A few weeks ago I went to an interesting event about content marketing hosted by Digital Doughnut in London’s fashionable Shoreditch. It was interesting for various reasons. Firstly, there were three great presentations by marketers from the Guardian Digital Agency, NewsReach, and iTrigga; secondly, I was the only lawyer there (I think); and thirdly, when each person I spoke to discovered I was a lawyer, there was some consistency to the legal issues they were interested in and confused about.
These legal issues were (i) the ASA’s “digital remit”, (ii) the “fair dealing” exception under copyright law, and (iii) the applicability of UK data protection law.
The ASA’s digital remit
It’s actually been quite a while (over two years) since the ASA’s remit was extended to cover marketing on advertisers’ own websites and social network sites “under their control”. Prior to this extension of the CAP Code, the ASA’s digital remit only included online ads in paid-for space (e.g. banners, pop-ups, keyword ads on Google etc), as well as emails and SMSs.
The fact that content on a company’s Facebook page could potentially be within scope of the advertising regulations surprised some of the people I spoke to. Some people were particularly surprised that even UGC on a Facebook page could be covered if the content was incorporated into a marketing message.
The relevant part of the CAP Code is paragraph (h) of the introductory section which states that the CAP Code covers content on companies’ own websites, or in other non-paid-for space online under their control, that are directly connected with the supply or transfer of goods, services, opportunities and gifts. What that essentially means is that any content designed to sell something will be captured, as opposed to, for example, editorial, PR, press releases, and investor relations copy, which are outside the scope of the CAP Code.
Incidentally, when the remit extension was announced back in 2011, the ASA said that it would undertake a quarterly review of the extended digital remit with the intention of carrying out a comprehensive review in Q2 of 2013 – so that’s something to look out for…
Quite a few people I spoke to were interested in copyright issues and in particular the extent to which the “fair dealing” exception under copyright law meant they could “reuse” content (note that “fair use” is the similar, but not identical, exception under US copyright law).
In reality, the scope of the fair dealing exception in UK copyright law is much narrower than most people think. Under sections 29 and 30 of the Copyright Designs and Patents Act 1988 (CDPA), the fair dealing exceptions only apply to research, private study, criticism, review, or reporting current events. This means that the exception is highly unlikely to apply in the case of third party copyright works which are “borrowed” for marketing purposes.
In the case of research, broadly speaking, it has to be for a “non-commercial purpose” and it’s worth noting that the English courts have been willing to interpret what constitutes a commercial purpose broadly.
The point of the “reporting current events” exception is to protect the role of the media in informing the public about current events.
In terms of what constitutes “criticism” or “review”, the English courts have been unimpressed with advertisers’ attempts to incorporate third party content into ads and then rely on the fair dealing defence. For example, in a case between IPC v News Group, The Sun used a picture of the front page of IPC’s “What’s on TV” magazine in an ad comparing it to “TV Choice” (The Sun’s listings magazine). The court held that this didn’t constitute “criticism” within the meaning of the CDPA (because the criticism could have been made simply by referring to What’s on TV).
Applicability of UK data protection law
In this globalised world of SaaS and cloud hosting, it can be confusing as to whether UK data protection law applies.
The basic rule is set out in section 5 of the Data Protection Act 1998 (DPA). If a company “controls” personal data and that company is (i) established in the UK and (ii) processes that personal data (which would include collecting it, storing it and even deleting it) in the context of that “establishment”, then UK data protection law will apply – regardless of whose data it is and where the data is stored.
“Establishment” is defined quite broadly in the DPA and includes UK registered companies, or even offices or branches in the UK – i.e. if a US company has an office in the UK and personal data is processed in connection with that branch, then that processing will need to be compliant with UK data protection law.
If there is no establishment in the UK, but a company uses “equipment” in the UK to process personal data (not including where it’s merely for the purposes of transit through the UK), UK data protection law will also apply – i.e. if a US company with no offices in the UK uses servers in the UK to process personal data, then that processing would also (strictly speaking) need to comply with UK data protection law.
It’s also worth noting that certain European data protection regulators have been inclined to take a broader view about what amounts to “using equipment”. The Article 29 Working Party (an independent body made up of representatives of the European data protection regulators) has even suggested that setting cookies on users’ devices could amount to using equipment so that the data protection law of the European country where the device is located would apply. This is controversial because, arguably, this would mean every single website in the world which can be accessed by Europeans would be subject to European data protection law!
The above is only a brief summary of the various legal issues which people at the event were interested in. The world of marketing can be a legal minefield. When marketing enters the digital domain the legal issues increase both in number and complexity!