The U.S. Copyright Office has imposed new requirements on service providers in order to maintain safe harbor protection under the Digital Millennium Copyright Act (“DMCA”).  Service providers who don’t meet these requirements will lose the safe harbor protections afforded by the DMCA.  The deadline to comply with these requirements is December 31, 2017.

DMCA and the Safe Harbor

The DMCA was enacted by U.S. Congress in October 1998 with the purpose of addressing certain intellectual property issues in the wake of the Internet.  Among the DMCA’s key provisions is “safe harbor” protection, designed to shield companies from liability for infringement due to content posted by a user on the company’s website, provided that the company qualifies as a “service provider.

Continue Reading Regulatory Changes Affecting All “Service Providers” – 12/31/17 Deadline

This past Friday, the European Commission (“the Commission”) issued guidance addressing transatlantic data transfers after the European Court of Justice (“ECJ”) decision in the Schrems case. As we noted in an earlier post, the ECJ Schrems decision invalidated the U.S.-EU Safe Harbor framework, the mechanism that enabled self-certifying corporations to transfer personal data from

This week, largely driven by concerns over indiscriminate U.S. surveillance of EU citizen data, the Court of Justice of the European Commission (ECJ) invalidated the 15-year-old U.S.-EU Safe Harbor framework in Maximillian Schrems v Data Protection Commissioner.  The Court found that each EU Member State has the right to determine for itself whether a data transfer provides an adequate level of protection and thus whether data about their citizens can be transferred to the U.S.

In short, the ECJ determined that:

  1. The U.S.-EU Safe Harbor framework is invalid because:
    • The U.S.-EU Safe Harbor framework enables the U.S. government and other public authorities to broadly access EU citizens’ data;
    • Those EU citizens lack legal remedies to seek access to their data obtained in this manner or to obtain the rectification or erasure of such data; and
    • These deficiencies do not provide a level of protection of fundamental rights that are equivalent to those guaranteed within the EU.
  2. National data protection authorities (DPAs) have the power to investigate the transfer of data to a non-EU country to determine whether there is “adequate protection,” even if the data transfer at issue is subject to a company’s safe harbor certification.


Continue Reading Snowden Aftershocks: High Court Invalidates U.S.-EU Safe Harbor