In a decision of 29 January 2008 the European Court of Justice (ECJ) ruled that Member States are not obliged to create a legal duty on Internet Service Providers (ISPs) to disclose the personal details of file sharers to copyright owners whose rights have been infringed.
Productores de Música de Espana (Promusicae), a non-profit making association of music producers and publishers, initially lodged an application against Telefónica de Espana SAU (Telefonica), a Spanish ISP, requesting that Telefonica be ordered to disclose the names and addresses of internet users which Promusicae has identified, through the detection of static IP addresses, as infringing its clients’ copyright through the file-sharing programme KaZaA.
In the first instance the Spanish courts ruled that Telefonica should be ordered to disclose the personal data requested by Promusicae. Telefonica appealed this decision claiming that the provision of such personal data was in contravention of local law. It claimed that Spanish law only permitted the courts to order disclosure of personal data in this way in connection with criminal investigations or in the interests of public safety or national security. Telefonica argued that Promusicae’s claim for copyright infringement was a civil one and therefore the courts could not order disclosure.
The appeal court agreed with this interpretation. In response Promusicae argued that Spanish law had to be interpreted in accordance with EC laws such as the E-Commerce Directive (2000/31) the Copyright Directive (2001/29) and the Intellectual Property Rights Enforcement Directive (2004/48) (IPRED). It claimed that in its current form the Spanish law requiring personal data to be disclosed only in connection with criminal investigations and national security and personal safety issues was incompatible with EC law.
Unable to resolve the issue, the Spanish courts referred the issue to the ECJ for guidance. The specific question referred was whether the provisions of the E-Commerce Directive, the Copyright Directive and IPRED “permit Member States to limit to the context of a criminal investigation or to safeguard public security and national defence, thus excluding civil proceedings” the duty on ISPs to disclose the personal data.
The ECJ’s Ruling
The ECJ ruled that the relevant EC laws:
“do not require Member States to lay down, in a situation such as the main proceedings, an obligation to communicate personal data in order to ensure effective protection of copyright in the context of civil proceedings.”
It was held that Spanish law was not incompatible with EU law and that it was permissible that orders for disclosure of personal details be restricted only to the context of criminal investigations and issue of national security and personal safety.
While this is undoubtedly a blow for Promusicae and other similar rights holders it must be noted that the ECJ’s decision does not specifically state that disclosure must be restricted to criminal matters, but rather that each MemberState is free to legislate as they wish on the issue. It is acceptable for Spanish law to restrict disclosure just as it is acceptable for the UK courts to hold that personal details of file-sharers can be disclosed in all cases.
The ECJ in its ruling states:
“Community law requires that, when transposing those Directives (the Copyright Directive the E-Commerce Directive and IPRED), the Member States take care to rely on an interpretation of them which allows a fair balance to be struck between the various fundamental rights protected by the legal order.”
In this case the fundamental rights at issue are the internet-user’s right to privacy and the music producer or publisher’s right not to have its intellectual property infringed. The ECJ’s ruling confirms that it is up to each individual MemberState to ensure that these rights are balanced.