Tuesday, January 29, 2008

ECJ rules privacy trumps copyright

The European Court of Justice has reportedly ruled that telcos do not have a duty to disclose personal details of suspected file sharers to copyright owners.

"European Union countries can refuse to disclose names of file sharers on the Internet in civil cases, the EU's top court said on Tuesday in a blow to copyright holders trying to fight digital piracy.

The European Court of Justice ruled on a dispute between Spanish music rights holders association Promusicae and Spain's top telecommunications operator, Telefonica.

Telefonica argued that, under a national law based on EU rules, it had to disclose the name of an Internet subscriber only for criminal actions, not civil ones.

"Community law does not require the member states, in order to ensure the effective protection of copyright, to lay down an obligation to disclose personal data in the context of civil proceedings," the court said in a statement."

The court said:

"There are several community directives whose purpose is that the member states should ensure, especially in the information society, effective protection of industrial property, in particular copyright.

Such protection cannot, however, affect the requirements of the protection of personal data. The directives on the protection of personal data also allow the member states to provide for exceptions to the obligation to guarantee the confidentiality of traffic data"

In other words, the ECJ concluded that privacy trumps copyright protection and the judgement was expected since the ECJ's Advocate General, Juliane Kokott, in advising the court in August of last year, basically said the same thing. P2PNet also has a copy of the Court press release relating to the judgement:

29 January 2008

Judgment of the Court of Justice in Case C-275/06

Productores de Música de España (Promusicae) v Telefónica de España SAU

THE COURT RULES ON THE PROTECTION OF INTELLECTUAL PROPERTY RIGHTS IN THE INFORMATION SOCIETY

Community law does not require the Member States, in order to ensure the effective protection of copyright, to lay down an obligation to disclose personal data in the context of civil proceedings

There are several Community directives 1 whose purpose is that the Member States should ensure, especially in the information society, effective protection of industrial property, in particular copyright. Such protection cannot, however, affect the requirements of the protection of personal data. The directives on the protection of personal data 2 also allow the Member States to provide for exceptions to the obligation to guarantee the confidentiality of traffic data.

Promusicae is a Spanish non-profit-making organisation of producers and publishers of musical and audiovisual recordings. It applied to the Spanish courts for an order that Telefónica should disclose the identities and physical addresses of certain persons whom it provided with internet access services, whose IP address and date and time of connection were known. According to Promusicae, those persons were using the KaZaA file exchange program (peer-to-peer or P2P) and providing access in shared files of personal computers to phonograms in which members of Promusicae held the exploitation rights. It therefore sought disclosure of the above information in order to be able to bring civil proceedings against the persons concerned.

Telefónica argued that, under Spanish law,3 the communication of the data sought by Promusicae was authorised only in a criminal investigation or for the purpose of safeguarding public security and national defence.

The Spanish court asks the Court of Justice of the European Communities whether Community law requires the Member States to lay down, in order to ensure effective protection of copyright, an obligation to communicate personal data in the context of civil proceedings.

The Court of Justice notes that the exceptions permitted by the directives on the protection of personal data include the measures necessary for the protection of the rights and freedoms of others. As the directive on privacy and electronic communications does not specify the rights and freedoms concerned by that exception, it must be interpreted as expressing the Community legislature’s intention not to exclude from its scope the protection of the right to property or situations in which authors seek to obtain that protection in civil proceedings. It does not therefore preclude the possibility for the Member States of laying down an obligation to disclose personal data in the context of civil proceedings. However, it does not compel the Member States to lay down such an obligation.

As to the directives on intellectual property, the Court of Justice finds that they too do not require the Member States to lay down, in order to ensure effective protection of copyright, an obligation to communicate personal data in the context of civil proceedings.

That being so, the Court points out that the present reference for a preliminary ruling raises the question of the need to reconcile the requirements of the protection of different fundamental rights, namely the right to respect for private life on the one hand and the rights to protection of property and to an effective remedy on the other.

The Court concludes that the Member States must, when transposing the directives on intellectual property and the protection of personal data, rely on an interpretation of those directives which allows a fair balance to be struck between the various fundamental rights protected by the Community legal order. Further, when implementing the measures transposing those directives, the authorities and courts of the Member States must not only interpret their national law in a manner consistent with the directives but also make sure that they do not rely on an interpretation of them which would be in conflict with those fundamental rights or with the other general principles of Community law, such as the principle of proportionality.

The full judgment is available at the ECJ website. It is quite a technical judgment looking at the details of a collection of EU directives and how they interact; and how to achieve a balance between the right to protect personal data and the right to protect property but the key parts of the decision seem to be paragraphs 61 to 70:
"Fundamental rights

61 The national court refers in its order for reference to Articles 17 and 47 of the Charter, the first of which concerns the protection of the right to property, including intellectual property, and the second of which concerns the right to an effective remedy. By so doing, that court must be regarded as seeking to know whether an interpretation of those directives to the effect that the Member States are not obliged to lay down, in order to ensure the effective protection of copyright, an obligation to communicate personal data in the context of civil proceedings leads to an infringement of the fundamental right to property and the fundamental right to effective judicial protection.

62 It should be recalled that the fundamental right to property, which includes intellectual property rights such as copyright (see, to that effect, Case C‑479/04 Laserdisken [2006] ECR I‑8089, paragraph 65), and the fundamental right to effective judicial protection constitute general principles of Community law (see respectively, to that effect, Joined Cases C‑154/04 and C‑155/04 Alliance for Natural Health and Others [2005] ECR I‑6451, paragraph 126 and the case-law cited, and Case C‑432/05 Unibet [2007] ECR I‑2271, paragraph 37 and the case-law cited).

63 However, the situation in respect of which the national court puts that question involves, in addition to those two rights, a further fundamental right, namely the right that guarantees protection of personal data and hence of private life.

64 According to recital 2 in the preamble to Directive 2002/58, the directive seeks to respect the fundamental rights and observes the principles recognised in particular by the Charter. In particular, the directive seeks to ensure full respect for the rights set out in Articles 7 and 8 of that Charter. Article 7 substantially reproduces Article 8 of the European Convention for the Protection of Human Rights and Fundamental Freedoms signed at Rome on 4 November 1950, which guarantees the right to respect for private life, and Article 8 of the Charter expressly proclaims the right to protection of personal data.

65 The present reference for a preliminary ruling thus raises the question of the need to reconcile the requirements of the protection of different fundamental rights, namely the right to respect for private life on the one hand and the rights to protection of property and to an effective remedy on the other.

66 The mechanisms allowing those different rights and interests to be balanced are contained, first, in Directive 2002/58 itself, in that it provides for rules which determine in what circumstances and to what extent the processing of personal data is lawful and what safeguards must be provided for, and in the three directives mentioned by the national court, which reserve the cases in which the measures adopted to protect the rights they regulate affect the protection of personal data. Second, they result from the adoption by the Member States of national provisions transposing those directives and their application by the national authorities (see, to that effect, with reference to Directive 95/46, Lindqvist, paragraph 82).

67 As to those directives, their provisions are relatively general, since they have to be applied to a large number of different situations which may arise in any of the Member States. They therefore logically include rules which leave the Member States with the necessary discretion to define transposition measures which may be adapted to the various situations possible (see, to that effect, Lindqvist, paragraph 84).

68 That being so, the Member States must, when transposing the directives mentioned above, take care to rely on an interpretation of the directives which allows a fair balance to be struck between the various fundamental rights protected by the Community legal order. Further, when implementing the measures transposing those directives, the authorities and courts of the Member States must not only interpret their national law in a manner consistent with those directives but also make sure that they do not rely on an interpretation of them which would be in conflict with those fundamental rights or with the other general principles of Community law, such as the principle of proportionality (see, to that effect, Lindqvist, paragraph 87, and Case C‑305/05 Ordre des barreaux francophones et germanophone and Others [2007] ECR I‑0000, paragraph 28).

69 Moreover, it should be recalled here that the Community legislature expressly required, in accordance with Article 15(1) of Directive 2002/58, that the measures referred to in that paragraph be adopted by the Member States in compliance with the general principles of Community law, including those mentioned in Article 6(1) and (2) EU.

70 In the light of all the foregoing, the answer to the national court’s question must be that Directives 2000/31, 2001/29, 2004/48 and 2002/58 do not require the Member States to lay down, in a situation such as that in the main proceedings, an obligation to communicate personal data in order to ensure effective protection of copyright in the context of civil proceedings. However, Community law requires that, when transposing those directives, the Member States take care to rely on an interpretation of them which allows a fair balance to be struck between the various fundamental rights protected by the Community legal order. Further, when implementing the measures transposing those directives, the authorities and courts of the Member States must not only interpret their national law in a manner consistent with those directives but also make sure that they do not rely on an interpretation of them which would be in conflict with those fundamental rights or with the other general principles of Community law, such as the principle of proportionality."

And they then conclude:

On those grounds, the Court (Grand Chamber) hereby rules:

Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market (‘Directive on electronic commerce’), Directive 2001/29/EC of the European Parliament and of the Council of 22 May 2001 on the harmonisation of certain aspects of copyright and related rights in the information society, Directive 2004/48/EC of the European Parliament and of the Council of 29 April 2004 on the enforcement of intellectual property rights, and Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) do not require the Member States to lay down, in a situation such as that in the main proceedings, an obligation to communicate personal data in order to ensure effective protection of copyright in the context of civil proceedings. However, Community law requires that, when transposing those directives, the Member States take care to rely on an interpretation of them which allows a fair balance to be struck between the various fundamental rights protected by the Community legal order. Further, when implementing the measures transposing those directives, the authorities and courts of the Member States must not only interpret their national law in a manner consistent with those directives but also make sure that they do not rely on an interpretation of them which would be in conflict with those fundamental rights or with the other general principles of Community law, such as the principle of proportionality.

Update: There's a nice commentary on the case by Iain Connor, an IP specialist at Pinsent Masons, at Outlaw.

"Any record industry exec would have been weeping into his cornflakes today as he perused the newspapers. The European Court of Justice was reported everywhere as having handed victory in a battle to privacy activists and file-sharers by ruling that ISPs do not have to hand over subscriber details in file sharing or any other civil cases.

The problem is that these reports have missed the point. What the ECJ actually said was that national governments can, effectively, do what they like on the issue.

Therefore, if Spain wants to rule that file-sharer details can only be revealed in criminal cases, it can. However, if UK courts want to hold, as they do, that file-sharer details can be revealed in all cases, then that's fine too."

BALII has now got the full judgement too.

Daithi and IPKat also have their usual informed commentary.

No comments: