Copyright regulator tightens grip on cloud storage

Article 4 contains a safe harbor provision that requires the ISPs [internet service providers] to have a clear marking on their homepage to show how a copyright owner can complain about an infringement, to accept and respond to a complaint in a timely manner and to remove the infringing material within 24 hours.

“The regulations benefit copyright owners in that the new tools may be relied upon for enforcement,” said George Chan, head of Simmons & Simmons' Beijing IP Agency. “The uptake of cloud computing will only increase. However, it is interesting to see how the government has decided to adopt this initiative at such an early stage,” he said.

Taking voluntary action

“This is the first piece of legislation that requires ISPs to actively seek out infringing content,” said Pinsent Masons Hong Kong partner Peter Bullock.

The Circular is part of a broader initiative – the Sword Net 2015 – that aims to fight online piracy. It goes further than existing regulations and parallels the overall crackdown on counterfeit goods, but ISPs may find the task of voluntarily policing the content stored in their cloud networks a costly burden.

“Complying with the safe harbor requirements is relatively simple as it's a matter of handling each request, but tackling a very long list of infringing material they have to actively take down themselves will be a challenge,” said Fang Qi of Fangda Partners in Beijing. It's a necessary legal risk every service provider will has to live with, he said.

Bullock added that “It's a big shift but the government recognizes these ISPs are the biggest players and the ones making the money and with the technical capability, so it expects them to help with the fight.”

But having employees actively scour through thousands of terabytes (TB) of individual files would be impractical and determining which specific items are copyrighted can be difficult.

Baidu Cloud began offering users 2TB of free permanent storage in August 2013, when the cloud storage war began in China. Tencent Weiyun currently offers 1TB – it briefly offered 10TB but no longer does – and Qihoo 360's Yunpan is said to offer a whopping 36TB at no charge. The country's free cloud storage services previously focused on a capacity of 15GB before competition heated up. (In comparison, Google Drive still starts users with 15GB, as does Microsoft's OneDrive, while a free basic DropBox account comes with 2GB. They all have payment and upgrade plans, and are unavailable in China.)

“These service providers will likely have to devise a system that is scalable and can be automated – especially with the rapid growth in cloud computing,” said Simmons & Simmons' Chan. “They will have to look at items that can be easily tracked, such as usage patterns of cloud sites and accounts, irregular uploading and downloading, or how many users are accessing the content and file sizes,” he said.

Samuel Yang, senior associate at DLA Piper in Beijing, said some ISPs have found a way around safe harbor rules in the past, but the Circular helps to prevent them from working through such loopholes.

Data privacy risks?

Practitioners noted that the Circular reflects an “interventionist” and “aggressive” approach to regulating cloud storage. “It may yet impose a greater level of obligation on these service providers than regular ISPs,” said Qi of Fangda Partners.

Article 11 states that the NCA will strengthen its supervision over cloud services and investigate and deal with violations in accordance with the PRC Copyright Law.

Some speculate that the Circular could serve multiple interests, as cloud computing involves a massive amount of user data. Article 8 requires the ISPs to strengthen user management and monitor abnormal traffic. Article 9 requires them to keep records of users' names, account numbers, site addresses, contact details and other registration information.

One lawyer highlighted that it is possible that privacy will be compromised, so users should think twice before uploading sensitive or private information.

Compared with online activity in the U.S., for example, where using pseudonyms or aliases is not uncommon, and in Germany, where there is a law that permits users to be anonymous, “Regulations in China do require internet users to give full details of their identity when using any services, and service providers are indeed required to check,” said Pinsent Masons' Bullock.

“This will potentially have a chilling effect on users sharing copyright material, knowing that their details are being handed to the government,” he said.

By Katherine Jo

China has strengthened regulation against piracy in cloud storage by requiring service providers to actively look for and remove copyright-infringing material on their networks.

The Circular on Regulating Copyright Order in Cloud Storage Services (国家版权局关于规范网盘服务版权秩序的通知) (Circular) was issued by the National Copyright Administration (NCA) on October 20 2015, following a meeting the previous week attended by the country's leading online data hosts including Baidu, Qihoo360, Tencent and Huawei.

Baidu's cloud service, yun.baidu.com (“yun” means “cloud” in Chinese), is most popularly used in China, followed by Qihoo 360's yunpan.360.cn. Other services include Tencent's weiyun.com, Alibaba's aliyun.com and Huawei's hwclouds.com.

The Circular orders them to prevent users from uploading, storing or sharing copyright-infringing content including music and videos, and to punish offenders by blacklisting, suspending or terminating them.

Article 4 contains a safe harbor provision that requires the ISPs [internet service providers] to have a clear marking on their homepage to show how a copyright owner can complain about an infringement, to accept and respond to a complaint in a timely manner and to remove the infringing material within 24 hours.

“The regulations benefit copyright owners in that the new tools may be relied upon for enforcement,” said George Chan, head of Simmons & Simmons' Beijing IP Agency. “The uptake of cloud computing will only increase. However, it is interesting to see how the government has decided to adopt this initiative at such an early stage,” he said.

Taking voluntary action

“This is the first piece of legislation that requires ISPs to actively seek out infringing content,” said Pinsent Masons Hong Kong partner Peter Bullock.

The Circular is part of a broader initiative – the Sword Net 2015 – that aims to fight online piracy. It goes further than existing regulations and parallels the overall crackdown on counterfeit goods, but ISPs may find the task of voluntarily policing the content stored in their cloud networks a costly burden.

“Complying with the safe harbor requirements is relatively simple as it's a matter of handling each request, but tackling a very long list of infringing material they have to actively take down themselves will be a challenge,” said Fang Qi of Fangda Partners in Beijing. It's a necessary legal risk every service provider will has to live with, he said.

Bullock added that “It's a big shift but the government recognizes these ISPs are the biggest players and the ones making the money and with the technical capability, so it expects them to help with the fight.”

But having employees actively scour through thousands of terabytes (TB) of individual files would be impractical and determining which specific items are copyrighted can be difficult.

Baidu Cloud began offering users 2TB of free permanent storage in August 2013, when the cloud storage war began in China. Tencent Weiyun currently offers 1TB – it briefly offered 10TB but no longer does – and Qihoo 360's Yunpan is said to offer a whopping 36TB at no charge. The country's free cloud storage services previously focused on a capacity of 15GB before competition heated up. (In comparison, Google Drive still starts users with 15GB, as does Microsoft's OneDrive, while a free basic DropBox account comes with 2GB. They all have payment and upgrade plans, and are unavailable in China.)

“These service providers will likely have to devise a system that is scalable and can be automated – especially with the rapid growth in cloud computing,” said Simmons & Simmons' Chan. “They will have to look at items that can be easily tracked, such as usage patterns of cloud sites and accounts, irregular uploading and downloading, or how many users are accessing the content and file sizes,” he said.

Samuel Yang, senior associate at DLA Piper in Beijing, said some ISPs have found a way around safe harbor rules in the past, but the Circular helps to prevent them from working through such loopholes.

Data privacy risks?

Practitioners noted that the Circular reflects an “interventionist” and “aggressive” approach to regulating cloud storage. “It may yet impose a greater level of obligation on these service providers than regular ISPs,” said Qi of Fangda Partners.

Article 11 states that the NCA will strengthen its supervision over cloud services and investigate and deal with violations in accordance with the PRC Copyright Law.

Some speculate that the Circular could serve multiple interests, as cloud computing involves a massive amount of user data. Article 8 requires the ISPs to strengthen user management and monitor abnormal traffic. Article 9 requires them to keep records of users' names, account numbers, site addresses, contact details and other registration information.

One lawyer highlighted that it is possible that privacy will be compromised, so users should think twice before uploading sensitive or private information.

Compared with online activity in the U.S., for example, where using pseudonyms or aliases is not uncommon, and in Germany, where there is a law that permits users to be anonymous, “Regulations in China do require internet users to give full details of their identity when using any services, and service providers are indeed required to check,” said Pinsent Masons' Bullock.

“This will potentially have a chilling effect on users sharing copyright material, knowing that their details are being handed to the government,” he said.

By Katherine Jo