ISPs and online piracy


Bartłomiej Kochlewski and Maria Jurek

ISPs and online piracy

It sometimes seems as if copyright holders are fighting an impossible war against online piracy, and recent court judgments may not make things any easier, say Bartłomiej Kochlewski and Maria Jurek.

It sometimes seems as if copyright holders are fighting an impossible war against online piracy, and recent court judgments may not make things any easier, say Bartłomiej Kochlewski and Maria Jurek.

Piracy and copyright infringements on the Internet have become an issue not just for the copyright holders and the persons who make direct unauthorised use of the copyright items or pirated goods. It is becoming more common for IP rights holders to undertake steps against intermediaries such as Internet service providers (ISPs) to hold them accountable for acts of copyright or trademark infringements.

Such steps undertaken by rights holders have started a discussion about the necessity of striking a balance between the need to protect IP rights and the right of freedom to conduct a legitimate business, as well as the fundamental rights of the users of the ISPs. The rights at stake for users are protection of their personal data and privacy.

Addressing those issues in Europe requires a joint interpretation of the provisions of:

  • Directive 2000/31/EC of the European Parliament and of the Council of June 8, 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market.
  • Directive 2001/29/EC of the European Parliament and of the Council of May 22, 2001 on the harmonisation of certain aspects of copyright and related rights in the information society.
  • Directive 2004/48/EC of the European Parliament and of the Council of April 29, 2004 on the enforcement of IP rights.
  • Directive 95/46/EC of the European Parliament and of the Council of October 24, 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
  • Directive 2002/58/EC of the European Parliament and of the Council of July 12, 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector.

This task has been recently performed by the Court of Justice of the EU (CJEU) in cases concerning a dispute between SABAM and Netlog NV, and between Scarlet Extended SA and SABAM.

SABAM v Netlog NV

The CJEU in its verdict of February 16, 2012, Case C 360/10 in proceedings between SABAM, a collecting society which represents authors, composers and publishers of musical works against Netlog NV, the owner of an online social networking platform, stated that provisions of the above mentioned EU directives do not allow installing as a preventative measure, without limitation in time and at Netlog's own cost, a system for filtering information which is stored on Netlog's servers by its users, which is capable of identifying electronic files containing musical, cinematographic or audiovisual work in respect of which SABAM claims to hold IP rights, in order to prevent those works from being made available to the public in breach of copyright.


The court held that national authorities and courts must, in particular, strike a fair balance between the protection of the IP rights enjoyed by copyright holders and that of the freedom to conduct a business enjoyed by operators such as ISPs.

The injunction requiring the installation of the contested filtering system involves monitoring all, or most of, the information stored by the ISP concerned, in the interests of those rights holders.

Moreover, that monitoring has no limitation in time, is directed at all future infringements and is intended to protect not only existing works, but also works that have not yet been created at the time when the system is introduced. Such an injunction would result in a serious infringement of the freedom of the ISP to conduct its business, since it would require it to install a complicated, costly, permanent computer system at its own expense.

According to the court, the contested filtering system may also infringe the fundamental rights of that ISP’s service users, namely their right to protection of their personal data and their freedom to receive or impart information. The injunction requiring installation of the contested filtering system would involve the identification, systematic analysis and processing of information connected with the profiles created on the social network by its users.

The information connected with those profiles is protected personal data because, in principle, it allows those users to be identified. It was also noticed that injunction could potentially undermine freedom of information, since that system might not distinguish adequately between unlawful content and lawful content, with the result that its introduction could lead to the blocking of lawful communications.

The interpretation set down by the CJEU in the SABAM v Netlog case is in line with a previous interpretation presented in a judgment handed down in the case C-70/10 (judgment of November 24, 2011) concerning SABAM and Scarlet Extended SA. Scarlet Extended SA is an ISP which provides its customers with access to the internet without offering other services such as downloading or file-sharing.

The court stated that EU directives do not permit rights owners to demand that an ISP must install as a preventive measure, at their own cost and in perpetuity, a system for filtering all electronic communications. This extends to websites using peer-to-peer software. ISPs could otherwise identify the movement of electronic files containing musical, cinematographic or audiovisual work in respect of which SABAM claims to hold IP rights, in order to block the transfer of files the sharing of which infringes copyright.

The practical impact of these cases regarding the collective society SABAM and the owner of a social platform and an ISP is such that, under certain circumstances, an ISP may be held liable for copyright infringement, but measures aimed at imposing an obligation to introduce at its own expense a special system for filtering content stored on its servers would be going too far.

These judgments do not mean that ISPs or social platforms are harmless and may not be held liable for copyright infringement. For example, in Google-joined cases C-236/08 and C-238/08 the court ruled that Article 14 of the Directive on Electronic Commerce must be interpreted so that its rules apply to an ISP in the case where that service provider has not played an active role of such a kind as to give it knowledge of, or control over, the data stored.

If it has not played such a role, that ISP cannot be held liable for data that it has stored at the request of an advertiser, unless, having obtained knowledge of the unlawful nature of those data or of that advertiser’s activities, it failed to act expeditiously to remove or disable access.

EU national courts have jurisdiction to order and impose sanctions on ISPs to bring acts of infringement to an end and also to impose measures aimed at preventing further infringements.

This principle was confirmed by the CJEU in the case of L'Oréal and others v eBay, when the court stated, inter alia, that the third sentence of Article 11 of the Directive on the enforcement of IP rights must be interpreted as requiring the member states to ensure that national courts are able to order the operator of an online marketplace to take measures which contribute, not only to bringing to an end infringements of those rights by users of that marketplace, but also to preventing further infringements of that kind.

Those injunctions must be effective, proportionate and dissuasive and must not create barriers to legitimate trade.

The recent judgments in the SABAM cases provided guidelines for the interpretation of how the national courts should understand this formulation. The CJEU judgments clarified the acceptable level of filtering and blocking and ruled that SABAM’s request was disproportionate and too broad, and thereby incompatible with the EU law.

It has to be repeated, however, that the CJEU did not legalise illegal activity on the Internet. The CJEU once again confirmed that the liability of an ISP is generally based on the knowledge of customer activity. An ISP—as long as unaware of the customers’ activity in accordance with standards of reasonable diligence—is not liable.

It is important to state that the standard of reasonable diligence does not cover the duty of extensive filtering. However, if an ISP becomes aware of illegal activities it must react, otherwise it may be held accountable.

The SABAM judgments of the CJEU do not mean that the copyright holders stand an impossible war against infringers. These judgments show that the CJEU has decided to balance the right to demand protection of a right holder with the rights of ISPs to carry on a legitimate business and not to filter-or as some would say police-the Internet, on behalf of the owners of the content.

Bartłomiej Kochlewski is an advocate at Patpol. He can be contacted at:

Maria Jurek is a lawyer at Patpol. She can be contacted at:

This article was first published on 01 May 2012 in World IP Review

ISPs, online piracy, P2P, SABAM, Netlog, CJEU

Trademarks and Brands Online