On October 25, 2015, the U.S. Copyright Office published its sixth set of exemptions to the Digital Millennium Copyright Act (“DMCA”). Our multi-part post will explore practical aspects of these new federal regulations. We will cover topics ranging from education uses of films to medical device software to “jailbreaking” smartphones and tablets to the Internet of Things, including cars and televisions. In addition to copyright, we will also discuss privacy, open source, public safety, and battery life.


In 1998, Congress amended the U.S. copyright law with the DMCA. Among the DMCA’s provisions, Section 1201 permits copyright owners to use technological measures to protect their works. Every three years, the Copyright Office can issue regulations pursuant to Section 1201(a)(1)(C) that provide exemptions allowing certain users to avoid those technical controls without infringing the owner’s copyright. The purpose of the exemptions is to ensure that the public can engage in fair use activities and non-infringing uses of copyrighted material.

It is important to keep in mind that these exemptions only address copyright infringement. The exemptions do not affect other areas of law, such as contracts, torts, or criminal law, not to mention regulatory requirements imposed by other government agencies. For example, if there is an exemption that permits a user to “jailbreak” a smartphone, a user could still violate the phone’s warranty and/or be in breach of contract with the telecommunications service provider.


Perhaps in recognition of the heightened interest in privacy matters, the Copyright Office introduced the 2015 DMCA exemptions by discussing the existing exemption for personal information. The exemption that permits circumvention of technical controls relating to personal information is not a three-year regulatory exception but rather is part of Section 1201 itself. Similar to the regulatory exemptions, this statutory provision is narrowly drawn with multiple conditions. Thus, a person may circumvent technological measures without infringing the owner’s copyright if that person meets four conditions:

  1. The technological measure, or the work it protects, can collect or disseminate personally identifying information reflecting the online activities of a natural person who wants to gain access to the protected work;
  2. The technological measure, or the work it protects, collects or disseminates personally identifying information about that person without providing “conspicuous notice” of such collection or dissemination to that person, and does not provide that person with the capability to prevent or restrict the collection or dissemination;
  3. Circumventing the technological measure has the “sole effect” of identifying and disabling the collection/dissemination capability and has no other effect on “the ability of any person to gain access to any work”; and
  4. Circumventing the technological measure is carried out “solely” for the purpose of preventing the collection/dissemination and “is not in violation of any other law.”

Companies that previously transferred personally identifying information from the European Union to the U.S. pursuant to the now-defunct Safe Harbor, may have considered using technological measures to prevent a government agency from accessing that information. However, Section 1201 expressly permits law enforcement, intelligence agencies, and other federal and state governments (and their contractors) to conduct “any lawfully authorized investigative, protective, information security, or intelligence activity.” The four criteria described above applicable to persons wishing to access or protect their own personal information do not apply here: The government need only show that its activities are “lawfully authorized.”

As long as these four criteria are met, the owner of the copyrighted, technologically controlled work cannot maintain a copyright infringement claim against that person. Notwithstanding this exception, the owner could still potentially assert a breach of contract claim against the user if, for example, the user had agreed to but violated the websites’ terms and conditions.

This article was co-prepared by Erik Janitens with supervision by Sue Ross.