Most Popular Resources

Video Games and the Jurassic future – the legal issues

Confession is good for the soul so let’s start with my admission that I am a scrabble addict. Whilst that idea may not set your pulses racing, it points to an obsession with words and that, as you will see below, is a fundamental requirement in the context of video game legals. The multi-dimensional world of video games entails myriad, inter-linking legal issues. This is anticipated to reach a new zenith next year with the launch of Jurassic World Evolution. Who would have thought that dinosaurs would be shaping the legal agenda in 2018?

Rather than bore you with extensive legalities, I will briefly highlight some of the key legal issues and leave you to ponder and contact me should any alarm bells start to sound.

Intellectual Property Rights (IPR)
• You need to protect your work and/or investment. This is mainly about copyright and database rights. Make sure you get assignments from anyone from whom you have bought or commissioned any code, graphics, sound effects or any other creative input.
• Patents may be relevant but the originality barrier is high and will require specialist assessment to determine if you have any qualifying ideas or concepts.
• Trademarks and domain names are generally more straightforward as they protect/reflect brands and names rather than underlying code and concepts. However, you will need to consider not only what you can protect but also whether what you have in mind might infringe third party rights. For that reason, it is advisable to run some clearance searches before you invest in your brand/developing your game; running a search on Google is a start.
• If you are planning to depict any people in a game, you will typically need to procure releases from the rights holders and failure to do so may result in “passing off” or other actions against you.
• Where there are in-game purchases, there may be further IPR ownership, licensing and infringement issues where the purchases of virtual goods/accessories are branded by the IPR owners or used without the owner’s permission.
• Another important area of IPR relates to design rights which may offer a route to protection of GUI and multiple visual elements.
• The use of open source in the creation process may undermine any claim to IPR protection by the game’s developers. Careful attention needs to be paid to governing open source licences such as the GNU family to see what impact the use of open source code might entail.
• Where the developers incorporate existing music or other audio or visual rights, permission or clearance will need to be sought/negotiated to clear any rights in the sounds recording and the musical composition (i.e. music and lyrics). Clearance will need to be sought from the record label and the publisher or collective right management organisation such as the PRS in the UK.

Terms and Conditions (T&C) and Data Protection
Not only do you need T&C which regulate use of your game and distribution agreements with your channel but also other sets of terms covering your use of gamers’ personal data and the cookies you or third parties place on their systems as well as an Acceptable Use Policy for in-game messaging. The privacy issue becomes exponentially more crucial next May when the new general data protection regulation (GDPR) enters force. Maximum fines for data breaches will rise from £500k to the higher of 4% of worldwide turnover or E20m. This means that it is paramount that you have in place appropriate, state of the art technology to prevent compromise or hacking of your subscribers’ personal details.

Gambling and Social Gaming
There has been considerable coverage of failures by gambling operators properly to demarcate between social gaming and gambling. The Sunday Times recently reported that some of Britain’s biggest gambling operators are targeting children with their favourite cartoon and storybook characters in online betting games, and that gambling operators are exploiting a legal loophole to promote games that appeal to children without breaching Gambling Commission rules. By way of example, they cited 888 website’s Jack and the Beanstalk game, which had a minimum bet of 20p and a maximum of £200, and Paddy Power’s Peter Pan game. Everyone involved in the gaming sector needs to be very careful not to overstep this mark.

The video games industry has its own system of formal self-regulation to keep children safer offline and online: the PEGI (Pan-European Game Information) age rating system. In particular, publishers are required to follow PEGI’s Labelling and Advertising Guide (“the Guidelines”) to ensure the age rating icons and descriptors are displayed to consumers prior to purchase of both disc-based and online games. Game advertising is also subject to the CAP Guidance on advertisements for Video Games and Films as well as the CAP and BCAP Codes. When developing your game it is important to consider (if necessary) both age verification services and parental controls.

For further information please contact Simon Halberstam at [email protected], head of the technology law team at Simons Muirhead & Burton or Anne Rose, associate in the technology law team at [email protected]

Do what the F*** You Want? Not quite…

One of the myths surrounding open-source software (“OSS”) is that you can do whatever you like with it; there is even an OSS licence called Do What the F*** You Want To Public Licence (“WTFPL”). This could not be further from the truth.

In this article we explore some of the issues that companies should consider when using OSS.

What is OSS?

The basic concept common to all OSS licence agreements is that they seek to ensure that all downstream users have the freedom to use, modify and distribute the licensed OSS. “Permissive” OSS licence agreements such as MIT and Apache 2.0 impose minimal obligations on the licensee, such as obligations to maintain attribution and legal notices. Importantly, these licences often permit modifications of the OSS and allow such modification to be distributed under any licence (proprietary or open source) of the licensee’s choosing. On the other hand, “restrictive” OSS licence agreements (also referred to as “copyright” or “viral” licence agreements) impose obligations not only with respect to the licensed OSS but also with respect to any works derived from or combined with OSS. Failure to understand which type of licence you are subject to and the associated terms of use can entail huge risks for your business.

The risk involved with derivative works

Making available your source-code

Where proprietary software code is “mixed” with OSS, you may be creating a derivative work. If that OSS is subject to a restrictive licence, then when you license such software, you will have to make the sensitive source code you have created available to end users free of charge with the ability to modify and redistribute.

Copyright infringement

Many OSS licences are subject to United States copyright law, under which a derivative work is defined as:

“a work based upon one or more pre-existing works, such as…any other form in which a work may be recast, transformed or adapted. A work consisting of editorial revisions, annotations, elaborations, or other modifications which, as a whole, represent an original work of authorship, is a ‘derivative work’.”

Therefore, when dealing with OSS licences that rely on copyright law principles, a thorough investigation of how much and what part of the OSS code is copied or modified and/or how the OSS is used needs to be made in order to anticipate or predict how a court might rule on the legal implications for a “derivative work”. A key issue is understanding and knowing what may be classified as a “derivative” work, especially as many restrictive licences don’t even define the concept (e.g. Eclipse Public License, Version 1.0). In some cases, there is not necessarily an answer, particularly as there is little case law surrounding the issue. For example, what happens where you are linking to OSS or using Plug-ins?


Some OSS available is released as a library. Instead of incorporating it into your proprietary software you may want to create a link between your software and these (unmodified) libraries and to distribute them along with your software, either by compiling them together (“static linking”) or not (“dynamic linking”). There are instances where dynamic linking to OSS libraries is allowed while static linking is not. Much of this will depend on the terms of the OSS licence you use and so a case by case analysis is necessary.


Plug-ins such as Adobe Flash Player are commonly used in web browsers to add video player functionality. Where your software application is configured with a programming interface to support the use of such plug in, a derivative work may be created when either the application or the plug-in is governed by a restrictive OSS licence.

In both these cases, it may well be difficult to determine whether the form of use envisaged might lead to a copyright infringement.

Warranties and limitations of liability

Generally speaking, OSS licences include a broad disclaimer of all representations and warranties or indemnities that might otherwise be expressly or impliedly provided by a commercial software licensor. Further, as there is often more than one contributor to OSS projects, it is impracticable to determine whether any contributor has contributed infringing code (knowingly or otherwise).

Unchecked use of OSS could have significant consequences and result in the need for time consuming remedial action. In a corporate transaction if in the course of due diligence, the prospective investor or purchaser alights upon an intellectual property ownership issue or other problem arising from the use of OSS and the issue cannot be remedied prior to closing, then the investor or acquirer may decide not to proceed or, more probably, seek additional contractual protection such as indemnities, or a cash escrow to cover the cost of any remediation efforts that may be necessary after closing.

How to manage the risk?

As a company, there are several things you can do to manage your risk:
• Establish a policy regarding the management and use of OSS.
• Carry out an OSS audit using a company such as ‘Black Duck’ and find out what OSS licence(s) your organisation is using/has used.
• Appoint someone within the organisation to be responsible for use of OSS.
• Create training programmes for employees.

For further information please contact:

Anne Rogers, Associate, Technology Law Group

E: [email protected]

DDI: +44 (0) 20 3206 2727

Simon Halberstam, Partner and Head of the Technology Law Group

E: [email protected]

DDI: +44 (0) 20 3206 2781

Technology Breakfast Seminar : How Tech Companies can ride the Autonomous Vehicle and Smart City Wave

Simons Muirhead & Burton LLP look at driverless cars and smart cities; and threats and opportunities for the tech industry. Click here to register for this event on 27 June 2017.

Click Here for more details.

Diving into the EC’s draft ePrivacy Regulation: steps for online gambling operators

Anne Rogers and Simon Halberstam dive into the EC’s draft e-Privacy Regulation and set out what it means for online gambling operators and crucially, what they need to do today in order to ensure that they comply. Click Here to read their latest article which first appeared in the March 2017 publication of the Online Gambling Lawyer magazine.

Contact Details: Anne Rogers, Associate, [email protected]; Simon Halberstam, Partner, [email protected]

Look, up in the sky! It’s a bird! It’s a plane! It’s a Drone!

From self-repairing cities to transforming cinematic and television experiences, drones are becoming increasingly prevalent. To ensure their safe and proper use in the UK, the Government launched its consultation on 21 December 2016, ‘Unlocking the UK’s high tech economy: consultation on the safe use of drones in the UK’ (Consultation). Those who wish to voice their opinion, should submit their response by 15 March 2017.

In this article, we explore some of the issues that drone users should consider when filming including: aviation law, copyright and privacy.

UK Aviation Regulations

In the UK, drones (otherwise known as “unmanned aircrafts”) are subject to a number of rules and regulations depending on their weight and proposed use. The principal piece of legislation governing drones is the Air Navigation Order 2016 (ANO) effected through the Civil Aviation Act 1982. The key points to note under ANO are as follows:

Overriding Principle. It is prohibited “to recklessly or negligently cause or permit an aircraft to endanger any person or property”.

Weight. To avoid falling within the remit of more extensive aviation regulations and be classified as a “small unmanned aircraft”, it is advisable not to exceed 20kg. Most aerial filming drones or camera drones weigh significantly less than 20kg.

Use. The most relevant Articles are 94 and 95 ANO. Article 94 ANO applies to all drones weighing less than 20kg. Article 95 ANO applies to drones weighing less than 20kg which are also used for surveillance (i.e. recording and filming).

There are two particular points of note:

1) If you wish to use a drone for “commercial operations” then you must apply to the Civil Aviation Authority (CAA) for permission. Unless you are using a drone for filming as a hobby, as Keith Bremner was when he caught Top Gear being filmed, then permission from the CAA will likely be required.

2) Drones may not fly: (a) over or within 150m of any congested area or open-air assembly of more than 1,000 people without permission from the CAA (e.g. over a major sports match); and (b) drones may not fly within 50m of any vehicle, building structure or person not under the control of the drone pilot without permission from the CAA.

Permission and Penalties. Applying for permission from the CAA can be rather complicated. Due to the complexities involved it may be advisable to seek a specialist contractor who has all the necessary insurance and CAA permissions to assist with any filming work, especially considering that failure to comply with the ANO is a criminal offence.


Photographs. Under UK copyright law, the first owner of the copyright will be the photographer, unless the photographer was an employee. In that case, the employer will own the copyright in the photograph.

Films.  What about moving pictures (i.e. films)? Under the Copyright Designs and Patents Act 1988, a film has two legal owners: the producer and the principal director. Again, if the film is made during the course of employment, the employer will own the copyright in the film. In the case of drones, the owner will probably be the person who programmed the drone to make the film (i.e. the producer); and the person who has “creative control” (i.e. the principal director who decides what to film and how to film it).

Data Protection and Privacy

In the UK, there is no specific data protection legislation on the use of drones. A breach of privacy is likely to be dealt with under the established law on breach of confidence through the Human Rights Act 1998. The Information Commissioner’s Office (ICO) has however said that drones “can be highly privacy intrusive” as they may capture images of individuals “unnecessarily”. In light of this, the ICO has released some guidance which should be followed: In the picture: A data protection code of practice for surveillance cameras and personal information. It is advisable for anyone considering using drones in their next film or TV production, for instance, to read this, particularly considering the penalties.

Penalties. The ICO has the power to impose a fine of up to £500,000 where a drone operator seriously contravenes UK data protection law and the “contravention is of a kind likely to cause substantial damage or substantial distress, and is deliberate or likely and should have been prevented”. As previously noted, this will become more significant in May 2018 when the General Data Protection Regulation comes into force.

For further information please contact:

Anne Rogers, Associate, Technology Law Group

E: [email protected]

DDI: +44 (0) 20 3206 2727

Simon Halberstam, Partner and Head of the Technology Law Group

E: [email protected]

DDI: +44 (0) 20 3206 2781

The Legal Cost of Personalised Shopping

Drone deliveries, self-lacing sneakers, digital mirrors, shoes that help you feel the virtual reality world you’re walking in – welcome to 2017. These were some of the highlights at the Consumers Electronic Show (CES) 2017 in Las Vegas. Advances in consumer technology are transforming our lives. Many retail companies realising the importance of technology are now positioning themselves as ‘technology first companies’. The Chairman and CEO of Uniqlo, for example, has described the clothing brand as a “technology company”.

We look at some of the AI technology that retailers and brands are using and the importance of protecting consumer data.

AI Voice Assistance

“Alexa, please add salad dressing to my shopping list and order me a taxi”. Amazon Echo, Google Home and Apple’s Siri – voice activated smart home devices are transforming consumers’ lives. All of these devices use a voice recognition AI system. Amazon’s Echo, for instance, uses the Amazon-owned ‘Alexa’ online data analytics and voice recognition. This technology can learn from user behaviour and improve over time. If a user voices a question which is misunderstood by Alexa, the user can enter the app and edit the question. Alexa learns from this and applies the customised approach across its user interfaces. This technology has huge potential to transform the nature of omni-channel commerce by providing a new channel through which retailers can engage with consumers. Retailers who employ such technology will have to ensure (among other things) that they are transparent with consumers as to what data they are collecting and how such data is being used. Such information should be documented and made available on request – in the event of a data breach or a compliance complaint, for example. From May 2018, the General Data Protection Regulation (GDPR) will apply. Failure to document such information could result in a number of sanctions from the UK Data Protection Authority, the Information Commissioner’s Office (ICO), ranging from a warning to a fine of up to €20,000,000 or in the case of an undertaking, up to 4% of the worldwide annual turnover of the preceding financial year, whichever is higher.


“How would you describe your style?” “Classic”. “Perf! I’ve just created a customer style profile for you”. Chatbot technology is powered by artificial intelligence which is specifically designed to replicate human interaction. Consumers are able to use chatbots to make enquiries about delivery and returns, make product choices; and place and order. Throughout 2016, retail brands such as Tommy Hilfiger, Burberry and eBay all launched their own chatbot technology to promote sales and boost engagement. Other brands like H&M and Sephora are now using Kik’s new Bot Shop marketplace. Users who chat with the H&M bot can tell the bot a piece of clothing they like, and the bot will suggest an entire outfit and direct the user to buy the outfit through the messaging platform. Chatbots enable retailers and brands to engage with a younger generation and offer users a personalised customer experience. Retailers should inform consumers before they make an order that their statutory right to cancel within fourteen days of receiving a product does not apply to any products made to their specification or clearly personalised. Further, under the Consumer Contract Regulations 2014, retailers should also note that any payment order buttons in a chatbot message are clear and unambiguous as to the finality of the order thereby being made. ‘Order Now’ is not considered sufficient by the Directorate-General for Justice Guidance and could result in the consumer not being bound by the order. Wording such as ‘Pay Now’, ‘Buy Now’ and ‘Confirm Purchase’ on the other hand, would be sufficient.

Smart mirrors

“Does my bum look big in this?” Many brands have been experimenting with smart mirrors to enhance consumer experience. These mirrors use RFID technology to recognise the item the customer is wearing. The mirrors then take photographs of the consumer to provide recommendations on the fit and the colour. Ralph Lauren’s smart fitting room at its flagship on Fifth Avenue also suggests other products the consumer might like based on what it bought. In Uniqlo’s store in San Francisco you can see what your outfit looks like at all angles and text yourself side by side outfit comparisons which you can send to your friends on social media for their advice. This technology has resulted in an increase of sales and offers consumers a unique experience tailored to the brand.

How much data is being collected?

In 2013, Céline’s creative director and designer Pheobe Philo told UK Vogue: “The chicest thing is when you don’t exist on Google. God, I would love to be that person”. Privacy has become a luxury and consumers are becoming increasingly concerned about how their data is being used and the impact this may have on their privacy. From a consumer perspective, you may exchange your location settings in order to get a better service but it does not mean that you want the data to be seen by others.

From May 2018, brands which manufacture and develop these products will have an obligation to consider the concepts of privacy by ‘design’ and ‘default’ at the initial design stage as well as throughout the lifecycle of the relevant data processing. Brands will need to exercise caution and invest in their infrastructure to protect consumers’ data from data breaches and cyberattacks. It would be advisable to implement a privacy impact assessment to demonstrate that appropriate technical and organisational measures have been implemented; and that compliance is monitored. Any standard contracts with data processors should also be reviewed and revised to set out how liability is apportioned between the parties and that only personal data which are necessary for the specified purpose are processed. As stated above, failure to carry out such measures could result in significant fines.

For further information please contact:

Anne Rogers, Associate, Technology Law Group

E: [email protected]

DDI: +44 (0) 20 3206 2727

Simon Halberstam, Partner and Head of the Technology Law Group

E: [email protected]

DDI: +44 (0) 20 3206 2781

Skating On Thin Ice: penalties for website owners and keyboard warriors

The recent decision of the Grand Chamber of the European Court of Human Rights (ECHR), Delfi SA v. Estonia, Application no. 64569/09, 16 June 2015, is helpful in confirming the rules surrounding when and why website operators can be held liable for content posted on their websites by their users.

The area of liability for User Generated Content (or “UGC”) is largely governed by EU Regulations, which, in general, state that if website operator acts as a “mere conduit” and does not filter, or otherwise regulate content which appears on their website, then they have no responsibility for the content of those comments. The general EU regime that governs internet intermediaries is contained in the Electronic Commerce Directive 2000/31/EC. This states that EU Members States must ensure that their national laws provide intermediaries with immunity from all liability (subject to certain requirements outlined below) arising from hosting, transmitting or caching unlawful third party content. However, as noted above, this immunity is subject to the intermediary’s role being a passive one, with no knowledge or control over the content.

Furthermore, the intermediary must operate an effective ‘notice and take down’ procedure. That means that if the intermediary has actual or ‘constructive’ knowledge of the content (for example, if a website user makes a complaint, purporting a comment is defamatory or otherwise unlawful) but fails to remove or disable access to it, then immunity is not available to them.

Background to the claim

A popular Estonian online news service, Delfi, posted an article concerning ice bridges. This generated a large number of responses, including some particularly offensive comments towards an individual implicated in the story. Those comments remained on the website for 6 weeks until the individual requested both their removal and damages. Delfi removed these comments the same day, but refused to pay damages.

When the claim was dealt with by the national court, the individual was awarded damages – albeit an amount substantially less than originally claimed.

In response to the decision, Delfi proceeded to argue that the national court’s ruling of liability for defamatory comments posted by its readers was a breach of its right to freedom of expression, and consequently a violation of Article 10 of the European Convention on Human Rights. Claims that corporate entities (or “legal persons”) should have the same human rights as natural persons are not a new thing, with the most famous success to date being found in Citizens United v. Federal Election Commission (2010), a US Supreme Court case which held that corporations were entitled to the same constitutional right to freedom of expression as private citizens, leading to the unleashing of (now ubiquitous) ‘Super PACs’ into the field of US Politics.

Ignorance is not bliss

In spite of its arguments, it was held that Delfi was liable for the offending comments which had been posted on its website, due to its power to moderate such content.

It is particularly notable that this case highlights the fact that a website provider may be held liable for featuring offending material on its website before receiving express notification of a complaint from a user. Whilst Delfi did have terms of use prohibiting users from using threatening and abusive language, and an automatic filter to delete comments based on certain words, it appears this was ineffective and that its attempts to moderate its site were sufficient to make it liable for anything that slipped through the cracks. Consequentially, by a majority of fifteen votes to two, the ECHR upheld the rejection by the lower chamber of the ECHR of the news service’s claim, ultimately finding them culpable for the comments posted by its users.


This decision is neither strikingly novel nor revolutionary, and the position essentially remains the same as previously for Website operators.

The decision is not a huge blow to online freedom as many may argue. The decision paid particular attention to context, justified by the fact that Delfi is a professionally managed internet news portal, run on a commercial basis, and with active moderation of UGC. Therefore, social media sites and private bloggers need not worry about any new obligations being imposed upon them in the immediate future.

The decision does however serve as an important reminder to those who operate websites featuring UGC; if you take steps to monitor and moderate your content, then it is not sufficient to simply rely on user notifications before deleting potentially unlawful posts. While responding quickly and effectively to unlawful material remains crucially important for website operators, any moderation program which is operated must be robust and effective.

Should website operators try to skate around their obligations and fail to moderate their platforms in the necessary fashion then, as the Delfi case starkly illustrates, they may find themselves on a slippery slope towards paying substantial damages to the aggrieved subjects of their users’ posts.


For more information on the Delfi decision, or to discuss how the above issues might affect your online offering, please contact Raoul Lumb on 0203 206 2791 or at [email protected]

A Legal perspective on Open Source and IPR – Cost and Time Efficiencies or a Faustian Pact?

Well that depends! 

If the relevant governing licence is benign then it may be a “win-win” situation enabling you to save money and time on software development without having to comply with any disadvantageous conditions relating to Intellectual Property rights or otherwise. However, if the governing licence is less liberal, you may end up feeling that the deployment of the open source was a false economy. The common OS licences generally regarded as permissive are Apache, Berkeley Software Distribution (BSD) and MIT. There are no precise statistics but together these 3 are estimated to cover about 40 percent of open source projects whereas the more restrictive GNU General Public Licenses, notably GPL 2 and GPL 3 account for about 35 percent.

The main concerns re GPL can be traced to GPL 2 section 2(b) which stipulates that “You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work.. provided that you also meet all of these conditions….b) You must cause any work  that you distribute or publish that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License”

The attempt to interpret this wording definitively and without ambiguity is at the very least challenging. The dearth of relevant case law makes matters more complex. Many complex issues arise, notably:

  • what constitutes a “derivative work?”
  • does distribution within a company constitute “distribution or publication?”
  • do resultant executables “contain or derive from” GPL code?
  • what is the difference between “static” and “dynamic” linking?
  • can one hermetically “seal” GPL code from proprietary code to avoid contamination of the latter by the former?

The answers to those questions merit a dissertation not a mere article.  Suffice it to say, one has to tread very carefully in this area. It may well be that the benefits of using open source would be outweighed by the detriment to the existence and value of the company’s IPR. Where the development team sits in-house, then with proper analysis and relevant expert input one should be able to reach an informed decision. However, where development is outsourced, matters become more complicated as the interests of the developer and the company may well diverge. The developer can save a lot of time by deploying open source and if the project is fixed-price or time-bound, this will be an attractive option. However, the company may not be aware of the potential impact on its IPR or may be aware but unable to monitor the developer’s coding processes. In some cases, companies that think they have a valuable IPR repository are only disabused when a potential investor or acquirer runs its slide rule over the company in the context of due diligence and finds that some or all of the company’s key code is not proprietary to the company.Indeed, if the open source runes are negative, investors who saw the company’s IPR as a major reason for investing or acquiring may seek to renegotiate or be deterred completely.

IPR in Jeopardy? Dynamic v Static Linking

The major IPR risk stems from use of GPL2 or GPL3 code. Those licences are commonly referred to as “infectious” because they generally mandate publication of modifications to the GPL code.  This is so even in SAAS cases where the software supplier is executing on its own server.  Other OS licences may prescribe such publication but generally in less frequent circumstances e.g.  EPL i.e. Eclipse Public License. Whereas under EPL, pure execution of modified EPL code on one’s own server via SAAS would be unlikely to require disclosure of the modifications, the situation would be different if the modified code were distributed. The need to publish such modifications would probably depend on whether the modifications were “hermetically” sealed in separate modules or took the form of adaptations to the original EPL code modules.

Under GPL 3, the situation is more clear-cut as the distinction between separate modules and modified GPL modules seems to fall away with publication required of any modifications to the GPL 3 code. The risk of contamination under GPL 3 arises from the apparent requirement in certain circumstances to publish pre-existing proprietary code that is intermingled with GPL 3 code. However, the need to publish will depend on the extent of the “coupling” between the proprietary and GPL 3 modules. “Dynamic linking” mandates publication whereas “static linking” may not.  Guidance, albeit legally not definitive, is set out in more detail in the GNU FAQ at

Turning back to GPL 2 which still accounts for about 25% of the Open Source market, it does not talk in terms of “dynamic linking”. However, the best view seems to be that linking of proprietary code to GPL 2 code would mandate that the former be published.

Simon Halberstam, Partner and Head of Technology Law Team, May 2015 – [email protected] 0044 207 096 6619

Don’t sign that! – Spotify shows you how a lawyer can help you make money

On Wednesday Spotify announced a whole new raft of services for its users; video streaming, podcasts, and an extremely impressive ‘running mode’ (from a tech-geek’s point of view anyway… I’m certainly no great runner). The first of those two features didn’t come as great surprises and pundits (including yours truly) were all over the news talking about them some time before they were officially announced.

So that’s all good then. Spotify has a raft of flash new features to help it beat its competitors and finally start turning a profit. Next stop an IPO in 2016 (for which Goldman Sachs is understood to be retained already), and huge cash payments for everyone involved. The territory is ripe for the kind of easy-reading headlines that we all love to talk about; slick new features for the techies, share price speculation for the financiers, and dreams of making it as big for the entrepreneurs.

But because I’m a lawyer, I don’t want to do any of that, instead I want to sound a note of caution and direct your attention to some of Spotify’s other less happy news. Why? Because the company’s recent fortunes spell out a vital lesson for anyone starting, building, or running a tech business. Specifically, they can teach you how to make more money.


Lessons for Entrepreneurs

Underneath the big headlines that it likes talking about, Spotify is still making a loss.

  1. For all the flash new features, the big deals with Starbucks, and the market leading paid-user count; Spotify is a company that just can’t seem to turn a profit. Its 2014 results indicated that, for yet another year running, its outgoings were rising faster than its revenues. In 2014 it lost €162 million euros. No matter how high and how fast its revenues climb, its outgoings seem to get even higher even faster.
  2. Spotify’s biggest single outgoing is the 70% of its revenues that it claims to pay to ‘rights holders’ each year (i.e. to musicians who aren’t called Taylor Swift) but its recent annual results indicate that in 2014 81% of its revenues were paid as ‘Royalties & Distribution’ costs to record labels. That’s an immense bill; it’s a higher percentage than that paid to record labels by Spotify’s nearest competitors, and it’s still not enough to prevent awkward headlines for Spotify about artists being underpaid.
  3. We have a pretty good idea of why Spotify can’t seem to get that 81% figure down, because its contract with Sony leaked online. A quick look through it reveals some absolutely horrific clauses from Spotify’s perspective and gives us some real clues as to why its outgoings keep spiralling upwards.


To summarise that 42 page deal very briefly:

  1. Sony gets paid regardless of Spotify’s fortunes.
  2. Sony doesn’t just get paid, it gets to choose the yardstick by which its payment is measured. If it’s a good year for Spotify then Sony can pick a revenue-share type deal, if it’s not been so good then Sony can pick a payment-per-stream deal.
  3. Sony doesn’t even have to wait to get paid, it receives guaranteed minimum advance payments several times each year. Those payments aren’t technically earmarked as being ‘royalties’ either, so it may well be able to pocket them rather than passing them on to artists.
  4. Sony doesn’t just get paid cash, it also gets additional sweeteners on top. Foremost among them free advertising space on the Spotify platform (which it appears that Sony may be free to sell on if it wishes, effectively becoming a competitor to Spotify itself).
  5. Finally, to really rub it in, Sony has a ‘most favoured nation’ clause in its favour – which means that if any other record label gets an even better deal (whatever that looks like) then Sony is entitled to the same deal itself.

… and that’s just the deal that Sony managed to get. It may well be that other major record labels got even better terms.

Basically, it looks like the reason that Spotify can’t make a profit is because, no matter how much money it makes, it’s bound into agreements that let its suppliers gobble up its revenues as fast as it can bring them in.


So don’t sign that, or that, or that…

So, without wanting to seem as if I am criticising Spotify or their legal advisors (I’m not; they were almost certainly under certain commercial pressures when they signed the Sony deal) there are certain clauses that you just shouldn’t sign unless you absolutely have to:

Particularly distressing to a lawyer’s eye is the ‘most favoured nation’ clause, which is an incredibly onerous provision that we would usually advise clients to avoid like the plague. Beloved though they are by multinationals who find themselves in strong bargaining positions ,these clauses need to be resisted at all costs and are often the first thing on the agenda in a negotiation. Their presence effectively hamstrings the affected party’s ability to negotiate with other suppliers/customers, as the cost of granting any kind of concession or sweetener to make a deal happen has to be multiplied by the cost of also granting it to your ‘most favoured nation’. In cases like this, the existence of one or more of them in your contracts can make it nearly impossible to keep a cap on your costs.

Similarly, the idea of advance payments combined with a choice of payment measure is a no-go. Sure, suppliers might wish to be paid a share of your revenues, but they ought to be electing to pick either a safe option or a risky one, not getting the best of both worlds. If the Supplier fears that you might be unable to pay them in the future, then let them take advance payments and a fixed price. If however they want to share in your potential financial glories with a revenue share, then let them wait until you’ve made the money before they get paid it and don’t let them switch back to the safe fixed-price method only after seeing that you haven’t hit your targets.


… and get control of the deal early.

The simple lesson from the above? Remember how crucial the contracts that you sign are for your financial health. A contract isn’t just 42 pages of dense legalese, it’s the framework that sets out who gets paid what and when. Onerous clauses like those noted above can lock you into a position of perpetual loss making that you simply can’t earn you way out of.

So when you’re negotiating these kinds of deals, get a specialist technology lawyer (and maybe even an accountant if it’s critical) involved early to make sure that you keep the terms under control. Trying to minimise the costs of professional advice is a false economy, your lawyer can only do so much if you bring them in at the very end of the process to “check it all works”.

Get a specialist, get them involved early, and don’t get stung by the those clauses that sap your profits. All of the fancy video streaming in the world can’t get you out of a bad deal once you’ve signed it.


Raoul Lumb – 22 May 2015

Mistakes A Technology Company Should Avoid When Raising Capital

Tuesday 16 September 2014

We are delighted to invite you to our next Technology Breakfast Seminar being chaired by Simon Halberstam, SIMON HALBERSTAM, PARTNER AND HEAD OF TECHNOLOGY LAW AT SIMONS MUIRHEAD & BURTON

Our speaker will be David White – Founder & CEO of Import.IO.

Topics being covered:

  • Raising Capital
    whom to speak to and when
    – how much, if any
  • The Right Profile – what will make you attractive to potential investors
  • Mistakes to be avoided
  • Minority protection for both sides of the fence
  • Good leaver / bad leaver

Event Details:

Date:   Tuesday 16 September 2014.
Time:   8:30 – 9:00am  registration & networking followed by speakers, Questions~
            & Answers and further networking at 10.30am.
Venue:  Royal Bank of Scotland, 250 Bishopsgate, London, EC2M 4AA.

RSVP:  To register your interest or to request further information please email [email protected].


David White
Founder & CEO – Import.IO
My Experience in the Technology Sector

David believes strongly in the power of web data to change the future. He is the Founder and CEO of Import.IO, an innovative API creation platform recognized by GigaOM and The Summit as one of the best new startups in 2014. David has written numerous thought leadership pieces and has been named one of the entrepreneurs disrupting digital London.

Simon Halberstam

Simon’s work is focused on the drafting and negotiation of contracts for those providing or procuring technology or digital services. He advises on all aspects of Intellectual Property, as well as providing guidance to companies wishing to set up online gambling operations.