Enforcement remedies and ISP disclosures of user identities in the context of file-sharing
In the Mircom case,[1] Advocate General Szpunar has delivered an opinion on an interpretation of the Copyright Directive, IP Enforcement Directive and General Data Protection Regulation in the context of copyright infringement involving peer-to-peer (P2P) networks.
In the AG’s opinion:
- making parts of a work available via a P2P network falls within the making-available right, irrespective of the user’s knowledge;
- the remedies under the IP Enforcement Directive are not intended to be enforceable by a body that acquires rights in works merely to benefit from those remedies, although national law could allow such a bare acquisition of enforcement rights;
- a national court must refuse disclosure of information about an alleged infringer in an enforcement request if the request is unjustified; and
- if such a request is unjustified, the disclosure may well not be in the legitimate interest of the ISP or a third party for GDPR purposes.
Take-aways
In ascertaining whether there has been a communication to the public on a P2P network, the question is not whether the pieces exchanged are parts of works that enjoy copyright, but rather whether the process enables making pieces of a file containing a whole protected work available for download.
When assessing whether an entity can benefit from the Enforcement Directive, it is important to consider the entirety of the contractual relationship, the facts of the situation and the actual exercise of rights in the works concerned. The substance of the situation is of paramount importance. If an entity obtains a licence of works that it does not exploit, but simply seeks to rely on the licence to acquire licensee status, it may be ineffective to allow the licensee to rely on the Enforcement Directive.
Finally, the opinion emphasises the importance of protecting a user’s personal data, especially in the context of a disclosure to entities whose actions are “morally dubious”.[2] The factors to be assessed in balancing property and privacy rights under a disclosure request may well be similar to those to be considered in assessing the legitimate-interest balance under the GDPR. So in the case of an unscrupulous scheme to extract compensation from file-sharers, it seems likely that a disclosure request will not be justified, and that there will be no lawful basis for processing personal data either.
To read the full article, click here. Written for Entertainment Law Review.
To read the opinion in full, click here.