$12 million lawsuit -- when digital consent management goes wrong

A  $12 million lawsuit against video game developer, Capcom  was launched by US photographer, Judy Juracek earlier this year for allegedly using  80 of her images without her consent. Last year, another US photographer, Mathilde Gattoni’s $2.25 million lawsuit against Microsoft claimed that it used 15 of her images for an MSN article without a license or her permission. Lawsuits for copyright infringement against corporations are showing no signs of abating.

It's not only photographers asserting their intellectual property rights, it’s amateur photographers who have taken photographs that have been lifted such as the case of storm chaser Sean Heavey, who spotted his image used by Netflix to promote its series, Stranger Things. The photographer, who was initially dismissed by the streaming giant allegedly, saw his case later settled out of court.

The tide is turning on businesses when it comes to image consent. With more information out there on copyright breaches and consumers increasingly aware of their rights, even the biggest businesses aren’t safe. The law is clear cut about penalties for copyright infringement.  Six months imprisonment or a fine up to $68,000 (£50,000) faces those breaching copyright if convicted in a UK magistrates court, rising to 10 years in prison and/or an unlimited fine if convicted in a Crown Court. The US sees fines reaching $150,000 each time a picture is used without the correct permissions.

A Digital Asset Management (DAM) survey by FotoWare  showed that 72 percent of businesses had seen a rise  in the number of digital assets over the past 12 months. With digital assets within companies exponentially growing and lawsuits for copyright infringement showing no signs of abating, companies should prioritize whether their images or videos are being used correctly and with consent across all of their business functions, including marketing, design and HR.

There are two main types of assets: people- and commercial-imagery. Although rights management is often in place, and if implemented correctly, can prevent lawsuits, consent management for individuals has to be taken into account with the expansion of data privacy regulations, including GDPR and CCPA.

The images that Capcom used from Juracek were from her collection, Surfaces -- 12,000 photographs of textures including those of: stained glass designs, shattered glass, wood carvings intended for artists, architects and designers to use for "visual research." Surfaces was published as a 1996 book, accompanied by a CD-ROM of the images. Juracek required anyone using her images for commercial use would need to directly contact her to obtain a license.

She states that Capcom didn’t contact her and at least 80 of her images are used -- in one instance the lawsuit claims that the shattered glass texture features in the Resident Evil 4 logo. With a consent or a license from Jurecek, Capcom would not be in this situation.

Aside from commercial misuse of images that are causing businesses a headache, there’s the issue of the lack of image consent for an individual breaching data privacy regulations too.

For GDPR transgressions organizations can be looking at penalties of up to 23 million dollars (€20,000,000.00) or 4 percent of the company's global turn-over -- whichever is highest.

Compliance is a massive concern for businesses. A third of respondents to FotoWare’s DAM survey who manage digital assets, cited GDPR and copyright-related issues as one of their main challenges.

With systems and strategies in place to capture, monitor and alert stakeholders of changes in consent, companies can sidestep GDPR offenses waiting to happen, such as when an ex-employee -- that had previously given consent to their image to be used -- leaves a company and exercises their right of withdrawal and erasure of personal identifiable information.

Marketing teams in particular, across all industries, often rely on images of employees or others for advertising and branding purposes, and therefore are obliged to manage the permissions of all individuals in all photos used. Consent management strategies should be company-wide as it affects more than marketing and sales functions. For instance, marketing slides could then go on to be used in an external sales presentation, leaving a company exposed to liability -- particularly if consent handling is verbal or carried out by disparate individuals.

Whilst it may be surprising to learn that high-profile organizations should succumb to the pitfalls of gaps in their consent management practices, it follows logically that a given organization, particularly larger ones, cannot always quickly locate, amend or delete the consent status associated with the media they’re using, making it a greater  likelihood that it is breaching either copyright or personal data privacy regulations. Therefore, it is paramount to keep consistent and up-to-date records of consent where they can be easily accessed. An automated DAM software with integrated consent management, solves this issue.

DAM software can prevent common pitfalls and streamline consent-giving and management processes, saving time for many companies like the San Francisco Ballet.

The dance company had the painstaking task of manually obtaining image approvals from both the artistic department and the dancers. Manually printing photographs and presenting them to stakeholders for approval, was a slow process and as it was difficult for dancers and the artistic department to properly view details of the images. Additionally, it meant there was no concrete paper trail to show what had been approved and when, or by whom.

With a DAM in place, the San Francisco Ballet was able to digitize and accelerate its approval processes. After performances have taken place, the relevant dancers are alerted by an app or email that the Ballet would like to use specific images. The dancer then simply enables the permissions which are transferred to the artist's files.

Consent tracking of digital assets and the licensing around them can be simplified through electronic, automated systems. Digital Consent Management (DCM) centrally manages permissions around images and videos, thus enabling relevant files and the consent given for the said file to be easily found. Moreover, individuals  are able to withdraw consent for the use of all instances of an image paramount for compliance.

Digital consent management around images is a key area of compliance that is neglected. With a robust consent management plan in place, companies can avoid time and cost challenges due to inefficient image storage and consent management, as well as feel assured they are complying with rights and privacy regulations.

Photo Credit: VIPDesignUSA/Shutterstock

Alex Kronenberg is FotoWare's Demand Generation and Community Manager. Alex has a background in digital marketing and journalism and his role is focused on building brand awareness, generating inbound leads across a variety of target verticals, managing digital sales of FotoWare's SaaS solution and its single-user product, FotoStation.