Golden Data
Published in

Golden Data

Bonnier: Balancing copyright and data protection under EU law (v4)

Balancing wheel, Manly Harbour pool, 193- State Library of New South Wales photostream

CASE C-461/10, BONNIER AUDIO ABET AL. V. PERFECT COMMUNICATIONS WEDEN, 19.April.2012 (“BONNIER”)

Key points:

Processing: Communication of name and address sought by applicants constitutes processing of personal data. (¶ 52)

Personal Data: IP addresses are personal data within the scope of EU data protection law

Balancing of fundamental rights: EU data protection rules do not preclude national legislation from providing that national courts can order IP address information to be provided to copyright owners whose rights have been infringed.

e-Privacy Directive (Directive 2002/58): The communication of name and address of a person using an IP address from which files were shared (for copyrighted audio books) falls within the scope of Directive 2002/58 (and within the scope of Directive 2004/48, dealing with copyright). (¶¶ 52-54)

Data Retention Directive (Directive 2006/24): Directive 2006/24 deals exclusively with handling and retention of data generated by electronic communication service providers for the purpose of the investigation, detection, and prosecution of serious crime and their communication to competent national authorities. A national provision transposing the EU intellectual property directive which permits an ISP in civil proceedings to be ordered to give a copyright holder information on the subscriber to whom the ISP provided an IP address allegedly used in an infringement is outside the scope of Directive 2006/24 and therefore not precluded by that Directive (¶¶ 40-41) (IMPORTANT NOTE: This Directive was declared invalid by Digital Rights Ireland)

Background

  • Publishers Bonnier Audio AB, Earbooks AB, Norstedts Förlagsgrupp AB, Piratförlaget AB and Storyside AB sought to impose an order on an internet service provider (Perfect Communication Sweden AB (“ePhone”)) to provide them with the name and address of a person connected to an IP address.
  • The publishers claimed that the person using the IP address had uploaded 27 copyright protected audio books to an FTP (file transfer protocol) server. According to the publishers, this act constitutes an infringement of their copyright in the protected literary works.
  • The Swedish law implementing EU Directive 2004/48/EC of 29 April 2004 on the enforcement of intellectual property rights (the “IP Enforcement Directive”) provides that a court may order to provide information on the origin and distribution network of the goods or services affected by the infringement. To obtain such order, the applicant must show clear evidence that someone has committed an infringement.
  • Defendant ePhone claimed that European data protection rules, and in particular EU Directive 2006/24/EC of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC (“Directive 2006/24/EC”), preclude such information from being disclosed.

Questions referred:

Reference for a preliminary ruling by the Högsta domstolen (Sweden).

  • Whether Directive 2006/24 precludes the application of a national provision which permits an internet service provider in civil proceedings, in order to identify a particular subscriber, to be ordered to give a copyright holder or its representative information on the subscriber to whom the internet service provider provided a specific IP address, which it is claimed was used in the infringement;
  • whether the answer to the first question is affected by the fact that the Member State has not implemented Directive 2006/24.

Summary of decision

Scope of Directive 2006/24: Directive 2006/24 deals exclusively with the handling and retention of data generated by electronic communication service providers for the purpose of the investigation, detection, and prosecution of serious crime and their communication to competent national authorities. In contrast, the present case concerned the communication of data in civil proceedings, in order to obtain a declaration that there has been an infringement of intellectual property rights. Accordingly, the Court held that Directive 2006/24/EC was not relevant to the case at hand.e. It is irrelevant that the Member State concerned has not yet transposed Directive 2006/24. (¶¶ 40–41)

Definition of processing: Communication of the name and address sought by applicants constitutes processing of personal data. (¶ 52)

Scope of Directive 2002/58: The communication of the name and address in question falls within the scope of Directive 2002/58 concerning the processing of personal data and the protection of privacy in the electronic communications sector (the “ePrivacy Directive”) (and within the scope of Directive 2004/48, dealing with copyright + Directive 95/46/EC of 24 October 1995 on the protection of individuals with regard to the processing of the personal data and the free movement of such data (the “Data Protection Directive”)). (¶¶ 52–54)

Balancing fundamental rights:

  • With reference to the Promusicae case, the Court explained that this requires that the national legislation at hand must ensure a fair balance between the various applicable fundamental rights. In particular, the applicable rules must take account of the principle of proportionality under the Data Protection Directive.
  • In the case at hand, the ECJ considered that “the national legislation requires, inter alia, that there must be clear evidence of an infringement of an intellectual property right”, for an order for disclosure of the data in question to be made. In addition, the national legislation requires that the information requested can be regarded as facilitating the investigation into an infringement of copyright or impairment of such a right and that the reasons for the measure “outweigh the nuisance or other harm which the measure may entail for the person affected by it”.
  • The national legislation in question requires, for an order for disclosure of the data in question to be made, that there be clear evidence of an infringement of an intellectual property right, that the information can be regarded as facilitating the investigation into a copyright infringement and that the reasons for the measure outweigh the potential harm to the person affected. Thus, it enables the national court seized of an application for an order for disclosure of personal data to weigh the conflicting interests involved, and thereby in principle ensures a fair balance between protection of intellectual property rights and protection of personal data. (¶¶ 58–60)

Additional resources

Legal Citations

Judgment of the Court (Third Chamber), 19 April 2012. Bonnier Audio AB and Others v Perfect Communication Sweden AB. Case C‑461/10

Other resources

Summaries of EU Court Decisions Relating to Data Protection 2000–2015 prepared by Laraine Laudati Olaf (DPO) for the European Anti-Fraud Office (OLAF) on Jan. 28 2016

European Union: ECJ: EU Data Protection Rules Do Not Preclude Obtaining IP Addresses Of Copyright Infringers / Last Updated: 9 May 2012 / Article by Van Bael Bellis

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store