European Court of Justice holds that EU law does not require ISPs to disclose subscriber information
By Daniel Ray — Edited by Wen Bu
Productores de Música de España (Promusicae) v. Telefónica de España S.A.U.
European Court of Justice (Grand Chamber), January 29, 2008
Case C-275/06, 2008 CELEX no 62006J0275 (Jan. 29, 2008)
On January 29, the European Court of Justice issued a Grand Chamber ruling in Promusicae v. Telefónica. The court held that European law does not require Internet service providers (ISPs) to disclose their subscribers’ identities to trade organizations for the purpose of civil litigation against them, but that European law also does not prohibit member states from imposing such requirements if the legislation sufficiently balances IP and privacy rights.
David Meyer of ZDNet UK summarizes the decision, and quotes a British ISP spokesperson who claims the ruling vindicated ISPs’ self-policing efforts.
Nikki Tait of the Financial Times cites mixed opinions from copyright holders on whether the Court’s leaving open to member states the option of legislating stricter controls will help protect copyrighted content.
Eric Bangeman of Ars Technica notes that copyright holders still have recourse because criminal charges may be brought against infringers, but that some European nations have been unwilling to press charges for copyright infringement.
Gwen Hinze of the Electronic Frontier Foundation notes that any victory for privacy advocates may be short-lived, as the decision may impel copyright holders to step up their legislative efforts to impose intermediary liability on ISPs or pan-European criminal penalties on filesharers.
Promusicae, an industry group, had sought an order from Spain’s Juzgado de lo Mercantil (Commercial Court) No. 5 forcing Telefónica, a Spanish ISP, to divulge the identities corresponding to IP addresses Promusicae had collected in the course of its investigations into apparent illegal file sharing. The Spanish court granted Promusicae’s request. Telefónica appealed, at which time the court referred the following question to the ECJ: “Does Community law, specifically Articles 15(2) and 18 of Directive [2000/31], Article 8(1) and (2) of Directive [2001/29], Article 8 of Directive [2004/48] and Articles 17(2) and 47 of the Charter … permit Member States to limit to the context of a criminal investigation or to safeguard public security and national defence, thus excluding civil proceedings, the duty of operators of electronic communications networks and services, providers of access to telecommunications networks and providers of data storage services to retain and make available connection and traffic data generated by the communications established during the supply of an information society service?”
In its ruling, the ECJ appeared to seek a balance between preserving the content industry’s ability to protect its intellectual property and maintaining ISP customers’ privacy. Interpreting the EU’s primary electronic commerce regulations (Directive 2000/31/EC) in the context of EU intellectual property law (Directives 2001/29/EC and 2004/48/EC) and the privacy rights recognized in the Charter of Fundamental Rights of the European Union, the court held that European law alone does not require ISPs to disclose their subscribers’ identities to trade organizations for the purpose of civil litigation against the subscribers. The court noted, however, that nothing in the EU directives would prohibit member states from imposing such requirements on their own.