Peer to peer. Can internet providers be forced to disclose personal data outside criminal proceedings? Not necessarily so, says the ECJ

Fabio Angelini

The ECJ has today issued its decision in the Promusicae case (Productores de Música de España (Promusicae) v. Telefónica de España SAU, case C‑275/06 of January 28, 2006). The case has been closely watched by Internet providers (and copyright holders) since it could have substantially modified the range of available instruments against the peer to peer phenomenon.

The facts of the case were straightforward: Promusicae is a non-profit-making organisation of producers and publishers of musical and audiovisual recordings. It had requested Telefónica (a commercial company whose activities include the provision of internet access services) to be ordered to disclose the identities and physical addresses of certain persons whom it provided with internet access services, whose IP address and date and time of connection were known.

According to Promusicae, those persons used the KaZaA file exchange program (peer-to-peer or P2P) and provided access in shared files of personal computers to phonograms in which the members of Promusicae held the exploitation rights. Promusicae claimed before the national court that the users of KaZaA were engaging in unfair competition and infringing intellectual property rights. However, after the Court of first instance granted the request, Telefonica appealed arguing that the communication of the data sought by Promusicae is authorised only in a criminal investigation or for the purpose of safeguarding public security and national defence, not in civil proceedings or as a preliminary measure relating to civil proceedings.

In those circumstances the ECJ was asked to give a preliminary ruling on the following question:

“Does Community law, specifically Articles 15(2) and 18 of Directive [2000/31], Article 8(1) and (2) of Directive [2001/29], Article 8 of Directive [2004/48] and Articles 17(2) and 47 of the Charter … permit Member States to limit to the context of a criminal investigation or to safeguard public security and national defence, thus excluding civil proceedings, the duty of operators of electronic communications networks and services, providers of access to telecommunications networks and providers of data storage services to retain and make available connection and traffic data generated by the communications established during the supply of an information society service?”.

The ECJ answered in its usual oblique way. On the one hand it said that that Directive 2002/58 does not preclude the possibility for the Member States of laying down an obligation to disclose personal data in the context of civil proceedings. On the other the wording of Article 15(1) of that directive cannot be interpreted as compelling the Member States, in the situations it sets out, to lay down such an obligation. Thus, to resolve the impasse the ECJ set out to ascertain whether the three directives ( 2002/31, 2001/29 and 2004/48) require Member those States to lay down such obligation in order to ensure the effective protection of copyright.

The ECJ’s analysis starts by examining the three interests at stake: the first concerns the protection of the right to property, including intellectual property; the second concerns the right to an effective remed, the third involve a further fundamental right, namely the right that guarantees protection of personal data and hence of private life. In the end, for the ECJ the Member States must, when transposing the directives mentioned above, take care to rely on an interpretation of the directives which allows a fair balance to be struck between the various fundamental rights protected by the Community legal order. Further, when implementing the measures transposing those directives, the authorities and courts of the Member States must not only interpret their national law in a manner consistent with those directives but also make sure that they do not rely on an interpretation of them which would be in conflict with those fundamental rights or with the other general principles of Community law, such as the principle of proportionality.

Even if the answer given by the ECJ may seem obscure, in my view it represents a defeat for IP holders who wished the ECJ to state the supremacy of IP rights (and their protection) over all other rights (first of all right of privacy). In practice, while the ECJ has not excluded the possibility that national Court may order disclosure of personal data even outside criminal proceedings, it has clearly held that the power to do so cannot be exercised automatically and whenever it is exercised it has to be justified by a clear and convincing show of being a fair balance struck between the various fundamental rights protected by the Community legal order and by demonstrating the proportionality of the measure under the circumstances.