New restrictions on intellectual property transfers outside South Africa

Nokia Lumia launch-46

Michalsons Attorneys recently pointed out that the Currency and Exchanges Act was recently expanded to address intellectual property transfers outside of South Africa. The Act, through its regulations, requires any person wishing to export “capital” or any “right to capital” from South Africa requires permission from the South African Reserve Bank. Until recently, the definition “capital” did not include intellectual property (and this was confirmed in a recent Supreme Court of Appeal judgment).

The President amended the regulations in terms of this Act in June 2012 and altered the definition of “capital” to include intellectual property and expanded the scope of “export” to include a “transfer” of any intellectual property outside South Africa. Individual property can be transferred in 2 ways: licensing or assignment. Assignment is a complete transfer from one party to another. When intellectual property is assigned from one party to another party, the party receiving the intellectual property generally becomes the new owner of that intellectual property and the only party that can exploit that intellectual property. The party that assigned that intellectual property in the first place gives up the rights to exploit that intellectual property altogether.

On the other hand, licensing intellectual property means giving another party permission to exercise certain of the rights the licensor (often the intellectual property owner or someone who has already obtained a licence which includes the ability to sublicense the intellectual property to another party) has in that intellectual property. An example of this is where a content license grants a licensee permission to make a copy of the content. When licensing intellectual property, the licensor usually retains the original rights in the intellectual property and merely extends some of his or her permissions to the licensee. Unlike with assignment, the licensor generally retains the ability to exercise the rights granted (although this depends on the specifics of the license) along with the licensee.

As an aside, we often come across digital agencies that assign their copyright ownership to clients without thinking twice and not realising that doing this means they can’t exercise the rights they may need to sustain licenses they have granted already to the content they have handed over (which has contractual implications for the agency given that they are now technically incapable of performing that obligation of licensing the content) and that they can’t build on that intellectual property going forward. In these sorts of situations, an appropriately drafted license is often far more suitable, even if it is fairly broad.

While the term “transfer” almost certainly covers intellectual property assignment, it is not clear whether it includes licensing. If it does, it probably doesn’t cover non-exclusive licensing (Michalsons apparently spoke to a South African Revenue Service representative who advised that licensing is not included – I wonder if the “SARS” reference in the Michalsons post shouldn’t be a reference to the South African Reserve Bank, though) but even if it is included, non-exclusive licenses shouldn’t be included in that restriction (including non-exclusive licenses would be highly problematic and would lead to a deluge of requests to the SARB to permit a range of licenses that are on virtually every website and service with a decent set of terms and conditions). Unfortunately the regulations appear unclear.

What does appear clear is that any content owner intent on assigning the rights in that content to a party outside South Africa will have to factor in the requirement for the SARB’s consent into its agreements (companies would, for example, have to include conditions in their agreements making the agreements conditional on this consent being obtained from the SARB). This would, specifically, pose fairly serious challenges to local companies that transact with foreign companies that requirement intellectual property assignments to them in their agreements and it may be far more viable to explore licensing arrangements if the word “transfer” in the amended regulations doesn’t include licenses.

This change to the regulations adds to an already complex regulatory overhead that companies bear, especially for businesses which rely on their intellectual property as core aspects of their offerings. It also means that companies must be far more careful about how their intellectual property is made available to clients and providers and avoid assignments unless they are absolutely necessary.

What Dropbox’s revised Terms of Service mean for you

Esuslogo101409

When Dropbox amended its Terms of Service it sparked a controversy about the popular file sharing and cloud-based storage service’s apparent user content grab. As with virtually all controversies about expanded content licensing provisions, many users feared Dropbox was claiming ownership of their content. This is not correct at all but the amended license provisions are cause for concern for a number of other reasons.

The clause which sparked the controversy was amended between the time the new Terms of Service first went up and about a day later when Dropbox clarified its position after receiving quite a bit of feedback from users. The introduction to the Terms of Service (with defined terms) and the current licensing provisions are as follows:

Dropbox Terms of Service

Thank you for using Dropbox! These terms of service (the “Terms”) govern your access to and use of Dropbox (“we” or “our”) websites and services (the “Services”), so please carefully read them before using the Services.

By using the Services you agree to be bound by these Terms. If you are using the Services on behalf of an organization, you are agreeing to these Terms for that organization and promising that you have the authority to bind that organization to these terms. In that case, “you” and “your” will refer to that organization.

You may use the Services only in compliance with these Terms. You may use the Services only if you have the power to form a contract with Dropbox and are not barred under any applicable laws from doing so. The Services may continue to change over time as we refine and add more features. We may stop, suspend, or modify the Services at any time without prior notice to you. We may also remove any content from our Services at our discretion.

The starting point is that you agree to these Terms of Service by using the Dropbox service. This is a common provision in Terms of Service. You very rarely have a workable model involving users actually signing a piece of paper or negotiating terms and conditions for their access to the service. That sort of thing becomes almost impossible to manage satisfactorily if you are negotiating on an individual basis with large groups of users and retain a hope of providing a consistent service. This clause typically ties into another clause that allows the service to make changes to the Terms of Service which you agree to by continuing to make use of the service.

Not only do you bind yourself but if you are using Dropbox in an organisation then you are also representing to Dropbox that you have the necessary authority to bind the organisation too. That can be quite a leap to take so if your organisation makes use of Dropbox (there are business packages) then you really should make sure that someone who does have authority to bind the organisation has read the Terms of Service and is comfortable binding the company. This may sound a little silly but there are legal principles dealing with principals and agents which would come into play here.

Your Stuff & Your Privacy

By using our Services you may give us access to your information, files, and folders (together, “your stuff”). You retain ownership to your stuff. You are also solely responsible for your conduct, the content of your files and folders, and your communications with others while using the Services.

We sometimes need your permission to do what you ask us to do with your stuff (for example, hosting, making public, or sharing your files). By submitting your stuff to the Services, you grant us (and those we work with to provide the Services) worldwide, non-exclusive, royalty-free, sublicenseable rights to use, copy, distribute, prepare derivative works (such as translations or format conversions) of, perform, or publicly display that stuff to the extent reasonably necessary for the Service. This license is solely to enable us to technically administer, display, and operate the Services. You must ensure you have the rights you need to grant us that permission.

How we use your stuff is also governed by the Dropbox Privacy Policy, which you acknowledge. You acknowledge that Dropbox has no obligation to monitor any information on the Services, even though we may do so. We are not responsible for the accuracy, completeness, appropriateness, or legality of files, user posts, or any other information you may be able to access using the Services. We may disclose information about your account or your stuff to law enforcement officials as outlined in our Privacy Policy.

This clause contains the controversial licensing provisions. Like virtually any Web-based service you are required to grant the service a fairly broad license to enable it to render the service. The reason for this is that copyright law grants copyright owners (often the users) exclusive rights over their content. These rights are often the rights a service like Dropbox needs to exercise just to be able to receive your content and manipulate it as part of the service. A license is a set of permissions which enables Dropbox to do this. The big question is whether the license Dropbox takes goes further than is necessary (the Twitpic terms are a good example of terms which really go too far).

In the case of Dropbox’s Terms of Service the terms were clarified to emphasize the following:

This license is solely to enable us to technically administer, display, and operate the Services.

That said, there are a couple aspects of the license which leave it somewhat open to interpretation and abuse. For starters you grant the license to Dropbox as well as “those we work with to provide the Services”. The problem is that Dropbox doesn’t clarify who “those we work with” are. Given that those people, whoever they are, are also granted a “worldwide, non-exclusive, royalty-free, sublicenseable rights to use, copy, distribute, prepare derivative works (such as translations or format conversions) of, perform, or publicly display that stuff” is a concern, even if they too are granted the license “to the extent reasonably necessary for the Service” (whatever form that may take over time).

One of the key sentences in the license which potentially places a number of users immediately in breach of the Terms of Service is the following:

You must ensure you have the rights you need to grant us that permission.

This sentence is a statement of one of the fundamentals of content licensing, namely that you can only pass the rights you have. What this means in the context of the license itself is that users have to ensure that any licenses they have over “stuff” they store in Dropbox must have all the following license elements:

  1. worldwide;
  2. non-exclusive;
  3. royalty-free;
  4. sublicenseable rights to use, copy, distribute, prepare derivative works of, perform or publicly display.

This might seem like mumbo jumbo but some content may only be available under licenses which are more restrictive that the license in the Dropbox Terms of Service. The licenses over that content may be personal, incapable of being sub-licensed or even be exclusive to the user concerned. What this means is that the content the user stores in Dropbox and which is subject to a more restrictive license than the Dropbox license requires lack “the rights you need to grant us that permission”. That means the user is in breach of the Terms of Service. Consider the “stuff” you store in Dropbox and ask yourself if you are sufficiently familiar with the licenses which may apply to that “stuff” to be able to give Dropbox the permissions it demands in its Terms of Service. If some of that stuff includes downloaded music, photographs subject to someone else’s copyright or even ebooks and other documents then the odds are that that “stuff” should not be stored in Dropbox.

On the privacy side, one of the big concerns is the revelation that Dropbox not only has the decryption keys for your encrypted data uploaded directly to Dropbox (I understand that the service encrypts uploads to keep them secure) but that it will decrypt data should law enforcement officials demand it with the appropriate authority. The privacy policy includes the following provision:

Compliance with Laws and Law Enforcement Requests; Protection of Dropbox’s Rights. We may disclose to parties outside Dropbox files stored in your Dropbox and information about you that we collect when we have a good faith belief that disclosure is reasonably necessary to (a) comply with a law, regulation or compulsory legal request; (b) protect the safety of any person from death or serious bodily injury; (c) prevent fraud or abuse of Dropbox or its users; or (d) to protect Dropbox’s property rights. If we provide your Dropbox files to a law enforcement agency as set forth above, we will remove Dropbox’s encryption from the files before providing them to law enforcement. However, Dropbox will not be able to decrypt any files that you encrypted prior to storing them on Dropbox.

This seems to be something Dropbox would be required to do if access to encrypted data was required by law enforcement so if security is a priority for you, I believe a solution is to encrypt the data on your drive before it is uploaded so Dropbox receives encrypted data from the start which it then applies its own encryption to. If Dropbox has to remove its own encryption, your original encryption should protect your data. I stand to be corrected about the mechanics here though.

What was perhaps most noteworthy about this controversy is how transparent the Dropbox team has been and its willingness to engage with its users and respond to their feedback. While its transparency doesn’t detract from the issues in its Terms of Service and Privacy Policy, it does indicate the team is willing to discuss its users’ concerns and possibly even address them.

Update: There are a number of terrific posts about the Dropbox Terms of Service. Here are two which came highly recommended in my Google+ stream in the last day or two: