1 ACTA’s Fate

From the outset, the multilateral Anti-Counterfeiting Trade Agreement – better known as ACTA – has been the object of recurring public outcries, resistance and rebuttals. Far from the international organisations that traditionally provide the framework for treaties on intellectual property matters, during a very opaque and almost secret preparation phase of three years, ACTA came into being under impulsion of the United States and with the blessing of the European Commission (EC) and other countries. Most parties signed the treaty in October 2011, the European Union (EU) and 22 Member States did the honours on 26 January 2012.

But popular disagreement grew in the form of street protests and distributed denial-of-service attacks on governmental websites (e.g. in Poland), culminating in a petition against ACTA, signed by over 2,8 million people from all over the world, calling on MEPs ‘to stand for a free and open Internet.’ ACTA’s most controversial provisions dealt with the enforcement of copyright in the digital environment, which were argued to impose disproportional restrictions on the rights and freedoms of Internet users. The Netherlands, one of the countries that have not signed the agreement, already took a formal position on 29 May 2012: its Parliament adopted three resolutions observing inter alia that the treaty interferes with the liberties of the individual Internet user and allows an extensive interpretation that may negatively affect the privacy and Internet freedom of citizens. Furthermore, after the European Parliament (EP) Rapporteur issued a negative advice and five Parliamentary Committees followed suit, the EP rejected ACTA on the 4th of July 2012 (by 478 against 39 votes and 165 abstentions).

But Internet users and their representatives should not let down their guard just yet! The EC can also sharpen copyright enforcement in the EU, e.g. by a revision of the Intellectual Property Rights Enforcement Directive. Even apart from ACTA, it is important to take a stand on how to square fundamental rights with online copyright enforcement. We will start with some reflections on how the issues at stake have been tackled at the European level so far before turning to what ACTA would have rendered possible, and beyond.

2 Online Copyright Enforcement in the EU

A copyright holder who sees his rights infringed upon (e.g. by massive peer-to-peer up- and downloads) may consider several means. For a long time, this prerogative was not fundamentally questioned. With the overhaul in the distribution of copyrighted works due to the Internet (and the resulting copyright infringements via the same media), important issues of online copyright enforcement have been brought to the attention of the courts throughout Europe and the Court of Justice of the European Union (CJEU). More particularly has the Court been taken to rule on measures directed against Internet Service Providers (ISP) and, in one move, on the implications for fundamental rights, such as copyright and its effective enforcement, but also for privacy, data protection and freedom of expression, which are particularly at stake in the online environment that we have come to call our digital habitat. Importantly – and perhaps not so surprisingly – the Court has time and again stated that a ‘fair balance’ between these fundamental rights should be reached.

The first relevant case before the CJEU (Promusicae 2008) already showed a ‘digital’ situation without ‘analogue’ equivalent. In this case, a collecting society (Promusicae) wanted to convert the technical information it had gathered, suggesting copyright infringing behaviour, into real-life information (especially the identity of the alleged infringers). It needed the help of access providers, which were expected to identify their customers so these could be sued. Upon refusal, the collecting society initiated a civil procedure against the access provider Telefónica (rather than bringing a criminal action). In its 2008 decision, the CJEU ruled that European law does not necessarily preclude an obligation on access providers to hand over such personal information to right holders and that a national obligation to disclose personal data in the framework of civil proceedings is not per se contrary to the protection of fundamental rights. Still, this does not mean that Member States are compelled to provide for such a measure. Where they do, the relevant legal provisions should be considered from the angle of, on the one hand, the protection of copyright and the right to an effective remedy, and, on the other, the protection of personal data and privacy. A fair balance must be struck between all fundamental rights involved, taking into account other general principles of Community law, such as the proportionality principle. In its Bonnier decision of 19 April 2012, the CJEU applied this test and decided that an obligation to disclose personal data to copyright holders in civil proceedings is legal, if the national law provides that the order is issued at the request of a copyright holder entitled to act, that there is clear evidence of an infringement and that the conflicting interests and the principle of proportionality are taken into account.

Intermediary service providers (such as access providers) can thus be involved as holders of the infringers’ identity. But the right holder can also address the intermediaries as gatekeepers to the Internet and its copyright treasures: in this case the ISP is the final target of the legal action, as the one person able to actually prevent copyright infringements, notably by filtering the traffic. Nonetheless, this solution is also subject to legal constraints, such as the limitation of liability of ISPs, stringent conditions for injunctions and, not the least, the limits drawn by competing fundamental rights. In the Scarlet decision of 24 November 2011, the CJEU examined the legality of an injunction to set up a preventive technical system filtering all electronic communications, applied indiscriminately to all the customers for an unlimited period and at its own expense. The Court held that this particular measure could not be imposed without disrespect of the European norms. Although a right holder may request such injunctions to prevent or end an infringement, such measure may not amount to an obligation for the ISP to carry out a general monitoring of the information it transmits. Moreover, the Court found that such measure violates the fair balance between fundamental rights, in more than one respect. Firstly, a general filtering obligation is costly and complicated and would overly affect the ISP’s freedom to conduct a business. Secondly, the fundamental freedoms of the ISP’s customers are touched upon, in particular their right to protection of personal data, privacy and their freedom to receive and impart information. Indeed a filtering system that sieves all communications, collects and identifies IP addresses (i.e. personal data), is expected to isolate the infringing content but in fact it cannot distinguish between ‘lawful’ and ‘unlawful’ content, which might lead to the blocking of legitimate communications.

Finally right holders have turned to ISPs in a more ‘amicable’ setting, seeing these as ‘allies’ to develop remedies against massive copyright infringements. The ISP is then expected to ‘voluntarily’ filter or block certain content. A good example is the system of ‘graduated responses,’ where the ISP (mostly the Internet access provider) serves as the carrier pigeon, dropping warnings to its customer that her Internet connection appears to have been used for copyright infringements and requesting her to cease the infringement. Far-reaching measures – in particular restrictions on the use of the Internet connection or even the suspension of the service – could be taken after (typically) three warnings/notifications. Such ‘para-judicial’ enforcement mechanism is tolerated in the European legal framework insofar as the fundamental rights and freedoms of users remain preserved, particularly in the field of data protection, privacy and due process. However, the difficulties – even impossibility – to reconcile such policies with the fundamental rights of the customers have become apparent in the Irish attempt of EMI to get a hold on Eircom’s customers. Both corporations settled their conflicts and agreed to a ‘graduated response’ policy towards Eircom’s customers (a settlement approved by the Irish Courts). However, Eircom’s detecting technology appeared defective and after Eircom had wrongly identified 300 of its customers as copyright infringers, the Irish Data protection authority issued a decision that the Eircom’s system of graduated response infringes its customer’s rights to data protection.

However efficient the actions against intermediaries seem, this short overview of measures shows how difficult it is to reconcile fundamental rights and copyright enforcement in a digital environment. The question is whether the ACTA provisions would have shed different light on this situation.

3 Online Copyright Enforcement in ACTA

The measures against the ISPs (in different capacities) did re-emerge in ACTA’s section dealing with enforcement of copyright and related rights in the digital environment.

Firstly, ACTA provided the possibility of requesting an order aiming at the disclosure of information to identify the subscriber whose account is allegedly used for an infringement. Such order could be issued by a ‘competent authority,’ not necessarily a judicial body (which is the traditional guardian of fundamental rights).

Secondly, ACTA demanded ‘effective action’ against infringements in the digital environment, including measures to prevent and deter infringements, such as damages and injunctions (also against intermediaries).

Finally and perhaps most trickily, ACTA required the signatory parties to ‘promote cooperative efforts within the business community’ to address copyright infringements, in particular cooperation between service providers and right holders. This obligation had its origin in an earlier draft of ACTA, in which the provisions indirectly legitimizing ‘graduated response’ measures proved most controversial. Those provisions have been officially removed after the European Parliament’s strong position against the ‘three strikes’ procedures. Yet the last wordings of ACTA could still be read as a euphemistic reformulation and there was little doubt that graduated response policies, on a voluntary basis, were covered.

4 Copyright Enforcement Not at the Expense of Other Fundamental Rights – Not Even Online

ACTA would have sneakily given leeway to signatory states to implement invasive procedures and powerful sanctions to copyright infringements, even if the determination of the concrete measures were left to the signatory states. At the same time ACTA gave the other fundamental rights an obvious place in the framework of copyright enforcement since it explicitly required that those be ‘preserved.’ However, it remained to be seen how this would have been brought into practice and, in particular, if and how the ‘preservation’ of some fundamental rights (say: freedom of expression and information, privacy, data protection, due process) would have survived the application of other fundamental rights (say: property, commerce, and business). The same caution is appropriate with regard to any initiative the Commission would take to strengthen the IP enforcement instruments – and all the more so given the nature and history of the EU and its roots in the internal market: it could justly be feared that the ‘internal market and free circulation of rights and freedoms’ would prevail above the ‘fundamental rights and freedoms’ as we know them from the European Convention of Human Rights and the Strasbourg Court. Moreover, the ‘preservation of fundamental rights’ required by ACTA already seemed to provide less protection than the ‘fair balance’ put forward by the CJEU. True, under the general obligations with respect to enforcement, ACTA stated the proportionality principle – in particular between the seriousness of the infringement, the interests of third parties, and the applicable measures, remedies and penalties – but this statement was not convincing to that end and beyond ACTA it remains to be seen how the EU institutions will construct this fundamental principle.

The proportionality test is never a strong guarantee, not only because its outcome depends on many factors but also because it is itself subject to interpretation. A ‘weak’ proportionality test merely ‘balances’ the fundamental rights at stake, assuming that ensuring one of them must necessarily be at the expense of the other – say, copyright will systematically trump data protection and privacy. A ‘stronger’ proportionality test, by contrast, would include a ‘subsidiarity test’ and would first inquire if it is possible to reach the aim pursued (copyright enforcement) without loss on the side of the rights of privacy, data protection or free expression. In this respect the Court of justice was right to dismiss a general filtering measure, applied to all electronic communications for the purpose of preventing copyright infringement, but it would have been helpful had it explored less intrusive measures. From that point of view ACTA and the debate it has given birth to should be taken as an occasion for the EC (and the CJEU) to embrace the understanding of what a ‘fair balance’ is and how it should be struck, whereby we would insist on a ‘strong’ proportionality test. This indeed would imply an openness for a difficult (and thus ‘slow’) search of new and inventive practices – involving and assembling all stakeholders, technological solutions, business models, web policies, constitutional and legal guarantees and so forth – which would refuse expedite solutions that cut too easily in one legitimate interest or the other.

Such a position would be more than welcome, since in matters relating to detection and prosecution of infringements, principles of criminal law – such as the presumption of innocence and due process – do continue to be valid and applicable. Whereas a ‘reasonable suspicion’ is the threshold for initiating a criminal investigation (including privacy intrusive measures), such safeguards are not encoded in the proposed online copyright enforcement regime. Offline, we would not accept to be permanently surveilled because some engage in counterfeiting and commercialize copyrighted goods. We do not even accept it in the face of terrorism!

5 Meanwhile, in Europe…

Meanwhile, pending the opinion of CJEU on whether ACTA is compatible with the EU Treaties and in particular the Charter of Fundamental Rights, the EC was already taking initiatives to revise the IP Rights Enforcement Directive (2004/48). Interestingly, the Commission has drawn a ‘roadmap’ in which it identifies as policy options (a) detailing the rules on obtaining information from intermediaries, (b) fast-track low-cost civil procedures for straightforward infringements, and (c) actions against webpages holding infringing content. Furthermore, complementary ‘cooperation measures’ between right holders and intermediaries are thinkable in the form of ‘soft law’ instruments. In the light of the rejection of ACTA by the EP this roadmap and its ‘promises’ have significantly gained pertinence and momentum.

If many Europeans have been rightly expressing their outrage and refusal of ACTA, they should remain vigilant and mobilized to what is happening much closer to their bed, inside the EU machinery. They have probably succeeded in busting ACTA, but they should be aware that the ACTA train may well hide another no less dangerous one.