I've posted this on my IT Law blog and will crosspost it to other IT law blogs. I'm not at all sure that I have got things right but these are my early thoughts
Introduction
Permission had been granted for the appeal on four grounds. As laid down in paragraph 6 of Lord Justice Richards judgment (which was adopted by the other appellate judges) these were
1) Ground 1: whether the contested provisions should have been notified to the EU Commission in draft pursuant to Directive 98/34/EC of 22 June 1998 laying down a procedure for the provision of information in the field of technical standards and regulations, as amended by Directive 98/48/EC, ("the Technical Standards Directive"), with the result that they are unenforceable for want of notification.
(2) Ground 2: whether the contested provisions are incompatible with provisions of Directive 2000/31/EC of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market ("the Electronic Commerce Directive" or "the ECD").
(3) Ground 3: whether the contested provisions are incompatible with provisions of Directive 95/46/EC of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data ("the Data Protection Directive" or "the DPD") and/or of Directive 2002/58/EC of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector ("the Privacy and Electronic Communications Directive" or "the PECD").
(4) Ground 4: whether the contested provisions are incompatible with provisions of Directive 2002/20/EC of 7 March 2002 on the authorisation of electronic communications networks and services, as amended by Directive 2009/140/EC, ("the Authorisation Directive" or "the AD").
The first and fourth grounds are perhaps rather technical – although of course technicalities can be very important in the law. The second and third grounds do perhaps raise more in the way of issues of substance
Notification of technical standards
Under EU law where a Member state proposes to make compliance with technical standards (other than existing international of European standards), the text of the measures much be notified to the European Commission. The provisions of the draft Code had not been notified and the appellants contended that this constituted a breach of the
European Technical Standards Directive which requires in article 8 that
Subject to Article 10, Member States shall immediately communicate to the Commission any draft technical regulation, except where it merely transposes the full text of an international or European standard …; they shall also let the Commission have a statement of the grounds which make the enactment of such technical regulation necessary, where these have not already been made clear in the draft.
Essentially this part of the judgment appears to relate to questions of time. As Lord Justice Richards noted, it would be quite feasible to notify the contested code to the Commission as and when a draft of the more substantial Initial Obligations Code was created (by OFCOM)
The E-Commerce Directive
Objections to the provisions of the Digital Economy Act centred on the immunities which are conferred on Information Society Service Providers by the E-Commerce Directive; in particular where they act as a mere conduit, as a host, or provide caching services.
The extent of the immunities varies slightly across the various activities but there are few differences of substance. It may be enough to summarise the complaints relating to the mere conduit ground. The basis of this is found in Article 12 of the E-Commerce Directive which provides that
Where an information society service is provided that consists of the transmission in a communication network of information provided by a recipient of the service, or the provision of access to a communication network, Member States shall ensure that the service provider is not liable for the information transmitted, on condition that the provider:
(a) does not initiate the transmission;
(b) does not select the receiver of the transmission; and
(c) does not select or modify the information contained in the
transmission.
Under the Digital Economy Act, ISPs are required to cooperate with copyright owners in the service of copyright infringement reports and lists and face a range of legal sanctions in the event that they fail to act.
As was noted in paragraph 48 of Lord Justice Richard’s judgment:
The appellants contend that the set of responsibilities imposed on them by the contested provisions with regard to notification of copyright infringement reports and the provision of copyright infringement lists, together with the related financial burden and exposure to liability for costs, compensation and penalties, renders them “liable for the information transmitted” within the meaning of Article 12(1) and is therefore incompatible with the article.
This contention was rejected. Lord Justice Richards quoted with approval the works of Mr Justice Parker in the High Court:
Without the underlying infringement, there would be no CIR or CIL: but the legal test is not whether a liability has arisen because there was an initial infringement of copyright; the liability must arise in respect of that underlying infringement, so that the liability is for the information transmitted.
Essentially, ISPs could face legal sanctions not in respect of the transmission by users of information over their networks but as a result of their failure to comply with legal requirements imposed directly on themselves.
A further argument advanced for the claimants was that, in contrast to the position under Articles 13 and 14 dealing with the caching and hosting immunities, there was no mechanism requiring ISPs to receive complaints from right owners and remove infringing material. The lack of such a provision in Article 12 was seen as giving a wider level of protection. This contention was also rejected on the ground that a ‘mere conduit’ has less direct control over information than a party who hosts material or maintains cached copies. although the issue is perhaps related to the other major legal issue regarding the extent to which ISPs might be required to use filtering software to block access to specific web sites.
A further challenge to the legitimacy of the Digital Economy Act was based on the provisions of Article 3 of the E-Commerce Directive. This provides in part that:
Each Member State shall ensure that the information society services provided by a service provider established on its territory comply with the national provisions applicable in the Member State in question which fall within the coordinated field.
(2) Member States may not, for reasons falling within the coordinated field, restrict the freedom to provide information society services from another Member State.
The appellants’ contention here was that the provisions of the Digital Economy Act might restrict the freedom of ISPs from other Member States from offering their services to UK users.
The prime difficulty for the appellants was that article 3(3) provided that the preceding paragraphs were not to apply in respect of services listed in the Annex to the Directive. This makes specific reference to copyright and neighbouring rights.
The appellants argued that this provision referred to substantive issues of copyright law – the nature of the works which might be protected and the extent of protection. At the time the E-Commerce Directive was adopted, there was little in the way of harmonization across the Member States. The Directive on Copyright in the Information Society which was adopted a year later (and whose coming was prophesised in the recitals to the E-Commerce Directive) had brought about a good measure of harmonization and therefore the exclusion was no longer necessary or valid at least in respect of measures for copyright infringement. .
Again, upholding the High Court ruling, Lord Justice Richards disagreed:
At the time when the Electronic Commerce Directive was adopted, “copyright” in the Annex to the directive must in my view have had its normal meaning, encompassing all aspects of the law of copyright under national laws, and cannot have had the elaborate meaning attributed to it by the appellants. At that time there was no harmonising directive at the Community level in the field of copyright protection. It would be unrealistic to impute to the Community legislature, at least in the absence of clear, express language to this effect, an intention to give “copyright” a meaning related to provisions of a copyright directive that had not yet been adopted. But if “copyright” did not have the appellants’ meaning at the outset, I do not see how it can have come to acquire that meaning subsequently. The later adoption of the Copyright Directive cannot of itself have had the effect of changing the meaning of the expression. It would have needed an express amendment of the Electronic Commerce Directive to achieve that result, but no such amendment has ever been made.
There is perhaps the sense of the appellants clutching at straws in respect of this argument. At the very least we might look at Commission sponsored reports highlighting the very limited nature of cross border services in the sector. This might be due to a range of courses but the Digital Economy Act might – at least at its present state of implementation – come low on the list.
Data protection issues
Two issues were raised in this context relating to the basic Data protection Directive (95/46) and to the electronic communications Directive.
In respect of the data protection Directive, attention focused on the provisions of article 8 which prohibits the processing of sensitive personal data unless fairly strict conditions are complied with. This might be seen as pushing a case to far although the fault may lie more with the concept of sensitive data than with the appellants’ arguments. It may certainly be the case that the materials we download unlawfully may say something about our political or religious views etc, but the connection appears a little tenuous.
One of the conditions laid down in the directive for justifying processing is where this ‘relates to data which are manifestly made public by the data subject or is necessary for the establishment, exercise or defence of legal claims’. The appellants pointed to Government impact assessment statement produced during the Digital Economy Act’s passage to the effect that the new procedures would persuade 70% of infringers to stop infringement without the need for further legal proceedings. How then could the provisions meet the conditions for legitimate processing.
Another cross reference may be helpful here and readers may recall the ALTS case where a law firm was the subject of heavy judicial and regulatory criticism for threatening legal proceedings against alleged copyright infringers without having any intent to turn the threats into reality. Blackmail is such an ugly word but the view was clearly that the conduct was akin to this..
The electronic communications Directive refers, inter alia, to the processing of traffic data – relating to the source and origins of communications. It authorises processing of such data where the processing is:
a necessary, appropriate and proportionate measure within a democratic society to safeguard national security (i.e. State security), defence, public security, and the prevention, investigation, detection and prosecution of criminal offences or of unauthorised use of the electronic communication system
Here the complaint was that processing of data would be in connection with the institution of civil (rather than criminal) proceedings. The answer to the challenge came principally from decisions of the European Court of justice in file sharing cases such as Case C-275/06, Productores de Musica de España
(Promusicae) v Telefonica de España SAU [2008] ECR I-271. The Court of Justice drew a link between the general and electronic communications data protection Directives and ruled that:
It is clear, however, that Article 15(1) of Directive 2002/58 ends the list of the above exceptions with an express reference to Article 13(1) of Directive 95/46. That provision also authorises the Member States to adopt legislative measures to restrict the obligation of confidentiality of personal data where that restriction is necessary inter alia for the protection of the rights and freedoms of others. As they do not specify the rights and freedoms concerned, those provisions of Article 15(1) of Directive 2002/58 must be interpreted as expressing the Community legislature’s intention not to exclude from their scope the protection of the right to property or situations in which authors seek to obtain that protection in civil proceedings.
It might be asked why, if it was so clearly the legislature’s intention to allow discosure for the purposes of civil proceedings it did not make the effort to add a 2 word phrase to the provision.
The Authorisation Directive
The final ground of complaint advanced before the Court of Appeal related to the provisions of the European Authorisation Directive. This is one of the key planks of the European electronic communications legislative packages and provides in large part that systems of individual licencing or authorisations for those providing electronic communications networks or services are to be replaced by general authorisations – akin to sets of general terms and conditions.
For the United Kingdom, OFCOM has drawn up General Conditions of Entitlement. Two key issues arose in the present case, whether the provisions of the Digital Economy Act and the draft code should have been brought within the ambit of the general conditions and, if so whether they could be seen as compatible with the requirements of the Authorisation Directive.
Such an approach which would require every sector specific provision to be brought within the general conditions of entitlement would be extremely restrictive. It would effectively require that all legal requirements relating to ISPs should be included in the general conditions – which would then become very bulky documents. The electronic communications sector is certainly important but it has to coincide with other policy areas – such as copyright – and cannot claim a monopoly of competence in the field.
In one, limited field, the appellants did succeed in their claim. The Authorisation Directive has extensive provisions concerning the amounts of costs which can be imposed on those providing electronic communications networks or services. Effectively, costs imposed have to equate to those incurred by regulators. As stated above, however, many of the controls imposed upon ISPs might fall outside the scope of the Directive. Cost provisions might apply however with particular reference made to the provisions of Article 12 which refers to the imposition of ‘administrative charges’. At trial it was conceded that this provision would apply and the judge divided the costs into 3 categories
(1) “qualifying costs”, namely the costs incurred by Ofcom or the appeals body in carrying out functions under the copyright infringement provisions, including costs incurred by Ofcom under those provisions in appointing the appeals body or in establishing a body corporate to be the appeals body; (2) “relevant costs”, namely costs which would be reasonably and efficiently incurred by a notional qualifying ISP in carrying out its obligations under the provisions; and (3) “case fees” charged by the appeals body in respect of each subscriber appeal which it receives (in relation to each appeal, the appealing subscriber’s ISP would be required to meet 25% of the fee, with the other 75% being recovered from the relevant copyright owner).
At trial it was held that the first requirement would apply to ISPs but that the concept of ‘relevant costs’ would not as these related to costs which would be incurred internally in complying with any requirements imposed under the Digital Economy Act rather than costs which would require to be paid to some third party. This contention was upheld in the Court of Appeal but a further finding that ‘case fees’ would also be excluded was rejected, Lord Justice Richards concluding that:
If, as the judge found and is accepted before us, “qualifying costs” are “administrative charges” within Article 12, I can see no sensible reason why “case fees” should not be treated in the same way. As Mr White submitted (for the appellants) , they are in substance a supplement to “qualifying costs”, comprising that part of the costs of the appeal body which is not covered by “qualifying costs”.
Discrimination and Distortion of Competition
A final (and unsuccessful challenge to the lawfulness of the legislation was based on the above grounds. The initial proposals are that obligations should be imposed only on ISPs providing services over fixed line connections and, even here, only in respect of the leading six providers. This was, it was claimed unfair to those ISPs affected and might also lead to a migration of customers to smaller ISPs who would not themselves (and by inference their customers) be subject to the same legislative regime. Effectively the wisdom might be that if a user wished to minimise the possibilities of being detected and acted against in respect of online piracy, a contract with a small ISP or a mobile network might be advisable.
The exclusion of mobile networks is driven largely by technical considerations. Unlike fixed line connections when each connection will be given a specific IP address, mobile networks have a pool of dynamic address one of which will be allocated to each connection. Technically, it is much more difficult to map a particular IP address to a particular connection at a particular point in time.
Exclusion of smaller ISPs is perhaps more contentious. It was recognised that there were pragmatic reasons for the selection of a 400,000 subscriber thresholds. As was stated in the High Court:
The six ISPs who have more than 400,000 subscribers together account for 93.4 per cent of the residential and SME business broadband market. There is a natural break point below the big six, in that the smallest of the big six is still twice the size of the next in line. In my view, it is reasonable and proportionate to concentrate on the larger ISPs in the first instance, and to identify any other individual ISPs where there are high levels of copyright infringement on a case by case basis. Any alleged ‘migration’ of infringers to smaller ISPs is speculative at this stage and could be addressed if it began to present real problems.
This conclusion was upheld by the Court of Appeal. As was stated:
The judge did not rely on the possibility of review and amendment of the regime as an answer in itself to the appellants’ case, but he made the valid point that if circumstances changed there existed mechanisms for ensuring that any future problem of disproportionate effect could be avoided.
Conclusions
We will have to wait to see whether the appellants seek to take their case to the Supreme Court – or are granted leave so to do. We are now approaching the second anniversary of the Digital Economy Act receiving Royal Assent but in spite of an OFCOM consultation period on the contents of the initial obligations code expiring in July 2010, we await even a draft instrument. There seems to be serious doubt whether these provisions of the Act will ever be brought into force.
In some important respects it seems that the emphasis of right owners is switching to seeking to act directly against ISPs to compel the blocking (or attempted blocking) of access to specified sites. Recent weeks and months have also seem major activities by law enforcement agencies in a range of countries, including the UK and the UK seeking to disrupt the activities of sites associated with large scale copyright infringement.
A number of European countries have sought to implement legislation along the lines adopted in the Digital Economy Act. It is perhaps fair to say that success has been limited. And perhaps it is time to recognise that the model may be lawful but is flawed.
