In October 2009, France famously introduced a three strikes (graduated response) procedure in its IP code (Code de la Propriété Intellectuelle, art. L331-12 et seq.). The new law created an administrative agency (Haute Autorité pour la diffusion des œuvres et la protection des droits sur internet, in short: Hadopi), with a general mission of protecting copyrighted material on the Internet (Article L331-13). Its overall budget exceeds 12M€ (18M$) per year.
In May 2011, UN Rapporteur Frank La Rue explicitly disapproved of the French three strikes law. This law raises serious concerns that are necessarily connected to filtering and taking down of content.
DisconnectionCreated by: law
In short, Internet subscribers whose connection is repeatedly used to share copyrighted material may be disconnected from the Internet and may have to continue paying for the service (so-called ‘double pain’), or pay a fine.
Active since mid-2010, Hadopi is authorized to initiate proceedings when rightsholders (represented by professional organizations) file a complaint. These organizations (such as Trident Media Guard) surveil public filesharing networks and collect ‘evidence’ of alleged infringements. Hadopi then has two months to contact the relevant Internet Access Provider (IAP) and issue a (first) warning to the suspected infringer. This initial warning is only sent to the email address known by the IAP (usually the default IAP address). When Hadopi is notified of another alleged infringement within 6 months after the first warning or within 1 year after a second warning, another warning can be issued (art. L331-25). The third warning clearly states the possibility of criminal liability which can result in a €1,500 fine and/or disconnecting the individual for up to one month (art. L335-7-1). Originally, Hadopi was issuing orders for disconnection itself, but the Constitutional Court struck down this measure. Now these sanctions can only be issued by a judge after Hadopi has notified the public prosecutor.
Besides the many questions a potential disconnection raises, several major issues have caused a lot of critique. First of all, under this new legal framework, it is the Internet access subscriber, and only him/her, that is held liable (even when he or she doesn’t know about the allegedly illegal activity) (Article L336-3). This has resulted in a new obligation to secure one’s Internet connection.Hadopi is supposed to provide security tools for individual subscribers in the initial infringement notice, but they have yet to do so.Secondly, the basic presumption of innocence is reversed. In other words, the Internet access subscriber is presumed guilty and has the burden to prove otherwise.Another concern is that the whole Hadopi process is based on evidence (IP addresses) collected by private actors acting as copyright police, who have a financial interest in the process.
So far, Hadopi hasn’t notified the public prosecutor after a third warning was issued and no one has appeared before a judge. As a result, no disconnection has been ordered.read more...
BlockingCreated by: law
Together with the provisions establishing Hadopi, another article was introduced in the French IP law (article L336-2).
Although the Senate removed the word ‘filtering’ in the final version, the provision still allows courts to order ‘any person capable of contributing … to take any measure appropriate to prevent or stop online copyright infringement’. A recent amendment to the law even allowed Hadopi to grant subsidies to private surveillance and filtering companies. Not much later, though, the Constitutional Court ruled the amendment unconstitutional.
Case law has yet to bring much clarity. According to article 15 of the European eCommerce Directive, member states cannot impose a ‘general obligation to monitor’ (read: filter out potentially infringing content a priori). Nevertheless, some judges in France have expanded the traditional ‘notice and take-down’ principle to a ‘notice and stay-down’ principle. This means that when a rightsholder has requested a takedown of his content, the intermediary should prevent anyone from ever uploading that same content again. This trend, however, seems to have been reversed in a February 2011 Supreme Court decision (DailyMotion Case). In short, content can only be taken down (‘filtered out’) after explicit and clear notification for each individual case. In May 2011 the notice and takedown principle was reaffirmed by a lower court (Google Images case).
Nevertheless, the exclusive focus on the notice and takedown debate and the growing collaboration between intermediaries and third parties (e.g. rightsholders) raise some important concerns as well. In order to avoid liability, intermediaries are increasingly taking down (‘filtering’) content at the slightest concern raised. Additionally, rightsholders are also implementing preventive measures to match online content to copyrighted materials (such as ‘video identification’ or ‘acoustic fingerprinting’ technologies). All these trends have only increased the amount of ‘preventive’ filtering by intermediaries.read more...
Data DisclosureCreated by: law
Hadopi does not collect personal data a priori, as a preventive measure. When a company hired by a rightsholder (Trident Media Guard is the only known company acting as such a private copyright police) believes he has found content that infringes on his copyright, he communicates the relevant information to Hadopi. These referrals include the date and time, the IP address, information on the relevant copyrighted material, and the name of the Internet Access Provider.
When Hadopi decides to initiate the graduated response procedure, the access provider has to communicate the necessary subscriber information (name, phone number, address, etc.) within eight days after having received the required technical information by Hadopi. Only direct administrative agents of Hadopi (sworn in by its president) have access to the personal data. Data is supposed to be erased 2 months after it is provided to Hadopi, 14 months after the first warning, and 21 months after a second warning (except, of course, when a new warning is issued). When the infringement has been sent to the public prosecutor, data has to be removed from Hadopi’s databases after one year or whenever a court decides not to issue a disconnection order (article 3, Décret n°2010-236).read more...
Facts and Figures
Making available (or the mere incitement to use) software that is consciously and obviously meant to illegally make available copyrighted material, is punished with 3 years in prison and €300.000 fines (art.L335-2-1)
Similar to the DMCA, technical protection measures are protected as well : €3750 fine for circumvention and €30000 plus six months imprisonment for procuring the software or knowingly proposing the use of it (art.L335-3-1).
In its first activity report (October 2011), Hadopi stated that 60 people have already received a third warning. As mentioned earlier, their cases did not make it to court yet. A year earlier 650,000 ‘first warnings’ were issued. 44,000 people have received 2nd warning.