Annotation of Judgement in summary proceedings District Court Utrecht of 9 July 2002 (Teleatlas vs. Planet Internet)
This judgement regards the circumstances under which an internet service provider has to disclose the identity of a subscriber.
Teleatlas produces software, which can be assumed to be protected under copyright laws. Illegal copies of this software are offered for sale on the internet, amongst others on the eBay website (www.ebay.com). The seller in this case only identified himself with a Planet Internet e-mail address ([subscriber]@planet.nl), but without disclosing his name or street address. Teleatlas was thus unable to find this seller by means of his advertisement on eBay.
Registration as a seller on eBay does not require identification. There are some mandatory blanks to fill in, but fictitious data can be entered. Once registered, any user can offer goods for sale through eBay. This means that eBay’s administration will not necessarily offer conclusive information on the identity of any seller.
Planet Internet is an internet service provider that offers e-mail and other services to its subscribers, which of course includes providing e-mail addresses. In order to subscribe to Planet Internet’s services one has to give verifiable name and address data. Planet Internet thus has a register, which contains the names and addresses of all of its subscribers, as well as the e-mail addresses that have been allocated to these subscribers. Therefore, Planet Internet is capable of providing the subscriber data that relate to any e-mail address it has allocated.
For this reason, Teleatlas asked Planet Internet to provide her with the subscriber data to the e-mail address that was published by the seller of the illegal copies of its software on eBay. Planet Internet refused this for a number of reasons.
First of all, an internet service provider always finds himself between a rock and a hard place in a legal battle like this one. On the one hand there is the – contractual – relation with the subscriber, to whom the provider has committed himself to provide certain services. On the other hand there is the third party who claims that the subscriber infringes on his rights, using the provider’s services. If the provider refuses to comply with the third party’s demands, he himself will be liable for tort under certain circumstances. If the provider does comply with the third party’s demands and if he therefore takes measures that harm his subscribers interests, he may not be acting according to his contractual duties towards that subscriber.
Short excursion: the Scientology case
This situation already arose in the first Dutch case where a claim was filed against a provider, the Scientology case. This case involved a possible infringement on the Scientology movement’s copyrights. Of course, in that case too the providers involved could not simply comply with the demand to remove possibly infringing material from their subscribers homepage, since they had specifically offered this subscriber a homepage which she herself could fill with content. The providers were contractually obliged to maintain that service. It is now common knowledge that the court in this case ruled that the provider’s services were limited to forwarding information from and to their users ad to storing such information. They did not publish this information themselves, but only provided the means for publication. However, the District Court then ruled:
“This does not prevent that a Service Provider who does not publish or multiply himself, nonetheless may be obliged on the grounds of his duty of care in social intercourse to take adequate measures if he is notified that one of the users of his computer systems is using his homepage to commit copyright infringements or other types of tort. The Service Provided is expected to apply a certain level of due care to prevent further infringements. Taking into account that Service Providers act in the course of commerce, further taking into account that they have the means to block access to home pages and also taking into account the damage that might result from further infringements, it has to be assumed that a Service Provider who has been notified that a user of its services commits copyright infringements on his homepage or commits other torts, while there can be no reasonable doubt as to the grounds for this claim, will commit a tort himself if he does not take action. The Service Provider is then expected to remove the infringing documents from his computer systems and that he providers, at their request, the name and address of the user involved to the right owner.”
Hence the test is that there can be no reasonable doubt about the infringement and that the right owner has notified the provider of this. The providers involved in the Scientology case had demanded that this should be done in writing and that evidence should be submitted, since they needed this evidence of infringement to substantiate their own position vis-à-vis their subscriber. If those conditions are met however, the provider should stop the infringement and should provide the right owner with his subscriber’s name and address.
It will be clear that the requirement that there can be no reasonable doubt about the infringement is very important. Otherwise, a provider could for instance be obliged in a trade mark case to actually decide whether or not the trade mark on the subscriber’s homepage is similar to and infringes on a third party’s trade mark. As long as there is room for doubt, this is a decision a provider should not make and should not be forced to make. Besides, the risks involved in taking such a decision could be excessive, especially if huge economic interests of the subscriber ad the third party were involved. In that case action can only be expected from the provider after the courts have decided the issue, in which case the judgement should serve as a guarantee that the provider shall not be held liable if he – in a conflict between two other parties – acts in accordance with such a judgement.
The case at hand did not involve an infringement that occurred on a homepage that had been provided by Planet Internet to a subscriber, but instead an infringement that occurred on the eBay website and in which an e-mail address provided by Planet Internet was involved. In analogy with the Scientology case there is in my view under those circumstances an obligation for Planet Internet to provide the name and address of the subscriber if the right owner is able to demonstrate that this e-mail address is used to commit infringements on his copyrights.
Restrictions under the Dutch Data Protection Act (Wet bescherming persoonsgegevens)
In this case there was a second reason not to simply hand over the subscriber data, which played no part in the Scientology case. Planet Internet invoked the newly enacted Data Protection Act (Wbp). Its subscriber database is after all a structured collection of personal data that relate to several persons and is, according to certain criteria, as defined in Article 1 Wbp, and thus falls within the scope of that Act. Article 8 Wbp provides the restrictions on processing personal data and therefore also in providing personal data to third parties. In this case, especially the provision in its opening lines and in section f were important, which read:
“It is only permitted to process personal data if: (f) processing said data is necessary to serve a justified interest of the responsible person or of a third party to whom the data are being supplied, unless the interests or fundamental rights and freedoms of the person involved, especially the right to privacy, prevails.”
Planet Internet had argued on this basis that supplying the data was only permitted if that were necessary to serve a justified interest of Teleatlas. In doing so, Planet Internet had invoked the Explanatory Memorandum on the Act, as sent by the government to parliament when submitting the draft Act, as support for its position that Teleatlas should first try other ways to obtain the data before addressing Planet Internet. The other ways had either not even been tried or at least not exhausted, according to Planet Internet. Thus Planet Internet invoked the so called doctrine of subsidiarity. The judge awarded this defence, without exactly pinpointing which of the alternatives as suggested by Planet Internet were conclusive. Therefore, it can be assumed that all of these alternatives seemed more or less reasonable to the judge.
In Planet Internet’s view Teleatlas should have first of all summoned eBay. This argument, which was implicitly awarded by the judge, is not completely correct in my opinion. Supply of the data by eBay would of course also fall within the scope of Article 8 section f Wpb, which would close the circle. The judge has not taken into consideration whether eBay, given the place of its registered office and the place where it processes data, is at all subject to the Dutch Wpb. After a short surfing expedition on the web a first evaluation of this argument may be made. Although eBay is originally an American company, its domain name <www.ebay.nl> is in fact registered to a Dutch company, eBay Global Holdings BV at Diemen, the Netherlands. It is therefore quite possible that supplying the personal data of a Dutch eBay advertiser has to be regarded as “processing of personal data in the framework of the activities of an establishment of a responsible person within the Netherlands” as meant in Article 4 section 1 Wpb. However, Teleatlas should have first approached eBay and should have established whether eBay would bring such a defence or whether accurate data would be supplied.
Planet Internet had further claimed that Teleatlas should resort to the appropriate criminal procedure, which would offer better guarantees for the protection of any third party interests. How the police would have been able to identify the infringer without resort to the databases of either eBay or Planet Internet remains unclear, but it seems to me that this detour would have ended up at the same destination. Besides, in my opinion, one cannot require a right owner who wants to bring civil suit to instead pursue the criminal procedure. The judge apparently found that one could, since he rules that “except for a single phone call of Teleatlas’ counsel with the Justice Department” no effort had been made to acquire the personal data in any other way. Our civil law comprises the specific rule, laid down in our Civil Code, that except for any exceptions provided by law, by the nature of the obligation or by a contractual relation, anybody who is under an obligation towards someone else to provide something, to act or to refrain form doings so, will be ordered by the courts to comply with that obligation at the demand of the other party (Article 3:296 section 1 Civil Code). The importance of this provision has been stressed by the Supreme Court before. In my view, this provision also prevents that someone who can bring a civil law claim is referred to the criminal courts. The doctrine of subsidiarity in Article 8 section f Wpb in my view does not have such a far reaching bearing that it can set aside Article 3:296 section 1 Civil Code to any extent. On top of all this it even remains to be seen whether the District Attorney’s office would give any priority to investigating these facts, whereas even if they would this would mean that the data Teleatlas needs to stop the infringement would only become available in the long term.
Planet Internet had indicated as a third option the fact that Teleatlas had an e-mail from a German customer of the infringer in its possession, which contained the infringer’s bank account number. Assuming this was a Dutch bank, Teleatlas would probably have been confronted with the same objections based on the Wpb. Besides, I am of the opinion that the relation between the bank account number and the infringement is much more distant than the relation with the e-mail address. After all, the e-mail address is voluntarily used by the infringer to identify himself on the internet. Striking a balance between the bank’s defence and Planet Internet’s defence should have resulted in favouring the bank in my opinion.
It is correctly assumed in case law that an internet service provider should, under certain circumstances, be obliged to disclose the identity of an infringer that uses his services. This should however not lead to an unbearable burden for the providers and should therefore only happen in case of a clear necessity. In principle, such a necessity is present if an infringer chooses to hide behind an e-mail addresses provided for by such a provider. The Teleatlas vs. Planet Internet case again shows – as did the Scientology case – that a plaintiff should enter the battle ground well prepared. It is justly expected from him that he has investigated the facts to his best effort and that he is able to clearly explain to the judge that there is a necessity to supply the personal data.
 To be found on www.rechtspraak.nl under LJN-number AE5537
 District Court The Hague 19-6-1999, IER 1999/47 commented upon by Marike Vermeer in IER 1999, p. 206, which by the way is completely in line with the preceding judgement in summary proceedings of 12-3-1996, Mediaforum 1996-4, p. B59.
 HR 24-11-1989, NJ 1992, 404, Lincoln vs. Interlas, which was the very basis for the so-called cross border injunctions in IP cases.