The purpose of this chapter is to provide a brief overview of the legal framework that applies to Digital Rights Management (DRM) information and Technological Protection Measures at the EU level. For this reason, the relevant legal instruments are identified and briefly described, while at the same time, an effort has been made to identify the most important points of concern that arise from the interpretation and application of the law. The review concludes by reference to the ongoing discussion over DRM designs to best incorporate the requirements of the law into technological solutions
TopEu Copyright Law And Drm
Copyright Law is based on the right of the author or producer of a protected work to forbid unauthorized reproduction. In order to apply this principle in practice, one would have to formulate rules to define (a) what is a protected work, (b) who is the holder of the rights to this work; (c) what are, if any, the exceptions or limitations to those rights and (d) how to enforce those rights and/or exceptions. These rules are defined in law, creating a framework for rightholders to exploit their rights when making their works available to third parties and the public in general.
The larger the number or protected works; the wider their distribution and exploitation, the more vital becomes the need for an effective way for authors to manage their rights. In the world of internet, e-commerce, network effects and fast emerging new technologies, legislation often seems inadequate to deal with situations that arise faster than traditional law-making can cope with. This is most evident when considering Intellectual Property rights in the digital world.
Digital Rights Management (DRM) systems are currently the technical means used to facilitate management of rights.1 “The term DRM refers to the use of technology to describe and identify digital content protected by intellectual property rights, and which enforces usage rules set by rightholders or prescribed by law for digital content”.2 Digital rights refer to copyright and related rights in the digital environment, whereas digital content is works created, distributed and/or exploited digitally.
The above definition indicates the two main elements of DRM: (a) identification of protected digital content and (b) enforcement of usage rules. Identification is achieved by digitally marking the protected work so that anyone accessing or using it should be at any time aware of the proprietor of rights and the level of protection of that particular work. Enforcement is achieved technically by limiting the actual uses of a protected work by the rightful user, for example via encryption or watermarking.
The main legal instrument on the functioning and application of DRM technologies at EU level is the Copyright Directive3, which contains the legal provisions regarding protection of copyright and related rights in the information society and defines the European Commission’s policy in the area of Digital Rights Management. The Directive sets the principle goals and the level of protection that Member States must provide for in their national legal systems, yet it leaves Member States to decide on the exact implementing measures in order to achieve the result envisaged in the Directive.4
DRM technology, therefore, in Europe must apply and police the provisions of the Directive, safeguarding the rights of IP owners. Rightholders identified and protected in the Directive (authors, producers and/or broadcasting organizations) shall be uniquely identified when incorporating DRM technology into protected content; the ownership rights shall also be manifested via marking/registration. Further, the Copyright Directive spells out a number of exceptions to the rights of content owners. DRM technology should allow for certain uses, which the copyright owner must allow on the basis of the rights conferred to him by the Directive. As a result, legislation and its intended effect must be translated into the technological process that will safeguard the proper implementation of the rules. Assuming that this process has been completed in a fair and proportionate way, violation of the provisions of the law should not be possible without tampering with the DRM instrument.
In the digital world, legislation on rights and exceptions is not adequate to safeguard the interests of IP owners against damage incurred by unauthorized acts. Legislation must also allow for the protection of DRM instruments against circumvention and against the production and marketing of circumvention devices. The latter is an indispensable condition for the functioning of electronic commerce and for its acceptance among rightholders and commercial users or even for consumers alike.5 Using those technological measures to achieve control over the uses allowed by law, allows for direct and “real” compensation to content owners for every protected use. In other words, safeguarding business and financial rights of IP owners depends on achieving the technological challenge of enforcement.