The Digital Millennium Copyright Act (“DMCA”) is an amendment to the U.S. Copyright Act (i.e., the federal copyright law) signed into effect in October 1998 that, among other things, provides certain limitations on the liability of online service providers (“Provider(s)”) for acts of copyright infringement by third parties.
The DMCA actually contains two types of liability limitations:
The first (Section 512(d)) protects a Provider that unknowingly provides a link to infringing copyrighted material located on another site.
The second (Section 512(c)) , which we discuss in more detail here, limits the liability of Providers that store copyrighted materials on a system or network they control or operate if (among other things), (i) such storage was directed by a third-party user, (ii) the service provider has designated an agent (also referred to as a “take-down agent”) to receive notifications of claimed infringement, and (iii) the service provider has both registered the agent’s contact information with the U.S. Copyright Office and publicly provided such information on its website.
It is important to note that, because the DMCA protects against claims of copyright infringement and not other types of wrongdoing, it will not help against claims of infringement concerning trademarks or service marks, stolen trade secrets, or other types of intellectual property. The DMCA is also not relevant to claims of defamation, although a Provider may have protection for defamatory statements made by third parties under Section 230 of the Communications Decency Act.
The DMCA Safe Harbor
The DMCA is a “safe-harbor” is an exception to the general rule that a Provider is liable for acts of infringement committed by its users. Because the DMCA is intended to protect Providers from inadvertent infringement by third parties, it will not help in a situation where the Provider itself is accused of infringement (i.e., where the Provider posts infringing copyrighted content), or where the Provider knows content it hosts infringes a copyright.
Because the DMCA can be an absolute defense to liability for copyright infringement by a third party, registering a take-down agent may even prevent someone from suing the Provider for infringement in the first place.
Online Service Providers
In essence, you qualify as a Provider and are eligible for protection under the DMCA if you operate, manage or host a website, blog, mobile app, social media platform, portal, game, or other digital service that allows users (aka third parties) to upload or post content. That can include the following activities:
- Allowing users to post comments or review, or respond to discussion threads
- Allowing users to upload media, such as pictures, .gifs, videos or audio files
The above is true because the definition of “infringe” or “infringement” is very broad and captures many activities. For example, if your site allows users to submit a thumbnail sized avatar in connection with the user’s comment and the user chooses an image that infringes a third-party’s copyright, you can be liable. Knowledge or intent are not relevant for purposes of liability for infringement under the copyright law; so, you can be held responsible for copyright infringement even if you have no idea these activities are going on (and, if you have not registered a DMCA agent, even if you take down the offending material immediately after being notified!).
How to Benefit from the DMCA Safe Harbor Provisions
In order to enjoy the benefits of the safe-harbor provisions, a Provider must comply with a few administrative requirements:
- Designate a copyright take-down agent to receive DMCA takedown notices.
In order to designate an agent, a Provider must create an account, provide some basic information (the Provider’s legal name, alternatives names for the Provider, the name or title of the Provider’s agent designated to receive infringement claim notices, and related contact information) and pay a filing fee (currently $6 to designate an agent, or amend or resubmit a designation, for an unlimited number of alternative names, websites, etc. for the Provider). The U.S. Copyright Office maintains an official list of designated agents, which allows a person who believes his or her work is being infringed to quickly send a takedown notice.
- Adopt a copyright infringement policy and notify site users.
The Provider must publish a statement on its website to provide notice to the site users of its copyright infringement policies, the consequences of repeated infringing activity, and advising users of the takedown agent’s contact information. Many people include a DMCA policy in their terms of service, but it may also be placed in a separate document.
- Watch for and properly comply with any notice of claimed infringement received.
A person claiming infringement must provide the Provider a written notice that substantially meets the following requirements:
- A detailed description of the copyrighted work(s) allegedly being infringed;
- A description (such as the subdomain link) of the location on the site where the allegedly infringing content appears reasonably sufficient to permit the Provider to locate the material;
- The claimant’s contact information, including name, address, telephone number, and, if available, email address;
- A statement that the claimant has a good faith belief that the allegedly infringing use is not authorized by the claimant as the copyright owner, by the claimant’s agent, or by law;
- A statement affirming that, under penalty of perjury, the information in the notice is accurate and that the claimant is, or is authorized to act on behalf of, the copyright owner; and
- A physical or electronic signature of the copyright owner or someone authorized on the owner’s behalf to assert infringement of copyright and to submit the statement.
Remember that the DMCA protects only against copyright infringement, not against other types of accused wrongdoing. Therefore, a Provider must be careful to make sure any notice it receives alleges a copyright infringement and not some other type of wrong doing.
Also note that not all cease and desist letters or takedown notices will be proper, and a Provider is not under a legal obligation to comply with notices that do not substantially meet the above requirements.
If a takedown notice does not meet the requirements, a Provider should respond to the party who submitted the takedown notice, state that the notice does not comply with the DMCA requirements, and inform the complainant that he may resubmit a takedown notice that substantially complies with the DMCA requirements.
If a takedown notice does meet the requirements, a Provider should promptly:
- remove or disable access to the material that is claimed to be infringing;
- notify the complainant that the material has been removed; and
- notify the allegedly infringing party that the material has been removed so that he may file a counter-notice.
Often, a potentially offending user will not file a counter-notice, but if he or she does, a proper counter-notice must contain substantially the following information:
- The alleged infringer’s name, address, phone number
- Identification of the material and its location before removal
- A statement under penalty of perjury that the material was removed by mistake or misidentification
- The alleged infringer’s consent to local federal court jurisdiction, or if overseas, to an appropriate judicial body
- A physical or electronic signature of the alleged infringer
If the counter-notice meets these specifications, the Provider should forward the counter-notice to the person who claimed infringement. That person must then file a lawsuit within 10 business days of the Provider’s notice to the complainant of the counter-notice; otherwise, the Provider should reinstate the disputed material within 10-14 business days after sending the counter-notice to the complainant.
While there is no requirement under the DMCA for a Provider to remove any material(s), the receipt of a valid takedown notice acts to give the Provider notice of the allegedly infringing activity, and therefore ineligible for limited liability. The Provider may then face liability for continuing to host the material.
Consult a qualified attorney if you are unsure of what the notice or demand letter is alleging or if you have questions about whether you must comply with a takedown notice or how you should comply with the takedown notice.
I didn’t register a DMCA takedown agent and now someone has filed a copyright infringement lawsuit against me. Am I out of luck?
In order to benefit from the safe harbor protections, a Provider must register a DMCA agent prior to an allegation of infringement which it wishes to defeat with the registration.
Even if a Provider has not registered a DMCA agent, it may still be able to defend against a claim on the merits of the alleged infringement. For example, if the amount of supposedly infringing material is small or is posted in a way meant to be educational and includes a citation for the material, you may have a defense under the fair use doctrine (although a fair use defense may not apply depending on the facts of each particular situation). Some cases also indicate that a defense may exist by asserting that infringing third-party posts are simply not the responsibility of the Provider. However, if a Provider has not registered under the DMCA, it will not be able to claim that it was unaware of the infringing activity or that it quickly removed the offending material.