If you’ve read this site long enough, you’re probably familiar with the Digital Millennium Copyright Act (DMCA) and how the notice and takedown system works.
If you’re a copyright holder filing a complaint, it’s fairly straightforward. File a proper notice and a host (or search engine) and, if they wish to avoid potential liability, they will remove or disable access to the work pending a possible counternotice.
However, if you are a web host, things get a bit more complicated. As we discussed previously, you need to register a DMCA agent (Note: If registered, you need to re-register this year to avoid having your registration expire.) and then you need to respond to the notices of infringement that you do get.
It’s worth noting that this applies to ALL websites that host content at the direction of users. So while this includes YouTube, Facebook and GoDaddy, it also includes much smaller sites including forums and even blogs with comments.
But even if you’ve registered your DMCA agent, have no “red flag” knowledge of infringements and respond expeditiously to DMCA notices, you may still not be fully protected. As other sites have found out, there’s more that has to be done, including setting up a repeat infringer policy.
Fortunately, setting up such a policy is fairly simple, as long as you are aware of the need for it.
Why You Need a Repeat Infringer Policy
When looking at the DMCA, most hosts focus on Section 512(c), which outlines the responsibilities for “Information residing on systems or networks at the direction of users.”
It’s the section that outlines the notice and takedown process, including the requirement to register a DMCA agent as well as the red flag knowledge mentioned above.
However, Section 512(i) is also important, it lists conditions for eligibility and says that the host shall only be eligible for protection if:
(A) has adopted and reasonably implemented, and informs subscribers and account holders of the service provider’s system or network of, a policy that provides for the termination in appropriate circumstances of subscribers and account holders of the service provider’s system or network who are repeat infringers; and
(B) accommodates and does not interfere with standard technical measures.
It’s the first part that is most important for this article as it requires to do three things.
- Have a policy to terminate the accounts of those who are repeat infringers.
- Implement the policy
- Inform subscribers and users about the policy.
While this might seem like an odd technicality, it came up in a major way in the Grooveshark case.
Grooveshark was a music streaming service where users uploaded audio files that others could stream. It routinely compared itself to YouTube but for audio. However, as piracy became rampant on the service, record labels sued and eventually won.
Though the reasons for the defeat were many, one of the key ones was Grooveshark’s lack of an effective repeat infringer policy. The record labels were able to show that thousands of users had been subject to multiple DMCA notices but retained their uploading privileges.
With no safe harbor, Grooveshark was liable for the infringement on its service and forced to close.
The repeat infringer policy is also an issue in the Spinrilla case, with record labels there claiming the hip-hop remix site doesn’t qualify for safe harbor both due to the lack of a DMCA agent and the lack of a repeat infringer policy.
The result is simple, if you don’t have a repeat infringer policy, you may be jeopardizing your DMCA safe harbor protection.
Fortunately, it’s a very simple problem to fix.
Crafting and Posting a Repeat Infringer Policy
Creating a repeat infringer policy is, actually, remarkably simple. The first step is actually writing a short statement about the policy and putting it on your site.
YouTube will terminate a user’s access to the Service if, under appropriate circumstances, the user is determined to be a repeat infringer.
If you repeatedly infringe other people’s intellectual property rights, we will disable your account when appropriate.
It is GoDaddy’s policy to provide for the termination, in appropriate circumstances, of GoDaddy customers and account holders who repeatedly violate this policy or are repeat infringers of copyrighted works, trademarks or any other intellectual property.
While the verbiage is different they all say fundamentally the same thing: That it is their policy to terminate access to users who repeatedly commit copyright infringement.
It really is that simple.
As far as where to put it. If you have a terms of service page, you can easily put the text in there. If you have a DMCA agent page (which you are supposed to do under the law) you can put it there.
The main thing is that it has to be somewhere that is user facing as the purpose is to inform them about the policy’s existence. This is true even if they are unlikely to ever actually read it.
However, now that you’ve posted the policy you have to implement it and, for many sites, that may prove to be the most difficult part.
Implementing the Repeat Infringer Policy
For most sites, implementing a repeat infringer policy really isn’t a major deal because it likely won’t come up. For example, with Plagiarism Today, I’ve never received a DMCA notice and the few infringing things that were uploaded in comments I removed as spam (because they were).
Still, it might be unclear what your policy needs to look like. To that end, the courts have provided precious little guidance, taking greater interest that there is a policy and it is enforced rather than looking at the details of the policy.
Still, earlier this year, the Second Circuit Court of Appeals provided some guidance.
In a ruling on the MP3Tunes case, the court ruled that, while you don’t have to go looking for new information, you should use any information that you have to try and block repeated infringers. This includes banning them across different sites you may operate.
Looking to a forum, you would obviously want to ban the username but you might also want to block the email address and/or IP address if practical. Using the information you have to identify repeat infringers and then ban them is important, at least under this interpretation.
As far as when to implement this ban, there’s still a lot of room for interpretation. Hard line rules, such as Tumblr’s “three strikes” policy, often cause as much headache as they solve. In Tumblr’s case, this led to a spate of bad press in 2015 after they banned one user’s account after three questionable DMCA notices over a long period of time.
Still, when to ban a user is a tricky question. The Electronic Frontier Foundation provides a guide for what it says would make a good repeat infringer policy, but still doesn’t answer that question.
That’s largely because there is no good answer for it. Different sites have different needs and different cases call for different responses. A very serious single infringement may warrant a ban but three or four minor ones might not.
The main thing is that you are tracking infringements, you have some means of connecting infringers to a user and, if a user does rise to the level of a repeat infringer, you make an honest effort to ban them.
It’s not rocket science, but it is something every site should at least be considering.
In the end, for most sites a repeat infringer policy is not that big of a deal. The reason there is so little court guidance on the subject is because it’s not usually the subject of a challenge.
When challenges do arise, they typically involve sites and services already operating at the fringe of copyright. Sites like Grooveshark and Spinrilla that have a lot of challenges before delving into the repeat infringer policy. The other exception is cases such as the one involving Cox that looks at major ISPs.
Still, it’s something that’s very simple to do and doesn’t require any money nor a great deal of time. A few lines in your terms of service along with being cognizant of who is doing the infringing can go a long way.
So, if you’re at all worried about your DMCA safe harbor status, take a moment and set up a repeat infringer policy if you haven’t. If you have, take a moment to reevaluate it and see if it’s meeting the standards set by the current case law.
If there’s any chance it might be scrutinized, now is the time to take a look yourself.