The European Court of Justice ruled on November 24 in the SCARLET EXTENDED (BELGACOM GROUP) v. SABAM case that requiring Internet service providers (ISPs) to use systems “for filtering and blocking electronic communications is inconsistent with EU law,” as Bird & Bird LLP describes it in a recent review of the decision.

The decision in the case, which dates to 2004 and involved a Belgian company that managed copyrights, means that ISPs “can't be made to install monitoring systems to prevent illegal downloads of copyrighted material,” The Wall Street Journal reports.

The court found that the injunction imposed on the Belgian ISP to install a general filtering system
“amounts to a general monitoring obligation, which is prohibited by Article 15(1) of the E-Commerce Directive,” the Bird & Bird report notes, adding the court found the injunction did not “strike a fair balance between the protection of intellectual property rights and the protection of the fundamental rights of individuals who are affected by such measures…and would infringe the fundamental rights of the ISP's customers, namely their freedom to receive or impart information and their right to protection of their personal data.”

Benoit Van Asbroeck, Maud Cock and Laurent Masson of Bird & Bird Brussels acted for Belgian ISP Scarlet from the appeal stage onwards, with Van Asbroeck conducting the pleadings before the court. Van Asbroeck shared his perspective on the ruling, describing it as a “seminal judgment” on multiple levels.

The decision, he explained, states “clearly that IP rights are not absolute but have to be balanced against other fundamental rights. Among those rights the court lists rights of privacy, free speech but also—and this is new in EUCJ case law—the freedom to conduct business. The addition of this right will make it more difficult in the future for IP rightholders to seek injunctions against ISPs which equipment are used for breaching IPR. Indeed, the court held that the injunction to implement a filtering device would be a serious infringement of the freedom of the ISP to conduct its business since it would require that ISP to install a complicated, costly permanent computer system at its own expense.”

With that, he notes, the court has confirmed that sought injunctions “should pass a proportionality test”—and neither be too complex nor too costly.

The court also made it clear that the use of a filtering device is not compliant with Article 15 of the E-Commerce Directive prohibiting “national authorities from adopting measures that would require an ISP to carry out general monitoring of the information that it transmits on its network,” he noted, adding, “Finally the court held that the IP addresses, which are collected by the ISP at issue, are personal data. This question is controversed in the different EU member states. Regulators and case law are not on the same page.  This section of the ruling will certainly trigger numerous legal comments. Some will probably read it in very general terms; i.e., that all IP addresses in any context have to be considered as personal data subject to privacy law. Others—and I am in this category—will probably consider that the court only meant the IP addresses of an ISP which is able to identify the natural person behind this IP address have to be considered as personal data.”

Even with the court’s decision now in place, Van Asbroeck pointed out, the debate is far from over.