Lawful Content | blog by Stefan Kulk

European Court of Human Rights: The Pirate Bay co-founders’ complaint “manifestly ill-founded”

The European Court of Human Rights (ECtHR) recently gave a decision in the case of Neij and Sunde Kolmisoppi v. Sweden. This is the second case in a short time that deals with copyright and freedom of expression. Whereas the case of Ashby Donald and others v. France was decided on the merits, this case was considered inadmissible and thrown out by the ECtHR. Nonetheless, the Court’s decision did provide an interesting read.

First, the facts of the case. Fredrik Neij and Peter Sunde Kolmisoppi are the co-founders of the famous torrent-platform that is The Pirate Bay (for a recent documentary about all the founders of The Pirate Bay, see this YouTube-video). In Sweden, they were convicted for furthering copyright infringement. They filed a complaint to the ECtHR and argued that their right to freedom of expression was breached. The Svea Court of Appeal had confirmed the District Court’s decision that “by making available its website with well-developed search functions, simple uploading and storing possibilities and through its tracker system, TPB [The Pirate Bay] had facilitated and furthered the crimes in violation of the Copyright Act and thereby, objectively been guilty of complicity to commit crimes in violation of the Act.” However, whereas the District Court had held that they should be held collectively responsible for these crimes, the Court of Appeals held that Neij and Sunde Kolmisoppi’s criminal liablity should be assessed indivually.

Neij was held responsible for “the programming, systematisation and daily operations of TPB.” Sunde Kolmisoppi “contributed to the financing of TPB by collecting debts from two advertisers and, moreover, to have contributed in closing an advertising agreement. He had further contributed to the development of TPB’s systematic tracker function and database. Lastly, he had configured a load balancing service for TPB.” The Court of Appeals held that they were not shielded from criminal liability on the basis of the ‘Electronic Commerce Act’, in which the liability exemptions of the European E-Commerce Directive are implemented. They had committed the offences intentionally and the exemptions from criminal liability could not apply under such circumstances.

Regarding the plaintiff’s claim for damages, the Court of Appeals noted the following:

“[…] TPB had created the possibility to upload and store torrent files, a database and a tracker-function. Thus, it had not merely offered transfer of data or caching, which was a precondition for freedom from indemnity liability under the Act. The Court of Appeal noted that the applicants had not taken any precautionary measures, and torrent files which referred to copyright-protected material had not been removed despite warnings and requests that they do so.”

When the Swedish Supreme Court refused leave to appeal, the Pirate Bay co-founders complained to the European Court of Human Rights. They argued that that their right to receive and impart information (Article 10 of the Convention) had been violated by the conviction.

The complaint

Neij and Sunde Kolmisoppi:

“Article 10 of the Convention enshrines the right to offer an automatic service of transferring unprotected material between users, according to basic principles of communication on Internet, and within the information society. In their view, Article 10 of the Convention protects the right to arrange a service on the Internet which can be used for both legal and illegal purposes, without the persons responsible for the service being convicted for acts committed by the people using the service. In this connection, they referred to international frameworks, expressing a far-reaching right to receive and provide information between Internet users.”

The ECtHR’s decision

When outlining the circumstances of the case, the ECtHR notes that “the service used the so-called BitTorrent protocol. TPB made it possible for users to come into contact with each other through torrent files (which in practice function as Internet links). The users could then, outside TPB’s computers, exchange digital material through file- sharing.” Technically speaking, the claim that torrent-files function as internet links is hard to maintain. Torrent-files only contain meta-data about downloadable files. They point to a ‘tracker’ that keeps a global registry of all the downloaders. When a user queries the tracker, it responds by providing a list of peers, with whom the user can establish a direct connection to download the files. The Pirate Bay allows users to upload torrent-files and operates a tracker so they are involved in a large part of the process, from finding a torrent-file to providing a list of peers from which parts of files can be downloaded. This of course does not support the statement that torrent-files function as links. They are, at the most, indirect links.

The ECtHR holds that The Pirate Bay co-founders’ conduct falls under Article 10(1) of the Convention, and that Sweden, by convicting them, had interfered with their right to freedom of expression. The Court reiterates its decisions in the Times Newspaper-cases and the recent Ashy Donald-case, and underlined that the Internet, “in the light of its accessibility and its capacity to store and communicate vast amounts of information, […] plays an important role in enhancing the public’s access to news and facilitating the sharing and dissemination of information generally”.

On the basis of Article 10(2) of the Convention, the exercise of the freedom of expression may be subject to formalities, conditions, restrictions or penalties, only if they are ‘prescribed by law’, pursue one or more of the legitimate aims referred to in Article 10(2) of the Convention and are ‘necessary in a democratic society’. The ECtHR is brief but clear in its reasoning that the interference was prescribed by law as the convictions were based on the Copyright Act and the Penal Code. The Court is equally brief in explaining that there was a legitimate aim. It held that the conviction pursued the legitimate aim of ‘protection of the rights of others’ and ‘prevention of crime’.

On whether the interference was necessary in a democratic society, the ECtHR’s assessment boiles down to a balance of two competing rights enshrined in the Convention and its Protocols: the right to freedom of expression (Article 10 of the Convention), including the right to receive and impart information, versus the right to protection of property (Article 1 First Protocol). It underlines that when two competing interests that are both protected by the Convention, Sweden has a wide margin of appreciation. This means that Sweden itself is given leeway in balancing the two competing interests. Furthermore, because the materials that are shared on The Pirate Bay are not given the same amount of protection that is granted to political expression and debate, the margin of appreciation is even wider. The ECtHR points out that the Swedish authorities were obligated to protect copyrights in accordance with the Swedish Copyright Act and the Convention, and that the courts advanced relevant and sufficient reasons for the conviction.

“In conclusion, having regard to all the circumstances of the present case, in particular the nature of the information contained in the shared material and the weighty reasons for the interference with the applicants’ freedom of expression, the Court finds that the interference was “necessary in a democratic society” within the meaning of Article 10 § 2 of the Convention.”

Although the Court is extensive in laying down the facts and its reasoning, it nevertheless comes to the conclusion that the application of The Pirate Bay co-founders is ‘manifestly ill-founded‘. This means that their application is declared inadmissible. Neij and Sunde Kolmisoppi have not yet lost all hope. They told TorrentFreak that “not all doors are closed yet”. I wonder what doors I am missing here.

Research 2.0 — Leave a comment
14
Mar 13

Google Reader shuts down, Feedly copies Google Reader API

Google yesterday announced that it will shut down Google Reader. Supposedly, Google wants to focus all its attention on Google+. As a researcher, I depend on Google Reader for keeping up with the news, publications, case law, and anything else that has something to do with the topic of my research. I’ve linked it to other services with IFTTT (‘If This Then That’), which I strongly recommend. If I tag an item as ‘twitter’, it is automatically tweeted. If I star an item, it is sent to my Readability read later list so I can read it when I have time. When I read that Google Reader will be powered down, I was desperate for a moment.

Nothing compares to the clean design of Google Reader and its effectiveness when skimming through an endless list of articles. Feedly comes close though after applying some tips to make it feel more like Google Reader. The great thing about Feedly is that they have ‘cloned‘ the Google Reader API, which means that there is no need to import and export your feeds once Google Reader is offline. The transition should be be seamless. It could also imply that all services that are connected to Google Reader may continue to function in the future. All is not lost! Knowing a bit about intellectual property, I wonder whether it is legal to just copy the Google API. Under EU law, a literal copy of the lines of code that make up the API probably is a copyright infringement. If Feedly only mimics the functionality of the API, then there should be no problem for Feedly (see SAS Institute Inc. v World Programming). Maybe Google and Feedly have already come to an agreement about the issue.

Anyway, let’s hope Google is open to continuing the Google Reader platform as an open source project so that the RSS-ecosystem stays intact. Maybe the White House will have a role to play in that?

UK Court of Appeal: this case is ‘not about whether Samsung copied Apple’s iPad’

Yesterday the UK Court of Appeal gave judgement in a case about Apple’s design of the iPad. The question before the court was whether Samsung infringed Apple’s registered designs. These designs were registered in 2004, long before the iPad was introduced in 2010. Since 2004, technology progressed which led to changes in the actual design of the iPad. As a result, the registered design for a thick “handheld computer” no longer matched the thinner design of the actual iPad.

Many news media reported that Samsung did not “copy” Apple’s iPad and that Apple should make that clear. In fact, this case was not about copying the iPad, nor about copyright. The court only compared a somewhat outdated 2004 Apple design to Samsung’s tablets and came to its conclusions. Judge Jacob even tried to point that out beforehand in his introduction to the judgement:

(3) Because this case (and parallel cases in other countries) has generated much publicity, it will avoid confusion to say what this case is about and not about. It is not about whether Samsung copied Apple’s iPad. Infringement of a registered design does not involve any question of whether there was copying: the issue is simply whether the accused design is too close to the registered design according to the tests laid down in the law. Whether or not Apple could have sued in England and Wales for copying is utterly irrelevant to this case. If they could, they did not. Likewise there is no issue about infringement of any patent for an invention.

It was futile…

Dutch Supreme Court: Is a copy from an unauthorised source a private copy?

Last Friday, the Dutch Supreme Court (‘Hoge Raad‘) gave a judgement that is important to the future of the Dutch private-copying regime. In its judgement, the Supreme Court asks the Court of Justice of the European Union for a preliminary ruling on the private copying exception of Article 5(2) of the Information Society Directive.

Article 5(2)(b) of the directive allows Member States to adopt an exception to the reproduction right “in respect of reproductions on any medium made by a natural person for private use and for ends that are neither directly nor indirectly commercial, on condition that the rightholders receive fair compensation”. Making private copies is thus allowed as long the rightholder receives a fair compensation. In the Netherlands, manufacturers and importers of mediums are liable for payment of this compensation (Article 16c(2) of the Dutch Copyright Act). The level of remuneration is determined by a Dutch public organisation called ‘Stichting de Thuiskopie’.

Stichting de Thuiskopie quarrelled with manufacturers and importers of mediums about the level of compensation. The question before the Supreme Court was: what copies should be considered when determining the level of compensation? Should only copies from authorised sources be considered, or should also copies made from unauthorized sources be taken into the equation? The legislative history on the Dutch Copyright Act indicates that private copying from both authorised and unauthorized sources is covered by the Dutch rules on private copying. The argument must have been: there is no stopping massive online copyright infringement (yet), so it is better to create a levy system (for now). The directive seems to allow for this argument as it calls for a fair compensation “which takes account of the application or non-application of technological measures”. Consequently, downloading of music, movies and books from an unauthorised source, say a newsgroup, is considered legal as long as levies are paid.

Although the Dutch law seems clear, the Supreme Court argues that it needs to answer the question in the context of Articles 5(2) and 5(5) of the Information Society Directive. Therefore, it inter alia asks the preliminary questions to the Court of Justice of the European Union. Here’s my (unofficial!) translation of those questions:

Does the exception to the reproduction right of Article 5(2), read in conjunction with 5(5) of the Information Society Directive, apply to private copies, regardless of the source of those copies? Or, should these copies be made from authorised copies?
If copies should be made from authorised copies, then does the three-step test in Article 5(5) of the Information Society Directive give reason to extend the scope of the exception of Article 5(2) of the directive? Or, can the three-step test only be used to restrict the exception’s scope?
If the three-step test can only be used to restrict the exception’s scope, then is a national rule imposing that private reproductions should be fairly compensated, regardless of the question whether these reproductions are made in conformity with Article 5(2) of the Information Society Directive, and without harming the rightholder’s right to prohibit reproductions and his right to payment of damages, in line with Article 5 of the directive and European Union law? And, in the context of the three-step test, does it matter that no technical measures to prevent private copying (yet) exist?

Open data / Privacy — Leave a comment
19
Jul 12

Open Data and Privacy: Two Sides of the Same Coin

I’ve written on open data and privacy before here and here. The release of large amounts of public open data require a serious analysis of the privacy-risks. The more data that is out there, the easier it becomes to de-anonymize and de-aggregate the data. Think first, then act. In the Netherlands, a serious analysis of the impact of open data policy on privacy is still lacking.

In the UK, there seems to be a greater awareness of how the release of large amounts of public data could have a negative effect on privacy. Information commissioner Christopher Graham on the issue:

The Information Commissioner’s Office (ICO) has been closely engaged with the Cabinet Office in its work on this, Graham says. And he is glad that the ICO’s role is being recognised and some of the areas where it believes caution is required are being addressed.

They include the anonymisation of data where, Graham says, there is a lot of work still to be done. His office is currently consulting on a draft code of practice on anonymisation and it is tendering for a contract to set up a ‘good practice network’ for anonymisation, intended to develop expertise and spread good practice.

“It’s important to get this right, because there’s a view that anonymisation is a mirage, and that through two bits of information you can always work out who the individual is,” Graham says.

“We think that concern is overdone, in the sense that where things have gone wrong, research shows that it’s because a basic step hasn’t been taken.” (Source: The Guardian)

This greater awareness can be explained partly by the fact that in the UK, the promotion of access to official information and protection of personal information are both tasks of the Information Commissioner’s Office, whereas in the Netherlands, these tasks are separated. Freedom of information and open data are promoted by the the Ministry of the Interior, and data protection is a task of the Dutch Data Protection Agency.

Also in the UK Cabinet Office’s open data white paper, attention is paid to privacy:

We are announcing the appointment of a privacy expert to the Public Sector Transparency Board to make sure we bring in the latest expertise on privacy measures. More broadly, we’re making sure that privacy experts are brought into all sector panel discussions across Whitehall when data releases are being considered. [...]

Therefore privacy is not to be considered as an afterthought. Privacy issues will be considered alongside transparency at the beginning of all discussions concerning the release of a new dataset, which is why we are appointing a privacy expert to the Public Sector Transparency Board. This appointment is one of the key recommendations of the O’Hara report.

Open data and privacy are two sides of the same coin. They need an integrated policy. I hope this gets through to the Dutch open data movement soon.

Open data / Privacy — Leave a comment
13
Apr 12

Some more thoughts on open data and privacy

Together with Bastiaan van Loenen, I wrote an article on open data policies and privacy: ‘Brave New Open Data World?‘. The article is published in the International Journal of Spatial Data Infrastructures Research, volume 7 (2012). Feel free to contact me if you have any comments or questions. The article will be presented during the GSDI World Conference in Québec City, Canada.

Abstract
There is a growing tendency to release all sorts of data on the Internet. The greater availability of interoperable public data catalyses secondary use of such data, which leads to growth of information industries and better government transparency. Open data policies may at the same time be in conflict with the individual’s right to information privacy as protected by the EU Data Protection Directive. This directive sets rules to the processing of personal data. Technological developments and the increasing amount of publicly available data are, however, blurring the lines between non-personal and personal data. Open data does not seem to be personal data on first glance because it is anonymised or aggregated. However, it may become personal data by combining it with other publicly available data. In this article, we argue that these developments extend the reach of EU privacy regulation to open data and may obstruct the implementation of open data policies in the EU.

Update: you can find a Dutch summary of the article at OpenDatarecht.nl

Annotation to Scarlet/SABAM case

Together with Frederik Zuiderveen Borgesius, I wrote an annotation to the ECJ’s decision in the Scarlet/SABAM case. Unfortunately (or fortunately), it is in Dutch.

You can download the annotation here.

European Commission: “Notice and action” and stronger civil law enforcement of IP rights

The European Commission released a (provisional) communication with suggestions to boost Europe’s e-commerce. Below are some outtakes.

No need for revision of the E-commerce Directive. Liability of online intermediaries needs clarification and better implementation

The Directive on Electronic Commerce removed a series of obstacles to crossborder online services. It is crucial to legal certainty and confidence for both consumers and businesses. Its internal market clause, which states that the Member States may not restrict the freedom to provide information-society services from another Member State, is the cornerstone of the Digital Single Market. The consultations and analyses carried out indicate that a revision of the Directive is not required at this stage. It is, however, necessary to improve the implementation of the Directive (in particular through better administrative cooperation with the Member States and an in-depth evaluation of the implementation of the Directive), provide clarification, for example concerning the liability of intermediary internet providers, and take the additional measures needed to achieve the Directive’s full potential, as identified in the current action plan. Recourse to the IMI system, already in place for other European legislative instruments, could facilitate administrative cooperation between Member States when it comes to enforcing the e-commerce Directive.

Notice and action

The mechanisms to stop abuse and illegal information must therefore be made more efficient, within a framework which guarantees legal certainty, the proportionality of the rules governing businesses and respect for fundamental rights. In the Annex, the European Commission describes in detail the differing interpretations which are at the root of the above-mentioned problems. In view of the growing volume of statutory and case-law in the Member States, it now appears necessary to set up a horizontal European framework for notice and action procedures.*

* The notice and action procedures are those followed by the intermediary internet providers for the purpose of combating illegal content upon receipt of notification. The intermediary may, for example, take down illegal content, block it, or request that it be voluntarily taken down by the persons who posted it online. This initiative should encourage rather than undermine more detailed initiatives in certain fields. For instance, the European Protocol signed in May 2011 between major rights-holders and internet platforms on the online sale of counterfeit products requires, in addition to a notification and take-down procedure, action against repeat infringements as well as proactive and preventive measures.

Action could thus be the removal or blocking of content. Should this be done by e.g. YouTube and hosting providers, or also by ISPs? And what about due process? Just remove upon notification? “Respect for fundamental rights”?

Plus, (even) stronger civil law enforcement of intellectual property rights

In parallel to this, the Commission will revise the Directive on the enforcement of intellectual property rights in 2012 in order to combat illegal content more effectively and in a manner which upholds the internal market and fundamental rights by improving the framework for civil law proceedings. The creation of the European notice and action framework will be without prejudice to this initiative.

And more private codes of conduct

Cooperation between stakeholders, in particular internet providers, rights-holders and payment services, in the European Union and the US, may also help to combat illegal content.

And who will represent me? An Internet user?

Dutch ISPs have to block the Pirate Bay

Yesterday the Dutch lower court of ’s-Gravenhage ordered Dutch Internet Service Providers (ISPs) Ziggo and XS4ALL to start blocking IP-addresses and domain names that are used by the Pirate Bay. The Dutch Entertainment Industry Trade Association (BREIN) had its claim for a preliminary injunction rejected, but now that the court decided on the merits of the case, BREIN got almost all it wished for.

Taking into account that the administrators of the Pirate Bay have been convicted in Sweden and that a Dutch lower court has (ineffectively) ordered them to delete all torrents that link to copyrighted material of copyright holders represented by BREIN, the court allowed BREIN’s claims.

In its earlier judgment, the court held that blocking the Pirate Bay was not a proportional measure. BREIN could have also asked Ziggo to release personal data of certain infringers so that BREIN could target these individual users. In contrast, the court yesterday argued that trying to sue individual Internet users has proven to be too difficult. Even if BREIN is able to trace IP-addresses of copyright infringing users, BREIN would have to request the ISPs to identify their users, which is something the ISPs have not done on a voluntary basis so far.

Besides blocking the Pirate Bay’s current IP-addresses and domain names, the court ordered the two ISPs to also block future Pirate Bay IP-addresses and domain names that are listed by BREIN.

XS4ALL has announced that it will appeal the case.

This post has been cross posted on the Herdict Blog.

Scarlet v. SABAM, a real victory for Internet freedoms?

A little over a week ago the European Court of Justice gave a long awaited judgement in the Scarlet v. SABAM case. It is the first ECJ case dealing with Article 15 of the E-commerce Directive, which prohibits EU Member States to impose a general obligation on Internet services providers to monitor the information transmitted by them.

SABAM, which is the Belgian copyright collection society, had sought an order requiring Scarlet, an Internet Access Provider, to bring copyright infringements by its subscribers to an end by blocking the transmission of files containing musical works through peer-to-peer software. In order to block infringing transmissions, Scarlet would have to install a filtering system scanning all electronic communications of all its subscribers passing via its services. Furthermore, Scarlet would have to pay for implementing and maintaining the system itself.

The ECJ had to answer the question whether the Copyright Directive and the Enforcement Directive, in the light of the Privacy Directive, the E-Privacy Directive, the E-commerce Directive, and Article 8 and 10 of the ECHR, permit …

“…Member States to authorise a national court, before which substantive proceedings have been brought and on the basis merely of a statutory provision stating that: ‘They [the national courts] may also issue an injunction against intermediaries whose services are used by a third party to infringe a copyright or related right’, to order an [ISP] to install, for all its customers, in abstracto and as a preventive measure, exclusively at the cost of that ISP and for an unlimited period, a system for filtering all electronic communications, both incoming and outgoing, passing via its services, in particular those involving the use of peer-to-peer software, in order to identify on its network the movement of electronic files containing a musical, cinematographic or audio-visual work in respect of which the applicant claims to hold rights, and subsequently to block the transfer of such files, either at the point at which they are requested or at which they are sent?”

To put it simple: Whether Scarlet can be required to implement and pay for a filtering system to filter out copyright infringing files?

Article 9 of the Enforcement Directive instructs Member States to ensure that interlocutory injunctions may be issued against intermediaries whose services are used by a third party to infringe an intellectual property right. Also, the E-commerce Directive does not prohibit courts to lay injunctions on intermediaries as it explicitly leaves open the possibility for a court or administrative authority to require the service provider to terminate or prevent an infringement (recital 45). Article 18 of this same directive instructs Member States to “ensure that court actions available under national law concerning information society services’ activities allow for the rapid adoption of measures, including interim measures, designed to terminate any alleged infringement and to prevent any further impairment of the interests involved.” On the basis of Article 15(1) of the E-commerce Directive, injunctions may, however, never imply a general obligation to monitor the information that is transmitted or stored. The same accounts for a general obligation to actively seek facts or circumstances indicating illegal activity.

Article 15(1) of the E-commerce Directive is thus at the centre of the issue. The ECJ finds that imposing an injunction to install a filter mechanism is in fact an obligation to actively monitor all the data relating to each of its customers (general monitoring), which is prohibited by Article 15(1) of the E-commerce Directive.

The Promusicae case taught us that the fundamental right to intellectual property, as protected by Article 17 of the EU Charter of Fundamental Rights, has to be balanced with other fundamental rights. The ECJ thus also had to touch on the compatibility of an obligation to implement a filtering system, which clearly is a manifestation of the right to property, with the ISP’s freedom to conduct a business (Article 16 of the EU Charter).

Regarding the freedom to conduct a business, the ECJ holds:

“48 […]such an injunction would result in a serious infringement of the freedom of the ISP concerned to conduct its business since it would require that ISP to install a complicated, costly, permanent computer system at its own expense, which would also be contrary to the conditions laid down in Article 3(1) of Directive 2004/48, which requires that measures to ensure the respect of intellectual-property rights should not be unnecessarily complicated or costly.

49 In those circumstances, it must be held that the injunction to install the contested filtering system is to be regarded as not respecting the requirement that a fair balance be struck between, on the one hand, the protection of the intellectual-property right enjoyed by copyright holders, and, on the other hand, that of the freedom to conduct business enjoyed by operators such as ISPs.”

The ISP, however, is not the only actor that is affected by a filtering obligation. The ECJ thus also considered the right to freedom of information and the right to the protection of personal data of Internet subscribers.

The ECJ on freedom of information:

“52 […] that injunction could potentially undermine freedom of information since that system might not distinguish adequately between unlawful content and lawful content, with the result that its introduction could lead to the blocking of lawful communications. Indeed, it is not contested that the reply to the question whether a transmission is lawful also depends on the application of statutory exceptions to copyright which vary from one Member State to another. Moreover, in some Member States certain works fall within the public domain or can be posted online free of charge by the authors concerned.”

Regarding the right to personal data, the ECJ holds:

“51 It is common ground, first, that the injunction requiring installation of the contested filtering system would involve a systematic analysis of all content and the collection and identification of users’ IP addresses from which unlawful content on the network is sent. Those addresses are protected personal data because they allow those users to be precisely identified.”

The ECJ concludes that imposing a general filtering obligation does not respect the requirement that a fair balance be struck between the right to intellectual property, on the one hand, and the freedom to conduct business, the right to protection of personal data and the freedom to receive or impart information, on the other.

However, the ECJ’s assessment of the filtering obligation in relation to the Internet user’s freedom of information and right to personal data is not as strict as its assessment of the filtering obligation in the light of the ISP’s freedom to conduct a business. The ECJ calls the filtering obligation a “serious infringement” of the ISP’s freedom to conduct a business. In contrast, regarding the right to freedom of information, the ECJ only speaks of it being potentially undermined by a filtering obligation.

Regarding the right to personal data, the ECJ seems to only focus on the fact that a filtering obligation implies that IP addresses are collected and identified. The ECJ is right that identifying an IP address is processing of personal information, but it being processing of personal data does not mean that it is absolutely forbidden. The EU Data Protection Directive gives rules on how to process personal data and does not completely forbid such processing. Furthermore, the court mentions that a filtering system involves a systematic analysis of all content sent on the network, but does not qualify it as being problematic in the light of data protection law, nor other aspects of privacy such as communication privacy. After all, privacy is more than data protection and the question of the Belgian court did not refer to Article 10 ECHR without reason.

This judgement is great news for ISP’s that are targeted by copyright owners as the ECJ holds that an obligation to install a general filtering mechanism is in conflict with Article 15(1) of the E-commerce Directive. The court furthermore finds that a fair balance is lacking when an ISP has to install and pay for a general filtering mechanism. This of course does not prevent an ISP from ‘voluntarily’ installing a filtering mechanism as a part of a deal with copyright holders. In this context, it is a pity that the ECJ did not express a clear opinion on the Internet subscriber’s right to freedom of information and the right to privacy when filtering mechanisms are installed.