The European Court of Justice issued its breathlessly awaited (at least by some) decision in SABAM v. Scarlet today, striking a serious blow to those imposing intense international pressure with the objective of securing exceptional enforcement for intellectual property rights online. These efforts aim to leverage Internet intermediaries such as ISPs, hosting sites, domain name registrars and even individual blogging sites in order to stomp out any infringing activity occurring on the platforms they operate.
As these intermediaries process and host vast amounts of online conduct, they are uniquely placed to impose unprecedented levels of monitoring and control onto users in order to find and prevent ‘undesirable’ activity. A number of recent endeavours such as the French HADOPI framework and the US proposed ‘Stop Online Piracy Act’ initiative have sought to force various intermediaries to participate more actively in protecting intellectual property rights. Often this involves mechanisms to wipe (allegedly) infringing sites or users from the Internets. Many have argued this poses a threat to online innovation, freedom of expression and privacy.
In SABAM, the EU Court of Justice examined a narrower question that nonetheless touches on many of these same issues and the overall ‘balance’ between the need to protect IPRs while ensuring other rights are not trampled in the attempt to do so. SABAM, a rights holder group, had asked the Belgian court to issue an injunction obligating an ISP, Scarlet, to filter all unauthorized peer-to-peer file-sharing transfers of its works. The EU has an overarching legal framework, set out in a number of Directives, that provide guidance on the appropriate scope of liability for Internet intermediaries. Most salient for this case, the EU intermediaries frameworks permits a court to issue injunctions as a remedy for IPR infringement. The Belgian court that first heard the matter was willing to issue such an injunction and this ruling constitutes Scarlet’s appeal to the EU Court of that decision.
The injunction in question would have required Scarlet, the ISP, to monitor all activity on its network, filtering for hash tags of files identified as within the repertoire of the plaintiff. While the technical feasibility of this filtering exercise has been questioned, the Court rested its decision to overrule the Belgian court’s injunction on firmer, more principled grounds. Specifically, the Court found that an injunction of this character violates the rights to privacy and potentially the right to receive or impart information:
51 It is common ground, first, that the injunction requiring installation of the contested filtering system would involve a systematic analysis of all content and the collection and identification of users’ IP addresses from which unlawful content on the network is sent. Those addresses are protected personal data because they allow those users to be precisely identified.
52 Secondly, that injunction could potentially undermine freedom of information since that system might not distinguish adequately between unlawful content and lawful content, with the result that its introduction could lead to the blocking of lawful communications. Indeed, it is not contested that the reply to the question whether a transmission is lawful also depends on the application of statutory exceptions to copyright which vary from one Member State to another. Moreover, in some Member States certain works fall within the public domain or can be posted online free of charge by the authors concerned.
53 Consequently, it must be held that, in adopting the injunction requiring the ISP to install the contested filtering system, the national court concerned would not be respecting the requirement that a fair balance be struck between the right to intellectual property, on the one hand, and the freedom to conduct business, the right to protection of personal data and the freedom to receive or impart information, on the other.
The Court also issued a friendly reminder that, while protection of Intellectual Property is a right protected by the EU Charter, there is “nothing whatsoever in the wording of that provision or in the Court’s case-law to suggest that that right is inviolable and must for that reason be absolutely protected.”
Notably, the decision equates ‘filtering’ — where network equipment such as deep packet inspection equipment is calibrated to search for specific files or activities, in this case, likely hash tags — with mass monitoring of user activity. Common counter arguments to this are that ‘filtering’ does not involve mass surveillance, because only the specifically sought infringing activity is identified, while little or no information about other activity is collected. The Court appears to accept, however, that mass monitoring for infringing activity is a serious invasion of privacy even where the only results it yields are to identify infringing works.
Second, the decision is notable in that it recognized the threat to freedom of expression posed by a filtering system of this kind, which is likely to capture legal content along with allegedly infringing content. Indeed, as the Canadian experience has proven, identifying specific files or even applications mid-network while avoiding over-inclusiveness is no easy task! It is greatly complicated where user rights such as fair dealing or fair use complicate what is ‘legal’ and what is not.
The decision is not likely to be the last word on the issue. US legislatures are struggling with a law that will permit entire domain names to be wiped from the DNS system on allegation of IP infringement and it is not clear how this decision will impact on France’s HADOPI ‘3 strikes and you’re out’ system, or on the UK Digital Economy Act’s objective of implementing a similar graduated response regime (the UK act is also under court challenge).
The decision could have implications for Canadian copyright enforcement. While Canadian copyright law (inclusive of coming amendments in Bill C-11, the Copyright Modernization Act), does not envision liability for ISPs for infringing activities of users such as file-sharing, injunctions against ISPs similar to that raised in SABAM are available under Canadian law.
Given our Court’s recent willingness to take into account Charter rights in the development of common law protections in general, there is hope that freedom of expression and privacy will guide any application of this injunction power. Further, as intellectual property rights (or even regular property rights) are excluded from our Charter, countervailing rights of expression and privacy should weigh more heavily in the balance than in the EU.
While many of our ISPs already track use of file-sharing applications voluntarily, in order to carry out their traffic management policies, this should not mean privacy expectations are diminished in any way. To begin with, the type of monitoring envisioned in SABAM is more intrusive than that currently carried out by Canadian ISPs. Current ISP practice is to filter for metrics in order to identify specific applications (BitTorrent clients, for example) while SABAM required filtering of specific files. (The middle case — filtering to block an entire website or service such as Pirate’s Bay or Newzbin2 deemed to be ‘infringing’, has been tentatively approved by UK courts.) Second, the CRTC, in carrying out the privacy-protection component of its mandate, has ordered Canadian ISPs to refrain from using information gained from traffic management practices for any other purpose. These two conditions, taken together, should bolster privacy expectations Canadians can reasonably advance in this context, if the issue were to arise.
Second, our Supreme Court has a solid track for protecting online innovation and freedom of expression and adopting a balanced approach to copyright enforcement.