The ECJ has ruled that an order requiring an online social network provider to install a system for filtering information stored on its service by users, in order to identify and block files containing infringing copies of copyright works, would be incompatible with EU law. (Belgische Vereniging van Auteurs, Componisten en Uitgevers CVBA (SABAM), Case 360/10, 16 February 2012.)
The ECJ has ruled that an injunction requiring an online social network provider to filter information stored on its servers by users, in order to identify and block files containing infringing copies of copyright works which formed part of the repertoire of SABAM, a Belgian collecting society, would be incompatible with EU law. The ECJ held that the implementation of the contested filtering system would require the hosting service provider to actively monitor almost all of the data relating to its service users, contrary to Article 15(1) of the E-Commerce Directive (2000/31/EC). It ruled that the injunction was inconsistent with EU law because it would result in a serious infringement of the hosting service provider's freedom to conduct its business and the rights of its customers to protection of personal data and to receive or impart information, so that it would not respect the fair balance to be struck between those rights and the right to intellectual property.
The ECJ largely applied the principles from its November 2011 judgment in Scarlet Extended Case C‑70/10 [2011] ECR I-0000, a case which also involved SABAM, but which concerned an order requiring filtering and blocking of infringing files imposed on an internet service provider. The case will be welcomed by hosting service providers, such as those who provide online social networks, since it confirms that it is incompatible with EU law to require them to filter information stored by users in order to identify files that infringe copyright. (Belgische Vereniging van Auteurs, Componisten en Uitgevers CVBA (SABAM), Case 360/10, 16 February 2012.)
Background
E-Commerce Directive
The Directive on certain legal aspects of information society services (ISS), in particular electronic commerce, in the Internal market (2000/31/EC) (E-Commerce Directive) limits the liability of ISS providers (essentially those who provide online services) where they act as hosts of information (Article 14). Article 15(1) of the E-Commerce Directive provides that member states must not impose a general obligation on ISS providers when providing the services covered by Article 14 to monitor the information for which they transmit or store.
Copyright Directive
The Directive on the harmonisation of certain aspects of copyright and related rights in the information society (2001/29/EC) (Copyright Directive) provides that member states must:
Provide appropriate sanctions and remedies in respect of infringements of the rights and obligations set out in it, and take all the measures necessary to ensure that those sanctions and remedies are applied. The sanctions thus provided must be effective, proportionate and dissuasive (Article 8(1)).
Ensure that right-holders are in a position to apply for an injunction against intermediaries whose services are used by a third party to infringe a copyright or related right (Article 8(3)).
IP Enforcement Directive
The Directive on the enforcement of intellectual property (IP) rights (2004/48/EC) (IP Enforcement Directive) provides that it shall not affect the Community provisions governing the substantive law on IP or the E-Commerce Directive, in general, and Articles 12 to 15 of the E-Commerce Directive in particular (Article 2(3)). The IP Enforcement Directive requires member states to:
Provide for the measures, procedures and remedies necessary to ensure the enforcement of IP rights, which shall be fair and equitable and shall not be unnecessarily complicated or costly (Article 3(1)). These should be effective, proportionate and dissuasive (Article 3(2)).
Ensure that rights-holders can apply for an injunction against intermediaries whose services are used by a third party to infringe an IP right (Article 11).
Facts
Belgische Vereniging van Auteurs, Componisten en Uitgevers CVBA (SABAM) is a management company which represents authors, composers and publishers of musical works and is responsible for authorising the use by third parties of their copyright-protected works.
Netlog NV runs an online social networking platform. Every person who registers with Netlog acquires a personal space known as a "profile" which the user can complete and which becomes available globally. On their profile, users can show who their friends are, display personal photos or publish video clips.
SABAM claimed that Netlog's social network also offered users the opportunity to make use, by means of their profile, of the musical and audiovisual works in SABAM’s repertoire, making those works available to the public in such a way that other users of that network could access to them without SABAM’s consent and without Netlog paying it any fee.
On 23 June 2009, SABAM had Netlog summoned before the Court of First Instance, Brussels, in injunction proceedings, requesting that Netlog be ordered immediately to cease unlawfully making available musical or audiovisual works from SABAM’s repertoire.
Netlog submitted that granting SABAM’s injunction would:
Be tantamount to imposing on Netlog a general obligation to monitor, which was prohibited by the provision of Belgian law which transposed Article 15 of the E-Commerce Directive into national law.
Result in the imposition of an order that it introduce, for all its customers, in abstracto and as a preventative measure, at its own cost and for an unlimited period, a system for filtering most of the information stored on its servers in order to identify electronic files containing works in which SABAM claimed to hold rights, and subsequently that it block the exchange of such files.
The Court of First Instance stayed the proceedings and asked the ECJ, in essence, whether the E-Commerce Directive, the Copyright Directive, the IP Enforcement Directive, the Data Protection Directive (95/46/EC), and the E-Privacy Directive (2002/58/EC), read together and construed in the light of the requirements stemming from the protection of the applicable fundamental rights, precluded a national court from issuing an injunction against a hosting service provider which required it to install a system for filtering:
Information which is stored on its servers by its service users;
Which applies indiscriminately to all of those users;
Is a preventative measure;
Exclusively at its expense; and
For an unlimited period,
which is capable of identifying electronic files containing musical, cinematographic or audiovisual work in respect of which the applicant for the injunction claims to hold IP rights, with a view to preventing those works from being made available to the public in breach of copyright (the contested filtering system).
Decision
The ECJ ruled that the E-Commerce Directive, Copyright Directive and IP Enforcement Directive, read together and construed in the light of the requirements stemming from the protection of the applicable fundamental rights precluded a national court from issuing an injunction against a hosting service provider which required it to install the contested filtering system. The ECJ's reasoning is summarised below.
Member states' powers to impose injunctions for IP rights infringement: principles established in Scarlet Extended case
The ECJ began by noting that it was not in dispute that the owner of an online social networking platform, such as Netlog, was a hosting service provider within Article 14 of the E-Commerce Directive.
The ECJ also noted that, according to Article 8(3) of the Copyright Directive, and Article 11 of the IP Enforcement Directive, IP rights-holders could apply for an injunction against operators of online social networking platforms who acted as intermediaries within the meaning of those provisions, given that their services could be exploited by users of those platforms to infringe IP rights.
The jurisdiction conferred on national courts, in accordance with those provisions, must allow them to order those intermediaries to take measures aimed not only at bringing to an end infringements already committed against IP rights using their ISS, but also at preventing further infringements. The rules for the operation of such injunctions were a matter for national law.
However, nevertheless, the rules established by the member states, and their application by the national courts, had to observe the limitations arising from the Copyright Directive and the IP Enforcement Directive and from the sources of law to which those directives referred.
Consequently, those rules had to, in particular, respect Article 15(1) of the E-Commerce Directive, which prohibited national authorities from adopting measures which would require a hosting service provider to carry out general monitoring of the information that it stored. The prohibition in Article 15(1) applied, in particular, to national measures which would require an intermediary provider, such as a hosting service provider, to actively monitor all the data of each of its customers in order to prevent any future infringement of IP rights. Furthermore, such a general monitoring obligation would be incompatible with Article 3 of the IP Enforcement Directive, which stated that the measures referred to must be fair, and proportionate and must not be excessively costly.
Did the injunction require the hosting service provider to monitor service users' data?
In those circumstances, the court had to examine whether the injunction at issue would oblige the hosting service provider to actively monitor all the data of each of its service users in order to prevent any future infringement of IP rights.
The ECJ noted that it was common ground that the implementation of the contested filtering system would require that the hosting service provider:
Identify, within all of the files stored on its servers by all its service users, the files likely to contain works in respect of which holders of IP rights claim to hold rights.
Determine which of those files were being stored and made available to the public unlawfully.
Prevent files that it considered to be unlawful from being made available.
The ECJ said that preventive monitoring of this kind would require the hosting service provider to actively monitor almost all of the data relating to all of its service users in order to prevent any future infringement of IP rights, so requiring it to carry out general monitoring contrary to Article 15(1) of the E-Commerce Directive.
Was the injunction inconsistent with EU law?
The ECJ went on to consider whether the injunction was consistent with EU law, taking account of the requirements that stemmed from the protection of the applicable fundamental rights.
The injunction in issue was aimed at pursuing the protection of copyright, an IP right which could be infringed by the nature and content of certain information stored and made available to the public by means of the service offered by the hosting service provider.
The protection of IP was enshrined in Article 17(2) of the Charter of Fundamental Rights of the EU. However, there was nothing in the wording of that provision or in the ECJ's case-law to suggest that that right was inviolable and had to be absolutely protected (Scarlet Extended). It was clear from the ECJ's judgment in Productores de Música de España (Promusicae) v Telefónica de España SAU, Case C-275/06, that the protection of the fundamental right to property, including rights linked to IP, had to be balanced against the protection of other fundamental rights (see Legal update, ECJ considers whether EC law requires ISPs to disclose file-sharers' details).
The injunction in issue involved monitoring all or most of the information stored by the hosting service provider concerned, in the interests of the rights-holders, without limitation of time, in order to protect not only existing works but future works not yet created.
This would result in a serious infringement of the hosting service provider's freedom to conduct its business, provided for under Article 16 of the Charter, since it would require it to install a complicated, costly, permanent computer system at its own expense. This would also be contrary to the conditions laid down in Article 3(1) of the IP Enforcement Directive (Scarlet Extended, by analogy).
Moreover, the effects of that injunction would not be limited to the hosting service provider, as the contested filtering system could also infringe the fundamental rights of the hosting service provider's customers, namely their right to protection of their personal data and their freedom to receive or impart information, which were safeguarded by Articles 8 and 11 of the Charter. The injunction would involve the identification, systematic analysis and processing of information connected with the profiles created on the social network by its users. The information connected with those profiles was protected personal data because, in principle, it allowed those users to be identified (Scarlet Extended, by analogy).
Therefore, in adopting the injunction requiring the hosting service provider to install the contested filtering system, the national court concerned would not be respecting the requirement that a fair balance be struck between the right to IP, on the one hand, and the freedom to conduct business, the right to protection of personal data and the freedom to receive or impart information, on the other (Scarlet Extended, by analogy).
Comment
The issues covered by this judgment, and the considerations taken into account by the ECJ, are markedly similar to the ECJ's November 2011 ruling in Scarlet Extended,another case involving SABAM, (see Legal update, ECJ finds order requiring ISP to filter and block infringing files incompatible with EU law). The ECJ made extensive reference to its ruling in Scarlet Extended, and applied much of its reasoning in that case by analogy to the circumstances before it in the current case. Indeed, many passages of the ECJ's judgment are largely identical to its ruling in the Scarlet Extended case, save that the instant case concerns a hosting service provider, rather than an internet service provider providing its customers with access to the internet.
Hosting service providers, such as online social network providers, will be comforted by the ECJ's explicit ruling that it would be incompatible with EU law to require them to monitor files stored on its servers by users in order to identify and block files that infringe IP rights.