Feeds

Using copyright to avoid Freedom of Info law? Ha, ha, NICE try!

You're exempt* anyway, sniffs ICO

High performance access to file storage

Public bodies that disclose copyright-protected information in order to comply with a request under freedom of information (FOI) laws are not guilty of copyright infringement, the Information Commissioner's Office (ICO) has said.

Although the Freedom of Information Act (FOIA) states that public bodies must not disclose information where the disclosure is "prohibited by or under any enactment", the UK's Copyright, Designs and Patents Act (CDPA) contains an exception to infringement of copyright that enables disclosure to take place, the watchdog said.

"Copyright does not act as a statutory bar to disclosure ... This is because section 50 of the CDPA provides that where the copying or publishing of information is specifically authorised by an Act of Parliament copyright will not be infringed," the ICO said. "Providing information in response to a request made under FOIA constitutes an act specifically authorised under an Act of Parliament. Consequently disclosing information under FOIA will not infringe copyright."

The ICO made the comments in new guidance (24-page/285KB PDF) on intellectual property rights and disclosures under FOIA.

Public bodies must make clear to those who requested the information when information they disclose is protected by copyright because there will be restrictions on the further use of that information by those requesters, the ICO said.

"Copyright will still apply to the information once it has been disclosed under FOIA," the ICO's guidance said. "The person who receives the information under FOIA is still obliged, by law, to respect the rights of the copyright owner. If they do not, the copyright owner can seek damages or an injunction in the same way as they could for any infringement of copyright."

"So, although the disclosure under FOIA does not carry any restrictions, the restrictions imposed on the further use of that information by the CDPA still apply. It may not be apparent to recipients that the information is protected by copyright. Therefore when a public authority wishes to protect its own copyright, or the copyright is owned by a third party, it should advise the applicant that the information remains copyright protected," it said.

The ICO's guidance sets out that in some cases information held by public bodies that is copyrighted may also be of commercial value to those organisations or to others. However, it said that if the existence of copyright in the material protects the commercial value of that information then public bodies should disclose the information upon request.

However, it said that if the existence of copyright in information does not protect the commercial value of the material public bodies may have to withhold the information from disclosure. A specific section under FOIA allows public bodies to withhold the information if disclosure of it "would, or would be likely to, prejudice the commercial interests" of it or any other person.

Beware, it's not an absolute privilege

However, the ICO explained that the 'commercial interests' exemption to disclosure is not absolute and that public bodies are obliged to conduct a public interest test in order to determine whether copyrighted commercially sensitive information should be disclosed or withheld.

The ICO's guidance also outlines how public bodies should treat the disclosure of information covered by database rights.

Three distinct protections can apply to databases and their contents. The information in a database can be protected by copyright; the database structure itself can be so creative that it is protected by copyright, and the whole database can be protected by the 'sui generis' database right.

This was created by the European Union to encourage the development of database-dependent digital systems and it allows a creator to stop others using a database or the information in it if the investment of time, money and skill in that original database was large enough. Under copyright law alone such protection would not necessarily apply if the database contained merely facts, as only the expression of facts and not the facts themselves can be copyrighted.

"As with copyright, providing information in response to a freedom of information request is an act specifically authorised under an Act of Parliament," the ICO said. "Consequently disclosing information under FOIA will not infringe database rights."

"The existence of copyright in a database has the sae impact on disclosures under FOIA as it does on any other copyright material. Essentially this means that disclosure under FOIA will not infringe copyright. The copyright protection will continue following disclosure," it added.

"Where the copyright protects the database from further uses that could prejudice the copyright owner's commercial interest, it may serve to facilitate disclosure. But if copyright will not effectively protect commercial interests, a public authority should consider the application of [the 'commercial interests' exemption to disclosure under FOIA] in the normal way, by establishing the causal link between the disclosure and the harm to the commercial interests," according to the ICO's guidance.

The ICO added that even if those requesting information have set up email settings that would automatically publish information that the public bodies discloses, that fact should not prevent the organisations disclosing the information.

"The Commissioner will not accept the automatic publication of information in breach of copyright as grounds for refusing a request under FOIA," it said. "However, if a public authority faced with the same situation was able to demonstrate that the disclosure would for example prejudice its commercial interest ... the public authority would have grounds for withholding the information (subject of course to the public interest test)."

Copyright © 2012, Out-Law.com

Out-Law.com is part of international law firm Pinsent Masons.

High performance access to file storage

More from The Register

next story
Android engineer: We DIDN'T copy Apple OR follow Samsung's orders
Veep testifies for Samsung during Apple patent trial
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Big Content goes after Kim Dotcom
Six studios sling sueballs at dead download destination
Alphadex fires back at British Gas with overcharging allegation
Brit colo outfit says it paid for 347KVA, has been charged for 1940KVA
Jack the RIPA: Blighty cops ignore law, retain innocents' comms data
Prime minister: Nothing to see here, go about your business
Singapore decides 'three strikes' laws are too intrusive
When even a prurient island nation thinks an idea is dodgy it has problems
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Banks slap Olympus with £160 MEEELLION lawsuit
Scandal hit camera maker just can't shake off its past
France bans managers from contacting workers outside business hours
«Email? Mais non ... il est plus tard que six heures du soir!»
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.