english francais deutsch

IRIS 2012-6:1/6

European Data Protection Supervisor

Second Opinion on ACTA

print add to caddie Word File PDF File

Michiel Oosterveld

Institute for Information Law (IViR), University of Amsterdam

In February 2010, the European Data Protection Supervisor (EDPS) issued a first opinion on ACTA (Anti-Counterfeiting Trade Agreement) on its own initiative (See IRIS 2010-4/5) to draw the European Commission’s attention to privacy and data-protection related aspects. At that time, negotiations on ACTA were conducted in secret.

Now that the text of the proposed agreement has been made public and that the adoption procedure has started at EU level (see IRIS 2011-8/7), the EDPS considered it appropriate to issue a second opinion on the privacy and data protection issues raised by ACTA. In its Opinion issued on 24 April 2012 the EPDS places emphasis on the fact that a correct balance must be struck between demands for the protection of intellectual property rights and the rights to privacy and data protection. Strengthening the enforcement of IP rights must not come at the expense of the fundamental rights and freedoms of individuals to privacy, data protection and freedom of expression.

The EDPS notes in particular that the provisions relating to enforcement of IP rights on the Internet raise concerns from a data protection perspective. Many of the proposed measures would involve the monitoring of users' behaviour and of their electronic communications on the Internet. If not implemented properly, these measures may therefore interfere with their rights to and freedoms of privacy, data protection and the confidentiality of their communications.

The EDPS underlines that measures that entail broad and indistinct monitoring of Internet users’ behaviour, or electronic communications, in relation to small-scale not for profit infringement would be disproportionate and in breach of Article 8 ECHR, Articles 7 and 8 of the Charter of Fundamental Rights, and the Data Protection Directive. The Agreement does not contain sufficient limitations and safeguards in respect of the implementation of measures that imply monitoring electronic communications networks on a large-scale.

Furthermore, the EDPS raises specific concerns in relation to several specific provisions of ACTA. The scope of enforcement measures in the digital environment (Article 27) is unclear and the notion of ‘commercial scale’ in Article 23 of the Agreement is not sufficiently defined. The same applies to ‘competent authorities’ in Article 27(4). Therefore, this provision does not provide the legal certainty necessary to ensure that the disclosure of alleged infringers’ personal data would only take place under the control of judicial authorities. Lastly, many of the voluntary enforcement cooperation measures that could be implemented under Article 27(3) of the Agreement would entail a processing of personal data by ISPs, which goes beyond what is allowed under EU law.

Second opinion of the European Data Protection Supervisor on the proposal to the Council on the conclusion of ACTA, 24 April 2012 EN