UK: Privacy V. Piracy

Last Updated: 27 September 2005
Article by Mark Watts and Myles Jelf

While the title suggests some inherent conflict between ‘privacy rights’ and ‘intellectual property rights’, this isn’t necessarily the case. In most situations, privacy rights and IP rights don’t compete with each other. This is because privacy rights are focussing on protecting the private life of individuals (broadly speaking), while IP rights are often focussing on the protection of publicly distributed materials and information (the law of confidentiality, perhaps being a slight exception to the latter). So, for a long time, their paths haven’t needed to cross all that often. However, the distribution of intellectual property content such as books, films, and music is increasingly electronic and new technology, such as Digital Rights Management (DRM), is becoming more popular amongst copyright owners, enabling the monitoring of private ‘consumption’ of their content. Also, the possibility of significant IP infringing acts taking place at home is increasing, through the popularity of Peer-to-Peer (P2P) file-sharing networks. Now, more than ever before, both sets of rights need to be considered together. Are they heading for a collision?

To someone who sees the world in terms of privacy rights, it’s all about protecting intellectual freedoms – the freedom to have one’s own thoughts, ideas, likes and dislikes, which privacy rights attempt to protect by restricting access to, and use of, private information (which may also be ‘personal data’ in data protection terms). The fear is that if others have access to details of the books a person reads, the music he listens to and the files he downloads, it will shape that person’s behaviour, his freedom, and taking it to its extreme, ultimately his identity.

To someone who sees the world in terms of IP rights, it’s all about rewarding creativity and investment. The argument goes: why would anyone go to the trouble of writing a book, making a film, or writing a computer program (ignoring open source software for now…), if everyone else is able to take advantage of their work for free? Generally speaking, IP rights seek to reward a person’s investment of time, energy and creativity by restricting access to, and use of, the results of him exercising his intellectual freedom.

Before identifying new areas of potential conflict, it’s important to recognise that privacy rights and IP rights can also compliment each other in certain situations. For example, a company may regard its customer mailing list as an important commercial asset, protected by various IP rights, such as confidentiality, copyright and database right, any of which could be used to prevent the unauthorised use of the customer mailing list by a third party. In such a case though, privacy rights in the form of data protection obligations, may also prevent a third party from making use of the mailing list. Privacy and IP are pulling in the same directions.

Equally, privacy rights, albeit in the form of a "private" confidentiality right, may be relied upon to prevent the unauthorised publication of, say, family photographs – but so could the IP rights subsisting in the photographs (assuming their ownership is with the family concerned). Again, privacy and IP are pulling in the same direction.

The prospect of tension between privacy and IP increases though particularly in connection with copyright works distributed electronically, for example, via the Internet, either as legal downloads protected by DRM technology, or illegal copies distributed via P2P file sharing. This was highlighted recently by the Article 29 Working Party in its paper entitled "Working document on data protection issues related to intellectual property rights" (WPP 104), where it said, "the Working Party acknowledges the necessity of implementing measures to safeguard the rightful interests of holders of intellectual property rights against alleged fraud". While the owners of IP rights may take comfort from the use of strong words such as "fraud" and "necessity", the WPP went on to say that, "as far as investigation powers are concerned, the Working Party deems it necessary to recall that investigations performed by [copyright holders] must be performed in a clear legal framework." The implication is that the anti-piracy measures of some copyright owners infringe unjustifiably on the privacy rights of some users.

In relation to the enforcement of IP rights, nowhere is the tension between privacy and piracy more acute than in relation to illegal P2P downloading. To the average teenager, P2P file sharing probably seems like Christmas come early. All he needs to do to get ‘free’ music is download some file-sharing software, like Grokster or Kazaa (also free and readily available), and he’s fully equipped to download music from the Internet. If he’s feeling ‘public-spirited’, he may also decide to share his music collection with others by making his MP3 files available from a shared directory on his machine, uploading in other words.

To download a particular song, a user searches for it using the search functionality built into the file-sharing software. How the search mechanism works depends upon the type of file-sharing network used. These days, unlike the Napster system, perhaps the most well known of the file-sharing networks, most P2P networks use a distributed computing architecture, which does not rely on a central server containing a list tracks available for download. Instead, tracks are located via a process of cascaded queries sent to the individual computers comprising the P2P network. So, for example, if a user searches for a track his computer asks its immediate neighbours (neighbours in P2P file-sharing terms) whether they have the track or not. If they don’t then the query is forwarded to the next few computers connected to each of the computers originally asked. In this respect, the user’s original query fans out across the P2P network until a computer containing the track requested is identified. Perhaps several will be found if it is a popular track. The user who initiated the search is then sent a list of the computers from which the track is available for download. An extract of the results of a search on "Elvis" might look something like this:

Quality

Name

Type

Size

Speed

Location

­* * * * * ­ ­ ­ ­

Elvis – Burning love

mp3

4.5 KB

Modem

82.21.18.19

­* * * ­ ­

Elvis Costello – Oliver’s army

mp3

3.2 KB

DSL

81.23.4.21

* * * * ­ ­ ­

Elvis Presley – All shook up

mp3

4.1 KB

DSL

68.1.1.23

Once the user has selected which machine to download the track from, perhaps on the basis of file size, connection speed or sound quality, etc. his computer makes a direct connection to that machine and a direct download commences. The intermediate computers involved in cascading his initial query are not involved in the actual download process. (Note that this is a simplistic description of a "typical" P2P network and several variants exist, some of which do not involved the sharing of IP addresses in quite the same way, nor require the whole track to be downloaded from one computer).

So, it’s ‘free’ music for all, at least through the eyes of our teenaged user.

But of course the activity described is illegal. The act of creating a local digital copy of a CD on one’s PC (ripping) is copyright infringement. What’s more, since the implementation of the Electronic Copyright Directive (2001/29/EC), it is a specific "restricted act" to communicate sound recordings or films to the public, which is to say that it is an act that only the copyright owner may do or authorise. Accordingly, uploading – moving mp3 files into a shared directory that can be accessed by other P2P users – is itself an infringing act. This is the case whether or not any of the files are actually downloaded. Such an act can even amount to a criminal offence in circumstances where the communication is in the course of business or to such an extent as to affect prejudicially the copyright owner.

Being illegal in theoretical terms is one thing. Being able to enforce one’s rights as a copyright owner is another, particularly when the Internet is involved. How would a copyright owner even identify that illegal downloading is taking place? Well, in fact, its relatively straightforward to do so. To identify an "uploader", all one has to do is to search for your own copyright work. As shown in the table above, the search results identify the IP addresses used by those machines where the track is stored and from which it is available. Identifying a "downloader" is slightly more difficult as it isn’t possible to search for users who have downloaded your copyright work. However, a copyright owner may include decoy files of their work works in a machine enabled to form part of common P2P networks (i.e. so that they are queried for tracks in the manner described above). Not only might a decoy file describing itself as, "Take Me Out" not be by Franz Ferdinand, it’s likely to include a copyright warning and, more importantly still, allow the copyright owner to identify the machine seeking to download such a track, via it’s IP address. Remember, the uploader’s and downloader’s machines make a direct connection while the file is actually downloaded, so the downloader’s IP address in data protection terms is "collected" by the copyright owner.

Which raises an interesting question about IP addresses: are they personal data? Because if they are then surely the copyright owner should be complying with the applicable data protection laws, which may require that notice of the data collection be provided (unless a relevant exemption applies). This would make surreptitiously collecting the IP addresses of uploaders and downloaders rather difficult. Well the answer is it depends.

It comes down to the question of whether an individual user is "identifiable" from the IP address he is using, the IP address being the 4 to 12 digit number assigned by his internet service provider (ISP) to the account holder’s device that is connected to the internet (e.g. 194.178.86.66). Recital 26 of the Data Protection Directive requires "…account [to be] taken of all means reasonably likely … to identify said person." And for many the fact that the user’s ISP always knows an account holder’s "real world" identity from the IP address allocated to him is sufficient. As the influential Article 29 Working party put it, "The Working Party emphasises that IP addresses attributed to Internet users are personal data."

But that’s not to say that the question is beyond doubt. While in the hands of the ISP the account holder is of course identifiable from an IP address, what about when the IP address is merely in the hands of the copyright owner, as in the situation above? For reasons that are explained later, it’s unlikely that an ISP is able to disclose the account holder’s identifying details to the copyright owner, a fact which surely be taken into consideration when assessing the "reasonable likelihood" referred to above. Moreover, much has been made of the distinction between "dynamic" IP addresses, where the account holder is allocated a new IP address each time he makes a dial-up connection, and "static" IP addresses where the IP address allocated to his device is more persistent, such as with broadband connections. It’s argued that dynamic IP addresses are less likely to be identifying (and so personal data) due to their transient nature and, in particular, the fact that the copyright owner may not even be able to recognise (a lower standard than "identify") a persistent uploader or downloader due to their use of different IP addresses on various occasions (unless of course they choose to use a username, as many do). Nor is it necessarily the case that a static IP address equates to personal data. As wireless broadband grows in popularity, situations where several users are sharing an Internet connection via a wireless router are increasingly common. In these situations, even the ISP does not know the identity of the actual user, only the account holder. Indeed, the ability of users to connect to any open wireless network makes it likely that even the account holder will not know the user’s identity. At some point, as the prospect of a link to the "real world" identity of a particular user from an IP address ceases even to be theoretically possible, the IP address used must surely cease to be personal data.

Armed with a list of the IP addresses used by uploaders and downloaders, what can a copyright owner find out? If the IP address relates to a website, as opposed to an individual user’s machine, then a reasonable amount simply by consulting any of the online domain name registries or "Who is?" databases. (In connection with P2P file sharing, a website is only likely to be involved if the user promotes the availability of their MP3 files or makes the file-sharing software available for download).

What about an individual user, a ‘mere’ downloader, where no website is involved? There are numerous online search sites (see, for example, www.dnsstuff.com) from which it is possible to find out the name of the ISP that allocated the IP address and, roughly speaking, the user’s physical location (e.g. London).

These online search tools have recently attracted the attention of the Article 29 Working Party which, "insists on the legal restrictions applying to the re-use of personal information". The "re-use" restriction they’re referring to is the "purpose limitation" principle – that the information made available via these databases was originally collected for a different purpose and so should only ever be processed in a manner compatible with that original purpose – despite the information being publicly available. A difficulty arises though because, as the Working Party acknowledges, it’s not entirely clear what the original purpose of the Whois? databases was -- or is. To enable queries, technical or otherwise, to be made of the domain name owner, perhaps regarding his registration of a particular domain name? Probably, but given that many domain queries end up in a domain name or trade mark-related dispute, who’s to say that contact with the domain name owner in connection with other forms of IP dispute, such as online copyright, is not also within the original purpose? The position is far from clear, but can a copyright owner really be expected to turn a blind eye to publicly available information that may enable it to enforce its legitimate IP rights?

In any event, to get to the actual uploader or downloader, the copyright owner clearly needs to get in touch with that user’s (alleged infringer’s) ISP. Say he does. Can the ISP simply disclose the user’s identity? No, or at least, it’s very unlikely that the ISP will want to or can do so lawfully. The ISP is likely to be (in the language of the E-Commerce Directive) a "mere conduit" that has no involvement in, or prior to being contacted by the copyright owner, knowledge of their subscriber’s infringing acts. It’s likely that they will have made certain contractual commitments to the subscriber regarding confidentiality in their subscriber agreement. Accordingly, responding to a copyright owner’s requests by simply providing the details requested is likely to put the ISP in breach of data protection legislation restricting disclosure on the grounds of "fair and lawful processing" and "purpose limitation" and in breach of its subscriber agreements. Moreover, most ISPs appreciate that any suggestion that they will disclose their members’ details at the drop of a hat is likely to damage confidence amongst their membership.

Of course there are exemptions under most data protection laws for disclosures made in connection with legal proceedings, which the copyright owner will no doubt argue apply in the P2P infringement situation described above. And they may well do. Indeed, even the ISP may be persuaded that disclosure is "necessary in connection with legal proceedings" (broadly speaking, the language of the most relevant exemption), as the party disclosing the personal data need not be a party to those proceedings. Nevertheless, since it is the ISP that would be in breach if the exemption does not adequately cover their disclosure, and perhaps in order to defuse any potential complaints from its members, it’s likely, indeed wise, for the ISP to require the copyright owner making the request to obtain a court order. What’s more, the Article 29 Working Party has expressed the view that it should always be the court, rather than the ISP, which decides upon the application of exemptions in these sorts of cases.

But to get a court order, the copyright owner must sue the ISP. How can it when the ISP has done nothing wrong – a "mere conduit"? By applying the principle established by the House of Lords in the Norwich Pharmacal case [1974] that "if through no fault of his own a person gets mixed up in the tortuous acts of others so as to facilitate their wrongdoing he may incur no personal liability but comes under a duty to assist the person who has been wronged by giving him full information and disclosing the identity of the wrongdoers." It’s a principle that has been applied by the courts in many situations, including those where the identities of IP infringers are unknown, and against ISPs. Until 2001 though, an ISP (and, equally, others on the receiving end of a Norwich Pharmacal application) had a dilemma: if the ISP requires a copyright owner to obtain a court order – for all the valid commercial and legal reasons explained above – it might nevertheless find itself liable for the copyright owners’ legal costs of obtaining it, assuming that the copyright owner is successful. While the award of legal costs is discretionary, often in adversarial proceedings, the loser pays a large proportion of the winner’s costs. In Totalise plc v Motley Fool [2001], the Court of Appeal was sympathetic to the ISPs position, at least in situations where the ISP wasn’t just being difficult for the sake of it. The court recognised that it was reasonable for an ISP to require the copyright owner to obtain a court order and yet not have to pay costs where the ISP:

  • had a genuine doubt that the person seeking disclosure was entitled to it
  • was under a legal obligation not to reveal the information
  • could be subject to legal proceedings if the disclosure was made voluntarily
  • might suffer damage by voluntarily giving the disclosure
  • disclosure might infringe the legitimate interest of another

Accordingly, if the legal costs downside can be avoided, ISPs would be well advised to require a copyright owner seeking disclosure to obtain a court order requiring the ISP to do so.

The end result? Copyright owners can use existing legal theories and procedures to enforce their IP rights in connection with online piracy. This provides little in the way of relief for many copyright owners, however, considering the scale of the problem they face. Illegal downloading is rife. It’s simply too easy. In the digital world, even any potential loss in sound or image quality, which might deter some, is something that would-be uploaders and downloaders can control. Perfect copies can be made these days, in contrast to older tape-to-tape systems, or recording Top of the Pops off the television. Because copyright owners can’t sue every downloader many are looking to technology to prevent unauthorised copying occurring in the first place – a technology broadly referred to as Digital Rights Management (DRM).

Definitions of DRM abound and often it gets confused with cruder copy-protection mechanisms. Basically, it compromises a system, perhaps both hardware and software, that specifies, manages and enforces a set of "rules" in relation to digital content, the distribution (i.e. copying) and use of that digital content in particular. It may involve copy protection and/or it may involve ensuring the inclusion of a copyright notice in all digital forms of the work, or it may involve the collection of certain information about the user – what songs they played, when, how many times, how many copies they have made, all of which may be combined with details about who they are, depending on the type of DRM implemented. DRM should be thought of as enabling the use of digital content to be controlled after it is in the hands of the end-user, which makes it quite unlike "traditional" (i.e. offline) forms of content distribution, such as books, CDs, magazines and videos. Usually, the DRM-protected content is distributed in encrypted form, which in order to be played or watched or read or whatever requires the user to have a "key" enabling his hardware and/or software to de-encrypt the content. The user acquires this key when the digital content is acquired (i.e. downloaded or streamed), and it is this key that both allows and limits the user’s use of the content, matching in technical terms the scope of the licence terms granted to the user by the copyright owner.

For many copyright owners, the emergence and increasing sophistication of DRM is exciting for reasons beyond preventing, or at least inhibiting IP infringement. It opens up a new world of possibilities in terms of business models for the distribution of digital content that go beyond the traditional one time "sale" of a copy, be it a book, CD or DVD. And it would appear that consumers too are excited about the possibilities for acquiring content via new means, as evidenced by the number of songs downloaded from iTunes, Apple’s online music store, exceeding one billion recently. Users of iTunes point to the convenience of being able to buy individual tracks, as opposed to whole CDs, and the ability to play free 30 second snippets of tracks before purchasing them. By contrast, Napster (in its new legal incarnation) uses a subscription-based business model where for a flat monthly fee users can enjoy unlimited "streaming" of tracks to their computer (think of this as similar to an Internet radio where the user chooses which tracks are played) or download them to their computer and play them for as long as their subscription is valid. Alternatively, for a higher flat monthly fee, tracks can be downloaded to mobile devices or burnt to a CD for a fee calculated on a per track basis. There are numerous other legal music sites, all adopting similar yet subtly different pricing and distribution models.

DRM is not without its controversies and opponents, however. Critics, for example, object to DRM’s impingement on users’ "fair dealing" rights, which is to say users ability to make lawful use and copies of copyright material by preventing access even in situations that are recognised as lawful under most copyright laws, such as copying for the purposes of private study. But critics of DRM and champions on privacy are also concerned about the impact of DRM on the privacy rights of the individual.

This article started by describing the importance of intellectual freedom to someone who sees the world in terms of privacy rights, their desire to read and watch and listen to whatever they want without fear of their intellectual consumption being monitored. In the offline world, such content can be enjoyed anonymously, particularly if acquired via cash purchase, and for many it is important that the possibility of doing so exists in the online world too. The continuous link between the user’s activities and the copyright owner enables the copyright owner to know which track the user played, how many times the chorus was played, whether an attempt was made to make an unauthorised copy of the material, and so on, resulting in what many regard as unprecedented levels of surveillance where a user’s own computer may "dob him in" to a copyright owner! A copyright owner also acquires a detailed and powerful profile of users’ consumption habits, with all the attendant marketing possibilities that brings. But perhaps worst of all, many would say, much of this monitoring takes place in the user’s private space – their home.

These fears are sufficiently justified for the Article 29 Working Party to offer their view in WPP 104. They highlighted the need for "fair and lawful" processing – are users being told what information about their use of DRM content is being collected, by who and what’s done with it? For some uses consent will be necessary, particularly where use of the information for direct marketing would amount to "repurposing" the data. Perhaps their most significant remark though was their reminder that the "proportionality principle" applies – that only the minimum amount of personal data for the particular purpose should be collected i.e. collect what you need and no more, a principle which cannot simply be "cured" by obtaining the user’s consent. The Working Party "seriously" questioned the collection by copyright owners of data about all forms of content usage, including legal usage, just in case it would enable copyright owners to identify the source of unauthorised use in the future. It also urged the development of DRM technologies that operate anonymously on a "platform" level rather than an "information level", systems that are recognised as "trusted" and entitled to access certain content, which technically prevent unauthorised acts, yet do not monitor content consumption on a track-by-track or page-by-page level.

As DRM starts to gain traction amongst copyright owners distributing content online, developers of DRM-related technologies need to ensure that their systems incorporate sufficient flexibility while the privacy versus piracy debate continues. It’s only just started. The data protection regulators, via WPP 104, have voiced some preliminary concerns. The millions of undeterred users who access legal DRM content online are having their say too, but it’s early days. Right now, it’s easy enough to enjoy content anonymously, at home or wherever. As and when the Internet becomes the norm for how we access our content though, consumers may start to pay more attention to how much of their intellectual freedoms they are prepared to give up and how much reach they are prepared to allow copyright owners into their homes. It may be a surprisingly large amount if in exchange for added convenience and lower cost.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on Mondaq.com.

Click to Login as an existing user or Register so you can print this article.

Authors
 
In association with
Related Video
Up-coming Events Search
Tools
Print
Font Size:
Translation
Channels
Mondaq on Twitter
 
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).
 
Email Address
Company Name
Password
Confirm Password
Position
Mondaq Topics -- Select your Interests
 Accounting
 Anti-trust
 Commercial
 Compliance
 Consumer
 Criminal
 Employment
 Energy
 Environment
 Family
 Finance
 Government
 Healthcare
 Immigration
 Insolvency
 Insurance
 International
 IP
 Law Performance
 Law Practice
 Litigation
 Media & IT
 Privacy
 Real Estate
 Strategy
 Tax
 Technology
 Transport
 Wealth Mgt
Regions
Africa
Asia
Asia Pacific
Australasia
Canada
Caribbean
Europe
European Union
Latin America
Middle East
U.K.
United States
Worldwide Updates
Check to state you have read and
agree to our Terms and Conditions

Terms & Conditions and Privacy Statement

Mondaq.com (the Website) is owned and managed by Mondaq Ltd and as a user you are granted a non-exclusive, revocable license to access the Website under its terms and conditions of use. Your use of the Website constitutes your agreement to the following terms and conditions of use. Mondaq Ltd may terminate your use of the Website if you are in breach of these terms and conditions or if Mondaq Ltd decides to terminate your license of use for whatever reason.

Use of www.mondaq.com

You may use the Website but are required to register as a user if you wish to read the full text of the content and articles available (the Content). You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these terms & conditions or with the prior written consent of Mondaq Ltd. You may not use electronic or other means to extract details or information about Mondaq.com’s content, users or contributors in order to offer them any services or products which compete directly or indirectly with Mondaq Ltd’s services and products.

Disclaimer

Mondaq Ltd and/or its respective suppliers make no representations about the suitability of the information contained in the documents and related graphics published on this server for any purpose. All such documents and related graphics are provided "as is" without warranty of any kind. Mondaq Ltd and/or its respective suppliers hereby disclaim all warranties and conditions with regard to this information, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Mondaq Ltd and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use or performance of information available from this server.

The documents and related graphics published on this server could include technical inaccuracies or typographical errors. Changes are periodically added to the information herein. Mondaq Ltd and/or its respective suppliers may make improvements and/or changes in the product(s) and/or the program(s) described herein at any time.

Registration

Mondaq Ltd requires you to register and provide information that personally identifies you, including what sort of information you are interested in, for three primary purposes:

  • To allow you to personalize the Mondaq websites you are visiting.
  • To enable features such as password reminder, newsletter alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our information providers who provide information free for your use.

Mondaq (and its affiliate sites) do not sell or provide your details to third parties other than information providers. The reason we provide our information providers with this information is so that they can measure the response their articles are receiving and provide you with information about their products and services.

If you do not want us to provide your name and email address you may opt out by clicking here .

If you do not wish to receive any future announcements of products and services offered by Mondaq by clicking here .

Information Collection and Use

We require site users to register with Mondaq (and its affiliate sites) to view the free information on the site. We also collect information from our users at several different points on the websites: this is so that we can customise the sites according to individual usage, provide 'session-aware' functionality, and ensure that content is acquired and developed appropriately. This gives us an overall picture of our user profiles, which in turn shows to our Editorial Contributors the type of person they are reaching by posting articles on Mondaq (and its affiliate sites) – meaning more free content for registered users.

We are only able to provide the material on the Mondaq (and its affiliate sites) site free to site visitors because we can pass on information about the pages that users are viewing and the personal information users provide to us (e.g. email addresses) to reputable contributing firms such as law firms who author those pages. We do not sell or rent information to anyone else other than the authors of those pages, who may change from time to time. Should you wish us not to disclose your details to any of these parties, please tick the box above or tick the box marked "Opt out of Registration Information Disclosure" on the Your Profile page. We and our author organisations may only contact you via email or other means if you allow us to do so. Users can opt out of contact when they register on the site, or send an email to unsubscribe@mondaq.com with “no disclosure” in the subject heading

Mondaq News Alerts

In order to receive Mondaq News Alerts, users have to complete a separate registration form. This is a personalised service where users choose regions and topics of interest and we send it only to those users who have requested it. Users can stop receiving these Alerts by going to the Mondaq News Alerts page and deselecting all interest areas. In the same way users can amend their personal preferences to add or remove subject areas.

Cookies

A cookie is a small text file written to a user’s hard drive that contains an identifying user number. The cookies do not contain any personal information about users. We use the cookie so users do not have to log in every time they use the service and the cookie will automatically expire if you do not visit the Mondaq website (or its affiliate sites) for 12 months. We also use the cookie to personalise a user's experience of the site (for example to show information specific to a user's region). As the Mondaq sites are fully personalised and cookies are essential to its core technology the site will function unpredictably with browsers that do not support cookies - or where cookies are disabled (in these circumstances we advise you to attempt to locate the information you require elsewhere on the web). However if you are concerned about the presence of a Mondaq cookie on your machine you can also choose to expire the cookie immediately (remove it) by selecting the 'Log Off' menu option as the last thing you do when you use the site.

Some of our business partners may use cookies on our site (for example, advertisers). However, we have no access to or control over these cookies and we are not aware of any at present that do so.

Log Files

We use IP addresses to analyse trends, administer the site, track movement, and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.

Links

This web site contains links to other sites. Please be aware that Mondaq (or its affiliate sites) are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of these third party sites. This privacy statement applies solely to information collected by this Web site.

Surveys & Contests

From time-to-time our site requests information from users via surveys or contests. Participation in these surveys or contests is completely voluntary and the user therefore has a choice whether or not to disclose any information requested. Information requested may include contact information (such as name and delivery address), and demographic information (such as postcode, age level). Contact information will be used to notify the winners and award prizes. Survey information will be used for purposes of monitoring or improving the functionality of the site.

Mail-A-Friend

If a user elects to use our referral service for informing a friend about our site, we ask them for the friend’s name and email address. Mondaq stores this information and may contact the friend to invite them to register with Mondaq, but they will not be contacted more than once. The friend may contact Mondaq to request the removal of this information from our database.

Security

This website takes every reasonable precaution to protect our users’ information. When users submit sensitive information via the website, your information is protected using firewalls and other security technology. If you have any questions about the security at our website, you can send an email to webmaster@mondaq.com.

Correcting/Updating Personal Information

If a user’s personally identifiable information changes (such as postcode), or if a user no longer desires our service, we will endeavour to provide a way to correct, update or remove that user’s personal data provided to us. This can usually be done at the “Your Profile” page or by sending an email to EditorialAdvisor@mondaq.com.

Notification of Changes

If we decide to change our Terms & Conditions or Privacy Policy, we will post those changes on our site so our users are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If at any point we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users by way of an email. Users will have a choice as to whether or not we use their information in this different manner. We will use information in accordance with the privacy policy under which the information was collected.

How to contact Mondaq

You can contact us with comments or queries at enquiries@mondaq.com.

If for some reason you believe Mondaq Ltd. has not adhered to these principles, please notify us by e-mail at problems@mondaq.com and we will use commercially reasonable efforts to determine and correct the problem promptly.