Managing Digital Asset Rights and Permissions

Digital asset managers must track and act on the rights attached to their assets in order to avoid serious legal penalties for copyright infringement. Many stock photo houses have made a cottage industry out of suing companies for copyright violations, and US law states that the penalty for a single copyright infringement can be as high as $150,000.

Unless you are trained as an intellectual property lawyer, however, most people find rights to be a mysterious topic. What are you allowed to do with your digital assets? What information do you need to track? This blog post provides an overview of key rights concepts so that users can critically assess their own rights and permissions requirements. A good understanding of these concepts is critical to developing a rights management strategy that is efficient and leverages modern information technologies.

Legally-Defined Rights

When dealing with digital assets, it is useful to distinguish between rights that are defined by law and assigned to the rights holder, and those that have been granted to another party through an agreement. In rights management, the former are termed “rights”, while the latter are often called “permissions”. Stated another way, permissions are the privileges granted by rights holders, while rights are the privileges defined by law.

Copyright is often the primary law that determines who controls a creative work. Under copyright, creators have near-exclusive control over the assets they create. Although there are exceptions for special cases (such as quoting from a written work in a review), it is not possible to sell, distribute, or reproduce a copyright-protected asset without the consent of the copyright holder. Important points to keep in mind are that copyright holders can transfer copyright to other parties, and that copyright does eventually expire, although the length of time varies from country to country.

In addition to copyright, creators hold droits moraux, or moral rights, over their assets. These rights are distinct from copyright because they can never be transferred and provide that no one but the creator can claim to be the author of a work. Creators can also prevent their works from being altered, performed, or presented in ways that they feel undermine their reputation or their creative intent.  

Droits voisins, also called related rights or neighboring rights, are privileges that apply to parties that have contributed to a work but are not the copyright holders. These include performers, producers, publishers and broadcasters. For example, musical performers have the right to prevent a performance from being recorded and can have a claim to the proceeds of any sales. Broadcasters, publishers, and producers of packaged works have a right to protect their investment and can thus control whether the work is rebroadcast or re-recorded.

Privacy rights, publicity rights, and property rights are additional legal rights that can affect the use of digital assets. A picture, video or audio recording of a person usually cannot be used without the person’s permission, especially for advertising and commercial purposes. Similarly, distributing pictures of someone’s property may violate the property owner’s rights, particularly if the property itself is copyrighted (such as a work of art), or, in the case of a building or a sign, includes a trademark. To prevent these problems, it is advisable for digital asset managers to secure model and property releases for assets that depict people, places or things that have not been made anonymous through distortion or other digital editing.

Indigenous rights may also affect how digital assets can be used. In many countries, indigenous peoples have the right to control how their cultural heritage is used or depicted. Digital assets that include images of artifacts or ceremonial rites may require special authorization before they can be distributed.


As defined earlier, permissions are privileges granted to users by the legal rights holders of a digital asset. Whereas legal rights are codified by law, permissions are often based on negotiations between rights holders and end users. Although inevitably complex, permissions are shaped by three considerations: allowed actions, obligations, and constraints.  Stated another way, a permission allows a user to perform specific actions after meeting a set of obligations, but those actions can be subject to constraints.

Another concept worth mentioning is that of  a “restriction”, which is the opposite of a permission. That is to say, restrictions specify what an end user is not allowed to do in regard to an asset. Restrictions are normally expressed as a combination of an action with one or more optional constraints.  In practice, restrictions are rarely expressed in licenses because any right that is not explicitly granted is usually interpreted to be prohibited.


An obligation is a condition that must be met before the end user is allowed to perform a specific action on an asset. The most common obligation in a commercial license is the requirement to pay a fee. In open access works, obligations often take the form of a “share alike” requirement, where end users can use an asset, but any derivative works created must be available under the same licensing conditions as the original. Other common obligations include giving attribution to a creator or copyright holder, keeping a copy of the original license or invoice, or the requirement to submit written permission for every new use of an asset.


Once end users have fulfilled any obligations, they have the right to perform specific actions on an asset. In effect, an action represents the end user’s ability to control an asset to derive a benefit from it. Common actions include the right to print, copy, and make a derivative work from an asset. The types of possible actions depend on the digital asset in question. For example, while “print” is a valid action for an image, it does not apply to an audio recording. Similarly, an audio file might be “transcribed”, but this action would not be directly applicable to an image.

No universally-accepted list of possible actions exists, although one researcher has noted that actions can be divided into four broad categories:

  • Manage: Administrative and maintenance actions intended to maintain the integrity and availability of a digital file, such as making backups or, in the case of a digital library, making preservation copies in a new format (for example, converting JPEG files to JPEG2000)
  • Transfer: Allows transferring specific rights to another party. Example actions include lending, reselling, or renting a digital asset.
  • Re-use: Refers to actions that change the original asset in order to make a new, derivative asset. Examples include cropping an image, adding scenes from a video to a larger production, and sampling a piece of music.
  • Use: This covers actions that “consume” a digital asset, such as viewing a video, playing a video game, placing an image in a textbook, or using an image in a piece of display advertising.


When licensing assets, it is rare to permit an action in perpetuity in all cases. Instead, actions are normally constrained by conditions. A constraint has two components: a type and a value. The type establishes what is being constrained, while the value establishes the conditions or parameters of the constraint. For example, a video license might allow users to view a video when it is served from a specific web domain. In this scenario, the type of constraint would be “allowed domain”, and the permitted value would be the specific web address. Typical constraints include the start and end dates for a license, a distribution channel constraint, or a geographic constraint.

Arguably, constraints are the most important feature of any license, since they establish the boundaries that define how an asset can be used and are crucial for determining whether an end user is in compliance with the terms of a license.

Representing Rights and Permissions

Most rights information is captured in written contracts, which must be interpreted by people before an asset can be used. The need for human review creates a bottleneck in any digital supply chain. A publisher that wants to license and distribute assets in bulk, or a hotel chain that has images of thousands of properties must take the time to research and reclear the rights and permissions attached to its assets before it can reuse them.

An alternative to human review is to describe the rights attached to assets in a standardized way that can be exchanged automatically between systems. Rights Expression Languages (RELs) have been developed to serve this purpose. Although adoption of RELs has been slow–largely due to the complexity of understanding the technology–they are all based on the fundamental concepts outlined in this post. In my next blog post, I will examine some common RELs to show how they apply these concepts. 

If this topic interests you, then you can follow me on LinkedIn to receive a notice when I publish the next posts in this series.  Alternatively, follow Avalon Consulting, LLC on twitter and you’ll receive the link when it is tweeted out, or follow the Avalon LinkedIn page.

Demian Hess is the DAM Practice Director for Avalon Consulting, LLC. This blog post is the first in a series of articles on managing digital asset permissions using rights expression languages and other modern technologies. This post is an excerpt from Demian Hess’ article “Managing digital rights with rights expression languages”, which appears in the Autumn/Fall 2015 issue of the Journal of Digital Media Management

Demian Hess About Demian Hess

Demian Hess is Avalon Consulting, LLC's Director of Digital Asset Management and Publishing Systems. Demian has worked in online publishing since 2000, specializing in XML transformations and content management solutions. He has worked at Elsevier, SAGE Publications, Inc., and PubMed Central. After studying American Civilization and Computer Science at Brown University, he went on to complete a Master's in English at Oregon State University, as well as a Master's in Information Systems at Drexel University.

Leave a Comment