By Eduardo Ustaran and José-Luis Piñar Mañas
Promusicae v. Telefonica: Intellectual Property Rights and Data Protection
This case landed on the ECJ following a referral from a Spanish national court. This is a common procedure for cases where EU national courts deal with cases that involve European law principles that may be subject to different interpretations. When this happens, national judges normally prefer to ask the ECJ to take a view on the relevant European law principle so that the outcome is consistent with what the European legislation originally intended.
In 2005 Promusicae (a Spanish non-profit-making organisation of producers and publishers of musical and audiovisual recordings) asked that Telefónica (a Spanish provider of Internet access services) be ordered to disclose the identities and physical addresses of certain persons whom it provided Internet access services. According to Promusicae, who knew the IP addresses used by these individuals at specific points in time, Telefonica's customers had used the KaZaA file exchange program to allow unauthorised access to files in which members of Promusicae held exploitation rights. Promusicae claimed before the national court that the users of KaZaA were engaging in unfair competition and infringing intellectual property rights. It therefore sought disclosure of the above information in order to be able to bring civil proceedings against the persons concerned.
At the end 2005, a Madrid civil court ordered the preliminary measures sought by Promusicae. However, Telefonica appealed against the order contending that under Spanish law, the communication data requested by Promusicae could only be made available in the context of a criminal investigation or for the purpose of safeguarding public security and national defence. As this case only related to civil proceedings, Telefónica argued that the order to disclose was not lawful.
Back to the Spanish court, the matter was halted pending a decision by the ECJ. The Spanish court asked the ECJ to confirm whether EU law allowed member states to limit the duty of operators of electronic communications networks and services to retain and make available connection and traffic data relating to their customers only for the purposes of criminal investigations or to safeguard public security and national defence, and not for civil proceedings.
The question raised before the European Court was whether Community law, in particular Directives 2000/31, 2001/29 and 2004/48, in light of Articles 17 and 47 of the Charter, must be interpreted as requiring member states to lay down an obligation to communicate personal data in the context of civil proceedings in order to ensure effective protection of copyright.
But while the court said the e-privacy directive did not prevent EU member states from laying down an obligation to disclose personal data in the context of civil proceedings, the ECJ acknowledged that EU member states faced a balancing exercise in allowing the disclosure of connection and traffic data beyond criminal cases. As the ECJ put it, the case referred by the Spanish court raised the need to reconcile the requirements of the protection of different fundamental rights — the right to protection of property and the right to respect for private life.
EU Countries Free to Decide
Unfortunately, the ECJ decision making process stopped there because, instead of taking a view as to which of the two rights should prevail in this case, it passed the ball back to the national courts and legislators by urging countries to strike a fair balance between the various fundamental rights protected by EU law. So in the end, it was a draw and the Spanish court must now decide who will win the data disclosure match.
Given that the Madrid court had already ordered the preliminary measures requested by Promusicae and that the ECJ was not particularly categorical in its decision, one can consider that the most likely outcome in Spain could be a decision in favour of the rights-holders. However, the ECJ has reminded us of a key aspect of European privacy and data protection law: The right to respect for private life is a fundamental right, and the standards to interfere with that right are very high.
Eduardo Ustaran is the Head of the Privacy and Information Law Group at Field Fisher Waterhouse LLP, based in London. He is a member of the IAPP Education Advisory Board, co-chair of KnowledgeNet London, editor of Data Protection Law & Policy and co-author of E-Privacy and Online Data Protection. He may be reached at firstname.lastname@example.org.
José-Luis Piñar Mañas, Ph.D. is an attorney at Piñar Mañas & Asociados Law Firm, and a professor of administrative law. He also is the former Director of the Spanish Agency for Data Protection and former Vice-Chairman of the Article 29 Working Party and Honorific President of the Ibero-American Network of Data Protection. He can be reached at email@example.com.