So Far, So Good? The DMCA Safe Harbors at Twenty


Next month marks the 20th anniversary of an important milestone in new media history with the enactment of the Digital Millennium Copyright Act (DMCA). Signed into law on October 28, 1998, the DMCA was the federal government’s attempt to bring copyright law into the digital age. While several of its provisions drew sharp criticism (and still do), its safe harbors were welcomed by media companies, traditional and new alike, seeking reprieve from the ever-growing allegations of infringement that limited their expansion into the burgeoning internet medium. But the internet of 1998 is not the internet of today. And for many, it does not seem like the safe harbors have stood the test of time.

Internet of Things Part 3: How Your Smart Toothbrush Is An Idea Worth Protecting
Within each new IoT device lives some type of intellectual property.

First, a little background: The DMCA safe harbors afford website operators, ISPs, and other service providers near complete immunity from certain copyright violations inherent in the functions and realities of the Internet, provided that certain preconditions are satisfied. The safe harbor for an end user’s publication of infringing material on a service provider’s platform is noteworthy given the high volume of user-generated content on the web. It gives copyright owners a prescribed means for notifying service providers about specific instances of infringement and requiring a takedown of the content at issue. It also gives end users an opportunity to respond to a takedown and have their content restored. If an eligible service provider complies with these requests, then it will avoid liability for the infringement.

While not perfect, the safe harbor’s notice-and-takedown system helped enable free expression online by relieving service providers from the impossible task of having to police all of the content of all of their users. User-generated content and the online platforms on which that content is published – from juggernauts like YouTube and Facebook to small business and individual websites and apps – could not exist in their current form without the safe harbors.

Fast forward 20 years, however, and service providers are still struggling with compliance – not for lack of trying, but for vagueness in the rules. For instance, the user-generated content safe harbor imposes a number of conditions for eligibility, such as reasonably implementing a “repeat infringer” policy; designating an agent to receive notices of claimed infringement; registering that agent’s designation with the Copyright Office; and “expeditiously” removing or disabling access to content that is the subject of a notice of claimed infringement. While these requirements may seem straightforward, the devil is in the details; and Congress has left those details for the courts to decide at a frustratingly slow pace.

While these requirements may seem straightforward, the devil is in the details; and Congress has left those details for the courts to decide at a frustratingly slow pace.

Take for example the standard for determining whether a user is a “repeat infringer.” When is a user deemed a “repeat infringer?” How many infractions must there be? And what if those infractions are misunderstandings by someone who legitimately believed there was a legal excuse to infringe, such as fair use? After years of litigation, no set number or clear definition has emerged; and courts have seemed to duck the issue.

What it means for a service provider to “expeditiously” respond to a takedown notice is another unresolved issue. Twenty years later, there is still no consensus about the appropriate time period, leaving service providers to fend off unreasonable expectations, and jeopardizing their valuable safe harbor protections. Even rules of thumb like “within 24 hours” are troublesome because they vary depending on who you speak to, and the circumstances of a particular case may necessitate additional time. This leads only to more uncertainty and disputes over a fundamental condition of protection.

Under the notice-and-takedown system, service providers do not have an obligation to evaluate whether the target of a takedown notice is actually an infringement; and are instead deterred from doing so because they run the risk of losing protection by delaying the takedown or getting the infringement analysis wrong. This means that a portion of user-generated content that is fair use or otherwise permissible under the law will be taken down, thereby stifling free expression. It was not until 2016 that a federal appellate court concluded that a copyright owner must consider fair use before sending a takedown notice – and that was in the context of a dispute between a copyright owner and an end user, and not a service provider. See Lenz v. Universal Music Corp., 815 F.3d 1145, 1152 (9th Cir. 2016).

Undeniably, the internet, with all its uses and applications that we have come to enjoy (or detest), would not be what it is today without the DMCA safe harbors. But 20 years have exposed areas ripe for improvement and clarification. Whether Congress will amend the statute, with a modern understanding of the potential and importance of the medium, or leave interpretation to the courts, is uncertain. Let’s just hope it does not take another 20 years.


Meet Emilio

Entertainment and intellectual property law partner Emilio B. Nicolas is an experienced content and information attorney. His practice includes entertainment, media, technology, and intellectual property litigation and transactional work, with a particular emphasis on copyright, trademark, and privacy law. When Emilio is not advocating for his clients and their intellectual property and business rights in court, he is representing and counseling his clients on intellectual property and media rights management, clearance, and licensing matters, entertainment and media industry transactions, and internet privacy and compliance matters.