Opinion of the Advocate General: Retention and Access to Identity Data in Copyright Infringements Online

Opinion of the Advocate General in the ECJ case C-470/21: Advocate General Szpunar: retention and access to identity data linked to the IP address used should be permitted if such data constitute the only indication of the Determine the identity of people who have committed copyright infringements exclusively on the Internet.

In his opinion, the graduated response system applied by the French copyright management authority is compatible with the requirements of EU law in the field of personal data protection.

The Opinion will be presented as part of the reopening of the proceedings in this case. In fact, at the instigation of the Grand Chamber, the Court decided to refer the case to the plenary session and to raise questions to be answered at the sitting of May 15 and 16, 2023.

First Advocate General Maciej Szpunar delivered his Opinion for the first time on October 27, 2022. In France, the Haute Autorité pour la diffusion des œuvres et la protection des droits sur Internet (High Authority for the Dissemination of Works and Protection of Rights on the Internet, Hadopi) is responsible for ensuring the protection of property rights. If a copyright infringement by an Internet user is discovered, Hadopi sends a recommendation to the latter and instructs him not to commit any further infringement, whereupon a new warning is issued in the event of repeated infringement. If the first two warnings are ignored and a third violation is committed, Hadopi may contact the relevant judicial authority to initiate criminal prosecution.

This graduated response system assumes that Hadopi can identify the perpetrator in order to provide them with these recommendations. For this purpose, a decree was issued in 2010 allowing Hadopi to address electronic communications operators so that the latter provide it with the identity data of the user to whom the IP address used to commit the crime is assigned. Four associations for the protection of rights and freedoms on the Internet are challenging the adoption of this decree in court. The Conseil d’État is asking the Court whether the collection of identity data associated with IP addresses and the automated processing of those data to prevent infringements of intellectual property rights, without prior control by a court or administrative body, is compatible with EU law are.

In his Opinion delivered today, First Advocate General Maciej Szpunar considers that EU law does not preclude electronic communications operators from retaining IP addresses and corresponding identity data and an administrative authority for the protection of copyright against copyright infringement has access to it on the Internet.

According to the Advocate General, the IP address, the civil identity of the internet access holder and the information about the work in question do not allow precise conclusions to be drawn about the private life of the person suspected of committing a copyright infringement. This is simply a disclosure of content accessed at a specific point in time, which in itself is not capable of creating a detailed profile of the person who accessed that content.

This measure is intended to enable that authority to identify and, if necessary, take action against the owners of these addresses suspected of being responsible for these infringements. Furthermore, this access is not required to be subject to prior control by a court or an independent administrative body. This data represents the only clue that makes it possible to establish the identity of the person to whom that address was assigned when the crime was committed.

He emphasizes that this is not a departure from previous case law, but rather a pragmatic development of it, which means that a more differentiated solution can be found in special and very narrowly defined circumstances. In his view, this assessment involves balancing the various conflicting interests in accordance with the principle of proportionality
which justifies a refinement of the Court’s jurisprudence on the retention and access to data such as IP addresses linked to identity data, in order to prevent systematic impunity for violations of the law committed exclusively online. (Source: Court press release)

Last articles by lawyer Jens Ferner (specialist lawyer for criminal law & specialist lawyer for IT law) (Show all)