HomeInsightsAdvocate General opines on copyright infringement and application of the GDPR in peer-to-peer networks case

Article by

The Cypriot company Mircom International Content Management & Consulting (M.I.C.M.) Ltd entered into licences with various US and Canadian producers of erotic films, giving it the right to communicate to the public the films on peer-to-peer networks and internet file-sharing networks in Europe. Under the licences, Mircom was required to investigate acts of infringement of the producers’ copyright across the networks and to take legal action in its own name against the perpetrators in order to obtain compensation, 50% of which it was obliged to pass on to the producers.

In June 2019, Mircom issued various sets of proceedings in the Belgian courts against three Belgian ISPs seeking, amongst other things, orders that they provide identification data of their customers whose internet connections had been used to share films from the Mircom catalogue on a peer-to-peer network using the BitTorrent protocol. The IP addresses of those connections were collected on behalf of Mircom by Media Protector GmbH using specialised software.

The Belgian court has referred various questions to the CJEU. The Belgian court asked, first, whether or not users carry out acts of “communication to the public” under Article 3(1) of the Copyright Directive (2001/29/EC) by the download, and simultaneous upload to other users, of fragments of a file, via a peer-to-peer network, even if the individual fragments are unusable in themselves.

In terms of how a peer-to-peer network operates, Advocate General Szpunar rejected the ISPs’ argument that the fragmentary pieces exchanged on peer-to-peer networks were not parts of works that enjoy copyright protection because they were unusable in themselves. The AG said that such fragments were not parts of works, but parts of files containing those works, and those parts were merely the mechanism for transmitting the files under the BitTorrent protocol. The fact that the pieces transmitted were unusable in themselves was irrelevant since what was made available was the file containing the work, i.e. the work in digital format. Given that, from the point of view of the right to make works available to the public it was immaterial whether or not the work had actually been transmitted, and the technical process used in order to carry out that transmission was even more inconsequential, the AG said.

The AG also rejected the ISP’s argument that the users of peer-to-peer networks might not be aware of the fact that, by downloading works on those networks, they were also uploading them. The AG said that BitTorrent does not involve standard software normally found on a computer. Its installation, configuration and use require specific know-how that is easy to acquire on the internet.

The AG also rejected the ISPs argument that the users were indispensable in the making available of the works. Although users of peer-to-peer networks made available to other peers the fragments of files that, in most cases, they had downloaded previously on the same network, those files were then stored on their own computers and therefore their making available was an initial or, in any event, autonomous communication.

Further, the AG said, the requirement that the public concerned must be a “new public” did not apply in this case, as it only applied to secondary communications and works being made available on peer-to-peer networks had the features of an initial communication. It was therefore possible for such actions to be communications to the public.

The Belgian court has also asked whether a company such as Mircom which, although it has acquired certain rights over protected works, does not exploit them, but instead claims damages from individuals who infringe those rights, can benefit from the measures, procedures and remedies provided for in Chapter II of the Enforcement Directive (2004/48/EC). In addition, it asks whether such a company can be considered to have suffered any prejudice in accordance with Article 13 of that Directive.

The AG noted that Mircom’s conduct corresponds perfectly to the definition of a “copyright troll”. A copyright troll brings legal proceedings with the sole aim of obtaining the names and addresses of infringers in order to then offer them an amicable settlement in return for the payment of a certain sum, in most cases without pursuing those court proceedings.

Although the concept of a “copyright troll” is not recognised by EU law, the AG said that there is a general legal principle that EU law cannot be relied on for abusive or fraudulent ends. The Enforcement Directive states in Article 3(2) that safeguards must be provided for against the abuse of the measures, procedures and remedies provided therein. In the AG’s view, it could be said that Mircom’s sole aim in obtaining licensee status was to punish infringement of copyright and obtain a financial advantage, which could be said to be for an improper purpose, which would fall under the definition of an abuse of rights. This was for the national court to decide.

Mircom also claimed that it was not only a licensee of the film producers, but an assignee of the producers’ infringement claims as well. The question therefore was whether an assignee of claims could benefit from the measures, procedures and remedies under the Enforcement Directive.

Article 4(b) of the Enforcement Directive provides that “all other persons authorised to use [IP rights]” can benefit from the Directive’s measures, procedures and remedies. The AG said that this did not cover Mircom, as it was not “using” the IP rights, i.e. it was not exploiting the exclusive rights, such as the right to reproduce the work, granted to it.

However, the AG noted, when transposing the Enforcement Directive, Member States can choose to provide infringement claims assignees, such as Mircom, the right to benefit from measures under the Enforcement Directive, as the Directive only establishes a minimum level of protection.

The Belgian court has also asked to what extent the circumstances set out in relation to the first two questions must be taken into account when assessing the correct balance to be struck between the enforcement of IP rights on the one hand and the rights and freedoms of users, such as respect for private life and the protection of personal data, on the other.

The AG said that, given his opinion that a user of a peer-to-peer network may well be infringing copyright, a request for disclosure of the identity of the user from the ISP was justified in accordance with CJEU case law. The protection of personal data could not provide immunity from any such justified request.

Further, Article 8(1) of the Enforcement Directive provides that a request for disclosure of information can be made “in the context of proceedings concerning an infringement of an [IP] right”. In the AG’s view, this was sufficiently broad to include Mircom’s situation.

However, the AG said, under Article 8(1) the request for information must be justified and proportionate. In the AG’s view, if the national court were to find that Mircom’s activities were abusive, then Mircom’s request to the ISPs would be unjustified. Even if Mircom’s status as a licensee were deemed valid, if it did not intend to exploit those licences, it could not be said to have actually suffered any prejudice for which it could claim compensation.

Finally, the national court asked whether Article 6(1)(f) of the General Data Protection Regulation (2016/679/EU) must be interpreted as meaning that the recording of IP addresses of persons whose internet connections have been used to share protected works on peer-to-peer networks, such as that carried out by Media Protector on behalf of Mircom, constitutes the lawful processing of personal data.

The AG said that in principle, the capture of IP address in the pursuit of online infringers can be done on the lawful basis of legitimate interests of the data controller. However, the condition relating to the pursuit of a legitimate interest by the data controller or by a third party under Article 6(1)(f) GDPR was closely linked to the circumstances relating to the second and third questions above and their assessment by the national court, the AG said. Therefore, were the national court to consider that Mircom’s request for disclosure of user identity by the ISPs was unjustified or unlawful, the recording of IP addresses by Media Protector, which preceded that request, could not be said to have been made in the pursuit of a legitimate interest.

If Mircom were an assignee of the claims, in order for the processing in question to be justified, Mircom would have to be able to use the data to identify the debtors of the claims acquired. If Mircom’s request to the ISPs for disclosure of the names belonging to the IP addresses were found to be unjustified in that situation, then it would not be able to use the data in that way, meaning that the processing by Media Protector would also be unjustified.

In summary, the AG opined as follows:

  • Article 3 of the Copyright Directive should be interpreted as meaning that the act of making pieces of a file containing a protected work available for download within the context of a peer-to-peer network, even before the user has himself downloaded that file in its entirety, falls within the scope of the right to make works available to the public in accordance with Article 3, and that the user’s knowledge of the facts was not decisive;
  • Article 4(b) of the Enforcement Directive must be interpreted as meaning that a body which, although it has acquired certain rights over protected works, does not exploit them and merely claims damages from individuals who infringe those rights, does not have the status to benefit from the measures, procedures and remedies provided for in Chapter II of that Directive, insofar as the court having jurisdiction finds that the acquisition of rights by that body was solely for the purpose of obtaining that status. The Directive neither requires nor precludes the Member State from attributing that status, in its national legislation, to an assignee of claims relating to infringements of IP rights;
  • Article 8(1) of the Enforcement Directive, read in conjunction with its Article 3(2), should be interpreted as meaning that the national court must refuse to grant entitlement to the right of information provided for in Article 8 if, in the light of the circumstances of the dispute, it finds that the request for information is unjustified or unlawful; and
  • Article 6(1)(f) GDPR should be interpreted as meaning that the recording of the IP addresses of persons whose internet connections have been used to share protected works on peer-to-peer networks constitutes the lawful processing of personal data where that recording is carried out in the pursuit of a legitimate interest of the controller or a third party, in particular in order to file a justified request for the disclosure of the names of the owners of the internet connections identified by the IP addresses pursuant to Article 8(1)(c) of the Enforcement Directive.

(Case C-597/19 Mircom International Content Management & Consulting (MICM) Ltd v Telenet BVBA EU:C:2020:1063 (17 December 2020) — to read judgment in full, click here).