Blog - Page 4 of 8 - WP AND LEGAL STUFF

Latest Posts

Selling themes yourself and on ThemeForest but with inconsistent licensing

Published by Richard Best

With apologies for the radio silence for the last 5-6 months (for a while there life was just too hectic), I’m finally getting around to revving up WP and Legal Stuff again.

This post will be pretty brief but addresses a phenomenon I’ve seen from time to time across the WordPress theme shop community.

Here’s the scenario: you find a WordPress theme you really like on a theme shop’s website but, when you look at the licensing for the theme, it either limits what you can do with the theme or it’s a confusing conglomeration of terms that appear to have been plucked from an array of different sites and mashed together in the hope it’ll fly. Perhaps I’m in the minority, but I’ve deliberately not bought themes from theme shops like this because the lack of attention to clear licensing doesn’t give me much confidence in the overall soundness of the business, its attention to detail and its customer centricity (or lack of it).

But lo and behold, later you discover that this very same theme shop is selling its themes on ThemeForest and (to its credit) has selected the 100% GPL option!

For theme purchasers keen on liberal licensing that doesn’t purport to restrict their usage of the themes they purchase, this ought to mean they’ll opt for purchasing from ThemeForest over purchasing from the theme shop’s own site. But hang on. This means ThemeForest will earn a commission from a theme sale that it wouldn’t have earned had the theme been purchased from the theme shop’s own site.

So what does all this mean? Well, it means two things. First, theme shops that do this either don’t understand licensing very well (or have used a lawyer who doesn’t understand it very well) or don’t really care about it. In either case, they don’t make the effort to make the licensing of their themes on their own sites and on ThemeForest consistent. That’s potentially confusing, if not irritating, for purchasing customers (or at least those who care about the licences that govern the use of the themes they purchase). Second, theme shops that do this potentially shoot themselves in the foot, from a revenue perspective, because in many cases they’ll get less if the theme is sold on ThemeForest instead of being sold on their own site.

You might think this sort of thing wouldn’t happen in the real world of commercial theme development but, I assure you, it does. I don’t want to call out any particular theme shop, so I won’t, but this really does happen out in the wild.

If you’re a theme shop that’s not sure whether your own licensing is consistent with the licensing you select on ThemeForest, feel free to get in touch and I’ll do my best to let you know (confidentially of course).

(Thanks to Thomas Martinsen for the photo I’ve used for this post, released on Unsplash under CC0.)

Discouraging public redistribution of commercial themes and plugins – poll results

Published by Richard Best

Background

Back on 4 August of this year, I published a post called Theme and plugin shops – Discouraging public redistribution – User poll. The poll that was included in the post sought people’s views on the reselling of commercial themes and plugins. It did this because people’s views on this issue are relevant to the inclusion of a contractual mechanism I’d proposed for theme/plugin shop terms of use. The contractual mechanism I’d proposed would seek to discourage purchasers of a commercial theme or plugin from making the theme or plugin available on a website for download by others (whether for free or a charge), even when the theme or plugin is 100% GPL-licensed.

The proposed term would say that, if a customer decides to make your commercial theme or plugin available on a website for download by others, you may exercise a right to deactivate their access keys (if that’s how you’ve set things up) and to terminate their access to support and updates. I explained why, in my view, this sort of clause is not contrary to the freedoms conferred by the GPL:

“Is this contrary to the rights they have under the GPL? I think not. This approach doesn’t stop them from distributing the theme or plugin, as they originally obtained it, on a website. But it does say this to them: ‘if you decide to exercise your GPL rights in that way, as you’re entitled to do under the GPL, you run the risk of losing your contractual right to support and updates under these separate terms of use’. This is a commercially-oriented mechanism that is distinct from, and doesn’t prevent the exercise of, one’s freedoms under the GPL. It does say ‘you can’t have it both ways, folks’, but the GPL rights are left intact. Only the separate, commercial support arrangements are affected. There may be those who would cry foul, but – legally – I don’t think their cries would be well-founded.

After I wrote this, I did a search on the web to see whether I could find other businesses doing something similar to what I’m proposing. Lo and behold, it seems that Red Hat did this a few years ago. See GPL expert gives Red Hat the all-clear.”

Poll results

I closed the poll today. In the intervening period, 121 people had taken the poll. Here’s a graphical depiction of the results (thanks to the wonders of Gravity Forms and its Polls Add-On):

Majority consider redistribution of commercial themes or plugins on a public website to be unethical

A majority of those who took the poll – 76 of the 121 people – think the practice of purchasing or otherwise obtaining a commercial theme or plugin and then either reselling it on a public website or giving it away on a public website, is unethical, regardless of whether it’s permissible under the GPL. A further 10 people don’t know whether it’s unethical but don’t like it. The remaining 35 didn’t have a problem with it if the GPL is complied with.

Widespread support for inclusion of proposed term

Each person that took the poll was asked to assume he or she is a purchaser of commercial themes or plugins. Each person was then asked whether he or she would support a commercial theme or plugin business including the kind of term I’ve mentioned in its terms of use. (As a reminder, the term gives the business the power to terminate support and access to updates if the customer were to openly redistribute the commercial theme or plugin on a public website, either for a price or no charge.)

An overwhelming number of those who took the poll – 101 out of 121 – supported the inclusion of such a clause, as they selected this option:

“Yes, I would support that as I understand the business is trying to protect its investment and it poses no threat to my use of the themes or plugins.”

Of the remainder, 17 did not support the inclusion of such a clause even if the GPL freedoms remained intact, and 3 didn’t know or care.

Views of theme and plugin businesses on the idea of including the suggested clause

Of the 121 people who took the poll, 67 were from a business that develops commercial themes or plugins or were thinking of becoming one. These people were asked some additional questions.

The first additional question they were asked was whether they like the idea of including the suggested clause in their terms of use (in answering this, they were told to assume they wouldn’t be criticised for including the term). 47 of the 67 said they like the idea of the proposed term. 13 didn’t like the idea of this term and the remaining 7 didn’t know or didn’t care.

The second additional question they were asked, on the assumption that they would include the proposed term in their terms of use, was whether they’d be concerned that vocal stakeholders in the WordPress community might openly criticise them for not complying with the ‘spirit’ of the GPL (even if the term doesn’t actually remove any GPL freedom). 26 of the 67 answered yes (they would be or are concerned), 17 answered no (not concerned) and the remaining 4 didn’t know or care.

Comments

General conclusions

To the extent that one can draw general conclusions from this poll (and admittedly the sample is not exactly huge), they would appear to be that:

a significant majority of people either think that the practice of purchasing or otherwise obtaining a commercial theme or plugin and then either reselling it on a public website or giving it away on a public website is unethical or they don’t know whether it’s unethical but still don’t like it;
there is widespread support for the inclusion of a term in theme and plugin shops’ terms of use that would entitle the theme or plugin shop to deactivate a customer’s access key (if that’s how they’ve set things up) and to terminate their access to support and updates;
a significant majority (more than two thirds) of people from businesses that develop commercial themes or plugins (or who are thinking of becoming one) like the idea of the proposed term; and
a bit over a third of those from businesses that develop commercial themes or plugins or are thinking of becoming one would be concerned about being openly criticised by vocal stakeholders in the WordPress community if they were to include such a term (even if the term doesn’t actually remove any GPL freedom).

Businesses should be able to protect themselves in legitimate ways without fear of attack

In my view, it’s unfortunate that the third of people mentioned in the last bullet point would be concerned about being criticised by vocal stakeholders in the WordPress community if they were to include such a term, because – for reasons already given – in my view such a term would not be contrary to the GPL.

I think it’s undeniable that the development of robust commercial themes and plugins supports rather than detracts from the growth of the WordPress ecosystem. Just look at Automattic’s acquisition of WooCommerce as an example or the power that Gravity Forms brings to WordPress as another. Businesses that depend on and support the WordPress ecosystem should be able to protect their legitimate commercial interests without fear of verbal attack from those who cling to misconceptions of what the GPL does or doesn’t allow.

Bear in mind here, too, that the GPL is not an open source licence created for WordPress. Rather, it is simply the open source licence that governed the use of B2/cafelog when Matt and others forked it to become WordPress. WordPress users don’t have any monopoly over what the GPL does or should mean or allow.

The wording of the proposed term

The WordPress theme/plugin shop terms of use that you can build online if you purchase the business package of A Practical Guide to WordPress and the GPL will provide you with terms that, among other things:

explain the GPL licensing of the themes or plugins;
accommodate the use in themes or plugins of public domain assets (such as images) or assets that have been licensed by another under a Creative Commons licence (such as photos);
refer customers to a human-readable summary of the GPL for more information;
contain an explanation of the redistribution that the GPL allows but together with information on the investment that the business has made in developing its themes or plugins and the adverse consequences (for the business, its staff and in some cases their families) that open redistribution could bring;
explain a customer’s access to support and updates; and
regulate a customer’s use of its access key, login and right to support and updates.

It is the last item in this list that contains a right for the business to deactivate a customer’s access keys (if that’s how the business has set things up) and to terminate the customer’s access to support and updates if the customer decides to make a purchased commercial theme or plugin available on a website for download by others. The suggested clause (which may need tweaking in certain cases to reflect how a business has set things up) is as follows (I’ve italicised the key part relevant to this discussion):

Access key, login and right to support personal to you

Your access key, your support login and your right to support are personal to you. You are not permitted to share any of them with, or transfer any of them to, anyone else without our prior written approval (which we may refuse at our discretion) and you are not permitted to republish support answers on any other website or medium. If you do any of these things, we may deactivate your access key and terminate your right to support and updates, with or without notice. You agree that we may also exercise these powers if we have reason to believe you are requesting support for sites that do not fall within your support entitlements or if you are making our Products available on another website for others to download, with or without charge. (This does not defeat your rights under the GPL. We are simply saying that if you decide to exercise your GPL rights in that way, you will lose your right under these terms of use to access support and updates from us.) If we believe the security of your access key or login has been compromised, we may suspend your rights of access while we investigate. If you believe your login has been compromised, please let us know as soon as possible.

No legal advice

I hope this helps. Needless to say, I’m not providing legal advice to anyone in suggesting this kind of clause. It is for each business to make its own decision on the inclusion of such a clause, with its own legal advice if required.

Happy developing!

Step-by-step guide to attributing Creative Commons-licensed images

Published by Richard Best

BobWP reader seeks step-by-step guide

A while back I wrote a piece that first appeared on BobWP called Using Creative Commons images on your site with confidence (I republished it here too). Recently a reader of BobWP asked a question about the detailed mechanics of finding a Creative Commons-licensed image and applying an attribution statement to one’s use of it. He was trying to use images found through Google image and Flickr searches but wasn’t sure exactly how to go about attributing the image and was looking for a step-by-step guide.

In response, I wrote a brief step-by-step guide in the comments on Bob’s site. Because that guide might come in useful for others, I thought I’d post it here on WP and Legal Stuff too.

Key steps

1. Search an image repository that has Creative Commons-licensed images

Find an image and ensure it is licensed under a Creative Commons licence. Flickr is a good source and I’ll use that as an example from now on. Do an initial search for the topic or subject you’re interested in by using the search form on the Flickr homepage:

2. Refine your search results

When you do a search, it will reveal all images that match your search terms, regardless of whether the images are licensed for re-use. This means you have to refine your search. To do that, on the results screen, click on the dropdown menu called “Any license”:

(The dropdown name “Any licence” is not very clear as some images are not licensed at all). You want to select either “All creative commons” or one of the three options below it. Which one you select depends on what sort of licensing rights you need. If you want to use an image commercially, you’ll need to select “Commercial use allowed” (and so on for the other options).

3. Select an image

Once you’ve done that, you’ll see a list of images that is confined to Creative Commons licensed images. Click on one you like. When you do, you’ll be taken to that image and you’ll see the licence that has been applied to it. Here’s an example:

4. Identify which licence applies

To figure out which particular licence applies, click on the “Some rights reserved” link and open it in a new tab (some people will know what the icons beside “Some rights reserved” represent, but many won’t, which is why I’m suggesting opening the link in a new tab). In this case, you’ll see that the licence is a Creative Commons Attribution-ShareAlike 2.0 Generic licence:

If you look to the left of the page on Flickr (further above) you’ll see that the author is someone called Celine.

5. Use the image in your site

Use the image you’ve selected in your site as you wish (consistently with the terms of the applicable Creative Commons licence).

6. Add attribution statement

Within the editing window, add your attribution statement either below the image or, for example, at the end of the post or page. To create the HTML for the attribution statement, you can use this kind of format (the code is on the left and on the right you can see how it’s rendered):

Note that I’ve linked “Celine” (the owner of the photo) to the page on Flickr that contains the photo I’m using and that I’ve linked “Creative Commons Attribution-ShareAlike 2.0 Generic licence” to the Creative Commons page that contains that licence (which I accessed in step 4 above).

If you want to copy and paste that code so as to just swap out the bits relevant to the image you’re using, you can find it here on GitHub.

(Note that you don’t have to use my suggested wording, with the “Thanks to” component. I just do that to show some gratitude. I gave other examples in the original post mentioned above.)

That’s it!

That’s it. If anything is unclear, let me know. This gets easier and faster the more you do it.

Something for the future

By the way, I’ve half built and in the future will publish a tool that grabs some inputs from someone wanting to create an attribution statement and then spits out the HTML code for the attribution statement. Maybe that’ll make life easier. Hope so.

(Thanks to Celine for her dog image, licensed under a Creative Commons Attribution-ShareAlike 2.0 Generic licence. I have cropped the image. My cropped version above is likewise licensed under a Creative Commons Attribution-ShareAlike 2.0 Generic licence.)

A Practical Guide to WordPress and the GPL – now available – 30% introductory discount

Published by Richard Best

Finally…

I’m pleased to be able to say that A Practical Guide to WordPress and the GPL is now out in the wild. You can find it right here.

Outline

Here’s a quick outline of the chapters:

1. Introduction: conception, birth and forking

2. Understanding the GPL licensing of WordPress

3. Common GPL-related questions

4. WordPress themes, the GPL and the conundrum of derivative works

5. The GPL and assumptions of automatic inheritance

6. Theme reviews, CC0, model releases and GPL-compatibility

7. Selling ThemeForest themes outside of ThemeForest

8. Reselling commercial plugins

9. The GPL and trademarks

10. Theme and plugin shop terms of use versus GPL freedoms

Packages

Three different packages, or editions, are on offer:

1. The business package

If you’re into the business of developing WordPress themes or plugins (or both), you might want this package. You’ll get:

the ebook (PDF) of A Practical Guide to WordPress and the GPL;
a professionally narrated audio book, enabling you to listen to the book when you’re on the go (narrated by Steve Chase); and
access to a terms of use builder through which you can build draft online terms of use for your WordPress commercial themes or plugins shop, with open and honest GPL licensing as well as protections for your business.

2. The book and audio book package

With this package, you’ll get:

the ebook (PDF) of A Practical Guide to WordPress and the GPL; as well as
the professionally narrated audio book, enabling you to listen to the book when you’re on the go (narrated by Steve Chase).

3. The book package

If you’re just after the ebook of A Practical Guide to WordPress and the GPL, this package is for you. You’ll get a PDF of the ebook that you can read or dip into at your leisure.

Introductory discount

For a limited time, you can get 30% off each of these packages. To get the discount, just tweet the book’s promo page or like it on Facebook, using the buttons on the promo page (you’ll find them directly under the three package offerings). Doing that will reveal an offer code which you input at the point of purchase. Easy. The discounts will be available for around a week.

Terms of use builder

If you’d like to see a video demonstration of the terms of use builder (you get access to this with the business package), you’ll find that on the promo page too. Hell, I might as well embed it here too:

Questions

If you have any questions, feel free to ask. Otherwise, why not go and check out the book’s promo page. Thanks.

A human readable summary of the GPL?

Published by Richard Best

In my ebook (A Practical Guide to WordPress and the GPL) which will be out within the next 6-8 hours, I’ve included a one page summary of the GPL which I hope will make it easy for people to understand the core concepts of the GPL. That summary outlines the position in relation to copying and distribution, fees, modifications/derivative works, distributing non-source forms, termination, and downstream licensing:

This particular summary follows the flow of the clauses in the GPL and that’s why it flows through the subject headings I’ve just mentioned. One consequence of this common approach to summarising legal documents is that the discussion of a single topic may contain a summary of both a person’s rights and a person’s obligations. For example, the discussion of modifications / derivative works says:

“You may modify the Program or any part of it and distribute the modifications or new work as long as modified files contain notices regarding the existence and date of changes and any work that you distribute or publish that contains or is derived from the Program or any part of it is licensed as a whole at no charge to all third parties under the GPL.”

As you can see, this paragraph says “you are free to do A but if you do you also need to do X”. Rights and obligations. This approach is repeated, where relevant, for each subject.

Last night, in response to some comments on one of my posts by a couple of people, I wondered whether there was a different and perhaps even simpler way to summarise the GPL. I was also thinking about this because the terms of use that my WordPress theme/plugin shop terms of use builder will generate (available as part of my ebook business package) will summarise the GPL and also link to a human readable summary of the GPL for customers that want to read more.

Now, in my normal day job, I’ve done a huge amount of work on open licensing of government copyright works and that has involved very close examination and implementation of the Creative Commons licences. Not surprisingly, then, my mind immediately gravitated towards the ‘human readable deeds’ that Creative Commons produces for its licences. Those deeds take a slightly different approach to summarising the legal terms of the licence. Instead of addressing licence content on a subject by subject basis, which would include rights and potentially obligations per subject, they take a “you can do A, B and C, as long as you do X, Y and Z” approach. In other words, they state all freedoms and then list the obligations. For some people, this may be easier to follow.

With that in mind, last night I whipped up a GPL human readable summary, modelled on the approach taken by Creative Commons. This is what it looks like:

What do you reckon?

(Thanks to Felix E. Guerrero for the First Aid Kit and Key image, which he has licensed under a Creative Commons Attribution-ShareAlike 2.0 Generic licence.)

Theme and plugin shops – Discouraging public redistribution – User poll

Published by Richard Best

Context

Last week I sent an email to subscribers on my email list. I hadn’t proposed to publish the content of that email but, given some questions I’ve received in response, I thought it might help to publish it. I also thought it would be helpful and interesting to take a quick poll of people’s views on the reselling of commercial themes and plugins because people’s views on this issue are relevant to the inclusion of the contractual mechanism in theme/plugin shop terms of use that I discuss below. I’ll set out the email then take the poll.

(Please retweet as the more that take this super quick poll the better.)

So, the email

This is what I said:

“I’m in the process of finalising my 10 chapter ebook called A Practical Guide to WordPress and the GPL. The ebook will be offered in a range of packages, from just the ebook through to a package that will offer the ebook, an audio book and a terms of use builder for WordPress theme and plugin businesses.

In working on the terms of use builder yesterday [now last week], I had an idea as to a means by which theme and plugin shops might seek to discourage customers from making a theme or plugin available on a website for download by others (whether for free or a charge), even when the theme or plugin is 100% GPL-licensed. As you’ll know, this sort of behaviour hits legitimate businesses in the pocket and can threaten their sustainability. I thought some of you might like to know about the idea now. Note that I’m only talking here about widespread, open/public redistribution of commercial themes or plugins. [In other words, this would not affect your ability to use a theme or plugin on as many of your own or your clients’ sites, for example, as you wish.]

As you’ll know, the sale of a commercial theme or plugin usually entails access to the theme or plugin for download as well as a right to support and updates for a defined period, usually 12 months. It seems to me that some ‘public redistributors’ leverage the fact that they, as purchasers, can get access to support and updates. In other words, they use this access to seek support relevant to ‘their customers’ and/or they use it to get access to updates which they then release for download on their own sites.

Now, this sort of activity is generally permitted by the GPL, as long as they do it in the right sort of way and don’t breach any trademark rights or relevant laws. This might make you think that this kind of behaviour can’t be controlled contractually. But I think it can, at least to some extent.

How? Well, you include a clause in your terms of use which says that, if a customer decides to make your commercial theme or plugin available on a website for download by others, you may exercise a right to deactivate their access keys (if that’s how you’ve set things up) and to terminate their access to support and updates.

Is this contrary to the rights they have under the GPL? I think not. This approach doesn’t stop them from distributing the theme or plugin, as they originally obtained it, on a website. But it does say this to them: “if you decide to exercise your GPL rights in that way, as you’re entitled to do under the GPL, you run the risk of losing your contractual right to support and updates under these separate terms of use”. This is a commercially-oriented mechanism that is distinct from, and doesn’t prevent the exercise of, one’s freedoms under the GPL. It does say “you can’t have it both ways, folks”, but the GPL rights are left intact. Only the separate, commercial support arrangements are affected. There may be those who would cry foul, but – legally – I don’t think their cries would be well-founded.

Theme and plugin shops need to be aware that, if they cut off access and support in practice but in a situation where their terms of use don’t regulate public redistribution in the way I’ve described or don’t reserve rights to withdraw support for any reason, they may face allegations of breach of contract if they remove a redistributing customer’s access.

The terms of use that my builder will create will (if a business wishes) contain a term that addresses this situation. If you’ve any thoughts on it, please feel free to fire me a message through my contact form at WP and Legal Stuff or email me … . This email is only being sent to my email list. For that reason, you won’t be able to leave a comment on the site itself. [No longer the case obviously. Instead of emailing me, please complete the poll below.]

All the best.

Richard

P.S. I appreciate that a mere legal term relating to support won’t stop people who are hell-bent on redistributing GPL’d themes or plugins on a publicly accessible website from doing so. But it may stop a subset of people who actually care about their access to support and updates. The inclusion of such a clause might also make would-be redistributors wonder whether that kind of redistribution is ethical.”

Now for the poll

The poll has now closed. Thanks to all those who spent the time taking the poll. Much appreciated.

(Thanks to The Art Gallery of Knoxville for the “FREE BEER 3.3 Ready to Drink!” image https://www.flickr.com/photos/16038409@N02/2327155978/, licensed under a Creative Commons Attribution-ShareAlike 2.0 Generic licence https://creativecommons.org/licenses/by-sa/2.0/)

Automattic, WordPress.com, Jetpack, European cookie laws and transparency

Published by Richard Best

Setting the scene

In Legal checks when building a content-driven WordPress website, I discussed cookies — not the edible variety but the small text files that are stored on your computer or mobile device when you visit or undertake certain activity on certain websites (for further information about cookies, see https://www.allaboutcookies.org.)

I observed that, whilst many countries don’t have laws that require disclosure of cookies, in Europe there are specific (and controversial) cookie laws. Website owners in European Member States are required to:

provide clear and comprehensive information about the cookies they are using; and
obtain consent to store a cookie on a user or subscriber’s device.

There are some narrow exceptions but I don’t think I need to mention them again.

Questions

The questions I want to explore in this post are these:

What are the implications of the European cookie laws for European users of WordPress.com and Jetpack?
Are users of WordPress.com and Jetpack able to obtain sufficient information as to the cookies that these services set?
If not, do the cookie laws erect an obstacle (at least for those who care) to European use of WordPress.com and/or Jetpack?

Implications of cookie laws for European users

The implications of the cookie laws for European users of WordPress.com and Jetpack are clear: they need to be able to provide information on the cookies that these services set and to include a consent mechanism.

Are users of WordPress.com and Jetpack able to obtain sufficient information from Automattic?

Status in 2014

In November 2014, a Spanish user of WordPress.com posted this message in the WordPress.com forums:

“There are new politics in Europe. In Spain (and maybe other countries of Europe) we need to inform about cookies. …”

I chimed in with this:

“Hi there. I’m interested in this topic too, from the perspective of the cookies that WordPress.com generates when someone with a WordPress.org site is using the Jetpack WordPress.com stats feature. I haven’t been able to find the cookie names anywhere and they are not identified by name in Automattic’s Privacy Policy. I suggest that the cookie names and functions for WordPress.com stats (and any other WordPress.com function) need to be listed somewhere to enable people in or serving European clients to adopt best practices in relation to cookie disclosures … .

In the meantime, is someone able to name what cookies (if any) are generated by Jetpack/WordPress.com Stats when used on a WordPress.org (self-installed) site?

Many thanks for your help.
Richard”

In December a WordPress.com Happiness Engineer kindly updated me, stating that “we don’t have a list of cookies readily available, so it may take some time before we have those details you requested”.

Time marched on and, well, my focus shifted to other matters.

Fast forward to 2015 – Automattic invests in cookie transparency

Fast forward to July 2015. Last week I found out that Automattic has been putting considerable effort into fostering cookie transparency. Automattic has created the following:

A cookies disclosure page for WordPress.com

A widget that displays a cookies banner

A cookies disclosure page for Jetpack

The cookies disclosure page for WordPress.com explains what cookies are, describes how WordPress.com makes use of cookies for a variety of purposes, and provides fairly detailed information on the cookies WordPress.com uses, distinguishing between cookies that are strictly necessary for technical reasons, cookies that enable a personalised experience for visitors and registered users, and cookies that allow the display of advertising from selected third party networks. It lists and describes many examples of the cookies WordPress.com uses and notes that visitors can restrict the use of cookies or prevent them from being set.

Turning to the widget, you can add an “EU Cookie Law Banner” to your WordPress.com site by adding the widget of that name to the widgets section in your site’s customizer. There’s a range of settings. For example, you can hide the banner after a user clicks the ‘close and accept’ button, or after the user scrolls the page, or after a defined period of time. You can amend the default text if you wish, you can change the colour scheme (light or dark, more if you’re a premium user), you can link to the WordPress.com cookie information or to your own cookies policy page, and you can change the button text. Here is what the default banner looks like:

Last but not least, the Jetpack cookies page explains that cookies are used by Jetpack in a variety of different ways and that the cookies set will depend on the Jetpack features that are enabled. It notes that the cookies are only set when a user interacts with one of these, or to allow admin functions to be performed in wp-admin. It then names and provides other details on the cookies that are set for visitors and registered users of sites with the Jetpack plugin installed.

Superb developments

As a lawyer who has been a bit frustrated in the past about the inability to obtain information on the cookies set by WordPress.com and Jetpack, I think these developments are superb. They go a substantial way towards enabling those in Europe to comply with the cookie transparency laws.

Whether a site run by someone in a given European country complies with that country’s laws is not Automattic’s responsibility, of course, but Automattic has clearly invested a good deal of time and money in helping its European users.

Any remaining obstacle?

Cookie lists not exhaustive

You might want to note that the cookies listed for WordPress.com are not exhaustive. Rather, the kinds of cookies used are explained and numerous examples are given. The cookies page is clear in stating that the listed cookies are examples. This, I understand, is due to the dynamic and evolving nature of WordPress.com. An exhaustive list of cookies that is valid in one month might become out of date in another. Automattic is certainly not alone in taking this approach. It seems to be the same kind of approach that Google takes.

Residual risk? Unlikely

Does the fact that the cookies lists are not exhaustive pose significant residual risk to European users of WordPress.com? I can’t comment on how the European ePrivacy Directive has been implemented and interpreted in every European member state (there will likely be variance in interpretation across member states), but I can tell you what the United Kingdom’s Information Commissioner has said, namely, this:

“What do we need to do to comply?

The rules on cookies are in regulation 6. The basic rule is that you must:

tell people the cookies are there;
explain what the cookies are doing and why; and
get the person’s consent to store a cookie on their device.

As long as you do this the first time you set cookies, you do not have to repeat it every time the same person visits your website. However, bear in mind that devices may be used by different people. If there is likely to be more than one user, you may want to consider repeating this process at suitable intervals.

…

What information must we give users?

[The Privacy and Electronic Communications Regulations] do not set out exactly what information you must provide or how to provide it – this is up to you. The only requirement is that it must be “clear and comprehensive” information about your purposes. You must explain the way the cookies (or other similar technologies) work and what you use them for, and the explanation must be clear and easily available. Users must be able to understand the potential consequences of allowing the cookies. You may need to make sure the language and level of detail are appropriate for your intended audience.”

In my view, the approaches taken by Automattic and Google are pragmatic and provide users with reasonable and digestible information on the fact that cookies are used, what the cookies are doing and why they are doing it. They also provide clear examples of named cookies. Arguably that is sufficient.

There will probably be those who will say the gold standard is listing each and every cookie – and yes if you do that you ought to be safe – but, for large or complex operations, that approach runs the risk of producing monstrous cookie policies that most people will never read, resulting in overly bureaucratic processes for minimal gain. They could even be counter-productive. In my view, a sensible compromise needs to be struck between transparency interests and usability or readability interests. There’s little point in drafting something that is so complete, yet so monstrously detailed, that it’ll never enter anyone’s consciousness.

If you’re in the United Kingdom, I’d be astonished if the Information Commissioner were to take a stricter view, given what it has said publicly (as quoted above). Let us hope the same common sense prevails in the other European member states.

(Update: I need to be clear that I don’t know the position in other European member states on this particular issue. I know there has been inconsistent implementation of the Directive’s requirements in relation to prior consent to the setting of cookies. It wouldn’t surprise me if there were different interpretations on this point too, but I just don’t know. That said, it is widely recognised that the lack of uniformity across Europe is shambolic and that cases involving enforcement are rare.)

(Thanks to Marjan Lazarevski for the ‘Cookie Crave‘ image, licensed under a Creative Commons Attribution-NoDerivs 2.0 Generic licence.)

Theme and plugin shop terms of use versus GPL freedoms

Published by Richard Best

Introduction

For a while now I’ve wanted to address an issue that niggles away at me every time I see it. I touched on the subject slightly at the end of Readers ask: About reselling commercial plugins (updated) but I wanted to explore it a bit more in its own post.

There are so many theme and plugin shops out there now that you probably couldn’t count them all with even 20 hands. Perhaps not surprisingly, this multiplicity of WordPress businesses has resulted in a wide range of terms of use and licensing statements in relation to the themes and plugins they sell.

Of course, what these businesses say in their terms is constrained – or should be constrained – by the requirements of the GPL, at least in situations where they’ve created derivative works of WordPress or other GPL’d code or where they’ve otherwise chosen to apply the GPL to their themes or plugins.

In this post, I’m going to focus on theme and plugin shops that have expressly applied – or purport to have expressly applied – the GPL 100% to their themes or plugins. I’m going to discuss four kinds businesses:

businesses that clearly understand the GPL and get their licensing statements right;
businesses whose licensing statements are difficult to understand;
businesses that either don’t understand the GPL or do understand it but cloud or misrepresent (either innocently or deliberately) the freedoms that the GPL confers on purchasers of their themes or plugins; and
businesses who just get the GPL plain and unambiguously wrong.

I’ll also comment on businesses whose terms purport to reserve a right to change the licensing of their themes at any time. Note that almost all of the theme shops I’ve reviewed are commercial theme providers with a listing on WordPress.org.

Before I get into things, I should note that I’m not talking in this post about access to support and upgrades being restricted to paying customers. That’s all perfectly legitimate under the GPL. What I’m focusing on here is what businesses’ terms of use or pricing pages say in relation to the GPL and what a customer is entitled to do with a theme or plugin it purchases when that theme or plugin is GPL-licensed.

Businesses that get it right

There are many businesses whose terms of use are clear in their GPL licensing and there are generally two variants of the terms used by such businesses. Under the first variant, the businesses keep things simple and say something like: “Our products are licensed under the GPL” or “[name of theme/plugin] is licensed under the GNU general public license” (e.g., WooThemes, Rocket Genius/Gravity Forms). And within this variant there are those who inject some humanity into their terms. For example, Array themes says this:

“All digital goods provided by Array are released under the GNU Public License version 2.0. Go create something beautiful and share it with us.”

Nice. Even within their minimalist terms they want to delight their customers.

Businesses that opt for the second variant go a bit further and say something like this:

“All [our] themes are licensed under the GPLv2.You can use our themes for personal and commercial projects and for as many websites as you like.”

Many businesses’ terms are along these lines. In my view, they provide helpful guidance to purchasers.

Businesses whose terms are difficult to understand

I’ve come across one theme shop that says, without more, that its ‘theme code’ is licensed under the GPL. But what does ‘theme code’ actually mean? Would theme code include non-code assets within a theme’s zip file? Arguably not. This sort of licensing actually looks more like a split licence to me than full GPL. The intended meaning is unclear.

Businesses whose terms cloud or misrepresent the GPL freedoms

Some businesses who say their themes are GPL-licensed offer basic versions of themes or plugins for free or a low cost as well as ‘premium’ versions of the themes or plugins which have more functionality. That’s all fine. What’s not so fine is when they draw a distinction – either expressly or implicitly – between what can be done with a basic or low cost version as against what can be done with the premium version. I’m not referring to the different levels of functionality. Rather, I’m referring to the number of sites on which the theme or plugin can be used. For example, some theme shops say very little or nothing about what can be done with the basic or low cost version but then say, for the premium version, that it can be ‘used on unlimited websites’ or that purchasing a premium version comes with ‘the right to use the theme on an unlimited number of websites’.

To my mind, this may prompt some users to infer that the basic version cannot be used on unlimited websites. Logically, of course, the fact that ‘unlimited websites’ is stated for the premium version whilst nothing is said for the basic or low cost version doesn’t necessarily mean that the basic or low cost version can only be used on a small number of websites or a single website. However, drawing the distinction I’ve mentioned isn’t helpful and does nothing to explain to users of the basic or low cost version that, under the GPL, they too can use their version on unlimited websites. It seems that some theme or plugin businesses draw this distinction to encourage more customers to buy the premium version but I’d suggest that, in doing so, they’re not being as transparent as one might expect in relation to what the GPL allows.

Another and perhaps worse variant of this is where a theme shop says that, if you buy one of its GPL’d themes, you can use it ‘on any websites you own’. To my mind this is misleading. You do not have to own a website to use the GPL’d theme for that website. You can use it on any website, regardless of whether you own it. Now, I’m not suggesting that this excellent theme shop that is listed on wordpress.org is intending to mislead anyone, but the wording is misleading as it implies that one cannot use the theme on a client’s site. This is particularly so when the terms go on to say that, if you purchase a developer package, you can use the theme on an unlimited number of client sites.

Businesses whose terms get the GPL plain wrong

Sometimes businesses’ terms of use just get things plain wrong. For example, one business that purports to license its themes under the GPL says that, with a single purchase, you can use the purchased theme ‘for multiple sites of your own’ but you can’t redistribute or resell it to any of your customers or clients. This just isn’t right. If I obtain a 100% GPL-licensed theme, I can use it for my own sites, I can use it for client sites, I can give it to my friends, I can give it to clients, I can sell it to clients and I can otherwise redistribute it as I please, as long as I comply with the GPL’s terms.

Another business that licenses its themes under the GPL (and it makes it clear that the GPL applies to the PHP, javascript, CSS and images) says its customers are not permitted to reproduce, duplicate, copy, sell, trade or resell its themes. Again, this is wrong. A recipient of a fully GPL’d theme is actually entitled to do all these things.

Purported rights to alter licence terms

Sometimes a business will include a term in its terms of use by which it “retains the right to change… the licensing of … our themes at any time”. On one interpretation, this is contrary to the generally accepted proposition that the GPL is irrevocable (GPL version 3 is much clearer than version 2 on this issue but even version 2 is generally regarded as being irrevocable). A licensor of all the copyright in a work that it GPL licenses may stop distributing the work under that licence and/or license it under a different licence to others, but it is generally considered that people who already have the GPL’d software can continue to use it and that a purported revocation of those people’s rights under the GPL would be ineffective. Similarly, where a GPL’d work consists of a chain of copyright components, all successively licensed by various people under the GPL, one licensor cannot take the whole and purport to apply a more restrictive licence as it won’t have the right to do so from the upstream licensors.

The short point is that a theme shop that purports to retain the right to change the licensing of its themes, when those themes have already been licensed under the GPL, should not be read as restricting those who already have the themes from exercising the freedoms that the GPL gives them.

Conclusions

Theme and plugin shops deploy a range of approaches as to how they describe the GPL-licensing of their products, from good to not-so-good to bad. I’m not suggesting that all theme and plugin shops whose terms fall in the not-so-good or bad camps are deliberately misleading customers. I suspect the reality is that some are doing this, for economic reasons, while others or their lawyers have either misunderstood the GPL or used language which just isn’t quite right, if not quite wrong.

(Thanks to Japanexperterna.se for the ‘See no evil speak no evil hear no evil‘ photo, licensed under a Creative Commons Attribution-ShareAlike 2.0 Generic licence.)

Pearson v Automattic: Did Automattic succeed by the skin of its teeth?

Published by Richard Best

Focus of this post

As many in the WordPress community will know by now thanks to Jeff Chandler’s helpful post on the case, recently Chris Pearson was unsuccessful in his complaint against Automattic regarding its purchase of the thesis.com domain name. Pearson had sought to have the domain transferred to him. I want to say a few things about this case but I’m not going to get emotional about it nor will I publish any comments that come across as hostile, abusive or potentially defamatory. My interest is to point out a few things that do not seem prominent in the discussions I’ve seen to date and to do so from a hopefully dispassionate legal perspective.

Facts

The key facts seem to be these:

Many years ago, Chris Pearson developed a theme for WordPress called Thesis. When released, Pearson did not license Thesis under the GPL.
In due course, there was heated if not acrimonious debate between Matt Mullenweg and Pearson as to the licensing of Thesis. Mullenweg argued that Thesis should be licensed under the GPL; Pearson argued he was not required to do so. (I’ve said a bit more about this in WordPress themes, the GPL and the conundrum of derivative works).
At one point, it looked as though Pearson would be sued, but it didn’t come to that. Nevertheless, it seems clear that deep battle scars remained on both sides. At one point Mullenweg even appears to have offered to give Thesis purchasers a GPL premium theme of their choice at no cost. (To really understand what many believe to be the true context for this case, you need to listen to the debate between Pearson and Mullenweg on Mixergy back in 2010.)
Eventually, in July 2010, Pearson changed the licensing for Thesis, announcing this on Twitter: “Friends and lovers: Thesis now sports a split GPL license. Huzzah for harmony! #thesiswp”
Pearson owns registered trademarks for both “Thesis” and “Thesis Theme”, in each case for “web site development software”. These trademarks were registered in October and November 2011 and it appears that Pearson has been using the names since 2008.
In more recent times, Automattic and Pearson were both approached by a third-party for the possible purchase of the thesis.com domain name. Automattic was the higher bidder, paying $100,000 for the domain name.
Pearson instituted proceedings in accordance with ICANN’s Uniform Domain Name Dispute Resolution Policy (UDRP). Pearson argued that he had registered trademark rights in the THESIS mark; that Automattic’s domain name thesis.com was identical to that mark (except for the top level domain name “.com” which was not relevant); that Automattic does not have any products named ‘thesis’ or offer services using the ‘thesis’ name; that Automattic’s registration of the disputed domain name, to sell competing products, likely violates Pearson’s trademark rights; and that Automattic purchased the disputed domain name to confuse and redirect customers and potential customers to Automattic’s competing webpage.
Automattic argued, among other things, that “thesis” is a generic term; that it was using the disputed domain name in connection with a blogging site, such use serving as an invitation to Internet users to discuss, object, and debate certain topical issues and, therefore, falling within the definition of the term “thesis”; that Automattic purchased the domain name pursuant to a bona fide offering of goods under the UDRP; and that Pearson had not proven bad faith with supporting evidence (this argument was made because one of the three things a complainant must establish is that the ‘domain name has been registered and is being used in bad faith’).

Decision

The Panel made these key findings:

Pearson established legal rights and legitimate interests in the mark contained in its entirety within the disputed domain name;
Automattic failed to submit extrinsic proof to support the claim of rights or interests in the disputed domain name;
the disputed domain name is identical to Pearson’s legal and protected mark; and
Pearson failed to bring sufficient proof to show that Automattic registered and used the disputed domain name in bad faith.

Now, as Jeff noted in his post, paragraph 4(a) of the UDRP requires a complainant to prove each of the following three elements to obtain an order that a domain name should be cancelled or transferred:

the domain name registered by the respondent is identical or confusingly similar to a trademark or service mark in which the complainant has rights; and
the respondent has no rights or legitimate interests in respect of the domain name; and
the domain name has been registered and is being used in bad faith.

The first two elements were satisfied. Only the third was not but that is because Pearson failed to bring sufficient proof to show that Automattic registered and used the disputed domain name in bad faith.

It’s important, in my view, to look at what the Panel actually said. In relation to the second element, the Panel said this (I’ve replaced references to Complainant and Respondent with Pearson and Automattic):

“Rights to or Legitimate Interests:

…

… In the instant case the Panel finds that [Automattic] is not commonly known by the disputed domain name.

… The Panel finds that [Automattic] is using the disputed domain name to redirect internet users to [Automattic’s] competing webpage, which is not a bona fide offering of goods or service or a legitimate noncommercial or fair use of the domain name under Policy ¶¶ 4(c)(i) and 4(c)(iii). …

…

The Panel finds that [Pearson] established a prima facie case in support of its arguments that [Automattic] lacks rights and legitimate interests under Policy ¶ 4(a)(ii), which showing is light. … However, [Automattic’s] offer draws the Panel’s attention to a troublesome area. Allegedly, [Automattic] and [Pearson] were both approached by a third-party for the possible purchase of the <thesis.com> domain name, and [Automattic] was the higher bidder, paying $100,000.00 for the domain name. Such a purchase has been considered a bona fide offering of goods under Policy ¶ 4(c)(i) by past panels. … Therefore, this Panel considers that [Automattic’s] purchase of the <thesis.com> domain name for $100,000.00 could confer rights sufficient for Policy ¶ 4(c)(i) rights and legitimate interests, had adequate evidence to that effect been adduced. The Panel notes, however, that [Automattic] did not provide documentary evidence establishing this purchase of the disputed domain name for $100,000.00 and therefore the Panel declines to give that claim full credibility without such proof, which would have been easy for [Automattic] to provide and which should be [Automattic’s] burden to provide if the Panel were to rely on that claim as proof of rights.

Further, [Automattic] is purportedly using the disputed domain name in connection with a blogging site as per its Attached Exhibit (<themeshaper.com> home page). [Automattic] argues that such use serves as an invitation to Internet users to discuss, object, and debate certain topical issues. Panels have found rights and legitimate interests where a respondent was hosting a noncommercial website. … Yet, here as well, [Automattic] provides nothing more than the invitation to engage in such activities. Therefore, the Panel declines to find that [Automattic] actually operates the <thesis.com> domain name in connection with a legitimate noncommercial or fair use per Policy ¶ 4(c)(iii).

[Automattic] also argues that the term of the <thesis.com> domain name is common and generic/descriptive, and therefore, [Pearson] does not have an exclusive monopoly on the term on the Internet. Contrary to [Automattic’s] position, the appropriate authority registered THESIS as a mark and [Pearson] established those legal rights to that mark. [Automattic’s] premise is contradicted by this governmental proof of legal rights.

The Panel finds that [Pearson] has made out a prima facie case that [Automattic] lacks rights or legitimate interests in the disputed domain name and that [Automattic] has not rebutted that prima facie case. [Pearson] has therefore satisfied the elements of ICANN Policy ¶ 4(a)(ii).”

In relation to the third element, the Panel said (among other things) this:

[Pearson] claims that [Automattic’s] use of the disputed <thesis.com> domain name is to divert and confuse customers and potential customers. The Panel notes that [Pearson] did not include an exhibit showing that <thesis.com> redirects to a webpage owned by [Automattic]. The Panel suggests that the submissions might point toward use by [Automattic] that would support findings of bad faith, pursuant to Policy ¶ 4(b)(iv) if evidence had been adduced to that effect. However, [Pearson] failed to bring that proof to the Panel. …

The Panel therefore finds that [Pearson] failed to meet the burden of proof of bad faith registration and use under Policy ¶ 4(a)(iii). …

… Therefore, the Panel finds that [Pearson] failed to support its allegations under Policy ¶ 4(a)(iii) and finds for [Automattic].

The Panel does not adopt [Automattic’s] contention that the <thesis.com> domain name is comprised entirely of a common term that has many meanings apart from use in [Pearson’s] THESIS mark. …”

So, in essence, the first of the three required elements was clearly satisfied given Pearson’s trademark rights and the second element was satisfied because Automattic had not rebutted Pearson’s case that Automattic has no rights or legitimate interests in the domain name thesis.com. It appears that Pearson hadn’t, however, adduced sufficient evidence to establish the bad faith element.

Comment on panel’s reasoning

I’d like to zoom in on two aspects of the Panel’s reasoning. The first is the Panel’s suggestion that “[Automattic’s] purchase of the <thesis.com> domain name for $100,000.00 could confer rights sufficient for Policy ¶ 4(c)(i) rights and legitimate interests, had adequate evidence to that effect been adduced”. To understand this comment, you need to know what ¶ 4(c)(i) of the UDRP says. It says this:

“… Any of the following circumstances, in particular but without limitation, if found by the Panel to be proved based on its evaluation of all evidence presented, shall demonstrate your rights or legitimate interests to the domain name for purposes of Paragraph 4(a)(ii):

(i) before any notice to you of the dispute, your use of, or demonstrable preparations to use, the domain name or a name corresponding to the domain name in connection with a bona fide offering of goods or services”

With respect, in my view the suggestion that paragraph 4(c)(i) might have been found to apply here is tenuous, given the historic conflict between Pearson and Automattic’s head regarding the Thesis theme. That historic conflict must, in my view, colour the analysis of whether the name was being used in connection with a bona fide offering of goods or services. Cross-examination on this point in court proceedings could be fertile ground for a litigator. Note also that $100,000 is a lot of money to pay for an allegedly generic domain name that has no obvious connection with Automattic’s business. It would be interesting to see Automattic’s domain name inventory.

The second element of the Panel’s reasoning that I want to zoom in on is this:

“[Pearson] claims that [Automattic’s] use of the disputed <thesis.com> domain name is to divert and confuse customers and potential customers. The Panel notes that [Pearson] did not include an exhibit showing that <thesis.com> redirects to a webpage owned by Respondent. The Panel suggests that the submissions might point toward use by [Automattic] that would support findings of bad faith, pursuant to Policy ¶ 4(b)(iv) if evidence had been adduced to that effect. However, Complainant failed to bring that proof to the Panel.”

Paragraph 4(b)(iv) of the UDRP says this:

b. Evidence of Registration and Use in Bad Faith. For the purposes of Paragraph 4(a)(iii), the following circumstances, in particular but without limitation, if found by the Panel to be present, shall be evidence of the registration and use of a domain name in bad faith:

…

(iv) by using the domain name, you have intentionally attempted to attract, for commercial gain, Internet users to your web site or other on-line location, by creating a likelihood of confusion with the complainant’s mark as to the source, sponsorship, affiliation, or endorsement of your web site or location or of a product or service on your web site or location.”

According to the Panel, Pearson hadn’t adduced evidence to this effect. Had he done so, he may have succeeded. At the date of writing this post, thesis.com still redirects to themeshaper.com and let’s not forget that themeshaper.com is now an Automattic property. The left sidebar states expressly that it’s the “home to the Automattic Theme Division”.

The other point to note is that the four circumstances in paragraph 4(b) of the UDRP are not an exhaustive list of the scenarios in which bad faith might be found. If you look at the opening wording above, it says “the following circumstances, in particular but without limitation“. The listed scenarios are scenarios which will, if proved, indicate bad faith but they do not (in my view) preclude a panel from finding bad faith in other scenarios. That is the effect of the words “but without limitation”.

Other legal remedies

I noted at the outset that the UDRP dispute resolution process has it roots in contract. The registrant of a domain name agrees to submit to the dispute resolution process in its contract with the registrant.

The UDRP process is not, however, the only means by which a person can seek a remedy when feeling aggrieved by another person’s registration of a domain name that conflicts with existing trademark rights. And the fact that a complainant is unsuccessful before a UDRP panel doesn’t necessarily mean the outcome would be the same in court proceedings. Depending on the facts of a given case and the country in which a claim is brought, other remedies may lie in trademark law (for trademark infringement), tort law (for something called passing off) or fair trading or cybersquatting legislation (which exists in some countries but not others).

I make no comment on how the pursuit of such other remedies might pan out in this particular situation. For one thing there’s the fact that themeshaper.com itself isn’t overtly selling anything. At the same time, it is promoting themes on WordPress.org and, more significantly, it does link to Automattic’s commercial ventures, through the “Blog at WordPress.com” link and the Automattic image link in the footer.

Let’s wrap it up

I think I’ve said about all I want to say. As a long-time WordPress user and community observer, it has been tempting to express my own non-legal views on what’s happened here but, because I said this would be a legally oriented post, I haven’t. The only thing I’ll say is that I hope fallout management is in place because this episode seems to have reopened a rift in the WordPress community that many thought was long closed.

How not to source images for your client’s websites

Published by Richard Best

If you’re a designer who source images for a client’s website, do you ensure you and your client have the right to use them?

An interesting wee tale

A UK case from 2012 provides a number of important reminders for those who design and own websites, including public sector agencies (Hoffman v Drug Abuse Resistance Education (UK) Ltd [2012] EWPCC 2 (19 January 2012)). It’s an interesting tale about a website owner who copied photos from another website in the mistaken belief that they were Crown copyright photos that could be re-used without permission when, in fact, they could not. There’s a photographer, a charity, a web developer, a government-sponsored website, the photos and … a copyright infringement claim. This isn’t a WordPress-specific story, but one that may be of interest to some WordPress users.

Briefly, the main facts appearing from the judgment are these:

Mr Hoffman was the copyright owner of a range of photos of drugs;
the defendant charity published copies of those photos on its website;
the defendant had used a web design firm to produce its website;
that firm had found a Government sponsored website called “Talk to FRANK” on which the photographs appeared;
the defendant understood that the site was covered by Crown copyright and that the images could be re-used when, in fact, they could not; the photos were not Crown copyright;
the Department of Health acknowledged the site was not clear and tried to pursue the matter on behalf of the defendant (and others) but without success;
Mr Hoffman brought proceedings against the defendant for copyright infringement.

The defendant’s position was that it “had not intentionally or knowingly infringed [Mr Hoffman’s] copyright” and “the Department of Health and their misleading web site were the cause of any infringement”.

The Court decided that the defendant was in fact liable. The fact that the defendant may have thought that it had permission to use the images was not a defence to infringement under the relevant provision of England’s Copyright Designs and Patents Act 1988. Similarly, the fact it had employed a firm to produce the website did not enable the defendant to avoid liability.

The defendant could also not rely on section 97(1) of the Act which states that “[w]here in an action for infringement of copyright it is shown that at the time of the infringement the defendant did not know, and had no reason to believe, that copyright subsisted in the work to which the action relates, the plaintiff is not entitled to damages against him, but without prejudice to any other remedy.” The court sympathised with the defendant but held that the facts did not support reliance on this defence:

“The defendant understood it had permission under what it understood to be the relevant copyright. That is a very different thing from an argument that the defendant had no reason to believe copyright subsisted at all … . To believe that one had permission under (in this case) Crown copyright is the opposite of a belief or reason to believe that there is no copyright in existence.”

The court awarded damages, interest and costs in favour of Mr Hoffman.

Reminders

The case serves as a reminder for a number of players in the web industry, including (on the facts of this case) public sector agencies:

web designers need to be careful when suggesting to clients that they can reuse copyright images or other copyright content from other websites; without permission from the true copyright owner, such content should not be re-used;
if in doubt as to whether third party web content can be re-used, the safest course is to get in touch with the site owner (or, if it’s clear that the content comes from another source, that source);
public sector agencies need to be careful when describing the copyright status and re-use permissions of copyright content on their websites because, if they get it wrong, they can expose members of the public to risk at the hands of the true copyright owners (and could themselves be the subject of challenge or feel at least ethically obliged to assist those who have unwittingly upset the true copyright owners); and
website owners need to be careful to ensure, when using third party copyright content on their websites, that sufficient rights clearance processes have been followed (unless they are happy to run the risk of a claim of infringement).

What about you?

Have you ever found yourself in a similar position? If so, feel free to chime in with a comment below.