Legal core assessment of German e-business
TIME Law News 1|2008
a) “The utilisation of music on the internet – still a legal minefield1“
As stated already in the introduction, the online utilisation of third-party content is connected with substantial legal problems which must be clarified prior to the utilisation of such content. Otherwise there is the threat of drastic legal problems.
Just as Bayern Munich’s goal guarantor Luca Toni, in spite of knowing the rules, frequently is offside, many users stumble into the numerous pitfalls of the various fields of law, such as the law on copyrights, personality rights, name rights and trademark rights, in spite of having masses of information available warning them that the internet is not an unregulated field.
On 15 April 2008, Spiegel Online correspondingly, under the headline „photo agency Getty triggers online wave of cease-and-desist letters“, reported on the assertion of copyright claims by the photo agency Getty against numerous individuals using images online on their websites. This is not only a German problem. Internet forums show that Getty is pursuing those utilising online images without authorisation in other (European) countries as well. According to the information on Spiegel Online, Getty claims payment of a sum of approx. 1,500.00 Euro for a one-time utilisation per image. The unauthorised use of several images may therefore lead to painful damage payments.
Music generally is not unregulated common property!
In addition to the unauthorised utilisation of images, an online presentation may also violate other rights.
An example is the unauthorised utilisation of music within the framework of the online presentation, e. g. in e-shops. In the past, copyright claims based on the unauthorised exploitation of music, in particular ring tones, by subsidiaries of globally acting large groups of companies, were brought before courts by the holders of the rights. The former illegal download offers provided by Napster also occupied the courts. Streaming offers on Youtube have also been attacked (out of court). The International Federation of the Phonographic Industry (ifpi), i.e. the professional association of the large record labels, founded a separate company assigned with the research and prosecution of illegal online music offers on sharing networks (e.g. Gnutella). The reports to the police and the cease-and-desist letters issued to users generated this way have probably reached a four to five-digit number in the meantime.
German law important for foreign companies as well!
The problems connected with the online utilisation are not limited to German providers. Under certain conditions, foreign online providers also are obligated to comply with the requirements of German copyright law. German copyright law, just as German competition and trademark law, is applicable to foreign online cases if they are targeted directly to Germany. The Telemediengesetz (German Act on Telemedia) on the one hand provides for a privileged position for foreign online providers, according to which generally the law of the country of origin is to be applied. However, this regulation is not applicable to copyright questions, according to section 3 subsection 4 No. 6 Telemediengesetz. This means that German copyright law is applicable to foreign offers with a national reference. As the execution of German court judgements is possible within the European Union, foreign providers should also comply with the requirements of German copyright law when utilising music (online).
Rights to the music must be obtained!
Therefore, prior to using music (online), it must always be clarified which rights to the music must be obtained. There are only few exceptions where music may be used without approval by the holder of the rights (e.g. for a work of music 70 years after the author’s death), which should be legally examined in each individual case.
The described cases of illegal use of images and of music clearly show that it is necessary to clarify third-party rights in advance, during the phase of preparation of a concept and production of a website presentation. However, due to the variety of the applicable statutory regulations and due to the complexity of the various legal matters, this is easier said than done. The provider of online content must, in addition to the problems of (IT) law, such as compliance with the regulations on distance contracts and with data protection law, also comply with the provisions of the laws on copyrights, personality rights, names, marks and trademarks. The main area affected in the case of the utilisation of music is copyright law.
Where can I obtain the necessary rights to utilise music?
A particularly complex field is the question of obtaining the utilisation rights for using the music. Music transports emotions, and films and advertising campaigns would be unthinkable without it. As the internet will in the future not only be used as a source of information but more and more also as an entertainment medium, the use of music will increase.
However, it could be dissuasive that the necessary approvals must be obtained from the (numerous) holders of rights to the work of music and the musical recording prior to being able to utilise a piece of music. In contrast to regular goods and services, the authorisation to use a piece of music cannot be obtained by means of so-called “one-stop shopping”, i.e. from one person or one company. Rather, several contracts with different parties will be necessary. Uli Hoeneß, Vice-Chairman of FC Bayern Munich, would definitely feel at home here, as he would be able to once again prove his negotiation skills against several “opponents”.
Works of music are created by a composer and a texter or several composers and texters (authors) who thus obtain copyrights to the work of music. The piece of music is recorded by musicians and the singer as well as a producer who not necessarily are identical with the authors. The musical recording or the recorded performance, i.e. the rendition of the work by the singer and musicians as well as the recording by the producer (production of sound carriers) create so-called performing rights which also are regulated in the Urheberrechtsgesetz (German Copyright Act). This means that if music is to be used on a website, the copyrighted utilisation rights to the work and the copyrighted performing rights to the recordings must be obtained.
The majority of authors have (exclusively) transferred their rights to the musical works to a collecting society (Germany: GEMA) and to one or several music publishers for the purposes of exploitation. If several authors contributed to the creation of a musical work, all of the (co-) authors may conclude a contract on his/her part of the musical work with a different publisher. The music publisher and the collecting society administer different rights to the work.
The persons entitled to protection of performing rights, i.e. the singers, musicians and producers of the musical recording, will have granted the right to utilise the recordings to a record label. For cases of a secondary exploitation of the recordings (e.g. broadcast on the radio), performing rights to the recordings will have been granted to a performing rights society (Germany: GVL), by the singer and musicians as well as by the record label. This means that a division of the exploitation rights also takes place with regard to the musical recording.
The contractual relations described above only roughly show the chains of rights between the individual persons and companies who substantially participate in the exploitation of music. Other persons and companies may also be involved. However, for the sake of comprehensibility, we refrain from including a conclusive description.
The provider of a web offer now is faced with the question, whom of the many parties involved he/she will have to contact to be able to use the music online. This mainly depends on the type of utilisation. It is possible that a piece of music is meant to be used online in connection with advertising. Furthermore, a distinction must be made between downloads and streaming. The user must also examine whether the interactive use of music is possible or if the user can only listen to the music without being able to influence the beginning, length and end.
A detailed evaluation of each individual case of utilisation cannot be provided here due to the large number of utilisation possibilities. However, the following may be said as a rough assessment for the German territory: In cases of a utilisation of the work/recording of music for advertising purposes, the author and his/her music publisher and the GEMA as well as the producer or his/her record label must be contacted. In the area of downloads, a licence must be obtained from GEMA and the record label. An evaluation in the area of streaming decisively depends on the question of inter-activity. GEMA as well as GVL (in case of no inter-activity) or GEMA and the record label (in case of inter-activity) may be responsible.
However, prior to any utilisation it is necessary to legally examine in detail how the music is to be used in the specific case. This is the only way to filter out the affected rights and the parties holding these rights. A legally binding evaluation thus is only possible when looking at the specific case in question.
Payment for music!
Determining the affected rights and the correct addressee of the utilisation inquiry is, however, only the first step on the way to the licence. Now, the remuneration sum must be agreed. As numerous fixed tariffs are offered in the area of online utilisation (e.g. for music-on-demand or webradios), in particular by the collecting and performing rights societies, the user should in advance obtain information on the tariffs and their applicability to the intended type of utilisation. Through this procedure, the offer can subsequently be adapted to be able to use an economically reasonable tariff. Should a record label and/or a music publishing company be responsible, the user of the piece of music will be forced to enter into specific negotiations with this company.
Conclusion
Just as Luca Toni is puzzled by the offside traps set by his opponents, licensing music is not an easy business. One thing, however, applies for Luca Toni as well as for the user of music: If you stick to the rules, what you will get is a goal – or legal utilisation of music respectively.
The compliance of online offers with the statutory provision must be the top focus for German as well as foreign providers, despite the complexity of the various fields of law involved. The necessary rights should be obtained in advance, after consultation of a lawyer familiar with the trade. In our times, characterised by so-called “waves of cease-and-desist letters” and by companies systematically scanning the internet for infringements, there is the threat of painful damage claims for violations, in addition to the obligation to stop using the music due to cease-and-desist claims. On top of this, violations of copyrights may be subject to criminal prosecution.
It definitely is in the interest of the users to be able to use music without any restraints. However, it is essential to obtain a proper licence in order to also ensure musical diversity for the users. Luca Toni also is forced to live with the offside decisions against him – whilst still firmly targeting the goal-getter crown.
b) Threat to existence due to cease-and-desist letters – updates, continuous monitoring and legal consultation in cases of doubt regarding the content of the internet site will pay off2
Cost trap cease-and-desist letters
The risk of becoming the addressee of a cease-and-desist letter dangles above all internet providers like the sword of Damocles. The reasons for such cease-and-desist letters are varied and often are found in what seem to be bagatelles. A few thoughtless words in the notification on the user’s cancellation rights, in the general terms and conditions or the price information may lead to costs amounting to four or five-digit sums. The notification on the user’s cancellation rights is a particularly good example for the fact that even diligent businesses are not safe from cease-and-desist letters, as even the sample notification compiled and suggested up to now by the German Federal Ministry of Justice did not provide protection.
Cease-and-desist letters under competition law are always connected with the request to reimburse the costs for the assignment of a lawyer and may lead to surprisingly high court and lawyer’s fees for a legal dispute if the action is lost, as values for such disputes have been fixed at up to 30,000 Euros3. However, in the meantime there is a tendency in court decisions and legislation to take action against “mass cease-and-desist letters” issued by one provider, and against the collusive cooperation between a “cease-and-desist lawyer” and a company, because competition law is not meant to create a source of income for lawyers, but to provide competitors with means of taking action against the advantages obtained through infringements by their fellow competitors.
However, large and small providers on the internet must equally anticipate to be issued cease-and-desist letters which may make an expensive issue out of what seemed to be a minor carelessness. The old sample notification on the user’s cancellation rights, for instance, was objected to because according to its wording, the deadline for the issue of the cancellation declaration began “at the earliest upon receipt” of the notification instead of on the day “after receipt” of the notification. This risk is a serious burden for the internet economy in Germany; almost 50% of the online shops questioned in a study felt that their existence is threatened by the practice of cease-and-desist letters in Germany4.
New sample notification on cancellation rights
With the sample notification on cancellation rights, the legislator intended to provide a proper notification, upon the economy’s request, in order to make the wording of the notification easier for the companies, and at the same time to fulfil some statutory information obligations. However, this sample notification on cancellation rights has been criticised by the courts, so that even such businesses who had trusted in the validity of the sample notification received cease-and-desist letters. As a consequence of this criticism by the courts, a new sample notification on the user’s cancellation rights was compiled. Internet providers using the former sample text should modify the text correspondingly5. If the shop is re-designed, the new regulation, valid as of 1 Apr. 2008, should be implemented immediately, for all existing internet offers this should be implemented by 30 Sep. 2008 at the latest.
The new statutory regulation takes into consideration the criticism voiced by the courts up to now; however, there always is the danger that some judges may hold that the new sample notification text is not free of mistakes either. For the practice, what remains to be stated is that the wording of the sample notification still is long and clumsy. The ultimate aim, which is to inform the consumer in an easy and understandable way, can hardly be achieved by this. However, the new sample notification text will probably provide businesses with the highest possible level of protection against cease-and-desist letters.
General terms and conditions and distance sales law
Additional pitfalls are lurking in the general terms and conditions and in the compliance with the information obligations for distance sales contracts. For instance, a violation of the necessary precision of the general terms and conditions may already lie in the inclusion of the – often used – supplement “usually” when stating the delivery time6, and a reference to “insured shipment” may be considered to mislead the consumer7. Not all faulty clauses in general terms and conditions present a reason for a cease-and-desist letter; however, special attention is to be paid to the transparency of the wording, the price information and the compliance with the statutory provisions in the area of warranty rights8. Mistakes and inaccuracies in these areas may lead to the assumption of an anti-competitive advantage for the user of this clause, and thus allow the issue of a cease-and-desist letter.
Data protection – an underestimated duty?
The users’ interests in the protection of their data should not be underestimated, as can be seen from the angry reactions to the intended modification of the data protection regulations by StudiVZ around the turn of the year. The enthusiasm shown by the users when compiling their user profiles and filling them with content does not mean that they agree to their data being used for commercial advertising purposes.
Many internet providers regard the compliance with data protection regulations as a nuisance and negligible duty. However, in particular web 2.0 in all its forms of appearance shows that users readily and willingly disclose personal data, while they have some reservations against the utilisation of their data for commercial advertising. The statutory requirements and the extent of the users’ consent, however, are of substantial importance for the use of the customer data, in order to avoid costs for cease-and-desist letters, fines or even penalties under criminal law. Section 43 subsection 3 BDSG (Bundesdatenschutzgesetz – German Federal Data Protection Act), for instance even provides for a fine of up to 250,000 Euro, and section 44 BDSG provides for imprisonment of up to two years in case of an intentional violation of certain provisions of data protection law.
c) E-payment in Europe: Current technical and legal framework conditions9
”When I was young I thought that money was the most important thing in life; now that I am old I know that it is.”
Oscar Wilde
The basic requirements for payments of money have always been the same, and remain unchanged even now while the important flows of money only take place in the virtual world:
The wish to ensure safe payments and fast transactions.
While the virtual world promises independence of business transaction from time and place, the speed of payments with a sufficient level of security still had to be developed and had to be accepted by the users.
The new uniform European payment standard “Sepa” is meant to speed up money transfers in Europe in the future, however, it is not to be expected that the transferred sum will be credited in the same second. However, this is exactly what e-business requires, and what, prior to the introduction of alternative payment methods, could only be achieved through the use of credit cards. The reservations against the disclosure of the credit card number on the internet and the restricted access to credit cards due to the necessary credit worthiness still left a gap which was filled by the new payment methods such as PayPal, Giropay, Click & Buy or Moneybookers. Here, the transferred sum is credited immediately, also providing a minimum security standard with account and password authentication.
With PayPal, the payment system purchased by ebay, and the payment system Click & Buy used for a number of news magazines, a high level of market saturation and popularity of e-payment has already been achieved. However, some legal questions are yet to be clarified; new technical standards are required and additional regulations are expected, a small selection of which shall be described hereinafter.
EU Commission: User trust in e-payment in need of improvement
EU Commissioner Charly McCreevy recently declared on a study carried out on behalf of the Commission in 2007, that the EU Commission actively strives to keep the dangers due to fraud in cashless payment transactions at the lowest possible level, in the interest of the consumers as well as the financial service providers and credit institutions. According to the study, the users’ trust can still be improved, while significant directives, such as the Directive on the Prevention of Money Laundering (2005/60/EC) and the Directive on Payment Services (2007/64/EC) have either not been incorporated into national law, or this has only been done recently. The long-term success of these regulations and the spread of improvements among the users have therefore for the most part not yet been achieved.
New security standards for credit card transactions
The obligation to comply with new security standards for credit card transaction has developed without any pressure from Europe (PCI DSS – Payment Card Industry Data Security Standards).
This concerns regulations created directly by the leading credit card organisations, and which obligate all companies working with credit card transactions. This ensures additional security against system manipulation – in the interest both of the credit card institutions and of the customer.
In order to implement the regulations, it was made clear that the credit card institutions are entitled to impose severe penalties on their trading banks, while the dealers may be obligated to hold the banks harmless and bear any damages which may have been incurred. Contractual penalties of up to 500,000 US dollars per case of infringement are possible if data have been compromised due to the non-compliance with security standards. The most painful possible penalty would, however, be the discontinuance of acceptance of credit cards for the provider concerned.
For companies with more than 6 million credit card transactions per year, 30 September 2007 was the deadline for the implementation of the new PCI DSS. From January 2008 onwards, these compliance requirements also apply for companies with one to six million credit card transactions.
Framework with regard to supervisory law for e-money providers
A long-term cooperation with an e-payment provider in Germany is not only measured according to its business concept and solvency, but also according to the legal requirements. As the Bundesanstalt für Finanzdienstleistungsaufsicht (BaFin – Federal Financial Supervisory Authority) supervises among others the credit and financial services institutions and is authorised to close down their businesses if they do not have sufficient licences, the requirements set by this institution are decisive under the Kreditwesengesetz (German Banking Act).
As the requirements set by the BaFin, in particular for e-money institutions located in Germany, are very demanding, and the definition of the term “e-money“ by the BaFin is very narrow and restricted, this business form has hardly developed with German business locations and German banking permissions (the only known company is NCS mobile payment GmbH – Crandy).
The promising business areas already existing on a large-scale for e-money institutions thus are operated from other countries. With a registered location in one of the countries of the European Economic Area, the provider can extend the licence it holds there under the bank or finance supervision of its own country to the entire European Economic Area, with the help of the “European single passport”.
Applications for the “European single passport“ are filed with the supervisory authority in the respective country in which the company is based. The foreign supervisory authority informs the German BaFin of the intended commencement of activities of the e-money institution, whereupon BaFin will inform the institution within two months of some special regulations applicable in Germany which must be complied with; following this, business operations in Germany (e.g. via the internet) can be commenced.
With this regulations, less strict requirements set by other countries of the European Economic Area can be exploited to the advantage of the e-money institutions which are based in the European Economic Area and wish to do business in Germany without applying for a separate licence there.
The economically interesting German e-money market can thus be operated cross-border without the requirement of any large expenses. This means that there is an opening in the banking market, the possibilities of which have not yet been fully utilised.
Summary
The new e-payment methods can boast high growth rates and continuous new designs which require the implementation of further technical security standards and provide specific chances of a cross-border market from the legal point of view. However, legal security in detail does not exist so far, so that a specific risk analysis is necessary, from the point of view of supervisory law as well as with regard to the risks of money laundering. This not only applies to e-payment providers, but also to internet shops or service providers only looking to cooperate with an e-payment provider.
1The article „The utilisation of music on the internet – still a legal minefield“ was written by the Attorney-at-Law Marco Erler
2 The article an article „Threat to existence due to cease-and-desist letters – updates, continuous monitoring and legal consultation in cases of doubt regarding the content of the internet site will pay off“ was written by Attorney-at-Law Susanna Münstermann
3 compare OLG (Higher Regional Court) of Hamm, resolution dated 28.03.2007, ref. 4 W 19/07.
4 Poll by Trusted Shops GmbH, Shop-Abmahnungen im Internet, April 2007.
5 You will find the current version in Annex 2 to the Informationsverordnung zum Bürgerlichen Gesetzbuch (Information Decree to the Civil Code) under www.gesetze-im-internet.de.
6 KG (Regional Court) of Berlin, resolution dated 03.04.2007, ref. 5 W 73/07.
7 LG (Regional Court) of Hamburg, resolution dated 06.11.2007, ref. 315 O 888/07.
8 For instance, the hidden exclusion of sales to consumers is not legally valid (OLG of Hamm, judgement dated 28.02.2008, ref. 4 U 196/07), nor is the reference to third-party general terms and conditions (Landeslotteriegesellschaft) which also are meant to be included into the procurement contract (OLG of Celle, judgement dated 28.02.2008, ref. 13 U 195/07).
9 The article “E-Payment in Europe: Current technical and legal framework conditions”was written by Attorney-at-law Dr. MIchael Hettich
