Does DMCA ‘Safe Harbor’ Apply to My Company’s Own Conduct?

“Image Deleted DMCA on Black” by Lexein is licensed under CC Attribution-Share Alike 3.0

One of the interesting things about practicing law (particularly in the space I do), is the trends in inquiries to our Phoenix law firm’s Copyright law practice. Of late, it has definitely been issues surrounding the Digital Millennium Copyright Act (17 U.S.C. § 512) (“DMCA”) and, in particular, it’s “safe harbor” provisions.

DMCA was certainly on the mind of a new client who had initially contacted me about DMCA registered agent services. In getting to know more about her and her partner’s business, I learned that they actually owned and operated several blog-style websites which they had “acquired”. Some of these acquired websites were producing content which might lead to DMCA “take down” and counter-notice issues.

As a result the question that is the focus of this post came up. To what extend does DMCA’s safe harbor protect one’s online business against the activities its own now-employees, as opposed to third-party users?

What is the DMCA “safe harbor”?

Although I’ve written about it and the importance of having a DMCA agent in an earlier post, it’s useful for purposes of this article to recap:

The oft-discussed DMCA “safe harbor” is technically one of four separate safe harbors identified under Section 512 of the Digital Millennium Copyright Act. Of these four distinct safe harbor provisions, it is usually Section 512(c) that most of our clients and persons interested in our law firm’s services contact us about, although as a website operator, your business may fall under one or more safe harbors.

Let’s take a look at the statute itself:

(c) Information Residing on Systems or Networks At Direction of Users.—

(1) In general.—A service provider shall not be liable for monetary relief, or, except as provided in subsection (j), for injunctive or other equitable relief, for infringement of copyright by reason of the storage at the direction of a user of material that resides on a system or network controlled or operated by or for the service provider, if the service provider—


(i) does not have actual knowledge that the material or an activity using the material on the system or network is infringing;

(ii) in the absence of such actual knowledge, is not aware of facts or circumstances from which infringing activity is apparent; or

(iii) upon obtaining such knowledge or awareness, acts expeditiously to remove, or disable access to, the material;

(B) does not receive a financial benefit directly attributable to the infringing activity, in a case in which the service provider has the right and ability to control such activity; and

(C) upon notification of claimed infringement as described in paragraph (3), responds expeditiously to remove, or disable access to, the material that is claimed to be infringing or to be the subject of infringing activity.

Why DMCA’s Storage Safe Harbor Is Critical to Your Business

To summarize, this (what we’ll call the) “storage” safe harbor protects service providers such as website operators from liability to copyright owners for infringing material that third-party users of the service directed to be stored or made available on the website.

To put it another way, 512(c)’s safe harbor offers protection against (a) copyright claims (b) under U.S. law, when the source of an alleged infringement is the (c) conduct of the service provider’s end-users.

Therefore, neither the 512(c) safe harbor nor, for that matter, 512 (a), (b) or (d)’s safe harbor protect the service provider against non-copyright claims like, for example, rights of publicity, invasion of privacy, defamation, etc. (areas which, incidentally, I feel this company has more exposure to than DMCA).

Thus, just off of the standards of 512(c)(1)(A)(i) through (iii), as well as (c)(1)(B) above, my new client and her company would likely be toast legally speaking from the standpoint of DMCA safe harbor protection under Section 512(c). Needless to say, we are working on these potential liability concerns before something really unfortunate happens.

Best practices to qualify for DMCA’s safe harbor under Sec. 512(c)

Now granted, most of my online and e-commerce oriented clients do not have these particular sets of facts to have to deal with. The following are some basic best practices that, while they won’t immunize you from all harassing or frivolous DMCA claims your business might encounter, can help put your website, app, or online business in the best position to take advantage of the safe harbor of Section 512(c):

  1. Designate an agent for receipt of copyright claims both on your website and in an online U.S. Copyright Office filing.
  2. Have, implement, and inform your users of your website or apps “repeat infringer” policy.
  3. Adopt a process to receive and handle notices, claims, or allegations of users, visitors, or third-parties that could be considered actual knowledge of infringement or facts and circumstances making such infringement apparent.
  4. Expeditiously take down infringing matter as soon as your site or app has knowledge or awareness, whether such knowledge on your own or via a third-party.
  5. Strenuously follow and apply the DMCA’s notice and “take down” regime.

Ben Bhandhusavee is the Managing Attorney for BHANDLAW, PLLC, a startup, technology, and e-commerce law practice advising founders and management teams on company startup, corporate and technology transactions, e-commerce, as well as Internet privacy concerns. The firm serves corporate and individual clients throughout Arizona, the United States, and internationally. Our offices are conveniently located along the Camelback corridor in Phoenix’s financial district. For more information about our Copyright Law practice, feel free to reach out using the contact form on the right or call us at (602) 222-5542 to schedule a meeting. Connect with Ben on LinkedIn or Avvo.