The Taiwan Intellectual Property Office (TIPO) announced the Regulations Governing Implementation of Limitations on the Liability of Internet Service Providers on September 7, 2009. The regulations address amendments to the Copyright Act establishing safe harbor provisions for Internet Service Providers (ISPs) that came into force earlier in 2009. The regulations have been based on the outcome of discussions with interested parties during the drafting of the amendments to the Copyright Act and public hearings this past summer. Interested parties had until September 17 to submit comments on the regulations. Absent significant opposition, the TIPO anticipates that the regulations will come into force in November 2009.

Notifications and Counter-notifications

Article 3 of the Regulations sets out the requirements for notifications sent to ISPs by rights holders under the Copyright Act. Notification may be made in writing sent by mail or fax or via electronic signature document sent by e-mail. The rights holder or its authorized representative must sign or chop the notification. ISPs may provide alternate means of receiving notification from rights holders. The notification must include:

i. Identity of the rights holder’s name along with their address, phone number, fax number, or e-mail;
ii. Identity of the infringed copyright;
iii. Request to the ISP to remove or deny user access to the infringing content;
iv. Adequate information and access routing information on the infringing content;
v. A statement that the rights holder has a good faith belief that the content cited is unauthorized or violates the Copyright Act; and
vi. A statement that the rights holder will assume liability if third parties incur damages as a result of false notification.

If multiple infringements will be alleged then these may be cited in a single notification.

Article 4 requires that an ISP notify a rights holder of any required amendments to a notification within five working days of the day following receipt of the notification. And a rights holder then has five working days to submit an amended notification. A notification shall be void if the rights holder fails to comply within the five-day period. Notification that does not meet the requirements and that has not been amended within the prescribed time to comply with the requirements shall not constitute evidence that an ISP has knowledge or awareness of the alleged infringement. That is to say, improper notice shall be deemed no notice.

The Copyright Act provides users of information storage service providers with a mechanism to challenge an infringement notification. Users of other types of ISP do not enjoy this right. A user of an information storage service provider who believes he or she has been wrongly accused of infringement by a rights holder may submit counter-notification to the information storage service provider requesting restoration of the alleged infringing content. Article 5 of the regulations provides that a counter-notification must be signed or chopped by the user (or representative) and include:

i. Identity of the user and contact information;
ii. Request to restore deleted content or access to the same;
iii. Adequate information on the content;
iv. A statement that the user has a good faith belief that he or she has legal authorization to use the content in question and that the deletion or denial of access to content is result of a false claim by the rights holder;
v. Consent to the information storage service provider to forward the counter-notification to rights holder; and
vi. A statement that the user will assume liability if third parties incur damages as a result of false counter-notification.

A representative making counter-notification must at same time state that he/she is doing so on behalf of the user.

Article 6 requires that an ISP notify a user of any required amendments to the counter-notification within five working days of the day following receipt of the notification. And a user then has five working days to submit the amended counter-notification. A counter-notification shall be void if the rights holder fails to comply within the five-day period and an ISP will not be required to restore access to the content.

Three-Strikes Rule

The Copyright Act provides that an ISP must to avail itself of the safe harbor protections inform its users that their service shall be terminated in whole or in part in the event that a user has been involved with three incidents of infringement. The Copyright Act does not, however, expressly require that the ISP terminate service. And the regulations do not address the “three-strikes” provision of the amendments at all though its absence from the regulations had been expected as users of connection ISP had not been provided with a means within the Copyright Act to challenge a notification. The amendments to the Copyright Act and the regulations appear to have been carefully thought through to appease those parties lobbying for the inclusion of a “three-strikes” mechanism while ensuring that the ISP and individual users of connection services have a degree of protection.

Observations on the ‘Safe Harbor’ Regime

There has, first, been no actual obligation imposed by the Copyright Act or the regulations on an ISP to terminate service, throttle, or restrict a user’s connection after the occurrence of “three-strikes”. And where, for example, a user of a connection ISP has not been provided with any means within the notification system to challenge a notification then making it in fact a contractual issue between the ISP and user limits the likelihood of the law being challenged.

A rights holder has no right to know what action an ISP has taken against a connection service user and additional laws and regulations prevent the disclosure of such information absent a court order. There would be little current incentive for an ISP frequently trying to upsell consumers to more expensive and faster connections to actually enforce the “three-strikes” rule as a notification only contains an allegation of infringement–and given some of the cases reported in other jurisdictions and the use of automated notification systems that troll for infringement based on key words rather than actual content, an ISP would be correct to be wary. An ISP could face liability but this would require that a rights holder litigate first against a connection user. Which would in turn require sufficient evidence to support a court order to disclose the identity of the user.

The amendments also impose civil liability on any party who files a false notification of infringement. The regulations further require that a notification include both a statement by the rights holder that it has a good faith belief that the content cited is unauthorized or violates the Copyright Act and that the rights holder will assume liability if third parties incur damages as a result of fraudulent notification. Where, for example, a user of a connection ISP has received a false notification then the only redress to avoid “the strike” would be to bring legal action against the rights holder, and that user would have statements by the rights holder contained in the notification on which to base the action. The prospect of civil liability should serve to somewhat check the over-enthusiastic use of automated infringement notification systems sometimes seen in other jurisdictions as a rights holder should have sufficient and actual evidence of infringement at the time that the notification had been issued.

A version of this article appears in the Computer Law and Security Review. For more information about this topic, please contact K. Mark Brown.