They rejected BT's and TalkTalk's challenge of the Digital Economy Act (DEA), as did Justice Parker in the High Court last April.
In many ways it was a predictable outcome but nevertheless frustrating, both for the lack of understanding of the technology displayed by the Court and the underlying assumption of "balance" in the wording of the key legal instruments on display.
The contested provisions of the DEA impose "initial obligations on ISPs to notify (s124a) customers of copyright infringement reports (CIRs) received from copyright owners; and to provide (s124b) copyright infringement lists (CILs) to content owners if an "initial obligations code" is in force. The initial obligations code could be self regulatory (s124c) - worked out between the telcos and copyright owners - or imposed by Ofcom (s124d) in the event the relevant agents can't agree amongst themselves. S124e gives a fairly detailed list of the things that the initial obligations code is supposed to cover eg CIRs, CILs, what suspect identification has to be expedited, who pays what, administrative specifics, proportionality, transparency, non discrimination and other provisions. The DEA also empowers the Secretary of State to decide rules about the relative responsibilities for costs arising from the initial obligations code.
The DEA also allows the future introduction of blocking measures or a 3 strikes regime or, more accurately, future "technical obligations" on ISPs to police copyright infringement. The case was not concerned with these technical obligations - only the initial obligations code and the relative costs provisions.
The ISPs are exorcised by the demands the DEA initial obligations code is imposing on them. They appealed Justice Parker's rejection of their challenge on 4 grounds.
Firstly they content the obligations (sections 124 a to e of the DEA) should have been notified to the EU Commission under the requirements of article 8(1) of the Technical Standards Directive. Lord Justice Richards (in para 24 to 45 of the judgment) rejects the claim on the basis of European Court of Justice precedents (Case C-317/92 Commission v Germany 1994 and Case C-194/94 CIA Security SA v Signalson SA and Securitel SORL 1994) which suggest that the initial obligations code, once the details are worked out, will be notifiable to the Commission under the directive, but the primary legislation from which the code is derived is not notifiable, since it's not detailed enough to be a technical standard.
BT made some sound detailed arguments on this eg when (para 34) they suggest the original judge might have been mistaken in saying "that the ISP would not be liable to receive or take action on a copyright infringement report “unless” a code was in force: “unless” suggests that there might not be a code, whereas the statute requires there to be one." This is a very fair point but on the substance of the precedents they lost the overall argument on points in relation to the technical standards directive.
Secondly they challenged on the basis of a perceived twofold breach of the Electronic Commerce Directive.
"(1) that the effect of the contested provisions is to render ISPs potentially “liable for the information transmitted”, contrary to Article 12, and (2) that the contested provisions amount to restrictions on the freedom to provide information society services from other Member States, “for reasons falling within the coordinated field”, contrary to Article 3."Lord Richards quotes liberally from the original High Court judgement of Justice Parker here. Justice Parker basically liberally praised the balance of the legislation (eg. he explained he was concerned about "doing violence" to the language and thereby "upsetting the careful balance represented by the text"); whilst saying that making an ISP police copyright infringement is not the same as making them liable directly or vicariously for copyright infringement. So forcing ISP into incurring costs of policing does not trigger making them liable as "mere conduits" and therefore article 12 of the directive doesn't apply. It's a defensible and possibly even clever position but the notion that it is "balanced" is too deferential to the legislature and a long way out of sync with such evidence as is available regarding the proportionality of the mass surveillance the DEA facilitates. Lord Richards uses paras 46 to 60 of the judgment to do little more than agree with that position.
The argument in relation to article 3 of the ecommerce directive, which excludes copyright from its scope, was slightly more convoluted. Basically BT argued that the DEA was not a copyright statute so therefore not excluded from section 3. The government argued and the judges agreed that it was a law related to copyright and therefore excluded. There was an argument too about whether the copyright and related rights directive provided an upper limit on what member states could do with copyright law (BT's position) or whether it was a baseline ("a minimum harmonising measure") and didn't prevent the enactment of more restrictive measures. BT lost that one too.
"70. At the time when the Electronic Commerce Directive was adopted, “copyright” in the Annex to the directive must in my view have had its normal meaning, encompassing all aspects of the law of copyright under national laws, and cannot have had the elaborate meaning attributed to it by the appellants. At that time there was no harmonising directive at the Community level in the field of copyright protection. It would be unrealistic to impute to the Community legislature, at least in the absence of clear, express language to this effect, an intention to give “copyright” a meaning related to provisions of a copyright directive that had not yet been adopted. But if “copyright” did not have the appellants’ meaning at the outset, I do not see how it can have come to acquire that meaning subsequently. The later adoption of the Copyright Directive cannot of itself have had the effect of changing the meaning of the expression. It would have needed an express amendment of the Electronic Commerce Directive to achieve that result, but no such amendment has ever been made.
71. In my judgment, that is sufficient to dispose of the appellants’ case under Article 3 of the Electronic Commerce Directive."Ground three of the appeal was on the basis of the data protection directive and the privacy and electronic communications directive. My perspective on that central element of the case and ground 4 in relation to the authorisation directive will be the subject of a later post.