Thursday, May 31, 2007

Mum's The Word

Another late catch up from my hols, mainly for own benefit. Mumsnet, the non-profit site run part-time by single mothers to advise on parenting, has capitulated to Fearsome Lawyers without going to court. Pangloss is rather sad.

From OUT-LAW:

"Mumsnet was sued by Gina Ford, who is famous for espousing strictly regimented baby routines, over comments made in the site forums. The long-running case has been settled with a Mumsnet apology and a payment to Ford, but Mumsnet founder Justine Roberts has asked the DCA to reform the law.

"Though we don't accept that any of the comments made on Mumsnet were defamatory, we took the decision to settle at least in part because of the distinct lack of clarity about how the defamation law applies to web forums," [said Roberts]..

The main problem seems to have been uncertainty about what "expeditious" removal on notice means under the EC E-Commerce Regulations.

"Roberts explained her dilemma: "How expeditious is expeditiously?" she asked. "We settled because there were some comments left up there for longer than 24 hours – though not much longer than 24 hours."

This is madness. My own recent empirical (as yet unpublished) research has shown a wide variation in time taken to remove content among UK ISPs and websites , from about 24 hours to a week, depending on the type of content, the urgency of the request and who is doing the asking. Pangloss agrees that more guidance is vital, in code of practice if not in law.

In the US, the moderator of a mailing list or website forum is exculpated under s 230 (c) of the CDA in respect of the content of posters- see Batzel v Cremers. Although s 230(c) is often seen as over wide, this is a ruling we could emulate, especially where the moderator makes no commercial gain from the site; it could always be subject perhaps to a removal of immunity where there is egregious breach of care (eg the email posted is forwarded from someone else and says DO NOT DISTRIBUTE in large capital letters.) Moderators of "public advice" websites are more like archivists than publishers; they rarely if ever make money from adverts or subs and do a good public service.

(It is fun to look back at this case today and compare it to whether Live Journal should be held liable in respect of members posting fiction containing under age rape. ISP liability is a wonderful area.)




AVMS DIrective also finally passed

Good god the EU people really want their hols don't they? This one also seems to have been going as long as I can recall..

"The new proposal is called the Audiovisual Media Services (AVMS) Directive and will replace the TV Without Frontiers Directive. It will permit product placement as long as warnings are screened and will extend TV regulation to audiovisual material on the internet or on on-demand networks.

Though there is some regulation of on-demand services, the regulatory burden is far lighter than it is on scheduled services."


No time for real comment but Pangloss plans to look see what the line IS between Internet and TV (if it can be drawn) - what of this, for example?

The Directive covers audiovisual services as defined in Art 1(a):

"‘audiovisual media service’ appears to be defined by responsibility, purpose, and service provision:

=" a service as defined by Articles 49 and 50 of the Treaty which is under the editorial
responsibility of a media service provider and the principal purpose of which is the
provision of programmes in order to inform, entertain or educate, to the general public by electronic communications networks within the meaning of Article 2(a) of Directive 2002/21/EC of the European Parliament and of the Council. Such audiovisual media
services are either television broadcasts as defined in paragraph (c) of this Article or ondemand services as defined in paragraph (e) of this Article." [bold added]

(aa) 'programme' means a set of moving images with or without sound constituting an individual
item within a schedule or a catalogue established by a media service provider and whose form
and content is comparable to the form and content of television broadcasting. Examples of programmes include feature-length films, sports events, situation comedy, documentary, children’s programmes and original drama."

If anyone wants to interpret all that for me I'm all ears. Oh what the hell I'll have a go..

At very first blush it looks like You Tube do inded provide "programmes" (individual videos accessed in a catalogue) . "Editorial responsibility' means "the exercise of effective control both over the selection of the programmes and over their organisation ... in a catalogue, in the case of on-demand services. (AND) Editorial responsibility does not necessarily imply any legal liability under national law for the content or the services provided." (Art 1(ab)). That also seems to fit, the final sentence being crucial. So YT are a media service provider because they take editorial reponsibility (Art 1(b))

So - continuing the worked example - Is You Tube an ondemand service? Looks like it:

"'on-demand service' (i.e. a non-linear audiovisual media service) means an audiovisual media service provided by a media service provider for the viewing of programmes at the moment chosen by the user and at his/her individual request on the basis of a catalogue of programmes selected by the media service provider". (Art 1(e)). Tick.

So YT does seem to fall under the AVMSD in its pure Internet form, even before its content gets as far as Apple TV. But will Apple TV be a television broadcast, which would mean the same content would fall under two different regimes of regulation within the AVMSD? Nope, because acc to Art 1(c), that is a "a linear audiovisual media service" ie "an audiovisual media service provided on the basis of a programme schedule."

Which has the happy result of meaning that YT videoes whether on the Net or the Apple TV don't have to comply with Art 22 of the AVMS< which only applies to "television broadcasts" and requires them to comply with conventional national broadcasting standards for the protection of children. So no "watershed" requirement for adult content on YT!

BTW- I think this Directive has the best definitions section I've ever seen actually: anyone for a "‘surreptitious audiovisual commercial communication'? It means a web bug, I think.


In fact this is one of the topics of the panel I'll be moderating at the upcoming SCL Conference so hopefully I'll learn something to report!

Google faces EU Regulation?

FInally today (honest), the Art 29 WP has issued a significant letter criticising Google's privacy protection of personal data. Google is now to be the subject of an Art 29 report.

Google's recent olive branch of increasing privacy protection by anonymising server logs older than 18-24 months old is dismissed as insufficient data minimisation for EU law. In particular the 30 year duration of a Google cookie (!) is mentioned as disproportionate.

Interesting to compare our cousins over the pond.. where this blogger is suggesting that Google can be seen as the Transparent Society in action. Since everyone, including commerce and the state already collects far more data about us than we know of or can control, isn't a way to fight back to have all that data openly available to everyone not just the state - as collected by a private and semi neutral organisation, ie Google?

"On the one side is that massive data integration by the State - and if you think you'll see much data from that, you'll be waiting a long time. On the flip side all the other data, just put out there for people to use. The State's default mode is to hide everything, Google's is to put it out there for everyone to use.

I know which society I'd prefer to live in."

I don't agree, at all, but it's an interesting angle. Especially in the age of the shadow of the ID database..

Back at market regulation, Web 2.0 is already beginning to provide us with companies whose business model is to allow you to track down what data people hold about you (a right you have in law under DP but how the hell do you do it in aggregate in practice) - try looking at Garlik for example.

ps More from the Beeb on this with an emphasis on Google's recent acquisition of DoubleClick.

Rome II

Less exciting than LJ censorship, and slightly late, but still significant: Rome II which seems to have been trundling on All My LIfe has finally reached a common agreement as of May 15 2007. the full text of the agreement does not yet seem to be available but many details are on Diana Wallis MEP's site.

As I'm sure you all know, Rome II deals with harmonising choice of law rules in cross-jurisdiction tort (delict) cases just as Rome I did for contracts.

Some interesting parts of the (very complicated) agreement for IT lawyers:

"Violation of privacy or rights relating to the personality:

While it was agreed that legal actions connected with those rights will be excluded from the scope of this Regulation, the Commission was asked through a review clause to present, not later than 31 December 2008, a study on the situation in the field of the law applicable to non-contractual obligations arising out of violations of privacy and rights to relating to personality, taking into account rules relating to freedom of the press and freedom of expression in the media. Violations of privacy resulting from the handling of personal data will be also dealt with in the Commission’s study."

"Unfair competition and acts restricting free competition:

A compromise solution was found. It will allow for the application of one single law, while at the same time limiting, as far as possible, “forum shopping” by claimants."

It also seems that a similar report to the one on privacy related torts will be prepared on defamation rules by end 2008. This is has been a particular bugbear: the Commission excluded defamation altogether from Rome II but in January 2007 the MEPS voted to put it back in. This is of course highly significant for Internet libel cases. Previously when defamation was turfed out of Rome II, review would only have taken place four years after the passing of the Regulation.


It sounds to Pangloss , however, like this "final" agreement is not that final!

(with thanks to Gerrit Betlem for tip off.)


And More LJ..

Interesting climbdown.

I guess that one can be chalked up as another, albeit belated, victory for the users in web 2.0 culture - rather as with AACS and Digg.

It also makes it fairly plain that LJ's main worry was probably the appearance of locked communities to advertisers (where the visble content is mainly the "interests" - such as rape or paedophilia - rather than serious legal worries. Or perhaps that's too cynical.)

"We have always been strong supporters of free speech and at the same time we believe deeply that children deserve special protections as well as the victims of violence and hate. ... One could say that no matter what we did we would either be accused of opposing free speech or endangering children but I am sure we should and could have done this much better. "

I have a lot of sympathy:-)

Wednesday, May 30, 2007

Live Journal Attacked by Inocents (?)

A massive web 2.0-type censorship farrago has (yet again) engulfed Live Journal, probably the social blogging and networking site most popular with "fandom" - which includes the loose and vast collection of communities where people write slash fiction about under-age characters (as in Harry Potter and his cronies, for example.)

A rather shady outfit called Warriors for Innocence ("hunting pedophiles where they fester") appear to have either cajoled or threatened Live Journal (or its corporate owners, Six Apart) into taking down and/or deleting entries on a number of journals and communities whose "interests" keywords included terms like rape, teen, child and incest. In response , accusations are being made that some of these communities were for people who simply liked writing fan fiction and had absolutely no intention of encouraging or participating in sex with minors in "real life"; while other communities were actually doing positive good in that they were there to support incest survivors.

The usual web 2.0 battleground has now been thoroughly drawn up, with various calls for class actions for breach of contract against LJ, libel suits against WFI, claims WFI are actually an anti-LGBT group, and calls for symbolic one-day deletion of journals and user migration to other sites like GreatestJournal (which uses the same software as LJ and has been an alternative home in previous episodes of disenchantment with LJ, such as when default user icons showing breatfeeding and naked nipples (!) were banned).

The law as to LJ's possible liability seems at first clear, but has the odd wrinkle. First, no one seems very convinced that writing pedophilic literature (as opposed to taking, making, selling or distributing pictures of under age sex) is in fact any sort of criminal offence in any US state. Secondly, it is even less clear if publishing or facilitating the publication of such is a crime ("inducing pedophilia" anyone?). Thirdly, even if one assumes it is, would LJ be in any way criminally liable or would they be protected from liability? At first blush, this seems exactly the kind of situation the safe harbor of CDA was designed for. LJ , under the CDA, s 230 (c), as a service provider, should not be liable in respect of third party content.

However as every half awake blawger knows, the impact of s 230(c) on Web 2.0, user generated content sites has become steadily more blurry. As recently reported here, the social site Roommates.com was recently found liable by the Sixth Circuit for, in effect, publishing room listings placed by third parties which were in breach of anti-discrimination renting laws. Rommmates.com did not benefit from s 230 (c) because by providing a rigid template for entry of text, they had effectively become content providers, not just content platform provider.

It seems unlikely this would apply to LJ where almost all text is provided free form. On the other had, LJ does supply a "template" for journallers and communities to list their "interests" which are then used in searches. And it is these "interests" which are at the heart of LJ's current attempts at censorship. Could they have thought that Roommates.com left them at risk?

A rather more likely rumour is that LJ at first held firm, confident they were protected by the CDA, but panicked when WFI began going round their advertisers suggesting that LJ was not a nice place to hang out. This seems to have lead to a rather panicky surge of deletions of communities and journals. A more helpful approach would probably have been to have identified, before deletion or suspension, which communities were at least devoted to incest survivor support, and spared them the trouble of protest. Much of the furore also seems to surround accusations that LJ unilaterally changed its Terms of Service - yet it is completely clear that they reserved the right (sensibly) to do this at any time (clause 13, Revisions, of ToS).
Sparing "Fan" sites also seems a rather more difficult call: as Warren Ellis, the comics writer put it, "The outcome .. has been pure comedy, with comments that read very much like “I love spending all day reading about forced underage incestuous sex with squirrel fisting on top, but of course I’m not interested in that in real life — that’d make me a pervert!

Some "fan" writers have declared volubly that there is a vast difference between those who like to write fantasies of underage sex and those who'd ever wish to take part in them. PanGloss finds this a rather difficult call to expect a court, let alone a bunch of technohippies to make: surely every paedophile writer in the world would simply declare that oh no, they are merely a rampant Harry Potter slash fan?

Pangloss herself finds the degree of fan hysteria round this type of event a bit hard to stomach. LJ is a private site. It is not a state nor a common carrier nor a "public broadcaster" with positive obligations as to content, like the BBC in the UK. It is basically a business, one which rather oddly and sweetly does not seem to try to make maximum profits when it could (charge everyone, or show everyone ads.) The overwhelming majority of people using LJ still get their accounts and the extremely sophisticated functionality for free (and without advertising - ads are only given on consent, in return for which the user gets extra functionality, like being able to set up polls or have more user icons).

Yet in return for zero consideration, LJ seems to be expected by its clientele to take on a high dgree of risk in an uncertain area of law and to resist censorship at all costs. Yet in principle the situation is exactly as if Walmart had decided not to stock (say) Hello Kitty vibrators. Whether they are legal or not, it's Wallmart's store and Walmart's call. And if Walmart think those vibrators are a bit dodgy, either legally or in terms of alienating or annoying certain customers, then so be it. If they were stocking stuff they thought might or might not be legal, there isn't a lawyer in the world who wouldn't advise them to dump that stuff; and that's WALMART - who have millions of dollars and lawyers to fight prosecutions or civil suits.

An LJ or other web 2.0 site has the right to protect itself against the risk of being sued or prosecuted out of existence for taking on risk in an uncertain legal area. Would you rather have a world with LJ in it, albeit mildly policing the most extreme and likely to be dodgy of its boundaries, or a world with no LJ? Taking normal business steps to reduce legal risk is not the same as going over to the forces of censorship, fascism, illiberality and darkness.

It is interesting that many LJ users seem to feel LJ has a moral (not legal) duty to defend free speech over and above that of a normal business. PanGloss is not sure why. Isn't it good enough that they provide a global speech platform for free, and make efforts, it seems, not to "censor" (ie reduce legal risk) until someone with an agenda,like WFI, makes waves too big to ignore? In some ways , the web 2.0 social sites seem to have inherited the mantle of comforting and morally upright parent which we no longer expect of conventional nation states (?).



See also: Boing Boing

Useful links from LJ

Sample LJ Abuse team Letter

Wednesday, May 23, 2007

Blogzilla: Generation Y and privacy

Blogzilla has an interesting post on Generation Y and privacy.

I am in fact usually one of the doom sayers who argues that privacy norms and by extension, regulation, will have to change as the current Web 2.0 generation grows up. But perhaps I'm wrong? My very dear colleague Judith Rauhofer will be tackling the privacy "dark side" of Web 2.0 at my upcoming workshop in September (website coming soon.)

Tuesday, May 22, 2007

AllOfMP3.com declared fraudulent

Interesting story - the IFPI raid an agent of AllOfMP3.com, the infamous Russian-based illegal download service, in London.

"The individual was allegedly the UK-based European agent for allofmp3.com, facilitating the sale of digital downloads by advertising and selling vouchers through auction sites such as eBay and the website allofmp3vouchers.co.uk. That website has now been taken down from the internet. The vouchers contained a code that allowed UK and European consumers to access and download music illegally from the allofmp3.com website.

Charging £10 per voucher, the suspect was believed to be taking payment from European customers and transferring the cash into various offshore accounts operated by the site's Russian owners.

Metropolitan Police officers seized computer equipment and paperwork for further investigation. Early indications suggest the pirate operation may have generated criminal proceeds for the Russian website running into tens of thousands of pounds."

It is worth noting that the police executed the raid not under copyright law per se, but under Section 2 of the Fraud Act 2006 - legislation introduced into UK law in January 2007 specifically to combat online fraud. IPRED 2 was *not* involved. The 2006 Act makes it a criminal offense to dishonestly make a false representation for gain. A fales representation is one that is untrue or misleading and the person making it knows this. This is reportedly the first time the new fraud legislation has been used in a copyright-related case.

Interesting on two counts therefore. First, this is a good example of how even operating in a law haven like Rusia cannot necessarily save your business model in more lawful jurisdictions, when payment intermediaries are squeezed - Visa, Mastercard and even PayPal had ceased "laundering" payments to AllOfMP3.com from the UK making it almost unuseable by the average UK punter. (One wonders about Google Checkout?) . Similar strategies have been adopted successfully by the US to throttle online offshore gambling services offered to US nationals by countries like Antigua.

The legal liability of these payment intermediaries for providing funds access to AllOfMP3.com of course remains untested, as far as Pangloss knows. Would they be secondary infringers in UK copyright law, or "inducers" of copyright infringement in the US, a la Grokster? This must be the fear , but it would be nice to have had it judicially examined.

Secondly, the 2006 Fraud Act provisions were, it was thought, introduced to deal more effectively with "phishing", not copyright infringement - but it seems they have now been appropriated to that context. In Scotland where the 2006 Act does not operate, it is likely the existing common law of fraud would cover similar action. Is it fraud to take money in exchange for illegal services? One might argue that the punters were not being defrauded as they were getting exactly what they asked for , namely, downloads of music. Compare phishing where there is clear deception. The police/BPI argument would be that the punters are being deceived that what they are buying is legal in the UK. That, to Pangloss, seems in itself, rather deceptive:-)

Thursday, May 17, 2007

Web 2.0 sites beware!

Interesting decision from the States yesterday on immunity of hosts ("service providers") under CDA s 230 (c).

The Ninth Circuit Court of Appeals just determined that Roommates.com - a networking site for people looking for, housesharers, did not deserve immunity under Section 230 of the US Communications Decency Act for information that users of the site provide on questionnaires during registration.

The Register reports that "Section 230 of the CDA gives providers of an interactive computer service, such as a website, immunity from lawsuits relating to the publication of information on the site by a person other than the site's provider. Thus, information posted to a blog's comments or on an online forum won't put the site provider on the hook for damages if the publication of the content happens to break the law someplace.

Someone who, in whole or in part, creates or develops the published information, however, qualifies as a "content provider," and falls outside the bounds of the immunity. The Ninth Circuit panel determined that Roommates.com, by filtering the kind of information that visitors to the site would see, had developed the information provided, and could not claim immunity for the publication of the information...

The key quote from J Kozinski is "By categorizing, channeling and limiting the distribution of users’ profiles, Roommate provides an additional layer of information that it is “responsible” at least “in part” for creating or developing." [bold added]

In other words, Rommmates .com were, it seems, held to have "created" , in part though not in whole, the information that users themselves supplied via structured drop down menus; (eg "do you want to live with [options] straight men/gay men/straight women/gay women/anyone")but not information supplied by users themselves in freeform comments. That information was then held to have breached the anti-discrimination provisions of the Fair Housing Act.

This is rather reminiscent of the debate in the UK before the E Commerce Directive about whether sites were "editors" under the Defamation Act 1996 s 1 if they undertook any kind of filtering or editing of content - and the even earlier debate in the US about whether ISPs like Prodigy were putting themselves at risk of liability by undertaking similar editorial work to create "family-safe" content. Basically, if you are a user-generated content site, do you dare to mess with the content at all, even if the result is a better or more searchable/manageable/less offensive product for your users? Section 230 (c) was designed to put an end to such worries, as was in Europe, the ECD. From that perspective this is a very regressive step.

On the other hand, it has become increasingly clear that s 230(c) was too widely drawn in giving absolute immunity to ISPs/hosts in respect of criminal liability and non-copyright-related torts (cf the later DMCA, whose scheme is akin to the EU ECD in allowing limited immunity subject to notice and take down and other requirements) - and a series of cases have attempted to rein in that immunity by, eg, re-introducing distributor liability.

This case is a logical progression, but it is unfortunate. (A better solution would be legislative reform of s 230 (c) - but that ain't going to happen.) As the Register point out, what will the implications be for all the sites which "facilitate" or "edit" or "structure" or "filter" or even perhaps "tag" user-generated content - the MySpaces , Facebooks, and even the Googles? MySpace and Facebook both "structure" (some) information via menus and questions. So do many dating sites. What if some of this content is defamatory or obscene? In particular the word "categorized" is worrying. What might this do to the liability of new tagging sites like Digg and Delicio.us so valuable to the Internet at large?

In most these cases - especially the Diggs and Delicio.us es - I think the argument can be developed that they do not "thin down" or restrict or impose structure on the information generated by a third party content provider - which seems the nuance of the case - but merely add value to it separate from the actual text of the third party content. (What will AACS be thinking reading this, I wonder?) Similarly Google can argue that they do not themselves filter content but merely respond to user (ie third party) instruction. Nonetheless Google is usually made available with default on Safe Search, ie filtering out obscene content - so the position is not all that clear.

I await the appeal:-)

ps other views: Eric Goldman ; Eugene Volokh - neither happy.

Oysters Reopened

Anonymous (which is not a very helpful name for a correspondent) asked me "Just a quick question, why are you linking to a story that is over 12 months old saying 'look no further'?"

Well, in utter truth because I had Googled that story before I was referred to it by Andy, and caught the tag date "15 may 2007" and thought ah good, developments. Of course that was the date Google last spidered it not the actual date of the article which was very similar except one year earlier.. I blame 33 hours on a fery from Bilbao:-)

The ongoing story, as my anonymous corespondent pointed out, is that "TfL has already signed a deal with Barclaycard and Visa to launch a range of Oyster-branded credit and debit cards, which are also expected in the autumn."

However this isn't very exciting news. As already recorded here, Visa have already made it first into the contactless credit market in the EU with their payWave technology. The same article says that Mastercard and Amex are also on this route. A dual purpose Oyster card/credit card wil howeevr no doubt be a killer app (I'd get one myself).

But the real story for me here is the apparent death of the multipurpose stored value card. "Digital cash" of the 90s is dead ; long live contactless credit/debit (pace the nascent security problems no doubt about to emerge). I always had my doubts that in an era of bountiful credit, consumers could be persuaded to put cash up front in stored value AND carry an extra card around, whose loss, stored value and all, would (like cash) not be recoverable; this appears to have been the case. And the chances of Visa, Mastercard et al going bust are rather lower than with a pioneering digicash supplier. Interesting how the future is not always what we expect.

Wednesday, May 16, 2007

The Oyster is hard to Prise Open..

Re yesterday's query about when Oyster Card would finally roll out as a multi purpoe contactless small payments card.. look no further.

Interestingly, no mention of legal difficulties round becoming an EMI - only commercial problems with revenue sharing.

Tuesday, May 15, 2007

PayPal plays with the big boys

My colleague Technollama and I have long subscribed to the view that PayPal does not really fit the model of an Electronic Money Issuer under Euro law , despite the fact that the UK and other EU countries have agreed to accredit it as such. PayPal itself has now taken the interesting step of declaring that it plans to move to Luxembourg and become a proper bank, for apparently commercial rather than legal reasons. This certainly demonstrates the growing mainstream strength of the mobile payments market. But what does it mean for other emergent digital payment forms? Not all will have the cash reserves of PayPal, necessary to achieve accreditation under existing EU banking capitalisation and risk rules. The EMI Directive probably still needs revisited if innovation is really to get going in this market.

Interestingly, the market now supports credit cards used as a contactless payment card (Visa's new payWave); the mobile phone used as an easy billing mechanism for micro-payments (prevalent in many EU countries, though not yet the UK); niche RFID pre-paid payment cards (eg Oyster Card for London tube) and now a major "bank" which uses agency techniques and existing credit institutions, rather than a stored value card, to provide mobile credit. What has never actually taken off is real omni-purpose stored value debit cards - "digital cash" - as predicted throughout the early 2000s , and which the EMI Directive was specifically tailored to regulate.

I still wonder when (if ever?) we will see the long awaited roll out of OysterCard as a multipurpose small payments contactless stored value card mechanism? And what form of regulation it will then opt for?

Wednesday, May 02, 2007

OK v Hello!

OK v Hello! has finally been decided in the House of Lords (thanks to Loveandgarbage for the tip-off.) This is NOT, it should be stressed, about whether Michael Douglas and C. Zeta-Jones had their privacy invaded at their wedding (that one's been and gone in a shower of legal fees); it is about whether Hello! stole confidential information from OK, the information not being "about" OK, but about the aforesaid starlets and their so-called "private life".

According to the Beeb, "what the Law Lords were asked to decide was this: Did Hello magazine breach commercially confidential information in publishing unauthorised photos of the wedding of Michael Douglas and Catherine Zeta Jones?

And by a majority of three-to-two, yes, they did. So much , so duh. What we really wanted to know was: does this create a new property right, a right in your own image caught in photos, in videos, on tee shirts etc? And enforceable against the world, not just persons in a contractual relationship, or a relationship of confidence? Lord Hoffman says no: but it is clear the Max Cliffords of this world will waste no time in trying to turn it into one (especially given the tacit but acknowledge acceptance of such rights already in celebrity contracts and finacial planning affairs.)

I haven't had time to read it properly yet but am slightly heartened by one para that already caught my eye:

"118. It is first necessary to avoid being distracted by the concepts of privacy and personal information. In recent years, English law has adapted the action for breach of confidence to provide a remedy for the unauthorized disclosure of personal information: see Campbell v MGN Ltd [2004] 2 AC 457. This development has been mediated by the analogy of the right to privacy conferred by article 8 of the European Convention on Human Rights and has required a balancing of that right against the right to freedom of expression conferred by article 10. But this appeal is not concerned with the protection of privacy. Whatever may have been the position of the Douglases, who, as I mentioned, recovered damages for an invasion of their privacy, OK!'s claim is to protect commercially confidential information and nothing more. So your Lordships need not be concerned with Convention rights. OK! has no claim to privacy under article 8 nor can it make a claim which is parasitic upon the Douglases' right to privacy. The fact that the information happens to have been about the personal life of the Douglases is irrelevant. It could have been information about anything that a newspaper was willing to pay for. What matters is that the Douglases, by the way they arranged their wedding, were in a position to impose an obligation of confidence. They were in control of the information."

So we have not recognised , it appears, that X can sell their private life to Y, and Y can use privacy remedies to defend it. This is a good thing in my book. On the other hand, we have it seems in essence created a new form of intellectual property which can be defended against infringement by all comers, rather than merely against those who were in a contractual relationship. Celebrities and their lawyers and the crappy celebrity culture will all be very happy; and that can only be bad.

Intellectual prioperty rights are not awarded simply because it's a nice thing to so; they strike a balance between the need to incentivise creation and inovation, and the public interest in not allowing monopoly property rights over information.

Why should this balance be struck *at all* in relation to celebrity "image rights"? Do we want to incentivise the creation or more celebrities, or more celebrity activity? Would people not become celebrities even if the image right revenue stream was not available? As far as I'm concerned , the answers are no and yes. But what's done is done.