Wednesday, 7 March 2012

The Digital Economy Act is in line with EU law, says the Court of Appeal

It's not always easy to understand
how "digital economy" works
Yesterday the Court of Appeal for England and Wales published its 115-paragraph decision in judicial review proceedings concerning -- inter alia -- the compatibility of the online infringement of copyright provisions of the UK's controversial Digital Economy Act 2010 ("DEA") with a number of EU directives (earlier posts on this story here and here).


Background
Telecom companies and ISPs BT and TalkTalk had asked Arden, Richards and Patten LJJ to overturn the 2011 decision of Kenneth Parker J of the High Court. Their appeal was, however, unsuccessful, since Richards LJ, giving judgment for the court, found that the decision of the High Court was "extremely thorough, clear and cogent".


As is well known, the DEA had inserted new sections 124A to 124N into the Communications Act 2003 as a response to the growing problem of subscribers to internet services who were infringing copyright by uploading and accessing material online. These provisions impose "initial obligations" on ISPs to notify subscribers of copyright infringement reports received from copyright owners, and to provide copyright infringement lists to copyright owners, if an "initial obligations code" is in force. These also provide for the possible future introduction of additional "technical obligations" on ISPs, together with a "technical obligations code". 
This case was concerned, however, only with the initial obligations, the initial obligations code and the related provisions as to costs. More specifically, BT and TalkTalk had been granted permission to appeal the decision of the High Court on grounds which covered four areas:
(1) whether the contested provisions should have been notified to the EU Commission in draft pursuant to Directive 98/34 ("the Technical Standards Directive"), with the result that they are unenforceable for want of notification
(2) whether the contested provisions are incompatible with provisions of Directive 2000/31 ("the E-Ccommerce Directive").
(3) whether the contested provisions are incompatible with provisions of Directive 95/46 ("the Data Protection Directive") and/or of Directive 2002/58 ("the Privacy and Electronic Communications Directive").
(4) whether the contested provisions are incompatible with provisions of Directive 2002/20 ("the Authorisation Directive" or "the AD").

The response of the Court of Appeal
(1) the Technical Standards Directive
The broad aim of the notification requirement under Article 8(1) of the Technical Standards Directive is to enable the Commission and other Member States to comment on draft legislation and for those comments to be taken into account, as Article 8(2) requires them to be, in the subsequent preparation of the technical regulation itself. 
Richards LJ rejected this first ground of appeal, in that (paras 39 and 42)
"the key question is whether the legislation in issue [ie the DEA] has "legal effects of its own" ...: the fact that the legislation refers to further rules which have not yet been made will not prevent it from being a technical regulation if the legislation itself has legal effects. Unless it has actual legal effects, the legislation is not capable of impacting on those seeking to exercise the freedom of movement of services or other freedoms ... The judge was right to find that the contested provisions do not have the "legal effects" described by the [CJEU]'s case-law. The "initial obligations" of ISPs under sections 124A and 124B are conditional on there being a code in force under section 124C or 124D. The word "if" in section 124A(2) is important, even though the provisions contemplate that there must in due course be a code: until such time as the Code comes into being, the provisions impose no obligations on ISPs. Moreover the Code is to be made for the purpose of regulating the initial obligations, and the scope of those obligations will be dependent on the detailed content of the Code. Whilst the statute prescribes various basic features of the Code, it leaves very considerable freedom for the working out of the detail."
(2) the Ecommerce Directive
Good old times times when
service providers didn't have to worry
about the Digital Economy Act ...
The appellants had advanced a twofold case of breach of the Ecommerce Directive: (1) that the effect of the contested provisions was to render ISPs potentially "liable for the information transmitted", contrary to Article 12 of the Directive; and (2) that the contested provisions amount to restrictions on the freedom to provide information society services from other Member States, "for reasons falling within the co-ordinated field", contrary to Article 3 of the Directive. 
Richards LJ rejected this ground of appeal too, in that the High Court was right when it held that liability "for the information transmitted" as per Article 12 of the Directive is a carefully delineated and limited concept. As regards copyright material, this language broadly contemplates a scenario in which a person other than the ISP has unlawfully placed the material in the public domain or has unlawfully downloaded such material, and a question then arises whether the ISP, putatively a mere conduit for the transmission of the information, also incurs a legal liability in respect of the infringement. That liability could take the form of a fine (in criminal or regulatory proceedings) or damages or other compensation payable to the copyright owner, or some form of injunctive relief. The liability could be joint and several with the other person, or it could simply be a default liability if the other person could not be found, or was not worth pursuing, or was insolvent.
Nothing in the liabilities of ISPs under the DEA is such as to render them "liable for the information transmitted" within Article 12(1) of the Ecommerce Directive. In relation to Article 12(3) of the Directive, Kenneth Parker J was right when he found that (para 58)
"it is conceivable that the copyright owner might in certain cases be able to draw the attention of the ISP to the fact of a present infringement, or to the likelihood of a specific infringement occurring in the future, and to invite the ISP to terminate or prevent such an infringement. In these circumstances, if the ISP was liable to terminate or prevent the present or future infringement, a real question could arise as to whether the ISP was being made liable 'for the information transmitted', or was rather simply coming under an obligation to use its technical facilities to terminate or prevent an infringement, in respect of the information transmitted, committed by another person. The 'careful balance' struck by the Community legislator settles that issue, and removes all uncertainty, by allowing Member States to authorise the courts or competent administrative authority to order the ISP to terminate or prevent the infringement, so long as the ISP is not made liable (by way of fine or compensation) in respect of the infringement itself".
The High Court was right also when rejected the claim based on Article 3 of the Ecommerce Directive.

(3) the Data Protection Directive and the Privacy and Electronic Communications Directive
... or data protection issues
Article 8(2) of the Data Protection Directive, which relates to the processing of special categories of data expressly allows the processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and data concerning health or sex life, when this relates to exercise or defence of legal claims.
Richards LJ agreed with the conclusions of Kenneth Parker J that the processing of data by the copyright owners, ie the processing involved in their identifying apparent infringements, together with relevant IP addresses and subscriber details, for the purpose of compiling copyright infringement reports would be compatible with the Directive.
Indeed, Richards LJ found that (para 77)
"the processing [of personal data] is plainly necessary for the establishment, exercise or defence of legal claims even if the beneficial consequence of the sending of a notification by the ISP pursuant to a copyright information request will be that in the majority of cases the infringing activity ceases and no further action is required." 
Richards LJ also rejected the claim based on the Privacy and Electronic Communications Directive. The data processed pursuant to the contested provisions in the DEA are "traffic data" as defined in Article 2 of the Directive, namely "any data processed for the purpose of the conveyance of a communication on an electronic communications network or for the billing thereof". Articles 5 and 6 of the directive impose obligations on Member States in relation to such matters as the confidentiality of traffic data, subject in each case to the derogation in Article 15(1), which provides that Member States may adopt legislative measures to restrict the scope of the rights and obligations provided for in Articles 5 and 6 of the Directive.To this end, Member States may, inter alia, adopt legislative measures providing for the retention of data for a limited period, also for the protection of property rights, including copyright.

(4) the Authorisation Directive
The aim of the Directive was to implement an internal market in electronic communications networks and services through the harmonisation and simplification of authorisation rules and conditions in order to facilitate their provision throughout the European Union. To this end, it provides in part for schemes of "general authorisation" which allow any person who wishes to provide electronic communications networks and services to do so in accordance with a publicly available set of conditions. Such schemes replaced individual licensing arrangements which were commonly found in national systems of regulation and which could create significant barriers to new entrants. In the UK, Ofcom has drawn up and published "General Conditions of Entitlement" in accordance with the Directive. 
The main issue under ground 4 was whether the contested provisions in the DEA are required to form part of a general authorisation and, if so, whether they impose conditions permitted within a general authorisation. The Court of Appeal rejected the claim.
A final area of complaint related to the proposed exclusion of smaller ISPs and mobile network operators from the scope of the initial obligations and the associated costs. Also this claim was rejected.

Conclusion
In dismissing the appeal, Richards LJ also refused to make a reference to the CJEU, in that, as previously stated by Kenneth Parker J, 
"the questions of European Union law raised by this judicial review admit of clear answers, and I do not believe that any useful purpose would be served by my making a reference" (para 112).
As to the costs, Richard LJ said that ISPs will have to pay 25% of the qualifying costs incurred by media regulator Ofcom in running and setting up an appeals body for alleged illicit filesharers. He also confirmed that the ISPs should pay 25% of relevant costs, which are operating fees incurred when identifying which subscribers are accused of illegal downloading. However, the Court of Appeal overturned the decision of the High Court which had said that the ISPs have to pay 25% of case fees which are charged by the proposed appeals body. Finally, the Court of Appeal ruled that BT and TalkTalk must pay 93% of the costs of the legal challenge. 
Press coverage of the decision herehere and here.

1 comment:

Francis Davey said...

Points of information:

There was no appeal against the High Court's decision that ISP's would not have to pay the "qualifying costs". That position remains unchanged. Taken together the two decisions mean that ISP's only have to pay their "relevant costs" - i.e. their internal running costs occasioned by the scheme.

Second, it is not entirely true to say that the Court of Appeal found the Act was in line with EU law. At paragraph 93 the court appears to hold that s16(2) which inserts new clauses (ia) and (ib) into s135(3) of the Communications Act (wrongly identified as being a section of the Digital Economy Act 2010) are not enforceable since they were not notified under the Technical Standards Directive and they impose a new regulatory liability on ISP's (to provide information to OFCOM). A minor point I know, but it may have some effect.