While many eyes are currently focused on the U.S. Stop Online Piracy Act and its Senate evil sister, the Protect IP Act, several cases in Europe could determine whether private party copyright censorship of the Internet becomes the new global norm, and terminate the Internet’s end-to-end architecture. This is not just an issue for those in Europe. As we saw with the export of copyright term extension from the EU to the US in 1998, what happens in Europe will inevitably shape the technological, policy and legal environment elsewhere.
In two cases before the European Court of Justice (discussed further below), a copyright collecting management organization has asked an ISP and a social media platform to filter all network communications – inbound and outbound – for potential copyright infringing material. As the European Court of Justice ruled recently in one of those cases, such a broad network-level filtering injunction would threaten users’ privacy and fly in the face of the foundational principles underpinning many countries’ Internet intermediary laws – that mere conduit ISPs should not face liability for merely passing on packets, and the prohibition against requiring ISPs to monitor their customers’ communications as a condition for benefiting from limited liability regimes.
This page highlights both recent efforts to turn Internet intermediaries into copyright police, and several provisions of European Union law that were expressly intended to protect citizens’ rights in the context of online copyright enforcement. Because European Union law sets the parameters of legal rights and responsibilities in the 27 EU Member States and is highly influential in neighbouring countries and the members of the European Economic Area, looking at how the relevant EU Directives are interpreted at European Union level is vitally important.
A mesh of overlapping EU Directives set out the legal obligations of Internet intermediaries and Internet users’ rights of privacy and freedom of expression under European Union law. Each of these directives must, in turn, be implemented into EU member states’ national laws. As a result, the actual scope of Internet intermediaries’ obligations and Internet users’ rights depends on the national laws which implement this framework, and the way that national laws balance competing legal duties, such as enforcement of intellectual property rights, and protection for EU citizens’ privacy and personal data.
The primary provisions regulating liability of “Information Society Service Providers” are in Articles 12-15 of the EU e-Commerce Directive, 2000/31/EC (the ECD). It sets up a framework for limited liability for Information Society Service Providers that meet certain conditions for facilitating communications as a mere conduit (Article 12), caching (Article 13) and for hosting of others’ content (Article 14). The ECD framework is not limited to potential ISP liability for copyright infringement. It creates a horizontal framework that applies to other bases of liability, such as defamation. The ECD does not prevent courts from issuing far-reaching injunctions against ISPs. For copyright enforcement, Article 8(3) of the Harmonization of Certain Aspects of Copyright and Related Rights in the Information Society Directive (2001/29/EC) sets out what type of injunctions must be available to rightsholders under EU member states’ laws in relation to copyright. The actions that copyright owners can take against ISPs are set out in the IPR Enforcement Directive, 2004/48/EC. Amongst other things, it includes a right for IP rightsholders to obtain information about the identity of alleged infringers from any one in the chain of distribution, including Internet intermediaries.
The EU Personal Data Directive (1995/46/EC) and the EU Electronic Privacy and Communications Directive (2002/58/EC, as amended by Directives 2006/24/EC and 2009/136/EC) create the framework for protection of EU citizens’ privacy and personal data. In addition, Internet users’ rights to privacy and free expression are enshrined in the Charter of Fundamental Rights of the EU, which binds all EU member states on issues covered by EU law,came into force in December 2009. EU Member States must act and legislate in accordance with its provisions when implementing EU legislation or acting in an area covered by EU legislation. In addition, all EU Member States are party to the Council of Europe’s European Convention on Human Rights and Fundamental Freedoms, which also requires states to protect citizens’ fundamental rights and the Union itself is in the process of negotiating ratification of this instrument.
Finally, the propose Anti-Counterfeiting Trade Agreement includes a number of provisions governing Internet intermediary liability, including requirements for signatory countries to have laws allowing rightsholders to obtain broad injunctions against Internet intermediaries and other third parties (Arts 8, 12); requirements for signatory countries to “promote cooperative efforts within the business Community” for online copyright and trademark enforcement (Art. 27(3)) and mandatory disclosure of Internet users’ identities (Arts. 4, 27(4)). If the EU decides to accede to ACTA (which is by no means clear, particularly in light of pending questions about whether ACTA is compatible with EU law), these provisions will have a direct impact on current EU law – in particular interpretation of existing provisions and scope for revision/improvement.
The European Parliament has expressly rejected non-judicial Three Strikes automatic Internet disconnection policies on two occasions. In 2008 a parliamentary report on the Cultural Industries in Europe (European Parliament resolution of 10 April 2008 on Cultural Industries in Europe (2007/2153(INI)), Culture and Education Committee, CULT/6/40018, adopted 10/04/2008, paragraph 23) declared that:
“The Internet is a vast platform for cultural expression, access to knowledge, and democratic participation in European creativity, bringing generations together through the information society [and calls] on the Commission and the Member States, therefore, to avoid adopting measures conflicting with civil liberties and human rights and with the principles of proportionality, effectiveness and dissuasiveness, such as the interruption of Internet access.”
This was enshrined in European Union law in 2009 in the Telecoms Package framework revision agreed by the European Parliament, the European Council, and the European Commission. Although somewhat weaker than the original proposed amendment 138, the adopted Article 1(3a) of the Framework Directive on electronic communications states that EU Member States may only adopt measures interfering with citizens’ ability to access and use the Internet in limited circumstances (Directive 2002/21/EC on a common regulatory framework for electronic communications networks and services, as amended by Directive 2009/140/EC):
“Measures taken by Member States regarding end-users’ access to or use of services and applications through electronic communications networks shall respect the fundamental rights and freedoms of natural persons, as guaranteed by the European Convention for the Protection of Human Rights and Fundamental Freedoms and general principles of Community law.
Any of these measures regarding end-users’ access to or use of services and applications through electronic communications networks liable to restrict those fundamental rights or freedoms may only be imposed if they are appropriate, proportionate and necessary within a democratic society, and their implementation shall be subject to adequate procedural safeguards in conformity with the European Convention for the Protection of Human Rights and Fundamental Freedoms and general principles of Community law, including effective judicial protection and due process. Accordingly, these measures may only be taken with due respect for the principle of presumption of innocence and the right to privacy. A prior fair and impartial procedure shall be guaranteed, including the right to be heard of the person or persons concerned, subject to the need for appropriate conditions and procedural arrangements in duly substantiated cases of urgency in conformity with the European Convention for the Protection of Human Rights and Fundamental Freedoms. The right to an effective and timely judicial review shall be guaranteed.”
It is worth noting that Member States were very keen to include text stating “measures taken by Member States” in the text – possibly with the view that “voluntary measures” that intermediaries have been coerced into would not be legally considered as measures taken by Member States.
Europe has been at the forefront of IP rightsholders’ efforts to impose filtering obligations on ISPs for many years.
In the European Parliament, a lobbyist memorandum produced by the International Federation of Phonographic Industries and circulated to European Parliament staffers in November 2007 called on the European Parliament to mandate that ISPs block communications using particular Internet protocols, install network-level filtering and block access to websites that facilitate copyright infringement.
In December 2007, a proposed amendment to a report from the European Parliament’s Cultural Affairs Committee would have required ISPs to filter their networks and customer communications in order to find evidence of potential infringement.
And in September 2010, the European Parliament adopted the controversial non-legislative Gallo Report on Enforcement of Intellectual Property Rights in the Internal Market, which called for voluntary agreements between rightsholders and ISPs to harmonize IP enforcement efforts across EU member states and “[s]tresses that all parties concerned, including Internet service providers, must join in the dialogue with stakeholders in order to find appropriate solutions” and failing that, called on the Commission to “submit a legislative proposal or to amend existing legislation, particularly Directive 2004/48/EC, so as to upgrade the Community legal framework in this field”.
Outside of European Parliament, the European Commission pressed for website blocking through voluntary agreements for several years. In 2009-10 the Commission’s Directorate General on Internal Market held stakeholder dialogues on “illegal uploading and downloading” – a set of informal meetings focused on “voluntary measures”. The first meeting between industry representatives to consider the specifics of voluntary agreements was held prior to the release of the European Commission’s September 2009 Communication on IPR Enforcement, which called for voluntary agreements and non-legislative measures to address online copyright infringement. Reports indicate that ISPs were compelled to join the discussions under the threat of legislation. Website blocking and DNS manipulation were discussed at another meeting in April 2010, where rightsholders argued that if ISPs can block child exploitation websites, they could also block websites for the purpose of copyright enforcement. Interestingly, when the EU institutions looked at the value of blocking child exploitation websites, they found that this was also unhelpful and rejected the Commission’s initial proposal to make EU-wide blocking mandatory.
Whether ISPs can be required to filter and block content for copyright enforcement at the network level has been a hotly contested issue in EU law. In 2010 two cases were referred to the European Court of Justice, asking for clarification on the scope of injunctions that can be issued against ISPs under EU law. In the first case, SABAM v. Scarlet, a Belgian court ordered ISP Scarlet to implement a filtering system to identify and block the transfer of music files for which Belgian collective management organization SABAM managed the copyright. The Court ordered Scarlet to install acoustic fingerprint software Audible Magic to filter inbound and outbound Internet communications within 6 months, under threat of a heavy daily fine. Scarlet objected, producing technical evidence showing that Audible Magic was not workable, and appealed on the grounds that the injunction violated the no general obligation to monitor principle in Article 15 of the eCommerce Directive. The same question is raised in the second case, SABAM v Netlog, still pending before the European Court of Justice, where the same collective management organization has sought a similar filtering injunction against social media platform Netlog.
In the first case, the European Court of Justice ruled in late November 2011 that “EU law precludes the imposition of an injunction by a national court which requires an internet service provider to install a filtering system with a view to preventing the illegal downloading of files. Such an injunction does not comply with the prohibition on imposing a general monitoring obligation on such a provider, or with the requirement to strike a fair balance between, on the one hand, the right to intellectual property, and, on the other, the freedom to conduct business, the right to protection of personal data and the freedom to receive or impart information.”
The Court found that while the Charter of Fundamental Rights of the European Union requires protection of intellectual property, that is not an absolute right, and must be balanced with the obligation to protect citizens’ personal data and the right to seek and impart information also enshrined in the Charter. Because the injunction required filtering and blocking of any copyright material, for all time, and irrespective of whether a copyright holder had complained, it would require systematic monitoring of all electronic communications on Scarlet’s network and amounted to a general obligation on Scarlet to monitor its customers’ communications, in violation of the fundamental principle enshrined in Article 15 of the eCommerce Directive. Article 15 prohibits imposing a general obligation on Internet intermediaries to monitor their networks and platforms and provides that Internet intermediaries do not have to look for evidence of potentially infringing content on their networks to get the benefit of the limitation on liability. This principle is necessary to protect citizens’ fundamental right to privacy, which underpins the rights of freedom of expression and association.
Since the filtering injunction could not distinguish between unlawful and lawful content, the Court found that it could block lawful communications and would undermine Internet users’ freedom of expression. It therefore failed to strike a fair balance between the need to protect rightsholders’ intellectual property rights and the obligation to protect citizens’ fundamental rights.
The European Court of Justice’s careful ruling has significant implications for the future of the global Internet. In countries around the world, IP rightsholders have sought to impose filtering, blocking and termination obligations on Internet intermediaries through injunctions. By precluding pre-emptive, network-level filtering and blocking injunctions, the SABAM v. Scarlet ruling sets an important limit on this strategy for EU countries.
Whether rightsholders can force ISPs to disclose the identity of subscribers on an allegation of copyright holders is a hot issue in the EU because of the strong protection given to Internet users’ privacy and personal data. Courts in EU member states have come to widely differing conclusions on this issue. It was the subject of a 2008 ruling by the European Court of Justice in the Productores de Música de España (Promusicae) v.
Telefónica de España SAU case and is the focus of another case currently pending before the European Court of Justice.
The Promusicae case involved a request made by a Spanish music rightsholder association (Promusicae) to Spain's leading ISP (Telefonica) for personal data about Telefonica subscribers using dynamic IP addresses, which Promusicae alleged were engaged in filesharing using KaZaA software. The European Court of Justice was asked to interpret a mesh of overlapping EU Union laws (the EU E-Commerce Directive 2000/31/EC; the Copyright Harmonization Directive 2001/29/EC; the right of information in Article 8 of the IPR Enforcement Directive 2004/48/EC; and the circumstances in which collection and processing of personal data can be permissible under the Electronic Privacy and Communications Directive 2002/58/EC).
The Court was asked to answer the question: does European Union law require EU Member States that are implementing this suite of EU directives to impose an obligation on ISPs to divulge their customers' personal data to rightsholders in a civil copyright lawsuit? The court ruled no. But while this is not required, the Court left open the possibility that countries could choose to do so in their national law. It emphasized that how the competing obligations in these Directives are balanced is a matter for national law, but stated that EU Member States must implement all of these competing directives in a way which “allows a fair balance to be struck between the various fundamental rights” protected under EU law, and that they cannot rely on “an interpretation of them which would be in conflict with those fundamental rights or with the other general principles of Community law, such as the principle of proportionality.”
While the Promusicae decision is clear, there have been concerted efforts to overturn this balance since then. In 2008, US IP rightsholders in their submissions to the US Trade Representative’s Office on ACTA asked for obligations to be imposed on Internet intermediaries to divulge the identities of alleged infringers and to “simplify” EU privacy laws. More recently, the key issue in the 2011 European Commission consultation on the review of the 2004 EU IPR Enforcement Directive was a call for information on whether the balance between copyright owners’ right to information for copyright enforcement under that Directive and the protection for personal data required under EU law should be redrawn in favor of disclosure to rightsholders.
Whether the collection and processing of personal data for a Three Strikes regime can ever comply with EU law is one of the questions raised in the pending appeal of the Judicial Review of the UK Digital Economy Act, and was considered in the prior EMI v UPC decision in Ireland.read more...