting on behalf of the publishers Dow Jones & Co. issued a statement in Victoria Supreme Court and also agreed to pay Gutnick US$137,500 (180,000 Australian dollars) and a further US$306,000 (AUS$400,000) to cover his legal costs. In Dow Jones v. Gutnick, the Australian High Court justified their position, in part, by reference to the International Covenant on Civil and Political Rights (1966), which provides, among other things, that everyone shall be protected

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 264

264

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

from ‘unlawful attacks on his honour and reputation’. However, the covenant also provides that everyone shall have the right to: • Hold opinions without interference. • To freedom of expression; this right shall include freedom to seek, receive and impart information and ideas of all kinds, regardless of frontiers, either orally, in writing or in print, in the form of art, or through any other media of his choice. Traditional publishers are able to restrict sales of their publications by geography, but it isn’t quite so straightforward for internet publishers. By choosing to publish on the internet they are in theory subjecting themselves to the laws of every nation from which the internet can be accessed. The court dismissed Dow Jones’ contention that it would have to consider the defamation laws from ‘Afghanistan to Zimbabwe’ in every article published on the internet. ‘In all except the most unusual of cases, identifying the person about whom material is to be published will readily identify the defamation law to which that person may resort’, the court said (paragraph 54, www.austlii.edu.au/au/ cases/cth/HCA/2002/56.html). Online publishers are concerned that by publishing content on the internet they have to contend with a significant burden of legal risk. What they want are greater levels of certainty and clarity over which laws should be applied to them and their intermediaries. These publishers might feel it necessary to turn to technology for a solution. They might, for example, seek to use geo-blocking technology which restricts access to internet content based upon the user’s geographical location. It isn’t quite as simple as it sounds, though. VPNs or proxy servers make it possible to overcome geo-blocking. It becomes a technological arms race because some content providers try to block attempts to bypass their region-locked content only to find that people share tips on the web as to how to get around such a VPN ban. Some people argue that the UK should follow the US example and exempt ISPs from liability for material published. However, the Law Commission found that this would not prevent legal action against UK-based ISPs in foreign courts. An international treaty would be required in order to solve the problem of unlimited global risks. Section 9 of the Defamation Act 2013 ensures that a court will not accept jurisdiction, unless satisfied that England and Wales is clearly the most appropriate place to bring an action against someone who is not domiciled in the UK or an EU Member State.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 265

DEFAMATION

265

12.7.4 The risk of prosecution for contempt of court Material is held to be in contempt of court if it poses a substantial risk of serious prejudice to the administration of justice. Serious prejudice is likely to arise from publication of the following matters: • A defendant’s previous convictions. • Details of a defendant’s bad character. • Suggestions that a witness’s (particularly a defendant’s) testimony is likely to be unreliable. • Details of evidence that is likely to be contested at trial. The law of contempt does not stop you writing about a case, it simply places certain limits on what you may say. For the purposes of contempt, criminal proceedings become active from the time of arrest or charge, or from the time a warrant for arrest is issued. Civil proceedings are active from the time arrangements are made for trial. The closer the case is to trial, the greater the risk of prejudice.

12.7.5 Social networking sites Social networking and microblogging websites such as Facebook or Twitter, as well as weblogs have completely changed the way in which content is ‘published’. The means of publishing information are now effectively available to many millions of people. Anyone who is able to access the internet and participate in activities such as social networking or blogging can be viewed as a publisher. As a result, there has been an exponential increase in the number of people who lay themselves open to the possibility of being sued for publishing a defamatory statement. Online postings on services such as Twitter or Facebook are unlikely to be subjected to the level of editorial checking and scrutiny that is characteristic of members of the editorial staff at newspaper publishers. The ease and speed with which people can publish content online can lead them to rush to make an online posting before thinking through the potential consequences of their actions. There are several examples of people having to pay damages for something they published on a social networking site. They include: 1 Matthew Firsht was awarded damages of £22,000 following a successful claim of invasion of privacy and defamation on the social networking website Facebook. Grant Raphael, a former friend of Mr Firsht, was found to have set up a Facebook profile in Mr Firsht’s name, which contained false details about his personal life.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 266

266

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

2 A Welsh councillor was ordered to pay damages of £3,000 for a claim he posted on Twitter about a political rival. 3 In an out-of-court settlement, musician and actress Courtney Love agreed to pay US$430,000 dollars to settle a lawsuit over a series of Tweets in which she was alleged to have made defamatory statements about the fashion designer Dawn Simorangkir. TIP: The best advice is to think very carefully before you publish items on the web, however short they may be. If they contain critical comments about an individual, ask yourself how you would feel if someone had made the same comments about you!

12.7.6 E-mail libel The use of e-mail is fraught with danger. The informal nature of the internet increases the likelihood that people will make defamatory statements in e-mails, on discussion groups or in chat rooms. These defamatory statements can reach the far corners of the world in a matter of seconds, whether through e-mails being directed to a large number of recipients or through the forwarding or copying of e-mail correspondence that typically happens. It is extremely easy and indeed quite common for people to send e-mail to unintended recipients. Some discussion groups, for example, have as a default setting that when you reply to a message from an individual, the response goes to all members of the group. It’s not uncommon to see people apologising for sending out a rather candid e-mail to an entire discussion group, when they had only intended to send the message to one person. Another common mistake is that of including the wrong file attachment in a message. The user may have published an item, which they had never intended to publish, and thereby perpetrated an accidental defamation. Similarly, it is all too easy to forward a long e-mail without reading the whole message. If the end of the e-mail contains a defamatory statement, the act of forwarding the e-mail would mean that the user has unwittingly repeated the defamatory statement and could be held liable for their actions. TIP: Make use of e-mail disclaimers, as this can limit legal liability. The use of e-mail disclaimers is becoming more common. Whilst the disclaimer may be of dubious legal validity in the absence of any contractual relationship between the sender and the recipient, the sender will be in a better position if the unintended recipient has notice of the potentially confidential nature of the e-mail and is advised what to do with it. Disclaimers may help to limit certain legal liability, but they will not of themselves be a defence to an action for defamation.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 267

DEFAMATION

267

Norwich Union v. Western Provident Association In 1997, Western Provident started an action against Norwich Union, a rival private healthcare insurance provider, when it was discovered that Norwich Union were circulating messages on their internal e-mail system which contained damaging and untrue rumours about their competitor to the effect that they were in financial difficulties and being investigated by the DTI. Western Provident sued for libel and slander. Norwich Union publicly apologised to Western Provident and paid £450,000 in compensation for damages and costs. The Norwich Union case showed that the courts are willing to step in to order employers to preserve the evidence. The High Court in an interlocutory hearing ordered Norwich Union to preserve all the offending messages and to hand over hard copies of them to its rival. The fact that e-mail creates a discoverable document means that employees should be aware that apparently deleted emails may be held on the system for some time or be accessible from back-ups. If an employee makes a defamatory statement using their company’s internal email system or posts a defamatory comment on the company intranet, then it is possible for a legal action to be brought against the organisation as employer by way of ‘vicarious liability’ for acts of their employees. It is important for employers to issue guidelines, such as an e-mail and internet policy, with the employee’s contract of employment, prohibiting defamatory statements so as to be able to prove that employees or other categories of e-mail, intranet and extranet users have acted contrary to guidelines. It is also good practice to have employees click on an ‘I accept’ button of the e-mail and internet policy before they are able to gain access to the computer system. You need to ensure that users are aware of such guidelines by incorporating them into the intranet home page and elsewhere, as appropriate. However, such action is not a guarantee of immunity from legal actions.

12.8

Checklist

In order to minimise the legal risk of being held liable for a defamatory statement it is worth considering the following points: 1 2 3 4 5

Does your organisation have a guide to acceptable use of e-mail, the intranet, and the internet? Does this mention anything about offensive, defamatory or derogatory material? Is this covered in the staff handbook? Is the policy mentioned as part of the induction process? Emphasise disciplinary action for breaches of e-mail and internet policy.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 268

268

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

6

Treat e-mails with the same care that you would show when composing a letter. 7 Educate and train employees as to the legal implications of sending messages which may be read by tens of thousands of users and on the acceptable use of internet/e-mail. 8 Bear in mind that there is likely to be a back-up of the correspondence. 9 Use a disclaimer on e-mail correspondence. 10 Consider insurance cover for liability in defamation.

References Beard, M. (2003) ‘Posh Spice’ Pays £155,000 to Settle Autograph Dispute, Independent, 12 March. Law Commission (2002) Defamation and the Internet: a preliminary investigation, Scoping Study No. 2, December, http://www.lawcom.gov.uk/app/uploads/2015/03/Defamation_ and_the_Internet_Scoping.pdf. Mirror (2003) £155,000: what Beckham’s autograph will cost his wife in court loss, 12 March. Reynolds, G. (2002) High Court Throws a Spanner in the Global Networks, The Australian, 11 December. The Sydney Morning Herald (2003) Australian Laws Challenged at UN, 18 April, www.smh.com.au/articles/2003/04/18/1050172745955.html. Walker, D. M. (1981) The Law of Delict in Scotland, 2nd rev. edn, W. Green. Walker, D. M. (1988) Principles of Scottish Private Law, Vol. 2, 4th edn, pp. 637–8.

Notes 1 2

3

See Skuse v. Granada Television Ltd [1996] EMLR 278 and Gillick v. British Broadcasting Corporation [1996] EMLR 267. EC Directive 2000/31/EC of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market, Official Journal L178/1, 17 June 2000. The first amendment of the US constitution says that Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the government for a redress of grievances.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 269

CHAPTER 13

Professional liability

Contents 13.1 General principles 13.2 Contract 13.3 Tort (delict in Scotland) 13.4 Liability and electronic information 13.5 Liability for copyright infringement 13.6 Risk management 13.7 Indemnity and insurance References

13.1

General principles

This chapter considers professional liability from the perspective of library and information professionals. Although there hasn’t been an instance of a UK librarian being successfully sued for negligence, that is no reason to become complacent. Liability means having legal responsibility for one’s acts, errors or omissions. It is the duty of care that one individual or organisation owes to another and it gives rise to the risk of being sued for damages if the individual or organisation fails in that duty. A librarian owes the user of an information service (the client) a duty to exercise reasonable care. This duty of care basically means that they should do the things that a prudent person would do in the circumstances and refrain from those things which they would not do. Whilst there is no UK legislation which deals specifically with liability for information provision, librarians do need to be aware of the potential risk of facing a professional liability claim because they could potentially be held liable for their work either under contract law or the law of tort/delict. Any organisation whose professional employees provide advice, expertise, information or a consultancy service may be legally liable for a claim of malpractice where a breach of professional duty occurs. If you work for an employer, your employer is vicariously liable for the torts/delicts of their employees, if they are committed in the course of employment. This only applies if the act was of the type that the employee might have been expected to carry

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 270

270

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

out as part of their normal duties. The employer is likely to have insurance cover against any actions brought against the company – although it is well worth checking that this is the case. Self-employed information consultants and brokers should consider taking out professional indemnity insurance (see Section 13.7). Even if you work for an employer, there are potential dangers involved in assuming that your firm’s professional indemnity insurance will protect you if liability is established, as the case of Merrett v. Babb demonstrates.

Merrett v. Babb [2001] EWCA Civ 214 (15 February 2001) In this case, the Court of Appeal held that a surveyor employed by a firm of valuers who negligently prepared a mortgage valuation report for a lender owed a duty of care to the purchasers who relied on the surveyor’s report when buying the property, and that the surveyor was personally liable for the purchasers’ loss. Permission to appeal was refused. In the mortgage valuation report prepared by Mr Babb on the property that Miss Merrett was about to purchase, it was noted that the property contained certain cracks but the report failed to point out that settlement had taken place. Miss Merrett said that the property was worth £14,500 less than the valuation and she sued Babb in his personal capacity. The surveyor was employed as branch manager of a firm of surveyors and valuers from February 1992 to January 1993. On 1 June 1992 he signed the relevant mortgage valuation report. A bankruptcy order was made against the sole principal of the firm on 30 August 1994. The principal’s trustee in bankruptcy cancelled the firm’s professional indemnity insurance without run off cover in September 1994. The purchasers therefore brought an action in negligence against the surveyor personally rather than against the firm. The surveyor was not insured. The implications of this case are that professional employees may be open to claims for negligent advice in situations where their firm has become insolvent or is otherwise under-insured. The case shows that there may be instances where individuals might need to take out personal insurance even after their employment has ended. Taking the general principles of liability into account, it is necessary to consider how they relate to the information professional. You are expected to use reasonable skill and care when providing library and information services and the key issue to establish is what is meant by ‘reasonable’. ‘Reasonable’ would mean that which an information professional would be expected to do in the circumstances. ‘Reasonable’ constitutes good professional practice and could be

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 271

PROFESSIONAL LIABILITY

271

established by testimony from other information professionals acting as expert witnesses. TIP: If you are called upon to be an expert witness, you will need to take great care with the evidence you give. The Supreme Court has removed the immunity that used to protect expert witnesses from being sued over the evidence that they give to courts (see the ruling in Jones v. Kaney [2011] UKSC 13). The Court took the view that where claims were made against expert witnesses on the grounds of them failing in their professional duty that they should be open to suits for negligence. The components of good practice include professional knowledge, core competencies and professional values. There are a number of documents that try to encapsulate some of these values.

✒ Useful resources • The American Association of Law Libraries Body of Knowledge 2017: www.aallnet.org/about-us/what-we-do/policies/publicpolicies/competencies-of-law-librarianship • CILIP’s Professional knowledge and skills base: www.cilip.org.uk/page/PKSB • The Special Library Association’s Competencies for Information Professionals of the 21st century, rev. edn, 2003: www.sla.org/wpcontent/uploads/2013/01/0_LRNCompetencies2003_revised.pdf • Gutsche, B. and Hough, B. (eds) (2014) Competency Index for the Library Field, Webjunction, OCLC, www.webjunction.org/documents/webjunction/Competency_Index_ for_the_Library_Field.html Sets of standards and guidelines include: • Eynon, A. (ed.) (2005) CILIP Guidelines for Colleges, 7th edn, Facet Publishing, http://www.facetpublishing.co.uk/title.php?id=045513&category_code= 6#.W-gY9_Z2tjp • DCMS Public Library Service Standards 2007 (although these have now been abolished): https://web.archive.org/web/20090204014821/http://www.culture.gov.uk/ reference_library/publications/3662.aspx. • Welsh public library standards https://gov.wales/topics/culture-tourismsport/museums-archives-libraries/libraries/public-librarystandards/?lang=en

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 272

272

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

• Connected and Ambitious Libraries: the sixth quality framework of Welsh Libraries 2017-2020, Welsh Government, 2018: http://gov.wales/topics/culture-tourism-sport/museums-archiveslibraries/libraries/public-library-standards/?lang=en • How Good is Our Public Library Service?, Scottish Library & Information Council: https://scottishlibraries.org/advice-guidance/how-good-is-ourpublic-library-service • Shaper, S. (ed.) (2014) CILIP Guidelines for Secondary School Libraries, 3rd edn, Facet Publishing. • SLA Standards for Secondary School Libraries, School Library Association, 2015: https://www.sla.org.uk/standards.php • Standards for Distance Learning Library Services, American Library Association: http://www.ala.org/acrl/standards/guidelinesdistancelearning. The American Library Association has a set of Core Values of Librarianship (2004) (http://ala.org/advocacy/intfreedom/corevalues) which define, inform and guide professional practice. These cover topics such as: • • • • • • • • • • •

Access. Confidentiality/privacy. Democracy. Diversity. Education and lifelong learning. Intellectual freedom. The public good. Preservation. Professionalism. Service. Social responsibility.

Only when we can say what a quality product or service consists of can we be clear about what wouldn’t be a quality service and therefore be able to speak of liability for low-quality work. Is the service performed to the standard of an average professional? Ultimately, your own reputation with colleagues and clients is the best guide. Information professionals should seek to do their job with due care and attention. Did they fail to search an appropriate source and thereby miss something vital? Did they try to verify the accuracy of the information? Information professionals should also act ethically. Indeed, they have an ethical framework to follow (CILIP, 2018). The CILIP Ethical Framework sets out a number of personal responsibilities of

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 273

PROFESSIONAL LIABILITY

273

information professionals. Within the ethical framework, the code of professional conduct says that at all times I will work to uphold and advance: • the reputation of the profession • the currency and relevance of my skills • engagement with, and learning from, colleagues, my professional bodies, and those in other related professions • integrity in the management of information, human and financial resources. The ethical framework incorporates seven ethical principles, one of which commits information professionals to make a commitment to uphold, promote and defend impartiality and the avoidance of inappropriate bias. According to the CILIP leaflet Working for Yourself (2002): ‘As yet there is no record of a library or information professional being sued on the grounds that their work caused loss or damage to their client’. However, this should not lure people into a false sense of security. It begs the question of whether you want to be the first information professional in the UK to be sued because your advice caused a client loss or damage. It may seem hard to think of a situation where provision of information could lead to a client suffering loss or damage, but information professionals need to think about the nature of the information they are dealing with and the levels of risk attached to different types of information. For example, if an enquirer were to ask you to find a set of instructions on how to make your own parachute, you would need to make it absolutely clear that you had not tested the validity of the instructions and give the enquirer a disclaimer along the lines that you could not take any responsibility for any injury caused to the enquirer if they were to follow the instructions that you had given them, given that you have not written those instructions and nor have you tested them. The above example about instructions for making a parachute may seem to be somewhat frivolous. But the potential risks are self-evident. What about where you are dealing with legal, financial, patent or medical information? Surely you would need to be particularly careful given the nature of the subject matter and the potential risks involved. Gray (1989) explores the legal consequences for health sciences librarians and their employers of a librarian carelessly providing information when reliance on the deficient information is claimed to contribute to a patient’s physical injury or death. TIP: Librarians who claim subject expertise must use their expertise in ways that are appropriate to their roles as a library and information professional. In a law library, for example, librarians (many of whom hold law degrees) must not offer legal advice or interpretations of legal

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 274

274

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

materials. Similarly, a librarian working in a health library, such as the library of an NHS Trust, must not diagnose illnesses. If you obtain a credit rating on a company for a user, care must be taken because it is quite feasible that, if the credit rating was either out of date or inaccurate, the user could end up experiencing financial loss if they were to do business with the company based largely on a healthy credit rating.

13.2

Contract

Contract law can also be relevant to the liability of information professionals where the service is chargeable. If, for example, an enquirer contacts the information centre and asks a member of staff to find some information for him, the researcher provides the requested information and the user accepts it in exchange for a fee, this whole transaction will be subject to contract law. This is the case even if there is nothing written down. It has to be said that where money does change hands, clients have a higher expectation of the quality of service that is being provided; that is, they have higher customer expectations of the duty of care that is applied in delivering the service. In any question of liability, the courts too may well expect a higher level of duty of care for a priced service than is required for a free service. A contract is a legally binding agreement between two or more parties, which is enforceable in a court of law. One party offers to do something for the other party and the other party accepts this offer. The essential elements of a contract are: 1 Offer: the proposal to make a deal. This offer must be communicated clearly to the other party and remain open until it is either accepted, rejected, withdrawn or has expired. 2 Acceptance: this is the acknowledgement by the other party that they have accepted the offer, except where a qualified acceptance is made, as this amounts to a rejection of the offer and is instead regarded as a counter-offer, which also requires acceptance. 3 Intention to create legal relations (and capacity to do so). 4 Consideration: this is what supports the promises made. It is the legal benefit that one person receives and the legal detriment on the other person. This could, for example, take the form of money, property, or services. Consideration is not necessary for a contract in Scots law. Contracts arise where the parties reach agreement as to the fundamental features of the transaction; this is often referred to as ‘consensus in idem’ (meeting of the minds). To determine whether agreement has been reached, contracts in Scotland are

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 275

PROFESSIONAL LIABILITY

275

analysed in terms of offer and acceptance. The contract doesn’t have to be a signed document. It could be entered into orally, although this does make it more difficult to establish whether or not there is a contract. A written contract sets out what has been agreed and can be used in any dispute, although the very fact that someone has a carefully worded written contract can help prevent a dispute occurring because it sets out clearly the rights and obligations of the parties. TIP: If you are a self-employed information professional, make sure that you have a carefully drafted set of terms and conditions in order to minimise the risk of being held liable for information you provide to a client. Self-employed information professionals who charge for their expertise run the risk that they could be held liable for their expertise and advice. In order to minimise any such risk, it is advisable to have a set of terms and conditions that the client is asked to sign before work on any assignment commences. The terms and conditions will set out what the client can expect from the information professional. TIP: Any contracts entered into with users should include a formal disclaimer or exclusion clause limiting liability. However, this must be carefully worded, because if it is too general it could be deemed to be invalid. The exclusion clause should, therefore, be specific. It could put a limit on the extent of any potential liabilities, such as specifying the maximum amount that will be paid out in damages.

13.3

Tort (delict in Scotland)

Library and information services who provide their services free of charge cannot ignore professional liability issues because they could become the subject of an action under the law of tort. Tort/delict refers to behaviour causing loss or harm to other people where no contract exists. It would cover the concept of negligence or carelessness, such as where a librarian carelessly provides inaccurate information to a user who suffers loss as a result. It would be necessary for the user to satisfy a court that the librarian owed the user a duty of care. If you cause your fellow citizens loss by your negligence, you potentially lay yourself open to claims for compensation. Tort/delict does not require any contractual relationship between the parties involved and it therefore follows that third parties who suffer loss because of your actions can sue for compensation. However, for such an action to succeed,

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 276

276

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

the injured party would need to establish that: • • • • •

The other party owed him a duty of care. This duty had been breached. There had been damage. The damage had been a direct result of the breach. The damage could have been reasonably foreseen.

There are several key legal cases that set important precedents in the law of tort.

Donoghue v. Stevenson [1932] UKHL 100 The case of Donoghue v. Stevenson is important because it established the ‘neighbourhood principle’, which defines classes of persons to whom a duty of care is owed. The judgment concluded that one owes a duty of care to one’s neighbour. Lord Atkin said: ‘Who then in law is my neighbour? The answer seems to be persons who are so closely and directly affected by my act that I ought reasonably to have them in contemplation as being so affected when I am directing my mind to the acts or omissions which are called in question’ (http://www.bailii.org/uk/cases/UKHL/1932/100.html). This duty of care extends to financial loss where an expert is consulted, as illustrated by Hedley Byrne v. Heller.

Hedley Byrne & Co. v. Heller & Partners [1964] AC 465 A bank advised that a certain business would be a good investment – it was not and the investor lost a lot of money. The case dealt with the question of whether someone who provides advice to another person without a contract being in place could be held liable for negligence. The House of Lords found that if the advice was being sought in circumstances in which a reasonable person would know that they were being trusted or that their skill or judgement was being relied upon, then if the person doesn’t clearly qualify their answer so as to show that they do not accept responsibility, then they accept as a legal duty such care as the circumstances require. The case established that a duty of care could arise to give careful advice and that a failure to do so could give rise to liability for economic loss caused by negligent advice. Liability arose because the individual consulted had claimed expertise in business investments, his advice would be relied upon and was intended to be definitive. Financial harm can be compensated only in such cases where specific expertise is consulted.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 277

PROFESSIONAL LIABILITY

277

Caparo Industries plc v. Dickman [1990] 2 AC 605 This case is important in defining the duty of care in the field of information provision and dealt with the liability of auditors to potential investors. It established that the concept of ‘duty of care’ existed when the following factors were present: • The information is for a specific purpose. • The purpose is made known at the time that the advice is given or that the advice is sought. • The advisor knows that his or her advice will be communicated to the advisee or recipient.

Anns v. London Borough of Merton [1978] AC 728 The case of Anns v. London Borough of Merton developed the ‘neighbourhood principle’ further. In this case, Lord Wilberforce said that first the court should establish proximity, using the ‘neighbourhood test’, and then, if proximity is established, the court must take account of any ‘consideration which ought to negate, reduce or limit the scope of the duty or the class of persons to whom it is owed or the damages to which breach of it may give rise’. For example, in the case of a public library providing a free enquiry service, a court might decide in any claim for liability that it would not be in the public interest to set a precedent that allows users to sue public libraries providing their services free of charge.

13.4

Liability and electronic information

In the late 1980s and early 1990s, there was a lot of interest in the question of information quality and liability in relation to electronic information, as evidenced by the number of articles written on the topic at that time. Unlike the situation with hardcopy material, it isn’t always possible with electronic information to browse the data or examine the indexes in detail, plus there are the added restrictions on time and cost. Users of online databases may find errors when they search for information, ranging from simple spelling errors, inconsistent use of controlled vocabulary through to factual errors. In the case of incorrect spellings, these can mean the difference between retrieving a record and not being able to retrieve that record. To address such concerns, the Centre for Information Quality Management (CIQM) was established in 1993 under the auspices of the Library Association (now CILIP) and UKOLUG, the UK Online User Group (now UKeIG, the UK eInformation Group) with the aim of providing a clearing house through which database users could report quality problems. In a 1995 CIQM survey on the effects of poor data on workflow, a surprisingly high figure (31.11%) was returned

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 278

278

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

for retrieval of unusable records (either missing data, badly formatted tables or erroneous data). The questionnaire was addressed to professional intermediaries and it was noted that end-user searchers might be affected more seriously. If information professionals obtain data from an online service, the information provider is likely to have a liability exclusion clause in their contract making it more difficult to take action against them. Library and information professionals need to take steps to protect them from potential claims for liability. Information professionals need to warn their users that output from the online service doesn’t necessarily carry a guarantee of accuracy. You are not in a position to promise that all the information retrieved from an online database is correct, complete and accurate because the database provider is responsible for that and it is outside your control. Librarians should watch out for signs of how reliable an online database is: • • • •

How frequently is the database updated? Does it contain typographical errors? Are there any gaps in coverage? Are there any inconsistencies or errors in the indexing? TIP: Where information workers have reservations about the accuracy, reliability or trustworthiness of an information source, they should convey these to the user and make the user aware that there is no guarantee of accuracy. Where the service is chargeable, your terms and conditions of service should make clear that you cannot accept responsibility for errors or omissions in the databases or other sources that you use in your search. TIP: Whenever possible, the information professional should seek to double-check and verify the accuracy of the data. TIP: Information staff should maintain good records of the sources used to answer an enquiry. This is particularly important in cases where a fee is charged. The record that is kept can be used as a checklist to ensure that the key sources have all been consulted and can also be referred back to in the event that a user of the service challenges you about not doing a thorough job.

13.5

Liability for copyright infringement

There are a number of instances where an information professional could potentially be held liable for copyright infringement. In the case of the library

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 279

PROFESSIONAL LIABILITY

279

exceptions in the CDPA 1988 at sections 42A (Copying by librarians: single copies of published works) and 43 (Copying by librarians or archivists: single copies of unpublished works), library staff working in publicly accessible notfor-profit libraries are given an indemnity to do copying on behalf of their users that users would themselves be entitled to make. The copyright declaration is the librarian’s indemnity and if this is false the onus is on the person who made the declaration in writing and not the librarian. However, if a user is unsure as to whether or not a particular instance of copying would qualify as being non-commercial, for example, they may understandably turn to the librarian for advice as to whether or not the copying is permitted according to the law before providing the librarian with the completed declaration form. The librarian should be careful not to decide for people whether or not a commercial purpose applies, because if they do so they could potentially be held jointly liable for a false declaration. Library staff also need to be particularly careful to ensure that in answering a user enquiry they are not infringing someone’s copyright. The CILIP Ethical Principles (2009) say: ‘Information professionals should defend the legitimate needs and interests of information users, while respecting the moral and legal rights of the creators and distributors of intellectual property.’ There is, however, no equivalent statement in CILIP’s current Ethical Framework (2018). The emphasis in the Framework is rather different, because the only mention of copyright or intellectual property rights comes in the section on CILIP’s commitments (rather than the commitments of the information professional): ‘I expect my professional body to support me in this by upholding promoting and defending … the development of balanced and fair open access and copyright systems’.

13.6

Risk management

It is important for librarians to be aware of how liability arises, in order to be aware of the risks involved and to be able to take steps to minimise the possibility of legal action. Tryon (1990) says: ‘In a litigious society every library administrator must take care to institute procedures which will minimise the likelihood of law suits based on harm caused by the library’s negligence’. However, whilst effective risk management can help reduce exposure to allegations of neglect, error or omission it can never completely eradicate that risk. A simple error, omission or misquote could potentially trigger a claim. The best defence against such claims is to: • • • •

Pay attention to your own professional development. Keep yourself up to date. Be aware of the range and content of the available sources. Be aware of the accuracy, timeliness and reliability of the sources.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 280

280

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

Indeed, the CILIP Ethical Framework (2018) says that information professionals should at all times work to uphold and advance the currency and relevancy of their skills (Code of Professional Conduct, B2). In any promotional material about your information service, you might wish to note that you follow the code of ethics of the professional organisation to which you belong – such as CILIP or the Strategic and Competitive Intelligence Professionals (SCIP). The ASIS&T Professional Guidelines (ASIS&T is the Association for Information Science and Technology) state that as part of their responsibility to the profession, members are required to truthfully represent themselves and the information which they utilise or which they represent. ASIS&T sets out the key ways in which this is achieved, including: • Not knowingly making false statements or providing erroneous or misleading information. • Undertaking their research conscientiously, in gathering, tabulating or interpreting data; in following proper approval procedures for subjects; and in producing or disseminating their research results. • Pursuing ongoing professional development and encouraging and assisting colleagues and others to do the same. The 5th revision of the RUSA Guidelines for Business Information Responses (http://ala.org/rusa/resources/guidelines/business) say: Develop written policy regarding the provision of specialized information related to business questions. Disclaimers should clarify the role of the information specialist as someone who provides resource referrals and research guidance but not specific business advice or recommendations. The level of assistance and interpretation provided to the user should reflect the differing degrees of subject expertise between the specialists and non-specialists. In a case of professional liability, the courts would take into account the following key factors: 1 The nature of the information service being provided. Was the information service, for example, a general service providing information about a wide range of subjects where it would be unreasonable to expect an information professional to be an expert in all the areas covered by the information service? Or was it a specialist information service covering a narrowly defined subject area, where the information service had built up an

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 281

PROFESSIONAL LIABILITY

281

international reputation and in which the information staff had specialist knowledge and which had made claims of having expertise in that field? 2 The level of knowledge of the user of the information service. If the topic that enquirers are asking about is one in which they themselves have considerable expertise, then they can be expected to use their own judgement on the validity of the information received. Or was it a member of the general public who could not be expected to use professional judgement on the quality of information? The EIRENE Code of Practice for Information Brokers (1993) has a section relating to liability, in which it says that a broker shall: • Clearly state the accuracy limits of the information provided, within their professional competence and available sources. • State clearly their liability and will not use total disclaimers. • Abide by the existing local laws regarding liability, arbitration procedures or professional negligence, when providing information services. • Accept limited liability up to the value of the contract between broker and client. • Indicate their arbitration procedures in their terms of business.

13.7

Indemnity and insurance

Indemnity is protection or insurance against future loss or damage. Professional indemnity insurance is an insurance against a claim from a client or any other independent third party who suffers financial loss as a result of alleged neglect, error or omission. Any organisation whose employees provide advice, information or a consultancy service may be legally liable for a claim of malpractice where a breach of professional duty occurs. If you give professional advice, your clients will regard you as an expert. Nowadays, clients are often very aware of their legal rights and are ready to assert those rights, so you could find yourself facing a claim from a client who feels that they have received substandard advice. TIP: Self-employed information consultants should consider taking out professional indemnity insurance. CILIP recommends professional indemnity insurance for self-employed information consultants and brokers, particularly if they are giving advice that could result in financial loss to their clients. This is because if they work as a sole practitioner, they would be personally liable for negligence, if proven. The insurance provides them with financial protection. In Working for Yourself

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 282

282

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

(2002), CILIP says that: ‘clear and reasonable disclaimers are also helpful, for example stating that you have no liability for errors in published sources. Pay attention to deadlines and keep records – ideally for six years’. Professional indemnity insurance is not compulsory for the library and information profession. Some information professionals may not be keen on taking out professional indemnity insurance because of a perception that the premiums are quite high and that they don’t always provide the desired protection. In the case of freelance workers, it makes sound business sense and should not be regarded as an expensive or unnecessary business overhead. Furthermore, for freelance workers the premiums are tax-deductible.

References ASIS&T (1992) ASIS&T Professional Guidelines, www.asis.org/AboutASIS/professional-guidelines.html. CILIP (2002) Working for Yourself (no longer available). CILIP (2009) Ethical Principles and Code of Professional Practice for Library and Information Professionals, https://archive.cilip.org.uk/archived-policystatements/user-privacy-libraries-guidelines-reflective-practitioner. https://archive.cilip.org.uk/sites/default/files/documents/Privacy_ June_AW.pdf. CILIP (2018) Ethical Framework, https://cdn.ymaws.com/www.cilip.org.uk/resource/resmgr/cilip/policy/ new_ethical_framework/cilip_s_ethical_framework.pdf. EIRENE (1993) Code of Practice for Information Brokers (no longer available). Gray, J. A. (1989) The Health Sciences Librarian’s Exposure to Malpractice Liability Because of Negligent Provision of Information, Med. Libr. Assoc., 77 (1), January 1989, 33–37. RUSA (2013) Guidelines for Business Information Responses, 5th rev., http://ala.org/rusa/resources/guidelines/business. Tryon, J. (1990) Premises Liability for Librarians, Library and Archival Security, 10 (2).

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 283

CHAPTER 14

Cybersecurity and cybercrime

Contents 14.1 Background 14.2 Cybersecurity and cyber essentials 14.3 Council of Europe Convention on Cybercrime 14.4 The Computer Misuse Act 1990 14.5 The Network and Information Systems Regulations 14.6 Hacking 14.7 Viruses, worms and Trojans 14.8 Intellectual property infringement 14.9 Pornography 14.10 Fraud 14.11 Denial of service attacks 14.12 Acceptable use policies 14.13 Communications Act 2003 References

14.1

Background

Cybercrime and computer misuse covers a wide range of activities. These include: • Botnets – a network of private computers infected with malicious software and controlled as a group without the knowledge of the computer’s owner. • Copyright abuse – copyright infringement or piracy is the use of works protected by copyright law without the permission of the copyright holder. • Cyber bullying – a form of bullying or harassment which uses electronic means. • Cyber espionage – use of computer networks to obtain illicit access to confidential information. It is the act of obtaining secrets and information without the knowledge or permission of the holder from individuals, competitors, governments and enemies. • Cyber terrorism – the politically motivated use of computers and the internet to conduct violent acts which result in or threaten the loss of life or significant bodily harm.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 284

284

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

• Denial of service attack (see Section 14.11) – hackers attempt to prevent legitimate users from accessing the service. It usually involves sending a large amount of messages asking the network or server to authenticate requests that have invalid return addresses thereby keeping the network or server busy. • Hacking (see Section 14.6) – gaining unauthorised access into a system or computer. Hackers could potentially steal or destroy data or prevent authorised users from accessing the system. • Malware – malicious software designed to damage, disrupt or gain access to a computer system to cause harm. Malware can perform functions such as stealing, encrypting or deleting sensitive data, or monitoring a computer user’s activity without their knowledge or permission. • Pharming (see Section 14.10.2) – the act of directing internet users to a bogus website which mimics the appearance of a legitimate one in order to obtain personal information. • Phishing (14.10.1) – the fraudulent practice of sending emails to people which claim to be from a reputable company in order to induce them to reveal personal information • Ratting – hacking into a computer to take control of its functions. Derived from RAT or remote access tool. • Revenge porn – posting on the internet sexually explicit images or videos without the consent of the subject, in order to cause them distress or embarrassment. Typically carried out by a former sexual partner. • Smishing – fraudulent messages sent over SMS (text messaging). The word is a combination of the terms ‘SMS’ and ‘phishing’. • Social engineering – the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes. • Spoofing – where a malicious party impersonates another user or device in order to gain unauthorised access to a system or to sensitive information. For example, a malicious party might send an email purporting to be from a known sender. • Spyware – software which enables a user to obtain covertly information about someone else’s computer activities. • Swatting – an internet crime or prank whereby someone finds your address and then makes a hoax call to the emergency services in an attempt to get them to dispatch police officers or other emergency services staff to your address. • (Cyber) Theft – theft carried out by means of computers. It could involve stealing financial or personal information. • Trojans – a type of malware that is often disguised as legitimate software in order to gain access to a computer or system.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 285

CYBERSECURITY AND CYBERCRIME

285

• Viruses – malicious programs which spread themselves into other executable code or documents to infect vulnerable systems and gain control of a computer to steal sensitive data. • Vishing – the fraudulent practice of making telephone calls or leaving voice messages claiming to be from a reputable company with the intention of inducing an individual to reveal personal information. • Worms – a form of malicious software that replicates as it moves across computers, leaving a copy of itself in the memory of each infected computer. Cybercrime is defined by the British police as the use of any computer network for crime; and in the Council of Europe’s Convention on Cybercrime it is defined as ‘criminal offences committed against or with the help of computer networks’. The phrase ‘computer misuse’ could be used to refer to a wide range of activities, including accessing inappropriate material on the internet such as pornographic material; inappropriate use of e-mail; hacking; spreading viruses; fraud; theft; copyright abuse; or the use of a computer to harass others, whether that be sexual harassment, racial harassment, or some other form of harassment. There have been various contradictory estimates of the costs of cybercrime. The government have acknowledged that ‘an accurate estimate of the scale and cost of cyber crime will probably never be established’ (Home Office, 2018). Hackers stole a total of £130 billion from consumers in 2017, including £4.6 billion from British internet users according to Norton (2017). Cyberspace has provided new opportunities for criminals. They are attracted by the anonymity factor and the ability to communicate simultaneously with an unlimited number of users around the world. Hackers find a thrill in penetrating networks and destroying data, while terrorists could purposely disrupt the critical infrastructures that are dependent upon networked computers. Meanwhile, consumers hesitate from disclosing personal and credit card data on the internet, with security and privacy being their number-one concern, and businesses face the potential loss of proprietary data, intellectual property and online access to customers and suppliers through breaches of security and intentional service disruptions. With regard to cybercrime, the computer can play a number of different roles: 1 Firstly, a computer can be the target of crime, for example, when someone is intent on stealing information from, or causing damage to, a computer or computer network. 2 Secondly, a computer can be the tool that is used in order to commit an offence such as fraud, or the distribution of child pornography. 3 Thirdly, a computer stores evidence and can be of great value to criminal investigators.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 286

286

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

14.2

Cybersecurity and cyber essentials

Cybersecurity involves the security of any integrated or networked system. This could be connected through the internet, it could be connected virtually across private networks or through integrated mechanical systems. Information professionals are known for their ability to manage information. However, organisations need to have a joined-up approach between information management and information security. For example, it is in the interests of an organisation to ensure that there is a good working relationship between cybersecurity experts and records managers. Hostile attacks upon UK cyberspace by other large states and large scale cybercrime is regarded as a tier 1 risk by the National Security Centre (https://assets.publishing.service.gov.uk/government/uploads/system/uploads /attachment_data/file/62484/Factsheet2-National-Security-RiskAssessment.pdf). To prioritise cybersecurity: • • • • •

Have firewalls with the appropriate configurations. Restrict IT admin and access rights to specific users. Have formal policies on cybersecurity risks. Make sure staff have had cybersecurity training. Have a formal cybersecurity incident management plan in place.

Steps to guard against the most common cyber threats: 1 Secure your internet connection using a firewall. 2 Secure your devices and software by checking the default settings and making any changes which are necessary to raise your security level. This can involve disabling or removing any functions, accounts or services which you don’t need; using password protection; and where appropriate using two-factor authentication. 3 Control access to your data and services. Ensure that staff have only the level of access that is appropriate to their role (and nothing higher than that). Be careful about who has administrator rights and who is able to access the system remotely. 4 Protect from viruses and other malware. Make use of installed anti-malware or anti-virus products; run scans regularly; create a backup copy of important files regularly and keep this away from your computer; and avoid connecting to unknown wi-fi networks. 5 Keep your devices and software up to date. Install updates promptly to fix any security vulnerabilities.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 287

CYBERSECURITY AND CYBERCRIME

287

• Information risk – mapping the information that you hold and understand its value • Information management – managing your information appropriately • Information governance and compliance – implementing the right governance regime for your organisation.

Figure 14.1 Key information professional skills in cybersecurity

Building Your Own Threat Model A ‘threat model’ is a plan that you can create which helps you to decide the level of security you will need for each of the different types of data that you work with. In ‘Assessing Your Risks’, Surveillance Self-Defense (https://ssd.eff.org/en/ module/assessing-your-risks), the Electronic Frontier Foundation suggest that people build their own threat model. In order to do this, ask yourself the following questions: 1 2 3 4 5

What do I want to protect? Who do I want to protect it from? How bad are the consequences if I fail? How likely is it that I will need to protect it? How much trouble am I willing to go through to try to prevent potential consequences?

Protect the library Passwords • Keep them secret. • Use different passwords for different tools. • Change passwords regularly. Security protocols • How are technology vendors protecting sensitive data? • Where is the data stored? • Is the data encrypted? • Is https being used when information is sent? Undertake a security assessment • Undertake an audit. • Carry out regular penetration tests. • Identify security weaknesses that need to be addressed. What to test • Routers, firewalls, switches. • Wireless access points.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 288

288

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

• Email and file servers. • Web applications. • Access control systems.

Further information National Cyber Security Strategy 2016–2021: https://www.gov.uk/government/publications/national-cyber-securitystrategy-2016-to-2021 National Cyber Security Centre: https://www.ncsc.gov.uk Cyber governance health check: https://gov.uk/government/publications/cyber-governance-health-check2018 Information Management Self-Assessment Tool (intended for a government or public sector audience): http://nationalarchives.gov.uk/informationmanagement/manage-information/ima/information-management-selfassessment-tool Cyber Security Small Business Guide: https://ncsc.gov.uk/smallbusiness

14.3

Council of Europe Convention on Cybercrime

The Council of Europe Convention on Cybercrime was adopted by the Council of Europe in 2001. Cybercrime is a major global challenge, which requires a coordinated international response. The Convention tries to achieve its aims by having legislation at an international level and by fostering international cooperation. The Convention places the onus on internet service providers as regards encryption and provides for the use of ‘coercive powers’, such as electronic surveillance, interception, search and seizure in dealing with offences. The Convention covers three key sets of issues: • Substantive computer crimes. • Government access to communications and computer data. • Trans-border co-operation. The offences covered by the Convention on Cybercrime are listed in Figure 14.2 opposite. They are not all ‘pure’ cybercrimes in the sense that some of the crimes can exist whether or not a computer is involved – such as copyright infringement. Each of the offences uses a form of words along the lines ‘when committed intentionally and without right’. In other words, to qualify as an offence the action must have been committed intentionally and in circumstances where the person committing the offence did not have the right to do what they did.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 289

CYBERSECURITY AND CYBERCRIME Illegal access Illegal interception Data interference System interference Misuse of devices Computer-related forgery Computer-related fraud Offences related to child pornography Offences related to infringement of copyright and related rights

289

Article 2 Article 3 Article 4 Article 5 Article 6 Article 7 Article 8 Article 9 Article 10

Figure 14.2 Offences covered by the Council of Europe Convention on Cybercrime The Convention is the first international treaty on crimes committed via the internet and other computer networks, dealing particularly with infringements of copyright, computer-related fraud, child pornography and violations of network security. It also contains a series of powers and procedures such as the search of computer networks and interception. Its main objective, set out in the preamble, is to pursue a common criminal policy aimed at the protection of society against cybercrime, especially by adopting appropriate legislation and fostering international co-operation. There is also an additional protocol from 28 January 2003 making any publication of racist and xenophobic propaganda via computer networks a criminal offence (https://www.coe.int/en/web/conventions/full-list/-/conventions/treaty/189).

14.4

The Computer Misuse Act 1990

The Computer Misuse Act (CMA) was published in the wake of Law Commission Working Paper No. 186 on Criminal Law: Computer Misuse (Cm 819), published in October 1989 in order to create specific offences to secure computers against unauthorised access or modification. Whilst the Act was originally intended mainly to address the problems caused by computer hacking, it is also being used effectively to deal with the deliberate release of computer viruses. The CMA (as amended) creates five offences: 1 It is an offence to cause a computer to perform any function with intent to gain unauthorised access to any program or data held in any computer, knowing at the time that it is unauthorised (Computer Misuse Act section 1). 2 It is an offence to commit an offence of unauthorised access under section 1 with the intention of committing or facilitating the commission of further offences (Computer Misuse Act section 2). 3 Unauthorised acts with intent to impair, or with recklessness as to impairing, operation of computer, etc. (Computer Misuse Act section 3).

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 290

290

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

4 Making, supplying or obtaining articles for use in offence under section 1, 3 or 3ZA. (Computer Misuse Act section 3A which was inserted by the Police and Justice Act 2006). 5 Unauthorised acts causing, or creating risk of, serious damage (Computer Misuse Act section 3ZA which was inserted by the Serious Crime Act 2015). This means that the Act is suitable for use against activities carried out across networks.

Sacked employee wreaks revenge on former employer A 17-year-old clerk was sacked from an insurance company. He decided to get his own back on his former employer. He downloaded a ‘useful’ piece of software from the internet – which is often referred to as a ‘bomber’ – and proceeded to use the software in order to send 5 million e-mails to his former employer over a period of three days. This resulted in the ex-employer’s website becoming overloaded and the site having to be taken down for a period of time, with a consequent loss of revenue. Actions of this kind are likely to cause an unauthorised modification of the contents of the computer to which the e-mails are directed and as such this would be a potential breach of the CMA. If the perpetrator’s actions were intended to impair the operation of, or hinder access to, the computer or any program held on it, this would constitute a criminal offence under section 3 of the CMA. If the consequences of their actions could be said to be reasonably foreseeable, then they would be likely to be treated as having the requisite intent. As a result of his actions, the ex-clerk was interviewed by the Metropolitan Police. Under section 17(5) of the CMA a person’s access is unauthorised if the person is not themselves entitled to control access of the kind in question to the program or data, and they do not have consent to access of the kind in question to the program or data from any person who is so entitled. Under section 2 of the CMA, it is an offence to commit an offence under section 1 with intent to commit or facilitate a further offence, whether or not both offences occur on the same occasion. Under section 3 of the CMA, it is an offence to do anything intentionally and knowingly to cause an unauthorised modification of the contents of any computer which will impair its operation, prevent or hinder access to any program or data, or which will impair the operation of the program or the reliability of the data. The requisite knowledge is knowledge that any modification they intend to cause is unauthorised. The section provides that intent need not be directed to

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 291

CYBERSECURITY AND CYBERCRIME

291

any particular computer, any particular program or data, or a program or data of any particular kind, or any particular modification or modification of any particular kind. Under section 3A of the CMA a further offence came into force in 2008 through SI 2008/2503 on making, supplying or obtaining articles for use in an offence under section 1 or 3 (which defines ‘article’ as any program or data held in electronic form). This criminalises making, supplying or obtaining ‘hacking tools’. A person is guilty of an offence if that person ‘supplies […] any article intending it to be used to commit, or assist in the commission of [a computer misuse offence]’ or ‘believing that is likely to be used to commit, or assist in the commission of [any such offence]’. Under section 3ZA, it is an offence to undertake unauthorised acts causing, or creating risk of, serious damage (this section was inserted by the Serious Crime Act 2015). 3ZA Unauthorised acts causing, or creating risk of, serious damage (1) A person is guilty of an offence if— (a) the person does any unauthorised act in relation to a computer; (b) at the time of doing the act the person knows that it is unauthorised; (c) the act causes, or creates a significant risk of, serious damage of a material kind; and (d) the person intends by doing the act to cause serious damage of a material kind or is reckless as to whether such damage is caused. (2) Damage is of a ‘material kind’ for the purposes of this section if it is— (a) damage to human welfare in any place; (b) damage to the environment of any place; (c) damage to the economy of any country; or (d) damage to the national security of any country. (3) For the purposes of subsection (2)(a) an act causes damage to human welfare only if it causes— (a) loss to human life; (b) human illness or injury; (c) disruption of a supply of money, food, water, energy or fuel; (d) disruption of a system of communication; (e) disruption of facilities for transport; or (f) disruption of services relating to health. (4) It is immaterial for the purposes of subsection (2) whether or not an act causing damage— (a) does so directly; (b) is the only or main cause of the damage.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 292

292

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

(5) In this section— (a) a reference to doing an act includes a reference to causing an act to be done; (b) ‘act’ includes a series of acts; (c) a reference to a country includes a reference to a territory, and to any place in, or part or region of, a country or territory. (6) A person guilty of an offence under this section is (unless subsection (7) applies) liable, on conviction on indictment, to imprisonment for a term not exceeding 14 years, or to a fine, or to both. (7) Where an offence under this section is committed as a result of an act causing or creating a significant risk of— (a) serious damage to human welfare of the kind mentioned in subsection (3)(a) or (3)(b), or (b) serious damage to national security, Offence

Penalty

Unauthorised access to computer material

On summary conviction On conviction, on indictment Up to 12 months in Up to two years in prison 1 prison or a fine not or to a fine or both exceeding the statutory maximum

Unauthorised access with intent to commit or facilitate commission of further offences

Up to 12 months in Up to five years in prison prison or a fine not or to a fine or both exceeding the statutory maximum

2

Unauthorised acts with intent to impair, or with recklessness as to impairing, operation of computer, etc.

Up to 12 months in Up to ten years in prison prison or a fine not or to a fine or both exceeding the statutory maximum

3

Unauthorised acts causing or creating risk of serious damage

Figure 14.3 Penalties for CMA offences

CMA section

Up to 14 years in prison 3ZA or to a fine or both. Imprisonment for life, or to a fine, or to both where the offence was committed as a result of causing an act causing or creating a significant risk of serious damage to human welfare or serious damage to national security

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 293

CYBERSECURITY AND CYBERCRIME Offence

Penalty

Making, supplying or obtaining articles for use in offences under section 1, 3 or 3ZA

Up to 12 months in Up to two years in prison 3A prison or a fine not or to a fine or to both exceeding the statutory maximum

293

CMA section

Figure 14.3 Continued a person guilty of the offence is liable, on conviction on indictment, to imprisonment for life, or to a fine, or to both. References to a fine mean an unlimited fine. According to section 17 of the CMA, a person secures access to any computer program or data held in a computer if by causing a computer to perform any function they: • Alter or erase the program or data. • Copy or move it to any storage medium other than that in which it is held or to a different location in the storage medium in which it is held. • Use it. • Have it output from the computer in which it is held (whether by having it displayed or in any other manner).

Computer Misuse Act 1990 – section 3 offence In a legal case from 2002, a manufacturing business decided to update its computer system. They employed an IT contractor to do the work for them. Unfortunately, they felt that he had not done a very good job and went to a second contractor to get the job completed. When it came to payment, they clearly had to pay for the services of the new contractor and at that point they also decided that they would not pay the original contractor. Access to the IT system had been set up for the original contractor to work from home and this access was still available at the time of the dispute. When the company refused to pay the original contractor, he was upset about this and decided to take matters into his own hands. He accessed the system and deleted all the files on it. These files included three years’ worth of fairly complicated design drawings. The company assessed the amount of damage it had suffered as a result at around £50,000. It is a criminal offence under section 3 of the CMA to carry out an unauthorised modification of material held on computer, when your intention is to prevent or hinder access to the data or impair its operational reliability. The contractor was prosecuted and convicted and was jailed for 18 months. There are a number of lessons from this case, even if some of them may seem

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 294

294

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

rather obvious: • Take regular backups. • Keep the backups in a separate place. • Be careful about who can access the computer system. • Be prompt at disabling access for employees and contractors as soon as they cease working for you. • Be very careful about who you give remote access to. • For contractors – don’t damage or disable a computer system, no matter what the provocation might be, as it is surely not worth a prison sentence.

Prison sentence for offences under the Act Simon Vallor, a web designer, created viruses on his home computer in Llandudno, which he then distributed over the internet in September and October 2001. The viruses were designed to e-mail themselves to everyone in the recipient’s address book. One virus was designed to delete all the data on a hard drive on 11 November. At least 29,000 computers were infected in 42 countries, while another 300,000 copies of the virus were stopped by anti-virus software. The cost of the episode ran to millions of pounds for businesses and computer users. Mr Vallor was sentenced to two years’ imprisonment for offences under the CMA. At the time this was the harshest sentence that there had been for this type of offence. Computer crime can raise issues relating to jurisdiction, since it is obviously possible for someone anywhere in the world to access a computer located in the UK. Sections 4–9 of the Act deal with jurisdictional issues. Provided that either the accused or the computer was within the jurisdiction at the time of the offence, then a prosecution is permitted.

14.5

The Network and Information Systems Regulations

The Network and Information Systems Regulations 2018: SI 2018/506 implement Directive 2016/1148 concerning measures for a high common level of security of network and information systems across the Union. They provide a national framework for the security of network and information systems in the United Kingdom. The regulations impose obligations on two types of organisation: • Operators of essential services (OES). • Relevant digital service providers (RDSP). The duties imposed on OESs and RDSPs under the regulations fall under two categories:

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 295

CYBERSECURITY AND CYBERCRIME

295

• A requirement to take appropriate and proportionate measures to ensure the security of network and information systems. • The duty to notify security breaches. The UK government has set out four top-level objectives: • • • •

Managing security risk. Protecting against cyberattack. Detecting cybersecurity events. Minimising the impact of cybersecurity incidents.

14.6

Hacking

Hacking is the act of deliberately gaining unauthorised access to an information system. Many instances of hacking might be classed as nuisance attacks, but far more serious are instances where the hacker had malicious intent. Section 1 of the CMA makes hacking per se a criminal offence, regardless of whether or not any harm is intended. If, for example, a hacker broke into a computer simply out of curiosity, they would have committed an offence so long as they were aware that their access was unauthorised. Hackers can be deterred through the use of well-configured firewall protection, intrusion detection software and filtering software.

14.7

Viruses, worms and Trojans

Computer viruses, in the same way as biological viruses, make copies of themselves and cannot exist without a host. They may infect program files, programs in disk sectors, or files that use a macro. Worms are similar to viruses. Like viruses, they make copies of themselves, but do so without the need to modify a host. By repeatedly making copies of itself, a worm tries to drain system resources. Trojans are named after the Trojan Horse – a giant wooden horse that concealed Greek soldiers who used it in order to invade the ancient city of Troy – because Trojan horse programs conceal hidden programming which can cause significant damage to your computer. It is no longer the case that a computer user has to click on a file attachment in order to trigger a virus infection. It may be sufficient merely for the user simply to read an infected e-mail in order for the virus to be launched. The CMA applies to those who release damaging viruses into the wild, even if the person doing so does not have the intent to damage a particular computer. Some e-mails aren’t intended to destroy data or prevent programs from operating but might simply use directories to propagate themselves around e-

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 296

296

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

mail systems. Nevertheless, there could still be the possibility of a criminal conviction. Under section 1 of the Act, the use of the recipient’s e-mail program to cause the incoming e-mail virus to propagate onwards by means of the e-mail system could be said to be access of an unauthorised nature and would therefore be liable to prosecution under section 1. Section 3 of the CMA can be used to prosecute people who introduce viruses, worms or Trojans to computer systems. Under section 3(2), an offence occurs if damage to a computer impairs the operation of any computer.

Example of a Trojan infecting library computers Almost 600 computers used by staff and the public at the Anne Arundel county public library were infected with the Emotet banking Trojan, with nearly 5,000 customers possibly being affected by the breach. Source: Annapolis library computers infected with Emotet, almost 5k customers affected, Softpedia News, 8 October 2018.

14.8

Intellectual property infringement

There are a number of cybercrimes that represent various different aspects of intellectual property infringement.

14.8.1 Plagiarism Plagiarism means to use or to pass off as one’s own the ideas or writings of someone else. Electronic detection tools such as Turnitin software are increasingly being used to detect student plagiarism electronically.

14.8.2 Software piracy Software piracy is the copying of software without permission. This is a crime that can potentially be punished by imprisonment and/or a fine. Ongoing auditing and tracking of software use is essential to ensure compliance with software licensing agreements.

14.8.3 Making illegal downloads of music files Several peer-to-peer file-sharing networks have been used by internet users in order to make illegal music downloads. Organisations representing the music industry, such as IFPI and the British Phonogram Industry, have taken out legal actions in order to protect the interests of their members. Indeed, they have taken court action to force ISPs to disclose the details of people alleged to have used peer-to-peer file-sharing services to copy or to share unlawfully copied files.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 297

CYBERSECURITY AND CYBERCRIME

297

14.8.4 Other examples of copyright abuse According to the BSA Global Software Survey June 2018 (https://gss.bsa.org/ wp-content/uploads/2018/05/2018_BSA_GSS_Report_en.pdf), 37% of software installed on personal computers is unlicensed; while malware from unlicensed software costs companies worldwide nearly US$359 billion a year. According to a story that appeared in Out-law News (2005), a Hong Kong man received what was reported to be the world’s first jail sentence for making movies available online on a file-sharing website. The 38-year-old man was given a threemonth custodial sentence. The Motion Picture Association of America (MPAA) said that the man faced a maximum of four years in prison and a possible US$6,400 fine for every copy distributed without permission. The MPAA has filed a considerable number of lawsuits. These have been targeted both at users themselves and at website operators, who stand accused of helping online pirates to make millions of illegal copies of movies and television programmes.

14.9

Pornography

The computer has made it much easier for people to store and disseminate offensive material than was the case in the paper-based world. There have been instances where employees have used company servers as a repository for pornographic material. From the point of view of an employer, the key issue is that such material may already be stored on their company’s systems without their knowledge. Pornography can be split up into two main types, according to whether it is legal or not. Firstly, there is pornography directed at adults, which it is illegal for adults to read or view according to the rules of a particular legal system. The material most universally accepted as falling into this category would be child pornography. Secondly, there is pornography or other sexual material which is not illegal for adults to access, but which may nevertheless be considered to be harmful or upsetting for others including children to see. The traditional approach of UK legislation has been that it is acceptable to possess obscene

University of Central England’s library investigated under Obscene Publications Act In October 1997, the University of Central England’s library was ‘raided’ by West Midlands Police Paedophile and Pornography Squad who confiscated a copy of Mapplethorpe published by Jonathan Cape in 1992, a book about Robert Mapplethorpe and his work. A final year undergraduate student at UCE’s Birmingham Institute of Art and Design was writing a paper on the work of Robert Mapplethorpe and intended to use images from the book for a major piece of coursework on ‘Fine Art Versus

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 298

298

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

Pornography’. She took the photographs to the local chemist to be developed and the chemist informed West Midlands Police because of the unusual nature of the images. The police confiscated the library book from the student and informed the University that as two photographs in the book were obscene, they would have to be excised. If the University agreed to the excision, no further action would be taken. The police interviewed University Vice Chancellor Dr Peter Knight under caution with a view to prosecution under the terms of the Obscene Publications Act 1959, which defines obscenity as material that is likely to deprave or corrupt. The Vice Chancellor was under threat of imprisonment unless he agreed to the destruction of portions of the book. The Senate of UCE decided that ‘principles are priceless’ and fully supported the Vice Chancellor, Dr Knight, who took the view that the book was a legitimate book for the university library to hold and that the action of the police was a serious infringement of academic freedom. After the interview with the Vice Chancellor, a file was sent to the Crown Prosecution Service (CPS). The decision as to whether or not the matter should proceed to trial was down to the Director of Public Prosecutions (DPP). The DPP decided that no action would be taken as ‘there was insufficient evidence to support a successful prosecution on this occasion’. The original book was returned, in a slightly tattered state, and restored to the University library. The decision not to prosecute brought to an end a year of uncertainty for the University, during which time students had been denied access to vital materials which formed an important part of their art and design curriculum. material in private as long as there is no attempt to publish, distribute or show it to others – particularly for gain. With regard to child pornography – which by its very nature features the sexual abuse of children – the UK parliament has taken the view that possession as well as circulation of such material should be criminalised. Storage and transmission of obscene material is a criminal offence under the Obscene Publications Acts 1959 and 1964. It is also an offence under The

Porn protest librarian Ceri Randall, a supervisor at the library in Pyle, South Wales, refused to serve a library user whom she caught sharing sexual fantasies on a library computer. Press reports at the time suggested that Ms Randall was facing disciplinary action as a result, whilst the library user had been given an apology by the head of library services (The Times, 2005). In order to clarify the situation, Bridgend County Borough Council issued a statement on 19 October 2005. It explained that:

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 299

CYBERSECURITY AND CYBERCRIME

299

Over two years ago, a member of the public was banned from using library facilities due to the inappropriate use of internet facilities. There is no evidence of this being anything other than use of a chat room. This has been investigated by the authority and the police were informed. The use breached the council’s own protocol, but was not unlawful. The authority has a significant investment in filtering technology and takes issues of the misuse of its facilities extremely seriously. The member of public apologised immediately and accepted the ban […] There has been, and is no, proposed disciplinary action against the member of staff concerned. The authority has offered every support to the member of staff, including enabling the member of staff not to serve the individual concerned. (Source: Bridgend County Borough Council, 2005)

R. v. Schofield [2003] This case involved a Trojan virus, which, as its name suggests, is something that looks innocuous and does not do anything until it has installed itself on your computer. Once there, it can do all sorts of nasty things. In particular, someone else can use it to obtain remote access to, and control of, your computer. Background: • Mr Schofield was charged in relation to the making of indecent images of children, based on 14 ‘depraved images’ that were found on his PC. • Mr Schofield claimed that he didn’t know how these images had got onto his computer. • Vigilantes drove him out of his home and he had to spend a month in hiding. • When an expert examined Mr Schofield’s PC, a Trojan virus was discovered and this had been installed on the machine a day before the offending images had been downloaded. The expert concluded that the Trojan could have downloaded the images from the internet without the knowledge of Mr Schofield. The prosecution accepted that they were not able to show that Mr Schofield was the only person who could have downloaded these images onto the PC and he was consequently acquitted. This case is interesting for the following reasons: • It is extremely worrying that Trojans might be used to download illegal material to an individual’s PC without the individual knowing. • There is a real risk of an innocent person being convicted (and subsequently having their life ruined, as nearly happened to Mr Schofield). • There have been reports of Trojans that, once installed on an individual’s computer, allow that computer to be used as a sort of mini server to enable

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 300

300

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

the downloading of pornography. The person actually responsible for the pornography can, in effect, conceal himself behind a number of other peoples’ computers without that person even knowing that their computer is acting as a conduit. • This is possibly the first time a defence has been used based on the suggestion that ‘the computer did it’. • It makes investigation of genuine offenders more difficult. Not only may law enforcement agencies have to be more cautious when they find images on a PC, but genuine offenders may also seek to use the ‘Trojan’ defence themselves. In the end, if this happens with any frequency it may reduce the chances of achieving a successful prosecution of genuine offenders. • Unless there is clear evidence that there has been no third-party interference with a computer, using an argument about a computer virus may be enough to introduce a reasonable doubt into the minds of a judge or jury. The defence may well be a genuine one in some cases, but it may also prevent successful prosecutions being brought against genuine offenders and thus reduce the effectiveness of laws against hacking or the dissemination of offensive or pornographic material. Obscene Publications Act 1959 to publish an obscene article, whether or not for gain. This is further extended in the Criminal Justice and Public Order Act 1994 which deals specifically with ‘obscene publications and indecent photographs of children’. Other relevant legislation includes the Protection of Children Act 1978. There is also the Criminal Justice Act 1988, which makes it an offence for a person to have any indecent photograph of a child in his possession. A ‘child’ in this context is defined as a person under the age of 16. The test for ‘obscenity’ is set out in The Obscene Publications Acts 1959 and 1964 as being material which tends to ‘deprave and corrupt’ those who are likely, having regard to all relevant circumstances, to read, see or hear it. In August 2005, the Home Office issued a consultation paper on the possession of extreme pornographic material (Home Office, 2005), which sought views on a proposal to make illegal the possession of a limited range of extreme pornographic material featuring adults. The aim was to mirror the arrangements already in place in respect of indecent photographs of children, possession of which was already an offence. It set out options for creating a new offence of simple possession of extreme pornographic material which is graphic and sexually explicit and which contains actual scenes or realistic depictions of serious violence, bestiality or necrophilia. The material in question would be illegal to publish, sell or import under the Obscene Publications Acts 1959 and 1964, and in Scotland, the Civic Government (Scotland) Act 1982. This led the

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 301

CYBERSECURITY AND CYBERCRIME

301

government to introduce a new offence of possession of extreme pornographic images when it passed the Criminal Justice and Immigration Act 2008 section 63, which came into force in January 2009.

14.10 Fraud Computers can be used as a tool to commit fraud. There are a wide range of different types of fraud which can be classed as cybercrimes. These would include securities and financial fraud, credit card fraud and other types of computer-related fraud, such as phishing or identity theft. Identity theft, said to be Britain’s fastest growing fraud, is where a thief steals someone’s identity, which could then potentially be used in order to open a bank account or set up credit cards in that person’s name. The Fraud Act 2006 created a new offence of fraud that can be committed in three ways: by making a false representation (dishonestly, with intent to make a gain, cause loss or risk of loss to another), by failing to disclose information, and by abuse of position. Offences were also created of obtaining services dishonestly, possessing equipment to commit frauds, and making or supplying articles for use in frauds.

14.10.1 Phishing Phishing is the fraudulent acquisition, through deception, of sensitive personal information such as passwords and credit card details, by masquerading as someone trustworthy with a genuine need for that information. The term was coined back in the 1990s by crackers attempting to steal AOL accounts. A fraudster would pose as an AOL staff member and send an instant message to a potential victim. The message would ask the victim to reveal his or her password, for instance to ‘verify your account’ or to ‘confirm billing information’. Once the victim gave over the password, the fraudster could access the victim’s account and use it for criminal purposes, such as spamming. Phishing has become very common, using the websites of financial services companies, auction websites or internet payment services. Companies are trying to educate their customers not to give out personal data in response to an e-mail. In the struggle against phishing, there are tools available which make it easier to spot a spoofed website by prominently displaying only the most relevant domain information. Spoofed websites are ones which are deliberately designed in order to look like a legitimate website. In order to verify whether a website is genuine or not, it is best to verify the security certificate of the site. To do this, users should click onto the lock icon on the status bar. This symbol signifies that the website uses encryption to help protect any sensitive personal information.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 302

302

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

14.10.2 Pharming Pharming is the ability to connect to your PC or laptop with the purpose of retrieving ‘sensitive’ information and even your keystrokes (these can be used to trap your log-in names and passwords). You do not necessarily know this is happening and, generally, these attacks happen wirelessly. TIP: In order to minimise the risks posed by pharming, it is advisable to make sure you have up to date anti-virus protection – which means not only installing anti-virus software, but also making sure that you run regular updates – and also to install spyware removal software on your equipment and run regular scans.

14.11 Denial of service attacks There may be occasions when accessing a website could be said to be an offence under the CMA. Accessing a publicly available website is not an offence in itself as there is an implied authorisation for people to access the website. Where it gets more tricky is in those instances where that access is abused. Is, for instance, a denial-of-service attack (DoS) an offence? Such an attack consists of sending massive quantities of otherwise normal messages or page requests to an internet host, with the result that the server is overloaded, is unable to deal with legitimate requests and in effect becomes unavailable. The perpetrator of a DoS attack might wish to use the space on your hard drive and your central processing unit (CPU), combined with the computer power of many thousands of other machines, in order to take control of those PCs and to have them direct traffic on the web to one well-known internet site. This then overloads the web server, making the site unavailable. The Police and Justice Act 2006 included several provisions that amended the CMA, although these didn’t come into force until 2008 as a result of The Police and Justice Act 2006 (Commencement No. 9) Order 2008: SI 2008/2503. The amendments clarified that the launching of denial of service attacks is a criminal offence, whether it is done recklessly or with intent. On 12 August 2013, the European Parliament and European Council adopted Directive 2013/40/EU on attacks against information systems, replacing Council Framework Decision 2005/222/JHA. The Serious Crime Act 2015 makes two amendments to the CMA 1990 to ensure that the UK law is fully compliant with the Directive.

14.12 Acceptable use policies TIP: Companies should set policies for employees to abide by, in order that they know what is expected of them. This can be in the form of a

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 303

CYBERSECURITY AND CYBERCRIME

303

written policy statement covering the reasonable use of the internet, email and the company intranet. All employees should be given a copy, and this should include new members of staff when they join the firm. It could, for example, be covered as part of the induction process. Well-drafted policy statements are of no use if they are not sent to all employees, or if some employees are unaware that the policy exists. It is also important that the principles enshrined in these policies are policed adequately and any breaches are dealt with in a consistent manner through the company’s disciplinary policy. If companies fail to enforce these policies adequately, they cannot seek to rely on them indiscriminately when dealing with any breaches, as employees would be able to challenge the enforceability of the policy if it were not adequately policed and implemented. There has to be a consistency in their approach. Examples of unacceptable content should be outlined. For example, in the case of publishing content to the company’s intranet, you might want the list of unacceptable content to cover: • Offensive material (such as pornographic, abusive, indecent or profane items). • Items which insult or intimidate someone. • Lewd comments, jokes or banter. • Swear words and offensive language. • Chain letters. • Any purpose which is illegal or contrary to the employer’s interest. • Disclosing personal data without consent of the data controller, contrary to the DPA.

14.13 Communications Act 2003 Section 127 of the Communications Act 2003 says that ‘a person is guilty of an offence if he sends by means of a public electronic communications network a message or other matter that is grossly offensive or of an indecent, obscene or menacing character’. A ‘public electronic communications network’ is defined widely enough for it to be able to cover internet traffic that goes through telephone lines or other cables. In section 151 there is a definition of ‘public electronic communications network’ as an electronic communications network provided wholly or mainly for the purpose of making electronic communications services available to members of the public. In November 2018, six men were arrested over the burning of an effigy of the Grenfell Tower on bonfire night, and subsequently posting their ‘joke’ online. Lawyers were discussing what crime, if any, might have been committed. For

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 304

304

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

example, there was discussion about whether it met the test for being considered a hate crime. Posting the video online could potentially violate section 4A of the Public Order Act 1986, which makes it a crime to display any writing, sign or other visible representation which is threatening, abusive or insulting. There was also discussion around the Communications Act 2003 and the section 127 offence of sending a ‘grossly offensive message’. This has a lower hurdle to overcome as it does not require intent, merely an ‘awareness’ that the video might be considered to be ‘grossly offensive’ by the survivors of the Grenfell Tower disaster.

References Annapolis Library Computers Infected with Emotet, Almost 5k Customers Affected, Softpedia News, 8 October 2018. Bridgend County Borough Council (2005) 19 10 05 Statement Re: Internet Usage at Pyle Life Centre. BSA (2018) Software Management: Security Imperative, Business Opportunity – Global Software Survey June 2018, https://gss.bsa.org/wpcontent/uploads/2018/05/2018_BSA_GSS_Report_en.pdf. de Bruxelles, S. (2005) Porn-Protest Librarian Faces Sack, The Times, 19 October. Home Office (2005) Consultation on Possession of Extreme Pornographic Material, http://news.bbc.co.uk/1/shared/bsp/hi/pdfs/30_08_05_porn_doc.pdf. Home Office (2018) Understanding the Costs of Cyber Crime: a report of key findings from the Costs of Cyber Crime Working Group, https://assets.publishing.service.gov.uk/government/uploads/system/ uploads/attachment_data/file/674046/understanding-costs-of-cyber-crimehorr96.pdf Norton (2017) Norton Cyber Security Insights Report: global comparisons, https://symantec.com/content/dam/symantec/docs/about/2017-ncsirglobal-comparison-united-kingdom-en.pdf. Out-law News (2005) First Jail Sentence for Movie File Sharing, 7 November, http://www.out-law.com/page-6310. Robinson, M. (2018) Can the ‘Grenfell Six’ REALLY be prosecuted? Police scramble to work out what charges – if any – they can bring against mob who torched tower effigy in sickening bonfire video, Daily Mail, 7 November 2018.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 305

CHAPTER 15

Disability discrimination

Contents 15.1 15.2 15.3 15.4 15.5

General principles Copyright and the disability exceptions The Right to Read Website accessibility Further information

15.1

General principles

Disabled people are among the most excluded in society. They encounter many barriers to accessing the services of archives and libraries, including physical, sensory, attitudinal, cultural and intellectual ones. Library and information services need to ensure that they do not discriminate against those who are disabled. This is not solely a moral issue. The Equality Act 2010 makes the fair treatment of disabled people a legal requirement. According to the definition of ‘disability’ under the Equality Act 2010 (section 6) a person has a disability if they have a physical or mental impairment and if the impairment has a substantial and long-term adverse effect on their ability to perform normal day-to-day activities. For the purposes of the Act, ‘substantial’ means more than minor or trivial (section 210 general interpretation); ‘longterm’ means that the effect of the impairment has lasted or is likely to last for at least twelve months (Schedule 1 Part 1 section 2); and ‘normal day-to-day activities’ include everyday things such as eating, washing, walking and going shopping. Discrimination against disabled people can take place in either of two ways, by: • Treating them less favourably than other people because of a protected characteristic (EA 2010 section 13(1)). • Failing to make a reasonable adjustment (EA 2010 sections 20–21) when they are placed at a ‘substantial disadvantage’ compared to other people for a reason relating to their disability.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 306

306

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

The characteristics that are protected are: • • • • • • • •

Age. Disability. Gender reassignment. Pregnancy and maternity. Race. Religion or belief. Sex. Sexual orientation.

Marriage and civil partnership are also protected characteristics under the Act but are not covered by the public sector equality duty. A reasonable adjustment might be any action that helps to alleviate a substantial disadvantage. This could involve changing the organisation’s standard procedures; providing materials in Braille as an additional service; providing appropriate adjustments to the physical environment; or training staff to work with disabled people. People with disability can include those with physical or mobility impairments; hearing impairments; dyslexia; medical conditions; mental health difficulties; visual impairment; or people with learning difficulties. The Office for Disability Issues has published Equality Act 2010: guidance on matters to be taken into account in determining questions relating to the definition of disability (https://assets.publishing.service.gov.Uk/government/uploads/system/ uploads/attachment_data/file/570382/Equality_Act_2010-disability_definition. pdf). Whilst the guidance doesn’t impose legal obligations in its own right, and nor is it an authoritative statement of the law, Schedule 1, paragraph 12 of the EA 2010 requires courts, tribunals and adjudicating bodies to take the guidance into account. TIP: In order to ensure that they do not discriminate on the grounds of disability, library services need to take account of disability issues when considering matters of service planning, delivery and quality; they need to be able to provide equality of access to their services; and they also need to assess, deliver and evaluate disability training. Managers of library and information services can make use of toolkits, checklists and best-practice standards to help them identify and assess whether or not their existing policies and procedures result in disabled people receiving a level of service which is inferior to the one which is available to everyone else. They

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 307

DISABILITY DISCRIMINATION

307

should think about the accessibility of their service to people with disabilities, both in terms of physical access and intellectual access.

✒ Useful resource Reading Sight: reading with sight loss www.readingsight.org.uk Libraries can invest in adaptations for people with disabilities. For example, adjustments made to the physical access can include: • • • • • • • • • •

Ramps. Colour-contrasting handrails. Swing-resistant automatic doors. Ensuring the appropriate widths needed for wheelchairs. Checking the rise of steps and the height of lift-call buttons. Signage and guiding, including international access symbols. Appropriate shelf heights. Access to catalogues and terminals. Access to library publications and websites. Fully adjustable tables and chairs.

TIP: If the library is planning a refurbishment, staff should take account of best practice guidance and any relevant British Standards. For example, there is a British Standard covering the slip-resistance of different floor surfaces. Access requirements are often equated with wheelchair access when less than 8% of disabled people are wheelchair users. This lack of awareness can be a barrier to serving the majority of disabled people. There are many adaptations to technology that can greatly assist people with disabilities. These include: • • • • • • • •

Different-sized keyboards. Mouse alternatives. Lap trays. Wrist rests. Screen magnifiers. Dyslexia and literacy software. Document readers. Voice-recognition technology.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 308

308

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

It is also important to ensure that staff are equipped with the knowledge they need in order to serve disabled users effectively – for example, by being able to adjust a computer to an individual user’s needs.

✒ Useful resource Robertson, L. (2007) Access for library users with disabilities, SCONUL, https://sconul.ac.uk/sites/default/files/documents/access_disabilities_0.pdf.

TIP: Library and information services need to have appropriate policies, procedures and plans in place to serve the needs of their disabled users effectively. Staff training is a key part of ensuring that this isn’t just a theoretical aim, but that the policies and procedures are put into practice.

TIP: Library and information services need to be mindful about the needs of their disabled users when they prepare promotional literature about their services as the literature must be accessible to those users.

1. Is the information about library facilities accessible to disabled people? 2. Is promotional literature available in alternative formats such as Braille, audio or large print? 3. Is web-based material accessible to those using assistive technology, such as screenreading software, or those not using a mouse? 4. Does information about services and facilities make clear the adjustments that are already in place? And does it also point out that additional adjustments can be made on an individual basis?

Figure 15.1 Promotional material

Institutions are expected to make ‘anticipatory’ adjustments and not simply to wait until a disabled person requires a particular adaptation, although the Equality Act 2010 doesn’t use the word ‘anticipatory’. In considering what anticipatory adjustments should be made, it is important to ask some key questions. For example: 1. Are the library buildings accessible? 2. Do they have accessible toilets? 3. Are the fire and emergency procedures appropriate for the library’s disabled users? 4. Are the catalogue and instructions on its use available in accessible formats?

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 309

DISABILITY DISCRIMINATION

309

5. Are aisles wide enough for wheelchairs? 6. Are there staff available to fetch books for those who cannot reach or see them? 7. Does the library provide materials in large print or online in order to cater for those who cannot use standard print? 8. Are longer loans periods available for those who need them? 9. Have staff been given the appropriate training? For example, could they support someone having an epileptic seizure? It will ultimately be for the courts to decide what anticipatory adjustments it is reasonable to expect organisations to make. It is essential to review services periodically in order to take into account any changes in best practice or technological advances. Figure 15.2 provides a checklist of areas to address in order to ensure compliance with current disability discrimination legislation. 1. Do you have an equal opportunities policy that makes specific reference to disabled people? 2. Has your organisation carried out a disability access audit? 3. Does your organisation carry out staff training to increase awareness of disability access? 4. How does your organisation consult with its disabled users and non-users? 5. In what ways are your services accessible to disabled people? 6. How is technology used in order to improve access for disabled people? 7. How is publicity and promotion targeted towards disabled people? 8. How does your organisation keep abreast of the growing body of best practice on access issues for disabled people?

Figure 15.2 Compliance checklist

Library breached disability discrimination legislation The University of Wales Trinity Saint David had to pay out £20,000 in compensation to Andrew Brenton, a photography student, due to shortcomings which made its basement library inaccessible to both him and other disabled students. One of the University’s senior staff was found to have written in an e-mail that he understood that the building had been constructed without taking into account the Disability Discrimination Act in order to save money. Source: Library Fines – Uni Gets Book Thrown at it for Disability Discrimination, ThisWeekinFM.com.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 310

310

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

15.2

Copyright and the disability exceptions

Anyone who has an impairment that prevents them accessing copyright works is able to benefit from the disability exceptions. The CDPA has the following sections covering disability: • 31A – Disabled persons: copies of works for personal use. • 31B – Making, communicating, making available, distributing or lending of accessible copies by authorised bodies. • 31BA – Making, communicating, making available, distributing or lending of intermediate copies by authorised bodies. • 31BB – Accessible and intermediate copies: records and notification. • 31F Sections 31A to 31BB interpretation and general. There are equivalent exceptions to rights in performances in Schedule 2, paragraphs 3A to 3E inclusive of the CDPA. The disability exceptions were amended by The Copyright and Related Rights (Marrakesh Treaty, etc.) (Amendment) Regulations 2018: SI 2018/995 which implements Directive (EU) 2017/1564 on certain permitted uses of certain works and other subject matter protected by copyright and related rights for the benefit of persons who are blind, visually impaired or otherwise print-disabled. The law allows disabled persons (or someone acting on their behalf), educational establishments and not-for-profit organisations to reproduce all types of copyright protected content in accessible formats. Authorised bodies are only able to distribute, communicate, make available or lend accessible copies to disabled persons or other authorised bodies. It is not necessary for them to purchase a licence. CDPA 1988 section 31F(4) says that an ‘accessible copy’ of a copyright work means a version of the work which enables disabled persons to access the work, including accessing it as feasibly and comfortably as a person who is not a disabled person. Section 31F(5) says: An accessible copy – (a) may include facilities for navigating around the version of the work, but (b) must not include any changes to the work which are not necessary to overcome the problems suffered by the disabled persons for whom the accessible copy is intended. Organisations wishing to produce subtitled copies of broadcasts on behalf of deaf and other disabled people are able to do so without the need to go through a bureaucratic designation process.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 311

DISABILITY DISCRIMINATION

311

Where organisations (‘authorised bodies’) make and supply accessibleformat copies for disabled people, they have a duty to keep records of the copies they make and provide them to the copyright owner of the material. The law covers acts such as: • Making Braille, audio or large-print copies of books, newspapers or magazines for visually-impaired people. • Adding audio-description to films or broadcasts for visually-impaired people. • Making subtitled films or broadcasts for deaf or hard of hearing people. • Making accessible copies of books, newspapers or magazines for dyslexic people. The key requirements are: • You have lawful access to the material. • Where an authorised body makes a copy on behalf of the disabled person, they may only charge a fee if it does not exceed the cost of making and supplying the copy. The exception(s) apply to all types of work (including databases). Indeed, SI 2018/995 amended the database regulations SI 1997/3032, inserting the following text into Regulation 20: Exceptions to database right: Marrakesh beneficiaries 20B. Database right in a database is not infringed by the making of an accessible copy of a work under sections 31A, 31B or 31BA of, or paragraphs 3A, 3B or 3C of Schedule 2 to, the 1988 Act for the benefit of a Marrakesh beneficiary. The Marrakesh Directive (2017/1564) and the Regulation (2017/1563) deal with the cross-border exchange of accessible format copies. The Marrakesh Directive requires that a complaints mechanism is available for users to complain when technological protection measures prevent the use of works under the exceptions, including where they have been made available in such a manner that they can be accessed by the public at a time and place of their choosing. The UK’s existing complaints mechanism was therefore amended to extend to works made available in this manner. Section 296ZE of the CDPA 1988 has been amended, so that it now reads: (9) Subject to subsection (9A), this section does not apply to copyright

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 312

312

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

works made available to the public on agreed contractual terms in such a way that members of the public may access them from a place and at a time individually chosen by them. (9A) But this section does apply where the application of any effective technological measure to a Marrakesh work prevents the making of an accessible copy of that work under sections 31A, 31B or 31BA, or paragraphs 3A, 3B or 3C of Schedule 2, for the benefit of a Marrakesh beneficiary. The legislation used to say that the copy did not infringe as long as a copy of the inaccessible material is not already commercially available in an accessible format. However, the Marrakesh Directive does not allow for the UK to retain these commercially available restrictions and they were therefore removed by SI 2018/995. As removal of the commercial availability provision may impact on rights holders, the IPO consulted on the changes and asked whether there should be a compensation scheme. They asked respondents to the consultation paper to provide economic evidence of the impact of removal of the commercial availability clauses to justify the introduction of a compensation scheme. However, respondents did not provide sufficient evidence of harm to rights holders, which would be required to justify the introduction of such a scheme. The government therefore decided not to implement any form of compensation scheme. A statutory review clause is included in SI 2018/995 as Regulation 20, which means that the legislation will be kept under regular review: 20(1) The Secretary of State must from time to time— (a) Carry out a review of these Regulations, and (b) Publish a report setting out the conclusions of the review. (2) The first report must be published before 11th October 2023. (3) Subsequent reports must be published at intervals not exceeding 5 years.

✒ Useful resource Coates, J. et al. (2018) Getting Started – Implementing the Marrakesh Treaty for Persons with Print Disabilities: a practical guide for librarians, World Blind Union et al., http://www.eifl.net/system/files/resources/201808/getting_started_ marrakesh_en.pdf.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 313

DISABILITY DISCRIMINATION

15.3

313

The Right to Read

The Royal National Institute of the Blind (RNIB) have been running a ‘Right to Read’ campaign for over 15 years. See, for example, Overdue: the right to read for almost three million people in the UK with sight problems or other reading disabilities, RNIB, 2003: https://rnib.org.uk/sites/default/files/Overdue%20Campaign% 20report.pdf. According to the RNIB’s 2003 report, Written Off, three million people in the UK are being denied the right to read. They make the point that whilst government is pouring billions of pounds into literacy initiatives across the UK, people with sight problems or print reading disabilities are being forgotten. According to the World Blind Union (WBU press release, 23 April 2016), less than 10% of published works are made into accessible formats in developed countries (http://worldblindunion.org/English/news/Pages/Millions-of-Peopleare-Denied-Access-to-.aspx).

✒ Useful resource There is a report that documents the results of the ‘Availability of accessible publications’ project: Lockyer, S., Creaser, C. and Davies, J. E. (2005) Availability of Accessible Publications, LISU Occasional Paper no. 35, undertaken for the RNIB by LISU. And there is also a more recent report: Availability of accessible publications 2011 update. RNIB, https://rnib.org.uk/sites/default/files/2011_Accessibility_Update_final_report. pdf.

15.4

Website accessibility

Making a website or mobile app accessible means ensuring that it can be used by as many people as possible. That includes: • • • •

The visually impaired. Those with motor difficulties. People with cognitive impairments or learning disabilities. The deaf and the hard of hearing.

In order to be accessible, the website content needs to be clear and simple enough so that most people are able to use it without the need to adapt it and support needs to be available for those who do need to adapt the content. Examples of inaccessible websites include:

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 314

314

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

• Ones that cannot be navigated using a keyboard. • Ones which have inaccessible PDF forms that cannot be read out on screen readers. • Poor colour contrast making it difficult for partially sighted people to be able to read the text. There are several regulations governing public sector bodies that require them to make their website or mobile app more accessible by making it ‘perceivable, operable, understandable and robust’. The legislation aimed specifically at public sector bodies includes: • Directive 2016/2102/EU on the accessibility of the websites and mobile applications of public sector bodies. • The Public Sector Bodies (Websites and Mobile Applications) Accessibility Regulations 2018: SI 2018/852. • The Public Sector Bodies (Websites and Mobile Applications) (No. 2) Accessibility Regulations 2018: SI 2018/952. Public sector bodies need to: • Ensure that they meet the accessibility standards (WCAG 2.1 AA http://w3.org/TR/WCAG21). • Publish an accessibility statement that includes the details of any content that does not meet accessibility standards. • Be prepared to provide an accessible alternative within a reasonable time for the content that doesn’t meet the standards if someone comes forward to request it. If a business has a website that is not accessible to disabled users, they could be sued for discrimination under the Equality Act 2010 (although private companies are not subject to the public sector equality duty laid out in section 149 of the EA). While the Equalities Act does not explicitly refer to websites, there is a consensus that the reference to the ‘provision of a service’ (in section 21(1)) would apply to commercial web services. The RNIB has taken legal action against a number of companies over the question of website accessibility. In some cases, these were settled out of court without the companies being named. In 2012, the RNIB announced that it was taking action against BMI Baby over the airline’s failure to make its website accessible to blind and partially sighted customers: https://www.civilsociety.co.uk/ news/rnib-launches-legal-action-over-accessibility-of-bmibaby-website.html. In another case there was an employment tribunal finding of discrimination. That

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 315

DISABILITY DISCRIMINATION

315

case involved accessibility of a computer-based examination. The codes of practice produced by the Equality and Human Rights Commission (which incorporates what was the Disability Rights Commission) make clear that online services are subject to the anti-discrimination legislation. Indeed, the EHRC worked with the British Standards Institution in order to produce guidance on website accessibility which resulted in the publication of BS 8878:2010 Web Accessibility, Code of Practice. Blind people are especially disenfranchised, but partially sighted and dyslexic people also have problems accessing the web. TIP: There are a number of tools available to test technical aspects of website accessibility such as those listed on the W3C Web Accessibility Evaluation Tools List: www.w3.org/WAI/ER/tools.

Maguire v. Sydney Organising Committee for the Olympic Games [1999] HREOCA 26 This Australian case is useful in illustrating what adjustments might be considered reasonable in the context of website accessibility. This was an action brought in front of Australia’s Human Rights and Equal Opportunities Commission (HREOC) by Maguire, who had been blind since birth. His action was in respect of the defendant’s website, which he alleged was inaccessible and thus infringed the Commonwealth Disability Discrimination Act 1992. Maguire was an experienced computer user who accessed the internet using a refreshable Braille display and a web browser. Despite a number of changes made by the defendant, Maguire delivered a statement asserting that the website was still inaccessible as of 17 April 2000 and requested the HREOC to order certain changes to the website. Maguire asked the HREOC to order that the defendant ensure access from the Schedule page to the Index of Sports, among other things. The defendant argued that access to the Index of Sports was possible by entering the URL for each sport directly into the browser. However, the Commission noted that this went against the way the internet worked, i.e. by using links to avoid having to know the correct URL for every page. The HREOC held that discrimination had taken place in that blind people were treated less favourably. The HREOC looked at the defendant’s claim that unjustified hardship would be caused to it as a result of having to make changes to the website. It held that the detriment to the defendant would only be moderate and had the issue been

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 316

316

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

considered at the planning stages, detriment would have been negligible. Although this is an Australian case, the equivalent Australian legislation is very similar to the UK’s disability discrimination legislation. The case suggests that it would be a reasonable adjustment to make an inaccessible website accessible to disabled people.

15.5

Further information

AbilityNet: www.abilitynet.org.uk. Billingham, L. (2014). Improving Academic Library Website Accessibility for People with Disabilities, Library Management, 35 (8/9). Bookshare, a subscription service providing an online library of accessible reading materials to people with print who are visually impaired, learning disabled or physically disabled: www.bookshare.org. CILIP has a set of web pages on disability: https://web.archive.org/web/20120512132004/www.cilip.org.uk/getinvolved/policy/equalopps/pages/disabilityintro.aspx. Craven, J. (ed.) (2008) Web Accessibility: practical advice for the library and information professional, Facet Publishing. Deines-Jones, C. (2007) Improving Library Services to People with Disabilities, Chandos Publishing. Equality and Human Rights Commission: www.equalityhumanrights.com. Gov.uk: https://www.gov.uk/browse/disabilities. Hopkins, L. (ed.) (2000) Library Service Provision for Blind and Visuallyimpaired People: a manual of best practice, Library and Information Commission Research Report 76. Library Champions for Disability Access is a new grassroots community of practice. It aims to offer librarians and information professionals from all sectors an informal place to contact, meet and exchange ideas, http://librarychampionsfordisabilityaccess.blogspot.com/. My Web, My Way: This BBC Accessibility website is designed to help people with disability get the most out of the web. The site equips anyone using their computer with the tools and understanding to enable them to make the most of the internet, whatever their ability or disability, and regardless of the operating system they use: www.bbc.co.uk/accessibility. Office for Disability Issues: https://www.gov.uk/government/organisations/office-for-disability-issues. Office for Disability Issues. Equality Act 2010: guidance on matters to be taken into account in determining questions relating to the definition of disability, https://assets.publishing.service.gov.Uk/government/uploads/system/uploa ds/attachment_data/file/570382/Equality_Act_2010-

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 317

DISABILITY DISCRIMINATION

317

disability_definition.pdf. Owen, J. (2003) Making Your Website Accessible, CILIP Update, January. RNIB Library Catalogue: http://librarycatalogue.rnib.org.uk. Robertson, L. (2007) Access for Library Users with Disabilities, SCONUL, https://www.sconul.ac.uk/sites/default/files/documents/access_disabilities_ 0.pdf, p.102. World Wide Web Consortium, WCAG 2.1 AA, http://w3.org/TR/WCAG21. Royal National Institute for the Blind 105 Judd Street, London WC1H 9NE Tel: 0303 123 9999 Website: www.rnib.org.uk

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 318

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 319

CHAPTER 16

Other legal issues relevant to librarians

Contents 16.1 Introduction 16.2 Police surveillance and libraries 16.3 Cloud computing 16.4 Stocking extremist/controversial literature 16.5 Censorship 16.6 Theft or mutilation of rare books 16.7 Lending of audio books and e-books by public libraries 16.8 Further information References

16.1

Introduction

This chapter draws together the legal issues relevant to information professionals which either don’t fit neatly within existing chapters because they cover more than one area of law, or else are topics that a book of this kind ought to include but which don’t warrant a chapter of their own.

16.2

Police, surveillance and libraries

In 2008, CILIP undertook a Survey on Police, Surveillance and Libraries (CILIP, 2008). The survey had been prompted as a result of CILIP receiving reports concerning increased police or other security agency activity. Forty-one of the 55 libraries who responded to the survey mentioned a total of 134 incidents in the previous 18 months and these covered criminal activity, terrorism and pornography. The survey found that 38% of respondents didn’t have a formal policy for dealing with police requests and 13% only had a formal policy covering data protection issues. The survey also found evidence of five fishing expeditions. As the survey found that some libraries did not have a formal policy in place for responding to police requests, this led to CILIP preparing a document entitled User Privacy in Libraries: guidelines for the reflective practitioner (CILIP, 2011). In February 2011, the BBC News website ran a story ‘Snooping devices found in Cheshire library computers’ (BBC News, 2011) in which it said that police

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 320

320

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

were investigating the discovery of snooping devices that were attached to public computers in two Cheshire libraries. Staff had found keystroke loggers – USB devices which record keyboard activity – on the back of two PCs, one at Wilmslow Library and another at Handforth Library. In 2005, CILIP sought a legal opinion on ‘Rights of Access to Confidential Information’. Written by James Eadie QC of Blackstone Chambers, the legal opinion looked at the rights of the police and other security and intelligence services to demand access to confidential client information. The information in question will normally include names, addresses, other contact details and records of loans data (including borrowing, renewals, hold requests) and/or internet usage by individual library clients. The police have had powers to apply to court for production and removal of, or access to, material held by private persons for many years. The relevant powers are contained in Part II of the Police and Criminal Evidence Act 1984 (PACE). The relevant features of that statutory regime are as follows. A police constable can apply to a circuit judge or a Justice of the Peace/magistrate for access to material under section 9 and Schedule 1 of PACE. The material in question includes ‘special procedure material’ which is defined in section 14 of PACE as material in the possession of a person who acquired or created it in the course of any trade, business, profession or other occupation or for the purpose of any paid or unpaid office and holds it subject to an express or implied obligation of confidence. There are two sets of ‘access conditions’ that need to be established by the police to trigger the court’s discretion to order access to the material according to PACE 1984 Schedule 1 (as amended): 2 The first set of access conditions is fulfilled if— (a) there are reasonable grounds for believing— (i) that an indictable offence has been committed; (ii) that there is material which consists of special procedure material or includes special procedure material and does not also include excluded material on premises specified in the application, or on premises occupied or controlled by a person specified in the application (including all such premises on which there are reasonable grounds for believing that there is such material as it is reasonably practicable so to specify); (iii) that the material is likely to be of substantial value (whether by itself or together with other material) to the investigation in connection with which the application is made; and (iv) that the material is likely to be relevant evidence; (b) other methods of obtaining the material—

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 321

OTHER LEGAL ISSUES RELEVANT TO LIBRARIANS

321

(i) have been tried without success; or (ii) have not been tried because it appeared that they were bound to fail; and (c) it is in the public interest, having regard— (i) to the benefit likely to accrue to the investigation if the material is obtained; and (ii) to the circumstances under which the person in possession of the material holds it, that the material should be produced or that access to it should be given. 3 The second set of access conditions is fulfilled if— (a) there are reasonable grounds for believing that there is material which consists of or includes excluded material or special procedure material on premises specified in the application, or on premises occupied or controlled by a person specified in the application (including all such premises on which there are reasonable grounds for believing that there is such material as it is reasonably practicable so to specify); (b) but for section 9(2) above a search of such premises for that material could have been authorised by the issue of a warrant to a constable under an enactment other than this Schedule; and (c) the issue of such a warrant would have been appropriate. The orders that can be made if the access conditions are met and the judge decides to make the order (as will almost inevitably be the case if the access conditions are satisfied) are an order that the person who appears to be in possession of the material (a) produces it to the police constable for them to take it away, or (b) gives the police constable access to it (Schedule 1 paragraph 4). Specific provision is made for material stored in electronic form to be ordered to be produced in visible and legible form (Schedule 1 paragraph 5). A failure to comply with such an order is treated as if it was a contempt of court. Such orders usually include provisions limiting the extent to which confidentiality is breached by requiring that the material is returned as soon as the investigation or criminal proceedings are finished or it becomes apparent that the material is not of any significant value to the investigation; and that the material is only used for the purposes of the criminal investigation and any subsequent criminal proceedings. A person holding such material is entitled to notice of the application from the police. Once they have been given such notice, the material must not be concealed, destroyed, altered or disposed of until the application has been determined unless the leave of the court or written permission from the police has been obtained. The critical feature in any such application is whether or not it is likely to be

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 322

322

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

of value to a serious criminal investigation. If it is, the likelihood is that the order will be made. A similar regime exists under the Terrorism Act 2000 section 37 and Schedule 5 (as amended by the Terrorism Act 2006). In addition to the powers vested ultimately in the courts (through PACE and the Terrorism Act) there are the powers set out in the RIPA. This confers powers in relation to the interception of communications and communications data (Part I) and also in relation to surveillance (Part II). Surveillance is defined in RIPA section 48(2) as including monitoring persons’ activities or communications, recording anything so monitored and surveillance by or with the assistance of a surveillance device. Part II of RIPA applies to various types of surveillance including ‘directed’ surveillance (section 26(1)). Directed surveillance is defined in section 26(2) as covert surveillance (that is surveillance carried out in a manner calculated to ensure that persons subject to it are unaware that it is or may be taking place), which is undertaken for the purpose of a specific investigation or operation, in such a manner as is likely to result in the obtaining of private information about a person. Certain persons are designated as having power to grant authorisations for carrying out directed surveillance. They are set out in the Schedule to The Regulation of Investigatory Powers (Directed Surveillance and Covert Human Intelligence Sources) Order 2010: SI 2010/521 and were amended by the Regulation of Investigatory Powers (Directed Surveillance and Covert Human Intelligence Sources) (Amendment) Order 2015: SI 2015/937. Designated persons include senior police officers (superintendent and above) and members of the security services. The test to be applied by the person authorising is whether he ‘believes’ that the authorisation is necessary on grounds falling within section 28(3) (these include necessity in the interests of national security, for the purpose of preventing or detecting crime, and in the interests of public safety and that the authorised surveillance is proportionate). Article 8 of the ECHR (private life), which was enacted through the HRA, must be complied with by public authorities. However, even if the provision of information is an interference with private life rights of the individual concerned, Article 8 does allow interferences where these are undertaken in order to prevent crime and where these are necessary and proportionate. Looking at the legal framework and trying to establish the rights of the police to access confidential information about a library user (and the books they have borrowed or the websites that they have visited, etc.) is not straightforward because of the number of relevant statutes (e.g. PACE, RIPA, Terrorism Act). The consequence of the various legal regimes is that there may be some activities by the police or security services that fall within more than one of the regimes. In

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 323

OTHER LEGAL ISSUES RELEVANT TO LIBRARIANS

323

that case, it is predictable that those bodies will use the least onerous regime to achieve their aim. That is likely to involve the system of self-authorisation under RIPA rather than the more onerous applications either to the Secretary of State or to the courts. The legal position on the installation of spyware is not clear-cut. However, in the legal opinion prepared for CILIP in 2005, James Eadie’s view was that the powers under RIPA and under the Intelligence Services Act 1994 are broad enough to permit the agencies concerned to insist on the installation of such spyware in an appropriate (required and proportionate) case.

16.3

Cloud computing

Cloud computing incorporates software as a service (SaaS), of which Google Docs would be one example, and also infrastructure as a service (IaaS) or hardware as a service (HaaS), of which Amazon’s Elastic Compute Cloud (EC2) is an example. The common theme in cloud computing is a reliance on the internet to meet the computing needs of users. Libraries around the world are using cloud computing in a variety of ways. For example, applications of cloud computing in libraries could include: • • • •

A cloud-based library management system. Use of cloud-based services for file storage such as Google Drive or Dropbox. Discovery services. Building a digital library or repository.

TIP: Library and information service managers need to consider the benefits as well as the associated risks before the introduction of any (or any new) cloud-based service. Issues to consider: • • • • • • •

Who owns the data? Protection of user privacy. How are users identified and their user accounts managed? How do you ensure regulatory compliance? What assurances does the cloud provider give regarding business continuity and resiliency? How are multi-tenancy issues addressed (where the IT infrastructure is used by several different organisations)? How will incident response and the subsequent investigation work?

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 324

324

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

In cloud computing, users are able to access data, software, applications or computer processing power from a ‘cloud’ of online resources. There are undoubtedly significant advantages with cloud computing. For example, users are no longer tied to one particular device in order to use their data and applications but can instead access them from any device. In cloud computing, the customer delegates to the service provider responsibility for keeping software up to date, secure, undertaking regular backups and managing the hardware. It is important to ensure that the service level agreement includes these in a way that satisfies your requirements. Meanwhile, organisations are able to reduce their capital costs by purchasing software and hardware as a utility service. There are, however, important legal issues which should be factored into any plans to adopt cloud computing. What would happen, for example, if you encountered a series of service disruptions? Or what if your data was the subject of a malicious attack from an internet hacker? In the light of these concerns, organisations want assurances in the form of legal guarantees from SaaS or IaaS providers. These assurances are encapsulated within service level agreements which spell out the extent of any guarantees (in the form of warranties and indemnities) with regard to service availability, security and privacy. Problems can occur even with big-name companies offering cloud-computing services. For example, in the first half of 2018, cloud outages which impacted the IT industry included ones from AWS, Google Cloud and Microsoft Azure. It is important, therefore, to make sure that the service level agreement you have with a vendor covers the following points to your satisfaction: • • • •

Availability of the service. Service response times. Problem resolution times. Consequences of missing service level commitments.

In the traditional model for the purchase of software, the customer installs that software on locally held hardware. But in cloud computing, everything is held remotely. Both the software application and the firm’s proprietary data are held outside the organisation’s firewall and there are significant risks associated with such an arrangement. What would happen if the service provider goes into administration? Or what if the service provider is acquired by a larger company, which subsequently decides that it no longer wishes to support the SaaS solution that you use? These problems can be resolved by the customer taking out an escrow agreement.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 325

OTHER LEGAL ISSUES RELEVANT TO LIBRARIANS

325

16.3.1 Escrow agreements A technology escrow agreement drafted for cloud computing would require the service provider to deposit their source code and related materials with a neutral third party. Then, if release conditions are triggered – such as the service provider going into administration – the customer would be able to gain access to the application, to their own proprietary data and also to the intellectual property that supports the SaaS solution.

16.3.2 Data protection issues Cloud computing raises several data protection issues. For example, the GDPR (implemented in the UK through the Data Protection Act 2018) requires that a transfer of personal data to a country which is not subject to the GDPR is only possible if the rights of the individuals in respect of their personal data are protected in another way (for example, where the EU has made an ‘adequacy decision’ in relation to the country or territory where the receiver is located; or ‘appropriate safeguards’ have been put in place) (see Section 7.5.4). Where a company makes use of cloud computing, does it make clear to everyone where the customer data is being held? Some contracts specify that the data will not be transferred to any countries or territories outside the EEA. It may seem like an obvious question but if your library relies on a cloud computing application and you were asked ‘where exactly is the cloud situated’, would you be able to provide an answer? It could be that the cloud service might rely on more than one ‘cloud’. For example, the cloud (i.e. where the computer system resources and the data are located) may ordinarily be based in one country, but there may be arrangements in place to replicate the data in a backup facility located in another country altogether in the event of the main service being subject to a lengthy outage. Then there is the question of data security. Is there any possibility, for example, that a competitor also using the service could see your data? The sixth data protection principle (set out in the DPA 2018 section 40) states that: … personal data processed for any of the law enforcement purposes must be so processed in a manner that ensures appropriate security of the personal data, using appropriate technical or organisational measures (and, in this principle, ‘appropriate security’ includes protection against unauthorised or unlawful processing and against accidental loss, destruction or damage). TIP: Before organisations decide to make use of cloud computing they need to ask whether it is right for them, or whether the risks outweigh the undoubted advantages. If people do ultimately decide to go ahead with

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 326

326

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

cloud computing, they should only do so after undertaking a risk assessment and, where appropriate, putting in place strategies – such as the use of a technology escrow agreement – to minimise the risks that they have identified. They should also undertake vendor due diligence – which could include visiting reference sites of existing customers – and checking the financial history and strength of the company. Is personal data being processed? Who is the data controller? Who is the data processor? Who can see my information? Is the data held securely? Where is customer data held? Is the data exported to a country which doesn’t have adequate data protection laws? What happens if the supplier goes into administration? What if the supplier stops providing an SaaS solution? What if the data is subject to a malicious attack? What happens if there is a service disruption? Who is responsible if an illegality occurs (such as copyright infringement, defamation, race hate materials, incitement to terrorism)? What is the jurisdiction/applicable law specified in the contract? Who owns the data in the cloud (the assessment should also cover copyright/database right)? Who is responsible if the data gets corrupted?

Figure 16.1 Cloud computing contract and service level agreement checklist Key priorities when selecting a vendor include privacy and security, quality of service and performance, flexibility, scalability and resilience to failure.

16.3.3 Ownership of the data The use of cloud computing raises concerns over ownership and control of the data. By the nature of how cloud computing works, the data does not reside within the organisation, and they no longer have complete control over that data or how it is protected. This has both regulatory and contractual implications. Libraries need to know that they have complete access to all their data, that they can extract the data at any point at which it is required, and that there is provision in place for the scenario whereby the cloud-based supplier goes out of business.

16.4

Stocking extremist/controversial literature

Stock selection is subject to a range of laws on topics, such as those covering: • Terrorism.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 327

OTHER LEGAL ISSUES RELEVANT TO LIBRARIANS

• • • • •

327

Race relations. Equality. Local government. Freedom of expression. Human rights.

Whilst individual librarians could use their personal judgement in deciding which law is applicable, this could lead to them minimising risk by not stocking material which might be regarded as controversial, extremist or inflammatory. Indeed, Human Rights Watch warned in their 2007 report (Human Rights Watch, 2007) that the ‘War on Terror’ poses a growing threat to free expression: ‘Counter terrorism has given new vigour to some old forms of censorship and created new ones.’ A report by the think tank the Centre for Social Cohesion, entitled Hate on the State: how British libraries encourage Islamic extremism (Brandon and Murray, 2007), claimed that public libraries have been inundated by extremist Islamic literature and that many of these books glorify acts of terrorism against followers of other religions, incite violence against anyone who rejects jihadist ideologies and endorse violence and discrimination against women. This led the government to commission the MLA to produce guidance for public libraries on the management of extremist and inflammatory material.

✒ Useful resource MLA (2009) Guidance on the Management of Controversial Material in Public Libraries: http://www.nag.org.uk/wp-content/uploads/2010/08/ MLA-guidance-on-the-management-of-controversial-material-in-publiclibraries.pdf. Section 1 of the Terrorism Act 2006 makes the encouragement of terrorism an offence. This section makes it an offence for a person to publish a statement to which the section applies, or causes another to publish such a statement. By providing library users with computers that have internet access, for example, they could be said to be ‘publishing’ statements; and, further, if they allowed library users access to ‘terrorist’ sites that could be construed as being ‘reckless’. A person guilty of an offence under this section shall be liable on conviction on indictment to imprisonment for a term not exceeding 15 years or to a fine, or both. Section 2 of the Terrorism Act 2006 makes the dissemination of terrorist publications an offence. Librarians could potentially be found guilty of providing access to terrorist material under section 2 if it was proved that they did so as the result of both a guilty act (such as loaning a terrorist publication, distributing or circulating it, providing a service which enables a person to

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 328

328

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

obtain, read, listen to or look at such a publication, or transmits the contents of such a publication electronically) and it was their intention to encourage or induce an act of terrorism. The sentence for this offence is imprisonment for a maximum of 15 years and/or a fine. The wording of the Terrorism Act 2006 was amended by the Counter Terrorism and Border Security Act 2018, which raised the maximum period of imprisonment for offences under sections 1 and 2 from 7 to 15 years. Librarians run a greater risk of committing the section 2 offence (dissemination of terrorist publications) than they do the section 1 offence (encouragement of terrorism). Offences under the Terrorism Act 2006 can be committed by the library authority as a ‘body corporate’ if the offence is committed with the consent or connivance of a director, manager, secretary or other similar officer of the body corporate. Both the individual and the body corporate would be guilty of the offence. Library and information professionals who are involved in the decisionmaking process as to which publications to purchase could also be found guilty of an offence, whether or not the library authority as a body corporate is liable. A librarian would have a defence against both the section 1 and section 2 offences if the terrorist publication or statement did not express their views or have their endorsement, and it was clear in all the circumstances that it did not. In the case of the section 2 offence, the defence is not available if the publication in question is of the type that might be useful in the commission or preparation of terrorist acts. So, for example, a book glorifying a historical act of terrorism might be covered by the defence whilst an instruction manual on how to make a device would not. The definition of ‘publication’ in the Act includes matter to be read, listened to, looked at or watched. It isn’t just books, it includes matter that is likely either to be understood as a direct or indirect encouragement or inducement to commit, prepare or instigate terrorist acts; or else to be useful to those ends and to be understood as such. The question of whether a publication is a terrorist publication would be determined based on the facts of the individual case, which would be determined at the time and in the circumstances in which it is disseminated and with regard to the contents of the publication as a whole. In order for a librarian to have committed the offence of disseminating terrorist publications, it would need to be shown that they intended the dissemination of the publication(s) to encourage, induce or assist in acts of terrorism or that they had been reckless as to whether it has such an effect. In this context, ‘recklessness’ means taking an unreasonable risk of which the risk-taker is aware. It is not the same as carelessness or negligence.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 329

OTHER LEGAL ISSUES RELEVANT TO LIBRARIANS

329

Librarians could potentially be served with what is known as a ‘section 3 notice’. It is a declaration by a police constable that the statement, article or record is unlawfully related to terrorism and, when the notice is issued, the person to whom it is addressed must stop making the matter available to the public within two working days (for example, block an offending website) or modify it so it complies with the Act. TIP: If served with a section 3 notice, it is imperative for librarians to comply within the two working day period otherwise they will be deemed to have endorsed the matter in question. It is a criminal offence under section 58 of the Terrorism Act 2006 to collect or make a record of information of a kind likely to be useful to a person committing or preparing an act of terrorism, or even to possess such a document or record. This would include a photographic or electronic record. An individual who does so will have a defence if they can show that there was a reasonable excuse for the action or possession, insomuch as the information is possessed for a purpose other than to assist in the commission or preparation of an act of terrorism (see, for example, R. v. K. [2008] EWCA Crim 185) (www.bailii.org/ew/cases/EWCA/Crim/2008/185.html). A person would have an excuse if at the time of the person’s action or possession, the person did not know, and had no reason to believe, that the document or record in question contained, or was likely to contain, information of a kind likely to be useful to a person committing or preparing an act of terrorism. The main provisions of the Counter Terrorism and Border Security Act 2018 include: • Clarifying that the existing offence of displaying in a public place an image which arouses reasonable suspicion that the person is a member or supporter of a proscribed organisation, covers the display of images online (including of a photograph taken in a private place). • Updating the offence of obtaining information likely to be useful to a terrorist to cover terrorist material that is just viewed or streamed over the internet, rather than downloaded to form a permanent record. • Increases to 15 years’ imprisonment the maximum penalty for certain preparatory terrorism offences.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 330

330

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

British Library rejects Taliban archive In 2015, it was reported that the British Library had declined to store a large collection of Taliban-related documents because of concerns of possibly being in breach of counter-terrorism laws. A British Library statement says that: ‘the Library judged that the archive contained some material which could contravene the Terrorism Act 2006. The Act places specific responsibilities on anyone in the UK who might provide access to terrorist publications, and the legal advice received jointly by the British Library and other similar institutions highlighted the risks of making this type of material accessible’. British Library statement regarding the Taliban sources project (BL press release, 28 August 2015): https://bl.uk/press-releases/2015/august/british-librarystatement-on-taliban-sources-project. British Library declines Taliban archive over terror law fears, BBC News Online, 28 August 2015: https://bbc.co.uk/news/uk-34088661.

16.5

Censorship

The American Library Association says that ‘Censorship is the suppression of ideas and information that certain persons – individuals, groups or government officials – find objectionable or dangerous’ (http://www.ala.org/advocacy/ intfreedom/ censorship/faq). Since 1982, the ALA has organised an annual event celebrating the freedom to read that is known as ‘Banned Books Week’. The ALA’s Office for Intellectual Freedom regularly compiles a list of challenged books. This is based on reports from libraries, schools and the media on attempts to ban books in communities across the country. In many cases books that are banned, challenged or censured have content which is either by or about people of colour, LGBT people or people with disabilities. In 2018, UK-based organisations held events across the country to mark Banned Books Week for the first time (https://www.bannedbooksweek.org.uk). Over the years there have been many high-profile examples of books being banned or challenged. These include: Lady Chatterley’s Lover by D. H. Lawrence, which was temporarily banned in the UK for violation of obscenity laws. Lolita by Vladimir Nabokov, which was banned for being ‘obscene’. School libraries face attempts to censor material on a number of grounds: • The ‘safeguarding agenda’, which includes child protection and the prevention of harm to the health and development of children.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 331

OTHER LEGAL ISSUES RELEVANT TO LIBRARIANS

331

• Suitability of materials for the age of pupils based on their moral, sexual or religious nature. • Political agendas leading to covert censorship. A school in Chatham, Kent, banned Harry Potter. The head teacher Carol Rockwood said that ‘The bible is very clear and consistent in its teaching that wizards, devils and demons exist and are very real, powerful and dangerous and God’s people are told to have nothing to do with them’ (http://www.telegraph. co.uk/education/educationnews/12052212/Religious-parents-want-HarryPotter-banned-from-the-classroom-because-it-glorifies-witchcraft.html).

Further information School Library Association on banning books stocked in school libraries: http://www.sla.org.uk/links-censorship.php.

16.6

Theft or mutilation of rare books

There have been numerous examples of rare books being stolen or damaged by library users or even by members of library staff. In one instance, the judge said that the thief was relying on the reluctance of library staff to challenge people when they were used to dealing with people who they could trust. TIP: Libraries need to have a security policy in place so that staff can feel confident that their actions are in accordance with the official policy. The policy statement should include the appropriate actions that will be taken against borrowers who are caught attempting to steal books.

Deterrence • Libraries should implement regular checks of their library materials. • Libraries should mark special collection titles with an indelible mark of ownership or accession.

What to do where theft has taken place • • • • •

Referral to the police. Warning letters. Temporary bans. Permanent bans. Add details of the stolen book to the relevant databases (https://stolenbook.org and the Art Loss Register www.artloss.com, on the request of insurers).

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 332

332

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

16.6.1 Examples of theft by library users • Farhad Hakimzadeh was given a two-year sentence for cutting and stealing pages from antiquarian books in the British and Bodleian libraries over seven years (The Telegraph, January 2009). • William Simon Jacques was jailed for four years for stealing rare and ancient books worth £1 million from the British Library. Jacques was ‘relying on the reluctance of library staff to challenge people’ (see The Telegraph, 2010) when they were used to dealing with members of the public whom they could trust, the judge said. • Edward Forbes Smiley III admitted stealing 97 maps worth US$3 million from major institutions, including the British Library, and was sentenced to three-and-a-half years’ imprisonment (September 2006).

16.6.2 Examples of theft by library staff • Norman Buckley worked as a library assistant at Manchester Central Library. He stole rare books valued at £175,000, selling some of them on eBay. He was sentenced to 15 months in prison, suspended for two years. A spokesman for Manchester City Council said that a thorough review of security measures at the central library had been carried out and further actions taken to ensure the security of the collections (see The Times, 2006). • Elizabeth McGregor was jailed for eight months for stealing rare books from her workplace and advertising them for sale on her Amazon account (Hayhurst, C. (2018) Book-stealing librarian jailed for eight months, Metro, 1 February).

✒ Useful resource LIBER: the Association of European Research Libraries (www.libereurope.eu) has a security network which is a forum for advice to members on protection against theft and on confidential reporting of both actual theft and suspicious activity.

✒ Useful resource Theft of Books and Manuscripts from Libraries: an advisory code of conduct for booksellers and librarians, CILIP and the Antiquarian Booksellers Association, revised 2015: http://aba.org.uk/About-the-ABA/ABA-Rules-Guidelines/Library-Theft-(1) In 2017, an inventory count by librarians of the books held by Suffolk libraries revealed that 10,000 books were missing, despite computer records saying

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 333

OTHER LEGAL ISSUES RELEVANT TO LIBRARIANS

333

otherwise. Stock can be lost for several reasons, including damage, loss and theft (Kean, D. (2017) 25 million books are missing from UK libraries – but who’s counting?, The Guardian, 23 February).

16.7

Lending of audio books and e-books by public libraries

Under the rental and lending right Directive 2006/115/EC (which replaces 92/100/EEC and which was implemented in the UK through SI 1996/2967), authors and performers have an exclusive right to authorise or prohibit rental and lending of their works. ‘Rental’ means making available for use for a limited period of time and for direct or indirect economic or commercial advantage. ‘Lending’ means making available for use for a limited period of time and not for direct or indirect economic or commercial advantage. Public libraries are allowed to lend books, audio books and e-books as a result of CDPA 1988 section 40A (as amended). Originally the legislation (the Public Lending Right Act 1979 and the Copyright Designs and Patents Act 1988) only covered public library lending of printed books, but this has been amended to include audio books and e-books as well as printed books. The legislative changes were made through: • Digital Economy Act 2010 section 43. • Digital Economy Act 2017 section 31. • The Public Lending Right Scheme 1982 (Commencement of Variation and Amendment) Order 2014: SI 2014/1945. • The Public Lending Right Scheme 1982 (Commencement of Variations) (No. 2) Order 2018: SI 2018/691. The amended CDPA 1988 section 40A exception on lending by libraries and archives now refers to ‘book’, ‘audio-book’ and ‘e-book’, and says that these terms have the meanings that they are given in section 5 of the Public Lending Right Act 1979. The Public Lending Right Act 1979 section 5(2) defines a book as including: (a) a work recorded as a sound recording and consisting mainly of spoken words (an ‘audio-book’), and (b) a work, other than an audio-book, recorded in electronic form and consisting mainly of (or of any combination of) written or spoken words or still pictures (an ‘e-book’). In short, the lending of books, audio books and e-books by public libraries is allowed so long as they fall within the public lending right scheme. The Public

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 334

334

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

Lending Right (PLR) is the right for authors and other eligible rights holders to receive payments from a central fund in respect of such of their books as are lent out to the public by local library authorities in the United Kingdom. PLR is administered by the British Library. They make payments annually to eligible authors who register their books with the British Library’s PLR Office. The classes, descriptions and categories of books in respect of which PLR subsists, and the rates of payments to be made in respect of it, can be varied by the Secretary of State through secondary legislation (statutory instruments) amending the PLR Scheme. Remote loans of e-books and e-audio-books are eligible for PLR payments, and the first PLR payments will be made in February 2020. The wording of the amended CDPA 1988 section 40A is as follows: Lending of copies by libraries or archives. (1) Copyright in a work of any description is not infringed by the following acts by a public library in relation to a book within the public lending right scheme— (a) lending the book; (b) in relation to an audio-book or e-book, copying or issuing a copy of the book as an act incidental to lending it. (1ZA) Subsection (1) applies to an e-book or an e-audio-book only if— (a) the book has been lawfully acquired by the library, and (b) the lending is in compliance with any purchase or licensing terms to which the book is subject. (1A) In subsections (1) and (1ZA)— (a) ‘book’, ‘audio-book’ and ‘e-book’ have the meanings given in section 5 of the Public Lending Right Act 1979, (aa) ‘e-audio-book’ means an audio-book (as defined in paragraph (a)) in a form enabling lending of the book by electronic transmission, (b) ‘the public lending right scheme’ means the scheme in force under section 1 of that Act, (c) a book is within the public lending right scheme if it is a book within the meaning of the provisions of the scheme relating to eligibility, whether or not it is in fact eligible, and (d) ‘lending’ is to be read in accordance with the definition of ‘lent out’ in section 5 of that Act (and section 18A of this Act does not apply). (2) Copyright in a work is not infringed by the lending of copies of the work by a library or archive (other than a public library) which is not conducted for profit. It should be noted that the section 40A exception only covers e-books and

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 335

OTHER LEGAL ISSUES RELEVANT TO LIBRARIANS

335

audio-books as long as the lending is in compliance with any purchase or licensing terms. In other words, a rights holder can use the law of contract to prevent the purchaser from being able to lend the work(s). SI 2018/691 made some technical amendments to the PLR Scheme to: • Commence and ensure proper implementation of the provisions in the DEA 2017 to extend the PLR to include remote e-lending; and • Clarify that authors resident in the UK will continue to be eligible to register for PLR following the UK’s exit from the EU. The extension of the PLR to include remote e-lending is an important development of the Scheme and helps to ensure that it continues to reflect how people are using public libraries today and will in future. In addition, there is a separate copyright exception to cover lending by educational establishments. Section 36A of the CDPA says that copyright in a work is not infringed by the lending of copies of the work by an educational establishment. By default, the section 36A exception encompasses both print publications and electronic publications, because it makes no mention of format.

16.8 Further information Police, surveillance and libraries Hyams, E. (2007) Preserving Users’ Privacy in Spite of Surveillance, CILIP Update, October, p.26.

Cloud computing Marchini, R. (2010) Cloud Computing: a practical introduction to the legal issues, BSi.

Stocking controversial literature Brandon, J. and Murray, D. (2007) Hate on the State: how British libraries encourage Islamic extremism, Centre for Social Cohesion, https://henryjacksonsociety.org/wp-content/uploads/2013/01/hate-on-thestate.pdf. Magi, T.J. (2006) Protecting Library Patron Confidentiality: checklist of best practices, https://www.ila.org/advocacy/making-yourcase/privacy/confidentiality-best-practices. MLA (2009) Guidance on the Management of Controversial Material in Public Libraries, http://www.nag.org.uk/wp-content/uploads/2010/08/MLAguidance-on-the-management-of-controversial-material-in-publiclibraries.pdf.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 336

336

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

Theft or mutilation of rare books Burrows, J. and Cooper, D. (1992) Theft of Books and Manuscripts from Libraries: an advisory code of conduct for booksellers and librarians, Home Office. McCree, M. (2000) Theft in the Public Library: an investigation into levels of theft and the impact it has on both services and staff, https://web.archive.org/web/20030428071607/http://dagda.shef.ac.uk/ dissertations/1999-00/mccree.pdf. The Times (2006) Thieving Library Staff Take a Love of Rare Books Too Far, 24 November. The Telegraph (2009) Iranian Millionaire Jailed for Stealing Pages from Rare British Library Books, 16 January.

References BBC News (2011) Snooping Devices Found in Cheshire Library Computers, www.bbc.co.uk/news/uk-england-manchester-12396799. Brandon, J. and Murray, D. (2007) Hate on the State: how British libraries encourage Islamic extremism, Centre for Social Cohesion, https://henryjacksonsociety.org/wp-content/uploads/2013/01/hate-on-thestate.pdf. CILIP (2008) Survey on Police, Surveillance and Libraries, https://www.webarchive.org.uk/wayback/en/archive/20100407223554/ http://www.cilip.org.uk/sitecollectiondocuments/PDFs/policyadvocacy/ CILIPPSLSurveyresultspublicjul08.pdf. CILIP (2011) User Privacy in Libraries: guidelines for the reflective practitioner, https://archive.cilip.org.uk/archived-policy-statements/userprivacy-libraries-guidelines-reflective-practitioner. Human Rights Watch (2007) Report, www.hrw.org/sites/default/files/reports/ wr2007master.pdf. The Times (2006) Librarian Sold Stolen Books on eBay, 26 October. The Telegraph (2010) Serial Book Thief William Jacques Jailed for Three Years, 20 July, www.telegraph.co.uk/culture/books/7900548/William-JacquesBritains-most-prolific-book-thief.html.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 337

Appendix 1

Brexit and the orphan works exception In the event of the UK leaving the European Union, it is anticipated that the orphan works exception will no longer be available. At the time of writing, the UK had not left the European Union on 29 March 2019 as originally anticipated and the Brexit negotiations were still ongoing. As a result, the text relating to the orphan works exception has been moved to this Appendix, in case the outcome of the UK’s Brexit negotiations leads to the exception still being available.

The copyright exception for orphan works The EU Directive on orphan works 2012/28/EU is implemented in the UK through The Copyright and Rights in Performances (Certain Permitted Uses of Orphan Works) Regulations 2014 (SI 2014/2861). It inserts section 44B on ‘Permitted uses of orphan works’ into the CDPA 1988. Directive 2012/28/EU allows digitisation of orphan works by certain cultural organisations. However: • It only covers non-commercial use. • It doesn't cover standalone artistic works such as photographs, maps or plans. • There is no requirement to set aside money for absent rights holders. • If the rights owners do reappear, fair compensation should be paid. • It requires a diligent search to be undertaken. The searcher must search the EUIPO database (https://euipo.europa.eu/ohimportal/en/web/observatory/ orphan-works-db) to see if the work already appears on the database and must provide EUIPO with details of the diligent search for the rights holders which has been undertaken. • It is possible to appeal to the Copyright Tribunal to determine a compensation amount in the event that the rights owner comes forward but where the relevant body and the rights owner have been unable to agree on a suitable figure. The exception is only for the benefit of certain types of cultural institution: • Publicly accessible libraries. • Educational establishments.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 338

338

• • • •

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

Museums. Archives. Film or audio heritage institutions. Public service broadcasting organisations.

The institutions covered by the Directive are only permitted to use the orphan works in order to achieve the aims of their public interest missions – notably preservation, restoration and the provision of cultural and educational access to works contained in their collections. These organisations can: • Make an orphan work available to the public. • Reproduce an orphan work for digitisation purposes. • Index, catalogue, preserve and restore an orphan work.

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 339

Appendix 2

Ethical Framework Commitment to Professional Ethics by CILIP Members As an ethical Information Professional I make a commitment to uphold, promote and defend: No.

Ethical Principles

A1

Human rights, equalities and diversity, and the equitable treatment of users and colleagues

A2

The public benefit and the advancement of the wider good of our profession to society

A3

Preservation and continuity of access to knowledge

A4

Intellectual freedom, including freedom from censorship

A5

Impartiality and the avoidance of inappropriate bias

A6

The confidentiality of information provided by clients or users and the right of all individuals to privacy

A7

The development of information skills and information literacy

Code of Professional Conduct

At all times I will work to uphold and advance: B1

The reputation of the profession

B2

The currency and relevancy of my skills

B3

Engagement with, and learning from, colleagues, my professional bodies, and those in other related professions

B4

Integrity in the management of information, human and financial resources

(Continued)

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 340

340

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

CILIP’s Commitments I expect my professional body to support me in this by upholding, promoting and defending: C1

Human rights

C2

Equalities and diversity

C3

Information governance and practice that protects the privacy of individuals

C4

The value of information professionals’ work to government, employers and other key stakeholders

C5

The contribution of information professionals to the public benefit

C6

The provision of excellent information services, relevant to the needs of all members of society

C7

The development of balanced and fair open access and copyright systems

And by advocating for: C8

Changes to regulation and legislation to advance good information services and ethical practice

C9

Intellectual freedom, including freedom from censorship

And by supporting: C10

CILIP members in their continuing professional development

CILIP will act as steward of the Ethical Framework and support its embedding in professional life. (With thanks to CILIP for permission to reproduce their Ethical Framework)

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 341

Index

2039 rule 31–34, 226 acceptable use policy 79–80, 259, 267, 302–303 acceptable use policies, e-mail and internet 259, 267, 268, 302–3 acquis communitaire xli acts of parliament 8–9 acts of the assembly 2, 3 advertising law 89, 180 American Society for Information Science and Technology 280 archives and defamation 257, 261–2 archiving and preservation, copyright exception for 57, 75–6 artist’s resale right xli, xlii, 39–40, 44, 64 assets of community value 19, 20 audits see data protection audits authentication 80, 183, 284, 286 Authors Licensing and Collecting Society 61, 81 Automobile Association 65 Bell, Mary 108 Berne Convention 30, 31, 36–7, 39 Berne three step test 36, 37, 47 bills, progress of 9, 10, 13 Bookshop Libel Fund 260 botnets xli, 283 breach of confidence Chapter 5, 177, 179, 180, 221 Brexit xlv, xlvi Implications for copyright 41, 337 British Code of Advertising, Sales Promotion and Direct Marketing see UK Code of Non-Broadcast Advertising and Direct & Promotional Marketing

Bulger, James 107 byelaws 24 caricature, parody and pastiche, copyright exception for 48, 50, 54, 116 case law 4, 5, 8, 12, 36, 47 copyright 36, 47, 69 CCTV 157, 183 censorship 330–1 Centre for Information Quality Management 277 Chartered Institute of Library and Information Professionals (CILIP) 96, 131, 165, 166, 182, 200, 201, 223, 271, 272, 273, 277, 279, 280, 281, 282, 316, 319, 320, 323, 332 Copyright posters 50, 96 ethical framework 96, 131, 165, 166, 182, 200–1, 223, 272, 273, 279, 280 policy on information access 200 citations see legal citations civil action for damages, defamation remedy 256 civil law xli, 13–14 civil law system xli, 4–5 civil procedure rules 6 cloud computing 149, 323–6 codes of practice 11, 91, 166, 169, 177, 182, 281, 315 datasets 241, 242 environmental information 192, 193, 208 governing the media 180 records management (freedom of information) 192, 193, 196

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 342

342

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

responding to freedom of information requests 110, 192, 199 collective management of copyright and related rights 41–2, 44, 47 collective management organisations 42, 227 commercial purpose, meaning of in copyright law 48, 50, 51–2, 57, 74, 76, 279 committee stage 10 common law system xli, 4 communication to the public right 36, 38, 71, 72, 73, 74 communications data 322 community asset transfer 20 community assets 19 community right to bid 19, 20 community right to challenge 20 comprehensive and efficient library service 7, 22–3 computer misuse xli, 283–4, 285–94 computer programs 38–9, 44, 46, 49, 103, 117, 293 constitutional law of the United Kingdom 4 constitutional reforms 1, 220 contempt of court 111, 257, 262, 265, 321 contract law 14–16, 274 unfair contract terms 15, 118, 119 copyright assignment 31, 122, 124 clearance 80–92 ‘commercial purpose’ 48, 50, 51, 52, 74 computer programs 38–9, 44, 46, 117 copyright notices 31, 34, 37, 70, 122 copyright directive 2001/29/EC 36, 38, 39, 44, 70, 74, 77, 127 crown copyright 33, 65, 66, 199, 238, 240 databases 29, 32, 39, 44, 46, 70, 72, 74–5, 116–17, 198, 199, 311 declaration forms 58, 59, 78, 279 deep linking 71–4 duration 37, 38, 46, 225–6 electronic copyright 69–79, 121

exceptions archiving and preservation 57, 75–6 caricature, parody and pastiche 48, 50, 54–5, 116 criticism and review 48, 50, 53–4 illustration for instruction 48, 50, 52–3, 74, 116 library exceptions 52, 55–60 making works available through dedicated terminals 55, 57, 59–60 quotation 48, 50, 53, 116 private study 48, 50, 51, 52, 57, 59, 60, 76 research for a non-commercial purpose 48, 49, 51, 52, 58, 59, 76 temporary or transient 70–1 text and data mining for noncommercial research 55 fair dealing 30, 48–51, 52, 53, 54, 74, 75, 76, 121 freedom of information 67 infringement 34, 35, 36, 39, 48, 49, 52, 53, 54, 57, 58, 59, 61, 62, 63, 64, 68, 71, 72, 74, 78, 79, 80, 92, 94, 100, 103, 117, 122, 124, 128, 189, 198, 227, 278–9, 283, 288, 289, 296, 311, 312, 326 primary infringement 34 secondary infringement 34 internet 39, 63, 69–74, 78, 79, 103 library exceptions 39, 48, 52, 55–60, 75, 84 licensing 48, 60–8 offences 35, 77 ownership 30, 31, 33, 34, 35, 48, 49, 50, 53, 57, 60, 61, 67, 70, 71, 72, 76, 77, 80, 81, 82, 84, 85, 86, 91, 92, 96 parliamentary copyright 33, 66–7 permitted amounts 50 recommended limits 51 rental and lending right xlii, 39, 44, 55, 103, 333 symbol 30, 37 what is protected by copyright 30 Copyright Licensing Agency 48, 60, 61

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 343

INDEX

Copyright Tribunal 8, 60, 61, 63, 90, 91, 337 costs, defamation remedy 256, 257 county court 5, 6, 102 Court of Appeal 5, 6, 7, 256 Court of Judicature 6 Court of Session 6, 60 court system England and Wales 5–6 Northern Ireland 6–7 Scotland 6 Tribunals 7–8, 12, 13, 60, 90, 91, 178, 190, 207, 208, 220, 221, 243, 248, 306, 337 Creative Commons 60, 67–9, 81, 238 credit reference agencies 160–1, 173 criminal law xli, 13 criticism and review, copyright exception for 48, 50, 53–4 Crossman diaries 179 crown copyright 33, 65, 66, 199, 238, 240 crown courts 5, 6 cyber bullying xli, 283 cyber espionage xli, 283 cyber terrorism xlii, 283 cybercrime xlii, 173, 222, Chapter 14 cybersecurity 286–8, 294 damages xliii, 13, 14, 35, 69, 71, 104, 110, 111, 124, 229, 230, 248, 249, 250, 251, 252, 256, 257, 259, 265, 266, 267, 275, 277 data protection adequacy of protection in other countries 141, 150–1, 325 audits 140, 163, 164 automated decisions 142, 156, 159 cookies 135, 165, 172 credit reference agencies 160–1, 173 data breaches 140, 142, 143, 152, 161–3 data protection principles 136–8, 139, 160, 171, 325 data protection/privacy statement 155–6, 166, 169, 170, 182

343

destroying information 138 electoral roll 160, 167–8 e-mails 30, 32, 76, 121, 172, 201, 247, 254, 258, 266–7, 268, 285, 295, 301 exemptions 152–5 internet 149, 165, 173, 174 manual records covered by the Act 133 notification of data breaches 76, 126, 161, 195 ‘personal data’ 132, 133 privacy shield 151 processing personal data 67, 100, 111, 131, 132, 134, 135, 136, 137, 138, 140, 141, 142, 143, 144–7, 148, 149, 150, 151, 152, 153, 154, 155–6, 158, 159, 160, 161, 163, 165, 167, 169, 170, 178, 325, 326 protecting your information 172 public registers 151 rights of the data subject 137, 141, 142, 143, 152, 156, 157–60, 161, 163, 171 ‘sensitive personal data’ 145–6 spam 135 time limit 136, 137, 158, 161, 192 unauthorised or unlawful processing 137, 138, 325 database right xliii, 29, 32, 70, 72, 74–5, 100, 103, 199, 239, 240, 311, 326 databases, legal protection of xliii, 32, 39, 44, 46, 70, 74–5, 100, 103, 116–17, 311 declaration form 58, 59, 78, 279 dedicated terminals, copyright exception for making works available through 55, 57, 59–60 deep linking 71–2 defamation and the internet 247, 257–67 civil action for damages 256 contempt of court 257, 262, 265 costs 256, 257 injunction/interdict to prevent repetition 257 defences 248, 251–6, 258, 259, 260, 261, 266

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 344

344

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

general principles 247–8 honest opinion 251, 252 innocent disseminator 258, 260, 261 libel xlii, 249–57 limitation period 257, 261–2 operators of websites 251, 254–5, 259 privilege 248, 249, 252, 255 remedies 256–7 Scottish law of 248, 251, 256, 261 slander xliii, 247, 248–9 delict xlii, 14, 256, 269, 275 denial of service attacks xlii, 163, 284, 302 Design Artists Copyright Society 61, 64 devolution 1, 8, 17, 179, 193, 207, 212 devolved and reserved matters, Scotland 1 see also reserved matters, Wales 2–3 digital signatures see electronic signatures diligent search 82–3, 86, 87, 89, 90, 337 disability Chapter 15 adaptations to technology 307, 313 adjustments to physical access 305, 306, 307, 308 ‘anticipatory adjustments’ 308–9 disclaimers 72, 266, 268, 273, 275, 280, 281, 282 District Courts 6 droit de suite xlii, 39–40, 64 duty of best value 21 duty of care, professional liability and the 269, 270, 274, 275, 276, 277 e-books public lending 39, 55, 333–5 economic rights, copyright and 34 EIRENE see European Information Researchers Network electoral roll 160, 167–8 electronic commerce law 79, 172, 173, 259, 268 electronic copyright 69–79, 121 electronic signatures 78 e-mail acceptable use policies 267, 268, 302–3

and data protection 147, 157, 162, 183 disclaimers 266, 268 libel 267 employment 2, 8, 23, 31, 96, 146, 147, 219, 267, 269, 270 enforcement notices data protection 164 freedom of information 207 enforcement of intellectual property rights 38, 40, 44, 46, 68, 69 English Reports 11 environmental information 8, 192, 193, 200, 203, 206, 208–10 equality duty see Public Sector Equality Duty e-reader privacy paradox 166, 167 escrow agreement see technology escrow agreement ethical issues 223, 250, 272–3, 279, 280 European Convention on Human Rights 1, 3, 33, 108, 133, 177, 178, 220, 221, 222, 223, 226, 230, 239, 256, 322 European Court of Human Rights 181, 221, 223, 228, 229 European Court of Justice 49, 60, 63, 70, 74 European Information Researchers Network code of practice for information brokers 182, 281 European Union access to EU documents 214–15 legislation xli, 38, 209 (see also the list of directives and regulations xxviii, xxix) membership of xlvi, 38, 39, 40, 41, 42, 43, 46, 70, 135, 143, 148, 189 European Union Agency for Fundamental Rights see Fundamental Rights Agency exemptions data protection 152–5 freedom of information 191, 196, 202, 203-6, 211, 213

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 345

INDEX

345

expert witnesses 271 explanatory notes to Acts of Parliament 10 extended collective licensing of orphan works xlvi, 46, 84, 85, 91–2

Scottish Information Commissioner 191, 192, 201, 208, 210, 211 time limit 203, 210, 214 Fundamental Rights Agency 222–3

fair dealing 30, 48–55, 76, 121 and databases 74, 75 fees data protection 156, 158, 159, 213 freedom of information 202, 203, 212, 214 First Tier Tribunal (Information Rights) 8, 90, 91, 179, 207, 208, 243 FOB (Firms Out of Business) 82 framing see also hyperlinking 71, 74 fraud xli, xlii, xliii, 173, 190, 191, 194, 284, 285, 289, 300–1 freedom of expression 55, 108, 177, 178, 181, 200, 201, 219, 223, 230, 264, 327 freedom of information absolute exemptions 204–6, 211 classes of information 195, 201, 204–6, 209 codes of practice 192–3, 196, 199, 208 copyright implications 194, 198–200 destruction of records 193, 196, 208, 212 discrepancies with the data protection legislation 213–14 enforcement 192, 207, 208, 210 exemptions 191, 196, 203–7, 210, 211, 212, 213, 214 fees 193, 195, 202, 203, 212, 213, 214 obligation of confidence 193, 211 prejudice test 204–6, 213 public interest test 204–6, 209, 210, 211 publication schemes 192, 193, 195–7, 198, 201, 210, 211 records management 192, 193, 196, 213 right of access 189, 191, 192, 196, 201, 202, 203, 208, 210 Scotland 190, 191, 192, 201, 205, 208, 210, 213

General Court (European Union) 222–3 Greens Weekly Digest 12 hacking 38, 284, 289, 292, 295 Halsbury’s Laws of England 12 Halsbury’s statutes 9 health records 146, 147, 152, 153 High Court 5, 6, 7, 60 honest opinion, defamation defence of 251, 252 House of Lords 5, 9, 10, 33, 191, 205, 206 human rights and data protection 220, 221, 222, 223 and breach of confidence 221 and copyright 220, 221, 224–7 and freedom of expression 220, 221, 222, 225, 228–9 hyperlinking 71–4 Incorporated Council of Law Reporting 11 illustration for instruction, copyright exception for 48, 50, 52–3, 74, 116 indemnities 16, 57, 61, 119, 122, 123–4, 125, 259, 261, 279, 281–2, 324 Information Commissioner and devolved government 192 enforcement action 164, 205, 207 role of 192 see also Scottish Information Commissioner information notices data protection 164 freedom of information 207 injunction/interdict to prevent repetition, defamation remedy of 257 innocent disseminator, defamation defence of 258, 260, 261 Intellectual Property Office xlvi, 33, 34, 47, 53, 82, 84, 85, 86, 87, 88, 89, 90, 91, 112, 226, 312

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 346

346

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

interdict xlii, 14, 107, 111, 180, 256, 257 International Coalition of Library Consortia (ICOLC) 76, 126 internet acceptable use policies 79, 80, 259, 267, 268, 302–3 internet and copyright 39, 63, 69–74, 78, 79, 103 internet service providers liability 257–60, 261 intranets acceptable use policies 267 Investigatory Powers Tribunal 8 IPSO code 180 Irish Law Times Reports 12 Irish Reports 12 John Cox Associates 76 Joint Information Systems Committee model licence 76, 126 judicial reviews 7 jurisdiction 1, 16, 121, 122, 262–4 law reports 11–12, 13 legal citations 12 legal concepts 13–16 legal deposit Chapter 4 legal systems 1–4 common law system xli, 4 civil law system xli, 4–5 legislation progress of bills through UK parliament 9–10 websites 13 lending xlii, 39, 44, 55, 103, 116, 310, 333–5 liability and electronic information 277–8 for copyright infringement 35, 57, 59, 61, 78, 92, 100, 124, 262–4, 278–9 for defamation 104, 251, 254, 256, 266, 267–8 in other jurisdictions 262–4 of internet service providers 257–9, 260, 261, 262–4

see also professional liability libel Chapter 12 Bookshop Libel Fund 260–1 defences 251–6 e-mail 267 libel tourism 263 remedies 256–7 library cards 185, 223, 224 library exceptions in copyright law 39, 55–60, 75, 76, 78 library offences 25–6 licensing applicable law 122, 123, 125 contract clauses 122, 123–5 model licences 76, 126 non-cancellation clauses 120, 124 perpetual access 123, 125 termination clauses 16, 119, 122, 123, 125 warranties and indemnities 122, 123–4, 125 see also copyright licensing limitation period online archives and defamation 257, 261–2 Local and Personal Acts 8 local byelaws 24 local government and freedom of information 193–4, 236 magistrates courts 5, 6 malware xliii, 173, 284, 286, 296 Marrakesh treaty 42, 43, 45, 47, 310, 311, 312 model library byelaws 24 model licences 76, 126 model publication schemes 195 moral rights, copyright and multiple copying 48, 50, 76 Napoleonic code 5 National Archives 65–7, 194, 235, 237, 238 National Assembly for Wales 1, 2, 3, 191, 205, 207

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 347

INDEX

negligence 5, 14, 15, 16, 119, 269, 271, 275, 279, 281, 328 news reporting, copyright exception for 54 NLA Media Access 60, 62–3 nominate reports 11 non-commercial research, copyright and 48, 49, 51, 54, 58, 59, 76 Northern Ireland Judgements Bulletin 12 Northern Ireland Law Reports 12 obligation of confidence 108, 109, 113, 124, 179, 180 obscene publications 297, 298, 300, 330 offer to make amends, defamation defence of 252, 255–6 Ombudsman see Parliamentary and Health Service Ombudsman Open Government Licence 60, 65, 66, 68, 81, 194, 199, 238–9 OpenAttribute 69 operators of websites, defamation defence for 251, 254–5, 259 order of business 9 order paper 9 Ordnance Survey 64–5 Orphan works Copyright exception for xlvi, 41, 47, 56, 85, 337–8 licensing xlvi, 47, 83, 84, 85–9, 91–2 extended collective licensing xlvi, 46, 84, 85, 91–2 outsourcing 149, 170, 192 Parliamentary and Health Service Ombudsman 91 parliamentary copyright 33, 66–7 parliamentary websites 12–13 patents 16, 67, 111, 112, 119, 200, 225, 239 peer-reviewed statement, defamation defence for 252, 255 permitted acts, see copyright exceptions pharming xlii, 284, 301 phishing xlii, xliii, 173, 284, 300, 301 ping-pong 10

347

plagiarism 296 pornography xlii, 284, 289, 297–8, 300, 303, 319 portability 43, 141, 145, 159 precedents xli, xlii, 4 preference services 172 prejudice test 204–6, 213 prison libraries 26, 183, 229 privacy and human rights 133, 177, 178, 181, 224, 228, 229 privacy shield 151 private study and copyright 48, 50, 51, 52, 57, 58, 60, 74, 76 privilege, defamation defence of 248, 249, 252, 255 professional indemnity insurance 270, 281, 284 professional liability Chapter 13 property 2, 13, 16 Public and General Acts 8 public domain xlii, 30, 81 public exhibition of copyright works 34 public interest test 204–6, 209, 210, 211 public international law 12 Public Libraries and Museums Act 1964 7, 22, 23, 24, 26 public library standards 271, 272 public records 58, 65, 75, 189, 193 publication schemes 192, 193, 195–7, 198, 201, 210, 211 public sector equality duty 27–8, 306, 314 public sector information 65, Chapter 11 publication on a matter of public interest, defamation defence for 251, 253 Publishers Licensing Services 61 qualified privilege 248, 249, 255 quality of information 277, 278, 281 quasi-legislation 11 quotation, copyright exception for 48, 50, 53, 116 radio frequency identification 168–70 ratting xlii, 284 ‘reasonable’ skill and care 15, 270

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 348

348

ESSENTIAL LAW FOR INFORMATION PROFESSIONALS

reasonableness, test of 14, 15, 119, 204 records management 192–3, 196 destruction of records 137, 138, 144, 193, 196, 208, 212 Reference and User Services Association 280 remedies breach of confidence 110, 111 copyright infringement 35, 38, 40, 71, 77 defamation 256–7 rental xlii, 333 rental and lending right 39, 44, 333 report stage of parliamentary bills 10 resale right xlii, 39–40, 44, 64 reserved matters, Scotland 1 reserved matters, Wales 2–3 revenge porn xliii, 284 Reynolds defence (replaced by publication on a matter of public interest defamation defence) 253 right to bid 19, 20 risk management copyright 35–6 professional liability 279–81 Roman law 5 Royal assent 9, 10 Scottish Civil Law Reports 11 Scottish Council of Law Reporting 11 Scottish Criminal Case Reports 12 Scottish Information Commissioner 191, 192, 201, 208, 210, 211 Scottish Parliament 1, 212 school libraries 26–7, 183, 224, 330 Scots Law Times 11 second reading of a bill 10 secondary publisher 258, 261 security risk 286, 294 sensitive personal data 145–6 serious harm, defamation law and 248, 261 Session Cases 11 sheriff courts 6 single publication rule 261–2

slander xliii, 247, 248–9 smishing xliii, 284 social engineering xliii, 284 social networking sites and libel 265–6 social value 20–1 Software as a Service 323, 324, 325, 326 software piracy 296 spam 135, 301 Special Standing Committee 10 spoofed websites xliii, 284, 301 spyware xliii, 284, 301, 323 Standing Committee 10 statute law 4 statutory duties of local authorities xlv, 22–3 statutory instruments 9, 11, 13 stipendiary magistrates 6 Strategic and Competitive Intelligence Professionals 280 substantial, meaning of in a copyright context 48–9, 50 sui generis xliii, 29, 39 supply of goods and services 15 supreme court 1, 5, 6 swatting xliii, 284 technological protection measures 76–7, 115, 311 see also electronic copyright management systems Technology Escrow Agreement xliii, 324, 325, 326 temporary or transient, copyright exception for 70–1 termination clauses 16, 119, 122, 123, 125 text and data mining, copyright exception for 55 third reading of bills 10 time limit data protection 136, 137, 158, 161, 192 freedom of information 203, 210, 214 tort xlii, xliii, 2, 5, 14, 107, 269, 275–7 trade secrets 108, 111–112, 200, 206 trade marks 16, 35, 46, 67, 111, 225, 239

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 349

INDEX

Trade-Related Aspects of Intellectual Property Rights (TRIPS Agreement) 37, 38 tribunals 8, 60, 61, 63, 90, 91, 337 see also Copyright Tribunal First-Tier Tribunal (Information Rights) 8, 90, 91, 179, 207, 208, 243 Investigatory Powers Tribunal 8 TRIPS agreement 37, 38 trojans xliii, 284, 295, 299, 300 truth, defamation defence of 251, 252 UK Code of Non-Broadcast Advertising and Direct & Promotional Marketing 180 unauthorised access to computers see hacking unfair contracts 15, 118, 119 Universal Copyright Convention 30, 37 University of Central England 297, 298 unpublished works, copyright and 31, 33–4, 56, 57–8, 78, 225–6, 279

349

Vallor, Simon 294 values of library and information professionals 131, 182, 224, 271, 272 veritas 251 vicarious liability and defamation 267, 269 viruses xliii, 173, 174, 285, 286, 289, 294, 295, 299, 300 vishing xliii, 285 visually impaired 42, 43, 44, 45, 121, 310–312, 313 warranties 122, 123, 124, 259, 324 WATCH (Writers Artists and their Copyright Holders) 82 Weekly Law Reports 11 Welsh Assembly 1, 2, 3, 205, 207 wi-fi networks 78, 79, 286 WIPO Copyright Treaty 38 World Intellectual Property Organization 38, 39, 98 World Trade Organization 31, 37, 38 worms xliii, 285, 295 Wright, Peter 113, 179

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 350

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 351

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 352

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 353

Pedley 2019 definitive proof 19 Sept_00pedley essential law prelims 2006.qxd 19/09/2019 12:56 Page 354