Insights Court of Justice of European Union rules on copyright infringement and application of the GDPR in peer-to-peer networks case

A Cypriot company, Mircom International Content Management & Consulting Ltd (MICM), entered into licences with various US and Canadian producers of erotic films, giving it the right to communicate to the public their films on peer-to-peer networks and internet file-sharing networks in Europe. Under the licences, Mircom was required to investigate acts of infringement of the producers’ copyright across the networks and to take legal action in its own name against the perpetrators in order to obtain compensation, 50% of which it was obliged to pass on to the producers.

In June 2019, Mircom issued various sets of proceedings in the Belgian courts against three Belgian ISPs seeking, amongst other things, orders that they provide identification data of their customers whose internet connections had been used to share films from the Mircom catalogue on a peer-to-peer network using the BitTorrent protocol. The IP addresses of those connections were collected on behalf of Mircom by Media Protector GmbH using specialised software.

The Belgian Companies Court referred various questions to the CJEU. The Belgian court asked, first, whether users carry out acts of “communication to the public” under Articles 3(1) and (2) of the Copyright Directive (2001/29/EC) by the download, and simultaneous upload to other users, of fragments of a file via a peer-to-peer network, even if the individual fragments are unusable in themselves.

The CJEU ruled that this action by an internet user who has subscribed to BitTorrent sharing software, thereby consenting to its application having been informed of how it works, does indeed constitute a “communication to the public”. This is the case, the CJEU said, even though the file fragments are unusable in themselves, and the uploading is automatically generated by the BitTorrent software.

The CJEU noted that any user of the peer-to-peer network can easily reconstruct the original file from fragments available on the computers of users participating in the same swarm. The fact that an individual user does not download the entire original file does not prevent him/her from making available to his/her peers those fragments that he/she has managed to download, thereby contributing to a situation where, ultimately, all users participating in the swarm have access to the complete file.

Further, there is no minimum threshold of the number of fragments that a user must download before “making available” under Articles 3(1) and (2) can be established. For there to be an “act of communication”, and consequently, an act of “making available”, it is sufficient for a work to be made available to a public in such a way that people can access it, from wherever and whenever they choose, irrespective of whether they avail themselves of that opportunity. The concept of “act of communication” refers, the CJEU said, to any transmission of a protected work, irrespective of the technical means or process used.

Therefore, any act by a user, in full knowledge of the consequences of what he or she is doing, which gives access to a protected work is liable to constitute an act of communication for the purposes of Articles 3(1) and (2). Whether the relevant users in this case had subscribed to BitTorrent, had consented to its use and been informed of how it works, and therefore whether they knew of the consequences, was for the national court to decide. Further, the deliberate nature of their conduct was in no way negated by the fact that the uploading was automatic, the CJEU said.

As for the question of whether the “act of communication” was to “the public”, the CJEU noted that it was common ground that a peer-to-peer network is used by a considerable number of people. This was also apparent from the high number of IP addresses registered by Mircom. Further, it was clear that those users could access, at any time and simultaneously, the protected works shared by means of the platform. Therefore, the “making available” was aimed at an indeterminate number of potential recipients and involved a fairly large number of people.

In addition, insofar as works were being published without the authorisation of the rights holders, those works were being made available to a new public. In any event, even if it were found that a work had previously been posted on a different website, without any restriction preventing it from being downloaded and with the consent of the rights holder, the fact that users of a peer-to-peer network had downloaded, onto a private server file, fragments of that work, which were then automatically made available by means of uploading into the same network, meant that those users had played a decisive role in making that work available to a public that had not been taken into account by the rights holder when he/she authorised the initial communication.

The Belgian court also asked whether a company such as Mircom which, although it has acquired certain rights over protected works, does not exploit them but instead claims damages from individuals who infringe those rights, can benefit from the measures, procedures and remedies provided for in Chapter II of the Enforcement Directive (2004/48/EC) in order to ensure that those rights are enforced, for example by requesting information. It also asked whether such a company can be considered to have suffered any prejudice in accordance with Article 13 of that Directive.

The CJEU said that a company such as Mircom can indeed, in principle, benefit from the Enforcement Directive, provided the claim is not abusive. Article 4(1) of that Directive does not require a rights holder to actually use the IP rights, and Mircom was the contractual rights holder.

As for Article 13, the CJEU noted that the question concerned the actual identity of the injured party who had suffered prejudice as a result of the infringement. In other words, whether the prejudice had been suffered by Mircom or by the producers of the films. In the CJEU’s view, assigning the right to claim remedies for infringement of IP rights did not affect the nature of the film producers’ IP rights. Therefore, if a rights holder chooses to outsource the recovery of damages to a specialised company by assigning claims, he or she should not suffer less favourable treatment than another owner of such rights who chooses to assert those rights personally. Such treatment would undermine the attractiveness of outsourcing from an economic point of view and would ultimately deprive IP rights owners of that option.

In its referral to the CJEU, the Belgian court said that Mircom did not necessarily actually intend to sue users of the network for damages, but rather to use the information it was after in order to extract a lump sum of damages of €500 in settlement of the claim. Article 8(1) of the Enforcement Directive provides that a request for information must be made in the context of proceedings relating to an infringement of an IP right. However, the CJEU said, seeking a settlement is often a prerequisite for bringing an action for damages. Therefore, the practice itself could not be held to be prohibited. Further, the purpose of Article 8 is to apply and implement the fundamental right to an effective remedy guaranteed by Article 47 of the Charter and to ensure the effective exercise of the fundamental right to property, which includes intellectual property, by enabling the rights holder to identify the person infringing and to take action to protect his/her rights. Accordingly, the CJEU said that it could not hold that Mircom’s request for information during a pre-litigation stage was unlawful. However, Article 8(1) of the Enforcement Directive provides that a request must be justified and proportionate. This was for the Belgian court to decide.

As for the question of abuse, that was also for the Belgian court to decide. The CJEU suggested that the national court could examine Mircom’s operating method, by assessing the way in which it offers settlements to alleged infringers and by ascertaining whether it actually brings legal proceedings in the event of a refusal to reach a settlement. It could also examine whether Mircom is in fact attempting, under the guise of proposing settlements to alleged infringements, to extract economic revenue from individual users of a peer-to-peer network, rather than seeking to combat the copyright infringements caused by that network.

Finally, the Belgian court asked whether Article 6(1)(f) of the General Data Protection Regulation (2016/679/EU) must be interpreted as meaning that the systematic recording of IP addresses of people whose internet connections had been used to share protected works on peer-to-peer networks amounted to lawful personal data processing.

The CJEU recognised that there were in fact two sets of data processing: the upstream processing carried out by Media Protector, and the downstream processing carried out by Telenet. It found that, in principle, EU law does not preclude the systematic registration by the IP rights holder or by a third party on his/her behalf of IP addresses of users of a peer-to-peer network whose internet connections had allegedly been used in infringing activities (upstream processing) or the communication of the names and addresses of users to the IP rights holder or his/her appointee for the purposes of an action for damages (downstream processing). However, the CJEU said, such requests must be justified, proportionate, not abusive and provided for by national legislation that limits the scope of rights and obligations under EU law. There is no requirement under EU law for a company such as Telenet to communicate personal data to private individuals in order to be able to issue proceedings for copyright infringement, but EU law allows Member States to impose such an obligation. (Case C-597/19 Mircom International Content Management & Consulting (M.I.C.M.) Ltd v Telenet BVBA EU:C:2021:492 (17 June 2021) — to read the judgment in full, click here).