On ICT law, politics and other digital stuff
Gian Antonio Stella, a well known ? journalist whose articles are published by the most important Italian daily newspaper, Il Corriere della sera, just published a new book: Bolli, sempre bolli, fortissimamente bolli, about the bureaucracy cancer in Italy.
At the beginning of the book (Kindle location 1853, to ? be precise) he extensively quotes ? La Legge di Parkinson, the Italian translation I did of the British classic “Parkinson’s Law“.
Well, the news isn’t actually “new” but there is one interesting and underlooked Google statement about the acquisition of the (military) robotics firm Boston Dynamics: while the current agreements are honored, Google has no plan to become a defense contractor.
This way Google is depriving the US military system of a top-notch technology, keeping in its own and solely hands what is supposed to be a (although future) critical asset for the US security and safety.
Should this trend be confirmed, we might face in the near future the massive accumulation of advanced technologies in the hands of just one company that might become the “one-stop” for defense – and more broadly – public needs.
The Italian Minister of culture, Franceschini (Democratic Party) issued the decree – effective by July 17, 2014 – that makes the copyright levy skyrocket up to 30 Euros per multimedia storage device. This levy (technically called “fair reward”) is supposed to compensate in advance the authors for the copy made by a user of a copyrighted content. Even those contents – so long, entertainment industry – shared through the Internet. But the authors who don’t belong to SIAE (the Italian Royalty Collecting Agency) will never get paid for the (ab)use of their works.
So, how is it possible that online sharing isn’t illegal? Here is the catch: nothing in the Italian Copyright Law says that the copy must come from an ORIGINAL or legally owned content. The consequence is that if I download or share something through the Internet I’m not infringing somebody else’s copyright because of the preemptive payment made through the levy.
More than legally correct, this conclusion comes from common sense: the “fair” compensation exists way before the Internet and was designed in the VCR-era to allow copyrighters to get some money from the privately made TV broadcast recording. Of course somebody who recorded a movie didn’t have a “right” over this content that allowed him to put it on a video-cassette and this is where the levy jumps in. The equation is simple: pay your fee in advance and get the right to keep your favourite show at home.
As odd as it may sounds, this equation works for the Internet too but the entertainment industry refuses to even talk about the issue, claiming that the levy is designed for legally-owned content only. While – again – there isn’t such provision clearly stated in the law, this statement is counterintuitive since is a fact that as soon as a content is stored on a levy-burdened media, the author compensation’s has already been paid.
Instead of complaining, the entertainment industry should be happy of this unjust levy because it gets money from a huge quantity of Terabytes used for backups, business continuity and private storage that don’t contain copyrighted works and that – nevertheless – are still burdened by the “fair” compensation.
The only that have the right to complain are all the unknown authors whose works (music, words, pictures) are routinely abused (not only) on the Internet and that will never get their share of “fair” reward. Yes, because all the monies we pay fall into the SIAE ? that shares the cuts among its members.
Is this “fair” reward actually so?
Under Italian laws, hiring a software-house to produce an industrial application may expose a non-IT savvy company to civil and criminal action filed by the software-house itself and/or by the other software-house that has been called to replace the one the initially did the job. This is the consequence of a lazy attitude towards a properly written agreement and a deep ignorance of the intricacies of the software development’s world.
Here is a fairly usual scenario: a tiles manufacturer needs a software to control the temperature of the ovens used to finally release the products. It asks a software house to write the application, securing in the agreement that “all the intellectual/industrial property belongs to the company”. By doing this the company feels on the safe side and believes to be shielded by no matter what problem.
But.
The agreement didn’t clarify the exact way the IP must be transferred, so the software-house delivers the software on a LICENSING basis and not as a full-ownership transfer. Once the agreement has been signed, the company doesn’t read the following papers at all and thus, de facto, the agreement has been amended (possibly) unbeknownst to the company’s legal department.
Let’s say, now, that the business relationship with the software house breaks and the company finds another partner, giving him access to the source code made by the previous developer. The company sees no problem in doing so since believes to “own” the software so the new developer just start working on the code.
But.
The company failed to identify the code given by the original developer (for instance, by adding disclaimers or comments both in the source and the executable version) thus infringing the moral IP rights that, under Italian Copyright Act belong to the author and cannot be sold or otherwise transferred.
So the software’s author steps in claiming that the company has violated his rights because allowed a third party to access and use a LICENSED code. And when the company tries to blame the new developer he counter the move by accusing the company of infringement of the Criminal Corporate Liability Act (Legislative Decree 231/2001) because of the lack of prior identification of the supplied source code as being authored by a third party.
Lesson learned: under Italian Laws a proper software development agreement should at least contains:
– a precise identification of the source code that has been released, with a duty, on the software-house side, to mark and duly comment the software,
– a clear statement about the IP ownership transfer to the company,
– a clear exclusion of any further change or amendment including the impossibility of turning the agreement from a full-transfer into a license,
– a clear provision that, whatever the legal status of the software, the company is entitled to be given the source-code,
– a clear clause that grants the company, whatever the legal status of the software, the right to allow third parties to access and modify the source code.
Furthermore, since such kind of agreements – once signed – rarely come back on the legal department desks, it is fundamental to train the technical and financial department involved in the further steps, to carefully scrutinize papers and communications so to avoid any “mudding” of the original stipulation.
A final note: when a third party is hired to work on the software, it should be made it clear that the software, while owned by the company, still bears the original author’s moral right, with all the legal consequences.
A Linkedin post by Luciano Floridi announce a British House of Lords EU Committee hearing about the Google Spain ECJ Decision and the right to be forgotten. Here are my two cents (sorry, this isn’t going to be a short post):
Q. Do you agree with the Court’s ruling that Google (and other search engines) can be classed as data controllers?
A. NO. The search engine activity as such doesn’t handle personal data under the 95/46/CE Directive. The collection and organization of the retrieved data are the automatic output of a search algorithm. The issue arise when the retrieved data are used for purposes different than the pure providing search engines results, thus attempting to identify a natural person and creating his/her profile. To give an example: Duckduckgo.com and before, Cuil, are no-user-data-collection search engines so it is not possible to include them into the legal “data-controller” definition.
Q. The question put by the Spanish court to the Court of Justice referred to the data subject wishing to have information “consigned to oblivion”. Isn’t the true position that information removed from websites will always continue to exist, but will simply not be so easily accessible?
A. Yes. And fact is that information still available are still accessible by alternative means (word-of-mouth, newsgroups, social networks etc.) The point is that we are lured into thinking that there isn’t anything else, on the Internet, outside Google but this is simply not true. Google is used because is quick and effective, but when proper information are needed nobody will rely upon a search engine while trying to connect with an expert of the matter.
Q. The Court has ruled that the data subject’s fundamental right to privacy “as a rule” overrides the right to receive information, but that this will not be the case if there is a public interest in “the role played by the data subject in public life”. Do you agree with this order of priorities? Can it in practice be implemented?
A. It is a legal mistake to build the right to be forgotten on the EU Data Protection Directive. The right to privacy is set forth by the European Convention on Human Rights and the data protection is a principle set forth in a EU Directive. Thus data protection is a subordinate and particular right that doesn’t necessarily implies privacy issues. EU Data Protection Directive, indeed, is contrary to the Right to be forgotten because sets a precise legal duty to handle personal data so that they are readily available, updated and exact. This is contradictory with the idea of being forgotten, because a messy way to handle personal data (i.e. non reliable information) would be the best protection for an individual, whose personal whereabouts wouldn’t be easily found.
Q. Do you think it is in practice possible for Google to comply with the Court’s ruling?
A. Yes, but the decision is wrong and Google shouldn’t be forced to comply. The balancement between individual rights and public needs can only be assessed by a Court and we can’t bear the risk of letting a private company to decide what we should and shouldn’t find. The Google Spain ECJ decision shift the burden of protecting the public interest on a private company’s shoulders. To put it short: the ECJ ruling gave Google the legal power to re-write the History.
Q. What do you consider to be a ‘reasonable time’ for companies to put in place an acceptable response to the CJEU’s ruling?
?A. I don’t think a general answer is possible. There are issues to be considered such as the number of users’ claims, the kind of legal issues involved by every single claim, the impact on the technical infrastructure and so on that make giving a figure a roll of dice.
Q. The proposed new EU Data Protection Regulation would give data subjects an even stronger ‘right to be forgotten’. Do you think the UK Government are right to oppose this?
A. Again, data protection doesn’t equal right to privacy. The upcoming EU regulation shouldn’t deal with the right to be forgotte because it is an out of scope issue that should be handled within the EU Convention of Human Rights framework.
Q. How do you think an acceptable balance can be achieved at EU level between the public’s right to know, and the right to privacy?
A. By re-affirming and hardening the principle that online (as offline) the main legal liability is on the natural person that performs an action. In the specific case, if a fact is true and reported in a proper way there is no reason to erase it. Following the contrary opinion, today we wouldn’t know anything about the Lucius Catilina’s attempted golpe because his heirs might legitimately ask, after about 2.000 years, that their ancestor be let rest in peace.