Spain

Court of Justice of the European Communities: No Obligation to Pass On Traffic Data to Private Entities for Civil Court Proceedings Against Copyright Infringements

IRIS 2007-9:1/3

Sebastian Schweda

Institute of European Media Law (EMR), Saarbrücken/Brussels

In her conclusions in case C-275/06, the Advocate General proposed that the Court of Justice of the European Communities (ECJ) should declare a Spanish law prohibiting the communication of traffic data to private entities, for civil court proceedings against copyright infringements, to be compatible with Community law.

The complainant in the original case is Productores de Música de España (Promusicae), a not-for-profit association of producers and publishers of musical and audiovisual recordings. It had instigated court proceedings against Telefónica de España SAU (Telefónica) in order to obtain from the company the names and addresses of certain Internet users. According to Promusicae, the users, who were identified from the IP addresses they had been using at the time, had infringed its members' copyright and licensing rights by swapping music files via so-called file-sharing networks. However, Telefónica refused to meet the request, citing Art. 12 of the Ley de Servicios de la Sociedad de la Información y de Comercio Electrónico (Act on information society services and e-commerce). The Act stated that the requested information only needed to be disclosed as part of a criminal investigation, or for the protection of public or national security.

The referring court believes that this interpretation of the law may be correct, but believes that the Spanish law violates Community law in this case. In particular, it claims that the Spanish law may be incompatible with Art. 15 paras. 2 and 18 of Directive 2000/31/EC on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market (E-Commerce Directive), Art. 8 paras. 1 and 2 of Directive 2001/29/EC on the harmonisation of certain aspects of copyright and related rights in the information society (Copyright Directive) and Art. 8 of Directive 2004/48/EC on the enforcement of intellectual property rights. These provisions state that, in certain circumstances, particularly where breaches of the law are suspected, information on the identification of individuals must be disclosed.

The Advocate General begins by noting that none of the three Directives that could give rise to such an obligation affect data protection provisions. This is clear from Art. 1 para. 5(b) of the E-Commerce Directive, Art. 9 of the Copyright Directive and Art. 2 para. 3(a) of Directive 2004/48/EC. It is therefore necessary to find a reasonable balance between the objectives of these Directives and data protection rules.

The Advocate General concludes that the communication of personal data to a third party represents an intrusion on the basic right to privacy enshrined in Art. 8 of the European Convention on Human Rights (ECHR). Directives 95/46/EC (Data Protection Directive) and 2002/58/EC (Directive on privacy and electronic communications) broaden the circle of parties bound by data protection rules and oblige private entities - such as Telefónica - to respect their provisions. Art. 5 para. 1 and Art. 6 para. 1 of the Directive on privacy and electronic communications prohibit the storage of traffic data. The only relevant exemptions under Art. 15 para. 1 of the Directive on privacy and electronic communications in conjunction with Art. 13 para. (c) (public security) and 1(d) (prevention, investigation, detection and prosecution of criminal offences) of the Data Protection Directive only provide for personal data to be passed on to State bodies, not to private entities. In the current case, however, the information requested did not even need to be communicated to State bodies because the conditions for such exemptions had not been met. Under Spanish law, copyright infringements were only punishable if they were carried out in order to make a profit. However, no grounds had been presented to suggest this was the case. The Advocate General was also unable to identify a risk to public security. It was even debatable whether file-sharing actually damaged the music industry at all. She thought that this decision should be left to the legislative body, which had never previously placed the interests of copyright protection above those of data protection at Community level.