GDPR and UGC

The UGC profile requires that the DSP sends information about UCG resources that consumers have created and uploaded to the DSP’s service for distribution to other consumers. This is communicated in an RU record defined in the UGC profile of the DSR standard and contains, amongst other things, an identifier for the UGC resource that enables the licensor to listen to or to watch the UGC resource as part of the process of identifying the musical works used.

There are instances, however, where the DSP is required to remove such UGC resources from its service. One example is the “right to forget” provisions of the European General Data Protection Regulation (GDPR). This may require the DSP to not only remove the UGC resource but also the associated identifier from its internal systems.

As a consequence, the DSP may not be able to provide the identifier of a removed UGC resource in the relevant RU record when reporting usages to the licensor.

In such circumstances the DSP should omit that particular UGC resource from the RU record in its sales/usage report to the licensor even if the UGC resource had been made available to consumers during the period of the sales/usage report, before it was taken down. The sales/usage will of course still need to be reported in the relevant SU record.

If, however, this means that there are no UGC resources to be reported in an RU record because, for example, all UGC resources based on a specific sound recording or video have been taken down, the DSP may wish to include at least one item in a RU record with the identifier cell containing the token #deleted#.