OBS IRIS Merlin
english francais deutsch

IRIS 2012-8:1/29

Ireland

Supreme Court to Hear Appeal on Three-Strikes Copyright Protocol

print add to caddie Word File PDF File

Damien McCallig

School of Law, National University of Ireland, Galway

The Irish Data Protection Commissioner has lodged an appeal to the Supreme Court against a High Court decision in EMI v. Data Protection Commissioner. The High Court judgment of 27 June 2012 found that an enforcement notice, issued by the Commissioner, directing the Internet service provider, Eircom, to cease the implementation of the three-strikes protocol on the grounds that it breached data protection and privacy law, was invalid.

The protocol arises from a series of cases taken by record companies against Internet service providers seeking to address the issue of copyright infringement over the Internet. These cases led to an agreement between one Internet service provider, Eircom, and the record companies to introduce a graduated response known as the three-strikes protocol to terminate the connections of persistent copyright infringers (see IRIS 2005-10/28, IRIS 2006-4/26 and IRIS 2010-6/34).

The court, in 2010, was asked to assess the compatibility of the protocol with the Data Protection Acts 1988-2003 and found that the settlement was lawful and could be implemented (see IRIS 2010-6/34). The Data Protection Commissioner declined to participate in that court action, citing costs as a factor, and he now argues that he is not bound by that decision. The three-strikes protocol began operation in August 2010. On the basis of IP addresses provided by the recording companies, Eircom subsequently issued at least 29,000 individual notices to subscribers claiming that they had engaged in uploading copyright material in breach of their contracts.

Due to a failure by Eircom to update their systems to account for the change from summer- to winter-time, when clocks moved back by one hour, errors were made in the identification of subscribers linked to the temporary IP addresses provided by the record companies. This led to at least 391 subscribers being incorrectly notified that they were in breach of contract by infringing copyright. A complaint was subsequently made by an Eircom customer to the Office of the Data Protection Commissioner on 17 January 2011.

On 11 January 2012 the Commissioner issued an enforcement notice directing Eircom to stop implementing the three-strikes protocol. Four record companies (EMI, Sony, Universal and Warner) issued proceedings challenging the Commissioner’s decision to issue an enforcement notice against Eircom. The High Court held in favour of the record companies; the notice was invalid as the Data Protection Commissioner had failed to give reasons for forming his opinion that Eircom had breached the Data Protection Acts 1988 - 2003, as required by section 10(4)(a) of the Acts.

The court was also concerned that the Commissioner had failed to recognise that the error leading to the misidentification of subscribers was corrected by fixing the clocks and is unlikely to be repeated. Furthermore, the court held that the Commissioner’s decision to issue an enforcement notice on this matter appears to involve a misconstruction of the relevant data protection and privacy law. The judge also referred to one of his own earlier decisions in EMI v UPC (see IRIS 2011-1/38) where he found that there are no privacy or data protection issues involved in detecting unauthorised downloads through peer-to-peer technology and that the process of detecting online copyright infringement employed by the record companies is essentially anonymous.

The appeal was lodged by the Commissioner on 31 July 2012. It is reported that the Commissioner is asking the Supreme Court to refer questions to the European Court of Justice for a preliminary ruling, including a request for an opinion on whether the three-strikes protocol is compatible with European law in reconciling subscribers’ fundamental rights with the rights of copyright owners.

References
EMI Records (Ireland) Ltd & Others v. The Data Protection Commissioner [2012] IEHC 264, judgment of 27 June 2012 EN
 http://merlin.obs.coe.int/redirect.php?id=16028