ECJ validates limited filtering obligations imposed on telecommunications operators - Lexology:
ECJ validates limited filtering obligations imposed on telecommunications operators
Article 15 of the E-Commerce Directive provides that Member States shall not impose a general obligation on telecommunications operators, caching or hosting service providers, to monitor the information which they transmit or store, nor a general obligation to actively seek facts or circumstances indicating illegal activity.
The European Court of Justice (ECJ) twice denied the possibility for a Belgian court to impose general filtering obligations on telecommunications operators for it would violate the prohibition set forth by Article 15 of the ECommerce Directive.
The ECJ had initially admitted that certain filtering duties may be imposed to a hosting service provider provided that such injunctions be efficient and proportionate. Interestingly, the ECJ had taken its decision on the basis of its advocate general's opinion according to which such injunctions are admissible to the extent the provider at stake would not, on its own initiative, prevent infringers from accessing its services. The ECJ however stated that "the measures required of the online service provider concerned cannot consist in an
active monitoring of all the data of each of its customers in order to prevent any future infringement of intellectual property rights via that provider's website".
The ECJ had the occasion to revisit this question in subsequent cases, which raised in substance the question of the extent of the obligations that may be imposed on telecommunications operators with respect to the filtering of non-public content protected by intellectual property rights and transiting through their services.
In Belgium, courts of first instance had ordered telecommunications operators to render impossible the exchange of electronic files including musical works through peer-to-peer exchange platforms. Prejudicial questions were submitted to the ECJ as to, among others, the lawfulness of such injunctions. Strangely enough, the Belgian lower court had considered that filtering software were not processing personal data with the consequence that no violation of privacy was to be feared from the use of such software. Even
more, Belgian courts had not considered whether such filtering and blocking software could violate the freedom of expression or the secret of correspondence invoked by telecommunications operators.
The ECJ ruled that general filtering obligations do not comply with the E-Commerce Directive where, as it was in the main case, they would: concern all communications transiting through the operators' services; apply to all their customers without distinction; pursue preventive purposes; be under the control of the operators; and be unlimited in time.
The motivation of the ECJ lies essentially on the balance to be found between the protection of intellectual property rights on one hand, and the fundamental rights and freedoms, including the protection of personal data, on the other. The ECJ notably underlined the freedom to receive and communicate information and the difficulty to presume the unlawful character of the transmission of protected content over the internet, particularly in light of the varying legal exceptions to author's rights in the EU Member States.
One must, however, question those decisions as to why neither local courts nor the ECJ have considered more seriously the lawful or unlawful character of the intervention of any telecommunications operator on the information transiting through its services.
As a matter of law, Article 5.1 of the European Directive 2002/58/CE of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communication sector (Directive on Privacy and Electronic Communications or ePrivacy Directive) obliges Member States to guarantee "the confidentiality of communications and the related traffic data by means of a public communications network and publicly
available internet communication services". Member States must, in particular, "prohibit listening, taping, storage or other kinds of interception or surveillance of communications and the related traffic data by persons other than users, without the consent of the user concerned, except when legally authorised to do so in accordance with Article 15(1)".
Article 15.1 of the same directive provides that Member States "may adopt legislative measures to restrict the scope of the rights and obligations provided for in", for example, Article 5 "when such restriction constitutes a necessary, appropriate and proportionate measure within a democratic society to safeguard national security (i.e. State security), defence, public security, and the prevention, investigation, detection and prosecution of
criminal offences or of unauthorised use of the electronic communication system"; and "[to] this end, Member States may, inter alia, adopt legislative measures providing for the retention of data for a limited period justified on the grounds laid down in this paragraph".
These provisions were implemented or already existed in one form or another in national legislations prohibiting the taping of telecommunications during their transmission.
Considering that the ePrivacy Directive imposes that restriction to the confidentiality of communications be regulated at the legislative level, one may ask why, in the absence of an express legal exemption, a more radical prohibition of the imposition of filtering techniques by a judicial or administrative authority was not even considered by the Belgian courts and the ECJ.
In his opinion, the European advocate general had, however, concluded that general filtering obligation not expressly provided by law would violate the European Chart of Fundamental Rights as well as the European Convention on Protection of Human Rights and Fundamental Freedoms for such obligations were not, in that case, provided by a legislative text.
It is therefore likely that the aforementioned decisions of the ECJ do not spell the end but will be followed by a more in-depth analysis of the issue at stake, which might lead to a stricter enforcement of the ePrivacy Directive when it prohibits the interception of telecommunications outside situations expressly contemplated by the law.