OneTrust_Square Banner_300x250_DD_ROS_01_19

By Eduardo Ustaran and José-Luis Piñar Mañas

Promusicae v. Telefonica: Intellectual Property Rights and Data Protection

This case landed on the ECJ following a referral from a Spanish national court. This is a common procedure for cases where EU national courts deal with cases that involve European law principles that may be subject to different interpretations. When this happens, national judges normally prefer to ask the ECJ to take a view on the relevant European law principle so that the outcome is consistent with what the European legislation originally intended.

In 2005 Promusicae (a Spanish non-profit-making organisation of producers and publishers of musical and audiovisual recordings) asked that Telefónica (a Spanish provider of Internet access services) be ordered to disclose the identities and physical addresses of certain persons whom it provided Internet access services. According to Promusicae, who knew the IP addresses used by these individuals at specific points in time, Telefonica's customers had used the KaZaA file exchange program to allow unauthorised access to files in which members of Promusicae held exploitation rights. Promusicae claimed before the national court that the users of KaZaA were engaging in unfair competition and infringing intellectual property rights. It therefore sought disclosure of the above information in order to be able to bring civil proceedings against the persons concerned.

At the end 2005, a Madrid civil court ordered the preliminary measures sought by Promusicae. However, Telefonica appealed against the order contending that under Spanish law, the communication data requested by Promusicae could only be made available in the context of a criminal investigation or for the purpose of safeguarding public security and national defence. As this case only related to civil proceedings, Telefónica argued that the order to disclose was not lawful.

Back to the Spanish court, the matter was halted pending a decision by the ECJ. The Spanish court asked the ECJ to confirm whether EU law allowed member states to limit the duty of operators of electronic communications networks and services to retain and make available connection and traffic data relating to their customers only for the purposes of criminal investigations or to safeguard public security and national defence, and not for civil proceedings.

Balancing Exercise

The question raised before the European Court was whether Community law, in particular Directives 2000/31, 2001/29 and 2004/48, in light of Articles 17 and 47 of the Charter, must be interpreted as requiring member states to lay down an obligation to communicate personal data in the context of civil proceedings in order to ensure effective protection of copyright.

But while the court said the e-privacy directive did not prevent EU member states from laying down an obligation to disclose personal data in the context of civil proceedings, the ECJ acknowledged that EU member states faced a balancing exercise in allowing the disclosure of connection and traffic data beyond criminal cases. As the ECJ put it, the case referred by the Spanish court raised the need to reconcile the requirements of the protection of different fundamental rights — the right to protection of property and the right to respect for private life.

EU Countries Free to Decide

Unfortunately, the ECJ decision making process stopped there because, instead of taking a view as to which of the two rights should prevail in this case, it passed the ball back to the national courts and legislators by urging countries to strike a fair balance between the various fundamental rights protected by EU law. So in the end, it was a draw and the Spanish court must now decide who will win the data disclosure match.

Given that the Madrid court had already ordered the preliminary measures requested by Promusicae and that the ECJ was not particularly categorical in its decision, one can consider that the most likely outcome in Spain could be a decision in favour of the rights-holders. However, the ECJ has reminded us of a key aspect of European privacy and data protection law: The right to respect for private life is a fundamental right, and the standards to interfere with that right are very high.

Eduardo Ustaran is the Head of the Privacy and Information Law Group at Field Fisher Waterhouse LLP, based in London. He is a member of the IAPP Education Advisory Board, co-chair of KnowledgeNet London, editor of Data Protection Law & Policy and co-author of E-Privacy and Online Data Protection. He may be reached at

José-Luis Piñar Mañas, Ph.D. is an attorney at Piñar Mañas & Asociados Law Firm, and a professor of administrative law. He also is the former Director of the Spanish Agency for Data Protection and former Vice-Chairman of the Article 29 Working Party and Honorific President of the Ibero-American Network of Data Protection. He can be reached at


If you want to comment on this post, you need to login.


Board of Directors

See the esteemed group of leaders shaping the future of the IAPP.

Contact Us

Need someone to talk to? We’re here for you.

IAPP Staff

Looking for someone specific? Visit the staff directory.

Learn more about the IAPP»

Daily Dashboard

The day’s top stories from around the world

Privacy Perspectives

Where the real conversations in privacy happen

The Privacy Advisor

Original reporting and feature articles on the latest privacy developments

Privacy Tracker

Alerts and legal analysis of legislative trends

Privacy Tech

Exploring the technology of privacy

Canada Dashboard Digest

A roundup of the top Canadian privacy news

Europe Data Protection Digest

A roundup of the top European data protection news

Asia-Pacific Dashboard Digest

A roundup of the top privacy news from the Asia-Pacific region

Latin America Dashboard Digest

A roundup of the top privacy news from Latin America

IAPP Westin Research Center

Original works. Groundbreaking research. Emerging scholars.

Get more News »

IAPP Communities

Meet locally with privacy pros, dive deep into specialized topics or connect over common interests. Find your Community in KnowledgeNet Chapters, Sections and Affinity Groups.

IAPP Job Board

Looking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.

Join the Privacy List

Have ideas? Need advice? Subscribe to the Privacy List. It’s crowdsourcing, with an exceptional crowd.

Find a KnowledgeNet Chapter Near You

Talk privacy and network with local members at IAPP KnowledgeNet Chapter meetings, taking place worldwide.

Find more ways to Connect »

Find a Privacy Training Class

Two-day privacy training classes are held around the world. See the complete schedule now.

The Privacy Core™ Library Has Evolved

Privacy Core™ e-learning essentials just expanded to include seven new units for marketers. Keep your data safe and your staff in the know!

Online Privacy Training

Build your knowledge. The privacy know-how you need is just a click away.

Upcoming Web Conferences

See our list of upcoming web conferences. Just log on, listen in and learn!

Train Your Team

Get your team up to speed on privacy by bringing IAPP training to your organization.

Let’s Get You DPO Ready

There’s no better time to train than right now! We have all the resources you need to meet the challenges of the GDPR.

Learn more »

CIPP Certification

The global standard for the go-to person for privacy laws, regulations and frameworks

CIPM Certification

The first and only privacy certification for professionals who manage day-to-day operations

CIPT Certification

The industry benchmark for IT professionals worldwide to validate their knowledge of privacy requirements

FIP Designation

Recognizing the advanced knowledge and issue-spotting skills a privacy pro must attain in today’s complex world of data privacy.

Certify Your Staff

Find out how you can bring the world’s only globally recognized privacy certification to a group in your organization.


The IAPP’S CIPP/E and CIPM are the ANSI/ISO-accredited, industry-recognized combination for DPO readiness. Learn more today.

Learn more about IAPP certification »

Are You Ready for the GDPR?

Check out the IAPP's EU Data Protection Reform page for all the tools and resources you need.

IAPP-OneTrust PIA Platform

New U.S. Government Agency privacy impact assessments - free to IAPP members!

IAPP Communities

Meet locally with privacy pros, dive deep into specialized topics or connect over common interests. Find your Community in KnowledgeNet Chapters, Sections and Affinity Groups.

Privacy Vendor List

Find a privacy vendor to meet your needs with our filterable list of global service providers.

More Resources »

Europe Data Protection Intensive 2017

The Intensive is sold out! But cancellations do happen—so hurry and get on the wait list in case more seats become available.

Global Privacy Summit 2017

The world’s premier privacy conference returns with the sharpest minds, unparalleled programs and preeminent networking opportunities.

Canada Privacy Symposium 2017

The Symposium returns to Toronto this spring and registration has opened! Take advantage of Early Bird rates and join your fellow privacy pros for another stellar program.

The Privacy Bar Section Forum 2017

The Privacy Bar Section Forum returns to Washington, DC April 21, delivering renowned keynote speakers and a distinguished panel of legal and privacy experts.

Asia Privacy Forum 2017

The Forum returns to Singapore for exclusive networking and intensive education on data protection trends and challenges in the Asia Pacific region. Call for Speakers open!

Privacy. Security. Risk. 2017

This year, we're bringing P.S.R. to San Diego. The Call for Speakers is now open. Submit today and be a part of something big! Submission deadline: February 26.

Europe Data Protection Congress 2017

European policy debate, multi-level strategic thinking and thought-provoking discussion. The Call for Speakers is open until March 19.

Sponsor an Event

Increase visibility for your organization—check out sponsorship opportunities today.

More Conferences »

Become a Member

Start taking advantage of the many IAPP member benefits today

Corporate Members

See our list of high-profile corporate members—and find out why you should become one, too

Renew Your Membership

Don’t miss out for a minute—continue accessing your benefits

Join the IAPP»