[Updates at end] The Irish record industry, like its international siblings, has given up pursuing individuals in its war on filesharing and is focusing instead on the use of “three strikes” disconnection, sometimes referred to as graduated response. This involves a rightsholder, usually a record label or movie studio, notifying an ISP that it believes a particular IP address has been used for unlawful downloading of copyright material. On the third complaint, the ISP disconnects the user of that IP address.
The Irish industry took a test case against the biggest Irish ISP (EMI & ors v. eircom) for allowing its network to be used for unlawful downloading and the proceedings resulted in a settlement whereby eircom agreed to introduce a graduated response system.
The graduated response is to be introduced into UK law as part of the recently passed Digital Economy Act 2010. In that jurisdiction, it was subject to scrutiny, debate and critique by academics and commentators, which might not constitute scrutiny at all given that it sailed through Parliament. In Ireland, it is creeping in by private agreement between the main players (a development which is not unusual in Ireland).
The settlement between the industry and eircom had to be revisited in the High Court to determine its compatibility with the Data Protection Acts 1988 and 2003 and Mr. Justice Charleton delivered his judgment last week, concluding that the system can lawfully be implemented.
Professor Lillian Edwards said the following of the proposed UK system:
All a rightsholder need do, as presently laid out, is provide an IP address and time stamp of an alleged infringer to an ISP, and say that “ it appears to [them that ] a subscriber .. has infringed the owner’s copyright”. There is no requirement this belief be objectively reasonable. Nor is there any apparent sanction for malicious, or even simply careless or reckless allegations. Recent experience with the RIAA and BPI has shown that allegations made after IP address tracking at P2P sites often turn out to be wrong and that collecting IP addresses from P2P honeypots is a non-trivial exercise ; so the issue of liability for erroneous accusations is an important one. Libel, malicious falsehood and data protection laws may offer remedies for the falsely accused; but there is no mention of such in the Bill itself (so far), nor of any reasonable duty of care. In other words, all the power is given to rightsholders, and none of the responsibility. (My emphasis)
In his judgment, Charleton J. explains the eircom system as follows and Professor Edward’s comments would appear equally applicable:
Under the terms of the settlement, these companies tell the plaintiffs that a particular computer has been involved in illegal file sharing of its copyright material. This information is passed by one of the plaintiffs to the defendant Eircom, as the internet service provider. It then informs its subscribers that they have been detected infringing copyright. If there is a second occasion of illegal downloading, Eircom is obliged, when so informed, under the settlement to write to the subscriber warning them that unless that sort of infringement ceases, they will be disconnected from general internet service. This disconnection does not apply to any telephone or television service that a subscriber gets over their internet facility. On a third infringement, that discontinuance is implemented by Eircom: the subscriber is taken off service except for phone or television internet access.
Charleton J. acknowledges that disconnection is a “serious sanction” and that some would argue it is an “imposition on human freedom”. He quite rightly points out that “[t]here is no freedom, however, to break the law.” However, disconnection could affect an entire household, for example, and it is difficult to accept the justification offered that internet cafés are available to the disaffected and disconnected.
[W]hile it is convenient to have internet access at home, most people in Ireland have only to walk down to their local town centre to gain access for around €1.50 an hour.
Rightsholders are entitled to protect their rights, but should they be entitled to have a utility disconnected on the basis of their unscrutinised claim that the utility has been used to infringe their rights? As one wry tweeter put it:
Charl[e]ton J’s decision in eircom is as if NTR allowed to ban u from driving b/cos Quinn Direct said u crashed into 3 of its policy holders.
Part of the eircom settlement reportedly required the industry to pursue eircom’s competitors and seek implementation of the same system: rather weak letters before action were duly sent to all other Irish ISPs (including those who do not provide internet access to end users) and proceedings were instituted, due before the Commercial Court this summer. It had been anticipated that the other ISPs might defend the proceedings strenuously, though one wonders if Charleton J’s judgment might have any influence.
The most remarkable thing about the judgment is the fact that the Data Protection Commissioner, whose questions to the High Court formed the basis for the judgment, did not appear at the hearing because of cost concerns.
One wonders what the purpose of the Commissioner’s is if not to appear in such a case. After all, his office appointed a panel of four commercial law firms to advise on the full range of powers and obligations under the Acts only a few months ago. His participation might not have changed the outcome, but as Ireland’s data protection regulator and representative member of the Article 29 Working Party (which has examined the nature of IP addresses under data protection legislation) his office’s participation should be automatic.
While Charleton J’s judgment ostensibly deals with data protection concerns, it makes his views on the wider issue of unlawful downloading clear. David Brophy points out that, not only was the Commissioner not represented at the hearing, nor was any consumer or digital rights advocacy group. He also notes the tenor of the judgment which, although ostensibly concerned with a set of data protection questions, is loaded with pro-indsutry language.
The judgment is particularly striking for the language used to describe the act of copyright infringement (“theft”, “stealing”, “filching”), and the data subjects, whose interests the case is of course addressing, become “copyright thieves” when their IP addresses have been identified as having been involved in file-sharing.
In fact, Charleton J. appears to take the plaintiffs’ assertions at face value and states that “the entire purpose of this litigation is to uphold the law.” He refers to “data protection entitlement” in the same paragraph as a “fundamental right to copyright”.
This appears to suggest that one’s data protection rights are a form of State-granted beneficence, to be measured against the human right of copyright. It should be remembered that, in this scenario, the data subject is an individual internet user; the copyright owner is a multinational corporation.
Updates
- The International Federation of the Phonographic Industry welcomed the decision in Ireland, saying that it “sends a strong message to governments that are now considering how to help their creative industries address the threat of mass online piracy”. The IFPI says that the judgment confirmed the legality of a graduated response system, which is not quite accurate: the High Court decided that the settlement agreed between the parties was not incompatible with the Data Protection Acts.
- UPC Ireland, owner of ChorusNTL, said that it will continue to vigorously defend proceedings brought against it by EMI & ors seeking the introduction of the same graduated response system. UPC rightly points out the point made above (that the decision merely decides on compatibility with the Data Protection Acts) and says “there is no basis under Irish or European law requiring an ISP to monitor or block subscriber traffic on its network.”
- Cory Doctorow said that the judgment means that “Ireland has now joined the exclusive club of nations that treat the Internet as a trivial system for pirating movies, worthy of no special consideration. They’ve joined the club of nations that are willing to collectively deprive innocents of access to a single wire that delivers freedom of speech, press and assembly in order to put a few more Euros into the pockets of some of the largest corporations in the world.”
- Ars Technica said “The issue isn’t about “freedom to break the law,” but about proportionality. Does the punishment fit the crime (which is not, in this case, even a “crime” but a civil matter)?”
- p2pNet said “Whenever the IFPI … or any of Vivendi Universal, EMI, Warner Music and Sony Music’s other ‘trade’ outfits applauds a court ruling, you know it can’t be good for anyone except the Big 4. And when U2’s other big mouth, manager Paul McGuinness, chips in, it’s confirmed.”
- Not an update as such, but Digital Rights Ireland published a post last year on why the graduated response agreement is bad for internet users. It still applies, post-Chartleton J’s judgment.
A Clatter of the Law 
Great summary. This judgment needs to be carefully studied but seems to be quite groundbreaking. As far as I am aware this is the first occasion that copyright, which is generally seen as a instrumental tool to achieve certain economic ends (i.e. production of creative work) has been elevated to the level of constitutional right.
The fact that the DPC was not represented is absolutely vital for future litigation. Under the rules of precedent, a point held by a judge that was not fully argued by counsel has little or not precedential value. This fact could severely limit the future applicability of this case.
When one takes the analogy to its proper conclusion, the true enormity starts to become clear – rather than it simply being a matter of you (allegedly) crashing into the QD policy-holders, it seems all that’s required is that it was your car, the ban being enforced whether or not you were behind the wheel.
That whole “walk into town” thing is very telling. The judgment does not envisage (for example) a hard-working barrister who needs email and justis.com at home being deprived of this socio-economically necessary and ubiquitous infrastructure because he didn’t understand about WEP keys or his teenage kids were file sharing.
@Oisin The emphasis on the nature of copyright as a fundamental right is interesting. There appears no indication that one’s rights under the Data Protection Acts are a fundamental right; rather, they are referred to as an “entitlement”. In terms of precedent, while I know nothing about the hearing, it seems likely that no counter-argument was put forward whatsoever.
@MidnightCourt Charleton J sees internet access at home as a “convenience”, not something that might be necessary for one’s work.
It is also interesting that Charleton J does not believe IP addresses are sensitive personal data as “in reality, no one is accusing anyone of an offence. There is no issue as to anything beyond civil copyright infringement.” Elsewhere in the judgment he refers to “copyright thieves”, “unlawful copyright theft” and downloaders seeking copyright materials to “filch”.
Rossa: Great post.
I have views which were expressed in the Irish Times last Saturday. I cannot understand how on earth Paul McGuinness compares CP with this activity, criminal or ‘filching’ as it is/may be.
Very frustrating outcome and one which I believe is in direct conflict with Europe in particular ‘mere conduit’ principles under Regs in S.I. 68 of 2003 eCommerce Directive and Article 3A of the now agreed Communications Regulatory Framework. Stating:-
“Measures taken by Member States regarding end-users’ access to or use of services and applications through electronic communications networks shall respect the fundamental rights and freedoms of natural persons, as guaranteed by the European Convention for the Protection of Human Rights and Fundamental Freedoms and general principles of Community law.
Any of these measures regarding end-users’ access to or use of services and applications through electronic communications networks liable to restrict those fundamental rights or freedoms may only be imposed if they are appropriate, proportionate and necessary within a democratic society, and their implementation shall be subject to adequate procedural safeguards in conformity with the European Convention for the Protection of Human Rights and Fundamental Freedoms and general principles of Community law, including effective judicial review and due process. Accordingly, these measures may only be taken with due respect for the principle of presumption of innocence and the right to privacy. A prior fair and impartial procedure shall be guaranteed, including the right to be heard of the person or persons concerned, subject to the need for appropriate conditions and procedural arrangements in duly substantiated cases of urgency in conformity with the European Convention for the Protection of Human Rights and Fundamental Freedoms . The right to an effective and timely judicial review shall be guaranteed.”
This situation is like suing publicans because they should have known or suspected that their clients ‘appeared be’ alcoholics ….. or suing An Post because someone sent a direct marketing letter …. the nonsensical analogies are potentially endless.
Should IP addresses by determined as personal, matters might change. Then again, the contractual protection in eircom’s deal should cover them.
I am also deeply suspicious as a former IP engineer, as to whether or not there is active trapping honeynet/honeypot, activity going on, which would be by it’s own implementation is self-serving, divisive and incorrect.
R.
PS: The ‘wash up’ passing of the UK DE Bill was regrettable.
[It is also interesting that Charleton J does not believe IP addresses are sensitive personal data as “in reality, no one is accusing anyone of an offence. There is no issue as to anything beyond civil copyright infringement.” Elsewhere in the judgment he refers to “copyright thieves”, “unlawful copyright theft” and downloaders seeking copyright materials to “filch”.]
It’s an incredible inconsistency and must be viewed in the context of the Communications Regulatory Framework set out by Ronan.
“Measures taken by Member States regarding end-users’ access to or use of services and applications through electronic communications networks shall respect the fundamental rights and freedoms of natural persons, as guaranteed by the European Convention for the Protection of Human Rights and Fundamental Freedoms and general principles of Community law.”
@Rossa I reckon the failure to treat data protection as a human right renders this judgement deeply questionable on the grounds of European law.
Article 51 of the Charter of Fundamental Rights, in force since Lisbon, provides, inter alia, that its substantive rights provisions apply directly to members states “when they are implementing Union law. They shall therefore respect the rights, observe the principles and promote the application thereof in accordance with their respective powers.”
Since the Data Protection Acts stem from EU law the CFR is applicable when the HC is considering how data protection balances up against copyright.
Article 8 CFR provides that “Everyone has the right to the protection of personal data concerning him or her.” and that “such data must be processed fairly for specified purposes and on the basis of the consent of the
person concerned or some other legitimate basis laid down by law.”
The failure to consider the CFR angle likely renders this decision in breach of European law and strongly suggest that it is per incuriam, and again, not binding.
FYI: TJ wrote about the settlement and the possibility for incorrect accusations last year – see his blog.
@last two replies! Claps 🙂
What we need now is a case to run to conclusion. One is currently in being, before Mr Justice Frank Clarke, who to my mind may take a different tack if Mulvaney v The Sporting Exchange t/a. betfair, is anything to go by.
Sabam v Tiscali Spa or Scarlett, was a steep learning curve for the Belgian Courts in re. injunctive reliefs, and the supervision elements required with same failing.
One wonders whether anyone has complained about the eircom arrangement to the DP Commission? (logically one would, just before switching to a service where this policy was not in force). The FOI Act may assist us to that end, though not obviously in terms of the personal details.
If this was an unlawful intercept of a packet or tapping, vis the 1983 or 1993 P&T Acts, I wonder what Charleton J. would have done? See Herrity v ANP, for a recent airing of that, in re. Breach of Privacy before Dunne J. The Judgment is silent in areas, note.
R.
*In case it appears to the contrary, I am fully against online illegality and Copyright infringement. I am however concerned about privacy, freedoms of expression, conscience and Internet Freedoms. As well as compliance with EU law and regulation.*