E-Commerce Law Week, Issue 383

Dutch High Court Ruling is Music to the Ears of Copyright Owners and Defamation Plaintiffs
Over the last few years, courts around the world have been wrestling with the question of when Internet service providers (ISPs) may be forced to hand over subscriber information to private parties where the subscriber is alleged to have infringed a copyright, defamed someone, or done some other wrongful act.  On 25 November 2005, the Supreme Court of the Netherlands got into the act, upholding a lower court ruling that forced ISP Lycos to identify one of its subscribers to a Dutch stamp trader who claimed that the subscriber's website had defamed him.  The relatively low threshold set by the court for turning over data -- requiring that the plaintiff show merely that the subscriber's content "could be" unlawful -- could prompt music and other copyright owners, as well as alleged victims of defamation, to bring suits in the Netherlands to identify alleged infringers or defamers in order to seek damages from them.

Bank Regulators Issue "Compliance Guide" For GLBA Security Guidelines
The regulations that implement the Gramm-Leach-Bliley Act (GLBA) require financial institutions to, among other things, secure their customers’ information by establishing "administrative, technical, and physical safeguards."  But just what, exactly, does this entail?  To help answer that question, the major federal bank regulators released on December 14 a "Small-Entity Compliance Guide" for their Interagency Guidelines Establishing Information Security Standards ("Security Guidelines").  (Despite its name, the Compliance Guide is written not just for small entities, but for all financial institutions covered by the GLBA.)  Though not really providing any new information, the Compliance Guide "summarizes the obligations of financial institutions to protect customer information and illustrates how certain provisions of the Security Guidelines apply to specific situations."  In addition to defining several "important terms" used in the Security Guidelines, the Compliance Guide contains tips on implementing an "information security program," designing security controls, and overseeing service providers.  Since the Federal Trade Commission's (FTC) enforcement actions under the "unfair practices" prong of the FTC Act have largely tracked the GLBA security guidelines, all companies -- not just financial institutions -- should pay heed to the Compliance Guide.

European Internet Content Regulation May Cross Some Frontiers
On December 13, the European Commission introduced a proposal to update the EU "Television Without Frontiers" Directive for the Internet era.  The proposed legislation would require EU member states to regulate content delivered over the Internet.  But the initial good news seems to be that the Commission has recognized that the Internet, in contrast to traditional broadcasting, is truly a medium without frontiers.  The Television Without Frontiers Directive was adopted in 1989, and updated in 1997, to regulate EU broadcast television services.  Most controversially, the Directive mandates that  EU member states require television broadcasters to reserve a majority of their transmission time (excluding time for news, sports events, games, advertising, teletext services and teleshopping) for "European works":  television programs originating in the EU and certain other European countries.  So television "without" frontiers under the Directive means no frontiers within Europe (which of course is the goal of European integration), but some pretty significant barriers against works produced elsewhere (including of course those originating from the dominant US entertainment industry).

Questions and comments about E-Commerce Law Week are always welcome.  Please send your feedback to Sally Albertazzie.