Feeds

Using copyright to avoid Freedom of Info law? Ha, ha, NICE try!

You're exempt* anyway, sniffs ICO

Top three mobile application threats

Public bodies that disclose copyright-protected information in order to comply with a request under freedom of information (FOI) laws are not guilty of copyright infringement, the Information Commissioner's Office (ICO) has said.

Although the Freedom of Information Act (FOIA) states that public bodies must not disclose information where the disclosure is "prohibited by or under any enactment", the UK's Copyright, Designs and Patents Act (CDPA) contains an exception to infringement of copyright that enables disclosure to take place, the watchdog said.

"Copyright does not act as a statutory bar to disclosure ... This is because section 50 of the CDPA provides that where the copying or publishing of information is specifically authorised by an Act of Parliament copyright will not be infringed," the ICO said. "Providing information in response to a request made under FOIA constitutes an act specifically authorised under an Act of Parliament. Consequently disclosing information under FOIA will not infringe copyright."

The ICO made the comments in new guidance (24-page/285KB PDF) on intellectual property rights and disclosures under FOIA.

Public bodies must make clear to those who requested the information when information they disclose is protected by copyright because there will be restrictions on the further use of that information by those requesters, the ICO said.

"Copyright will still apply to the information once it has been disclosed under FOIA," the ICO's guidance said. "The person who receives the information under FOIA is still obliged, by law, to respect the rights of the copyright owner. If they do not, the copyright owner can seek damages or an injunction in the same way as they could for any infringement of copyright."

"So, although the disclosure under FOIA does not carry any restrictions, the restrictions imposed on the further use of that information by the CDPA still apply. It may not be apparent to recipients that the information is protected by copyright. Therefore when a public authority wishes to protect its own copyright, or the copyright is owned by a third party, it should advise the applicant that the information remains copyright protected," it said.

The ICO's guidance sets out that in some cases information held by public bodies that is copyrighted may also be of commercial value to those organisations or to others. However, it said that if the existence of copyright in the material protects the commercial value of that information then public bodies should disclose the information upon request.

However, it said that if the existence of copyright in information does not protect the commercial value of the material public bodies may have to withhold the information from disclosure. A specific section under FOIA allows public bodies to withhold the information if disclosure of it "would, or would be likely to, prejudice the commercial interests" of it or any other person.

Beware, it's not an absolute privilege

However, the ICO explained that the 'commercial interests' exemption to disclosure is not absolute and that public bodies are obliged to conduct a public interest test in order to determine whether copyrighted commercially sensitive information should be disclosed or withheld.

The ICO's guidance also outlines how public bodies should treat the disclosure of information covered by database rights.

Three distinct protections can apply to databases and their contents. The information in a database can be protected by copyright; the database structure itself can be so creative that it is protected by copyright, and the whole database can be protected by the 'sui generis' database right.

This was created by the European Union to encourage the development of database-dependent digital systems and it allows a creator to stop others using a database or the information in it if the investment of time, money and skill in that original database was large enough. Under copyright law alone such protection would not necessarily apply if the database contained merely facts, as only the expression of facts and not the facts themselves can be copyrighted.

"As with copyright, providing information in response to a freedom of information request is an act specifically authorised under an Act of Parliament," the ICO said. "Consequently disclosing information under FOIA will not infringe database rights."

"The existence of copyright in a database has the sae impact on disclosures under FOIA as it does on any other copyright material. Essentially this means that disclosure under FOIA will not infringe copyright. The copyright protection will continue following disclosure," it added.

"Where the copyright protects the database from further uses that could prejudice the copyright owner's commercial interest, it may serve to facilitate disclosure. But if copyright will not effectively protect commercial interests, a public authority should consider the application of [the 'commercial interests' exemption to disclosure under FOIA] in the normal way, by establishing the causal link between the disclosure and the harm to the commercial interests," according to the ICO's guidance.

The ICO added that even if those requesting information have set up email settings that would automatically publish information that the public bodies discloses, that fact should not prevent the organisations disclosing the information.

"The Commissioner will not accept the automatic publication of information in breach of copyright as grounds for refusing a request under FOIA," it said. "However, if a public authority faced with the same situation was able to demonstrate that the disclosure would for example prejudice its commercial interest ... the public authority would have grounds for withholding the information (subject of course to the public interest test)."

Copyright © 2012, Out-Law.com

Out-Law.com is part of international law firm Pinsent Masons.

Combat fraud and increase customer satisfaction

More from The Register

next story
Lavabit loses contempt of court appeal over protecting Snowden, customers
Judges rule complaints about government power are too little, too late
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
Record labels sue Pandora over vintage song royalties
Companies want payout on recordings made before 1972
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Edward Snowden on his Putin TV appearance: 'Why all the criticism?'
Denies Q&A cameo was meant to slam US, big-up Russia
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Judge halts spread of zombie Nortel patents to Texas in Google trial
Epic Rockstar patent war to be waged in California
US Supreme Court supremo rakes Aereo lawman in oral arguments
Antenna-array content streamers: 'Ruling against us could dissipate the cloud'
German space centre endures cyber attack
Chinese code retrieved but NSA hack not ruled out
prev story

Whitepapers

Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.