EU Internet Law In The Digital Era: Regulation And Enforcement 3030255786, 9783030255787, 9783030255794

Table of contents :
Preface......Page 5
Contents......Page 16
Contributors......Page 18
Part I: Copyright Law and the Internet......Page 20
1 Introduction......Page 21
2 Art. 13 (Now 17) DSM—Proposal: To Filter Uploads or Not?......Page 22
2.2 COREPER......Page 23
2.3 The Battle in the EP and the Final Vote......Page 25
2.3.1 The Definition of “Online Content Sharing Service Provider”......Page 26
2.3.2 Art. 13 (17): The Complex Triangle of Rightholders, Providers, and Users......Page 27
2.4 The Final Compromise of the “Trilogue”: The New Art. 17......Page 30
2.5.1 Development of Case Law......Page 36
2.5.2 Consequences for Platforms and Art. 13 DSM-Package and Search Engines......Page 37
3.1 European Setting......Page 38
3.2 Legal Reform in Germany......Page 39
4 Conclusion......Page 40
References......Page 42
Chapter 2: Who Is a Lawful User in European Copyright Law? From a Variable Geometry to a Taxonomy of Lawful Use......Page 44
1 Introduction......Page 45
2.1 The Introduction of the Concept in the Software and the Database Directive......Page 46
2.2 “Lawful Use” in the Temporary Copy Exception Established by the Information Society Directive......Page 49
2.3 The Various Shades of Lawfulness in EU Copyright Law: “Lawful Use” and “Lawful Access” in the Digital Single Market Copyright Package......Page 52
3 Who Is a Lawful User?......Page 55
3.1 The Controversy Surrounding the Concept of “Lawful User”......Page 56
3.2 Flexibility as a Necessary Component of “Lawful Use”......Page 58
3.3 Responsibility as an Implicit Standard of “Lawful Use” in CJEU Case Law......Page 61
4 Towards a Taxonomy of “Lawful Use” in European Copyright Law......Page 67
5 Conclusion......Page 74
References......Page 75
1 The Right of Communication to the Public......Page 78
1.1 Requirements and Criteria Under Art. 3.1 of the InfoSoc Directive......Page 80
2.1 Svensson and Others, C 466/12......Page 83
2.2 BestWater, C 348/13......Page 85
2.3 GS Media, C 160/15......Page 86
3.2 Germany......Page 90
4 Conclusion: Clarity Still Needed......Page 93
References......Page 94
Chapter 4: Forcing Flexibility with Fundamental Rights: Questioning the Dominance of Exclusive Rights......Page 96
1 Introduction......Page 97
2 Fundamental Rights in EU Copyright: So Far......Page 98
3 Fundamental Rights Out of the Box......Page 101
3.1 Three German References......Page 102
3.2 Discretion for Implementation......Page 105
3.3 Arguing Inside the Rules......Page 106
3.3.1 Extending the Scope of E&L......Page 107
3.4 Arguing Outside the Rules......Page 108
3.4.1 The Scope of Exclusive Rights......Page 109
3.4.2 Permitting Expression and Information: And (Too?) Much More......Page 110
4 Conclusion......Page 112
References......Page 113
Chapter 5: Copyright and the Press Publishers Right on the Internet: Evolutions and Perspectives......Page 116
1 Introduction......Page 117
2.1 The Legal and Economic Background......Page 120
2.2 National Level Measures: The Examples of Germany and Spain......Page 121
2.2.1 Germany: An Adventurous Legal Story and its End......Page 122
2.2.2 Spain: Following the Path of Limitations......Page 125
2.3 Article 11: Definitions, Subject-Matter and Scope of Application......Page 128
3.1 Two Sides of the Same Arguments......Page 134
3.2 Missing Causality and Burden of Proof......Page 136
3.3 Diminishing or Maximizing Uncertainties?......Page 139
3.4 The Pie Theory and the Impact on Authors’ Shares......Page 143
4 The Alternative(s) Proposed Against the Press Publishers’ Right......Page 144
5 Conclusions......Page 147
References......Page 150
1 Introduction......Page 154
2 Dualistic and Monistic Approaches in Regulation of Copyright......Page 159
2.1 Dualistic Approach......Page 161
2.2 Monistic Approach......Page 164
3 Communication to the Public: Contours of a Harmonised Economic Right......Page 166
4 Redundancy: Connecting Points of Both Rights......Page 170
5 Conclusion......Page 172
References......Page 174
Chapter 7: “Digital” Exhaustion and the EU (Digital) Single Market......Page 178
1 Introduction......Page 179
2 Copyright Exhaustion and Cross-Border Trade......Page 180
3 Role of Exhaustion in the EU Acquis and the Internal Market......Page 182
3.1 Exclusive Rights Versus the Internal Market......Page 183
3.2 Exhaustion Under the EU Directives......Page 184
4.1 Copyright Perspective......Page 186
4.2 The Internal Market and the Digital Single Market Perspective......Page 190
5 Reference in Tom Kabinet and Future of the Digital Single Market......Page 192
6 Conclusions......Page 193
References......Page 194
Part II: Emerging Technologies and New Digital Challenges......Page 198
1 Introduction......Page 199
2 Legal Aspects of the “Relative Spoiler”: The Impossible Protection......Page 200
2.1 Theoretical Background on Information from a Civil Law Aspect......Page 201
2.2 The “Relative Spoiler” Protected by Freedom of Expression......Page 202
2.3 The Controversial Use of Contract Law as a Censorship Tool......Page 203
3.1 Information Protection in the Digital Age......Page 205
3.2 Trade Secrets Directive and Civil Liability......Page 207
4.1 Moral Rights of the Author and Enjoyment of the Work......Page 209
4.2 The Right of Reproduction and a Detailed Summary of the Work......Page 211
5 Conclusion......Page 212
References......Page 213
Chapter 9: Data Ownership in the Data Economy: A European Dilemma......Page 215
1 Introduction......Page 216
2 The European Commission’s Strategy on Data......Page 217
2.1 How the Data Value Chain Is Working?......Page 218
2.2 The Debate on Data Ownership......Page 220
3.1 Intellectual Property Laws and Data......Page 221
3.1.1 Copyright in Data......Page 222
3.1.2 Sui Generis Database Right......Page 223
3.1.3 New Emerging Copyright Trends......Page 225
3.2.1 Trade Secrets......Page 226
3.2.2 Controllership Schemes Derived from Data Protection Law......Page 228
3.2.3 Traditional Property Rights......Page 229
3.2.5 Factual Access Limitation and Contracts......Page 230
4 The New Proposed Data Producer’s Right......Page 232
4.1 Scope of the Right......Page 233
4.2 Right Allocation......Page 234
5.1 Excessive Protection and Overlap with Existing Intellectual Property Rights......Page 235
5.2 Legal Uncertainty, Data Fragmentation, and No Flexibility......Page 237
6 Conclusion......Page 238
References......Page 240
1 Introduction......Page 242
2 Definition of Net Neutrality......Page 243
3 The Rationale for Net Neutrality......Page 245
4.1 USA......Page 246
4.2 EU......Page 247
5 Conclusion......Page 252
References......Page 253
1 Cybersecurity Definition......Page 254
3 Cyber-Threats......Page 255
3.2 Data Theft......Page 256
3.5 Financial Costs......Page 257
4.1 Convention on Cybercrime: ETS No 185......Page 259
4.2 EU Cybersecurity Legislation Timeline......Page 261
5.1 ENISA: European Union Agency for Network and Information Security......Page 265
5.3 Global Alliance Against Child Sexual Abuse Online......Page 266
6.1 Legislation on Cybercrime......Page 267
6.2 Legislation on Cybersecurity......Page 268
6.3 Key National Players in Combatting Cybercrime......Page 269
7 GDPR & Cybersecurity......Page 270
8 Insurance Coverage for Cybercrime or Personal Data Breach......Page 271
9.2 Certifications for Organizations & Businesses......Page 272
References......Page 273
1 Introduction......Page 275
2 Need for a Change in Application of Data Protection Law......Page 277
3 Data Protection in General: Data Subject Responsible......Page 278
4 Body Parts and Data......Page 281
5 Towards an Alternative Data Protection Approach......Page 283
5.1 Explicit Consent for Processing of Health Data......Page 284
5.2 Paternalism and Health Data......Page 285
5.3 Dignity......Page 286
References......Page 287
1 Introduction......Page 290
2 The TC Technology Under the NIS Directive......Page 295
2.2 Secure I/O......Page 298
3 Privileged Access Management......Page 299
4 Standards, Policy, and Regulation......Page 301
5 Essential Operators Identification......Page 303
6 Security Requirements and Incident Notification......Page 304
8 Conclusions......Page 305
References......Page 306
Part III: E-commerce and Online Consumer Protection......Page 310
Chapter 14: Adopting a Smart Approach to EU Legislation: Why Has It Proven So Difficult to Introduce a Directive on Contracts for the Supply of Digital Content?......Page 311
1 Introduction......Page 312
2 What Are Contracts for the Supply of Digital Content and Why Is Legal Intervention Needed?......Page 313
3 The 2015 Initiative: A Step Forward?......Page 315
4 Legislating on New Technology: Lessons To Be Learnt......Page 318
4.1 Beware of the Company You Keep: The Impact of the (Online) Sale of Goods Directive......Page 319
4.2 How Innovative Do You Want To Be? The Problem of Engaging with New Technology......Page 321
4.3 Consumer Protection and Maximum Harmonisation: A Match Made in Heaven?......Page 323
4.4 Time Limits: To Have or Have Not?......Page 326
5 An Agreed Package: An Easter Surprise......Page 328
6 Conclusion......Page 329
References......Page 331
1 Introduction......Page 333
2.1 Buy and Sell Features on Social Media Platforms......Page 335
2.2 Marketing Products on Social Media Platforms......Page 339
3 Social Media Scams......Page 341
4 Solutions to Improve Consumer Protection in Social Commerce......Page 342
4.1 Self-regulation of Social Media Platforms......Page 346
4.2 Regulation of Liability of Social Media Platforms......Page 347
4.3.1 Accurately Recording Consumer Problems to Help Target Responses......Page 351
4.3.2 Cooperation of Social Media Platforms with Enforcers......Page 352
4.4 International Enforcement Efforts......Page 353
5 Conclusion......Page 354
References......Page 355
1 Introduction: An Amending Proposal Rather Than a Brand New Legislative Initiative......Page 358
2.1 The REFIT and the CRD Evaluation......Page 361
2.2 The Dieselgate Scandal......Page 362
3 Inserted Consumer Protection Rules: Improving or Not the Substance of EU Consumer Law?......Page 363
3.1 Introducing a Right to Individual Redress for Unfair Commercial Practices: The Greatest Change of All?......Page 364
3.2.1 Goods Handled More Than Necessary......Page 366
3.3 Transparency of Online Platforms: A Step in the Right Direction?......Page 369
3.4 Digitalising the Scope of the CRD to Include Services: Are These Changes Enough?......Page 372
4 Conclusion: A Good or a Bad Digital Deal?......Page 374
References......Page 376
1 Introduction......Page 377
2 Mediation as an ADR Method: A Short Presentation......Page 379
3.1 Mediation in Cyprus......Page 383
3.2 Arbitration in Cyprus......Page 388
4 Online Dispute Resolution: An Evolution in ADR......Page 390
5 Alternative Dispute Resolution of Consumer Disputes: ODR for EU Consumers—The ODR Platform—Settling Consumer Disputes Online......Page 391
5.1.1 EU Directive 2013/11/EE......Page 394
5.1.2 EU Regulation 524/2013......Page 396
5.2 ODR for Consumers in Cyprus......Page 397
5.3 ODR for Consumers in Greece......Page 398
6 Conclusion......Page 400
References......Page 401

Citation preview

Tatiana-Eleni Synodinou  Philippe Jougleux · Christiana Markou  Thalia Prastitou Editors

EU Internet Law in the Digital Era Regulation and Enforcement

EU Internet Law in the Digital Era

Tatiana-Eleni Synodinou  •  Philippe Jougleux • Christiana Markou •  Thalia Prastitou Editors

EU Internet Law in the Digital Era Regulation and Enforcement

Editors Tatiana-Eleni Synodinou Department of Law University of Cyprus Nicosia, Cyprus

Philippe Jougleux School of Law European University Cyprus Nicosia, Cyprus

Christiana Markou School of Law European University Cyprus Nicosia, Cyprus

Thalia Prastitou School of Law European University Cyprus Nicosia, Cyprus

ISBN 978-3-030-25578-7    ISBN 978-3-030-25579-4 (eBook) https://doi.org/10.1007/978-3-030-25579-4 © Springer Nature Switzerland AG 2020 This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed. The use of general descriptive names, registered names, trademarks, service marks, etc. in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use. The publisher, the authors, and the editors are safe to assume that the advice and information in this book are believed to be true and accurate at the date of publication. Neither the publisher nor the authors or the editors give a warranty, express or implied, with respect to the material contained herein or for any errors or omissions that may have been made. The publisher remains neutral with regard to jurisdictional claims in published maps and institutional affiliations. This Springer imprint is published by the registered company Springer Nature Switzerland AG. The registered company address is: Gewerbestrasse 11, 6330 Cham, Switzerland

Preface

Internet law is a constantly evolving area of law. This is only natural given that the Internet and the technologies (and services) developed and thriving on it are rapidly adding up, transforming, amongst others, the way e-commerce is conducted, intellectual property is created (and utilized) and cyber-crime is committed. These continuous transformations inevitably translate into new legal challenges for policy makers, lawyers and judges who often find technological innovations puzzling, necessitating new breeds of regulation and/or sophisticated application of existing legal rules. In this respect, Internet law is perhaps the most dynamic area of law about which, there is always something new to explore, discuss or address. The European Union (EU) legislator continually adopts new legal frameworks, which could be judged as a frenetic need of intervention to cope with the technological progress. Interventions exist in the fields of cybercrime (cyber-attacks, internet security, online fraud, hate speech, child pornography), e-commerce and online contracts (with emphasis on the protection of consumer), copyright law, data protection, banking services, etc. The last notable interventions from the EU legislators with direct implication to internet law (the General Data Protection Regulation (GDPR) obviously but also the new Directive on Copyright Law in the digital single market) show that the convergence towards consensus in the field of Internet law becomes increasingly difficult as the economic and societal interests increase. In the new Directive on Copyright Law, a clear opposition was visible between the giant corporations of the internet (sometimes called GAFA), allied to activists militating against internet regulation (such as eff) and copyright rightholders and content creators. This opposition could evolve to a war on information. The exponential increase of legal intervention associated with the rise of conflicts of interests and fake news, leads to one consequence: it is vital for the internet user to possess the conceptual tools to keep control of her destiny. Researches on the field of internet law answer to this need. This book is the result of the vivid and passionate discussions that took place during the International Conference “REDA” in 2017, in Cyprus. It explores various topics organised under three basic parts referring to areas that strongly influence the Internet policy today. The first part of this book presents the current state of the constantly evolving EU online copyright law. v

vi

Preface

The second part is dedicated to data protection, emerging technologies and digital challenges that arise nowadays. Finally, the third part of this book presents the progress of EU law harmonisation in the field of e-commerce and online consumer protection. Essentially, this book builds upon the previous collective work on EU Internet law and regulation and aims at taking further the endless discussion on fundamental issues in areas affecting internet law. These include copyright enforcement, freedom of expression, data protection, cyber-security, net neutrality and consumer protection. Indeed the last 2 years in practice, since the time the previous relevant collective work had been published, have seen important changes in the internet-related legal landscape, as well as the rise of new commercial and other practices in the electronic environment. This latter fact renders this new collective work on EU internet law even more pertinent. Initially, copyright has notoriously had its limits continuously challenged, tested and stretched in the digital era. Accordingly, it should not be considered surprising that there is a variety of copyright-related issues in the electronic environment to be addressed by the law. The application of the exhaustion doctrine to intangible copies of works is one such issue, which has also been the focus of recent case law of the Court of Justice of the European Union (CJEU) that definitely merits an analysis. The limits of the ‘lawful use’ of copyrighted works also comprise a fundamental issue that remains contemporary given the multiple opportunities and the ease of use of protected works on the internet. The relevant EU legal landscape has also very recently welcomed a new important addition that is directly relevant to the digital context, namely the Directive on Copyright in the Digital Single Market. This brand new legal measure (just passed in April 2019) certainly poses issues meriting exploration, one of them being the contentious express right of publishers to the digital uses of their works. The relevant measure of course also affects more general questions in the area of copyright, such as the complicated relationship between copyright liability and providers’ liability, privileges and levies. A different matter relating to copyright refers to the exceptions and limitations to which it is subject, which are notoriously given a restrictive interpretation. A German reference to the CJEU for a preliminary ruling seems to challenge this restrictive approach to copyright exceptions and limitations and highlights a rather tendinous relationship between copyright protection and respect of human rights as safeguarded by the EU Charter of Fundamental Human Rights. Another heated topic concerns hyperlinks (on which the workability of online interfaces basically relies) and the liability implications of their use to copyright and the rules protecting it. A few years ago, the CJEU has had the chance to shed light on the said implications concerning the display of hyperlinks to protected works, and it is very interesting to see how national legislators and/or courts have responded to (or implemented) the rules laid down in the relevant CJEU case law. Lastly on copyright, it is well-known that copyright is not just about economic rights but moral rights too. One such right is the author’s right of divulgation existing in national legal regimes, such as those of Germany and France. An inquiry into how this right relates to and/or works with the economic right regulated at EU level is interesting, as it would shed light on the need to introduce it in the EU legal regime relating to copyright.

Preface

vii

Furthermore, the GDPR has come into force furnishing the world with some experience in its practical effects, which are worthy of discussion. More generally, as the digital environment is fueled by data, data-related issues, including data ownership, which seems to conflict with open access to data, are always on the forefront, when it comes to the law of the internet. Such issues necessitate a thorough look not only at data protection (and the GDPR) but also at other legal rules pertaining to the protection of trade secrets and intellectual property rights. On the other hand, the increased commercial exploitation of personal data poses even more serious issues when the data involved is not only personal but also sensitive data, particularly data relating to health. The GDPR imposes stricter controls on the use of sensitive data, namely a prohibition on its processing except on sufficiently-specified grounds. Even stricter controls, namely a wider prohibition on the commercial use or trade of personal data may be inspired from the regulatory framework relating to human parts, if an analogy can be drawn between human parts and sensitive data. Such an approach obviously greatly upgrades the status and significance of sensitive personal data. It is so obvious that internet law is vast. Apart from the aforementioned issues, there are several more digital challenges that have a place in the particular area. Cybersecurity for example, obviously goes part and parcel with the internet and essential services relying on it. Indeed, these have to be secure (or at least, not totally unsecure) if they are to gain the user trust necessary for them to develop and thrive. It is probably not incidental that information security has been high in the agenda of the EU legislator, who has recently produced important relevant work, including the ENISA Regulation, the Network and Information Security Directive and the GDPR, which contains security-flavoured provisions. Such new and technical pieces of legislation merit discussion facilitating their understanding and application. This discussion by reference to technologies that can be applied to improve privacy, security and trust, such as the so-called ‘Trusted Computing’ and can thus serve as a method of compliance with the law is certainly fruitful. Moreover, the big issue of net neutrality, essentially calling for the existence of rules akin to fair and free competition rules but specific to online traffic management conducted by Internet Service Providers is obviously central to the Internet. It could not have been more pertinent now, a few years after the EU legislator has passed law seeking to safeguard neutrality and prevent unfair, discriminatory and anti-competitive practices that ‘manipulate’ online traffic and effectively, make available a ‘constructed’ version of the internet to businesses and consumer users alike. Finally, even spoilers of games, movies, TV series, reality shows or competitions, which are widely disseminated on the Internet having both detractors and keen supporters or fans, have a legal aspect. Indeed, if one inquires into their legality, one will come across intriguing questions of law relating to trade secrets, freedom of expression and copyright protection, that deserve to be addressed not so much to satisfy the curiosity of spoiler fans but to enlighten lawyers and the holders of the rights in the spoiled works on their rights or legal position. Another area of law, namely consumer protection is directly relevant to the internet given the turn of consumers, particularly those belonging to newer generations,

viii

Preface

to the online world for shopping and entertaining. E-commerce through social media (or social commerce) has recently gained a significant boost increasing the significance of related new commercial practices, as well as consumer risks and provoking the need for a test application of EU legislation in the area of consumer protection to the social environment. Additionally, in relation to consumer protection, the recent Proposal for a Directive on the supply of digital content has now progressed to the point that is awaiting publication in the official journal of the EU. Given that the said piece of legislation has come to close an existing regulatory gap at EU level concerning contracts that have now become commonplace, a discussion of its main provisions and related arising issues is certainly warranted. The same is true of the most recent initiative of the European Commission, namely two Proposals for Directives called the ‘New Deal for the Consumers’ aspiring to significantly improve the rights of consumers and introduce a route to consumer collective compensation, which is of paramount importance given that the vast majority of consumer transactions are of small value. The EU legislator has also been active in the area of alternative dispute resolution regarding consumer disputes in an attempt to further improve enforcement of substantive consumer rules; how Member States, such as Cyprus and Greece have taken up the solutions adopted at EU level in relation to this matter, which seems to have attracted academic interest, is fascinating. All of the above issues or questions comprise the subject matter of the different chapters that make this collective work on Internet law and regulation in the digital era. Each one of them is the focus of a chapter in this collective work. More specifically, in Chap. 1, Gerald Spindler deals with the development of liability rules for copyright infringements regarding internet intermediaries, such as YouTube or Facebook, and in particular, the intensively debated Article 13 (now 17)—often called “upload filter”. It scrutinizes the legislative process and progress made, starting from the Commission’s Proposal, moving on to the European Parliament position and finally to the compromise reached at the end of the Trilogue. Emphasis is given on the provisions regarding the scope of application of Article 13 (now 17), the application of the right of communication to the public to online service providers, data protection issues, the measures to be taken by the providers and the complaint mechanisms and dispute resolution on the mandatory exceptions and limitations provided by Article 17. Furthermore, this chapter analyses the development of CJEU case law regarding the application of the right of “making available to the public” to host providers, which, by interpreting broadly the notion of the public, led to an extension of direct liability. Subsequently, it moves on to an analysis of CJEU case law in relation to the liability of access providers, WiFi hotspots and the question of injunctions against intermediaries. As Professor Spindler highlights, the analysis of the above developments, and mainly the discussions concerning Article 13 (now 17), show that any upload filter or content identification mechanism implies necessarily data protection issues. Even if the dilemma between free exchange of ideas, as well as data and anonymity, on one hand, and the protection of rightholders, on the other, seems prima facie to be unsolvable, a solution based on the idea of levies should be, according to the author, the preferred option.

Preface

ix

This is because users and platforms would benefit from limitations allowing for user generated content, whilst rightholders could claim adequate levies that will be calculated upon traffic data or statistically monitored use of their works on the platforms. In Chap. 2, Tatiana-Eleni Synodinou analyses the concepts of “lawful user”, “lawful use” and “lawful access” in European copyright law. The author argues that it is vital to conceive these concepts flexibly to include uses implied by the interpretation of contracts between rightholders and users, in accordance with the standards of fairness and good faith. Furthermore, it is demonstrated that for the CJEU, the concept of lawfulness of use is linked to the mens rea of the user, in the sense that the use will not be lawful if the user was aware—or ought to have been aware—of the manifestly unlawful nature of the copy of the work reproduced or made available to the public. A taxonomy of lawful use which consolidates the EU copyright acquis on lawful use is proposed. The author concludes its chapter by commenting on the substantial role these notions have to play in the future EU copyright law policy. In Chap. 3, Elenora Rosati focuses on the legal issue of linking and copyright. The author first describes the state of the art on the right of communication to the public in the European Union, after the seminal cases of SGAE, Svensson and GS Media and concludes that a lot of ambiguity remains. It therefore refers to the first national decisions issued in Sweden and Germany, being in practice the national aftermath of the ruling in GS Media, and demonstrates how diverging national approaches are related to this ambiguity. This has been particularly the case for the presumption of knowledge for for-profit link providers, as envisaged in GS Media. Indeed, a crucial question, which triggered divergent answers is whether the profit-­ making intention should be referred to the act of linking as such or to the context in which the link is provided. Specifically, courts have adopted different approaches to the presumption of knowledge. This has been particularly the case of Germany, where courts departed from the strict approach of the GS Media ruling. Indeed, instead of holding the presumption rebutted in the specific instance considered, they held against its applicability tout court, on grounds of reasonableness and by placing significant emphasis on the fundamental rights dimension. In Chap. 4, Bernd Justin Jutte discusses the topic of copyright law and fundamental rights with emphasis on the question of whether fundamental rights might force more flexibility into the copyright law system. In the author’s view, the European copyright rules systematically in favour of a dominance of exclusive rights over permitted uses. Many of such uses are rooted in fundamental rights, but the limited nature of exceptions and limitations prevents the exercise of fundamental rights in certain circumstances. In this context, this chapter discusses the pending preliminary references in the German “Metall auf Metall III”, “Reformistischer Aufbruch” and “Afghanistan Papiere” cases and their potential relevance for the legality of Art. 5 of the InfoSoc Directive. As the author highlights, those cases are of fundamental importance, since the BGH by asking a question, the answer of which seems to have already been given by secondary legislation, provokes the CJEU to re-think EU copyright law in lieu of the EU legislator. In Jutte’s view, the

x

Preface

Court either has to permit more flexibility within the set of existing rules or suggest legislative additions to the entire copyright acquis. Furthermore, according to the author, the Court will have to be careful not to undermine the reliability of existing copyright law by providing an easily accessible leapfrog procedure with fundamental rights as its springboard. In Chap. 5, Maria-Daphne Papadopoulou and Evanthia-Maria Moustaka discuss about evolutions and perspectives in copyright law and more specifically about the press publishers right on the internet. According to the authors, the introduction of an exclusive related right to press publishers for the digital uses of their content formed a casus belli within a long—term and rather adventurous legislative initiative. This chapter explores in detail various key issues of the new right on press publications, demonstrating the objectives sought through its establishment, while analysing the legal and economic background from both sides of this persisting controversy. Starting off with an interesting discussion on the rationale behind the new publishers’ right and its key features, this chapter brings forward the two legislative initiatives undertaken at national level, and more importantly, the examples of Germany and Spain. Moving on, the authors proceed to an in-depth analysis of the considerable criticism the Proposal has received, as well as the compromise amendments that were later introduced, bringing forward in practice as they interestingly claim two sides of the same arguments. More importantly in the final part of this chapter, the final text of the proposed Article 11 (now Article 15) is presented, further including the rationale behind and the objectives pursued under its establishment. The authors conclude that copyright in the digital single market Directive is now a reality consisting of the “world – first legislation” that has recognized the need to strike a fair balance between conflicting rights and interests in the digital environment. In Chap. 6, Branka Marušić provides a comparative analysis of the material scope of application of the moral right of divulgation and the economic right of communication to the public in the EU’s digital single market. The aim is to bring forward arguments why the application of both rights should only be addressed through the protection afforded by the economic right. In the author’s view, this is because of the fact that the right of divulgation and the right of communication to the public share the same trigger point for their application, which is the author’s choice in sharing her or his work with the public. The author proceeds to a comparative overview of the dualistic and the monistic approach of regulating the right of divulgation in line with the coexisting economic right of communication to the public at EU level. This analysis concentrates on three main issues: what does this right entail, the exhaustion of this right and the possible conflicts that might occur in a hypothetical scenario in which both rights can be employed. The first trend is that jurisdictions that have monistic approach to copyright have both these rights contained in their copyright legislative framework, whereas jurisdictions with dualistic approach are more inclined to merge these two rights. The author then addresses the contours of the EU harmonised right of communication to the public. As she pinpoints, this economic right, in the CJEU’s case-law, is viewed through the author’ consent to communicate the work to the public and presumes that the author

Preface

xi

c­ onsented or wanted her or his work to be shared with the public. She then concludes that connecting points of the right of communication to the public and the right of divulgation can be found. Specifically, such a connecting point is that both the act of communication and the act of divulging the work require consent of the author for the right not be infringed. In her view, it is visible that merging of these concepts and the material scope of application of both economic and moral rights is more an intuitive step made either by legislators or by the courts. In Chap. 7, Liliia Oprysk deals with the problematic issue of digital exhaustion in EU Copyright law. Whereas the topic of “digital” exhaustion is intriguing from the perspective of copyright law, it is no less thought-provoking in the context of the internal market. Even before the copyright harmonisation took off, the CJEU used the principle to facilitate the functioning of the internal market by eliminating the impediments to the free movement of goods within the EU. This chapter seeks to place the issue at stake in its broader context. Namely, it discusses whether extending the applicability of exhaustion to the acts of online dissemination can be of any assistance in facilitating the free movement of digital goods and services as set out in the Digital Single Market (DSM) Strategy. As the author pinpoints, given the very absence of clarity on the application of the principle of exhaustion to acts of online dissemination under the EU copyright acquis, the answer is not straightforward. As a reference for a preliminary ruling, on the application of exhaustion to acts of online dissemination under the EU copyright acquis, has recently reached the CJEU, in case C-263/18, its copyright aspect is to be clarified in the nearest future. It, however, remains to be seen how the CJEU in answering this question could contribute to or interfere with the objectives of the DSM. In conclusion, the author suggests that the “digital” exhaustion has a potential to advance the DSM. In her view, while a CJEU ruling affirming the application of the copyright exhaustion online would contribute to the protection of reasonable consumer expectations, it would not eliminate the challenges the DSM is facing in this area in its entirety. Indeed, the copyright aspect in isolation would not be capable of resolving the difficulties in a way comparable to the analogue world. Nonetheless, opting for denying the “digital” exhaustion altogether could deprive the courts of a powerful instrument for balancing the divergent objectives of copyright protection. In Chap. 8, Phillippe Jougleux focuses on the legal framework of “spoilers” defined as the revelation of elements of a plot of a piece of fiction that the public is not yet aware of. The author distinguishes between “relative spoilers”, i.e., information about an already published work of mind, and “absolute spoilers”, i.e., information about a non-published work of mind. In the first part, it is argued that relative spoilers do not raise any liability as the person who publishes the spoiler is protected by freedom of expression. However, the question of moderation touches on sensitive legal issues related to the need to enforce a stronger horizontal effect of freedom of expression on the Internet. The second part focuses on the “absolute spoiler” and considers it as a form of information theft that is nowadays regulated by the Directive on trade secrets. In the third and last part of the chapter, the author shows how, alternatively, copyright law could be of use in guarding against both relative and absolute spoilers.

xii

Preface

In Chap. 9, Francesco Bartele deals with the topic of data ownership revisited from a European point of view. He explains that to unleash the potential of new data-driven opportunities, players in the data market need to have access to large and diverse datasets and discusses the European Commission’s idea of introducing a novel right in raw machine-generated data. The author elaborates on the existing EU acquis on data ownership, deriving from intellectual property rights (namely copyright and database right), trade secrets, traditional property and factual control situations derived by data protection laws. These ownership mechanisms are powerful. However, they difficulty extend to raw data. Despite this, gaps in law have been filled through contractual schemes and technological access restrictions that enhance the ability to control data. The chapter further explores the position of those that support the idea of a new property right in data and elaborates on the new right proposed by the European Commission. The author concludes that creating new monopolies capable of restricting open access to data may result in a threat to the development of an EU data market and highlights that further economic evidence is needed before discussing the introduction of such a new right. Indeed, as the author highlights, the database sui generis right is an accurate example that there is no room for experimenting new rights, that are in fact very difficult to be reversed once introduced in the legal system. In his view considering the three characteristics of big data (namely volume, velocity and variety), it is reasonable to say that in the data economy, access is more important than property in the data. In this context, alternative solutions should be explored, such as sector-based access against remuneration. Meanwhile, the Commission can also support industry by promoting contractual models, standardization agreements and standardised tools that allow access, processing, collection and interoperability of data. In Chap. 10, Ioannis Iglezakis, discusses about net neutrality: chances and challenges in the information age. After defining the term “net neutrality”, this term’s rationale is brought forward. As the author explains, rules on net neutrality are important because they are purported to maintain the open character of the internet and allow internet users to gain access to online content and services without any discrimination and hindrance from service providers. The main part of this chapter is devoted to the various regulatory models that are currently in place in the U.S. and the EU regarding this issue. Starting off with the US, the author focuses on the FCC Restoring Internet Freedom Order, which replaced the Open Internet Rules, and its application in practice. More importantly in relation to the EU, the author proceeds to an interesting analysis and discussion of EU Regulation 2015/2120, laying down measures concerning open internet access and amending Directive 2002/22/EC, which was adopted with a view to safeguard equal and non-discriminatory treatment of traffic in the provision of internet access services and related users’ right. The author concludes that in contrast to the developments in the U.S., the EU appears determined to maintain and enforce the rules on network neutrality. As he explains, these rules apply since April 2016, and as a result, national regulatory authorities have assumed responsibility to assess traffic management and commercial practices to effectively enforce this EU Regulation.

Preface

xiii

In Chap. 11, Evangelia Vagena and Petros Ntellis present the latest developments in EU cybersecurity legislation and their implementation in the Greek legal system. As the authors state, cybersecurity is a top priority and a necessary condition for the EU’s Digital Single Market. More specifically, after providing a brief definition of cybersecurity, as well as the overall interest of the EU in legislating in the area of cybersecurity, the authors proceed to an interesting discussion of various cyber threats including inter alia the denial of services, ransomware, hacktivism, as well as financial costs. More importantly, the authors bring forward the “Lecpetex” case as an illustrative example of the cost of cybercrime in Greece. The main part of this chapter is devoted in discussing various cybersecurity legislation initiatives at both international/European, as well as national, Greek, level. The authors begin their analysis with a brief presentation of the Convention on Cybercrime while discussion is mostly focused on important legislative initiatives on EU cybersecurity policy, as well as on EU key players in this area of law such as ENISA and the European Cybercrime Centre. This part brings additionally forward the Greek cybersecurity framework and its key players. The last part of this chapter focuses on cybersecurity and data protection that as the authors interestingly claim are often two sides of the same coin. The authors conclude that although the new institutional instruments are necessary for the prosecution of cybercrime, the most decisive factor for reducing the perpetration of crimes of this kind is prevention. In Chap. 12, Arno Lodder and Anna de Hingh observe that the datafication and commercialisation of human existence affects human privacy and other more intrinsic human virtues. They explore bio-medical regulations prohibiting the trade of human body parts and examine data processing practices in the light of the principle against commercialisation contained therein to see whether an analogy could be plausible. More specifically, the authors argue that an analogy between data processing and human part trade could assist in the development of a new approach towards what constitutes unacceptable commercial use of personal data, possibly leading to a prohibition upon such processing. According to them, the notion of human dignity can act as a constraint justifying such a strict approach, which can result in more future-proof data protection regulation. In Chap. 13, Yianna Danidou highlights the recent technological advancements focusing on the protection of users’ security, trust and privacy. She points out, however, that the legal framework seemed unprepared to shield users against sophisticated cyberattacks, which is what prompted the EU to enhance network and information security, as well as data protection, through the introduction of the GDPR and the Network and Information Security Directive (NIS). The author puts major emphasis on Trusted Computing (TC), namely a technology that aims to protect the user and his privacy, as well as the integrity of her machine or device. According to the author, to defeat security threats, what is needed are “networks of security” rather than isolated security solutions and “gated communities”. The chapter argues that technologies like TC can be used to build secure networks and if adopted by Critical Infrastructures (CIs), to avoid cascade effects in interdependent CIs, as well as to standardise components, thereby complying with EU cybersecurity framework.

xiv

Preface

In Chap. 14, Paula Giliker analyses why has it proven so difficult to introduce a directive on contracts for the supply of digital content. As she interestingly claims, the saga of this Directive is one that highlights the real difficulties of legislating in the digital age. After explaining what does the notion “contracts for the supply of digital content” means and why is legal intervention needed, the author analyses the 2015 legislative initiative and answers to the question of whether this proposal formed a step forward. The main part of this chapter interestingly identifies four main reasons why the introduction of the Directive had been delayed, these being the impact of the (Online) Sale of Goods directive, the problem of engaging with new technology, maximum harmonisation and time limits and seeks to identify lessons that may be learnt from this troubled journey. The author finally draws attention to the adoption of the Directive in April 2019 this being, as she states, an Easter surprise, bearing in practice all the hallmarks of a compromise. The author concludes inter alia that drafting legislation in a fast-moving area of law is never going to be easy. Yet, failure to implement on time legislation in an area of law where there is a clear demand for intervention should make us pause and reflect. Recognition is needed that innovation requires consultation to bring stakeholders on board, that national sensitivities need to be appreciated, that the more ambitious the project the more likely approval cannot be guaranteed and that care must be taken in the drafting process. In Chap. 15, Christine Riefa notes the turn of individuals and businesses to social media platforms to sell goods and services, thereby engaging in the so-called social commerce, which seems to be a rising breed of online commerce. As the author explains, social commerce combines e-commerce features with the rich social interaction enabled by social media and in practice user trust is central to its development and flourishing. However, social media entail the risk of fraud, as not all users are honest and reliable, something that means that consumers may be exposed to scams that undermines their confidence. The author looks into how consumer goods are being advertised and sold on social media and highlights interesting issues with consumer protection laws. Having illustrated the relevant risks, the author examines various ways in which user protection can be improved, such as self-regulation, intermediary liability, collective actions and public enforcement. She concludes that public enforcement is the most suitable tool to address consumer risks in the context of social commerce, although improvements are necessary to improve its effectiveness especially in cross-border situations. In Chap. 16, Thalia Prastitou-Merdi looks into the 2018 New Deal on better enforcement and modernisation of EU consumer law and answers to the question of whether this forms an actually good digital deal. More specifically, the author, after providing some background information as to how the Commission found its way to this New Deal, proceeds to an interesting analysis of the four fundamental changes brought forward by one of the two legislative proposals contained therein, regarding in general the modernisation and digitalisation of European consumer protection rules, aiming to shed light on the question of whether this legislative initiative improves or not the substance of EU consumer protection legislation. More specifically, this chapter focuses on consumer access to individual remedies

Preface

xv

for unfair commercial practices, simplifications for businesses, transparency requirements for online marketplaces and the addition of ‘free’ digital services to the scope of the Consumer Rights Directive. The author concludes her analysis by claiming that several of the provisions of this legislative initiative must be rethought both from an approach, as well as from a content perspective before becoming official EU legislation. In Chap. 17, Anna Plevri discusses about Alternative Dispute Resolution (ADR) and in particular about Online Dispute Resolution (ODR), as an alternative dispute resolution method relying on technology and most importantly occurring online. The author explains how this new online platform, launched by the European Commission in early 2016 (where consumers and traders can resolve disputes arising of online purchases), works. According to Plevri, the ODR platform offers a single point of entry that allows consumers and traders across the EU to settle their disputes arising from both domestic and cross-border online purchases. The chapter presents the legal framework of the ODR platform, namely EU Regulation 524/2013, regarding online resolution of consumer disputes, as well as Directive 2013/11/EU for consumer disputes, which are closely inter-related. The author proceeds additionally to an interesting comparison of the Cypriot ADR and ODR framework vis a vis its Greek counterparts and furthermore examines how EU consumers are or could be aided by ODR when it comes to consumer disputes in comparison to the traditional court proceedings. The author concludes that there are in practice important advantages associated with alternative dispute resolution. There is definitely a lot in this book at the disposal of the eager reader fascinated by EU internet law (or one or more of the areas falling within it). Doubtless, each collective attempt such as the one mirrored in this book adds significantly to the knowledge of the vast Internet law and often, triggers further research and additional valuable work on the subject. It is hoped that this will be the case in relation to this book too and that the reader will enjoy it as much as the editors have, in the process of putting it together. Nicosia, Cyprus  Tatiana-Eleni Synodinou Nicosia, Cyprus   Philippe Jougleux Nicosia, Cyprus   Christiana Markou Nicosia, Cyprus   Thalia Prastitou

Contents

Part I Copyright Law and the Internet 1 Copyright Law and Internet Intermediaries Liability ������������������������    3 Gerald Spindler 2 Who Is a Lawful User in European Copyright Law? From a Variable Geometry to a Taxonomy of Lawful Use ����������������������������   27 Tatiana-Eleni Synodinou 3 Linking and Copyright: Easier at Last? First National Applications of the CJEU GS Media Judgment������������������������������������   61 Eleonora Rosati 4 Forcing Flexibility with Fundamental Rights: Questioning the Dominance of Exclusive Rights��������������������������������������������������������   79 Bernd Justin Jütte 5 Copyright and the Press Publishers Right on the Internet: Evolutions and Perspectives��������������������������������������������������������������������   99 Maria-Daphne Papadopoulou and Evanthia-Maria Moustaka 6 Author’s Right to Choose: Right of Divulgation in the Online Digital Single Market of the EU ������������������������������������������������������������  137 Branka Marušić 7 “Digital” Exhaustion and the EU (Digital) Single Market������������������  161 Liliia Oprysk Part II Emerging Technologies and New Digital Challenges 8 Spoilers Under European Internet Law������������������������������������������������  183 Philippe Jougleux 9 Data Ownership in the Data Economy: A European Dilemma ����������  199 Francesco Banterle xvii

xviii

Contents

10 Net Neutrality: Chances and Challenges in the Information Age ������  227 Ioannis Iglezakis 11 Cybersecurity Legislation: Latest Evolutions in the EU and Their Implementation in the Greek Legal System������������������������������������������  239 Evangelia Vagena and Petros Ntellis 12 The Role of Human Dignity in Processing (Health) Data Building on the Organ Trade Prohibition ������������������������������������������������������������  261 Anne E. de Hingh and Arno R. Lodder 13 Trusted Computing Initiative on the Spectrum of EU Cyber-Security Legal Framework����������������������������������������������������������  277 Yianna Danidou Part III E-commerce and Online Consumer Protection 14 Adopting a Smart Approach to EU Legislation: Why Has It Proven So Difficult to Introduce a Directive on Contracts for the Supply of Digital Content?���������������������������������������������������������  299 Paula Giliker 15 Consumer Protection on Social Media Platforms: Tackling the Challenges of Social Commerce ������������������������������������������������������  321 Christine Riefa 16 The 2018 New Deal on Better Enforcement and Modernisation of EU Consumer Law: An Actually Good Digital Deal?����������������������  347 Thalia Prastitou Merdi 17 Alternative Dispute Resolution (ADR) & Online Dispute Resolution (ODR) for EU Consumers: Τhe European and Cypriot Framework ����������������������������������������������������������������������������������������������  367 Anna Plevri

Contributors

Francesco Banterle  Hogan Lovells Studio Legale, Milan, Italy Yianna  Danidou  School of Sciences, European University Cyprus, Nicosia, Cyprus Anne E. de Hingh  Faculty of Law, Internet Law, Vrije Universiteit Amsterdam, Amsterdam, Holland Paula Giliker  Comparative Law, School of Law, University of Bristol, Bristol, UK Ioannis  Iglezakis  Faculty of Law, Aristotle University of Thessaloniki, Thessaloniki, Greece Philippe Jougleux  School of Law, European University Cyprus, Nicosia, Cyprus Bernd Justin Jütte  School of Law, University of Nottingham, Nottingham, UK Vytautas Magnus University, Kaunas, Lithuania Arno  R.  Lodder  Department Transnational Legal Studies, Center for Law and Internet, Vrije Universiteit Amsterdam, Amsterdam, Holland Branka Marušić  Department of Law, Stockholm University, Stockholm, Sweden Evanthia-Maria Moustaka  Legal Department, Hellenic Copyright Organization, Athens, Greece Petros Ntellis  Athens, Greece Liliia Oprysk  IT Law Programme, University of Tartu, Tartu, Estonia Maria-Daphne Papadopoulou  Legal Department, Hellenic Copyright Organization, Athens, Greece Anna Plevri  School of Law, University of Nicosia, Nicosia, Cyprus Thalia Prastitou Merdi  Comparative Law, School of Law, European University Cyprus, Nicosia, Cyprus xix

xx

Contributors

Christine Riefa  Brunel Law School, College of Business, Arts and Social Sciences, Uxbridge, UK Eleonora Rosati  Law Department, Stockholm University, Stockholm, Sweden Gerald  Spindler  Department of Civil Law, Commercial and Economic Law, Comparative Law, Multimedia and Telecommunication Law, University of Göttingen, Göttingen, Germany Tatiana-Eleni  Synodinou  Department of Law, University of Cyprus, Nicosia, Cyprus Evangelia  Vagena  Information Technology Law, Computer Engineering & Informatics Department, University of Patras, Patras, Greece CIPP/E, Brussels, Belgium

Part I

Copyright Law and the Internet

Chapter 1

Copyright Law and Internet Intermediaries Liability Gerald Spindler

Abstract  The chapter deals with the development of liability for copyright infringements of internet intermediaries, such as platforms like YouTube or Facebook, in particular the hotly debated Art. 13 (now 17)—often called “upload filter”. The chapter scrutinizes the way from the Commission’s proposal to the European Parliament and finally the final compromise reached at the end of the Trilogue, which has to be voted in the EP still.

1  Introduction Since digitalization and internet have revolutionized the world, copyright law has become one of the major topics in legal science as every step in the chain of up- and downloading something to/from the internet touches upon copyrights, such as the reproduction right or the right of making available to the public (Art. 2 and 3 InfoSoc-Directive1). On the other side, intermediaries have quickly been exempted from liability (and criminal responsibility) to not hamper exchange and data traffic. Since the Digital Millennium Copyright Act (DMCA) in the U.S. and the E-commerce-Directive2 in the EU (Art. 12–15) have been introduced, access providers and host providers are largely freed of any liability (under certain conditions). According to the claims of the Intellectual Property (IP) Industry such as Music or Movie Associations, the rise of file-sharing, user-generated content, and exchange  Directive 2001/29/EC of the European Parliament and of the Council of 22 May 2001 on the harmonization of certain aspects of copyright and related rights in the information society, OJ L 167/10. 2  Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market, OJ L 178/1 (Directive on electronic commerce). 1

G. Spindler (*) University of Göttingen, Göttingen, Germany e-mail: [email protected] © Springer Nature Switzerland AG 2020 T.-E. Synodinou et al. (eds.), EU Internet Law in the Digital Era, https://doi.org/10.1007/978-3-030-25579-4_1

3

4

G. Spindler

of copyrighted material on platforms led to dramatic economic losses in sale, etc. On the other side, the success of platforms such as YouTube, which uses user generated content to make money from advertisement (mostly even inserted in the video, etc.), raised claims by copyright holders that they do not benefit adequately from the generated profits. Rightholders often claim that music or other copyrighted material is being used by YouTube users without any license, while still generating profits for YouTube. The IP-industry labelled this discrepancy as the so-called “Value Gap”. The EU-Commission wanted (and wants) to react on the new developments, which were not foreseeable at the time when the InfoSoc-Directive was adopted. The so-called Digital Single Market package (DSM-package) contains a lot of heavily disputed modifications to the InfoSoc-Directive of which only some can be discussed here. The focus shall mainly be on Art. 13 of the proposed Copyright Directive3 which refers to the “Value Gap” and upload filters (Sect. 2). Moreover, the Court of Justice of the European Union (CJEU) adds growing details to a new concept of how the right to make available to the public (Art. 3 InfoSoc-Directive) can be understood, thus, blurring the traditional lines between contributory and direct liability in cases of hyperlinks, etc. (Sect. 2.4). Finally, we will address some upcoming issues of injunctions against WiFi- and Hotspot-Providers, as well as access providers, which have been stirred up by national legislators such as enshrined in the last German act on telemedia law envisaging to exempt WiFi-Providers from any kind of liability (Sect. 3). The chapter will be terminated by an outlook towards the opaque relationship between anonymity and liability (Sect. 4).

2  A  rt. 13 (Now 17) DSM—Proposal: To Filter Uploads or Not? The so-called “Value Gap” provoked different proposals, ranging from royalties or fees to be paid by the platform operator (cf. below Sect. 4) up to an unrestricted liability of platforms for user generated content. Under the existing legal framework, the focus lies upon the question whether platform operators such as YouTube can still be qualified as “neutral” operators, in the sense of the decision of the CJEU in the case L’Oreal/ebay.4 In the light of this discussion, the Commission, Comité des représentants permanents (COREPER) as the body of Member States, and the European Parliament (EP) each presented different proposals for a new Art. 13 Copyright Directive amending the InfoSoc-Directive. Art. 13 of the Copyright Directive aims at establishing obligations for platform operators to monitor content that is uploaded by users to ensure compliance with copyrights of authors, etc.,  Proposal for a Directive of the European Parliament and of the Council on copyright in the Digital Single Market COM (2016) 593 final. 4  CJEU, L’Oréal SA v eBay International AG and Others, Case C-324/09, Judgment of 12 July 2011, paras. 113, 116; See also CJEU, Google SARL v Louis Vuitton Malletier SA and Others, Case C-236/08, Judgment of 23 March 2010, paras.. 114, 120. 3

1  Copyright Law and Internet Intermediaries Liability

5

while encouraging the users to obtain licences from rightholders, thus “closing” the “Value Gap”.

2.1  Commission Proposal The Commission’s proposal refers to “information society service providers that store and provide to the public access to large amounts of works and other subject-­ matter uploaded by their users”5—thus clearly aiming at user generated content platforms such as Facebook or YouTube. However, the definition is quite opaque as it is unclear whether non-commercial providers, for instance Wikipedia or universities with electronic platforms for their students, are also covered. Moreover, the relation to Art. 14 of the E-commerce-Directive is not clarified. The Commission wants to oblige providers “to ensure the functioning of agreements concluded with rightholders for the use of their works or other subject-matter or to prevent the availability on their services of works or other subject-matter identified by rightholders through the cooperation with the service providers”.6 The content ID-technique developed by YouTube obviously served as a blueprint for such measures, the Commission explicitly refers to “effective content recognition” (Art. 13.1 Copyright Directive). However, the Commission also realizes the danger for free communication implied in such techniques as these can easily hinder free flow of information, for instance if algorithms are not able to distinguish between infringement of copyright and lawful use of the copyrighted material such as citations or satire. The Commission tries to cope with this issue by obliging providers to introduce complaint and redress mechanisms for users (Art. 13.2 Copyright Directive). Nevertheless, it is debatable whether these procedures will outweigh the automated blocking of content.

2.2  COREPER Prepared by the Estonian presidency and finally finished by the Bulgarian presidency, COREPER presented a largely modified proposal of Art. 13 Copyright Directive.7 The proposal clarifies in Art. 13.1 Copyright Directive that these “online content sharing service provider” perform an act of communication to the public or making available to the public. Thus, the COREPER proposal defines the acting of providers as an extension of the right to make available to the public—even though the content was uploaded by a third party; by that means the safe harbor privilege of  COM (2016) 593 final, p. 29.  Ibid. 7  Proposal for a Directive of the European Parliament and of the Council on copyright in the Digital Single Market—Agreed negotiating mandate of 25.5.2018, ST 9134 2918 INIT. 5 6

6

G. Spindler

Art. 14 of the E-commerce-Directive will not be applicable anymore, which is affirmed by Art. 13.2 of the Copyright Directive of the COREPER proposal. As we will see, this reasoning is somehow in line with the recent decisions of the CJEU that tends to enlarge the scope of the notion “making available to the public”.8 In contrast to the Commission’s proposal, COREPER tries to define the borderlines of “online content sharing service provider” in Art. 2.5 of the Copyright Directive and Recital 37a by requiring that such a provider is one that encompasses providers whose “main or one of the main purposes … is to provide access to a large amount of copyright-protected content uploaded by their users with the purpose of obtaining profit therefrom, either directly or indirectly, by organizing it and promoting it in order to attract more audiences”. According to Recital 37a, organizing and promoting content “(…) involves for example indexing the content, presenting it in a certain manner and categorising it, as well as using targeted promotion on it”. On the other side, the COREPER proposal seeks to exclude those providers “(…) whose main purpose is not to provide access to copyright-protected content with the purpose of obtaining profit from this activity, (…) including internet access providers, as well as providers of cloud services which allow users, to upload content for their own private use, such as cyberlockers, or online marketplaces whose main activity is online retail and not giving access to copyright protected content.” Moreover, non-commercial providers also seem to be excluded from the notion of “the online content sharing service provider” as Recital 37a states: “Nor does this definition cover websites which store and provide access to content for non-for-­ profit purposes, such as online encyclopaedias, scientific or educational repositories or open source software developing platforms which do not store and give access to content for profit making purposes.” On the other side, such websites which are more or less dedicated to the promotion of copyright privacy should neither benefit from the safe harbor privileges laid down in Art. 13 Copyright Directive of the COREPER proposal. Thus, Art. 13.1 of the Copyright Directive of the COREPER version obliges the “online content sharing service provider” either to obtain licences from rightholders (which then also includes the permission for users to make use of the copyrighted works (Art. 13.1 Copyright Directive) or to introduce measures which are specified in Art. 13.4 of the Copyright Directive to prevent the availability of unauthorized works. Following the approach of the Commission, the COREPER proposal also specifies the providers’ obligations by granting a safe harbor privilege only if “it demonstrates that it has made best efforts to prevent the availability of specific works or other subject matter by implementing effective and proportionate measures, (…) to prevent the availability on its services of the specific works or other subject matter identified by rightholders and for which the rightholders have provided the service with relevant and necessary information for the application of these measures.”

 Cf. below Sect. 2.5.1.

8

1  Copyright Law and Internet Intermediaries Liability

7

Moreover, Art. 13.4 of the Copyright Directive repeats the notice-and-take-down mechanism of Art. 14 of the E-commerce-Directive by requiring the provider to remove or disable access to works upon notification by rightholders of works or other subject matter. However, going beyond Art. 14 of the E-commerce-Directive, the provider also has to demonstrate “that it has made its best efforts to prevent their future availability through the measures referred to (…)”, thus implementing a notice-and-stay-down requirement. Furthermore, the fine tuning of these obligations is supposed to depend upon the size of the enterprise as Art. 13.5 of the Copyright Directive of the COREPER-Proposal explicitly refers i.a. to microenterprises. Concerning limitations and exceptions, the COREPER proposal follows the Commission’s approach by asking providers to implement complaint and redress procedures in a detailed manner (such as decisions in due time, obligations for rightholders to justify their requests to block access, and independent bodies to assess complaints).

2.3  The Battle in the EP and the Final Vote Parallel to the discussions inside COREPER, the European Parliament entered into heated debates about the Copyright Package, which (after a preliminary report by Comodini Cachia9) resulted in the Voss-Report,10 which was adopted in 2018 with a slight majority in the committee on legal affairs (JURI). However, as a surprise, the EU parliament first did not accept the Voss Report and turned it down; only after a second vote at 12.9.2018 the EU parliament accepted most of the elements/amendments proposed by the (modified) Voss Report.11 The Voss Report also seeks to extend the liability of platform providers by introducing several notions or amending the Commission’s proposal12—in contrast to the preceding report of Comodini Cachia who wanted to stick to the definitions and safe harbor privileges of the E-commerce-Directive.13 Most of the suggestions follow the same approach taken by COREPER, such as declaring the activities of “information society service providers”, which store or provide public access to

 Therese Comodini Cachia, Draft Report for the Committee on Legal Affairs on the proposal for a directive of the European Parliament and of the Council on copyright in the Digital Single Market COM(2016)0593 – C8-0383/2016 – 2016/0280(COD)), 2016/0280COD of 10.3.2017. 10  Αxel Voss, Report on the proposal for a directive of the European Parliament and of the Council on copyright in the Digital Single Market (COM(2016)0593 – C8-0383/2016 – 2016/0280(COD)), A8-0245/2018 of 29.6.2018. 11  Amendments adopted by the European Parliament on 12 September on the proposal for a directive of the European Parliament of the Council on copyright in the Digital Single Market (COM(2016)0593 – C8-0383/2016 – 2016/0280(COD)), P8_TA(2018)0337. 12  Voss Report, see e.g. Amendment 78. 13  See Explanatory Statement of the Comodini Cachia Report concerning Art. 13. 9

8

G. Spindler

work uploaded by their users, an act of communication to the public.14 As a reference to the decisions of the CJEU, in particular in the L’Oreal case, the Voss Report and the EP vote follow the Commission’s proposal by declaring the activities of “online sharing services” to go beyond the borderline of “mere provision of physical facilities”. 2.3.1  The Definition of “Online Content Sharing Service Provider” One of the most worrying elements of Art. 13 referred to the scope, in particular to the definition, of services targeted by the new provision. The Voss Report finally carved a new definition called “online content sharing service provider”, which the EP followed grosso modo by introducing an Art. 2.4(b)15: ‘online content sharing service provider’ means a provider of an information society service one of the main purposes of which is to store and give access to the public to a significant amount of copyright protected works or other protected subject-matter uploaded by its users, which the service optimises and promotes for profit making purposes. Microenterprises and small-sized enterprises within the meaning of Title I of the Annex to Commission Recommendation 2003/361/EC and services acting in a non-­ commercial purpose capacity such as online encyclopaedia, and providers of online services where the content is uploaded with the authorisation of all right holders concerned, such as educational or scientific repositories, shall not be considered online content sharing service providers within the meaning of this Directive. Providers of cloud services for individual use which do not provide direct access to the public, open source software developing platforms, and online market places whose main activity is online retail of physical goods, should not be considered online content sharing service providers within the meaning of this Directive; This definition is flanked by new recitals such as the new 37a,16 repeating more or less the complex definition of Art. 2.4(b). Thus, only commercial activities are concerned, and even within this range, some business models are exempted such as open source development platforms or online market places, etc. Moreover, Art. 2.4(b) (and the Voss Report) clarifies that online encyclopedias or platforms for scientific purposes, etc. are not touched by the Art. 2.4(b), in particular not Wikipedia. However, in contrast to the Voss Report, which did not provide any such provision, the EP wants to exempt also microenterprises from Art. 13.

 Here, as well, the Comodini Cachia Report took no stance.  P8_TA(2018)0337, Amendment 150. 16  Ibid, Amendment 143. 14 15

1  Copyright Law and Internet Intermediaries Liability

9

2.3.2  A  rt. 13 (17): The Complex Triangle of Rightholders, Providers, and Users Concerning Art. 13 (now 17) itself, the EP also followed very closely the Voss Report proposals, with some slight deviations: Act of Communication to the Public  The first key element of the proposed new Art. 13.117 consists in stating explicitly that online content sharing providers perform an act of communication to the public—thus following the COREPER approach and to some extent the CJEU decisions in the cases Filmspeler and Pirate Bay.18 Hence, these providers cannot claim any more for safe harbor privileges according to Art. 14 E-Commerce-Directive as they are infringing directly copyrights. Art. 13.1 calls providers to conclude licensing agreements with rightholders. One important clarification by the EP and the Voss Report—somehow in contrast to COREPER—refers to the consequences of concluded license agreements: Such license agreements should exclude liability of non-commercial users—which would not be the case under InfoSoc-Directive and the case law of the CJEU which just provides for differences in assumptions of knowledge concerning commercial and non-commercial users like in the GS media case.19 Some new recitals correspond to this provision such as Recital 3820 proposed by the EP, which lays stress on the obligation of providers to “take appropriate and proportionate measures to ensure protection of works or other subject-matter, such as implementing effective technologies.” Quite remarkable and somehow opaque is the statement of the EP in the same recital that “this obligation should also apply when the information society service providers are eligible for the liability exemption provided in Article 14 of Directive 2000/31/EC.” In some contrast to the proposal of the Voss Report (Recital 38), which draw a clear line between Art. 14 of the E-commerce-Directive and the envisage online content sharing service providers by stating that these providers do not anymore play a passive role rather than active and thus do not fall under Art. 14, the EP mixes up Art. of the 14 E-commerce-Directive with the proposed Art. 13. Hence, although Art. 14 of the E-commerce-Directive would be applicable, obviously they should be obliged by the proposed Art. 13—which is hardly compatible.21

 P8_TA(2018)0337, Amendments 156, 157, 158, 159, 160, and 161.  Cf. Below 2.5.1. 19  CJEU, GS Media BV v Sanoma Media Netherlands BV et al., Case C 160/15, Judgment of 8 September 2016. 20  P8_TA(2018)0337, Amendments 144, 145, 146 EP. 21  However, note that the Voss Report also took up this notion at the end of the proposed Recital 38, thus somehow contradicting the taken approach in the same recital. 17 18

10

G. Spindler

Measures to be Taken by Providers  Another important and heavily debated corner stone of Art. 13 refers to the measure which providers have to take if no licence agreements have been concluded, the so-called upload-filters. Once again, the EP finally followed mostly the proposal of the Voss Report by adopting an amendment to the Commission’s proposal: “Art. 3.2(a) Member States shall provide that where right holders do not wish to conclude licensing agreements, online content sharing service providers and right holders shall cooperate in good faith in order to ensure that unauthorised protected works or other subject matter are not available on their services. Cooperation between online content service providers and right holders shall not lead to preventing the availability of non-infringing works or other protected subject matter, including those covered by an exception or limitation to copyright.” “Art. 3.3 As of [date of entry into force of this directive], the Commission and the Member States shall organise dialogues between stakeholders to harmonise and to define best practices and issue guidance to ensure the functioning of licensing agreements and on cooperation between online content sharing service providers and right holders for the use of their works or other subject matter within the meaning of this Directive. When defining best practices, special account shall be taken of fundamental rights, the use of exceptions and limitations as well as ensuring that the burden on SMEs remains appropriate and that automated blocking of content is avoided.” Hence, providers will be obliged to take measures to prevent the availability of not licensed or not by a limitation/exception justified content—what means in the end, the introduction of upload-filters and tools to identify relevant copyrighted content. Once again, the Comodini Cachia Report did not recommend such proposals which only mentioned the enforcement of concluded agreements, also laying an emphasis on limitations and exceptions.22 However, one major difference between the Voss Report and the EP vote remains: while the Voss Report neither mentioned SMEs (Small and Medium Sized Enterprises) nor automated blocking of content, the EP explicitly addressed this issue in Art. 3. When defining best practice, the EP lays stress on the balance of fundamental rights (as well as considering limitations and exceptions) and also on the avoidance of automated blocking of content. Hence, upload-filters, which would result in such an automated blocking, should not be permitted—however, how copyrighted content should then be identified and prevented from being made available is absolutely unclear. As human control of every copyrighted content is more or less impossible for automated platforms such as YouTube, this provision would end up either in permitting copyrighted content to be available (as no technology is available that does not automatically block) or in closing those business models.  See Amendment 59 of the Comodini Cachia Report and the given justification: “The process cannot underestimate the effects of the identification of user uploaded content which falls within an exception or limitation to copyright. To ensure the continued use of such exceptions and limitations, which are based on public interest concerns, communication between users and rightholders needs to be efficient”. 22

1  Copyright Law and Internet Intermediaries Liability

11

Moreover, and also hard to reconcile, EP and the Voss Report emphasizes that no general monitoring obligation such as mentioned by Art. 15 of the E-Commerce-­ Directive should be introduced. However, how copyright content should be identified without a constant monitoring of all data traffic on a platform is absolutely unclear and not conceivable. Limitations and Exceptions: Complaint Mechanisms and Dispute Resolution  Another key element of the newly proposed Art. 13 refers to complaint mechanisms and dispute resolution to safeguard the legitimate interests of users. Thus, the EP voted for a new Art. 13.2(b), following closely the Voss Report and to a certain extent similar to the COREPER proposal: “2b. Member States shall ensure that online content sharing service providers referred to in paragraph 1 put in place effective and expeditious complaints and redress mechanisms that are available to users in case the cooperation referred to in paragraph 2a leads to unjustified removals of their content. Any complaint filed under such mechanisms shall be processed without undue delay and be subject to human review. Right holders shall reasonably justify their decisions to avoid arbitrary dismissal of complaints. Moreover, in accordance with Directive 95/46/EC, Directive 2002/58/EC and the General Data Protection Regulation, the cooperation shall not lead to any identification of individual users nor the processing of their personal data. Member States shall also ensure that users have access to an independent body for the resolution of disputes as well as to a court or another relevant judicial authority to assert the use of an exception or limitation to copyright rules.” This provision is flanked by new Recitals 39a23 and 39c,24 which repeats more or less Art. 13 (2b) literally. Hence, the EP lays stress on the obligation of rightholders to justify their requests for removal of content, as well as the access of users to courts and/or independent bodies for the resolution of disputes. Thus, the EP shifts the burden of action still to users who want to claim exceptions and limitations. The Voss Report event went further by stating that these complaint and redress mechanisms should be in place “to prevent misuses or limitations in the exercise of exceptions and limitations to copyright,”—thus, turning the relationship between limitations and rights upside-­ down, as the redress mechanisms should be in place to protect limitations in favor of users and not—vice versa—to combat misuses. Data Protection  One issue that was mentioned neither in the proposal of the Commission nor of COREPER refers to data protection issues: Every upload-filter or, likewise, mechanism to block or to remove content, could easily end up in identification of users. To prevent any conflicts, the EP vote states (and beforehand the Voss Report) in Art. 13.2(b), as well as in the new Recital 39a25: “Moreover, in accordance with Directive 95/46/EC, Directive 2002/58/EC and the  P8_TA(2018)0337, Amendment 148.  Ibid, Amendment 44, 219. 25  Ibid, Amendment 148. 23 24

12

G. Spindler

General Data Protection Regulation, the cooperation shall not lead to any identification of individual users nor the processing of their personal data.” Again, although this provision seems to fit in the general framework of Data Protection, it seems to square the circle. Given the fact that the Enforcement Directive entitles the rightholder to claim for identification of an infringer against any intermediary [Art 8 Intellectual Property Rights Enforcement Directive (IPRED)], it is hard to reconcile this contradiction to the envisaged provision of Art. 13.2(b). If providers shall check copyrighted content, they also get information about infringers so that rightholders can claim disclosure of this data under the Enforcement Directive.

2.4  The Final Compromise of the “Trilogue”: The New Art. 17 Finally, after heated debates amongst Member States as well as in the EP (once again), a final compromise has been reached (and—according to some rumours— after Germany and France had found a deal), which left untouched the base of Art. 13 (17) and introduced some slight, but important deviations: Scope of Application  One of the first hotly debated issues has been related to the scope of application. The final compromise took up the approach of the EP and refers only to those (host) providers “whose main or one of the main purposes is to store and give the public access to a large amount of copyright protected works or other protected subject-matter uploaded by its users which it organises and promotes for profit-making purposes” (Art. 2 (5). Art. 2 (5) sub 2) excluded all non-­ profit services, such as online encyclopedia (so that Wikipedia is not being touched upon), as well as educational and scientific repositories26. Even open source software developing and sharing platforms are out of range—although here developers may pursue commercial reasons by offering their services for open source software that they have developed before. The same is true for “online marketplaces and business-to-business cloud services” or those cloud services that allow users to upload their content only for their own use. However, it will be arguable if for instance a cloud service such as Google Drive, Microsoft OneDrive, iCloud, etc., could be qualified as cloud-services for “their own use”—as these services just allow sharing of content with others to work on documents, etc. Hence, in most cases, it will be difficult for those providers to draw the demarcation line between services that are covered by Art. 13 and those that are not. Finally, in contrast to the EP, the final compromise does not limit the exception for online market places to those that retail physical goods.

 Here, in contrast to the EP Proposal, it is not any more necessary that repositories do have the authorization of all rightholders, see above. 26

1  Copyright Law and Internet Intermediaries Liability

13

Still, however, many services will be covered, ranging from YouTube to Facebook, Instagram, Twitter, and even WhatsApp-Groups that can gather a lot of users. Act of Communication to the Public  The compromise kept the approach that online content sharing providers perform an act of communication to the public. As stated, these providers cannot claim any more for safe harbor privileges under Art. 14 E-Commerce-Directive, as they are infringing directly copyrights. Further, the obligation enshrined in Art. 13.1 to conclude licensing agreements with rightholders has been upheld. The same applies to the clarification by the EP and the Voss Report concerning the consequences of concluded license agreements: These should exclude liability of non-commercial users—which would not be the case under InfoSoc-Directive and the case law of the CJEU that provides for differences in assumptions of knowledge concerning commercial and non-commercial users like in the GS media case.27 In addition to the Parliaments proposal, Art. 13 (2) now extends this privilege to those users who operate on a commercial basis but do not generate “significant revenues”—whatever that means. Concerning the relationship to Art. 14 of the E-Commerce-Directive, the Trilogue compromise now simply states that Art. 13 of the compromise (DSM) shall fall outside Art. 14 of the E-Commerce-Directive and should not have an impact upon any other infringements or legal sectors (such as defamation, etc.). Thus, the mix of Art. 13 and Art. 14 of E-Commerce-Directive (see above) has been resolved by a demarcation line—which seems at first glance to be clear. However, as we will see still, problems of balancing the E-Commerce-Directive with Art. 13 of the DSM-­ package remain. Measures to be Taken by Providers  Probably the most hotly debated cornerstone of Art. 13 refers to the measure that providers have to take if no licence agreements have been concluded, the so-called upload-filters. The final compromise provides for three basic obligations for providers: First, they must do their best in obtaining licenses (Art. 13 (4) a)); second, to make “in accordance with high industry standards of professional diligence, best efforts to ensure the unavailability of specific works and other subject matter for which the rightholders have provided the service providers with the relevant and necessary information” (Art. 13 (4) b)), which is quite remarkable, as the obligation to ensure the unavailability obviously does not depend upon the efforts to obtain licenses, hence, it applies in any case. In addition, the obligation refers as well to “specified works” as to “other subject matters for which the rightholder have provided the service providers with the relevant and necessary information”. Third (Art. 13 (4) c)), providers have to take action expeditiously after having received “a sufficiently substantiated notice by the rightholders” to remove the  CJEU, GS Media BV v Sanoma Media Netherlands BV et al., Case C 160/15, Judgment of 8 September 2016. 27

14

G. Spindler

n­ otified work or to block access to it. Hence, only substantiated notifications can give ground to such obligations—as already the CJEU stated for the notice under Art. 14 E-Commerce-Directive - it is surprising that only notifications by rightholders should trigger that obligation, hence, nobody else—in particular because the EU-Commission made a slightly different statement with regard to Art. 14 E-Commerce-Directive. According to this statement, online platforms should put in place effective mechanisms to facilitate the submission of notices that are sufficiently precise and adequately substantiated. An easily accessible, user-friendly, and contextual mechanisms should enable sufficiently substantiated and detailed notices to allow the platform to find potentially illegal content quickly; moreover, to make a sound assessment of the illegality of the content and act expeditiously where appropriate. Users, however, should usually not be obliged to identify themselves when reporting what they consider illegal content—although they should have the opportunity to voluntarily submit their contact details in a notification.28 Moreover, Art. 13 (4) c) goes beyond Art. 14 E-Commerce-Directive (and follows injunction actions in Member States) by requiring providers to “stay down” the notified work (notice-and-stay-down). One crucial element of Art. 13 (4) refers to the “high industry standards”, which will represent the benchmark for “upload-filters”. Whilst the EP favored a “dialogue between stakeholders”, the final compromise mentions this dialogue at the end of Art. 13 (9). Taking literally the notion of “industry standards”, the definition of those standards would be up to the affected industry. However, Art. 13 (9) contradicts that (traditional) perspective of industrial standards as stakeholders have to take part in the whole procedure. Moreover, it still remains unclear if and how far courts can control the effectiveness of those standards and how they comply with fundamental human rights. However, Recital 38 refers to the competence of courts to scrutinize the evolving state of the art of existing means, including future developments, and consider when assessing whether an online content sharing service provider has made its best efforts according to the high industry standards of professional diligence. These requirements could then be used as a benchmark for the standards themselves. Moreover, Art. 13 (4a) tries to give more guidance for assessing the obligations of Art. 13 (4) by referring to factors which have to be considered, namely “the type, the audience and the size of services and the type of works or other subject matter uploaded by the users; (b) the availability of suitable and effective means and their cost for service providers.” All these are elements of the principle of proportionality—however thus watering the benchmark “high industry standards” as every case has to be assessed in particular. Even more, these factors are not exclusive, but just some amongst others. Art. 13 (9) has to be read together with Art. 13 (4) as the definition procedure of standards has to consider also—self-understood—human rights. Moreover, Art. 13 (9) states explicitly that “users associations” should have a right to have access to adequate information of providers concerning the application of  European Commission, Tackling Illegal Content Online—Towards an enhanced responsibility of online platforms, COM(2017) 555 final. 28

1  Copyright Law and Internet Intermediaries Liability

15

their practices according to Art. 13 (4). Hence, it should be clear that benchmarks have to be defined by a complex procedure amongst all stakeholders. One of the intensively discussed issues in Art. 13 referred to an exception for small and medium enterprises: while the EP favored the mentioning of SMEs during the process of adopting technical standards (see above), this exception was rejected by some Member States, whereas other insisted in upholding it to foster start-ups.29 The final compromise reached a very complex solution by not exempting SMEs in general but by introducing a new and timely restrained exception. According to Art. 13 (4aa) now, Member States should be able to exempt those “online content sharing service providers whose services have been available to the public in the Union for less than three years and which have an annual turnover below EUR 10 million within the meaning of the Commission Recommendation 2003/361/EC”. Hence, this exception is not harmonized. Moreover, the exception concerns only obligations of ex ante upload filters; obligations to obtain authorization are maintained. Concerning the notice-and-stay-down obligations, these enterprises benefit by a reduced requirement as they only have to take down (or block access) to the infringing content; no “stay-down” action is necessary. It remains to be seen how courts will interpret this restriction as some Member States like Germany know actions for injunctions that result in a “stay-down” obligation. To render this exception even more complex, those providers “where the average number of monthly unique visitors of these service providers exceeds 5 million, calculated on the basis of the last calendar year” have also to “demonstrate that they have made best efforts to prevent further uploads of the notified works and other subject matter for which the rightholders have provided relevant and necessary information”. Hence, the “stay-down-obligation” applies again—however, only to “notified works”. The wording refers to the obligation of Art. 13 (4) c) (substantiated notifications, further uploads) and not to the general obligation ex ante of Art. 13 (4) b) remains. Hence, these providers must still comply “only” with the “notice-­ and-­stay-down” action. Limitations and Exceptions: Complaint Mechanisms and Dispute Resolution  Although not mentioned amongst the factors to be considered when defining standards, the traditional limitations to foster communication and freedom of speech have to be respected. Hence, Art. 13 (5) b) mentions explicitly that “Member States shall ensure that users in all Member States are able to rely on the following existing exceptions and limitations when uploading and making available content generated by users on online content sharing services: (a) quotation, criticism, review; (b) use for the purpose of caricature, parody or pastiche.” The wording of Art. 13 (5), however, suggests that these limitations do not have to be considered when benchmarks for technologies are defined concerning the unavailability of works and subject matters. On the other side, Art. 13 (4) refers in general only to  Recital 38ba clarifies that these specific exemptions may not be misused to circumvent the obligations. Hence, if companies turn out to be just follow-ups of already existing business activities, they do not benefit from the alleviations. 29

16

G. Spindler

“unauthorised acts of communication to the public”; if limitations are applicable, however, these acts are per se not unauthorized but legitimate. Hence, the logic of Art. 13 (4) and (5) is somehow opaque and shifts the burden of proofs and of taking action to invoke the limitation to the user—although the limitation would be applicably by law and usely would not need any demand by the user. Moreover, Art. 13 (5) is somehow puzzling as the first sentence refers to all kinds of limitations that allow users to make available works, whereas Art. 13 (5) second sentence seems to limit the exceptions to those mentioned (however, it seems that most of the relevant limitations are covered by Art. 13 (5) as non-commercial activities are out of scope of Art. 13). On the other hand, Member States in general should be obliged to enable users to rely upon limitations in their favor. Art. 13 (5) second sentence should therefore be qualified as a reinforcement of these obligations—but not as a restriction. This applies in particular to supposedly unauthorized acts, Art. 13 (4). In general, Art. 13 (5) states that none of the obligations for providers may result in an unavailability of works that do not infringe copyrights, such as those that are not any more copyright protected or have been licensed under an Open-AccessLicense or are covered by a limitation. Upload Filter and Prohibition of General Monitoring Obligations  The final compromise (Art. 13 (7) of the compromise) follows the same line of the EP and the Voss Report, which emphasized that no general monitoring obligation such as mentioned by Art. 15 of the E-Commerce-Directive should be introduced. As mentioned, it is, however, hardly conceivable how infringing content should be identified without a constant monitoring of all data traffic on a platform. If a provider is being held to establish an upload filter, she is at the least not far away from any general monitoring obligation. As the CJEU stated clearly in the SABAM-case also for host providers (as mentioned in Art. 14 of the E-Commerce-Directive), such a general obligation to monitor data traffic for infringements is not in line with basic constitutional rights; hence, it remains to the CJEU to clarify if upload filters can be balanced with constitutional guarantees. Information About “Functioning of Practices”  Art. 13 (7) of the final compromise creates an additional obligation for providers to provide rightholders upon their request with “adequate information” about the “functioning of their practises”. This obligation seems to be at first glance unproblematic, a closer view, however, reveals important conflicts. Technologies used by service providers such as YouTube (ContentID) often contain trade secrets what Recital 38c explicitly acknowledges; moreover, they are as well copyright protected as software. Hence, striking the balance between interests of rightholders to know how efficient these practices are and interests of providers to keep their algorithms secret could be difficult. A third party procedure that will enable trusted third parties to analyze the used technologies whilst keeping the secrets may be adequate here. Rightholders may not require the disclosure of the source code of algorithms used. Moreover, Recital 38c states that a provider is not required to provide rightholders “with detailed and individualised information for each work and other subject matter identified”.

1  Copyright Law and Internet Intermediaries Liability

17

Complaint Mechanisms and Dispute Resolution  The final compromise follows in grosso modo the approach taken by the European Parliament by requiring Member States (not providers!) to introduce out-of-court redress mechanisms for the settlement of disputes between parties (Art. 13 (8)). These mechanisms shall be impartial and shall not exempt the right of users to turn to state courts to invoke their rights. However, Online Dispute Resolution Mechanisms are not explicitly mentioned so that these out-of-court mechanisms could be anything. Moreover, although only users are mentioned in Art. 13 (8) (and their right to have recourse to judicial authorities), the same is likewise applicable to rightholders and providers. Justification of Request of Removal  Moreover, Art. 13 (8) requires rightholders to justify their reasons for their requests. Hence, this justification is not dependent upon a request of users but has to be provided in each case of request of rightholders to remove a content. However, this obligation to justify concerns only requests to remove content, thus referring to Art. 13 (4) c) and not to the general obligation to make copyrighted content unavailable. Thus, the general “upload filter” is not concerned. Once rightholders have given the necessary information, providers are obliged to check the content (and the data traffic). Under Art. 13 (4) b), there is no obligation to justify or to explain why rightholders believe that their content should be protected by general monitoring. Regarding the removal of uploaded content and hereto complaints, they are subject to human review. Thus, Art. 13 (8) allows implicitly for automated decisions, as Art. 13 (8) refers to a “review” and not to a “human decision”. Again, this human review is not mentioned concerning content that has not been uploaded yet, in other words to which Art. 13 (4) b) applies. Thus, purely automatic checks may be sufficient for Art. 13 (8) and Art. 13 (4) b)—which is clearly a case for constitutional review, again applying the standards set by the SABAM and Netlog case of the CJEU. Data Protection  As mentioned, the EP tried to respect the potential conflict with the GDPR.  The final compromise took the point by merely stating that “this Directive shall (…) not lead to any identification of individual users nor to the processing of their personal data, in accordance with Directive 95/46/EC, Directive 2002/58/EC and the General Data Protection Regulation.” Again, although this provision seems to fit in the general framework of Data Protection, it seems to square the circle. Given the fact that the Enforcement Directive entitles the rightholder to claim for identification of an infringer against any intermediary [Art 8 Intellectual Property Rights Enforcement Directive (IPRED)], it is hard to reconcile this contradiction to the envisaged provision. If providers shall check copyrighted content, they also get information about infringers so that rightholders can claim disclosure of this data under the Enforcement Directive. As stated already, every upload-filter or, likewise, mechanism to block or to remove content, could easily end up in ­identification of users. How the safeguard of personal data of users can be reconciled with a general check before uploading content, in particular in cases of noticeand-­stay-down procedures, remains unclear.

18

G. Spindler

2.5  T  he Extension of the Right to Make Available to the Public by the CJEU 2.5.1  Development of Case Law At the same time—and somehow serving as a background—the CJEU increasingly clarified its jurisdiction on the notion of “making available to the public”, in particular the notion of “public”. Starting with the Svensson decision,30 the CJEU developed the formula that “public” meant that, by technological means, a “new public” was reached (and not before) together with the authorization of the rightholder. Hence, a hyperlink to a content published on the internet was not considered as an infringement of the right to make available to the public as the content was lawfully available on the internet (as the rightholder uploaded the content himself). However, in GS Media,31 the CJEU clarified that hyperlinks to content that has not been uploaded with the authorization of the rightholder (pirated content) constitute an infringement of the right to make available to the public as the setter of the hyperlink contributed to a (not authorized) “new public”. However, the CJEU restricted the liability and obligations to check the copyright situation to commercial link-­ setters, flanked by an assumption that commercial link-setters have been aware of the situation. Hence, private and/or non-commercial link-setters are exempted from this assumption. Moreover, the Court stressed the necessity of balancing interests, so that there is no general rule that every commercial link-setter is faced with a liability for having linked a pirated content. Both notions, however, are a further development of law by the CJEU that is not directly enshrined in Art. 3. InfoSoc-Directive.32 In the decisions of Pirate Bay and Filmspeler, the CJEU went even further. The Court declared any contributory action, such as embedding software in music players, which led directly to pirated works or instructions on how to get pirated works (although not directly hosting them) to be direct infringements of copyrights, here again, the right to make available to the public. Hence, all (national) lines of distinguishing contributory and accessory liability are now blurred in copyright as every supporting action that helps to reach a “new public” (a public which has not been authorized before) is now covered by the jurisdiction of the CJEU. Thus, it is not surprising that some authors declared the CJEU as a substitute for the legislator,33 here Commission, EU-Parliament, and COREPER, as the interpretations handed down by the CJEU are overtaking discussions and debates on the political level.

 CJEU, Nils Svensson, Sten Sjögren, Madelaine Sahlman, Pia Gadd v Retriever Sverige AB, Case C 466/12, Judgment of 13 February 2014. 31  CJEU, GS Media BV v Sanoma Media Netherlands BV et al., Case C 160/15, Judgment of 8 September 2016. 32  Cf. Also, recently Peguera (2018). 33  For instance Leistner (2017), p. 755. 30

1  Copyright Law and Internet Intermediaries Liability

19

2.5.2  C  onsequences for Platforms and Art. 13 DSM-Package and Search Engines This extension of direct liability by interpreting the “public” in a wide manner results in severe consequences for internet intermediaries of every kind. Platforms like YouTube could then easily be qualified as enabling third parties to access unauthorized uploaded content just like Pirate Bay or Filmspeler that directly infringe the right to make available to the public. The same as in the GS Media case, where the CJEU obliged the commercial link-setter to check the copyright situation, could apply to platforms like YouTube, as it is generally known that pirated content (or unlicensed content) can be found on these platforms. Still, undecided by the CJEU remains the question, which efforts are required by commercial linkers or contributors, in other terms, whether platforms like YouTube can avoid (direct) liability by offering tools to rightholders to pursue infringers. However, taking the arguments of the CJEU, which referred to actions and measures of link-setters, it could be probable that the reversal of taking action that is implied by techniques such as ContentID will not be considered as sufficient. In other terms, it is still the provider who has to take action and to monitor content; making available tools like ContentID and, thus, the indirect obligation for rightholders to use them to detect piracy, may not be considered as sufficient. Hence, the recent proposals of COREPER and of the Voss Report declaring activities of platform providers as related directly to the act of making available to the public may be based directly on the logic of the CJEU. The GS Media decision could also have a huge impact on other intermediaries and services, such as search engines. As most of them act commercially, they would be—following the logic of GS Media—obliged to check the copyright situation for every link they provide in their search results. It is not hard to predict that such an obligation (beyond automated copyright checks) would soon lead to the end of search engines, which rely upon automated searches that are unable to exactly assess the copyright situation for the content to which the search result is leading. Probably having this result in mind, the Federal Court of Justice in Germany recently handed down a decision exempting search engines from the GS Media doctrine by balancing social interests and interests of rightholders.34 The court declared that the provider of a search engine cannot reasonably be expected to ascertain whether the images of works or photographs found by the search programs have been lawfully posted on the Internet before they are reproduced as thumbnails.35 Moreover, search engines are of essential importance for the use of the Internet which itself is of ­particular importance for the freedom of expression and information guaranteed by Article 11 of the Charter of Fundamental Rights of the European Union (CFR).36 Thus, the court balanced the different interests and did not apply the GS Media doctrine. Above that, it stated that there is no question relevant to the decision on the interpretation of Directive 2001/29/EC that cannot be clarified by the case-law of  BGH, Urt. v. 21.9.2017, GRU 2018, p. 178.  BGH, Urt. v. 21.9.2017, GRU 2018, pp. 178, 185, Recital 60. 36  BGH, Urt. v. 21.9.2017, GRU 2018, pp. 178, 184, Recital 55, 62. 34 35

20

G. Spindler

the CJEU or answered beyond doubt (meaning a so-called “acte clair”) so that a deference to the CJEU was superfluous according to the Federal Court of Justice.37

3  Access Providers, WiFis, and Injunctions Besides host providers (or platforms), which make user generated content available, access providers are under attack by rightholders as well, be it large telecommunication providers or operators of WiFi-hotspots. As claims against those who are pirating content or against host providers supporting them are increasingly useless as these pirates and/or host providers are located outside the EU in countries where the enforcement level is low, rightholders seek for injunctions against access providers to block access to those websites and content. The basic conflict is obvious: general injunctions and blocking of websites could result in an overblocking, thus, impeding free (lawful) exchange of ideas and data. Moreover, there are severe doubts if blocking of websites really is effective in deterring pirates or works at all as they can be circumvented. Hence, the balance of these differing interests of lawful users, content providers, access providers, and rightholders, is the center of many jurisdictional developments across the EU, including seminal decisions of the CJEU.

3.1  European Setting The first judgement of the CJEU, which touched upon actions against access providers, concerned an injunction filed against Scarlet extended, a Belgian internet service provider. The Belgian collecting society Société d’Auteurs Belge— Belgische Auteurs Maatschappij (SABAM) claimed that Scarlet should monitor and filter all traffic of its users to detect and prevent copyright infringements. However, such a claim clearly contradicted Art. 15 of the E-commerce-Directive, which prohibits any duty to monitor general data traffic. Nevertheless, the CJEU went further by invoking not only the E-commerce-Directive but also the fundamental rights of users enshrined in the CFR, such as the right to protection of their personal data and their freedom to receive or impart information.38 However, just some years after the SABAM-case, the CJEU had to decide another case coming from Austria and concerning an injunction filed by a rightholder against an access provider: UPC Telekabel. Although the CJEU in general upheld the reasoning from the SABAM-case, the CJEU balanced interests of rightholders with those of providers and users, also considering that rightholders shall not be totally unprotected. Hence, the CJEU held in sum that blocking injunctions  BGH, Urt. v. 21.9.2017, GRU 2018, pp. 178, 187, Recital 78.  CJEU, Scarlet Extended SA v Société belge des auteurs, compositeurs et éditeurs SCRL (SABAM), Case C 70/10, Judgment of 24 November 2011, Recital 50. 37 38

1  Copyright Law and Internet Intermediaries Liability

21

is allowed by EU law, in particular by Art. 8.3 of the InfoSoc-Directive and Art. 11 of the Enforcement-Directive, and is also based on the CFR. However, the Court required national courts to carefully balance the fundamental rights of all parties involved in blocking injunctions, in particular third party interests such as users who look for lawful content. In particular, the Court demanded (national) procedural guarantees so that interest of third parties could be considered.39 The last decision of the CJEU concerned a case deferred by a regional court in Germany (Landgericht München) asking the CJEU if and how operators of WiFi spots are obliged to protect their WiFi against illegal use by third parties. The CJEU affirmed the reasoning of UPC Telekabel by stating that WiFi operators are to be treated like access providers (“making (…) network available to the general public free of charge constitutes an ‘information society service’ within the meaning of Article 12.1 of the Directive 2000/31”) and thus are in principle obliged to block illegal websites, etc. In contrast to the opinion of Advocate General Szpunar,40 the CJEU also stated that the Wifi operator is not precluded from paying the costs of giving formal notice and court costs related to the rightholder’s claim for injunctive relief. Although the Court rejected an operator’s duty to monitor all of the information transmitted, as well as a duty to terminate the internet connection completely, it requires WiFi operators to take measures to secure the internet connection respectively to protect their networks by passwords or other tools to identify users and to dissuade them from infringing copyright or related rights41—however, it remains unclear if these means are indispensable as the regional court just referred to them, leaving aside other technical means such as port blocking, etc.

3.2  Legal Reform in Germany The political wish for better access to the internet (agreed by the grand coalition in the last governmental period) led to proposals how to free WiFi operators from legal risks, in particular injunctions. Thus, Germany recently amended the Telemedia Act (Sect. 7, 8) in 201742, exempting all access providers from any kind of liability, in particular for injunctions. As the legislator realized that the CJEU decisions (and the referred directives) have to be respected, a new claim for blocking websites has been introduced in Sect. 7 (4) of the Telemedia Act, which should then substitute general injunction claims. Moreover, the new Sect. 8 (4) prohibits authorities  CJEU, UPC Telekabel Wien GmbH v Constantin Film Verleih GmbH, Wega Filmproduktionsgesellschaft mbH, Case C 314/12, Judgment of 27 March 2014. 40  Opinion of Advocate General Szpunar on Tobias Mc Fadden v Sony Music Entertainment Germany GmbH, C 484/14, Opinion of 16 March 2016. 41  CJEU, Tobias Mc Fadden v Sony Music Entertainment Germany GmbH, Case C 484/14, Judgment of 15 September 2016, Recital 87 et seq. 42  Drittes Gesetz zu Änderung des Telemediengesetzes vom 28. September 2017, Bundesgesetzblatt, vol. I, p. 3530. 39

22

G. Spindler

(obviously not courts) to oblige providers to collect and save personal data from users or to request a password from them before granting them access. Claims for blocking are of subsidiary character as they depend on foregoing attempts of rightholders to identify the infringing persons and proportionality requirements. Further, blocking claims are restricted to WiFi operators, as well as to infringements of intellectual property rights. It is not hard to see that the restriction to WiFi operators is not in line with the CJEU decision in UPC Telekabel, as all other access providers are freed from injunctions—in contrast to the CJEU’s interpretation of the InfoSoc- and the Enforcement-Directive. Hence, it did not come as a surprise that the first cases against access providers (not WiFis) were brought to the Federal Court of Justice in Germany. The Court ruled that the new blocking claims provided by Sect. 7 (4) Telemedia Act also have to be applied to other access providers to avoid contradictions to the European law.43 The Federal Court of Justice in Germany also basically accepted the concept of blocking ports; concerning passwords, the Court obviously also deemed them to be required from WiFi operators, as well as “normal” access providers.

4  Conclusion As mentioned, all developments circle around the difficult multipolar relationship between rightholders (and enforcement against infringements), users’ interest to uphold free exchange of data and ideas, and providers that oscillate between total neutral infrastructure (such as access providers), benefiting from user generated content (such as host providers like YouTube or Facebook), and clearly criminal providers such as kinox.to that are dedicated to piracy actions. Moreover, issues of data protection are also part of the complex balance of interests as any enforcement against infringers implies their identification. As the discussion concerning Art. 13 of the Copyright Package proposal shows, any upload filter or content identification mechanism per se implies data protection issues. Hence, without checking identity and traffic data, it is quite difficult for rightholders to enforce their rights. Anonymity, as one of the basic principles of the internet (as even courts such as the Federal Court of Justice in Germany has ­recognized them),44 obviously contradicts the necessity of identifying infringers. As known, the CJEU has established severe tests to be passed to retain data.45 Although  BGH, Urt. v. 26.7.2018, GRU 2018, p. 443; cf. Comments by Spindler (2016), p. 16 with more references of the national discussion. 44  Such as BGH, Urt. v. 23.6.2009, EBZ 181, p. 328. 45  CJEU, Digital Rights Ireland Ltd v Minister for Communications, Marine and Natural Resources et al. and Kärntner Landesregierung et al., in joined Cases C 293/12 and C 594/12, Judgment of 8 April 2014; CJEU, Tele2 Sverige AB v Postoch telestyrelsen and Secretary of State for the Home Department v Tom Watson, Peter Brice, Geoffrey Lewis, interveners: Open Rights Group, Privacy 43

1  Copyright Law and Internet Intermediaries Liability

23

these decisions referred to the former EU directive on data retention and to similar national acts (here: Sweden) and thus to data retention for public purposes, the same principles safeguarding data protection could be applied to private purposes. However, without data retention (be it on the side of access providers or host providers), rightholders are unable to identify infringers. Given the problems rightholders are facing when trying to identify infringers, as well as to enforce claims against them, it comes to no surprise that intermediaries have increasingly become the target for their claims, as some kind of last resort. Hence, anonymity and possibilities to enforce claims are closely related to liability of intermediaries. Moreover, if providers are benefitting from anonymous users (e.g. advertising, etc.) and do not track their activities (or at least not to the benefit of rightholders rather than their own benefits such as personal profiles for marketing), it is hard to shield them from liability as they “externalize” risks that rightholders cannot cope with (in particular not without relevant data). On the other hand, it can also not be denied that strong data retention rules, upload filter, etc., endanger free exchange of ideas and data as they produce chilling effects. Moreover, automated upload filters in particular, as suggested by the COREPER proposal and the EP vote, cannot distinguish between infringements and legitimate limitations such as the citation rule or satire. Hence, upload filters will also cause a dramatic reduction of legitimate uses—like overblocking websites, etc.46 The puzzle between free exchange of ideas and data and anonymity on one side and the protection of rightholders (as well as other regulatory issues) on the other, seems to be unsolvable. However, if we set aside the provisions of InfoSoc and Enforcement-Directive for a moment, a solution based on the idea of levies would be the preferred option. If we go back in history, when the first tape recorders appeared, rightholders’ complaints and their claims had been somehow similar: injunctions against producers, traders, and users of tape recorders became famous at the end of the 50s and early 60s. However, the solution of the legislator was not to ban production of tape recorders or to require retailers to identify buyers and even go to their living rooms to check what they were doing. Instead, the legislator opted for the introduction of a limitation to copyright for private purposes accompanied by a levy for hardware producers to compensate economic losses for rightholders— a model which is still in use today, albeit, there are still a lot of disputes between rightholders (and collecting societies) and hardware producers about the right amount of levies. This model can also serve as blue print for online sharing platforms such as YouTube or Facebook and even for access providers—thus avoiding any quarrels about using internet facilities in a lawful manner whilst guaranteeing

International, The Law Society of England and Wales, in joined Cases C 203/15 and C 698/15, Judgment of 21 December 2016. 46  A comprehensive list of arguments and references regarding the feared effects of upload-filters can be found on Julia Reda’s (member of the European Parliament) homepage. https://juliareda.eu/ eu-copyright-reform/censorship-machines/.

24

G. Spindler

rightholders a fair income.47 Users and platforms would benefit from limitations allowing for user generated content, whilst rightholders can claim adequate levies that will be calculated upon traffic data or statistically monitored use of their works on the platforms. Such a model could avoid all the quarrels that deeply affect society and strike a balance between freedom of communication and the rights of authors, musicians, etc.48

References A comprehensive list of arguments and references regarding the feared effects of upload-­ filters. Available at Julia Reda’s homepage. https://juliareda.eu/eu-copyright-reform/ censorship-machines/. Amendments adopted by the European Parliament on 12 September on the proposal for a directive of the European Parliament an of the Council on copyright in the Digital Single Market (COM(2016)0593 – C8-0383/2016 – 2016/0280(COD)), P8_TA(2018)0337 Αxel Voss, Report on the proposal for a directive of the European Parliament and of the Council on copyright in the Digital Single Market (COM(2016)0593 – C8-0383/2016 – 2016/0280(COD)), A8-0245/2018 of 29.6.2018 BGH, Urt. v. 21.9.2017, GRU 2018, p 178 BGH, Urt. v. 23.6.2009, EBZ 181, p 328 BGH, Urt. v. 26.7.2018, GRU 2018, p 443 Christina Angelopoulos und Joao Pedro Quintais (2018) Fixing Copyright Reform: How to address online infringement and bridge the “value gap”. http://copyrightblog.kluweriplaw. com/2018/08/30/fixing-copyright-reform-address-online-infringement-bridge-value-gap CJEU, Digital Rights Ireland Ltd v Minister for Communications, Marine and Natural Resources et al. and Kärntner Landesregierung et al., in joined Cases C 293/12 and C 594/12, Judgment of 8 April 2014 CJEU, Google SARL v Louis Vuitton Malletier SA and Others, Case C 236/08, Judgment of 23 March 2010 CJEU, GS Media BV v Sanoma Media Netherlands BV et  al., Case C 160/15, Judgment of 8 September 2016 CJEU, L’Oréal SA v eBay International AG and Others, Case C 324/09, Judgment of 12 July 2011 CJEU, Nils Svensson, Sten Sjögren, Madelaine Sahlman, Pia Gadd v Retriever Sverige AB, Case C 466/12, Judgment of 13 February 2014 CJEU, Scarlet Extended SA v Société belge des auteurs, compositeurs et éditeurs SCRL (SABAM), Case C 70/10, Judgment of 24 November 2011 CJEU, Tele2 Sverige AB v Postoch telestyrelsen and Secretary of State for the Home Department v Tom Watson, Peter Brice, Geoffrey Lewis, interveners: Open Rights Group,Privacy International,The Law Society of England and Wales, in joined Cases C 203/15 and C 698/15, Judgment of 21 December 2016

 Cf. also Spindler (2013).  A comparable model was introduced by Leistner and Metzger (2017), p.  381; similarly Angelopoulos C and Quintais J P, Fixing Copyright Reform: How to address online infringement and bridge the “value gap”. http://copyrightblog.kluweriplaw.com/2018/08/30/fixing-copyrightreform-address-online-infringement-bridge-value-gap/: advertising “a statutory license based on a mandatory exception for individual online users that covers the non-commercial use of works on user-generated content platforms (…) tied to an unwaivable right of fair compensation”.

47 48

1  Copyright Law and Internet Intermediaries Liability

25

CJEU, UPC Telekabel Wien GmbH v Constantin Film Verleih GmbH, Wega Filmproduktionsgesellschaft mbH, Case C 314/12, Judgment of 27 March 2014 Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market, OJ L 178/1 Directive 2001/29/EC of the European Parliament and of the Council of 22 May 2001 on the harmonization of certain aspects of copyright and related rights in the information society, OJ L 167/10 Gutachten erstellt im Auftrag der Bundestagsfraktion “Bündnis 90/DIE GRÜNEN”. Available at https://www.gruenebundestag.de/fileadmin/media/gruenebundestag_de/themen_az/medien/ Gutachten-Flatrate-GrueneBundestagsfraktion__CC_BY-NC-ND_.pdf. CC BY NC ND 2.0 Leistner M (2017) Die “The Pirate Bay”-Entscheidung des EuGH: ein Gerichtshof als Ersatzgesetzgeber. GRUR 8:755 Leistner M, Metzger A (2017) The EU copyright package: a way out of the Dilemma in two stages. IIC 48(4):381–384 Peguera M (2018) Hyperlinking under the lens of the revamped Right of Communication to the Public. Comp Law Secur Rev 34(5):1099–1130 Proposal for a Directive of the European Parliament and of the Council on copyright in the Digital Single Market COM (2016) 593 final Spindler G (2013) Rechtliche und Ökonomische Machbarkeit einer Kulturflatrate: Gutachten Spindler G (2016) Text und Data Mining –urheber-und datenschutz rechtliche Fragen. GRUR 11:1112 Therese Comodini Cachia, Draft Report for the Committee on Legal Affairs on the proposal for a directive of the European Parliament and of the Council on copyright in the Digital Single Market (COM(2016)0593 – C8-0383/2016 – 2016/0280(COD)), 2016/0280COD of 10.3.2017

Chapter 2

Who Is a Lawful User in European Copyright Law? From a Variable Geometry to a Taxonomy of Lawful Use Tatiana-Eleni Synodinou

Abstract  This chapter analyses the concepts of “lawful user”, “lawful use” and “lawful access” in European copyright law. These concepts, which appeared in sectoral EU copyright legislation, still remain largely unexplored. Firstly, the emergence of these concepts is analysed, while possible interpretations are discussed. The author rejects restrictive interpretations that result in defining lawful use solely in terms of the private will of the copyright holders, and argues in favour of a uniform and dynamic definition of the concept of “lawful use”, which could include elements of fairness and reasonableness in the rigid EU copyright acquis. The author argues that it is vital to conceive these concepts flexibly to include uses implied by the interpretation of contracts between right holders and users, in accordance with standards of fairness and good faith. Furthermore, it is demonstrated that for the Court of Justice of the EU (CJEU) the concept of lawfulness of use is linked to the mens rea of the user, in the sense that the use will not be lawful if the user was aware—or ought to have been aware—of the manifestly unlawful nature of the copy of the work reproduced or made available to the public. The insertion of these concepts into European copyright law could be seen as a silent revolution that alters the nature of copyright law and opens the door to a more calibrated co-existence of the interests of right holders and users. However, since the standards of reasonableness and fairness vary among the national legal traditions of the Member States, a uniform legislative definition of these concepts is necessary at European level. The author proposes a taxonomy of lawful use that consolidates the EU copyright acquis on lawful use. The EU taxonomy of lawful use will comprise a horizontal definition of lawful use, accompanied by a list of categories of lawful use, together with a clause of exemption from liability for non-­ commercial users who are not in a position to be aware of the unlawful nature of the source of the copy that they used based on copyright exceptions. The author concludes that recognition of the concepts of “lawful user” and “lawful use” injects a new subversive approach into copyright law. These concepts can have a dual function and be used either to reinforce the position of users or to restrict T.-E. Synodinou (*) Law Department, University of Cyprus, Nicosia, Cyprus e-mail: [email protected] © Springer Nature Switzerland AG 2020 T.-E. Synodinou et al. (eds.), EU Internet Law in the Digital Era, https://doi.org/10.1007/978-3-030-25579-4_2

27

28

T.-E. Synodinou

the uses made of copyright-protected works and to make the users liable for copyright infringement. In the author’s view, a necessary pre-condition for a balanced application of these legal norms is the establishment of all copyright exceptions as ius cogens, whose protection could be claimed by users before the courts.

1  Introduction Researching the position of lawful user in copyright law would still have been considered as heresy some years ago. Copyright doctrine is characterised by the absence of the user.1 This controversy stems mainly from the dominant author-centred approach of European continental copyright law (the so-called “author’s right” approach). According to this approach, the natural person of the author of the intellectual creation is the cornerstone of the protection awarded. Public interest is satisfied by the establishment of strictly defined exceptions or limitations to copyright. These exceptions or limitations are not granted in favour of a legally recognised individual entity, but in a general and abstract way in favour of the public. In other words, the end-user of the works of intellect is not recognised as an individual entity that can claim the application of exceptions or limitations to copyright. Moreover, exceptions or limitations are not traditionally considered as rights of the end-users. The absence of the concept of the “user” in copyright law is also linked to another issue: the fundamental copyright premise that the mere use of works is free2 and the traditional disinterest of copyright law for personal uses that do not have a commercial nature. Indeed, since controlling access to and use of copyright-protected works by private users was not a realistic goal, copyright holders have mainly focused on controlling reproductions and communications to the public that have a commercial nature. However, the digital era changed this paradigm and it is now possible to control access to and use of works by private users.3 In light of the above, the concepts of the “use” and the “user” of copyright-protected works have obtained an autonomous status in copyright legislation and case law. The formal emergence of the concept of “lawful user” in European copyright law has consolidated a silent but ground-breaking evolution. More than two decades after the sudden landing of the concept of “lawful user” in the universe of European copyright law, this concept has been confirmed and partially clarified, both by EU legislation and case law. Nonetheless, the concept of “lawful user” is still seen as a weird guest in the copyright law family, while it is amorphous and lacks a proper definition. This chapter is divided into three main parts. In Sect. 2, the emergence, the notional core and the role of the concepts of “lawful user”, “lawful use” and “lawful access” in European copyright legislation will be analysed. Section 3 will research  Synodinou (2010), pp. 819–843; Cohen (2005), pp. 347–374.  Westkamp (2004), p. 1057. 3  Dusollier (2000), pp. 25–52; Ginsburg (2000). 1 2

2  Who Is a Lawful User in European Copyright Law? From a Variable Geometry…

29

the perplexing current understanding of lawful use and the controversies surrounding variant interpretations of lawful use. It will also demonstrate that it is essential to promote a horizontal and dynamic definition of lawful use, based on standards of fairness and responsibility. Section 4 will propose a taxonomy of lawful use that consolidates the EU copyright acquis on lawful use.

2  T  he Emergence of the Concepts of the “Lawful User” and “Lawful Use” in European Copyright Legislation 2.1  T  he Introduction of the Concept in the Software and the Database Directive The concept of “lawful user” made its first appearance in the Computer Programs Directive.4 Under the Directive, only the “lawful user” is entitled to enjoy the exceptions to the right holder’s copyright monopoly over the computer program. The Directive has introduced the concept, but paradoxically does not establish a clear terminology and does not use an identical term for defining the person who is entitled to enjoy the exceptions. In this context, the term “lawful acquirer of the program” or descriptive definitions such as the “person having a right to use the computer program” or the “person having a right to use a copy of a computer program” are used indiscriminately to determine the person who can lawfully invoke the application of copyright exceptions.5 The concept reappears five year later in the Database Directive.6 In this context, the person who can claim the application of the exceptions established by this Directive is defined consistently as the “lawful user of a database”. Although the two Directives do not use the same term, the meaning of the concept in both Directives has to be perceived as identical. Indeed, all the terms correspond to a sole entity that can be globally defined as the “lawful user”. This approach is also dictated by practical reasons. It is the only one that is consistent with the technological reality of co-existence of electronic databases and computer programs in the same medium. This interpretation seems to be implicitly confirmed by the Report published by the Commission on the implementation and effects of Directive 91/250/EEC on the

 Council Directive 91/250/EEC of 14 May 1991 on the legal protection of computer programs, OJ L 122, 17.5.1991, pp. 42–46. The Directive has meanwhile been codified. See: Directive 2009/24/ EC of the European Parliament and of the Council of 23 April 2009 on the legal protection of computer programs (Codified version) OJ L 111, 5.5.2009, pp. 16–22. 5  Synodinou (2010). 6  Directive 96/9/EC of the European Parliament and of the Council of 11 March 1996 on the legal protection of databases, OJ L 77, 27.3.1996, pp. 20–28. 4

30

T.-E. Synodinou

legal protection of computer programs.7 As stated in the Report, Articles 6 and 8 of the Database Directive (Directive 96/9/EC), which use the term “lawful user”, were modelled along the lines of Article 5 (1) of the Computer Programs Directive. In any case, since the CJEU has not expressly dealt with this question, the issue will have to be addressed in a future consolidation or codification of the EU copyright acquis. From a copyright policy point of view, the introduction of the concept of “lawful user” constitutes the expression of a new perception of the delimitation of copyright monopoly. It is the first time ever that the individualised entity of the user of copyright-­protected works is recognised as an autonomous subject who is entitled to exercise certain legal prerogatives in the form of mandatory copyright exceptions. Indeed, the introduction of the concept of “lawful user” carries great symbolism, but it would have remained a purely theoretical advance if the lawful user’s capacity to enjoy the use of copyright-protected works was not safeguarded or guaranteed. Another original feature of both Directives is that they establish some of the exceptions in favour of lawful users as mandatory. Article 9 of Directive 91/250/EC states that any contractual provisions that limit or abrogate the right to create a back-up copy of a computer program, to observe, study and test the program and to decompile the program to achieve interoperability shall be considered as null and void.8 Article 15 of Directive 96/9/EC also declares the binding nature of some exceptions. Any contractual provision contrary to Articles 6 par. 1 and 8 of the Directive shall be treated as null and void. This has a specific significance in terms of determining their legality. Assigning a mandatory nature to exceptions or limitations to copyright injects a new perspective into copyright exceptions. This development could be seen as an indirect recognition of the category of “user rights” as an essential counterbalance to copyright protection. Thus, in addition to the concept of “lawful use”, a new category of “legal prerogatives” also emerges: the “rights of the lawful user”. The emergence of the concept of “lawful user” in two Directives concerning the protection of information assets is not accidental. This is consistent with the contractual reality of transactions involving information goods. The legal terminology is strongly influenced by the contractual arrangement that presupposes at least two distinct parties: the creditor and the debtor. Computer programs and electronic databases are mostly distributed through preformatted, standard and non-individualised licences that lay down their terms of use, in very precise and restrictive detail, and impose very broad and detailed obligations on the licensee. In this context, the abstract notion of the “public” is replaced by the more specific concept of a particular entity that has the right to use the computer program or the database: the “lawful user”. In parallel, the almost total pre-eminence of the contract as the legal instrument regulating the terms of use of information goods has highlighted the need to legally guarantee a minimum space of free use within the contractual perimeter of restricted uses. This was achieved by the legal recognition of “the rights of the lawful user”.  Report from the Commission to the Council, the European Parliament and the Economic and Social Committee on the implementation and effects of Directive 91/250/EEC on the legal protection of computer programs, Brussels, 10.04.2000 COM (2000) 199 final. 8  See article 8 of Directive 2009/24/EC (codified version of Directive 91/250), (supra n. 3). 7

2  Who Is a Lawful User in European Copyright Law? From a Variable Geometry…

31

More broadly, determining a distinct legal subject of such rights, the person of the “lawful user”, who can claim the application of copyright exceptions and recognition of the exceptions as “legal prerogatives” of the lawful user that cannot be overridden by the contractual will, has irreversibly marked the advent of a more active approach in relation to copyright exceptions in EU copyright law. Indeed, one of the most controversial issues of modern copyright law is that of determining the legality of the exceptions to copyright law. Do they grant copyright users a simple legal right to act that is based on permissive legal rules or do they grant real enforceable rights? Directive 2001/29 did not reply to this question. An approach favouring a general prevalence of copyright exceptions over contractual clauses emerged in the Verwertungsgesellschaft Wort (VG Wort) cases,9 where the CJEU appears to support the view that Member States generally have a choice over whether to allow exceptions to be overridden by, limited by, or be otherwise dependent on contract terms. However, where contract or licence terms are not expressly allowed by domestic copyright laws to limit the scope of an exception, the default position is that the exception will prevail over any rights holder authorisation.10 Whether this approach would become a prevailing principle in European copyright law remains to be seen. In domestic copyright laws, the way exceptions are dealt with could be used as an indicator of their legality.11 However, the way these exceptions are formulated must be combined with other elements, such as the dominant philosophy regarding the place of the author and the justification of copyright law in each specific national legal tradition.12 Furthermore, particular significance should be given to the degree of recognition in every legal tradition of the principles of freedom of contracts and of the autonomy of the parties, and to the philosophical and legal justification of each separate exception.13 In conclusion, the emergence of the concept of the “lawful user” and of the “rights” of the lawful user represents a significant step towards a more balanced calibration of interests in European copyright law, since for the first time, the position of the user as an individualised subject of “rights” is being officially recognised. On the other hand, this evolution is also characterised by a paradox. For the

 CJEU, Verwertungsgesellschaft Wort (VG Wort) v Kyocera and Others (C-457/11) and Canon Deutschland GmbH (C-458/11) and Fujitsu Technology Solutions GmbH (C-459/11) and HewlettPackard GmbH (C-460/11) v. Verwertungsgesellschaft Wort (VG Wort), ECLI:EU:C:2013:426. 10  See par. 37 of VG Wort, op. cit.: “Where a Member State has decided, pursuant to a provision in Article 5(2) and (3) of Directive 2001/29, to exclude, from the material scope of that provision, any right for the rightholders to authorise reproduction of their protected works or other subject-matter, any authorising act the rightholders may adopt is devoid of legal effects under the law of that State.” 11  Caron (2006), p. 273. 12  According to Lucas A, while the author-centred approach of French copyright law is not compatible with the recognition of the exceptions and limitations to copyright as “rights”, in other copyright systems where the mechanism of balancing of rights is accepted the recognition of exceptions as user rights should not be rejected. See Lucas et al. (2017), p. 356. 13  Geiger (2004), p. 121; Dusollier et al. (2000). 9

32

T.-E. Synodinou

first time ever, exceptions that take the legal form of “users’ rights” are granted only in favour of lawful users and not in favour of the public in general. It is necessary, then, to opt for a flexible definition of these concepts, and not to apply purely formalistic standards. It is noteworthy that this dynamic and open-­ ended approach could operate not only as an enabling, but also as a restrictive, method of interpretation, by promoting a prototype of lawful use that is formed on the grounds of fairness and responsibility. Generally speaking, such flexibility is necessary in modern EU copyright law, which has hitherto crystallised in the form of strictly structured legal machinery with no room for openness. Indeed, as Hugenholtz and Senftleben note: “Like any other structure of rulemaking, copyright law must mediate between the maxims of legal security, which favors precisely defined legal provisions that provide optimal predictability ex post, and of fairness, which favors open and flexible legal concepts that allow a wide margin of judicial appreciation ad hoc”.14 In this context, interpreting “lawful use” openly, in a way that ensures that legal norms such as good faith, reasonableness and fairness are also considered, will strengthen flexibility within copyright law. It will also promote a prototype of use of copyright-protected works that will not be exclusively dictated either by the private will of the right holders or, conversely, by the growing disrespect demonstrated by users in relation to copyright protection. This “fair” prototype of lawful use, however, should not be left to the national discretion of the Member States, but should be given a uniform meaning in European copyright law instead. As we will show, the CJEU’s stance on the position of the user appears to embrace such an approach.

2.2  “ Lawful Use” in the Temporary Copy Exception Established by the Information Society Directive In 2001, the adjacent concept of “lawful use” appears in the Information Society Directive. The Directive does not define the lawful user as the sole beneficiary of copyright exceptions. However, the mandatory temporary copy exception provided for by Article 5 par. 1 presupposes either acts of reproduction whose sole purpose is to enable transmission by an intermediary on a network between third parties, or lawful use to be made of a work or other subject matter. In this case, the “lawfulness” of the use is not directly assessed in relation to the user’s status in the way it is in the Software and the Database Directives, but in relation to the purpose of the act of reproduction.15 The question, therefore, is whether the concepts of “lawful user” and “lawful use” in the three Directives should be understood as having a similar or analogous meaning and function.

14 15

 Hugenholtz and Senftleben (2011).  Dussolier (2005), p. 449.

2  Who Is a Lawful User in European Copyright Law? From a Variable Geometry…

33

Indeed, the reference to the user’s status in the Software and the Database Directives reflects the situation common at the time of the adoption of these Directives, whereby the information asset (software, database) is acquired as a product by an end-user. On the other hand, the reference to “lawful use” in the Information Society Directive is broader and more technologically neutral, in the sense that it aims to cover the provision of every copyright-protected work both as a product and as a service that can lawfully access the work. In this context, it covers temporary digital reproductions made by users, either when accessing a work of mind via the Internet or by other means. For example, a licence to make photocopies of a copyright-protected work might not expressly refer to the making of temporary electronic copies of the document stored in the photocopier. In such a case, the temporary copy exception of Article 5 par. 1 will permit the making of such electronic copies as part of a lawful, authorised use.16 Furthermore, although lawful use in the Information Society Directive refers to the act of reproduction, it would be somewhat inconsistent to assume that an act of lawful use (the making of a temporary copy allowing lawful use) could be undertaken by a person who is not a lawful user. As we shall see, it is essential that a uniform and flexible interpretation be given to both concepts. On the meaning of the concept of “lawful use”, Recital 33 of the Information Society Directive defines “lawful use” broadly as any use that is authorised by the right holder or not restricted by law. There are two alternative criteria for assessing the “lawfulness” of use. Either such use is authorised by the right holder (either expressly or implicitly if a work is made freely available through a website without any terms and conditions governing its use) or it is not restricted by law. In that sense, although it is not entirely clear, it appears that a use would be lawful if it is based on a copyright exception or limitation17 or even on other legal grounds outside the purview of copyright law. Consequently, while a use that relies on the right holder’s authorisation is a lawful use, it is also possible to assess whether a use is lawful, even without such authorisation, if the use relies on copyright exceptions and limitations, provided that these exceptions have not been contractually forbidden, unless they are mandatory. The CJEU was called upon to interpret the prerequisite of “lawful use” laid down in Article 5 par. 1, in the Infopaq II, in the Football Association Premier League case and in the recent Filmspeler case. First, the Court adopted a broad construction of the concept of “lawful use”, with reference to Recital 33 of the Information Society Directive.18 In Infopaq II,19 the Court confirmed that specific authorisation by the copyright holder is not required for asserting that the use is lawful. The Court held that the drafting of a summary of newspaper articles, albeit not authorised by the copyright holders, was not restricted  Headdon (2011), pp. 15–18.  Van Eechoud et al. (2009), p. 116. 18  Seville (2016), p. 75. 19  CJEU, Infopaq International A/S v Danske Dagblades Forening, Case C-302/10, Order of the Court of 17 January 2012, ECLI:EU:C:2012:16, par. 44 and 45. 16 17

34

T.-E. Synodinou

by the applicable legislation and the use could not be deemed unlawful. Similarly, in its judgment of 4 October 2011 in Football Association Premier League,20 the Court was called upon to analyse whether the temporary copy exception could apply to ephemeral acts of reproduction taking place upon the mere reception of satellite broadcasts by television viewers. It held that the picking up of such broadcasts and their visual display in a private circle did not constitute an act restricted by legislation and that such reception was to be considered lawful in the case of broadcasts from a Member State, when brought about by means of a foreign decoding device. On the other hand, in the recent Filmspeler case,21 the CJEU affirmed that the temporary copy exception permitted by Article 5 par. 1 of the InfoSoc Directive cannot be relied on by users of Kodi boxes, and thus of multimedia players on which there are pre-installed add-ons, which modify the settings and allow the Kodi box user to have access to private servers on which copyright-protected works have been made available to the public without the right holders’ consent. Even if the content is streamed to the device, a technical and temporary copy of the work is still held in the device’s memory. The CJEU firmly rejects the application of the exception of temporary reproduction, since it is clear that these settings do not correspond to a lawful use. On the contrary, these temporary reproductions on multimedia players are made in the course of a clearly illegal use, since the users of such devices are deliberately accessing a free and unauthorised database of protected works.22 Therefore, the users of the device are not lawful users and they are also infringing copyright law, because no copyright exception can be invoked in their favour in relation to the reproductions made. This is in line with the finding of the CJEU in the seminal ACI Adam case,23 where it was held that it would be impossible for users to invoke the private copy exception for copies made from an unlawful source. Consequently, EU law must be interpreted as precluding national legislation that does not distinguish the situation in which the source from which a reproduction for private use is made is lawful, from that in which that source is unlawful. From the above, it appears that the CJEU has opted for a flexible definition of the notion of “lawful use” based on the equally broad formulation of Recital 33 of the Information Society Directive, in the sense that a lawful use could also be any use that is not restricted by law, and therefore any use that can rely on copyright exceptions. However, as the Filmspeler judgment shows, the assessment made of the “lawfulness” of use on the grounds of a copyright exception is holistic, in the sense

 CJEU, Football Association Premier League Ltd and Others v QC Leisure and Others (C-403/08) and Karen Murphy v Media Protection Services Ltd (C-429/08), ECLI:EU:C:2011:631, par. 170 to 172. 21  CJEU, Stichting Brein v Jack Frederik Wullems, Case C-527/15, Judgment of 26 April 2017, ECLI:EU:C:2017:300. 22  Stichting Brein v Jack Frederik Wullems, ibid, par. 69. 23  CJEU, ACI Adam BV and Others v Stichting de Thuiskopie and Stichting Onderhandelingen Thuiskopie vergoeding, Case C-435/12, Judgment of 10 April 2014, ECLI:EU:C:2014:254. 20

2  Who Is a Lawful User in European Copyright Law? From a Variable Geometry…

35

that the status of the user’s knowledge in relation to the lawfulness of the source of the copy of the work, which is accessed and used, is also considered.

2.3  T  he Various Shades of Lawfulness in EU Copyright Law: “Lawful Use” and “Lawful Access” in the Digital Single Market Copyright Package The concept of “lawfulness” is also present in the Directive on Copyright in the Digital Single Market. Specifically, “lawful access” to works or other protectable subject-matter is a prerequisite for enjoyment of the text and data-mining (TDM) exception.24 The prerequisite of “lawful access” is not a novelty in the Digital Single Market Package, since Article 6 (4) of the Directive 2001/29 referred to the neighbouring concept of “legal access”.25 When referring to “lawful access” as a condition for enjoyment of the exception, the text follows the model of the UK text on the data-mining exception26 and not the criterion set in the French text on the data-mining exception,27 which covers reproductions from “lawful sources” (material lawfully made available with the right holders’ consent).28 The text of the Directive does not define what “lawful access” is. However, some indications are to be found in Recital 14 of the Directive, where it is explained that lawful access to copyright-protected content occurs when researchers have access through subscriptions to publications or open-access licences.  Furthermore, it is stated that lawful access could be based on subscriptions, but also on other lawful means. For instance, in the case of subscriptions taken by research organisations or cultural heritage institutions, the persons attached there to and covered by those subscriptions should be deemed to have lawful access. Lawful access should also cover access to content that is freely available on line. Since the wording is different from that of the Software, the Database and the Information Society Directives, the  Directive EU 2019/790 of the European Parliament and of the Council of 17 April 2019 on copyright and related rights in the Digital Single Market and amending Directive 96/9/EC and 2001/29/ EC, OJ L 130, 17.5.2019, p. 92–125. 25  “6. 4. Notwithstanding the legal protection provided for in paragraph 1, in the absence of voluntary measures taken by rightholders, including agreements between rightholders and other parties concerned, Member States shall take appropriate measures to ensure that rightholders make available to the beneficiary of an exception or limitation provided for in national law in accordance with Article 5(2)(a), (2)(c), (2)(d), (2)(e), (3)(a), (3)(b) or (3)(e) the means of benefiting from that exception or limitation, to the extent necessary to benefit from that exception or limitation and where that beneficiary has legal access to the protected work or subject-matter concerned”. 26  Copyright, Designs and Patents Act 1988, § 29A (UK). 27  Art.38 of the Law No. 2016-1231 of for a Digital Republic added paragraph 10 to Art.L122-5 and paragraph 5 to Art. L 342-3 of the Intellectual Property Code (Code de la propriété intellectuelle, CPI). 28  Geiger et al. (2018), p. 17. 24

36

T.-E. Synodinou

nature of the relationship between “lawful access” and “lawful use” is not clear at first sight. First, the two concepts could be differentiated chronologically. Accordingly, lawful access should be differentiated from lawful use, since lawful access refers only to an initial access to the work from a lawful source, whereas the term “lawful use” is broader, as it appears to cover both the initial access to the work and also all uses made subsequent to the initial access. Thus, “lawful access” to the work is a first checkpoint of the lawfulness of the subsequent user’s acts. The underlying idea is that there cannot be lawful use of the work or the database without initial lawful access to it. On the other hand, it could be also argued that lawful access and lawful use should be perceived as the necessary complementary steps accompanying the act of use as a whole. In this sense, “lawful use” would encompass both access to the work and also all uses made of it, either simultaneously or subsequently to access to it. This approach has two advantages. Firstly, it consolidates the various existing terminologies found in the piecemeal EU copyright legislation (lawful acquirer,29 person having a right to use a computer program,30 lawful user,31 lawful use,32 legal access,33 lawful access34). Secondly, instead of evaluating the lawfulness of the user’s acts in two steps (access, other uses), it promotes a holistic approach to the lawfulness of users’ acts that, as will be demonstrated, could allow more flexibility, but also injects an element of responsibility on the users’ acts involving copyright-­ protected works. Certainly, the existence in EU copyright law of divergent perceptions of the lawfulness of users’ acts is perplexing. The lack of a clear EU definition of the terms “lawful user”, “lawful use” and lawful or legal access make an assessment of the possibility of invoking these copyright exceptions, where these terms are employed, and, generally of the lawfulness of the users’ acts, dependent on a mosaic of possible interpretations. This inconsistency was criticised by Trialle and de Meeus d’Argenteuil in their study of the legal framework of text and data mining, where it was noted that, to avoid the confusion and controversies associated with the interpretations of the terms “lawful use” and “lawful user”, it would be preferable in the text and data-mining exceptions to refer to the expression “lawful access”.35 In our view, however, instead of retaining the confusion by adding divergent special conditions of lawfulness for specific copyright exceptions, it would have been preferable to clarify and consolidate the existing EU acquis on “lawful use” and “lawful user” by establishing a clear definition and taxonomy of lawful use, which also ­incorporates  Article 5 (1) of Directive 91/250/EEC.  Article 5 (3) of Directive 91/250/EEC. 31  Articles 6, 8 and 9 of Directive 96/9/EC. 32  Article 5 (1) of the Directive 2001/29. 33  Article 6 (4) of the Directive 2001/29. 34  Recitals 10, 14, 18 and Articles 3 and 4 and of the Directive on Copyright in the Digital Single Market. 35  Triaille et al. (2014), p. 110. 29 30

2  Who Is a Lawful User in European Copyright Law? From a Variable Geometry…

37

the criterion of lawful access/lawful source. In this context, it would also have been preferable to use the term “lawful use” in the text on the data-mining exceptions, since the latter has been broadly defined and consolidated in CJEU case law, at least as regards the temporary copy exception established by the Information Society Directive.36 It is also noteworthy that the text on the data-mining exception is jus cogens, in the sense that any contractual provision contrary to that exception will be unenforceable. The guarantee covering the exception against contractual clauses certainly strengthens the position of users who can enjoy the exception as a reinforced legal prerogative akin to a “user right”. This is also in line with the reasoning of the Software and the Database Directives, where only “lawful users” can enjoy copyright exceptions. However, conversely, this stance also embodies a more restrictive approach to enjoyment of the exception, since, as the European Copyright Society has pointed out, it makes the exception subject to private ordering. Indeed, the exception can effectively be denied to certain users by a right holder who refuses to grant “lawful access” to works or who grants such access on a conditional basis only.37 Thus, the concept will act restrictively if the condition of “lawful access” is interpreted in such a way that it will always depend on the terms of a contract or licence. Therefore, although a researcher could not invoke the specific TDM exception to bypass technical protection measures, it should also be made clear that where data is available on a website without any restriction, data analysis performed on such data is presumed to be performed with lawful access.38 In this context, it is welcome that the Recital 14 of the new Copyright Directive provides expressly that access to content that is freely available on line is deemed to be lawful. The Digital Single Market Copyright Package also introduced another mandatory copyright exception in the Portability Regulation,39 which entered into force in April 2018. Specifically, Article 3(1) introduces an obligation for an online service provider to enable a subscriber to access and use the online content service when temporarily present in other Member States. Furthermore, Article 5 provides that any contractual provisions, including those existing between holders of copyright and related rights, parties holding any other rights relevant to the use of content in online content services and service providers, as well as between service providers and subscribers, which are contrary to Articles 3(1) and 4, shall be unenforceable. Although it is not expressly classified as a “lawful user’s right”, the obligation of portability established by the Regulation takes the form of a personal right in favour of a user/consumer. Indeed, the portability privilege presents the two essential features of a lawful user’s right. Firstly, it is not established generally in favour of the public, but in favour of a specific and distinct legal subject: the  Geiger et al. (2018) op. cit.  European Copyright Society (2017). 38  Triaille et al. (2014) op. cit., p. 110. 39  Regulation (EU) 2017/1128 of the European Parliament and of the Council of 14 June 2017 on cross-border portability of online content services in the internal market OJ L 168, 30.6.2017, pp. 1–11. 36 37

38

T.-E. Synodinou

s­ubscriber-­consumer of an online content service who, based on contract with a provider for the provision of an online content service, may lawfully access and use such a service in his Member State of residence. Secondly, like the software and database lawful user’s rights and the text and data-mining exceptions, portability is fully guaranteed against opposing contractual terms and cannot be overridden by the contractual will.40 Nonetheless, unlike the concept of “lawful use” in the Information Society Directive, the concept of the “lawful user” who can claim the portability right is defined narrowly in the Portability Regulation as the subscriber to the online content service. Consequently, the only beneficiaries of the portability privilege are persons who have been contractually granted the right to use the service. This is also explained in Recital 15 of the Portability Regulation. According to this provision, “This Regulation should apply to online content services that providers, after having obtained the relevant rights from right holders in a given territory, provide to their subscribers on the basis of a contract, by any means including streaming, downloading, through applications or any other technique which allows use of that content. For the purposes of this Regulation, the term contract should be regarded as covering any agreement between a provider and a subscriber, including any arrangement by which the subscriber accepts the provider’s terms and conditions for the provision of online content services, whether against payment of money or without such payment. A registration to receive content alerts or a mere acceptance of HTML cookies should not be regarded as a contract for the provision of online content services for the purposes of this Regulation”. The restrictive definition of “lawfulness” in this case corresponds to the reality of the transactions associated with such services, which are normally provided against payment. In this context, the entire edifice of the portability mechanism is modelled on the case where a subscription contract exists, and therefore all the necessary checks on the user’s Member State of residence are based on information provided through the subscription contract. Consequently, the concept of “lawfulness” takes on a very specific meaning and has to be distinguished from the broader concept of “lawful use” contained in the Software, Database and Information Society Directives, and the analogous notion of “lawful access” that appears in the text and data-mining exceptions.

3  Who Is a Lawful User? From the above, it is clear that although European legislation has not opted for a uniform terminology, the concepts of “lawful user”, “lawful use” and “legal access”/“lawful access” are part of the EU copyright law acquis. Although the concepts of lawful access or lawful use are not to be confused with the concept of

40

 Synodinou (2016), p. 14.

2  Who Is a Lawful User in European Copyright Law? From a Variable Geometry…

39

lawful user, since in the latter case lawfulness is attached to the person and not to the act, all of these concepts are based on the same conceptual core: lawfulness. It is not clear what lawful use/access is and who is a lawful user, since neither the EU legislator nor the CJEU have provided a definition for them. In the following paragraphs, the dominant interpretations of these concepts will be examined (Sect. 3.1), while the various forms of a consistent definition of “lawful use” will also be analysed (Sect. 3.2).

3.1  T  he Controversy Surrounding the Concept of “Lawful User” Some of the key elements in the process of demarcating the concept of a “lawful user” are: establishing how it is possible to become a lawful user (positive definition) and cases in which the end-user is not a lawful user (negative definition).41 Three focal interpretations in relation to the concept of “lawful user” have been advanced in the doctrine.42 According to the first one, a lawful user is any person who has acquired the right to use a work, either on the basis of a contract, such as a licence, or on other legal grounds, such as on the basis of the legal exceptions to copyright or thanks to the principle of exhaustion of the right of distribution.43 Thus, if a copy of the computer program or the database was sold in the EU by the right holder or with his consent, any subsequent buyer, hirer (if rental was authorised by the copyright holder) or borrower (if lending was authorised by the right holder or if the national legislation provides only a remuneration right for public lending) is a lawful user.44 This broad definition encompasses not only every use which is based on lawful acquisition of the computer program and the database, but also every use which can be justified based on other legal grounds, either inside or outside the perimeter of copyright law. Broadly speaking, a lawful user would be a person who has obtained the copy of the work or the right to use the work, without infringing copyright laws.45 Thus, even if the right owner does not agree to the use of the work, a user may also become a lawful user based on acts permitted by law, such as through limitations and exceptions.46 Therefore, lawful use exists whenever the right of use is acquired through a contract, regardless of its type, and whenever the use is not prohibited by law. This thesis presents significant advantages. For example, by basing the existence of lawful use not only on contracts but also on other legal grounds, it provides a  Vanovermeire (2000), p. 65.  See on this issue: Vanovermeire (2000), pp.  63–81; Derclaye (2008), p.  120 et s.; Dusollier (2005), pp. 17–20. 43  Koumantos (1997), pp. 78–137; Dusollier (2005), p. 18. 44  Blocher and Walter (2010), p. 727. 45  Ibid. 46  Von Lewinski (2010), p. 727. 41 42

40

T.-E. Synodinou

guarantee for freedom of expression and the free exchange of information and ideas. Indeed, the obligatory condition of the existence of contractual authorisation in ascertaining the existence of lawful use could seriously jeopardise the fundamental principle of Article 10 of the European Convention on Human Rights.47 This approach is also consistent with the broad definition of the concept of “lawful use” that appears in Recital 33 of the Information Society Directive, which deems lawful any use authorised by the right holder or not restricted by law. However, using a second interpretation, the existence of lawful use presupposes the need for a special agreement on concession of use (a licence).48 This thesis is based on a restrictive interpretation of Recital 34 of the Database Directive, which provides that “once the right holder has chosen to make available a copy of the database to a user, whether by an on-line service or by other means of distribution, that lawful user must be able to access and use the database for the purposes and in the way set out in the agreement with the right holder”. This interpretation has the advantage of legal certainty. However, it is particularly constricting, since it embodies a logic of absolute control of the use of copyright-protected works and of copyright exceptions established by the private will. Furthermore, it could be argued that the prerequisite of a contract primarily reflects the conditions of access to online databases and, in this context, it should not be applied to the assessment of lawfulness in other cases, such as that of software, where lawful acquisition can also depend on other legal bases, such as the law of succession. Nonetheless, it would be preferable to avoid a fragmentation of the concept of lawful use and to adopt a common understanding of it both in the Software and the Database Directive,49 and in the Information Society Directive and subsequent EU legislation. Finally, according to an intermediate position between these two interpretations, the concept of “lawful user” used by the Database Directive should be aligned with the concept of the “lawful acquirer” established by the Software Directive. Consequently, the basis for lawful use is the lawful acquisition of the software or the database, on the grounds of a licence or other type of contract.50 From the above, it appears that various doctrinal interpretations exist of who is to be considered as a lawful user. This is understandable, because there are variant forms of “lawful use” and diverse categories of “lawful users”. While legal certainty could be better promoted if lawful use is based exclusively on a contract, this approach appears restrictive and cannot effectively consider the position of copyright law within the wider legal ecosystem. In this context, it is necessary to elaborate a comprehensive definition of the concepts of “lawful use” and “lawful user” that is based on the first theory. Accordingly, a lawful user is prima facie any person who has acquired the right to use a work, either based on contract, such as a licence, or on other legal grounds  Vanovermeire (2000), p. 67.  Koumantos (1997), op. cit. 49  In favour of such an approach: Gaster (1996), pp.  38–39; Buydens (1997), pp.  335, 342; Grosheide (2002). 50  Derclaye (2014), p. 334. 47 48

2  Who Is a Lawful User in European Copyright Law? From a Variable Geometry…

41

either inside or outside the perimeter of copyright law. Thus, broadly speaking, “lawful use” could be understood as a use made either with the right holder’s consent or a use not restricted by law. However, this is only a starting point. This vague delineation of lawful use might prove to be impracticable since it does not provide guidance on how to assess lawfulness of use in specific cases. The flexible conceptual matrix of lawful use should be accompanied by an indicative list of categories of lawful use. Furthermore, the horizontal definition in EU copyright law and the accompanying taxonomy of lawful use should be based on principles of natural justice, both in the sense of flexibility (Sect. 3.2) and of responsibility (Sect. 3.3).

3.2  Flexibility as a Necessary Component of “Lawful Use” Natural justice considerations are represented in private law mainly through abstract legal principles and concepts, such as fairness and good faith.51 The employment of standards based on this principle is not completely unknown in copyright law. In this context, Article 5. 2 (d) of the Directive 2001/29 refers to “fair practice” as a criterion for the application of the exception of quotation.52 The application of these principles in the assessment of lawful use has the potential to act as a necessary balancing tool, by bringing the exercise of copyright law closer to the legitimate expectations of the author or other right holder and the user. In this context, good faith and analogous mechanisms would be seen as a means of contractual proportionality, which would lead to fairness and prevent the abuse of rights.53 Good faith in civil law jurisdictions,54 either seen as a “principle of construction”,55 as an “implied obligation”56 or as a “behavioural norm”57 would have a pivotal role in the assessment of lawful use based on a contract or licence. Similarly, good faith and analogous notions and legal mechanisms in common law jurisdictions, such as “unfairness”, the “duty of honest performance”, the “reasonable expectations of the  According to Ghestin, good faith is a means to achieve an ideal of justice in contracts: Ghestin (1982). 52  According to this provision “2. Member States may provide for exceptions or limitations to the reproduction right provided for in Article 2 in the following cases: …. (d) quotations for purposes such as criticism or review, provided that they relate to a work or other subject-matter which has already been lawfully made available to the public, that, unless this turns out to be impossible, the source, including the author’s name, is indicated, and that their use is in accordance with fair practice, and to the extent required by the specific purpose;’ See also, Article 10 (1) of the Berne Convention for the Protection of Literary and Artistic Works (as amended on September 28, 1979). 53  For the justification of good faith based on contractual proportionality, see: Munukka (2005), pp. 229–250. 54  See: Mackaay (2012), pp. 149–177. 55  Peden (2002), p. 246. 56  Peden (2009), p. 61. 57  Rolland (1996), p. 384. 51

42

T.-E. Synodinou

parties”, “honesty”, “reasonable results”, “fair framework”, the de minimis rule or estoppel58 could be used for a non-formalistic assessment of lawful use”.59 This would entail interpreting the licence or the contract broadly in accordance with the aim of the contract. For instance, depending on the legal tradition in question, such a flexible interpretation could encompass the recognition of implied terms stemming from the well-established principle of good faith in civil law jurisdictions. In this context, it could even be argued that the notion of lawfulness is by its very nature contingent on the notion of good faith. Similarly, but also more reluctantly, in common law jurisdictions, the application of analogous principles applying to the interpretation of contracts could lead to the recognition of implied terms enabling a use to be construed as lawful, provided that the user can demonstrate that the licence or contract would lack commercial or practical coherence without it.60 For example, uses that are justified by the existence or aim of the contract could be those that are not explicitly prescribed by concrete contractual terms, but could be deduced by interpreting the contract in accordance with the implied will of the parties and in accordance with the continental law principle of good faith,61 or the common law principle of “unfairness” or “fair and open dealing”,62 such as use of lawfully acquired employer’s software by an employee within the framework of his duties stemming from the contract of employment.63 Conversely, the principle of good faith would prevent that use being regarded as lawful if the user does not literally circumvent technical protection measures (TPM) controlling access to a website, but bypasses the terms of use by alternative means. For instance, in the case of websites which have implemented a system that blocks repeated queries (i.e.  Zimmermann (2001), p. 172.  For a comparative analysis, see: Forte (1999); Collins (1994), pp. 229–254; Munukka (2005). See also: Beatson and Friedman (2002). 60  See: Marks & Spencer Plc v BNP Paribas Securities Services Trust Company (Jersey) Ltd [2015] UKSC 72. See also: Yam Seng Pte Ltd v International Trade Corp Ltd [2013] EWHC 111 (QB), where Leggatt J held that “English law should recognise an implied duty of good faith and fair dealing in contract performance, the content of which would depend on the context of the case.” For an analysis of the principle in common law, see: Tan (2016), pp. 420–446; Hoskins (2014), p. 131; Trakman and Sharma (2014), p. 598; Arden (2013), p. 199. For the complementary relationship between honesty and reasonableness, see: First Energy (UK) Ltd v Hungarian International Bank Ltd [1993] 2 Lloyd’s Rep 194 CA (Civ Div) at 196, where Lord Stern noted: “Undoubtedly, good faith has a subjective requirement: the threshold requirement is that the party must act honestly. But good faith additionally sets as an objective standard the observance of reasonable commercial standards of fair dealing in the conclusion and performance of the transaction concerned”. 61  The principle of good faith is set as a rule of behaviour, in Art. 1:202 (1) of the European Principles of private law: ‘Each party must act in accordance with good faith and fair dealing’ and as a rule of interpretation of the law, in Art. 1:106 (1): ‘These Principles should be interpreted and developed in accordance with their purposes. In particular, regard should be had to the need to promote good faith and fair dealing, certainty in contractual relationships and uniformity of application’. For the analysis of the principle of good faith in European Contract Law, see: Zimmermann and Whittaker (2000); Storme (2003). 62  See: Iterfoto Picture Library Ltd v Stiletto Visual Programmes Ltd [1989] QB 433. 63  Synodinou (2010), (supra n. 1). 58 59

2  Who Is a Lawful User in European Copyright Law? From a Variable Geometry…

43

c­ rawling) from the same IP addresses to avoid repeated extraction of the content of the website, if a user creates a large number of virtual IP addresses to access the data and download them, he or she would be acting in bad faith and should not be considered as a “lawful user64”. Evaluating the concept of “lawful user” based on the principles of good faith and fairness assigns a dynamic nature to the concept of “lawful user” and serves two purposes. As well as guaranteeing a necessary degree of elasticity in interpreting the concept of “lawful user”, it could also operate as a restraint and as a general clause for controlling the “lawfulness” of the user’s behaviour. In fact, defining the lawful user only based on specific legal grounds (legal provisions, specific contractual terms) entails the risk of condemning the concept to remain static. This might lead to the erroneous conclusion that having legal access to a copyrighted work for the first time or the initial lawful acquisition of a copy of a work is the sole criterion used in evaluating the existence of lawful use. On the other hand, initial lawful access to the work or acquisition of a copy of it is not sufficient to ascertain the lawfulness of use further down the line, since an initial lawful user may act unlawfully at a later stage. Thus, considering these principles could be used not only to broaden the concept and to avoid unjust effects, but it could also function in the opposite direction as an inner restriction on lawful use itself. In fact, good faith and fair practice could be used as criteria to judge whether lawful use really is lawful or whether it still remains lawful. In this framework, the bad faith of a prior lawful user should be construed as a situation of “abuse of rights” and should lead to the loss of the capacity of “lawful user”. This in turn would result in losing the option of invoking the rights of the lawful user under certain specific circumstances. This is an example of a so-called “limitative function” of good faith.65 Thus, a lawful acquirer—such as a purchaser of a copy of a software package who stores a back-up copy of the software on an insecure server to which everyone has unrestricted access, is offering, either intentionally or by negligence, other users of the server the possibility to reproduce the program. This user is violating the principle of good faith and abusing the right to make a back-up copy of the program, and could also be deemed to be in breach of his duty of care. Consequently, even if the initial lawful acquisition of the copy of the computer program has made him a lawful user, his use could still not be considered as lawful in these specific circumstances. Nonetheless, the application of these norms will necessarily depend very much on each national legal tradition. In this context, the lawfulness of use could be classified differently in civil law jurisdictions, where the concepts of good faith and reasonableness are pervasive general principles, and in common law jurisdictions, where there is no overarching general principle or duty of good faith or “reasonableness and fairness”.66

 For this example, see: Triaille et al. (2014), (supra n. 35) p. 74.  For a doctrinal distinction of the functions of good faith, see: Masse (1994), pp. 224–227. 66  Breedveld-de Voogd et al. (2016), p. 49. 64 65

44

T.-E. Synodinou

In light of the above, it is essential for these norms to be assigned a specific meaning in relation to the use of copyright-protected works in European copyright law, as part of the delimitation of the concept of “lawful user” as an autonomous notion of European copyright law.

3.3  R  esponsibility as an Implicit Standard of “Lawful Use” in CJEU Case Law As has already been demonstrated, the concept of “lawful user” was expressly recognised in sectoral EU copyright law Directives (the specific cases of software and databases) and the temporary copy exception of the Information Society Directive, while the adjacent concept of “lawful access” is a criterion for enjoyment of the text and data-mining exceptions in the Directive  on copyright in the Digital Single Market. However, the appearances of these concepts are sporadic and inconsistent. In this context, although the emergence of “lawful use” has a significant symbolic value, it still remains marginal in EU copyright legislation. Even so, the CJEU seems to have taken on the task of implicitly expanding and further elaborating the concept. As will be shown in this section, the principles established by the CJEU show the way to delineating a standard of user’s responsibility as part of the assessment of “lawful use”. Firstly, in the seminal ACI Adam case,67 the CJEU affirmed that the benefit of the private copy exception concerns only reproductions made from “lawful sources”. As the Court stated, to accept that such reproductions may be made from an unlawful source would be to encourage the circulation of counterfeited or pirated works, thus inevitably reducing the volume of sales or of other lawful transactions relating to the protected works, with the result that a normal exploitation of these works would be adversely affected.68 The Court takes a firm stance and considers that the private copy exception cannot be applied under EU copyright law, basing its argumentation solely on the unlawful nature of the source, which is interpreted by reference to the three-step test. The CJEU does not give a precise definition of what constitutes an “unlawful source”, but bases its argumentation mainly on the three-­ step test. In this context, the prerequisite of the lawful source is emancipated from the specific private copy context and takes on a broader dimension. Since it is not strictly linked to the private copy exception, the same reasoning could apply to all copyright exceptions. This could imply that only lawful users can claim the application of copyright exceptions.69 It is noteworthy that the assessment of “lawfulness” is strictly linked to the source of the copy and does not consider the end-user’s knowledge in relation to the  CJEU, ACI Adam BV and Others v Stichting de Thuiskopie, Stichting Onderhandelingen Thuiskopie vergoeding, Case C-435/12, Judgment of 10 April 2014, ECLI:EU:C:2014:254. 68  Ibid, par. 39. 69  Lucas et al. (2017), p. 390, n. 400. 67

2  Who Is a Lawful User in European Copyright Law? From a Variable Geometry…

45

unlawfulness of the source of the copy. As a result, end-users cannot claim application of the private copy exception for illegal downloads. The CJEU does not take its reasoning further and officially declare that end-users are not lawful users and are, therefore, copyright infringers. Nonetheless, this is implied, although for practical reasons and due to privacy concerns, individual users who download material from unlawful sources are not expected to face legal action.70 However, in the subsequent Copydan judgment,71 the CJEU was more explicit regarding the conditions governing the “lawful source”. In the Court’s view, the focal point for assessing the lawfulness of the source is the right holder’s consent. As the Court stated, reproductions made using unlawful sources are those which are made from protected works that are made available to the public without the right holder’s consent.72 The lawfulness of their use (the making of a private copy in this case) is therefore conditional upon the way the source of the copy was made available to the public. If the work was made available to the public with the right holder’s consent, the source is lawful and its use by the end-user is lawful too. It will be fairly straightforward to ascertain when the end-user acquired a copy of the work or lawfully accessed the work as a service based on a licence/contract concluded directly between the right holder and the user. There will however be some grey areas if a work is made available without rights holders clearly indicating which acts are authorised. Furthermore, the CJEU’s reasoning embodies a logic of exclusive control of the uses of copyright-protected works and of copyright exceptions by private ordering. Based on the finding that the lawfulness of the source is assessed according to whether the work was made available with or without the right holder’s authorisation, the CJEU further elaborated on the lawfulness of linking the activities of users of copyright-protected works. Indeed, since the GS Media case,73 the prototype of a “responsible linker” complements the CJEU’s previous stance in relation to “lawful use” and to “unlawful sources”. In the GS Media case, the Court takes a further step forward and sets the criteria governing an end-user’s liability for copyright infringement, and specifically for violation of the “making available right”. The confirmation of the concept of “lawfulness” of the source in relation to the “making available right” is a strong indication that this concept is recognised by the CJEU as having a horizontal application, since it cuts across both the right of reproduction and the right of communication to the public and also copyright exceptions. The Court’s reasoning is divided into two parts. Firstly, an assessment is made as to whether the work was made available with or without the right holder’s authorisation. If the work was made available without the right holder’s consent, then the user’s liability

 Quintais and de Leeuw (2014).  CJEU, Copydan Båndkopi v Nokia Danmark A/S, Case C 463/12, Judgment of 5 March 2015, ECLI:EU:C:2015:144. 72  Ibid, par. 74. 73  CJEU, GS Media BV v Sanoma Media Netherlands BV and Others, Case C-160/15, Judgment of 8 September 2016, ECLI:EU:C:2016:644. 70 71

46

T.-E. Synodinou

depends on whether he knew or ought to have known that the work was made available without the right holder’s consent. In the same way as a person who makes a private copy of a copyright-protected work from an unlawful source, a person who provides a link to copyright-protected content which has been made accessible without the right holders’ authorisation cannot be considered as a lawful user of the work. In the CJEU’s reasoning, a linker is not a lawful user of a copyright-protected work if that person knew or ought to have known that the hyperlink he posted provides access to a work illegally placed on the Internet. Specifically, for profit-making linking activities, that knowledge is presumed.74 In so doing, the CJEU’s reasoning introduces elements of extra-­ contractual liability law into the core of copyright law, and thereby significantly alters the orthodox stance that copyright is established as an exclusive property right, the infringement of which does not consider the mens rea of the infringer.75 Indeed, in the CJEU’s view, the question is no longer simply that of whether, objectively speaking, an act of communication to the public occurred: the assertion of the existence of the act itself is connected to subjective elements, such as the intention, and the potential infringer’s direct or constructive knowledge. This change is necessary in the online environment, where it is not possible for end-users who do not have a direct contractual relationship with the right holder to investigate and safely prove that the work is being made available to the public without the author’s consent. The end-user’s constructive knowledge has to be assessed with reference to the prototype of the objective standard of the bonus pater familias, the “reasonable person”, such as this concept is established in the law of obligations of each Member State (such as the common law concept of “the man on the Clapham omnibus” or the French law standard of the “homme avisé”).76 In this context, for example, a reasonable and prudent person would not have expected to access the latest Hollywood movie for free via an Internet link, and therefore lawful use will not occur if she/he further provides the link to the public. Similarly, the deliberate act of advertising the accessibility of copyright-protected works that were made available on the Internet without the copyright holders’ consent is an undeniable factor counteracting any argument in favour of the good faith of the person who provides the links.77 While in such a flagrant case, it would be fairly easy to ascertain the unlawfulness of the use, more complex situations will certainly arise where the unlawfulness of the source will not be clear. This is the case when, for example, a work was placed on the Internet with the author’s consent, but with a contractual prohibition on making it further available which is not mentioned on the relevant website from which the end-user accessed the work, and without any technological barriers to  Synodinou (2017), pp. 733–736.  Dormont (2017), p. 17. 76  For the concept of “responsible person” in the common law of negligence, see: Blyth v Birmingham Waterworks (1856) 11 Exch 781; Hall v Brooklands Auto-Racing Club [1933] 1 KB 205. 77  Filmspeler, par. 50. 74 75

2  Who Is a Lawful User in European Copyright Law? From a Variable Geometry…

47

accessing the work. Although in such a case, it would not have been possible for a reasonable person to be aware of the contractual prohibition, the dependence of the assessment of the user’s liability on complex legal reasoning would certainly be a deterrent factor against use of the work. As the CJEU has not specifically defined the prototype of the “reasonable user” as an autonomous EU copyright law concept, this assessment will have to be made on the basis of the variant relevant national standards. It seems that for the CJEU, the delicate delineation between “lawful” and “unlawful” use will be decided restrictively on the grounds of the fundamental “fraus omnia corrumpit” legal principle. A manifestly illicit act (an unlawful source, the making available of the work without the right holder’s authorisation) is enough to contaminate the entire chain of reproductions and communications to the public of copyright-protected works, and even to rule out the application of copyright exceptions and limitations. Unless the use has been authorised, only those acting responsibly, reasonably and in good faith could avoid liability and be considered as lawful users. In this context, the good faith of the user has a prominent role generally, when assessing the lawfulness of the users’ acts, and not only in the case of a specific contractual agreement between the right holder and the user. As Derclaye highlighted in relation to the “lawful user” requirement of the Database Directive, in the case of online databases accessible without payment or password, i.e., websites with unrestricted access, an implied licence should be admitted, which is granted by the database maker to use the database within the limits of the Directive. Accordingly, for online database, the freedom of access satisfies the condition of lawfulness, and users having lawful access to the Internet are lawful users.78 Similarly, for works found on line without any technical restrictions, the terms of their use based on the right holder’s implied consent should be conceived of and interpreted according to the principle of good faith. Furthermore, there is a significant differentiation on the burden of proof of knowledge that the work was made available without the right holder’s consent. That knowledge is presumed in the case of professional users (such as professional linkers), while the right holder carries the burden of proof in the case of ordinary end-users who use the works in the context of a non-profit activity. This distinction clearly borrows elements of the law of extra-contractual liability, since a higher standard of care is generally expected from professionals in a specific field. Thus, while it is not absurd to claim that online newspapers should check whether the content they are linking to is authorised, no one could ever think that private users would always check and be aware of the legal status of the content they are linking to, unless its unlawful origin is obvious.79 Nonetheless, the distinction in practice will not always be straightforward. The GS Media decision does not define  Derclaye (2008), p. 125. For a contra interpretation see: Triaille et al. (2014), p. 73. Arguing that where no contractual conditions have been imposed and a website is freely accessible, no license is needed in the first place and lawful use, par consequent, is not based on a contract (implied consent) of the author or other right holder. 79  Bellan (2016). 78

48

T.-E. Synodinou

the criteria that will be used to assess the profit-making activity (whether the link itself should generate profit, whether the website as a whole is ‘for profit’ or whether the fact that the person creating the link is a commercial entity is sufficient for the ‘for profit’ criterion80). Furthermore, the dichotomy between the “professional” (profit-seeking) and “non-professional” linker is an artificial one and is a novelty in European media law, where both profit-seekers and amateur information providers are protected equally by freedom of expression, under Article 10 of the European Convention on Human Rights. The process of ascertaining the profit-making nature of the activity has to consider the particularities of the Internet. In this context, financing by means of advertising revenues linked to the website’s traffic appears on the face of it to come within the scope of profit-making activities.81 Another question is that of whether and to what extent the lack of knowledge or the negligence of a user with a non-profit activity could generally be used as a decisive factor for denying her/his liability. The issue at stake here is that of whether the findings of the GS Media case on individual non-professional users could be applied more generally in relation to the reproduction or/and communication to the public of copyright-protected works which are accessible on the Internet with no technical constraints. Advocate General Campos Sánchez-Bordona, in his Opinion on the so-­ called “Cordoba” case,82 clearly favoured such an approach. The case concerned the posting by a pupil, on a school’s website, of a photograph which had been published on another website with the author’s consent and was freely accessible on the Internet. In the Advocate General’s view, although this case has to be distinguished from the GS Media case (which involved the question of hyperlinks to protected works that were freely available on another website without the copyright holder’s consent), the reasoning in the GS Media case on the subjective component of the behaviour of persons with no profit motive could be extrapolated, mutatis mutandis, to the Cordoba case. Indeed, it may be difficult, ‘in particular for individuals’, to ascertain whether the copyright holders of works on the Internet have consented to their works being posted on the site concerned. Based on the foregoing, the Advocate General had opined that neither the pupil nor the school had communicated the photograph to the public. On the other hand, it was suggested that there will be communication to the public where the copyright holders give notice that the work to which access is being provided has been ‘illegally placed on the Internet’ or where access to the work is provided in such a way that users of the website on which it is posted can ‘circumvent the restrictions taken by the site where the protected work is posted or where the author has notified the person seeking to publish his photograph on the Internet that he does not give his consent’.

 Lokhorst (2017).  See the “Pirate bay” case: CJEU, Stichting Brein v Ziggo BV and XS4All Internet BV, Case C-610/15, Judgment of the Court of 14 June 2017, ECLI:EU:C:2017:456. 82  Opinion of the Advocate General Campos Sánchez-Bordona delivered on 25 April 2018, Case C-161/17, Land Nordrhein-Westfalen v Dirk Renckhoff, ECLI:EU:C:2018:279. 80 81

2  Who Is a Lawful User in European Copyright Law? From a Variable Geometry…

49

However, the CJEU did not follow the Advocate General’s Opinion.83 By distinguishing this case from GS Media, it held that the posting by the pupil of the photograph required a new authorisation by the author. As the CJEU stressed: “unlike hyperlinks which, according to the case-law of the Court, contribute in particular to the sound operation of the internet by enabling the dissemination of information in that network characterised by the availability of immense amounts of information, the publication on a website without the authorisation of the copyright holder of a work which was previously communicated on another website with the consent of that copyright holder does not contribute, to the same extent, to that objective”.84 Furthermore, for the Court, to hold that the posting on one website of a work previously communicated on another website with the consent of the copyright holder does not constitute making available to a new public, would amount to applying an exhaustion rule to the right of communication. Lastly, it is irrelevant that the copyright holder did not limit the ways in which Internet users could use the photograph, since the enjoyment and the exercise of the right of communication to the public may not be subject to any formality.85 The CJEU safeguarded the preventive and exclusive nature of copyright. It appears that the objective of establishing a high level of protection for authors does not permit a liberal interpretation of the rights of the author in such a way that the knowledge or the negligence of the users is considered to deny users’ liability. On the other hand, in the specific case of links, given their significant contribution to the sound operation of the Internet by enabling the dissemination of information, a more lenient approach is possible. Consequently, in Renckhoff, the CJEU closed the door to a possible application of extra-contractual liability evaluations when assessing lawfulness of use in relation to whether an act of the user comes within the scope of copyright monopoly because it has been communicated to the public without the author’s consent. However, the CJEU did not examine whether the GS Media line of reasoning could find some application in relation to the assessment of lawful use based on copyright exceptions and limitations. In this context, the Renckhoff case does not answer the question of whether the unlawful nature of the source, or more broadly unlawful access to a copyright-protected work, contaminates all subsequent uses, and thus necessarily neutralises lawful use, on the grounds of copyright exceptions, too. This is because in Renckhoff, the work was made available to the travel website without any technical restrictions, with the author’s consent. Since the educational exception could have applied if the photo was made available with more restricted access,86 it can be deduced that the existence of contractual restrictions, which constitute in personam limitations on the use of the photograph other than on the travel

 CJEU, Case C-161/17, Land Nordrhein-Westfalen v Dirk Renckhoff, [2018], ECLI:EU:C:2018:279.  Ibid, par. 40. 85  Ibid, par. 36. 86  See: ALAI Opinion on CJEU, C-161/17, Land Nordrhein-Westfalen v Dirk Renckhoff, [2018], ECLI:EU:C:2018:634. Available via http://www.alai.org/en/assets/files/resolutions/180529-opinion-land-nordrhein-westfalen-en.pdf. 83 84

50

T.-E. Synodinou

website, would not have been a sufficient legal basis for rendering uses based on copyright exceptions unlawful. Consequently, the question that has to be answered is whether users can invoke copyright exceptions when they have accessed the work via an unlawful source, such as where the photograph had been uploaded to the travel website without the author’s consent. The unlawfulness of the source would normally render copyright exceptions unacceptable as a basis for lawful use. Accepting the contrary would somehow result in “laundering” the unlawfulness of the source/access via the mechanism of copyright exceptions. However, GS Media has also shown that there is a difference between the level of responsibility to be expected from non-commercial and from for-profit users. The unlawfulness of the source should not inevitably render a use that is based on copyright exceptions unlawful and, as a result, lead to the user being held liable for copyright infringement. The fact that it may be impossible—or at least or extremely difficult—to know or to make an informed presumption that the source is unlawful, especially as regards sources found on line, should be considered as part of a holistic assessment of the user’s liability. In this context, there should be cases of lawful non-commercial use of a copyright-protected work accessed via an unlawful source, provided that, in line with GS Media’s underlying principle, the user could not reasonably have been in a position to know or assume the non-manifest unlawfulness of the source of the work. Conversely, uses taken from a manifestly unlawful source would not qualify as lawful use, even for non-­ commercial users, unless there is a specific background that renders the specific use lawful, such as use on the grounds of the exception being absolutely necessary to safeguard freedom of expression.87

4  T  owards a Taxonomy of “Lawful Use” in European Copyright Law The concept of “lawful use” takes many forms, in the sense that its substantial core includes uses based on divergent access models (provision of goods, provision of services) and on a variety of legal bases. There is no “one size fits all” solution when it comes to making an assessment of the lawfulness of the user’s acts. Although the technicalities of the provision of an intangible asset will not normally affect the way it is regulated by law, the way the assessment of the lawfulness of use will be made may de facto be based on divergent criteria, depending on whether the work is embodied in a tangible data carrier or provided as part of an online service. This inevitable variation offers proof of the non-technologically neutral nature of copyright law.88  See: CJEU, Spiegel Online GmbH contre Volker Beck, Case C-516/17, Opinion (2019), ECLI:EU:C:2019:16. 88  Synodinou (2012), pp. 618–627. 87

2  Who Is a Lawful User in European Copyright Law? From a Variable Geometry…

51

When a work of mind is embodied in a tangible carrier, its lawful use is based on the lawful acquisition or possession of the tangible copy. This can be established based on contract (such as a licence covering use, sale, resale, donation, rental, lending, etc.) or on other legal grounds, within copyright law, such as exhaustion of the right of distribution and copyright exceptions, or outside copyright law, such as inheritance and insolvency law. Despite the legal dogma of the clear distinction of the intangible asset embodying a “work of mind” from its physical carrier, the lawful acquisition or lawful possession of a physical copy of a work could constitute a basis of lawful use. However, the delimitation of the rights of the author or other right holder in favour of the person who lawfully acquired the physical carrier embodying a work of mind, should not be considered as alien to copyright law.89 Indeed, the tangible carrier enables access to and enjoyment of the intellectual creation. Accordingly, historically, restrictions on copyright for the benefit of the lawful acquirer of the physical carrier of a work of mind could be regarded as an embryonic form of lawful use, justified by the need for a fair balance between the interests of both parties (author and owner of the tangible carrier). In the case of a contract, where there are no express contractual terms in relation to the rights of both parties, the restriction of the author’s rights could be deduced by the duty to perform the contract in good faith.90 Furthermore, the legal mechanism of abuse of rights has also served as a balancing tool and enabled the courts to allow lawful enjoyment of the tangible carrier of the work.91 In that sense, the recognition of rights of lawful use is in a way inherent in the inevitable antagonism between the property right over the tangible carrier of the work and the intellectual property right over the intangible creation The legitimate existence of a property right over the object embodying the work is inextricably related to certain rights of lawful use, which follow the devolution of the property right over the carrier. These “user rights” should not normally impede the exercising of the economic rights of the author or other copyright holder, since by definition

 In conflicts between the author and the owner of the tangible carrier of a work, the courts have often justified the owner’s intervention to the work when this was necessary for technical or even commercial reasons. See for example: Civ. Versailles, 23 Juin 1932, D.H., p. 487 and CA Paris, 27 Avril 1934, Gaz. Pal.. jur., p. 165 (Case Lacasse et Welcome c/ Abbé Quenard): the destruction of the tangible carrier of a work (murals) by the lawful owner of this carrier was not found to violate the copyright of the author, especially for works destined to private use; Bruxelles, 15 décembre 1930, Pas. 1931, II, p. 6 (Case Université de Louvain c/ Whitney Warren): the architect who created the plans of the new library cannot impose on the owner of the library the placement of an inscription; Case Bonnier c/ Bull. Cass., 7 Janvier 1992, RIDA 1992/2, p. 194 (modifications made by the owner of the building for commercial/economic reasons were justified). For an analysis of the case law in Belgium and France see: Vanbrabant (2005), pp. 492–534. 90  Case Scrive c/ Centre commercial Rennes –Alma, TGI Paris, 14 mai 1974 and CA Paris, 10 juillet 1975, Dalloz 1977, jur., p. 342, in: Vanbrabant (2005), p. 519. 91  Vanbrabant (2005) op. cit., p. 523. 89

52

T.-E. Synodinou

these are related to use of the work and not to exploitation of the work outside the perimeter of legitimate private use.92 On the other hand, when a work is offered in terms of the provision of a service, lawful use will depend on the existence of a contract or licence allowing lawful access to the works. Regardless of whether access to the work is granted in return for payment of a fee (such as in open-content contracts) and of the way in which the contract has been concluded (such as accepting the terms of use of a website93), any violation of the terms of use by the licensee will render their use unlawful.94 Leaving aside these variations, it is vital for a flexible interpretation of the concept to be promoted, on the grounds of the central finding that use is to be either authorised by the right holder or not restricted by law. Consequently, this definition should mainly cover the following categories of lawful use: (a) lawful acquisition, possession and access, based on every kind of contract (licence, sale or resale, donation, public lending, rental, etc.). In this case, it will not be possible to justify lawful use on the grounds of copyright exceptions if the contract expressly overrides them, unless these exceptions are mandatory under the national copyright law applicable. Furthermore, such use will not be lawful if the contract is strictly stipulated as intuitu personae. The delineation of the lawful user’s rights and duties in the contractual agreement will certainly be a factor in legal certainty. Nonetheless, assessing lawful use based on contract might also present uncertainties, especially in cases where the user of the work has no direct contractual relationship with the copyright holder. Indeed, the task of assessing whether a person is a lawful user would be fairly straightforward in the case of a contract concluded directly between the user and the copyright holder or any other person having the right to conclude a contract in relation to the immaterial good. However, the situation could be more complicated for uses made by bona fide third parties, such as in cases involving a violation of the terms of GPL licences by an initial licensee. As any violation of the terms of the GPL automatically and simultaneously invalidates the licensee’s position (automatic reversal of rights), the question is whether a third party (for example a purchaser of a modified version of a software package marketed by an initial licensee in breach of the GPL terms) could be considered as a lawful user, and could therefore exercise the minimum lawful user rights laid down in the Software Directive. In light of a rigid application of the nemo dat rule, if a prerequisite exists requiring the licensor to grant a licence under copyright, then the third-party purchaser of the software cannot be considered as a lawful user, since the use is not based on an interruptible chain of lawful uses (the specific use was made without the right holder’s  Synodinou (2010), pp. 819–843.  This has been affirmed in the Ryanair case where the CJEU acknowledged that the acceptance by a visitor of a website of the general terms and conditions of that website by ticking a box to that effect is valid. See: CJEU, Ryanair Ltd v PR Aviation BV, C-30/14, Judgment of 15 January 2015, ECLI:EU:C:2015:10. 94  See Ryanair case, ibid. 92 93

2  Who Is a Lawful User in European Copyright Law? From a Variable Geometry…

53

c­ onsent). This, however, appears extremely restrictive for uses made by innocent bona fide third parties who were either not aware of, or ought to have been aware of, the breach of the GPL’s terms. In this context, the bona fide status of the user must also be a decisive factor in evaluating the lawfulness of use and enjoyment of the software lawful users’ minimum rights. Furthermore, as Guido Westcamp notes, the lawful user’s minimum rights to use the software have been granted by legislation, irrespective of the position of the vendor, and therefore a bona fide acquirer will likewise be protected under the lawful-user clause, which in practice limits the enforceability of the GPL.95 (b) lawful acquisition or lawful possession on the grounds of copyright law (exhaustion, copyright exceptions, if the latter are mandatory or they have not been overridden by contractual terms) and based on other legal provisions (such as the law of inheritance or insolvency). As previously mentioned, this has been confirmed in the UsedSoft case, where it was held that a lawful acquirer is not only an acquirer who is authorised, under a licence agreement concluded directly with the copyright holder, to use a computer program, but also a second acquirer of the licence, as well as any subsequent acquirers of it, who will be able to rely on exhaustion of the distribution right, and will hence be regarded as lawful acquirers of a copy of a computer program. This basis of lawful use relying on the exhaustion of the right of distribution might also present some grey areas. This will be the case when it is not clear whether the consent given by the right holder for the first sale of the immaterial good covers all subsequent uses. This question was addressed by the CJEU in the UsedSoft case,96 where the Court embraced a broad approach to the concept of “lawful acquirer” established by the Software Directive, and held that an acquirer of a software package who did not have any contractual relationship with the copyright holder could still be characterised as a lawful acquirer of the software, despite a licensing clause prohibiting any resale of the licence. Indeed, the CJEU held that a lawful acquirer is not only an acquirer who is authorised, under a licence agreement concluded directly with the copyright holder, to use a computer program, but also a second acquirer of the licence, as well as any subsequent acquirers of it, who will be able to rely on exhaustion of the distribution right, and will hence be regarded as lawful acquirers of a copy of a computer program. However, it is noteworthy that the lex specialis of the UsedSoft case does not cover uses of software in the context of a rental. Thus, in the event of a breach by the initial licensee/hirer of a licensing clause prohibiting the further transfer of the right to use the software, any subsequent use of the software by the person who has been granted the right to use the program by the initial licensee will not be lawful. Furthermore, the use made by the subsequent acquirer of the software will be lawful only if the specific conditions set by the CJEU are met (the right to use the software must have  Westkamp (2008), p. 55.  CJEU, UsedSoft GmbH v Oracle International Corp, Case C-128/11, Judgment of 3 July 2012, ECLI:EU:C:2012:407. 95 96

54

T.-E. Synodinou

been granted for an unlimited period, the initial copy must be deleted or made unusable, and there must be a sale in return for payment of a fee corresponding to the economic value of the copy of the software). In practice, it would be difficult to trace unlawful uses that do not meet these criteria, for example inactivation or erasure of the original copy in case of a resale. (c) uses based on the application of abstract legal principles embodying elements of fairness and of natural justice, such as interpreting the contract in accordance with good faith, but also assessing the users’ behaviour on the grounds of established principles of extra-contractual liability, such as the standard of care displayed by the bonus pater familias (the user must have acted as a “reasonable person”) or actual or constructive knowledge of copyright infringement or of the unlawfulness of the source of the work. Especially on the assessment by the user of the unlawful nature of the source of the work, it is necessary to promote an approach that considers the reality that it may be impossible—or at least extremely difficult—to know or presume that a source is unlawful, especially as regards sources found on line, unless its origin is obvious. In this context, a clause of exemption from liability (akin to a “lawful user” safe harbour) should be admitted for non-commercial use of a copyright-protected work accessed via an unlawful source, for users who could not reasonably be in a position to know or presume that the source of a work that they are using is unlawful.97 This clause would be part of a dynamic concept of lawful use which consolidates and further advances the existing acquis on lawful use and lawful source/access. Such a clause would provide a fair response to the significant information asymmetry98 faced by users in relation to the lawful nature of the source of the work. The establishment of such a clause in EU copyright law is not incompatible with the EU and international copyright acquis, since the assessment of the user’s state of mind is not being made in relation to the definition (or restriction) of the scope of copyright protection (rights and exceptions), but at a subsequent level when assessing the user’s final liability. Furthermore, instead of regulating the information asymmetry by the mechanisms traditionally employed in this area, such as by imposing an obligation on the right holders to disclose information, this solution respects the fundamental copyright dogma that copyright protection is obtained without formalities. (d) uses based on other legal grounds external to copyright law, such as the fundamental EU freedoms and fundamental rights.99 Indeed, it follows from the  See: Synodinou (2019).  Information asymmetry is defined as a situation in which respective parties’ own different amounts and types of information about a project or contract. See: Akerlof (1970). 99  For a recognition of this principle, see: Recital 3 of the Directive 2001/29/EC of the European Parliament and of the Council of 22 May 2001 on the harmonisation of certain aspects of copyright and related rights in the information society, Official Journal L 167, 22/06/2001 P. 0010 - 0019 (“The proposed harmonisation will help to implement the four freedoms of the internal market and relates to compliance with the fundamental principles of law and especially of property, including intellectual property, and freedom of expression and the public interest.”) and Recital 45 of Proposal of a Directive on copyright in the Digital Single Market, Brussels, 14.9.2016, COM(2016) 593 final (“This Directive respects the fundamental rights and observes the principles recognised 97 98

2  Who Is a Lawful User in European Copyright Law? From a Variable Geometry…

55

l­ongstanding case law of the Court that restrictions on the free movement of goods and services are only permissible if they are necessary to safeguard the specific subject matter of the intellectual property.100 The restriction of copyright law based on the EU trading freedoms has been affirmed both in by the Football Association Premier League case101 and the UsedSoft case. In the Football Association Premier League case, it was held that the free movement of services prohibited national legislation from making it unlawful to import and to sell and use foreign decoding devices giving access to an encrypted satellite broadcasting service from another Member State. Consequently, the temporary copy exception of Article 5 par. 1 of the Information Society Directive could not be neutralised based on territorial restrictions that go beyond what is necessary to ensure appropriate remuneration for the rights holders concerned. Similarly, according to the CJEU’s underlying logic in UsedSoft, as long as restrictions on the resale of electronic copies of computer programs downloaded from the Internet go beyond what is necessary to safeguard the specific subject matter of copyright, national legal provisions permitting this will conflict with the fundamental freedom of movement of goods or services, as they undoubtedly will have the potential to affect trade between Member States.102 However, the question of establishing lawful use based on fundamental rights, which do not have a counterpart in specific copyright exceptions, is trickier and still uncertain. According to the CJEU, fundamental rights can serve as an interpretative standard for the existing exceptions and as an assessment standard for specific enforcement measures aimed at intermediary parties.103 Furthermore, certain exceptions with a strong grounding in freedom of expression, and mainly that of parody, may outweigh copyright protection even in the absence of a relevant corresponding legislative copyright exception.104 However, in his recent Opinion in the Spiegel Online (C-516/17) case, Advocate General Szpunar denied that lawful use could be established directly based on the Charter of Fundamental Rights of the EU,105 when suggesting that freedom of expression does not constitute a limitation and does not justify an exception to or an infringement of the exclusive rights of the author ­outside the limitations and exceptions provided for in Article 5 (2) and (3) of Directive 2001/29. Nonetheless, it is noteworthy that in AG Szpunar’s view, the in particular by the Charter of Fundamental Rights of the European Union. Accordingly, this Directive should be interpreted and applied in accordance with those rights and principles”). For such an approach, see: Hugenhlotz (2017), pp. 275–291. 100  Rognstad (2014) with reference to: CJEU, joined cases C-427/93, C-429/93 and C-436/93, Bristol Myers Squibb and others v. Paranova A/S [1996] ECR I-3457 para 36. 101  CJEU, Football Association Premier League Ltd and Others v QC Leisure and Others (C-403/08) and Karen Murphy v Media Protection Services Ltd, (Case C-429/08), Judgment of 4 October 2011. 102  Rognstad (2014), op. cit. 103  van Deursen and Snijders (2018), pp. 1080–1098. 104  See, for instance, for Belgium: Cour Cass., 5 Avril 2001, Auteurs & Media 2001/3, p. 400, in: Voorhoof (2006), p. 5. 105  Opinion of 10th January 2019, Spiegel Online GmbH contre Volker Beck, Case C-516/17.

56

T.-E. Synodinou

courts might intervene in exceptional cases to safeguard a fundamental right (freedom of expression in this case) even in the absence of a specific corresponding exception (when the “essence of a fundamental right” is at stake106). Certainly, the introduction of the concept of the “lawful user”, combined with the recognition of a minimum level of lawful users’ rights in European copyright legislation, form the core of a subversive approach to copyright regulation. As demonstrated, initially this evolution was strictly related to specific intangible goods with a strong user/consumer-oriented dimension. In this context, it has been seen only as part of a peculiar lex specialis within copyright law and not as a horizontal principle within the EU copyright system. Indeed, the ius cogens in favour of lawful users can be applied only as part of the special EU regime governing computer programs and databases, and not when a software package or a database is protected by other means, such as by contract. This has been affirmed in the Ryanair case,107 where the CJEU was called on to decide whether the restrictive contractual clauses imposed by Ryanair (use of the information held on the Ryanair website for private and non-­ commercial purposes only, and prohibition of screen scraping) constituted a violation of Article 15 of the Database Directive. Consequently, the maker of a database that is not protected by the Database Directive is not obliged to safeguard a minimum level of free use of database contents for lawful users, such as the right for a lawful user to extract and reuse an insubstantial part of the database’s contents for any reason. This paradox has also been pinpointed in the study in support of the evaluation of Directive 96/9/EC on the legal protection of databases, where the introduction of a rule reversing the CJEU Ryanair ruling is proposed, so that exceptions can apply to lawful users whatever contracts may say, and they include a user right for databases that do not fall within the definition of a database.108 In the meantime, since the analogous concepts of “lawful use” and of “legal/lawful access” have appeared and been used inconsistently in subsequent EU copyright legislation, it is vital that the concept of “lawful use” is given a uniform and horizontal meaning in all European copyright law instruments. The horizontal application of the concept of “lawfulness” presupposes a dynamic and flexible interpretation of “lawfulness”, which inherently encompasses elements of fairness and natural justice. The expansion of the concept of “lawful use” to encompass the entire copyright legal ecosystem inserts a new, better-adjusted dimension into the relationship between authors, right holders and users.

 See on this point: Geiger and Izyumenko (2019).  Supra n. 93. 108  European Commission (2018), p. 141. 106 107

2  Who Is a Lawful User in European Copyright Law? From a Variable Geometry…

57

5  Conclusion The concept of “lawful use” first made its appearance in sectoral EU copyright legislation in relation to information goods. It also appeared sporadically in various EU copyright provisions in the field of copyright exceptions. Although the concept is marginal in EU copyright legislation, the CJEU has implicitly consolidated the concept of “lawful use” and expanded its application in relation to the main economic rights granted by copyright law for all categories of works. Lawful use could be seen as an oxymoron in EU copyright law. On the one hand, it is perceived as a means for restricting the use of copyright-protected works in the sense that there is a trend towards only lawful users being able to avoid liability for copyright infringement when accessing or using works. On the other hand, the effective enjoyment of copyright exceptions both in the Software and the Database Directive has been safeguarded for lawful users only, as lawful users are the only ones who enjoy exceptions in terms of user rights, which cannot be overridden by contract. The two facets of the concept of “lawful use” are organically interlinked. Indeed, the concept of “lawful use” makes sense if, in addition to being subject to obligations, the lawful user also possesses certain enforceable rights, whose violation could be the basis of a legal claim and not only vaguely a privilege or “freedom”. A first step in this direction is for all EU copyright exceptions to become jus cogens. After all, if copyright exceptions can be overridden by contracts and technological protection measures, the concept of a “lawful use” becomes an empty shell. Accordingly, the effective safeguarding of copyright exceptions presupposes a redefinition of the legal relationship between the author/right holder through the prism of Hochfeld’s jural correlative pairing of “right-duty109”. Restructuring copyright exceptions as rights, which are distinguishable from permissions, privileges or freedoms, presupposes the recognition of a corresponding correlative duty on the part of the author or right holder not to violate the users’ rights. This change must be accompanied by the introduction of procedural mechanisms, such as the establishment of autonomous locus standi of lawful users to bring a claim before a court for the protection of their rights, such as against the neutralisation or restriction of copyright exceptions. It is vital to favour a taxonomy of “lawful use” in European copyright legislation. The concept must be clarified and given a coherent meaning to cover both uses that are authorised by the right holders and uses that are not restricted by law, by considering the legal ideals of fairness (which is mainly expressed by the notion of good faith) and objective reasonableness. These conceptual pillars of lawfulness should not be seen as mutually antagonistic, but as its necessary and complementary components. In the author’s view, the dual function of the concept, which acts both as an enabling and as a restrictive clause, will provide an enhanced calibration of the interests of both copyright holders and users. 109

 Hohfeld (1913).

58

T.-E. Synodinou

References Akerlof G (1970) The market for lemons: quality uncertainty and the market mechanism. Q J Econ 84(3):488–500 ALAI Opinion on CJEU, C-161/17, Land Nordrhein-Westfalen v Dirk Renckhoff, [2018], ECLI:EU:C:2018:634. Available via http://www.alai.org/en/assets/files/resolutions/180529opinion-land-nordrhein-westfalen-en.pdf Arden M (2013) Coming to terms with good faith. JCL 30:199 Beatson J, Friedman D (eds) (2002) Good faith and fault in contract law. Clarendon Press, Oxford Bellan A (2016) Compared to Svensson, GS Media is not that bad after all. Available via http:// ipkitten.blogspot.com/2016/10/compared-to-svensson-gs-media-is-not.html Blocher W, Walter M (2010) Computer Program Directive, Article 5. In: Walter M, von Lewinski S (eds) European copyright law, a commentary. OUP, Oxford Breedveld-de Voogd CG, Castermans AG, Knigge MW, van der Linden T, ten Oever TA (eds) (2016) Core concepts in the Dutch Civil Code, continuously in motion. Wolters Kluwer, Deventer, p 49 Buydens M (1997) Le projet de loi transposant en droit Belge la directive européenne des bases de données. Auteurs & Media 4:335, 342 Caron C (2006) Droit d’auteur et droits voisins. Lexis Nexis Litec, Paris, p 273 Cohen J (2005) The place of the user in copyright law. Fordham Law Rev 74:347–374 Collins H (1994) Good faith in European contract law. Oxford J Leg Stud 14(2):229–254 Derclaye E (2008) The legal protection of databases: a comparative analysis. Edward Elgar Derclaye E (2014) The Database Directive. In: Stamatoudi I, Torremans P (eds) European copyright law, a commentary. Edward Elgar, Cheltenham Dormont S (2017) L’arrêt GS Media de la Cour de Justice de l’Union européenne : de précisions en distinctions, l’hyperlien lui fait perdre son latin. Communication Commerce Electronique (2) Dusollier S (2000) Incidences et réalités d’un droit de contrôler l’accès en droit européen in Le Droit d’auteur : un contrôle de l’accès aux œuvres ? Cahiers du CRID n° 18, pp 25–52 Dusollier S (2005) L’utilisation légitime de l’œuvre: un nouveau sésame pour le bénéfice des exceptions en droit d’auteur ? Communication-Commerce Electronique (11):17–20 Dusollier S, Pouillet Y, Buydens M (2000) Copyright and access to information in the digital environment. A study prepared for the Third UNESCO Congress on Ethical, Legal and Societal Challenges of Cyberspace, Infoethics, Paris Dussolier S (2005) Droit d’auteur et protection des œuvres dans l’univers numérique, Droits et exceptions à la lumière des dispositifs de verrouillage des œuvres. Larcier, Bruxelles, p 449 European Commission (2018) Directorate-General for Communications Networks, Content and Technology, Study in Support of the Evaluation of the Database Directive. Publications Office of the European Union, Luxembourg European Copyright Society (2017) General Opinion on the EU Copyright Reform Package, 24 January 2017 Forte ADM (ed) (1999) Good faith in contract and property law. Hart Publishing Gaster JL (1996) La protection juridique des bases de données à la lumière de la discussion. In: Doutrelepont, Van Binst, Wilkin (eds) Libertés, Droits Et Résaux Dans La Société De L’information, pp 38–39 Geiger C (2004) Droit d’auteur et droit du public à l’information, Approche de droit compare. Litec, Paris Geiger C, Izyumenko E (2019) Freedom of expression as an external limitation to copyright law in the EU: The Advocate General of the CJEU shows the way, European Intellectual Property Review; Centre for International Intellectual Property Studies (CEIPI) Research Paper N°2018-12. Available at SSRN: https://ssrn.com/abstract=3293735 or https://doi.org/10.2139/ ssrn.3293735

2  Who Is a Lawful User in European Copyright Law? From a Variable Geometry…

59

Geiger C, Frosio G, Bulayenko O (2018) The Exception for Text and Data Mining (TDM) in the Proposed Directive on Copyright in the Digital Single Market-Legal Aspects, In depth Analysis for the JURI Committee, European Parliament, E 604.941 Ghestin J (1982) L’utile et le juste dans les contrats. Dalloz, chr. 1 Ginsburg J (2000) From having copies to experiencing works: the development of an access right in U.S. copyright law. Available via http://papers.ssrn.com/paper.taf?ABSTRACT_ID=222493 Grosheide (2002) Database protection—the European way. Wash Univ J Law Policy 8:39. Available via http://openscholarship.wustl.edu/law_journal_law_policy/vol8/iss1/4 Headdon T (2011) Ghosts in the machine: copyright and temporary copies. Comput Law 22(4):15–18. Available via https://www.blplaw.com/media/pdfs/News%20and%20Views/ SCL_-_November_-_THEA_article.pdf Hohfeld NW (1913) Some fundamental legal conceptions as applied in judicial reasoning. Yale Law J 23. Available via http://digitalcommons.law.yale.edu/ylj/vol23/iss1/4 Hoskins (2014) Contractual obligations to negotiate in good faith: faithfulness to the agreed common purpose. LQR 130:131 Hugenhlotz PB (2017) Flexible copyright, can the author’s rights accommodate fair use? In: Okediji R (ed) Copyright law in an age of limitations and exceptions. Cambridge University Press, pp 275–291 Hugenholtz PB, Senftleben M (2011) Fair use in Europe, in search of flexibilities. Available via: https://www.ie-forum.nl/backoffice/uploads/file/IE-Forum%20P_B_%20Hugenholtz%20 en%20M_R_F_%20Senftleben,%20Fair%20use%20in%20Europe_%20In%20search%20 of%20flexibilities,%20IEF%2010485,%20IViR%2014%20november%202011_.pdf Koumantos G (1997) Les bases de données dans la directive communautaire. RIDA, n°171, pp 78–137 Lokhorst G (2017) GS Media in the National Courts: fresh issues on the meaning of ‘for profit’. Available via http://copyrightblog.kluweriplaw.com/2017/01/17/ gs-media-national-courts-fresh-issues-meaning-profit/ Lucas A, Lucas Schloetter A, Bernault C (2017) Traité de la propriété littéraire et artistique. LexisNexis, Paris Mackaay E (2012) Good faith in civil law systems. A legal-economic analysis. Revista Chilena de Derecho Privado, N° 18, pp 149–177 Masse C (1994) Rapport general. In: Travaux de l’Association Henri Capitant, La bonne foi. Litec, Paris, pp 224–227 Munukka J (2005) Harmonisation of contract law: in search of a solution to the good faith problem. In: Perspectives on jurisprudence: essays in Honor of Jes Bjarup, pp 229–250. Stockholm Institute for Scandinavian Law; ISBN: 91-85142-62-X. Available at SSRN: https://ssrn.com/ abstract=3063258X Peden E (2002) The meaning of contractual good faith. Aust Bar Rev 22, Queensland Peden E (2009) Implicit good faith - or do we still need an implied term of good faith? J Contract Law 25, Sydney Quintais JP, de Leeuw A (2014) No more downloading from unlawful sources?. Kluwer Copyright Blog. Available via http://copyrightblog.kluweriplaw.com/2014/05/12/ no-more-downloading-from-unlawful-sources/ Rognstad OA (2014) Legally flawed but politically sound? Digital exhaustion of copyright in Europe after UsedSoft. Oslo Law Review 01, vol 1. Available via https://www.idunn.no/ oslo_law_review/2014/01/legally_flawed_but_politically_sound_digital_exhaustion_ Rolland L (1996) La bonne foi dans le Code civil du Québec: Du général au particulier. Revue de droit de l’Université de Sherbrooke, vol 26, Sherbrooke Seville C (2016) EU intellectual property law and policy. Edward Elgar, Cheltenham Storme M (2003) Good faith and the contents of contracts in European contract law. Electron J Comp Law 7.1. Available via http://www.ejcl.org/71/art71-1.html Synodinou T (2010) The lawful user and a balancing of interests in European copyright law. IIC:819–843

60

T.-E. Synodinou

Synodinou T (2012) The principle of technological neutrality in European copyright law: myth of reality? EIPR (9):618–627 Synodinou T (2016) EU portability regulation: in-depth analysis of the proposal for the Juri Committee. European Parliament. Available via http://www.europarl.europa.eu/RegData/ etudes/IDAN/2016/571369/IPOL_IDA(2016)571369_EN.pdf Synodinou T (2017) Opinion, decoding the Kodi Box: to link or not to link? EIPR (12):733–736 Synodinou T (2019) Lawfulness for users in European copyright law: acquis and perspectives. JIPITEC 10(1) Tan ZX (2016) Keeping faith with good faith? The evolving trajectory post-Yam Seng and Bhasin. J Bus Law 5:420–446 Trakman LE, Sharma K (2014) The binding force of agreements to negotiate in good faith. Camb Law J 73:598 Triaille J (de Woolf partner), de Meeus d’Argenteuil J and with the collaboration of de Francquen A (2014) Study on the legal framework of text and data mining (TDM) for the Directorate-­ General for the Internal Market and Services, p 110. Available via https://publications.europa. eu/en/publication-detail/-/publication/074ddf78-01e9-4a1d-9895-65290705e2a5/language-en van Deursen S, Snijders T (2018) The Court of Justice at the crossroads: clarifying the role for fundamental rights in the EU copyright framework. IIC 49(9):1080–1098 Van Eechoud M, Hugenholtz PB, van Gompel S, Guibault L, Helberger N (2009) Harmonizing European copyright law. Wolters Kluwer, Kluwer Law International Vanbrabant B (2005) Corpus mechanicum v corpus mysticum : des conflits entre l’auteur d’une oeuvre et le propriétaire du support. Revue de la Faculté de droit de Liège 4:492–534 Vanovermeire V (2000) The concept of the lawful user in the database directive. IIC (1):63–81 Von Lewinski S (2010) Database Directive, Article 6. In: Walter M, von Lewinski S (eds) European copyright law, a commentary. OUP, Oxford Voorhoof D (2006) La liberté d’expression est-elle un argument légitime en faveur du non-respect du droit d’auteur? La parodie en tant que métaphore. In: Strowel A, Tulkens F (eds) Droit d’auteur et liberté d’expression, Regards francophones, d’Europe et d’ailleurs. Larcier, p 5 Westkamp G (2004) Temporary copying and private communications-the creeping evolution of use and access rights in European copyright law. George Wash Int Law Rev:1057 Westkamp G (2008) The limits of open source: lawful user rights, exhaustion and co-existence with copyright law. Intellect Prop Q (14):14–57 Zimmermann R (2001) Roman law, contemporary law, European law-the civilian tradition today. Oxford University Press, Oxford Zimmermann R, Whittaker S (eds) (2000) Good faith in European contract law. Cambridge University Press, Cambridge

Chapter 3

Linking and Copyright: Easier at Last? First National Applications of the CJEU GS Media Judgment Eleonora Rosati

Abstract  The Court of Justice of the European Union (CJEU) has been asked to clarify the appropriate construction of the right of communication to the public under Article 3(1) of Directive 2001/29 (InfoSoc Directive) in multiple occasions. When the opportunity first arose—in Svensson and Others, C-466/12—to tackle the relationship between linking to protected content and Article 3(1) of the InfoSoc Directive, the resulting judgment proved unsatisfactory. In particular, what remained uncertain was the treatment of linking to unlicenced content. In GS Media, C-160/15, the Court finally addressed this scenario. Although this judgment was arguably more articulated than the one in Svensson and Others, C-566/12, it was not less ambiguous. The first national decisions issued in the aftermath of the ruling in GS Media, C-160/15, are a demonstration of all this: national applications show diverging approaches to the interpretation of relevant CJEU case law or resistance tout court.

1  The Right of Communication to the Public The right of communication to the public under Art. 3.1 of the InfoSoc Directive1 has been subject to a significant number of referrals since the first ruling in 2006 in SGAE, C 306/05.2 By relying on international sources and a purpose-driven

 Directive 2001/29/EC of the European Parliament and of the Council of 22 May 2001 on the harmonisation of certain aspects of copyright and related rights in the information society, OJ L 167 (InfoSoc Directive). 2  They are (in chronological order, as of August 2018): CJEU, SGAE v Rafael Hoteles SA, Case C 306/05, Judgment of 7 December 2006; CJEU, Organismos Sillogikis Diacheirisis Dimiourgon Theatrikon kai Optikoakoustikon Ergon v Divani Anonimi Xenodocheiaki kai Touristiki Etaireia, Case C 136/09, Judgment of 18 March 2010; CJEU, Circul Globus Bucureşti v Uniunea Compozitorilor şi Muzicologilor din România—Asociaţia pentru Drepturi de Autor (UCMR— 1

E. Rosati (*) Law Department, Stockholm University, Stockholm, Sweden e-mail: [email protected] © Springer Nature Switzerland AG 2020 T.-E. Synodinou et al. (eds.), EU Internet Law in the Digital Era, https://doi.org/10.1007/978-3-030-25579-4_3

61

62

E. Rosati

interpretation of the InfoSoc Directive, the CJEU has construed this exclusive right broadly and in such a way as to encompass, subject to a number of conditions, different types of acts, including the making available of TV sets in certain contexts, linking to protected content, the provision of certain types of set-up boxes, indexing activities by a platform, and cloud-based recording services.3 At the international level, the right of communication to the public received its first formulation in Article 11bis of the Berne Convention, as adopted in 1928 and later revised by the Brussels Act 1948.4 The WIPO Copyright Treaty supplemented the Berne Convention,5 and introduced the concept of ‘making available to the public’.6 The wording of Art. 3.1 of the InfoSoc Directive is derived from Art. 8 of the WIPO Copyright Treaty. However, Art. 3.1 of the InfoSoc Directive does not define the concept of ‘communication to the public’. This provision, in fact, only states that: ADA), Case C 283/10, Judgment of 24 November 2011; CJEU, Football Association Premier League Ltd and Others v QC Leisure and Others (C 403/08) and Karen Murphy v Media Protection Services Ltd (C 429/08), Joined cases C 403/08 and C 429/08, Judgment of 4 October 2011; CJEU, Airfield NV, Canal Digitaal BV v Belgische Vereniging van Auteurs, Componisten en Uitgevers CVBA (Sabam) (C-431/09) and Airfield NV v Agicoa Belgium BVBA (C-432/09),, Case C 431/09 and C 432/09, Judgment of 13 October 2011; CJEU, SCF v Marco Del Corso, Case C 135/10, Judgment of 15 March 2012; CJEU, Phonographic Performance v Ireland, Attorney General, Case C 162/10, Judgment of 15 March 2012; CJEU, ITV Broadcasting v TV Catchup Ltd, Case C 607/11, Judgment of 7 March 2013; CJEU, Svensson and Others v Retriever Sverige AB, Case C 466/12, Judgment of 13 February 2014; CJEU, OSA v Léčebné lázně Mariánské Lázně a.s., Case C 351/12, Judgment of 27 February 2014; CJEU, BestWater v Michael Mebes and Stefan Potsch, C 348/13, Judgment of 21 October 2014; CJEU, C More Entertainment AB v Linus Sandberg, Case C 279/13, Judgment of 26 March 2015; CJEU, Sociedade Portuguesa de Autores CRL v Ministério Público and Others, Case C 151/15, Judgment of 14 July 2015; CJEU, SBS Belgium v Belgische Vereniging van Auteurs, Componisten en Uitgevers (SABAM), Case C 325/14, Judgment of 19 November 2015; CJEU, Reha Training Gesellschaft für Sport- und Unfallrehabilitation mbH v Gesellschaft für musikalische Aufführungs- und mechanische Vervielfältigungsrechte eV (GEMA), Case C 117/15, Judgment of 31 May 2016; CJEU, GS Media v Sanoma Media Netherlands BV and Others, Case C 160/15, Judgment of 8 September 2016; CJEU, AKM v Zürs.net Betriebs GmbH, Case C 138/16, Judgment of 16 March 2017; CJEU, Stichting Brein v Jack Frederik Wullems, Case C 527/15, Judgment of 26 April 2017; CJEU, Stichting Brein v Ziggo BV and XS4All Internet BV, Case C 610/15, Judgment of 14 June 2017; CJEU, VCAST Limited v RTI SpA, Case C 265/16, Judgment of 29 November 2017; and CJEU, Land Nordrhein-Westfalen v Dirk Renckhoff, Case C 161/17, Judgment of 7 August 2018. 3  According to some commentators, rather than a unified concept of communication to the public, in its case law the CJEU has created specific sui generis groups of communication to the public cases: see Clark and Tozzi (2016), p. 717. 4  World Intellectual Property Organization (2003); Berne Convention for the Protection of Literary and Artistic Works (Paris Act of 24 July 1971 as amended on 28 September 1979) (Bern Convention) 11bis. 5  Article 1.4 of the WIPO Copyright Treaty mandates compliance with Articles 1 to 21 of and the Appendix to the Berne Convention. 6  On the concept of making available within Article 8 of the WIPO Copyright Treaty, see Walter and von Lewinski (2010), pp. 975–980.

3  Linking and Copyright: Easier at Last? First National Applications of the CJEU GS…

63

[EU] Member States shall provide authors with the exclusive right to authorise or prohibit any communication to the public of their works, by wire or wireless means, including the making available to the public of their works in such a way that members of the public may access them from a place and at a time individually chosen by them. Lacking a definition of the notion of ‘communication to the public’, the CJEU has sought to determine the meaning and scope of this concept in light of the objectives pursued by the InfoSoc Directive, notably ensuring a high level of protection of intellectual property (Recital 24) and for authors. In its rich body of case law on Art. 3.1, the Court has consistently stated that the essential requirements of Art. 3.1 are an ‘act of communication’ directed to the ‘public’. In addition, the CJEU also highlighted the importance of considering additional criteria, which are not autonomous and are interdependent, and may—in different situations—be present to widely varying degrees. Such criteria must be applied both individually and in their interaction with one another.7

1.1  R  equirements and Criteria Under Art. 3.1 of the InfoSoc Directive8 Starting from ‘public’, this is a concept that has not been straightforward to comprehend because the relevant understanding may change depending on the context.9 In general terms, the notion of ‘public’ is that of an indeterminate and fairly large (above de minimis) number of people.10 In the case of a communication concerning the same works as those covered by the initial communication and made by the same technical means (e.g., internet), the communication must be directed to a ‘new’ public. Derived from the interpretation given by the 1978 WIPO Guide to the Berne Convention of Article 11bis(1)(iii) of the Berne Convention as first employed by Advocate General (AG) La Pergola in his Opinion in EGEDA, C 293/98,11 the ‘new public’ that is relevant to the establishment of Art. 3.1 applicability is the public that was not considered by the relevant rightholder when they authorised the initial communication to the public.12  SCF, par. 79; Phonographic Performance (Ireland), par. 30; Reha Training, par. 35; GS Media, par. 34; Stichting Brein, C-527/15, par. 30; Stichting Brein, C-610/15, par. 25. 8  This part builds upon Rosati (2017a), pp. 1233–1238 and Rosati (2017b), p. 737 ff. 9  Karapapa (2017), p. 66. 10  SGAE, par. 38; SCF, par. 84; Phonographic Performance (Ireland), par. 33; ITV Broadcasting, par. 32; Svensson and Others, par. 21; OSA, par. 27; Sociedade Portuguesa de Autores CRL, par. 19; SBS Belgium, par. 21; GS Media, par. 36; Stichting Brein, C-527/15, par. 45; AKM, par. 24; Stichting Brein, C-610/15, par. 27 and 42. 11  Opinion of Advocate General Antonio Mario La Pergola in EGEDA, C-293/98, EU:C:1999:403, par. 20. See further Hugenholtz and Van Velze (2016), pp. 802–803. 12   SGAE, par. 40, 42; Organismos Sillogikis Diacheirisis Dimiourgon Theatrikon kai Optikoakoustikon Ergon, par. 39; Football Association Premier League and Others, par. 197, 7

64

E. Rosati

On the notion of ‘act of communication’, case law appears now solidly oriented in the sense of requiring the mere making available of a copyright work—not its actual transmission13—in such a way that the persons forming the public may access it, irrespective of whether they avail themselves of such opportunity.14 In cases where the CJEU has held the making available of a work sufficient, the Court has however indicated the need to consider whether there is a necessary and deliberate intervention on the side of the user/defendant, without which third parties could not access the work at issue. More specifically, the user makes an act of communication when it intervenes—in full knowledge of the consequences of its action—to give access to a protected work to its customers, and does so, in particular, where, in the absence of that intervention, their customers would not, in principle, be able to enjoy the work.15 With particular regard to the notion of indispensability of one’s own intervention, the Court has recently clarified that an intervention which facilitates access to unlicensed content that would be otherwise more difficult to locate qualifies as an ‘indispensable intervention’.16 Over time, the CJEU has indeed dismissed attempts to interpret this criterion narrowly. A clear example is GS Media, C 160/15. In his relevant Opinion, AG Wathelet had excluded tout court that the unauthorised provision of a link to a copyright work—whether published with the consent of the rightholder or not—could be classified as an act of communication to the public. This would be so, considering that to establish an act of communication, the intervention of the ‘hyperlinker’ must be vital or indispensable to benefit from or enjoy the relevant copyright work. Hyperlinks posted on a website that direct to copyright works freely accessible on another website cannot be classified as an ‘act of communication’: the intervention of the operator of the website that posts the hyperlinks is not indispensable to the making available of the works in question to users.17 Airfield and Canal Digitaal, par. 72; Svensson and Others, par. 24; OSA, par. 31; Reha Training, par. 45; GS Media, par. 37; Stichting Brein, C 527/15, par. 47; Stichting Brein, C 610/15, par. 28; Renckhoff, par. 24. But cf AKM, par. 26-27, suggesting that consideration of whether the communication at hand is addressed to a ‘new public’ is required also when the specific technical means used is different. On whether terms and conditions of use of a certain website might be relevant to determine whether the public targeted by the defendant’s link is ‘new’, see (arguing in the negative) McBride (2017), pp. 275–277. 13  This appeared to be the case in: Circul Globus Bucureşti, par. 40; Football Association Premier League and Others, par. 190, 193, and 207; OSA, par. 25; SBS Belgium, par. 16; and Reha Training, par. 38. 14  SGAE, par. 43; Svensson and Others, par. 19; GS Media, par. 27; Stichting Brein, C 527/15, par. 36, AKM, par. 20; Stichting Brein, C 610/15, par. 19; Renckhoff, par. 20. On the accessibility criterion, see (critically) Koo (2018), pp. 545–546. 15  SGAE, par. 42; Football Association Premier League and Others, par. 194, 195; Airfield and Canal Digitaal, par. 79; SCF, par. 82; Phonographic Performance (Ireland), par. 31; Reha Training, par. 46; GS Media, par. 35; Stichting Brein, C 527/15, par. 31; Stichting Brein, C 610/15, par. 26. 16  Stichting Brein, C 527/15, par. 41; Stichting Brein, C 610/15, par. 26. 17  Opinion of Advocate General Melchior Wathelet in GS Media, C 160/15, Opinion of 7 April 2016, par. 57–60.

3  Linking and Copyright: Easier at Last? First National Applications of the CJEU GS…

65

Another criterion considered by the CJEU is whether the user/defendant merely provides physical facilities or not. While the mere provision of physical facilities does not amount to an act of communication to the public (Recital 27), the installation of such facilities may make the public access to copyright works technically possible, and thus fall within the scope of Art. 3.1 of the InfoSoc Directive.18 In addition to the requirements of an act of communication directed to the public, the Court also considered—from time to time—other non-autonomous and interdependent criteria (having no clear textual basis). Such criteria may, in different situations, be present to widely varying degrees. They must be applied both independently and in their interaction with one another.19 In GS Media, C 160/15, the Court, among other things, relied in particular on the ‘profit-making’ character of the communication at issue to determine potential liability of the ‘hyperlinker’ for the posting of links to unlicenced content. Before GS Media, C 160/15, the profit-making character of the communication at issue had not been given the centrality that the Court did instead acquire in that case: in Reha Training, C 117/15, for instance, the Grand Chamber of the CJEU considered that this criterion, while not irrelevant, would not however be decisive.20 In GS Media, C 160/15, instead, the Court adopted a rebuttable presumption that ‘when the posting of hyperlinks is carried out for profit, it can be expected that the person who posted such a link carries out the necessary checks to ensure that the work concerned is not illegally published on the website to which those hyperlinks lead, so that it must be presumed that that posting has occurred with the full knowledge of the protected nature of that work and the possible lack of consent to publication on the internet by the copyright holder.’21 Overall, in the context of communication to the public by linking, the Court deemed it necessary to move towards an assessment in which the subjective element is decisive for determining prima facie liability.22 The operation of this presumption was confirmed in the subsequent ruling in Stichting Brein, C 527/15.23 As discussed more at length elsewhere, it might not be self-evident whether the presence of a profit-making intention should be assessed in relation to the specific act of communication at hand, or the broader context in which such act is performed (see also below Sect. 2.3). Although both alternatives may be plausible, consideration of the context in which the relevant link is provided is more in line with existing CJEU case law, both preceding and following GS

 SGAE, par. 45–47.  GS Media, par. 34, referring to: SCF, par. 79; Phonographic Performance (Ireland), par. 30; and Reha Training, par. 35. 20  Reha Training, par. 49, referring to: ITV Broadcasting and Others, par. 43; and Football Association Premier League and Others, par. 204. Commenting favourably on the consideration of the profit-making character of the communication at issue, see Mysoor (2013), p. 182. 21  GS Media, par. 51. 22  On this, see (critically) Synodinou (2017), p. 735. 23  Stichting Brein, C 527/15, par. 49, 51. 18 19

66

E. Rosati

Media, C 160/15.24 In SGAE, C 306/05, Football Association Premier League and Others, C 403/08 and C 429/08, and Reha Training, C 117/15, in fact, the Court considered that the profit-making nature of the communication would be apparent from the fact that the defendants transmitted the relevant works in their own establishment (hotels, a public house and a rehabilitation centre, respectively) to benefit therefrom and attract customers to whom the works transmitted are of interest.25 In Stichiting Brein, C 527/15, the CJEU identified the profit-making intention of the defendant in the circumstance that the relevant multimedia player ‘is supplied with a view to making a profit, the price for the multimedia player being paid in particular to obtain direct access to protected works available on streaming websites without the consent of the copyright holders.’26

2  Communication to the Public and Linking 2.1  Svensson and Others, C 466/12 In its 2014 decision in Svensson and Others, C 466/12, the CJEU ruled that, at certain conditions, the provision of a hyperlink to a work hosted on a third-party website falls within the scope of copyright protection. More specifically, linking to protected content may be regarded as an act of communication to the public within Art. 3.1 of the InfoSoc Directive. Qualification of linking as an act of communication to the public means that, when the link in question is provided without permission from the relevant rightholder, this activity could amount, prima facie, to copyright infringement. Whether the act in question is an actual infringement depends on additional considerations, including whether the work at hand is protected by copyright in the first place, and whether the defendant may successfully invoke one or more copyright defences available under the applicable national copyright regime. The main question of the referring court, the Svea Court of Appeal (Sweden), was whether the provision of a hyperlink to a work lawfully made available on a certain website where it is freely accessible is to be regarded as an act of communication to the public within Art. 3.1 of the InfoSoc Directive. This reference for a preliminary ruling had been made in the context of proceedings between a number of journalists and media monitoring provider Retriever, and concerned their request for compensation for the harm suffered as a result of the inclusion, on the latter’s

 Rosati (2017a), pp. 1237–1238. In a similar sense, see also Clark and Dickinson (2017), pp. 269– 270. Submitting instead that the profit-making intention of the ‘hyperlinker’ is to be appreciated with regard to the particular act of hyperlinking, see Rendas (2017), pp. 14. 25  SGAE, par. 44; Football Association Premier League and Others, par. 205–206; Reha Training, par. 63–64. 26  Stichting Brein, C 527/15, par. 51. 24

3  Linking and Copyright: Easier at Last? First National Applications of the CJEU GS…

67

website, of hyperlinks redirecting users to press articles (in which the applicants held the copyright) freely accessible on the Göteborgs-Posten website. In its decision, the CJEU noted that the concept of communication to the public within Art. 3.1 of the InfoSoc Directive includes two cumulative criteria: an ‘act of communication’ of a work, directed to the ‘public’.27 On the first condition, the Court arguably paid lip-service to the requirement that the concept of ‘communication to the public’ be construed broadly to ensure, in accordance with, inter alia, Recitals 4, 9 and 23 in the preamble of the InfoSoc Directive, a high level of protection for rightholders. The provision of hyperlinks on a website to protected works published without any access restrictions on another site offers to the users of the first site direct access to those works, and therefore amounts to an ‘act of communication’.28 Turning to the second condition, i.e., that the communication is directed to the ‘public’, the CJEU recalled that the term ‘public’ refers to an indeterminate number of potential recipients and implies a fairly large number of persons.29 However, an act of communication within Article 3.1 of the InfoSoc Directive requires that a communication concerning the same works as those covered by the initial communication and made by the same technical means (i.e., internet), must also be directed to a ‘new’ public. This is the public that was not considered by the relevant rightholder when they authorised the initial communication to the public.30 The CJEU concluded that the provision of a hyperlink to a work lawfully and freely accessible on a third-party website does not fall within the scope of Art. 3.1. of the InfoSoc Directive. This is because the public targeted by the initial communication consists of all potential visitors to the site concerned. As such, the hyperlink would not communicate the work to the public not considered by the relevant rightholder at the time of authorising the initial communication.31 If there is no ‘new’ public, then there is no infringing act. In this sense, the requirement that the public targeted by the act of linking be new means overcoming something that, on the side of the relevant rightholder, may be regarded as an implied licence. Indeed, this argument holds true if the content made available online and linked to have been published with the consent of the relevant rightholder.32 The CJEU itself framed the ‘new public’ requirement within a licencing perspective. In Soulier and  Svensson and Others, par. 16, referring to ITV Broadcasting, par. 21, 31.  In its opinion before the CJEU judgment, the European Copyright Society held the view that linking could not qualify as an act of communication to the public, also on consideration that a transmission of a work—as opposed to its mere accessibility—would be required under Article 3(1) of the InfoSoc Directive: see European Copyright Society (2013). See, contra, Association Littéraire et Artistique Internationale (2013). 29  Svensson and Others, par. 21, referring to SGAE, par. 37-38, and ITV Broadcasting, -607/11, par. 32. 30  Svensson and Others, par. 24, recalling (by analogy): SGAE, par. 40, 42; Organismos Sillogikis Diacheirisis Dimiourgon Theatrikon kai Optikoakoustikon Ergon, par. 38; and ITV Broadcasting, par. 39. 31  Svensson and Others, par. 25–28. 32  See Arezzo (2014), p. 543, and Ginsburg (2014). 27 28

68

E. Rosati

Doke, C 301/15, referring to its earlier decision in Svensson and Others, C 466/12, it held in fact that in a situation in which an author had given prior, explicit and unreserved authorisation to the publication of his articles on the website of a newspaper publisher, without making use of technological measures restricting access to those works from other websites, that author could be regarded, in essence, as having authorised the communication of those works to the general internet public.33 According to some commentators, consideration of the ‘new public’ requirement would be based on an incorrect interpretation of international law, and would result in an undue (cf Art. 3.3 of the InfoSoc Directive) exhaustion of the right of communication to the public.34

2.2  BestWater, C 348/13 The Court confirmed the approach taken in Svensson and Others, C 466/12, in the subsequent 2014 order in BestWater, C 348/13, in which it indicated that the provision of a link to a content that is freely accessible on a third-party website does not fall within the scope of Art. 3.1 of the InfoSoc Directive. In that case, the Court failed to address the fact that the content linked to and embedded on the defendant’s page had been uploaded on YouTube without the authorisation of the relevant copyright holder. Hence, even after BestWater, C 348/13, it remained unclear what the treatment of linking to protected content available on a third-party website and first communicated without the consent of the relevant rightholder, i.e., unlicenced content, would be.35 Logically, if one followed the reasoning of the CJEU in Svensson alone and fully, then linking of this kind would always be regarded as an act falling within the scope of Art. 3.1 of the InfoSoc Directive and for linking that involves embedding/framing, also issues of reproduction—which the CJEU has not yet addressed—would come into consideration. The relevant rightholder, in fact, would have had no public in mind, since they never authorised the making available of their work in the first place. Accordingly, linking to content of this kind should be always regarded as an act of communication to a ‘new public’. Yet, when the opportunity arose to address this particular scenario, AG Wathelet, first, and then the CJEU, took a different direction.36

 CJEU, Soulier and Doke, Case C 301/15, Judgment of 16 November 2016, par. 36.  Association Littéraire et Artistique Internationale (2014), p. 2. See also Rosén (2016), pp. 341– 347, holding that the CJEU approach in Svensson and Others, C 466/12 would be incompatible with international law and EU directives. 35  Also, outlining the interpretative doubts left by the decisions in Svensson and Others, C 466/12 and BestWater, C 348/13, see Leistner (2015b), p. 636. 36  In their analysis, Ginsburg and Budiardjo (2018), pp. 169–170, submit that post-Svensson case law might have reduced the centrality of the ‘new public’ criterion. 33 34

3  Linking and Copyright: Easier at Last? First National Applications of the CJEU GS…

69

2.3  GS Media, C 160/15 This case originated as a reference for a preliminary ruling from the Dutch Supreme Court. It had been made in the context of proceedings between the publisher of Playboy magazine and GS Media, concerning the publication by the latter on a website that it operated (GeenStijl) of hyperlinks to other websites hosting unpublished photographs of Dutch TV personality Britt Dekker, that had been taken for a forthcoming issue of Playboy. In 2011 (before the publication of the Playboy issue in question), GS Media published a report containing a hyperlink to an Australian data-storage website, where the photographs appeared to be freely accessible and available for download.37 As explained by AG Wathelet, the report carried the title ‘[obscenity] leaked! Nude photos … Dekker’. The report, which also included part of one of the photographs in the top left-hand corner, ended with the following words: ‘And now the link with the pics you’ve been waiting for. Whoever [obscenity] first, [obscenity] first. HERE. […]’. By clicking on a hyperlink, indicated by ‘HERE’, readers were directed to an Australian data-storage website called Filefactory.com. By clicking on the following hyperlink, they could open a new window that contained the button ‘DOWNLOAD NOW’. By clicking on the button, the readers opened a file in zip format containing 11 files in pdf format, each of which contained one of the photographs.38 Despite Sanoma’s demands, GS Media refused to remove the hyperlink in question. Although the photographs were eventually deleted on the filefactory.com website, they were subsequently made available at another online location. GS Media published two further reports with new hyperlinks to Dekker’s photographs. Sanoma succeeded in its actions before the Amsterdam District Court and the Amsterdam Court of Appeal, although these courts considered different aspects. The former held that, by posting those hyperlinks, GS Media’s conduct had been unlawful because it encouraged visitors to GeenStijl to view the photographs unlawfully posted elsewhere and which, without those hyperlinks, would have not been easy to find. In contrast, the appellate court held that, on the one hand, GS Media had infringed copyright by posting a cut-out of one of the photographs on its own website but, on the other hand, had not made the photographs available to the public by posting the hyperlinks on its website.39 The decision of the Court of Appeal was appealed before the Supreme Court, which decided to stay the proceedings and refer the case to the CJEU for a preliminary ruling asking whether the provision on a website of a hyperlink to another website operated by a third party, which is accessible to the general internet public and on which works protected by copyright are made available to the public without the authorisation of the copyright holder, constitutes an act of communication to the  AG Wathelet noted that whether this was the case was not entirely clear: Opinion of Advocate General Melchior Wathelet in GS Media, C 160/15, Opinion of 7 April 2016, par. 71. 38  Ibid, par. 10. 39  GS Media, par. 17–18. 37

70

E. Rosati

public; the fact that the person who posts the hyperlink to a website is or ought to be aware of the lack of consent by the copyright holder for the initial communication of the works on that website is important for the purpose of Art. 3.1 of InfoSoc Directive; the fact that a hyperlink has facilitated access to the works in question is relevant in accordance with Article 3.1. The CJEU held that the provision of a hyperlink (but it would appear that the same reasoning may be applied to other types of links)40 to a copyright work that is freely accessible and was initially published without the rightholder’s consent on another website does not constitute a communication to the public, as long as the person who posts that link does not seek financial gain and acts without knowledge that such work has been published without a licence from the relevant rightholder. The CJEU began its analysis with a general discussion of the preventative nature of the right of communication to the public.41 It mentioned the lack of definition in the body of the InfoSoc Directive and, hence, the need to refer to the objectives pursued by this piece of EU legislation: high level of protection of authors, but also a fair balance of contrasting rights and interests, likewise protected by the Charter of Fundamental Rights of the European Union42 (EU Charter). Having recalled the requirement under Art. 3.1 of the InfoSoc Directive,43 it noted how an individual assessment is to be undertaken in specific instances by considering several complementary criteria. These are not autonomous and are interdependent, and may, in different situations, be present to widely varying degrees. They must be applied both individually and in their interaction with one another. One of such criteria is the indispensable/essential role played by the user and the deliberate nature of its intervention: the user makes an act of communication when it intervenes, in full knowledge of the consequences of its action, to give access to a protected work to its customers, and does so, in particular, where, in the absence of that intervention, its customers would not, in principle, be able to enjoy the work.44 Other criteria include: a communication using specific technical means,45 different from those previously used or, failing that, to a ‘new public’ and the profit-making nature of the communication. According to the court, it is in the light, in particular, of these criteria that a situation like that one at issue in the background proceedings should be assessed.46 Reviewing earlier case law, the CJEU noted how it could not be inferred  But cf. Leistner (2017), pp. 138–139, holding that not all links should be treated the same, in that the provider of a framed link should be under more than a merely minimal duty to check the lawfulness of the posted material. 41  GS Media, par. 28. 42  Charter of Fundamental Rights of the European Union, OJ C 326, 26.10.202, pp. 391–407. 43  Ibid, par. 30–32, referring to Svensson and Others, par. 16; SBS Belgium, par. 15; and Reha Training, par. 37. 44  GS Media, par. 33–35, also referring (par. 34) to: SCF, par. 79; Phonographic Performance (Ireland), par. 30; and Reha Training, par. 35. 45  As noted by Leistner (2015a), p. 634, the definition of the same technical means has been rather generous in CJEU case law: for instance, on the internet all potential and different forms of communication appear to constitute the same technical means. 46  GS Media, par. 36–39. 40

3  Linking and Copyright: Easier at Last? First National Applications of the CJEU GS…

71

from previous case law that, lacking the relevant rightholder’s consent, a link would invariably amount to an unauthorised act of communication to the public.47 In light of this conclusion, the court made two observations. First, the internet is of particular importance to freedom of expression and of information, and hyperlinks contribute to its sound operation, as well as to the exchange of opinions and information in a network characterised by the very availability of immense amounts of information. Second, it may be difficult, in particular for individuals who wish to post such links, to ascertain whether the website to which those links are expected to lead provides access to works that are protected and, if necessary, whether the copyright holders of those works have consented to their posting on the internet. Checking is all the more difficult where those rights have been subject to sub-­ licences. Moreover, the content of a website to which a hyperlink enables access may be changed after the creation of that link, including the protected works, without the person who created that link necessarily being aware of it. To determine whether the provision of a hyperlink to unlicenced content amounts to an act of communication to the public, the CJEU considered the complementary criteria mentioned above, notably the profit-making intention and the subjective state of mind of the ‘hyperlinker’. According to the court, when the provision of a hyperlink to a work freely available on another website is carried out by a person who, in so doing, does not pursue a profit, it is necessary to consider that such person is unaware that such work had been published on the internet without the consent of the relevant rightholder. In other words, in such circumstances, the link provider does not intervene in full knowledge of the consequences of their conduct. Conversely, the provision of a hyperlink to protected content would amount to an act of communication to the public in the following situations. First, when the ‘hyperlinker’ knows or ought to have known that the hyperlink posted would provide access to a work unlawfully placed on the internet, for example owing to the fact that it was notified to this effect by the relevant rightholder. Second, when the hyperlink at issue allows users of the website on which they are posted to circumvent the restrictions taken by the site where the protected work is posted to restrict the public’s access to its own subscribers.48 While the latter scenario appears to lead to a finding of copyright infringement, the same may not be also true in relation to the former. In fact, as the CJEU explained at paragraph 53, liability of the ‘hyperlinker’ would follow not only from knowledge that the content linked to is unlicenced, but also from the impossibility to invoke successfully a defence allowed by Art. 5.3 of the InfoSoc Directive and available under the applicable national copyright regime.49 The court also added a presumptio iuris tantum, i.e., rebuttable: when the posting of hyperlinks is carried out for profit, it can be expected that the person who posted such a link carries out the necessary checks to ensure that the work concerned is not  Ibid, par. 43.  GS Media, par. 46–50. 49  Ibid, par. 53. 47 48

72

E. Rosati

illegally published on the website to which those hyperlinks lead, so that it must be presumed that posting has occurred with the full knowledge of the protected nature of that work and the possible lack of consent to publication on the internet by the copyright holder.50 In the case at hand, the defendant provided the hyperlinks for profit, yet knowing that the photos had been published without the copyright holders’ permission. The Court found that a situation of this kind would be clearly one of prima facie copyright infringement,51 although it failed to clarify whether the profit-making intention should relate to the provision of the link per se or, rather, the overall context in which the link is provided. Should one consider whether the relevant link is provided with the intention to make a profit? Or should rather one consider the surrounding environment to the relevant link, e.g., whether it is provided on a website that is operated for profit? Although both alternatives appear plausible, as detailed above (Sect. 2.1), consideration of the context in which the relevant link is provided appears to be more in line with earlier CJEU case law. Following the CJEU decision in GS Media, C 160/15, the legal treatment of linking under Art. 3.1 of the InfoSoc Directive is summarised in the table below52: Content published with rightholder’s consent Yes

Profit-­ making intention n/a

Knowledge that content linked to is unlawful n/a

Yes

n/a

n/a

No

No

No

No

No

Freely accessible

No

Yes

Not freely accessible

No

n/a

Yes (e.g., because notified) Presumed (rebuttable presumption) n/a

Accessibility of content Freely accessible Not freely accessible Freely accessible Freely accessible

Act of communication to the public No (Svensson, GS Media) Yes (BestWater, GS Media) No (GS Media)

Potential infringement No Yes No

Yes (GS Media)

Yesa

Yes (GS Media)

Yesa

Yes

Yes

If rightholder notifies link provider (without prior knowledge of unlawfulness) that the content linked to is unlawful and the latter refuses to remove the link and exceptions and limitations in Art. 5.3 of the InfoSoc Directive are inapplicable

a

 Ibid, par. 51.  Ibid, par. 54. 52  This table was first published in Rosati (2016). 50 51

3  Linking and Copyright: Easier at Last? First National Applications of the CJEU GS…

73

3  Linking after GS Media, C 160/15, Before National Courts On linking, national applications demonstrate diverging approaches to the interpretation of relevant CJEU case law or resistance tout court. This has been particularly the case of the presumption of knowledge for for-profit link providers, as envisaged in GS Media, C 160/15: should the profit-making intention be referred to the act of linking as such (as the Athens Court of Appeal held in 201753) or, rather, the context in which the link is provided?

3.1  Sweden The first national court to apply this CJEU decision was the Attunda District Court (Sweden) in 2016.54 In 2012, the claimant realised a video that was subsequently uploaded by a third party on YouTube without her authorisation. The defendant embedded the video on its own website in the context of an article describing the content of the incident portrayed in the video. In her action, the claimant submitted that the defendant had infringed copyright in her video by both embedding it and publishing a frozen still of the video on its website. Considering whether the provision of an embedded link to content whose publication on a third-party site has not been authorised would amount to a copyright infringement, the Attunda court found that the GS Media presumption relates to the context in which the link is provided. In the case at issue, it was apparent that the defendant’s press publication had published the link to the claimant’s YouTube video with the intention of pursuing a profit. According to the court, the defendant had not been able to demonstrate that it had no knowledge of the unlicenced character of the video embedded on its website. Hence, it was found to have infringed the claimant’s copyright by linking to the YouTube video without the claimant’s permission.

3.2  Germany Following Sweden, still in 2016, it was the turn of the Regional Court of Hamburg (Germany) to provide the first application (by means of an interim decision55) of GS Media, C 160/15. In that case, the German court reasoned along lines similar to the Attunda court in Sweden, holding that the presumption of knowledge refers to

 Court of Appeal of Athens, decision No 1909/2017 (18th section), on which see Chiou (2017).  Attunda Tingsrätt, Jonsson v Les Éditions de l’Avenir SA, FT 11052-15, 13.10.2016, on which see Malovic and Haddad (2017), pp. 89–90. 55  LG Hamburg, 310 O 402/16, on which see Brüß (2016) and Abrar (2016). 53 54

74

E. Rosati

for-profit contexts, rather than individual links provided with a profit-making intention. Despite a similar approach being followed in the Czech Republic,56 subsequent decisions in Germany have, however, appeared to take a rather different direction. Thus, in its 2017 decision concerning copyright content displayed on Google Images by means of thumbnails,57 Germany’s Federal Court of Justice dismissed the action that the operator of a photography website had brought against Google and its search engine. The former operated a website that included a restricted (password-­ protected) area to which customers could only access upon payment of a fee. Some of the photographs hosted in the restricted area were re-uploaded unlawfully by customers onto freely accessible websites. Relevant thumbnails were subsequently indexed on Google Images from such freely accessible sites. According to the claimant, by indexing and displaying thumbnails of the photographs to which it owns the copyright, Google had infringed its own exclusive right of communication to the public pursuant to the right of communication to the public within §15(2) of the German Copyright Act (Urheberrechtsgesetz—UrhG). The Federal Court of Justice held that Google had not infringed the claimant’s copyrights by displaying thumbnails of and links to photographs publicly available on the internet without the rightholder’s consent. To reach this conclusion, the court considered that in GS Media, C 160/15, the CJEU had stressed the importance of the internet to freedom of expression and of information: hyperlinks contribute to its sound operation, as well as to the exchange of opinions and information in that network characterised by the availability of immense amounts of information. Although GS Media, C 160/15, envisages a presumption of knowledge for for-profit link providers, such a presumption would not apply to search engines and for links displayed by search engines, because of the particular importance of these subjects to the functioning of the internet. Accordingly, the provider of a search function cannot be expected to check the lawfulness of the images automatically retrieved from publicly accessible websites. An approach critical of CJEU linking case law may be also discerned in two further cases decided by German courts. In a case concerning liability of the operator of a product search engine, the Regional Court of Hamburg ruled that the simple linking of a work hosted on a third-party site by way of ‘framing’ does not constitute an act of communication to the public.58 The decision originated in the context of proceedings brought against the operator of a product search engine that listed furniture and home accessories for sale by the operator of a website on which it offered photos and products displayed by photographs (to which it owned the rights) depicting a pug dog named Loulou. The claimant discovered that the defendant’s website also displayed among the various results a listing for a cushion (available for sale on Amazon) that reproduced—without his permission—one of its photographs. He submitted that, by

 District Court for Prague 4, 33 T 54/2016, on which see Vivoda (2017), pp. 363–364.  Bundesgerichtshof, I ZR 11/16 - Preview III. 58  LG Hamburg, 308 O 151/17. 56 57

3  Linking and Copyright: Easier at Last? First National Applications of the CJEU GS…

75

d­ isplaying this result, the defendant had made unauthorised acts of making available and communication to the public. The Hamburg court dismissed the action, holding that the simple linking of a work hosted on a third-party site by way of ‘framing’ does not constitute an act of making available to the public within §19a UrhG. The only provision that might come into consideration would thus be the ‘unnamed’ right of communication to the public within §15(2) UrhG. To determine whether that would be actually the case, the court deemed it necessary to review relevant CJEU case law on Article 3.1 of the InfoSoc Directive. The court excluded that there would be a communication to the public in the case at issue. Although the requirement of the ‘new public’ was met, the act at issue would not take place with the indispensable intervention of the defendant. According to the court, the defendant in this case—although operating for a profit—had neither positive knowledge of the unlawfulness of the offer displayed through its search engine, nor could it have acquired knowledge of the offer’s unlawfulness in a reasonable way. The links displayed were created through a completely automated process and the relevant offers were not subject to any editing or other manual control. Hence, it could not be assumed that the defendant had knowledge that the offer at issue incorporated content that would infringe the claimant’s rights. In addition, upon becoming aware of the unlawfulness of the listing, the defendant promptly removed it. Considering that the defendant’s databank contained 50 million offers, it would have been unreasonable to expect that every single link be checked beforehand. In the event of (several) completely automated processes, the GS Media presumption could not apply in relation to each and every link. Referring to the Opinion of AG Szpunar in Stichting Brein, C 610/15,59 the court concluded that holding otherwise would extend liability to every imaginable far-removed contribution because of negligible lack of knowledge and, therefore, based on merely fictitious intention. This would also be contrary to Art. 16 of the EU Charter. The Regional Court of Hamburg also decided another case in 2017  in which issues of linking and copyright protection were at issue.60 It held that there is no act of communication to the public within §§ 15(2) UrhG and 19a UrhG if a person who links to protected content without the relevant rightholder’s permission is unaware that such content is unlawful. Even if the link provider has a profit-making intention, there should be no presumption that they had awareness that the content linked to was unlawful if they operate in a context in which it would be unreasonable to expect that checks be performed to ensure that the content linked to is (and remains) lawful. In the case at issue, the defendant’s linking activities were performed algorithmically and, similarly to the other decision, also in this instance the infringing content (again a product allegedly reproducing a photograph depicting pug dog Loulou) linked to was available on Amazon.de. The defendant had no actual awareness that the content linked to was unlawful, nor was its unlawful nature r­ ecognisable  Opinion of Advocate General Maciej Szpunar in Stichting Brein, C 610/15, Opinion of 8 February 2017. 60  LG Hamburg, 310 O 117/17. 59

76

E. Rosati

at the outset. Also a relevant aspect was the fact that to be able to offer products for sale on Amazon, merchants have to agree to the platform’s terms of use, including declaring that they own the copyright to the images displayed. In its decision, the Hamburg Court held that the GS Media presumption of knowledge cannot be considered as indistinctly applicable: instead, it should be only relevant in situations in which the link provider/defendant may be expected to carry out the necessary checks to determine the status—lawful or unlawful—of the content linked to. The court acknowledged that GS Media, C 160/15, mandates a generally applicable presumption for links posted out of profit. However, a conclusion of this kind would contradict what is stated at paragraph 34 of GS Media, C 160/15, itself, i.e., that the assessment of whether a link provider can be liable under Art. 3.1 of the InfoSoc Directive must be individualised and take account of several complementary criteria that may, in different situations, be present to widely varying degrees. In a case like the one at issue, it would be therefore ‘unreasonable’ and ‘economically unjustifiable’ to expect that the defendant carries out such checks in relation to each and every content (automatically) linked to, including content hosted on a platform like Amazon. The defendant’s business model—including the fact that the content is not ‘incorporated’ to look as the defendant’s own content—is such that no specific searches for unlawfulness can be expected. Holding otherwise would not only be unreasonable, but also amount to an undue compression of the fundamental freedom to conduct a business, pursuant to Article 16 of the EU Charter.

4  Conclusion: Clarity Still Needed In the aftermath of the CJEU decision in GS Media, C 160/15, it appears that, on the one hand, courts have adopted different approaches to the presumption of knowledge envisaged by the CJEU in its ruling and, on the other hand, the scope of application of CJEU case law has not been considered devoid of difficulties. This has been particularly the case of German courts: the decisions discussed above show how courts in that EU Member State, instead of holding the presumption rebutted in the specific instance considered (as it appears to be the approach required under GS Media, C 160/15), held against its applicability tout court, on grounds of reasonableness and by placing significant emphasis on the fundamental rights dimension. Fears that the relationship between copyright protection and freedom to conduct a business might be unbalanced in favour of the former were acutely felt. This— together with considerations relating to the proper construction of the right of communication to the public, including the requirement of an individualised assessment—arguably prompted the courts to depart from what a strict application of GS Media, C 160/15, would instead require.

3  Linking and Copyright: Easier at Last? First National Applications of the CJEU GS…

77

References Abrar S (2016) GS Media finds its first application in Germany. Available via The IPKat. http:// ipkitten.blogspot.com/2016/12/gs-media-finds-its-first-application-in.html Arezzo E (2014) Hyperlinks and making available right in the European Union - what future for the Internet after Svensson? IIC 45(5):524 Association Littéraire et Artistique Internationale (2013) Report and Opinion on the making available and communication to the public in the internet environment – focus on linking techniques on the Internet. ALAI. http://www.alai.org/en/assets/files/resolutions/making-available-rightreport-opinion.pdf Association Littéraire et Artistique Internationale (2014) Opinion proposed to the Executive Committee and adopted at its meeting, 17 September 2014 on the criterion “New Public”, developed by the Court of Justice of the European Union (CJEU), put in the context of making available and communication to the public. ALAI. http://www.alai.org/en/assets/files/ resolutions/2014-opinion-new-public.pdf Brüß M (2016) CJEU GS Media decision finds its first application in Germany. Available via The 1709 Blog. http://the1709blog.blogspot.com/2016/12/cjeu-gs-media-decision-finds-its-first. html Chiou T (2017) Athens Court of Appeal applies CJEU GS Media linking decision and interprets ‘profit-making intention’ restrictively. Available via The IPKat. http://ipkitten.blogspot. com/2017/11/athens-court-of-appeal-applies-cjeu-gs.html CJEU, Airfield NV, Canal Digitaal BV v Belgische Vereniging van Auteurs, Componisten en Uitgevers CVBA (Sabam) (C 431/09) and Airfield NV v Agicoa Belgium BVBA (C 432/09), Case C 431/09 and C 432/09, Judgment of 13 October 2011 CJEU, AKM v Zürs.net Betriebs GmbH, Case C 138/16, Judgment of 16 March 2017 CJEU, BestWater v Michael Mebes and Stefan Potsch, C 348/13, Judgment of 21 October 2014; CJEU, C More Entertainment AB v Linus Sandberg, Case C 279/13, Judgment of 26 March 2015; CJEU, Circul Globus Bucureşti v Uniunea Compozitorilor şi Muzicologilor din România  – Asociaţia pentru Drepturi de Autor (UCMR – ADA), Case C 283/10, Judgment of 24 November 2011 CJEU, Football Association Premier League Ltd and Others v QC Leisure and Others (C 403/08) and Karen Murphy v Media Protection Services Ltd (C 429/08), Joined cases C 403/08 and C 429/08, Judgment of 4 October 2011 CJEU, GS Media v Sanoma Media Netherlands BV and Others, Case C 160/15, Judgment of 8 September 2016 CJEU, ITV Broadcasting v TV Catchup Ltd, Case C 607/11, Judgment of 7 March 2013 CJEU, Land Nordrhein-Westfalen v Dirk Renckhoff, Case C 161/17, Judgment of 7 August 2018 CJEU, Organismos Sillogikis Diacheirisis Dimiourgon Theatrikon kai Optikoakoustikon Ergon v Divani Anonimi Xenodocheiaki kai Touristiki Etaireia, Case C 136/09, Judgment of 18 March 2010 CJEU, OSA v Léčebné lázně Mariánské Lázně a.s., Case C 351/12, Judgment of 27 February 2014; CJEU, Phonographic Performance v Ireland, Attorney General, Case C 162/10, Judgment of 15 March 2012 CJEU, Reha Training Gesellschaft für Sport- und Unfallrehabilitation mbH v Gesellschaft für musikalische Aufführungs- und mechanische Vervielfältigungsrechte eV (GEMA), Case C 117/15, Judgment of 31 May 2016 CJEU, SBS Belgium v Belgische Vereniging van Auteurs, Componisten en Uitgevers (SABAM), Case C 325/14, Judgment of 19 November 2015 CJEU, SCF v Marco Del Corso, Case C 135/10, Judgment of 15 March 2012 CJEU, SGAE v Rafael Hoteles SA, Case C 306/05, Judgment of 7 December 2006 CJEU, Sociedade Portuguesa de Autores CRL v Ministério Público and Others, Case C 151/15, Judgment of 14 July 2015 CJEU, Stichting Brein v Jack Frederik Wullems, Case C 527/15, Judgment of 26 April 2017 CJEU, Stichting Brein v Ziggo BV and XS4All Internet BV, Case C 610/15, Judgment of 14 June 2017

78

E. Rosati

CJEU, Svensson and Others v Retriever Sverige AB, Case C 466/12, Judgment of 13 February 2014 CJEU, VCAST Limited v RTI SpA, Case C 265/16, Judgment of 29 November 2017 Clark B, Dickinson J (2017) Theseus and the labyrinth? An overview of “communication to the public” under EU copyright law: after Reha Training and GS Media where are we now and where do we go from here? Eur Intellect Prop Rev 39(5):265 Clark B, Tozzi S (2016) “Communication to the public” under EU copyright law: an increasingly Delphic concept or intentional fragmentation? Eur Intellect Prop Rev 38(12):715 European Copyright Society (2013) Opinion on the Reference to the CJEU in Case C 466/12 Svensson. ECS. https://europeancopyrightsocietydotorg.files.wordpress.com/2015/12/european-copyright-society-opinion-on-svensson-first-signatoriespaginatedv31.pdf Ginsburg JC (2014) Hyperlinking and infringement: the CJEU decides (sort of). The Media Institute. https://www.mediainstitute.org/2014/03/17/hyperlinkingand-infringement-the-cjeu-decides-sort-of/ Ginsburg JC, Budiardjo LA (2018) Liability for providing hyperlinks to copyright-infringing content: international and comparative law perspectives. Columbia J Law Arts 41:153 Hugenholtz PB, Van Velze SC (2016) Communication to a new public? Three reasons why EU copyright law can do without a “new public”. IIC 47(7):797 Karapapa S (2017) The requirement for a “new public” in EU copyright law. Eur Law Rev 42(1):63 Koo J (2018) Away we Ziggo: the latest chapter in the EU communication to the public story. J Intellect Prop Law Pract 13(7):542 Leistner M (2015a) Copyright at the interface between EU law and national law: definition of “work” and “right of communication to the public”. J Intellect Prop Law Pract 10(8):626 Leistner M (2015b) Copyright law on the internet in need of reform: hyperlinks, online platforms and aggregators. J Intellect Prop Law Pract 12(2):136 Leistner M (2017) Closing the book on the hyperlinks: brief outline of the CJEU’s case law and proposal for European legislative reform. Eur Intellect Prop Rev 39(6):327 Malovic N, Haddad P (2017) Swedish court finds that an embedded link to unlicensed content infringes copyright. J Intellect Prop Law Pract 12(2):89 McBride P (2017) The “new public” criterion after Svensson: the (ir)relevance of website terms and conditions. Intellect Prop Q 3:262 Mysoor P (2013) Unpacking the right of communication to the public: a closer look at international and EU copyright law. Intellect Prop Q 2:166 Rendas T (2017) How Playboy photos compromised EU copyright law: the GS Media judgment. J Internet Law 20:11 Rosati E (2016) Linking after GS Media … in a table. Available via The IPKat. http://ipkitten. blogspot.com/2016/09/linking-after-gs-media-in-table.html Rosati E (2017b) The CJEU Pirate Bay judgment and its impact on the liability of online platforms. Eur Intellect Prop Rev 39(12):737 Rosati E (2017a) GS Media and its implications for the construction of the right of communication to the public within EU copyright architecture. Common Mark Law Rev 54(4):1221 Rosén J (2016) How much communication to the public is ‘communication to the public’? In: Stamatoudi IA (ed) New developments in EU and international copyright law. Wolters Kluwer, Alphen aan den Rijn Synodinou TE (2017) Decoding the Kodi box: to link or not to link? Eur Intellect Prop Rev 39(12):733 Vivoda J (2017) Czech court finds that linking to unlicensed content does not infringe copyright if the website is not operated for profit. J Intellect Prop Law Pract 12(5):363 Walter MM, von Lewinski S (eds) (2010) European copyright law  – a commentary. Oxford University Press, Oxford World Intellectual Property Organization (2003) Guide to copyright and related rights treaties administered by WIPO and glossary of copyright and related rights terms. https://www.wipo. int/publications/en/details.jsp?id=361&plang=EN / CC BY https://creativecommons.org/ licenses/by/3.0/igo/

Chapter 4

Forcing Flexibility with Fundamental Rights: Questioning the Dominance of Exclusive Rights Bernd Justin Jütte

Abstract  The European copyright rules systematically favor a dominance of exclusive rights over permitted uses. Many of such uses are rooted in fundamental rights, but the limited nature of exceptions and limitations prevents the exercise of fundamental rights in certain circumstances. The German Federal Supreme Court has questioned this imbalance with three preliminary references, the potential impacts of which are discussed in this chapter. The Court of Justice of the European Union (CJEU) has used teleological arguments to safeguard the efficiency of the library exception under Art. 5.3(n) of the InfoSoc Directive (Directive 2001/29/EC) and to enable the resale of computer software under Art. 5.1 of the Software Directive (Directive 2009/24/EC). A general discourse in the decisions of the CJEU on the influence of fundamental rights on the interpretation of limitations and exceptions is still absent. The paper discusses the pending preliminary references in the German “Metall auf Metall III”, “Reformistischer Aufbruch”, and “Afghanistan Papiere” litigations and their potential relevance for the legality of Art. 5 of the InfoSoc Directive. It examines the arguments of the German Constitutional Court and the Federal Supreme Court to identify problems with the current system of limitations and exceptions for uses of protected works in the light of fundamental rights, suggesting that the current system of limitations and exceptions throughout the copyright acquis does not reflect sufficient respect for fundamental rights. Possible scenarios are discussed. Either the Court could propose a more flexible interpretation of the copyright rules, or it could create mechanisms that would permit setting aside copyright rules in cases that are justified by fundamental rights.

B. J. Jütte (*) School of Law, University of Nottingham, Nottingham, UK Vytautas Magnus University, Kaunas, Lithuania e-mail: [email protected] © Springer Nature Switzerland AG 2020 T.-E. Synodinou et al. (eds.), EU Internet Law in the Digital Era, https://doi.org/10.1007/978-3-030-25579-4_4

79

80

B. J. Jütte

1  Introduction The development of the European Union (EU) copyright rules has traditionally been driven by fundamental freedoms, policy considerations, and international obligations. Fundamental rights have lingered outside the spotlight of copyright for many years. Only more recently, the role of fundamental rights in the application and interpretation of the EU copyright rules has become à la mode, with academics arguing for a more influential role of what are, after all, general principles of the EU law.1 Crucial elements in these discussions have been exceptions and limitations (E&L) to copyright, as they often serve to permit uses that are rooted in and justified by fundamental rights. A general dissatisfaction with the current state of EU copyright law in general and E&L in particular has driven commentators to look for legal release valves that could take the pressure from overstretched rules which have often failed to give clear and satisfactory answers to questions raised by the application of relatively old rules to new technological developments. The intensive discussions about the hyperlinking saga serve as one of the prime examples of judicial flexibility and attempts by the courts to fit modern forms of communication into the legal straightjacket of copyright law at EU level.2 However, E&L have remained largely immune from disruptive judicial interference, with a few notable exceptions. These “fierce creatures” of copyright law3 are subject to a strict interpretation that limits their flexible application. Occasionally, however, the CJEU has exercised more discretion than usual to guarantee the effectiveness of the EU copyright rules.4 However, the Court has also used exceptions to 1  Geiger (2004b, 2006, 2009), Griffiths and McDonagh (2013), Peukert (2015), Geiger and Izyumenko (2014); specifically for the right to freedom of expression: Ducoulombier (2015), Jütte (2016). 2  CJEU, Nils Svensson and Others v Retriever Sverige AB, C466/12, Judgment of 13 February 2014; CJEU, BestWater International GmbH v Michael Mebes and Stefan Potsch, Case C 348/13, Order of 21 October 2014; CJEU, GS Media BV v Sanoma Media Netherlands BV and Others, Case C 160/15, Judgment of 08 September 2016; CJEU, Stichting Brein v Jack Frederik Wullems, Case C 527/15, Judgment of 26 April 2017; CJEU, Stichting Brein v Ziggo BV and XS4All Internet BV, Case C 610/15, Judgment of 14 June 2017. 3  Hugenholtz (1997), the precise nature of E&L has not been settled yet, whether they constitute mere exceptions to exclusive rights, or whether they constitute rights of users that are on equal footing with exclusive rights, cf. Kur (2008), Geiger (2004a). 4  See, for example, CJEU, Football Association Premier League Ltd and Others v QC Leisure and Others (C 403/08) and Karen Murphy v Media Protection Services Ltd (C 429/08), Joined cases C 403/08 and C 429/08, Judgment of 4 October 2011, par. 163, where the Court supplemented the general standard of a strict interpretation for E&L with an interpretation that must “enable the effectiveness of the exception”. It suggested this double standard for E&L with reference to Recital 31 of the InfoSoc Directive (Directive 2001/29/EC of the European Parliament and of the Council of 22 May 2001 on the harmonisation of certain aspects of copyright and related rights in the information society, OJ L 167, pp. 10–19), which requires that a fair balance between the different classes of right holders and users must be struck. In the CJEU, Infopaq International A/S v Danske Dagblades Forening, Case C 5/08, Judgment of 19 July 2009, par. 56, the judgment of which was

4  Forcing Flexibility with Fundamental Rights: Questioning the Dominance…

81

push what seemed normative preferences.5 This flexibility, naturally, finds its borders in the absence of an applicable exception for a particular use. However, there are uses currently not covered by the exceptions under any of the EU copyright directives that can arguably be justified based on fundamental rights. These are cases where a rough balancing exercise would at least leave room for the suggestion that the exclusive rights as fundamentally protected property rights under the Charter of Fundamental Rights of the European Union (EU Charter)6 and the European Convention on Human Rights (ECHR)7 should give way to other interest of individual or the public. Three such cases have been referred to the CJEU by way of a request for a preliminary ruling by the German Federal Supreme Court (BGH) in May 2017. Before exploring the three cases in detail and entering into a deeper analysis of their potential impact, the current role of fundamental rights in EU copyright law is briefly outlined to illustrate how fundamental rights have influenced EU copyright so far.

2  Fundamental Rights in EU Copyright: So Far The EU copyright rules reflect a balance that has been struck by the European legislator.8 This balance mitigates between the interests of right holders and users and is, inter alia, informed by fundamental rights, presumably as part of the interests of handed down a mere three months earlier, the CJEU had still restricted itself to interpret E&L strictly. 5  Beyond a relatively extensive interpretation of the “necessary-for-use” exception of Article 5.1 of the Directive 2009/24/EC of the European Parliament and of the Council of 23 April 2009 on the legal protection of computer programs, OJ L 111, pp. 16–22 (“Software Directive”) in the CJEU, UsedSoft GmbH v Oracle International Corp., Case C 128/11, Judgment of 03 July 2012, the CJEU has introduced an “ancillary” exception to the reproduction right in CJEU, Technische Universität Darmstadt v Eugen Ulmer KG, Case C 117/13, Judgment of 11 September 2014. 6  See the Charter of Fundamental Rights of the European Union, OJ C 326, 26.10.202, pp. 391– 407, Art. 17.2. 7  See, Art. 1 of the 1st Protocol to the Convention for the Protection of Human Rights and Fundamental Freedoms (1950) 213 UNTS 222. 8  This is expressed in Recital 31 of the InfoSoc Directive, which states that “[a] fair balance of rights and interests between the different categories of rightholders, as well as between the different categories of rightholders and users of protected subject-matter must be safeguarded.” In this spirit, it must be assumed that the provisions of the directives have been drafted. There is, however, not reference to such a balance in other directives of the copyright acquis that include substantive rules. Only the relatively recent Portability Regulation (Regulation (EU) 2017/1128 of the European Parliament and of the Council of 14 June 2017 on cross-border portability of online content services in the internal market, OJ L 168, 30.6.2017, pp. 1–11) refers to the necessity to strike a balance between the interest of right holders to have their rights protected and the fundamental freedoms of the TFEU (Recital 11). The first draft of the new Copyright Directive (Proposal for a Directive of the European Parliament and of the Council on copyright in the Digital Single Market COM (2016) 593 final) suggests that “[t]he exceptions and the limitation set out in this

82

B. J. Jütte

the two groups.9 This view is also mirrored in the CJEU’s jurisprudence when the Luxembourg Court refers to fundamental rights in relation to the EU copyright rules.10 Member States (MS), the Court has frequently stated, must take fundamental rights into consideration when implementing and applying the provisions of the copyright directives.11 This is in line with the case-law of the CJEU on the application of fundamental rights in general.12 In its first reference to fundamental rights under the current EU copyright rules, the CJEU ruled in Luksan that the principal director of a cinematographic work may not be deprived of her property right that she lawfully acquired by virtue of EU legislation.13 This ruling underlines the CJEU’s position that the balance of interests is duly reflected in the copyright acquis and that these rules further consider the fundamental rights involved. Subsequently, fundamental rights have been regularly invoked in cases relating to copyright enforcement in relation to intermediary liability. For example, in the Scarlet Extended v Netlog,14 the Court found that the relevant directives, read in the light of fundamental rights under the EU Charter, would not permit the ordering of an injunction that would oblige an intermediary to install an overly strict monitoring or filtering system, respectively.15 Again, the Court used fundamental rights to supplement an interpretation of the applicable rules to achieve

Directive seek to achieve a fair balance between the rights and interests of authors and other rightholders on the one hand, and of users on the other.” (Recital 6). 9  Although the Directive only mentions fundamental principles, it makes express reference to the fundamental rights of “property, including intellectual property, and freedom of expression”, and also includes “the public interest” (Recital 3, the InfoSoc Directive). 10  See, e.g., CJEU, Martin Luksan v Petrus van der Let, Case C 277/10, Judgment of 9 September 2012, paras. 68-71; CJEU, Productores de Música de España (Promusicae) v Telefónica de España SAU, Case 275/06, Judgment of 29 January 2008, paras. 61-70; CJEU, Belgische Vereniging van Auteurs, Componisten en Uitgevers CVBA (SABAM) v Netlog NV, Case C 360/10, Judgment of 16 June 2012, paras. 39-44; CJEU, Johan Deckmyn and Vrijheidsfonds VZW v Helena Vandersteen and Others, Case C 201/13, Judgment of 03 September 2014, paras. 25-30; CJEU, UPC Telekabel Wien GmbH v Constantin Film Verleih GmbH and Wega Filmproducktionsgesellschaft mbH, Case C 314/12, Judgment of 27 March 2014, paras. 42-64. 11  See, e.g., UPC Telekabel Wien GmbH v Constantin Film Verleih GmbH and Wega Filmproducktionsgesellschaft mbH, par. 46; CJEU, Copydan Båndkopi v Nokia Danmark A/S, Case C 463/12, Judgment of 05 March 2015, par. 31; Johan Deckmyn and Vrijheidsfonds VZW v Helena Vandersteen and Others, par. 34. 12  CJEU, Åklagaren v Hans Åkerberg Fransson, Case C 617/10, Judgment of 26 February 2013; CJEU, Stefano Melloni v Ministerio Fiscal, Case C 399/11, Judgment of 26 February 2013; CJEU, Maximillian Schrems v Data Protection Commissioner, Case C 362/14, Judgment of 06 October 2015. 13  Cf. Article 1.5 Directive 93/83; Martin Luksan v Petrus van der Let, paras. 68-70. 14  For an extensive commentary of the judgment, see Husovec (2016), in particular pp. 256 et seq; see further, UPC Telekabel Wien GmbH v Constantin Film Verleih GmbH and Wega Filmproducktionsgesellschaft mbH, paras. 42-64. 15  CJEU, Scarlet Extended SA v Société belge des auteurs, compositeurs et éditeurs SCRL (SABAM), Case C 70/10, Judgment of 24 November 2011; Belgische Vereniging van Auteurs, Componisten en Uitgevers CVBA (SABAM) v Netlog NV.

4  Forcing Flexibility with Fundamental Rights: Questioning the Dominance…

83

an outcome that balances all interests involved.16 Considering the status of fundamental rights as general principles of EU law, it can be argued that the rules already reflected such a balance and fundamental rights merely help to identify or to recall it. In two further enforcement cases, the CJEU ruled that internet access providers cannot be obliged to surrender user data in civil proceedings to identify potential copyright infringers,17 whereas in Coty Germany, it concluded that a provision of national law that prevented banking institutions to provide the data of account holders to identify trademark infringers violates the fundamental rights to an effective judicial remedy and, consequently, the fundamental right to property of the right holder.18 In Deckmyn, the CJEU was asked to strike the balance between the interest of the right holder and the user of a protected work in the context of the parody exception under Art. 5.3(k) of the InfoSoc Directive.19 When defining its scope, the Court also stated that when applying the exception the courts of the MS must preserve a fair balance, which requires consideration of a variety of factors, including fundamentals rights.20 This suggests that even within the acquis, the balance between fundamental rights is not ultimately determined, but requires an assessment in every individual case. The European Court of Human Rights (ECtHR) has followed a similar line when it allowed states to exercise a wide margin of discretion when balancing competing fundamental rights. In Ashby Donald21 and in The Pirate Bay22 the Strasbourg Court came down on the side of right holders and did not find an unjustified violation of Art. 10 ECHR. At the same time, the ECtHR confirmed its settled case-law, pursuant to which Member States enjoy a wide margin of discretion when striking the balance between the right to (intellectual) property and the right to freedom of expression.23 In effect, in times where the relation between the two European courts is still unclear, this gives EU MS the liberty to align their copyright rules with the EU copyright acquis, and indeed they are obliged to do so, while fulfilling with their obligations under the ECHR.  The implementation of the rules into national law, which are considered in their respective areas of application to create full  The fundamental rights the CJEU made reference to were the right to property and the right to conduct a business (par. 46), and the right to the protection of personal data and the right to receive information (par. 50). 17  Promusicae v Telefónica de España SAU. 18  CJEU, Coty Germany GmbH v Stadtsparkasse Magdeburg, Case C 580/13, Judgment of 16 July 2015. 19  Directive 2001/29/EC of the European Parliament and of the Council of 22 May 2001 on the harmonisation of certain aspects of copyright and related rights in the information society, O JL 167 (InfoSoc Directive). 20  Johan Deckmyn and Vrijheidsfonds VZW v Helena Vandersteen and Others, paras. 25-30. 21  ECtHR, Ashby Donald and other v France, App No 36769/08, 10 January 2013. 22  ECtHR, Fredrik Neij and Peter Sunde Kolmisoppi (The Pirate Bay) v Sweden, App No 40397/12, 19 February 2013. 23  See for commentary, e.g., Geiger and Izyumenko (2014), Izyumenko (2016), p.  116; Jütte (2016), pp. 14–17. 16

84

B. J. Jütte

h­ armonization, can then be argued to constitute the exercise by the EU legislator on behalf of the MS of the almost proverbial wide margin of discretion.24 However, full harmonization also means that MS are no longer able to deviate from the rules imposed by EU legislation. This leaves them without much, if any, flexibility, or at least limits it to those little pockets of liberty that the EU copyright rules leave.25 Indeed, the interpretation the CJEU has given to the EU copyright rules in the light of fundamental rights seems to suggest that the European legislature has exercised this wide margin of discretion as an exercise of its competence in intellectual property law,26 thus enabling the national and European judiciaries to implement the balance reflected in the rules by way of judicial interpretation.

3  Fundamental Rights Out of the Box Although it is disputed how much flexibility the EU copyright rules leave for national legislators, it is commonly agreed that flexibility within the harmonized areas is not extensive. However, flexibility is necessary to accommodate new, technology-­enabled uses. A strict and inflexible system of E&L shifts the balance in favor of right holders whose exclusive rights enjoy a high level of protection,27 whereas users of protected works and related rights suffer from a static system of E&L which is only rarely, although sometimes creatively, adapted by the judiciary.28 Thus, MS do not retain competence to adjust the balance on their own initiative with national legislation. In theory, within the normative framework of the EU copyright rules, major adjustments must be made by the EU legislator. To date, national courts have asked, or led the Court to discuss, how fundamental rights influence the interpretation of rights and exceptions in copyright law. The Court has, because of this non-conflictual approach, developed a jurisprudence which suggests that the EU copyright rules are reconcilable with fundamental rights. A finding of incompatibility has not been made and, so far, not extreme conflicts were subject to intense discussion in front of the CJEU. The Court was further never asked directly whether certain provisions of the EU copyright rules are

 EctHR, Handyside v the United Kingdom, App No 5493/72, par. 48, 7 December 1976; ECtHR (5th section), 10 January 2013, case of Ashby Donald and other v. France, Appl. nr. 36769/08, para. 38. 25  Rosati (2014b), the author argues that little flexibility exists in the harmonized areas (esp. exclusive rights and E&L) and flexibility exists for MS only in areas that have not been subject to harmonization at EU level; Hugenholtz and Senftleben (2011), the latter argue that the EU copyright rules do indeed leave room for flexibility in the area of E&L. 26  See on the EU’s competence for copyright: Ramalho (2014). 27  Recital 4 of the InfoSoc Directive, reiterated in, Infopaq International A/S v Danske Dagblades Forening, par. 40; Football Association Premier League Ltd and Others v QC Leisure and Others and Karen Murphy v Media Protection Services Ltd, par. 186. 28  See e.g. Technische Universität Darmstadt v Eugen Ulmer KG. 24

4  Forcing Flexibility with Fundamental Rights: Questioning the Dominance…

85

c­ ompatible with fundamental rights.29 This has changed with the three preliminary references made by the BGH in May 2017. In the absence of a possibility to resolve apparent conflicts within the national rules as harmonized by EU law,30 the German BGH has turned to the CJEU for guidance.

3.1  Three German References In May 2017, the BGH made three references that seek clarification on the questions how fundamental right fit with the EU copyright rules and whether there is space for uses arguably justified by fundamental rights outside the EU copyright acquis. The three references deal with music sampling (Pelham31), leaked reports on the German military mission in Afghanistan (Funke Medien32), and the online publication by a newspaper of a scientific article without the consent of the author (Spiegel Online33). In all three cases, the owner of the copyright or related rights sought to prevent acts that can be considered expressive to different degrees. In Spiegel Online, the claimant in the proceedings is a member of the German Parliament (Volker Beck, German Green Party) who had written a contribution to an edited volume in the late 1980s in which he discussed the decriminalization of certain non-violent sexual acts between adults and minors. The text was published after the publisher had made minor changes to the text without consulting the author: the title was changed from “Reformist Departure and Farewell to a ‘Radical’ Claim - a Plea for a Realistic Reorientation of Sexual (Criminal) Policy” to “Changing the Criminal Law? A Plea for a Realistic Reorientation of Sexual Policy”; a subtitle was slightly changed and one sentence was slightly shortened. The claimant sent a letter to the publisher complaining that the changes had altered the tenor of the text and demanded that the publisher indicate these changes when distributing copies of the book. Over the years, the claimant was confronted with this text on numerous occasions; he repeatedly declared that the meaning of his text had been distorted by the publisher. Since 1993, the claimant completely distanced himself from his text. The manuscript was rediscovered in the archives of the Heinrich-Böll-Foundation, an entity closely related to the German Green Party, and the claimant was confronted with the text during the campaign leading up to the 2013 German parliamentary  In Luksan, the Court used the primacy of EU law and fundamental rights, in particular Article 17.2 EU Charter to prevent an MS from establishing a statutory allocation of exploitation rights to the producer of a film instead of the principal director; Martin Luksan v Petrus van der Let, paras. 37-72. 30  Cf. CJEU, Tobias Mc Fadden v Sony Music Entertainment Germany GmbH, C 484/14, Judgement of 15 September 2016, par. 83; Promusicae v Telefónica de España SAU, paras. 68, 70. 31  BGH [2017] I ZR 115/15, Metall auf Metall III; CJEU, Pelham and Others, C 476/17, Application. 32  BGH [2017] I ZR 139/15, Afghanistan Papiere; CJEU, Funke Medien NRW, C 469/17, Application. 33  BGH [2017] IZR 228/15, Reformistischer Aufbruch; CJEU, Spiegel Online, C 516/17, Application. 29

86

B. J. Jütte

elections. The claimant made the manuscript available to several newspapers as proof that the text had been tampered with for the publication in the edited volume but objected to the publication of the text on other websites. However, he published the original draft of the text on his personal website together with the contribution as it had appeared in the edited book. All pages of the manuscript were marked with the text, running diagonally over each page “I distance myself from this contribution, Volker Beck”. The pages of the published versions were marked in the same way with the words: “This text is not authorized and falsified by the publisher by free redactions of the title and parts of the text.” The online news portal Spiegel Online published an article titled “Greens: Volker Beck deceived public over pedophilia-­text”, in which it was argued that the politician had misled the public; his controversial text had not been changed substantially by the publisher as he had claimed over several years. A comparison of both texts would show that the message of the text had not been changed through the marginal changes. A link made to the manuscript as well as the published version available in pdf-format. The claimant argued his copyright and moral rights had been infringed. In Funke Medien, the claimant is the Federal Republic of Germany that compiles weekly reports over foreign military missions of the German armed forces. The reports are sent to selected Members of Parliament and other government institutions under the title “Briefing for the Parliament” (UdP). The UdPs are confidential at the lowest of the four confidentiality levels. Shortened versions are available to the Public (Briefings for the Public—UdÖ). Respondent operates an online news portal and requested access to UdPs in 2012 based on the provisions of the German Freedom of Information Act. The request was rejected as, it was argued, publication of information contained in the reports could have negative effects on security-­ related aspects of the work of the German armed forces. The rejection mentioned the freely available UdÖs. The defendant gained access to the full reports through other channels, presumably they had been leaked by a member of the German Parliament or other state employees. Defendant published scanned copies of the report as “Afghanistan Papers”. Claimant argued that defendant infringed copyright. The Pelham litigation dates back to 2004.34 In the proceedings that had already reached the BGH twice before, two members of the band Kraftwerk seek remedies for the inclusion of a two-second sample taken from one of their songs into a composition by the German hip-hop producer Moses P. After several bouts in front of German courts, in all of which the Kraftwerk members prevailed, Moses P lodged a constitutional complaint in front of the German Constitutional Court (BVerfG). In its decision of 31 May 2016, the BVerfG ruled that a strict interpretation of the German copyright law, which effectively makes the use of any part of a sound recording conditional on the consent of the right holder, would not strike a fair balance between the property right of the phonogram producer and the right to artistic

 For an overview of the procedural history of the Metall auf Metall saga see, e.g., Schonhofen (2016), Leistner (2016), Reilly (2012); see, also Niemann and Mackert (2013). 34

4  Forcing Flexibility with Fundamental Rights: Questioning the Dominance…

87

freedom of the user of the sample. It remanded the case back to the BGH, which, as suggested by the BVerfG, made a preliminary reference to the CJEU. Three questions, in particular, feature in the cases in slight variations. First, in all three cases the BGH seeks clarification whether the exclusive rights of the Information Society Directive and the limitations and exceptions contained therein leave the MS a margin of appreciation when implementing the provisions of the directive into national laws.35 Second, all referrals ask in which way the fundamental rights of the EU Charter have to be considered in determining the scope of Art. 5.2 and 3 and, in the case of Pelham, also in relation to the scope of Art. 2 lit. c of the Directive 2001/29/EC.36 Third - although this question appears explicitly only in the referrals in Funke Medien and Spiegel Online—the BGH inquires whether the right to freedom of information (Art. 11.1 EU Charter) and the right to freedom of the press contained in the EU Charter could justify E&L to the exclusive rights of communication to the public under Art. 3.1 and the right to reproduction under Art. 2.1(a) of the Directive 2001/29/EC.37 The latter question is implicit in the referral in Pelham, where the BGH asks whether a national rule that limits the rights to reproduction and the communication to the public of producers of sound recordings to the extent that independently created work that uses the sound recording in ‘free use’ can be exploited without the permission of the right holder of the original sound recording.38 Because if the CJEU were to find that the German free use exception does not reflect a certain exception, or a combination of exceptions contained in Art. 5 of the InfoSoc Directive,39 an alternative route must be found to maintain this particular limitation to the exclusive right of producers of sound recordings.40 However, what the BGH is asking in essence is not whether fundamental rights have to be considered when applying the EU copyright rules as implemented into national law, but how fundamental rights work to balance the interest involved at the implementation and application stages. The questions can be read in two ways. First, the questions could suggest that the BGH knows exactly how and when  Funke Medien, Question 1; Pelham, Question 5 (also in relation to the exceptions possible under Article 10.2 of the Directive 2006/115/EC); Spiegel Online, Question 1 (here only with regard to Article 5.3 Directive 2001/29/EC. 36  Funke Medien, Question 2; Pelham, Question 6 (also in relation to the Article 10.2 of the Directive 2006/115/EC); Spiegel Online, Question 2 (here, again, only with regard to Article 5.3 of the Directive 2001/29/EC). 37  Funke Medien, Question 3; Spiegel Online, Question 3. 38  Pelham, Questions 3. 39  See for a discussion on a possible accommodation of sampling under the limitations and exceptions of Article 5.2 and 3 of the InfoSoc Directive: Jütte and Maier (2017). 40  It is interesting to note that the Court systematically distinguishes between limitations and exceptions. As regards the former, the court considers to be immanent restrictions to the exclusive right. See Geiger (2004a), p. 815 and Geiger and Schönherr (2014), par. 11.64; see further on the imbalance between limitations and exceptions and the fundamental right to property: Dreier (2010), p. 51; see further Geiger et al. (2008), p. 415; see also BGH, Metall auf Metall III, Question 3 and par. 22. Here, the BGH also reiterates that it does not consider §24(1) UrhG as an exception, which is also reflected in the systematic structure of the German Copyright Law, that lists exceptions that constitute prima facie infringements in §§ 44a - 63a UrhG. 35

88

B. J. Jütte

f­ undamental rights must be considered because there exists a long line of case-law on this particular subject and, in addition, a rich body of scholarly literature. It is unlikely that either has been overlooked by the court after its prior judgments had been rejected by the German Constitutional Court.41 It is also apparent from the judgments that pose the preliminary questions that the BGH assumes that fundamental rights are reflected in the exiting copyright rules and therefore national courts should interpret these rules in the light of the EU Charter. All that the BGH wants is conformation and certainty in the application of the German copyright rules. Second, the questions could be understood in the sense that the BGH is unhappy with the strict corset of EU copyright law that does not leave room for uses that fall squarely within the fundamental protection of expression and the arts. It doubts that the EU copyright rules are appropriate to strike a proper balance and tries to use the CJEU to break open the rigid framework that, it seems, prevents certain types of expression rather than enabling them. Based on the questions referred by the BGH, the CJEU has three options. Option one is to reinforce the legislative choice and maintain that E&L have been fully harmonized in relation to the exclusive rights contained in the various European copyright directives (including the right of reproduction and communication to the public in relation to works and phonograms). Option two is to make an attempt at a flexible interpretation of copyright E&L, possibly by mild analogies. The third option is to state squarely that the existing copyright rules do not take fundamental right of users sufficiently into consideration and that the copyright acquis needs reform beyond current and ongoing legislative initiatives.42 These options will be discussed in the following sections.

3.2  Discretion for Implementation One way to achieve flexibility within the EU copyright acquis would be to grant a certain margin of discretion for MS in relation to exclusive rights and E&L.  On numerous occasions, the Court has underlined that exclusive rights, as well as E&L, are autonomous concepts of EU law and are therefore to be interpreted and applied uniformly in the MS.43 This further means that the CJEU has to interpret these  In answering to the constitutional complaint lodged by a music producer, the BVerfG found that when applying the relevant provisions of the German Copyright Act, the lower courts had failed to sufficiently consider the right to artistic freedom as protected by Article 5(3) of the German Basic Law. See, BVerfG [2016] 1 BvR 1585/13. 42  Most prominently, the EU is currently debating a new Directive in the Digital Single Market (COM (2016) 593 final). This proposal also includes provisions on new E&L and Recital 45 states: “This Directive respects the fundamental rights and observes the principles recognised in particular by the Charter of Fundamental Rights of the European Union. Accordingly, this Directive should be interpreted and applied in accordance with those rights and principles.” 43  See, e.g., CJEU, Eva-Maria Painer v Standard VerlagsGmbH and Others, Case C 145/10, Judgment of 11 December 2011 and Johan Deckmyn and Vrijheidsfonds VZW v Helena Vandersteen and Others: see also Xalabarder (2016), p. 638. 41

4  Forcing Flexibility with Fundamental Rights: Questioning the Dominance…

89

notions, and MS do not have any margin of discretion to alter the scope of the exclusive rights or E&L.44 With regard to E&L, MS only have a very limited type of discretion, at least for those E&L contained in Art. 5.2 and 3 of the InfoSoc Directive. They can choose to implement any or all of the special cases contained in the exhaustive list. However, it is not possible for national legislatures to go beyond that list and to introduce exceptions that are not contained in Article 5. Not only is this expressly stated in Recital 32, but this is furthermore dictated by the pre-emption doctrine that prohibits MS to act in areas of Union competence in which the EU has already acted by exercising its shared competence.45 This leaves the core elements that could provide flexibility in a copyright context under the control of the EU legislator and under the interpretative authority of the CJEU. Consequently, MS do not retain a significant margin of discretion to introduce flexibility beyond the limits set by the EU and to give further effect to other fundamental rights than permitted by EU legislation.

3.3  Arguing Inside the Rules The balance between the interest of users and right holders and their respective fundamental rights is created at two levels. On the higher level, the European legislator, and as its executors the national parliaments, create rules that are designed to consider these interests. These rules—copyright laws—in themselves constitute a balance rooted in fundamental rights.46 On the lower level, these rules are applied and, if necessary, interpreted. In cases of ambiguity, and such ambiguities can be provoked by new, disruptive technologies, national judiciaries must interpret the national rules in the light of EU law, primary and secondary, as far as possible. The CJEU has already addressed problems created by new technologies, or, in general, unforeseen case constellations. This case law is instrumental in understanding the options the CJEU might pursue when answering the question put forward by the BGH.

 This is not to say that MS have no discretion to legislate outside the harmonized areas, cf. CJEU, C More Entertainment AB v Linus Sandberg, Case C 279/13, Judgment of 26 March 2015, par. 35. 45  Rosati (2014a), pp. 421–423. 46  This is the position of the BGH, cf. BGH, Metall auf Metall III, this requires national courts to interpret and apply exclusive rights and limitations and exceptions to the effect that a balance between the interests reflected in the rules of the EU copyright acquis is respected, paras. 48-49. Cf. also Promusicae v Telefónica de España SAU, paras. 68-70; UPC Telekabel Wien GmbH v Constantin Film Verleih GmbH and Wega Filmproducktionsgesellschaft mbH, par. 46. 44

90

B. J. Jütte

3.3.1  Extending the Scope of E&L The Court has used effectiveness-based arguments, e.g., in FAPL/Murphy and Ulmer. In the former case, it argued that to provide right holders with a high level of protection, the usual standard for interpreting E&L is a strict on. This, according to the Court, must be supplemented with an interpretation that enables the effective exercise of any given exception.47 This supplementary means of interpretation at least creates a balanced appreciation of the interest of all involved actors. In Ulmer, this approach was demonstrated by adding an ancillary right of reproduction to the library exception under Art. 5.3(n), which did not have any footing in the text of the InfoSoc Directive.48 A similar approach was arguably taken in UsedSoft, when the Court also created an ancillary right to reproduction to enable the resale of computer software licenses; although the wording of Art. 5.1 of the Directive 2009/2449 left the Court more room for interpretation.50 Against the background of the CJEU's jurisprudence, the answer to the question whether MS can implement E&L flexibly seems relatively clear. The exclusive rights are fully harmonized and the concept of autonomous interpretation should safeguard that all rights receive the same interpretation and application in every MS. The same holds true for E&L once they have been implemented. Consequently, every MS can have a different list of E&L, but once implemented, they receive the same interpretation throughout the EU.51 This denial of any flexibility and discretion serves to safeguard the smooth an unobstructed functioning of the internal market. At the same time, this interpretative approach limits short-term flexibility. Instead, flexibility must be created by the legislator; either initiated at policy level or through judicial pressure. The latter option is a lengthy one, as the Pelham case perfectly demonstrates. From the beginning of the litigation until the case finally came to the CJEU, thirteen years passed and the Court would add another two. Only then could the legislative process be initiated.

 Football Association Premier League Ltd and Others v QC Leisure and Others and Karen Murphy v. Media Protection Services Ltd, paras. 162-163. 48  Technische Universität Darmstadt v Eugen Ulmer KG, par. 43. 49  Article 5.1 of the Software Directive reads: “In the absence of specific contractual provisions, the acts referred to in points (a) and (b) of Article 4(1) shall not require authorisation by the rightholder where they are necessary for the use of the computer program by the lawful acquirer in accordance with its intended purpose, including for error correction.” 50  UsedSoft GmbH v Oracle International Corp., paras. 73-88; in this case AG Bot followed a stricter interpretation of Article 5.1, limiting it to cases in which the user of a computer program was already in possession of a legal copy of the program, Bot; Opinion of AG on UsedSoft GmbH v Oracle International Corp., Case C 128/11, Opinion of 24 April 2012, paras. 94-100. 51  See, critically on this approach: Guibault (2010), see, e.g., CJEU, Padawan SL v Sociedad General de Autores y Editores de España (SGAE), Case C 467/08, Judgment of 21 October 2010, para. 32; Johan Deckmyn and Vrijheidsfonds VZW v Helena Vandersteen and Others, par. 15. 47

4  Forcing Flexibility with Fundamental Rights: Questioning the Dominance…

91

3.3.2  Setting Limits to the Scope of Exclusive Rights With regard to the exclusive rights, the influence of fundamental rights might be limited to the application of the rules by European Courts. Especially, the wide scope of the reproduction rights for full and partial reproductions might be reconsidered against the background of the preliminary reference in Pelham. In this case, a narrower interpretation of the reproduction rights would permit flexibility and thereby ample room for the exercise of artistic creativity without necessarily altering the list or even the application of E&L.52 Indeed, this route offers only limited flexibility and must be considered against the factual background of the particular reference. It can certainly be argued that two seconds of “Metall auf Metall” are not comparable to eleven words in Infopaq I53 that reflect a certain degree of originality. Nevertheless, at some point, the narrowing of the scope of the exclusive rights would clearly collide with the property side of the fundamental rights spectrum, namely that of right holders. Furthermore, a narrower interpretation of exclusive rights fails to provide interpretative solutions when entire works are used, such as in Funke Medien and Spiegel Online. In the same way that E&L find their limits in the wording and the object and purpose of a particular exception, the scope of exclusive rights cannot be construed overly narrow.

3.4  Arguing Outside the Rules The question whether there is room for exceptions outside of Art. 5 of Directive 2001/29/EC is an explosive one for several reasons. If the Court were to rule that exceptions outside of the list of E&L, which Recital 32 suggests is exhaustive, exist, this would also open similar clauses in other directives, such as Art. 10 of Directive 2006/115/EC. Consequently, legal uncertainty would reign, merely limited by the still little elaborated balance between rights and permitted uses. Admittedly, this balance could be informed by the list of exceptions provided in the legislation and the evolving case-law on fundamental rights.54 However, this would bring European copyright law dangerously close to an open norm à la fair use. By effectively ignoring Recital 32, the Court would also question the validity of recitals as reliable interpretative aids for the rule of European copyright law (and this could be extended to other regulatory fields).55  See also Bently et al. (2018) under Question 3.  Infopaq International A/S v Danske Dagblades Forening, paras. 30-51. 54  Such an inspired list had been suggested by the drafters of the European Copyright Code, see Article 5 and the general classification of Article 5 of the Wittem Code, which contains a list of exceptions that promote freedom of expression and information, Wittem Project, see further Jütte (2017), pp. 333 et seq. 55  There is a good argument to be made that recitals are subject to an expiry date and have little value in areas that undergo rapid change, such as copyright in a digital environment. Still, the task to decide on the scope of certain provisions is a task best left to the legislator. 52 53

92

B. J. Jütte

However, in the absence of relevant reform proposals, this route might be necessary if the Court were to follow the German Constitutional Court’s appreciation of the balance between the right to property and the right to artistic freedom in relation to music sampling. It is hard to imagine that the CJEU would find, albeit merely implicitly, that the outcome suggested by the BVerfG is categorically incompatible with the imperative rules of the EU copyright acquis. Refusing to accept external limitations to exclusive rights would cement the highly criticized property-centered interpretation of the copyright rules in the past. It would indeed be difficult to find more wiggle room inside the current copyright rules. Even an admission that the rules as they currently stand do not reflect a proper balance and would require modifications is a dangerous path to tread. This would have the consequence that, at least, the respective provisions on limitations of exceptions in the relevant directives have to be reviewed and complemented with such limitations and exceptions that consider genuine fundamental rights concerns that outweigh the right to property. Now this as a Sisyphean task that would require repetition on a regular basis.56 3.4.1  The Scope of Exclusive Rights The BVerfG has suggested that the exclusive right of producers of sound recordings could be limited not to cover very short excerpts, an opinion that the BGH does not seem to follow.57 The latter would retain the possibility not to protect small excerpts for works protected by copyright, but even here the jurisprudence of the CJEU would restrict a more flexible interpretation through its ruling in Infopaq I.58 Pursuant to Infopaq I, even the reproduction of small parts of copyright protected subject matter constitutes infringement if the parts reproduced display originality in themselves. A limitation of the scope of exclusive rights would further only carry a certain distance and fail at that point where clearly substantive expressive segments, and therefore original parts of a work, are reproduced or otherwise used within the scope of exclusive rights. Already in the Funke Medien and the Spiegel Online cases, the quantity taken would certainly be sufficient to constitute a prima facie infringement. Larger parts of a work that satisfy the originality requirement would require additional justification if used without the right holder’s authorization. This route is, therefore, only of limited utility to safeguard that fundamental rights are properly respected in the balance between the interests of right holders and users of protected works and subject matter. It is further inconceivable, and moreover systematically unsound, were the scope of exclusive rights to shift depending on a particular use. Such legal uncertainty would also not square well with the fundamental right to property, which also requires some sort of reliable determination. Systematically, but also from a purely reasonable point of view, it makes little sense

 Jütte (2017), p. 270.  BGH, Metall auf Metall III, par. 19. 58  Infopaq International A/S v Danske Dagblades Forening. 56 57

4  Forcing Flexibility with Fundamental Rights: Questioning the Dominance…

93

to attempt a rebalancing by adjusting the scope of protection of exclusive rights, except for such cases in which the use is limited to very small parts of a given work. 3.4.2  Permitting Expression and Information: And (Too?) Much More The inflexibility of the scope of exclusive rights leaves E&L as potential enablers for the exercise of fundamental rights. This suggests that there will be instances in which the right to freedom of expression, including the right to receive information, but, possibly, also other fundamental rights, deserve to receive precedence of the interest of right holders. In fact, such instances already exist in Art. 5 and reference to their roots in fundamental rights can already be found in the InfoSoc Directive.59 The set of E&L of Art. 5, but also exceptions in other instruments of the EU copyright rules, do not seem to leave much room for permitted uses outside of this legal framework. The ‘free use’ defense raised in Pelham is certainly not included in any of the instruments. It can, however, be argued that a limited open norm such as the free use exception in German copyright law is not per se in violation of EU copyright law as long as its application moves within the list of limitations and exceptions provided for in Art. 5 of the InfoSoc Directive.60 The application of such a norm would only constitute a violation if it were to extend to cases that are clearly outside the list of Art. 5. A norm that resembles free use and, arguably free use itself, could be pre-empted by EU law in all instances that are not covered by Art. 5.3(o) of the InfoSoc Directive. Under the doctrine of pre-emption, which is closely linked to the notion of supremacy of EU law, MS are barred from legislating in areas in which the European legislator has acted.61 In relation to the exclusive rights and their related exceptions and limitation MS are consequently pre-empted from introducing exceptions that are not contained in Art. 5 of the InfoSoc Directive. A strict application of the pre-emption doctrine would not permit uses that are not covered by express E&Ls within the scope of application of the EU copyright rules. As these rules cover most of the important economic rights, it seems that there is not much room for other permitted uses than those expressly referred to in the acquis. This, again, raises the problem of a systematic advantage of right holders, whose interests enjoy a temporal advantage in the light of ever advancing technological change. An open norm such as the German ‘free use’ provision, if understood indeed as an exception and not as a limitation to the scope of exclusive rights, would be best suited to accommodate the exercise of fundamental rights in an ever changing technological environment. The limits set by an interpretation that considers the pre-emption doctrine, which is also strongly supported by Recital 32 of the InfoSoc  Recital 3 InfoSoc Directive.  See Jütte and Maier (2017), pp. 790–791. 61  See, for the functioning of the preemption doctrine in EU copyright law, Rosati (2014a). Between the three option Rosati lists—field pre-emption, rule pre-emption, and obstacle pre-emption—the copyright rules fall within the domain of rule pre-emption as copyright falls within an area of shared competence. 59 60

94

B. J. Jütte

Directive, does however mandate that an open norm is interpreted within the strict substantive limits of Art. 5 of the InfoSoc Directive and, in relation to other (related) subject matter, by the exceptions contained in other instruments of the copyright acquis. Although these provisions, e.g., Art. 5 of the Software Directive, do not state explicitly that the limitations contained therein are exhaustive, under the theory of ‘field’ pre-emption62 this would be the logical consequence. This would indeed make sense, considering the general goal of harmonization which is to create similar rules across the single market. Were the MS permitted to introduce further exceptions or limitations, this goal would equally be jeopardized. If already different interpretations or implementations were to risk the smooth functioning of the single market, incongruent sets of exceptions would exacerbate the problem.63 Against the background of these considerations, even an open norm would be limited by the EU copyright acquis and its substantive rules on limitations and exceptions. Another solution to this conundrum could be found in an analogy to the legal mechanism behind the exhaustion doctrine. In Warner Brothers, the CJEU famously stated that to enable the free movement of goods, right holders could be prevented from exercising their intellectual property rights.64 While leaving the right, in principle, intact, a right holder could also be prevented from exercising her rights in protected works or other subject matter if such an exercise would infringe upon the exercise of third-party fundamental rights. In this way the list of exceptions could continue to constitute a balance, which in itself is a highly questionable assumption, while leaving room for fundamentally important uses. In order not to further question the role of E&L as legitimate balancing elements, a prohibition to exercise exclusive rights should be limited to a very small number of cases, namely such cases that are mandated by general principles, including the fundamental rights of the EU Charter. The scope of such a mechanism should be strictly limited, and a limitation of the exercise of exclusive rights cannot have the effect of eroding the specific subject-matter of copyright.65 Besides economic rights that safeguard the

 Rosati (2014a), p. 421.  There is a strong argument to be made that an open-norm and the pre-emption doctrine could work smoothly together, which would also do away with the negative side effects of different national implementations of the pick-and-choose list of Article 5 of the InfoSoc Directive. The assumption that Article 5 as a whole constitutes a proper balance is put into question by varying lists of exceptions at national level. An open norm, interpreted in the light of Article 5, can then recreate the balance destroyed by insufficient national implementations. However, the problem of permitted uses outside of Article 5 still remains. 64  In CJEU, Warner Brothers Inc and Metronome Video ApS v Erik Viuff Christiansen, Case C 158/86, Judgment of 17 May 1988, the Court ruled that the exhaustion of the distribution right could not have the effect that exclusive rights would be rendered meaningless by its application; see, also CJEU, Musik-Vertrieb membran GmbH and K-tel International v GEMA - Gesellschaft für musikalische Aufführungs- und mechanische Vervielfältigungsrechte, Joined cases 55/80 and 57/80, Judgment of 20 January 1981. 65  Football Association Premier League Ltd and Others v QC Leisure and Others and Karen Murphy v Media Protection Services Ltd, par. 106. 62 63

4  Forcing Flexibility with Fundamental Rights: Questioning the Dominance…

95

exploitation of protected works and subject-matter,66 copyright, albeit not expressly harmonized at EU level,67 also covers moral rights.68 In analogy to the exhaustion doctrine, the use of protected works could not be justified if they had not been published with the consent of the right holder before the use in question.69 Consequently, the use in Funke Medien would not be permitted but the use in Spiegel Online would have been. An exhaustion-like mechanism would supersede the application of copyright rules in certain instances that would be in the public interest (including fundamental rights).

4  Conclusion The preliminary questions posed by the BGH are a testament to the growing uncertainty the strict corset of EU copyright law provides. The surprising perplexity with which the BGH seeks clarification on a question that seemed to have been answered already numerous times, namely how fundamental rights must be considered when applying the EU copyright rules (or any other rule of EU law for that purpose), demonstrates that the current set of rules is far from helpful when trying to strike a proper balance between exclusive rights and interests of non-right holders. The alternative is that the BGH pursues a political agenda. By asking a question of fundamental importance, the answer of which seems already been given by secondary legislation, it provokes the CJEU to re-think EU copyright law in lieu of the EU legislator. This could have wide-ranging consequences, up to a declaration of incompatibility of Art. of the 5 InfoSoc Directive with the provisions of the EU Charter. It does indeed seem inconsistent that certain uses of works should be prohibited, although they serve the higher good of a democratic discourse, particularly on the Internet. Yet, copyright does not permit these uses and the exclusive rights stand in the way of non-infringing uses of unpublished military reports and published  “[T]he specific subject-matter of the intellectual property is intended in particular to ensure for the right holders concerned protection of the right to exploit commercially the marketing or the making available of the protected subject-matter, by the grant of licences in return for payment of remuneration (…)”,Football Association Premier League Ltd and Others v QC Leisure and Others and Karen Murphy v Media Protection Services Ltd, par. 107. 67  Rosati (2014a). 68  “The specific subject-matter of those rights, as governed by national legislation, is to ensure the protection of the moral and economic rights of their holders. The protection of moral rights enables authors and performers, in particular, to object to any distortion, mutilation or other modification of a work which would be prejudicial to their honour or reputation. Copyright and related rights are also economic in nature, in that they confer the right to exploit commercially the marketing of the protected work, particularly in the form of licences granted in return for payment of royalties (…).”, CJEU, Phil Collins v Imtrat Handelsgesellschaft mbH and Patricia Im- und Export, Joined cases C 92/92 and 326/92, Judgment of 20 October 1993, par. 20. 69  CJEU, Deutsche Grammophon Gesellschaft mbH v Metro-SB-Großmärkte GmbH & Co. KG, Case C 78/70, Judgment of 8 June 1971, par. 13. 66

96

B. J. Jütte

­ anuscripts that reveal the questionable position on a sensitive issue of a member m of the German parliament; and the artistic expression of sampling artists. Should these noble purposes fall victim to an extensive application of exclusive rights? This would amount to nothing else than at least a mild form of open censorship. It is clear that with the answers to the three preliminary references the struggle between fundamental rights and exclusive rights will not be over. One way or the other, the Court either has to permit more interpretative flexibility within the set of existing rules or suggest legislative additions to the list of limitations and exceptions throughout the entire copyright acquis. In formulating a solution, the Court will have to be careful not to undermine the reliability of existing copyright law by providing an easily accessible leapfrog procedure with fundamental rights as its springboard. It will have to limit the suspension of copyright law or the further limitation of exclusive rights to certain special cases and, which will be even more difficult, find a reliable formulation that avoids even greater uncertainty as that reflected in the questions posed by the BGH. However, a continuing dominance of economically justified exclusive rights over the exercise of fundamental rights should not be tolerated. Such an appreciation of the importance of expressive uses of protected works should, ideally, be reflected in the copyright rules themselves, rather than provided by a judge-made escape route.

References Bently L, Geiger C, Griffiths J, Metzger A, Peukert A, Senftleben M et al (2018) Opinion of the European Copyright Society in relation to the pending reference before the CJEU in Case C-476/17, Hutter v Pelham. Available via European Copyright Society. https://europeancopyrightsocietydotorg.files.wordpress.com/2018/03/opinion-metall-auf-metall-fin4.pdf BGH [2017] I ZR 115/15, Metall auf Metall III; CJEU, Pelham and Others, C 476/17, Application BGH [2017] I ZR 139/15, Afghanistan Papiere; CJEU, Funke Medien NRW, C 469/17, Application BGH [2017] IZR 228/15, Reformistischer Aufbruch; CJEU, Spiegel Online, C 516/17, Application CJEU, BestWater International GmbH v Michael Mebes and Stefan Potsch, Case C 348/13, Order of 21 October 2014 CJEU, Åklagaren v Hans Åkerberg Fransson, Case C 617/10, Judgment of 26 February 2013 CJEU, Belgische Vereniging van Auteurs, Componisten en Uitgevers CVBA (SABAM) v Netlog NV, Case C 360/10, Judgment of 16 June 2012 CJEU, Deutsche Grammophon Gesellschaft mbH v Metro-SB-Großmärkte GmbH & Co. KG, Case C 78/70, Judgment of 8 June 1971 CJEU, Eva-Maria Painer v Standard VerlagsGmbH and Others, Case C 145/10, Judgment of 11 December 2011 CJEU, Football Association Premier League Ltd and Others v QC Leisure and Others (C 403/08) and Karen Murphy v Media Protection Services Ltd (C 429/08), Joined cases C 403/08 and C 429/08, Judgment of 4 October 2011 CJEU, GS Media BV v Sanoma Media Netherlands BV and Others, Case C 160/15, Judgment of 08 September 2016 CJEU, Infopaq International A/S v Danske Dagblades Forening, Case C 5/08, Judgment of 19 July 2009 CJEU, Johan Deckmyn and Vrijheidsfonds VZW v Helena Vandersteen and Others, Case C 201/13, Judgment of 03 September 2014

4  Forcing Flexibility with Fundamental Rights: Questioning the Dominance…

97

CJEU, Martin Luksan v Petrus van der Let, Case C 277/10, Judgment of 9 September 2012 CJEU, Nils Svensson and Others v Retriever Sverige AB, C466/12, Judgment of 13 February 2014 CJEU, Padawan SL v Sociedad General de Autores y Editores de España (SGAE), Case C 467/08, Judgment of 21 October 2010 CJEU, Productores de Música de España (Promusicae) v Telefónica de España SAU, Case 275/06, Judgment of 29 January 2008 CJEU, Scarlet Extended SA v Société belge des auteurs, compositeurs et éditeurs SCRL (SABAM), Case C 70/10, Judgment of 24 November 2011 CJEU, Stichting Brein v Jack Frederik Wullems, Case C 527/15, Judgment of 26 April 2017 CJEU, Stichting Brein v Ziggo BV and XS4All Internet BV, Case C 610/15, Judgment of 14 June 2017 CJEU, Technische Universität Darmstadt v Eugen Ulmer KG, Case C 117/13, Judgment of 11 September 2014 CJEU, Tobias Mc Fadden v Sony Music Entertainment Germany GmbH, C 484/14, Judgement of 15 September 2016 CJEU, UsedSoft GmbH v Oracle International Corp., Case C 128/11, Judgment of 03 July 2012 Dreier T (2010) Limitations: the centerpiece of copyright in distress. J Intellect Prop Inf Technol Electron Commer Law 1:50 Ducoulombier P (2015) Interaction between human rights: are all human rights equal? In: Geiger C (ed) Research handbook on human rights and intellectual property. Edward Elgar, Cheltenham, pp 39–51 Geiger C (2004a) Der urheberrechtliche Interessenausgleich in der Informationsgesellschaft - Zur Rechtsnatur der Beschränkungen des Urheberrechts. GRUR Int 53:815 Geiger C (2004b) Fundamental rights, a safeguard for the coherence of intellectual property law? IIC 35:268 Geiger C (2006) “Constitutionalising” intellectual property law? The influence of fundamental rights on intellectual property in the European Union. IIC 37:371 Geiger C (2009) Intellectual property shall be protected!? Article 17(2) of the Charter of Fundamental Rights of the European Union: a mysterious provision with an unclear scope. Eur Intellect Prop Rev 31:113 Geiger C, Izyumenko E (2014) Copyright on the human rights’ trial: redefining the boundaries of exclusivity through freedom of expression. IIC 42:316 Geiger C, Schönherr F (2014) The information society directive (Articles 5 and 6(4)). In: Stamatoudi I, Torremans P (eds) EU copyright law: a commentary. Edward Elgar, Cheltenham, pp 395–536 Geiger C, Macrez F, Bouvel A, Carre S, Hassler T, Schmidt-Szalewski J (2008) What limitations to copyright in the information society? A comment on the European Commission’s Green Paper “Copyright in the Knowledge Economy”. IIC 40:412 Griffiths J, McDonagh L (2013) Fundamental rights and European IP law: the case of Art 17(2) of the EU Charter. In: Geiger C (ed) Constructing European intellectual property: achievements and new perspectives. Edward Elgar, Cheltenham, pp 75–93 Guibault LMCR (2010) Why Cherry-Picking never leads to harmonisation: the case of the limitations on copyright under Directive 2001/29/EC. J Intellect Prop Inf Technol E-Commer Law 1:55 Hugenholtz BP (1997) Fierce creatures. Copyright Exemptions: Towards Extinction? Paper presented at the IFLA/IMPRIMATUR Conference Rights, Limitations and Exceptions: Striking a Proper Balance, Amsterdam, 20-31 October Hugenholtz PB, Senftleben M (2011) Fair use in Europe: in search of flexibilities, ivir. https:// www.ie-forum.nl/backoffice/uploads/file/IE-ForumP_B_HugenholtzenM_R_F_Senftleben, Fair use in Europe_ In search of flexibilities, IEF 10485, IViR 14 november 2011_.pdf Husovec M (2016) Intellectual property rights and integration by conflict: the past, present and future. Cambridge Yearb Eur Legal Stud 18:239

98

B. J. Jütte

Izyumenko E (2016) The freedom of expression contours of copyright in the digital era: a European perspective. J World Intellect Prop 19:115 Jütte BJ (2016) The beginning of a (happy?) relationship: copyright and freedom of expression in Europe. Eur Intellect Prop Rev 38:11 Jütte BJ (2017) Reconstructing European copyright law for the digital single market: between old paradigms and digital challenges, vol 10. Nomos, Baden-Baden Jütte BJ, Maier H (2017) A human right to sample  – will the CJEU dance to the BGH-beat. J Intellect Prop Law Pract 12:784 Kur A (2008) Of Oceans, Islands, and Inland Water  – How Much Room for Exceptions and Limitations under the Three Step-Test? No 08-04:48, https://papers.ssrn.com/sol3/papers. cfm?abstract_id=1317707 Leistner M (2016) Die “Metall auf Metall”  - Entscheidung des BVerfG.  Oder: Warum das Urheberrecht in Karlsruhe in guten Händen ist. GRUR 118:772 Niemann F, Mackert LN (2013) Limits of sampling sound recordings: the German Federal Supreme Court of Justice’s Metall auf Metall I & II holdings in light of the US jurisprudence on digital sampling. Eur Intellect Prop Rev 35:356 Peukert A (2015) The fundamental right to (intellectual) property and the discretion of the legislature. In: Geiger C (ed) Research handbook on human rights and intellectual property. Edward Elgar, Cheltenham, pp 132–148 Ramalho A (2014) Conceptualising the European Union’s competence in copyright – what can the EU do? IIC 45:178 Reilly T (2012) Good fences make good neighboring rights: the German Federal Supreme Court Rules on the digital sampling of sound recordings in Metall auf Metall. Minn J Law Sci Technol 13:153 Rosati E (2014a) Copyright in the EU: in search of (in) flexibilities. GRUR Int 63:419 Rosati E (2014b) Has the CJEU in Deckmyn de facto harmonised moral rights? Available via The IPKat. http://ipkitten.blogspot.com/2014/09/has-cjeu-in-deckmyn-de-facto-harmonised.html Schonhofen S (2016) Sechs Urteile über zwei Sekunden, und kein Ende in Sicht: Die “Sampling” -Entscheidung des BVerfG. GRUR-Prax 8:277 Wittem Project. European Copyright Code.. Available via Wittem Project. http://www.copyrightcode.eu Xalabarder R (2016) The role of the CJEU in harmonizing EU copyright law. IIC 47:635

Chapter 5

Copyright and the Press Publishers Right on the Internet: Evolutions and Perspectives Maria-Daphne Papadopoulou and Evanthia-Maria Moustaka

Abstract  Article 11 (due to the legal cleaning of the text of the Digital Single Market Directive 2019/790/EU, article numbers have changed; consequently, Article 11 of the Proposal is now Article 15, while the similarly contentious provision under Article 13 on the use of protected content by information society service providers has been renumbered as Article 17) of the Proposal for a Directive on copyright in the Digital Single Market constitutes one of the most debated provisions of the legislative corpus that demonstrates the ambitious transition of the European acquis to the digital era. The introduction of an exclusive related right to press publishers for the digital uses of their content formed a casus belli within this long-term and rather adventurous legislative initiative. Eventually, a compromise was reached after two and a half years that the debate was launched and the tough negotiations that intervened; on February 13, 2019, the relevant trilogue negotiations were successfully concluded, reaching an agreement on a compromise text for the Copyright Directive, including the new press publishers right (Rosati 2019. http://ipkitten. blogspot.com/2019/02/breaking-agreement-on-dsm-directive.html). This chapter explores all the key issues of the new right on press publications, demonstrating the objectives sought through its establishment, while providing an analysis of the legal and economic background from both sides of this persisting controversy. At first, the relevant initiatives undertaken at national level, and foremost, the examples of Germany and Spain are analyzed to demonstrate the inspiration for the introduction of a harmonized right for press publishers. Thereafter, the main arguments against this legislative step are investigated, demonstrating the substantive pillars and the reactions that the European Commission experienced in this field. It should be noted that this opposition had also crept into the European institutions themselves since the European Parliament had first rejected the Committee Draft of the Proposal in what has been described as a “surprising turn of events” (Rauer et al., European Parliament votes to reject controversial Copyright Directive proposal, 2018a). Lastly, the final text of the proposed Article 11 (renumbered Article 15) as adopted by the European Parliament is presented, further including the rationale behind and M.-D. Papadopoulou · E.-M. Moustaka (*) Legal Department, Hellenic Copyright Organization, Athens, Greece e-mail: [email protected]; [email protected] © Springer Nature Switzerland AG 2020 T.-E. Synodinou et al. (eds.), EU Internet Law in the Digital Era, https://doi.org/10.1007/978-3-030-25579-4_5

99

100

M.-D. Papadopoulou and E.-M. Moustaka

the objectives pursued under its establishment. On the eve of a radical overhaul of the EU copyright system, it is important that we realize the substance of this new right and the “tangible benefits” (European Commission, Digital Single Market: EU negotiators reach a breakthrough to modernise copyright rules (Press Release). http://europa.eu/rapid/press-release_IP-19-528_en.htm) aiming at yielding to European press publishers and journalists for the massive online re-use of their content. After all, it consists one of the cornerstones of this crucial reform that has been described as making the future of Europe possible…

1  Introduction Aiming at maximizing the competitiveness and growth potential of the European digital economy into the global context, the introduction, in 2015, of the ‘Digital Single Market Strategy’1 was centralized on the enhancement of cross-border online activities through a number of key interdependent actions that primarily concerned the legislative adaptations required. Accordingly, the objectives laid down within this context were referring to the expansion of access to digital goods and services throughout the Union, including copyright protected content services. Recognizing that the creation, production, distribution, and exploitation of works and other subject-­ matter of protection have been drastically and continuously changing because of the rapid evolution of digital technologies, the establishment of a secure and reliable regulatory framework2 called for a fundamental review of the EU copyright acquis. This copyright reform would further serve the identification of the role and impact of the new actors and business models occurring in the digital reality, along with the facilitation of the new uses emerging in the realms of research, education, and cultural heritage. For this purpose, the adaptation of the EU legal framework of copyright exceptions to the digital and cross-border environment was designated as one of the key objectives sought in this process.3

 A Digital Single Market Strategy for Europe—COM (2015) 192 final.  Including a tailor-made regulatory environment for online platforms and internet intermediary service providers that would additionally serve the purpose of combating illegal material on the internet. Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions, A digital single market strategy for Europe, COM (2015) 192 final. 3  Recalling the limited level of harmonization previously achieved at EU level in the field of exceptions and limitations, mostly because of their national character and optional implementation, while addressing their contributive role towards the achievement of public policy objectives, the European Commission repeatedly stated its aim of ensuring the legal certainty in the area. In this regard, the objectives pursued under this copyright reform concerned, inter alia, the legality of certain types of uses in the realm of scientific research, as actualized through the introduction of the text and data mining exception, education activities, as well as the preservation of cultural heritage. 1 2

5  Copyright and the Press Publishers Right on the Internet: Evolutions and Perspectives

101

However, the modernization of the EU copyright rules to make them fit for the digital age4 would inevitably face the long-term debate over property and access in a number of copyright issues, further entailing the conflicts arising between the rights and interests of users and rightholders in the respective realm.5 In this regard, the European Commission highlighted, in its Impact Assessment,6 the existing disparity between producers and users of copyright protected content that was further considered as placing press plurality and press diversity in jeopardy.7 Consequently, a fair balance was sought between, on the one hand, information service providers and in particular, online platforms, and on the other hand, news publishers. The suggested reform would take the shape of one of the most controversial provisions of the Proposal for a Directive on Copyright in the Digital Single Market8 (hereinafter: ‘Proposal’); that of Article 11 (now Article 15) which confers upon press publishers a new right that aims at facilitating them in negotiating the re-use of their content on online platforms, while enabling journalists to “receive a greater share of the revenues generated by the online uses of press publications”.9 Since its inception, this new right for press publishers formed a casus belli10 that persisted throughout this long-term and rather adventurous legislative initiative. Two and a half years after the debate was launched, an agreement was eventually reached on the compromise amendments of the Proposal. Following the successful conclusion of the relevant trilogue negotiations on February 13, 2019,11 the draft piece of legislation was approved by the European Parliament’s Committee on Legal Affairs (JURI). The last hurdle before the adoption of the intended copyright reform was cleared on March 26, 2019. It was the day that the European Parliament voted in favor of the new harmonized copyright regime under which the modernized rules fit for the digital age were eventually adopted; there were 348 votes in favor, 274 against, and 36

 Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions, Towards a modern, more European copyright framework, COM (2015) 626 final. 5  http://www.europarl.europa.eu/news/en/press-room/20150615IPR66497/eu-copyrightreform-must-balance-rightholders-and-users-interests-say-meps. 6  Commission Staff Working Document. Impact Assessment on the modernisation of EU copyright rules. The related documents, as well as the executive summary, are available at: https://ec.europa. eu/digital-single-market/en/news/impact-assessment-modernisation-eu-copyright-rules. 7  Ibid. 8  Proposal for a Directive of the European Parliament and of the Council on Copyright in the Digital Single Market, COM (2016) 593 final. 9  Supra n. 4. 10  As well as former Article 13 (now Article 17), concerning the use of copyright protected content by online content service providers. The compromise text that was respectively achieved provides that the provision of access to copyright protected content uploaded by the users of online content sharing service providers to the public shall be qualified as a restricted act of communication or making available to the public, generating, as such, the obligation to obtain a prior authorization by the rightholders concerned. In addition, the liability of such service providers is established in accordance with the prerequisites set out therein. 11  Rosati (2019). http://ipkitten.blogspot.com/2019/02/breaking-agreement-on-dsm-directive.html. 4

102

M.-D. Papadopoulou and E.-M. Moustaka

abstentions.12 The European Commission described this vote as ensuring “the right balance between the interests of all players”, these being users, creators, authors, and press, “while putting in place proportionate obligations on online platforms”.13 In the light of the strongly debated press publishers’ right, the Commission had recently outlined the enhancement of the “position of creators in their negotiations with big platforms which largely benefit from their content”, since writers and journalists will, among other rightholders, “find it easier to negotiate better deals with their publishers”.14 Following the publication of this groundbreaking reform on the Official Journal of the EU (L 130/92, 17.05.2019), and provided that Member States will subsequently have 24 months to implement the new rules into their national copyright legislation, a step back needs to be taken to reconstruct the whole picture. This chapter explores all the key issues of the new right on press publications, demonstrating the objectives sought through its establishment, while analyzing the legal and economic background from both sides of this persisting controversy. At first, the relevant initiatives undertaken at national level, and foremost, the examples of Germany and Spain are analyzed to signify the inspiration for the invention of a harmonized right for press publishers. Thereafter, the main arguments against this legislative step are investigated, demonstrating the substantive pillars and the reactions that the European Commission experienced in this field. It should be noted that this opposition had also crept into the European institutions themselves since the European Parliament had first rejected the Committee Draft of the Directive in what has been described as a “surprising turn of events”.15 Lastly, the final text of Article 11 (renumbered Article 15) as adopted by the European Parliament is presented, further including the rationale behind and the objectives pursued under its establishment. On the eve of a radical overhaul of the EU copyright system, it is important that we realize the substance of this new right and the “tangible benefits”16 aiming at yielding to European press publishers and journalists for the massive online re-use of their content. After all, it consists one of the cornerstones of this crucial reform that has been described as making the future of Europe possible…

12  http://www.europarl.europa.eu/news/en/press-room/20190321IPR32110/europeanparliament-approves-new-copyright-rules-for-the-internet. 13  European Commission—Statement of 26 March 2019. Copyright reform: the Commission welcomes European Parliament’s vote in favour of modernised rules fit for digital age. http://europa. eu/rapid/press-release_STATEMENT-19-1839_en.htm. 14  Ibid. 15  Rauer et al. (2018a). 16  European Commission, Digital Single Market: EU negotiators reach a breakthrough to modernise copyright rules (Press Release). http://europa.eu/rapid/press-release_IP-19-528_en.htm.

5  Copyright and the Press Publishers Right on the Internet: Evolutions and Perspectives

103

2  T  he Rationale Behind the New Publishers’ Right and Its Key Features 2.1  The Legal and Economic Background Setting the framework within which this provision was introduced, the Impact Assessment issued by the European Commission stressed out the need to achieve a well-functioning online marketplace for copyright by facilitating licensing and combating online infringements. Press publishers, whose bargaining position vis-à-­ vis online platforms was regarded as weak,17 should be equally protected to other rightholders based on their role and contribution to the copyright value chain. The Explanatory Memorandum of the Proposal provided in this regard that press publishers “are facing difficulties in licensing their publications online and obtaining a fair share of the value they generate”.18 Thus, they should be granted with the power to achieve the recoupment of their investments and the enforcement of their rights in the digital ecosystem. Moreover, Recitals 31 and 32 of the Proposal had underlined the organizational and financial investment of publishers in the production of press publications and the need to be recognized by safeguarding the sustainability of the whole publishing industry. Providing that a “free and pluralist press is essential to ensure quality journalism and citizens’ access to information”,19 while fundamentally contributing to “public debate and the proper functioning of a democratic society”,20 the introduction of a real exclusive right for press publishers was regarded as essential in the reformed European legal order. As respectively stated, since press publishers should be treated equally as other related rightholders, their eligibility to enter into contracts and bring infringement actions, namely the enforcement of their rights, is inexorably intertwined and depending upon the legal monopoly deriving therefrom.21 Focusing on the tangible aspects of the new press publishers’ right, the need to strengthen their position in the digital environment by enabling them to be remunerated for the online use and commercial exploitation of their content, emerged from the development of the news aggregation model and the economic and financial framework resulting therefrom. Rooted on the advertisement-based model,22 news  A perception deriving from the absence of a regulatory system under which the conclusion of agreements concerning the remuneration due for the use, storing, and provision of access to useruploaded content would be obligatory. 18  Explanatory Memorandum of the Proposal, para. 1. 19  Recital 31 of the Proposal. 20  Ibid. 21  Legal Affairs. Legal analysis with focus on Article 11 of the proposed Directive on Copyright in the Digital Market. http://www.europarl.europa.eu/RegData/etudes/BRIE/2017/596834/ IPOL_BRI(2017)596834_EN.pdf. 22  As the most basic business model in the internet under which attractive content (such as a movie, a photo, music, or text) is (usually) provided for free for the attained consumers’ attention to be actually sold to advertising companies. Hoppner et al. (2017). 17

104

M.-D. Papadopoulou and E.-M. Moustaka

aggregators services, such as Google News, gather and display on their websites content from various press publications with a view to attracting new users. Although press publications23 become freely available to the public, the new audience attracted is consequently sold to advertisers, while publishers, as well as authors of such works, are deprived of the revenues they deserve for the value that their content generates online. Considering the organized structure in which news is presented in such platforms, as well as the multitude of information and the rapidity of transmission, the finding that nearly half of users (47%) do not click any further, thus merely reading through headlines and extracts, comes as no surprise. Speaking of (and with) numbers, as respectively demonstrated in the Impact Assessment, the print circulation of newspapers, based on the data provided by the press publishing sector in eight Member States,24 declined from 8% (in Belgium) to even 52% (in Italy) from 2010 to 2014. On the contrary, the growth of the digital audience of 39 publishers across these eight European markets was estimated as reaching, in 2015, 500 million users/browser accesses, while the same number three years ago was less than half. In 2016, digital access to news content was almost doubled. Consequently, consumers’ habits in respect of the main sources of information were also investigated. It was found that 42% of news consumers were reading news online, while 66% of the visits to newspapers websites came from referral traffic through social media, news aggregators, and search engines; however, within the same time, newspapers lost a net revenue of 13%.25

2.2  N  ational Level Measures: The Examples of Germany and Spain The ‘right to published editions’, in its initial conceptualization, can be traced back in 1968 as introduced into the Australian copyright act.26 Focusing on the inspiration for this copyright reform, the examples of Germany and Spain shall be individually exposed. Both national copyright systems had integrated a new, special right to press publishers in ensuring the sustainability of the publishing sector against new forms of exploitation promoted by aggregators and online operators. However, the approaches adopted were significantly differentiated, further including the subsequent evolution or even substance of the respective regimes.

 Principally referring to excerpts from newspapers articles.  These being Belgium, Finland, France, Germany, Italy, Poland, Spain, and United Kingdom. See more at Annex 13A included in the Commission Staff Working Document—Impact Assessment on the modernisation of EU copyright rules—Part 3, p. 175. 25  Ibid. 26  Matulionyte (2018). 23 24

5  Copyright and the Press Publishers Right on the Internet: Evolutions and Perspectives

105

2.2.1  Germany: An Adventurous Legal Story and its End Following four years of debate, an amendment to the German Copyright Act27 was eventually adopted and entered into force in 2013, under which producers of press products were granted an exclusive right to make press content or parts of it available to the public for commercial purposes (the ‘Leistungsschutzrecht für Presseverleger’). The use of individual words or small text excerpts (snippets28) was explicitly excluded from the scope of application of this ancillary right conferred upon publishers of newspapers and magazines.29 Furthermore, the transferability of this right was also provided, while its term of protection was designated as expiring one year following the publication of the press product. The limitations applicable to copyright in relation to lawfully permitted uses (such as citation) were expressly provided as applying mutatis mutandis to the press publishers’ right, while its exercise was further limited by the rights of the author or a related rightholder whose work or protected subject-matter was incorporated in the press product. According to the wording of the provision established under para. 4 of Section 87g of the German Copyright Act, the act of making available to the public press product, or parts thereof, shall be permissible “unless this is done by commercial operators of search engines or commercial operators of services which edit the content”. In this case, providers of such services had to obtain a prior authorization from press publishers as explicitly aligned with the payment of a reasonable compensation that would be subject to negotiation between the parties concerned.30 Moreover, Section 87h of the German Copyright Act provided for the right of the authors to participate in this remuneration scheme, thus being entitled to an equitable share of the revenues accrued for the commercial exploitation of press products in the digital environment. Those authors were further identified as entailing “text and photo journalists, as well as freelancer editors”.31 In this regard, the identification of the “commercial” term was rather crucial to demarcate the scope of application of this right. Based on the wording of this provision, commercial providers of search engines or of other similar services such as news aggregation, were exclusively concerned. According to the German federal  Copyright Act of 9 September 1965 (Federal Law Gazette I, p. 1273), as last amended by Article 1 of the Act of 1 September 2017 (Federal Law Gazette I p. 3346) (Urheberrechtsgesetz, UrhG), §§87f-h. 28  Being further defined as an “algorithm generated extract of a press publication that information society providers use to provide services to their customers”. However, it was found that giving the consumer a ‘snapshot’ of the main story provided in the press publication, the access to the main site of the news brands was actually discouraged. Unattributed. The publishers’ right explained— part 1. http://www.newsmediaeurope.eu/news/the-publishers-right-explained-part-1/. 29  Known as the “Leistungsschutzrecht für Presseverlage” (LSR). 30  On the contrary, the Spanish legislator followed a differentiated approach, thus providing for a “compulsory, fixed compensation” for all uses undertaken by news services in the digital environment, further excluding search engine services. The Ancillary Copyright for Press Publishers in Germany. Background information and answers to key questions. LSR Aktuell. http://www.lsraktuell.de/sites/default/files/20170202_vg_media_lsra_broschuere_en.pdf. 31  Ibid. 27

106

M.-D. Papadopoulou and E.-M. Moustaka

government’s reasoning for the introduction of the relevant addendums into the national copyright law, what was determinative was the profit-making intention of such services through the systematic use and provision of access to press products, meaning the use in a professional context. Consequently, it has been stated that private users are profoundly exempted from the scope of this right, further including businesses and companies of other sectors, attorney offices, associations, and nonfor-profit institutions. In respect of the search engines services, their actual technical operation as such, irrespective of the extent of the given search conducted, has been designated as the decisive criterion for the relevant determination.32 The intended amendment was widely criticized even before its establishment. More precisely, a wide range of stakeholders in Germany—from scholars and academics to business associations, the web community and, profoundly, Google—ran diametrically counter to the adoption of this provision33 on the grounds of freedom of speech and access to information, while the anticipated negative impact on the German (digital) economy was also addressed. On the contrary, newspaper publishers underlined its significance for the “maintenance of an independent, privately financed news media”34 that would guarantee the freedom and plurality of the press by filling a gap in German copyright law that needed to be adjusted to the requirements of the digital technology.35 Following the implementation of the German ‘Lex Google’,36 or more accurately, on the same day that the new sections entered into force, Google News modified its indexing system in Germany to an opt-in mechanism. More precisely, a confirmation statement was required by national publishers for their content to be featured in the listings of the popular news aggregation platforms.37 From the press publishers’ side, the determination of the fee payable for the online use of their content and the respective royalty collection method were assigned to VG Media, a collecting society that soon published the relevant tariff (concluding to 11% of the search engine’s revenue) and called the counterparties to enter into negotiations for the relevant licensing terms. However, Yahoo and Deutsche Telekom excluded from their services the publishers claiming their ancillary right. Moreover, an argument for the inapplicability of the license fee to online services was also developed, given that Google aligned indexing with an agreement to a royalty-free license.38 Within this context, the use of press products in Google search results was subsequently  Talke (2017).  Kreutzer (2011). Describing the economic rationale behind the forthcoming (at that time) measure under German law, the resemblance with the framework within which the relevant discussion and the introduction of the respective provision at EU level has fallen, is more than close. 34  Since the introduction of the ancillary copyright and the consequent financial reward provided for press publishers was considered as an important revenue source for the industry both on a middle and long-term basis. Pfanner (2012). 35  Supra n. 37. 36  Read more about the substance, evolution, and effects of the German ancillary right for publishers at: https://resources.law.cam.ac.uk/cipil/documents/potential_legal_responses_complete_transcript.pdf. 37  Rosati (2013). 38  Schlosberg (2017). 32 33

5  Copyright and the Press Publishers Right on the Internet: Evolutions and Perspectives

107

limited to headlines (i.e., the contested snippets and thumbnails were no longer provided), which led to negative effects on the newspapers’ web traffic. On these grounds, VG Media filled an antitrust complaint against Google, claiming an abuse of its dominant position in the market and anti-competitive conduct. The claim was dismissed39 and VG Media ended up granting (exclusively) to Google a “revocable free license”.40 According to its statement,41 it was forced to such an “extraordinary step” due to Google’s “overwhelming market power”.42 Although the settlement proposal issued by the Copyright Arbitration Board of the German Patent and Trademark Office (DPMA) ran in favor of the tariff’s applicability, its extent and current form were considered as rather excessive and inadequate. Moreover, an essential but still indefinite issue was also covered by the DPMA’s ruling, concerning, in particular, the exception provided under Section 87f(1) of the German Copyright Act under which individual words or very short text excerpts do not fall within the scope of the press publishers right. However, the wording of this provision did not specify the type (i.e., snippets and thumbnails) or more precisely, the length of the press content that would be subject to licensing and payment of a fee, giving rise to contradictory interpretations that reflected the diverging interests in the area. Accepting that a specific limit was nonetheless required, DPMA reached a compromise by suggesting a seven-word limit, excluding search keywords.43 Even this substantial question, though, ended up lacking its legal basis due to the outcome of the preliminary ruling that was brought before the Court of Justice of the European Union (CJEU).44 The questions referred to the court challenged the lawfulness and actual enforceability of the German right for press publishers per se; if considered as a technical regulation, this provision should have been duly notified to the European Commission in accordance with the procedure laid down in Directive 98/34/EC45 as repealed and replaced by Directive 2015/1535/EU.46 In the event of a lack of such a proper notification, domestic law  Press Release (2014) Complaint by VG Media not sufficient to institute formal abuse of dominance proceedings against Google. https://www.bundeskartellamt.de/SharedDocs/Meldung/EN/ Pressemitteilungen/2014/22_08_2014_VG_Media.html. 40  Unattributed (2015) Ancillary Copyright for Publishers: Taking Stock in Germany. Bitcom. http://www.mittelstand-tour.de/bitkom/org/noindex/Publikationen/2016/Leitfaden/ Leistungsschutzrecht/2/160406-Leistungsschutzrecht-EN.pdf. 41  (2014) Pressemitteilung: Google lehnt ‘Waffenruhe’ ab -Presseverlage beugen sich Druck Googles und lassen VG Media Gratiseinwilligung für Rechtenutzung erteilen. https://www.vgmedia.de/images/stories/pdfs/presse/2014/141022_pm_vgmedia_gratiseinwilligung-google.pdf (in German). 42  Essers (2014). 43  Keller (2015a) and Hirche (2015). 44  CJEU, VG Media Gesellschaft zur Verwertung der Urheber- und Leistungsschutzrechte von Medienunternehmen mbH v Google Inc, Case C-299/17. See more at Rosati (2017a). 45  Directive 98/34/EC of the European Parliament and of the Council of 22 June 1998 laying down a procedure for the provision of information in the field of technical standards and regulations, OJ L 204/37. 46  Directive (EU) 2015/1535 of the European Parliament and of the Council of 9 September 2015 laying down a procedure for the provision of information in the field of technical regulations and of rules on Information Society services, OJ L 241/1. 39

108

M.-D. Papadopoulou and E.-M. Moustaka

should be deemed null and void and as such, inapplicable.47 And that was the Advocate General’s Opinion delivered on 13 December 2018.48 According to this Opinion, the German rules on the right related to copyright for press publishers amount to a technical regulation within the meaning of Directive 98/34, thus specifically aiming at a particular information society service, namely, the provision of press products through the use of internet search engines.49 Consequently, the Advocate General stated that the German provisions in question were subject to the notification obligation. Ιn the absence of a notification of these national provisions to the Commission, they must not be applied by the German courts. The CJEU eventually confirmed; in the judgment issued on September 12, 2019, the Court dictated that the provision of the German law which prohibited only commercial operators of search engines and commercial service providers that similarly publish content from making newspapers or magazines or parts thereof (excluding individual words and very short text excerpts) available to the public, constitutes a “technical regulation”, the draft of which is subject to prior notification to the Commission. As a result, the German press publishers’ right ended up unenforceable due to this missed notification. It has been widely described as the Google’s victory over the German publishers’ fee demands that were reaching an amount of $1.1 billion. 2.2.2  Spain: Following the Path of Limitations Influenced by the legislative initiatives undertaken in Germany but following a differentiated approach under the so-called ‘IPA Reform’,50 Spain included an addendum in its national Copyright Act amending the quotation right instead of granting an exclusive right to press publishers. In the wider context, the scope of application of the right to quotation was extended in order to adapt to the digital environment for the purpose of exclusively covering online news aggregation services. In other words, the Spanish legislator considered digital contents aggregation as a permitted use, meaning that a relevant authorization is not required, thus being qualified, under  Rauer (2017).  http://curia.europa.eu/juris/document/document.jsf?text=&docid=208982&pageIndex=0&docl ang=EN&mode=lst&dir=&occ=first&part=1&cid=5724825. 49  More precisely, the Advocate General Gerard Hogan considered that the German provisions “cannot be regarded as simply the equivalent of a condition governing the exercise of a business activity such as a prior authorisation requirement. Their effect in practice is to make the provision of the service subject to either a form of a prohibitory order or a monetary claim at the instance of the publisher of newspapers or magazines”. Court of Justice of European Union. Press Release No 197/18. https://curia.europa.eu/jcms/upload/docs/application/pdf/2018-12/cp180197en.pdf. 50  Law No. 21/2014 of November 4, 2014, amending the Consolidated Text of the Law on Intellectual Property, approved by Royal Legislative Decree No. 1/1996 of April 12, 1996, and Law No. 1/2000 of January 7, 2000, on Civil Procedure, which entered into force in 2015. However, it was only recently that CEDRO (i.e., the Spanish Reproduction Rights Centre representing authors and publishers of books, magazines, journals, newspapers, and sheet music) initiated negotiations for the determination of the relevant fee. 47

48

5  Copyright and the Press Publishers Right on the Internet: Evolutions and Perspectives

109

specific conditions, as a quotation. Nonetheless, even if the prerequisites set out by the law are met, publishers or, as applicable, other rightholders are entitled to render this freedom subject to the payment of an equitable remuneration for such a use. Under Article 32(2) of the Spanish Copyright Act, a number of limitations are respectively applicable. First, the contents aggregation shall exclusively entail non-­ significant fragments of contents. Second, these contents must have been available in periodical publications or in periodically updated websites. Third, the contents aggregated by the providers of such digital services shall serve informational or entertainment purposes, or the creation of the public-opinion objective. Provided that all these conditions are fulfilled, the making available to the public of such publications51 is not subject to an authorization by the respective rightholders. However, even in that case, publishers and potentially other holders of rights over such works shall receive a fair compensation, meaning inversely that online news aggregation services providers shall pay a copyright fee for the use that they make. As in the case in Germany, the addressees of this remuneration obligation have been regarded as entailing commercial “online outlets posting links and excerpts of news articles originated elsewhere”,52 profoundly referring to search engines and news aggregators, and foremost, to Google News.53 However, many other aggregators, such as bloggers and other websites, have been considered to be additionally affected by this provision.54 Furthermore, an exception to the equitable compensation rule has been provided under Article 32(2) of the Spanish Copyright Act, concerning, in particular, the mere provision of links55 to press publications by search engine services. Provided that the conditions set out in the law are met, this act is neither subject to a prior authorization nor to a payment of a fee. The provision of access to the news content covered by the exception is explicitly provided as the “making available to the public of isolated words”56 that are further incorporated in the publications described above. Moreover, search engine services have been determined as those facilitating search instruments of such words. What is crucial is the use (i.e., making available) of “isolated pieces of information”57 that are indispensable for the provision of search results in reply of a given search query as previously formulated by the user. For this exception to apply, three prerequisites have to be cumulatively fulfilled: (a)  Excluding, though, photographic works or ordinary photographs incorporated in such publications for the use of which an authorization is required. On the contrary, documentaries and news recordings fall within the scope of application of this provision. 52  Caldaza and Gil (2018). 53  Consisting the grounds for its characterization as the “Google Tax” right. Hernández (2014). 54  Plantada (2014). 55  In this regard, it should be noted that linking is not qualified as an act of communication to the public under Article 20(2) TRLPI. Nonetheless, according to the national case law, the provision of links to infringing content may, in certain circumstances, amount to a copyright infringement. Furthermore, the “active and non-neutral” provision of links to illegal content with a profit-making intention implies both administrative and criminal sanctions. https://euipo.europa.eu/ohimportal/ el/web/observatory/faqs-on-copyright-es. 56  Xalabarder (2014). 57  Rosati (2014). 51

110

M.-D. Papadopoulou and E.-M. Moustaka

a link to the website hosting the original work58 shall be provided; (b) such search engine services providers shall not pursue commercial purposes; and (c) the use of excerpts (i.e., isolated words) of the news content shall be “limited to what is necessary to provide search results in response to previous user queries”, strictly construed.59 In this regard, an interesting decision issued by the Spanish Supreme Court prior to the establishment of Law 21/2014 is worth to be mentioned thus holding in favor of the Google search engine including its ‘cache copy’ service, namely the computer-generated review of newspapers’ articles offered by Google News to online users. The case concerned the unauthorized use (i.e., reproduction and making available to the public) of fragments of websites listed as a result of the Google search engine operation and the relevant cache copy service. The claimant sought monetary damages, while also issuing an injunction to prevent the further operation of the Google Spain search engine service. It was by virtue of this maximalist claim that a copyright infringement was not assessed by the court since it was qualified as an abusive exercise of copyright intending exclusively to harm the defendant. More precisely, the ruling of the court was based upon the use of the ‘three-step test’60 as a positive interpretation criterion, meaning that the general principles of the law, such as good faith, the prohibition of abuse of rights, and the doctrine of harmless uses by third parties, shall be incorporated and reflected therein. Moreover, the reproduction of fragments of the linked websites was regarded as insignificant, while also serving informatory purposes.61 Contrary to the German ‘Leistungsschutzrecht für Presseverleger’, the remuneration right conferred upon press publishers in Spain is unwaivable, meaning that publishers cannot opt out from receiving the copyright fee to be paid by online news aggregators, neither can they grant a free license for the online use of their content. Furthermore, the law provides for the transferability of this right,62 while it is also subject to mandatory collective management.63 It was by virtue of this unwaivable nature of the statutory equitable compensation, along with the arguments that asserted its vague scope and imprecise language, that this provision was severely criticized even before its adoption. The objections against its establishment entailed its (potential) impact on a “broader range of online activities beyond the purportedly

 Otherwise, to the “provenance page of the content”. Vidal (2014).  Ibid. 60  Explicitly provided under Art. 40bis TRLPI. The so-called “three-step” was introduced into the EU acquis under para. 5 Article 5 of Directive 2001/29/EC which dictated that the exceptions and limitations provided under this provision shall only be applied: (a) in certain special cases that (b) do not conflict with a normal exploitation of the work or other subject-matter and (c) do not unreasonably prejudice the legitimate interests of the rightholder. 61  Sentencia n.172/2012, of 3 April 2012, Supreme Court, Civil Chamber. Xalabarder (2012). 62  Similar to the press-clipping limitation provided under Article 32(1) of the Spanish Intellectual Property Law (TRLPI). 63  Priora (2018). 58 59

5  Copyright and the Press Publishers Right on the Internet: Evolutions and Perspectives

111

targeted news aggregation and search engines”,64 on which serious anticompetitive effects were also speculated. Moreover, the freedom of the public to access information and the media diversity principle were also alleged to be jeopardized by this legislative initiative. Lastly, Article 32(2) was contested as infringing copyright law, as well as the EU acquis and the CJEU case law, distorting accordingly the functioning of the internal market and subsidizing an industry at the expense of another at national level.65 As an immediate effect of the adoption of the new legislation and even before its entry into effect, the news-linking service was terminated by Google on the grounds of the alleged unsustainability of the approach adopted. On the contrary, the Google search engine machine remained operational thus being allowed, under the statutory exception, to provide links and display, as such, news content available online. However, the repercussions for the Spanish news websites that were excluded by the popular online news aggregation platform were demonstrated by a traffic decline exceeding “6% on average and 14% for small publications”, while their loss of revenue was estimated at €10 million ($11.7 million) in the first year following the implementation of the law.66 Moreover, a study on the impact of the Spanish ancillary copyright commissioned by the Spanish Association of Publishers of Periodical Publications (‘AEEPP’) had underlined its negative effect on various stakeholders, including news aggregators, (small) publishers, as well as online consumers such as readers and advertisers. Furthermore, this provision has been regarded as imposing barriers to innovative developments, distorting competition, prejudicing the net-neutrality principle, while additionally implying regulatory uncertainty. Lastly, the threat or even the high risk of infringement of the quotation right has been demonstrated, further including the right to use and release Creative Commons-licensed content.67

2.3  A  rticle 11: Definitions, Subject-Matter and Scope of Application As already stated, the objective pursued under the Proposal was the improvement of legal certainty throughout the Union and the strengthening, inter alia, of the press publishers’ bargaining position in the digital interplay in supporting and ensuring a free and pluralist press. More precisely, the idea was to “confer on publishers their own ‘related right’, similar to the ‘neighboring rights’ given to other investors in

 Supra n. 63.  Ibid. 66  Bailey (2018). 67  Keller (2015b). 64 65

112

M.-D. Papadopoulou and E.-M. Moustaka

broadcasts, sound recordings and film fixations”.68 Within this context, and building upon the national examples of Germany and Spain, while also considering the emergence of similar legislative initiatives at other Member States,69 an exclusive related right for press publishers was eventually introduced. From this perspective, it could be argued that this right resembles to the respective provision adopted by the German legislator rather than implementing a condition attached to an exception as was the case in Spain. Although the definition on press publications provided under the EU law is partially identical to the German legislative initiative,70 it should be noted that the EU-wide related right conferred upon press publishers has been characterized as even more comprehensive in relation to the so-called ‘link tax’ provisions established at national level.71 Deepening in the crucial issue of the concept of press publications, consisting of the rationae materiae of the press publishers right, the comparison between the relevant definition, including the respective recital, as provided under the Proposal, and its final version, indicates a number of substantial modifications. In particular, Recital 33 of the Proposal stated that the notion of press publications shall only  Study for the JURI Committee (2017) Strengthening the Position of Press Publishers and Authors and Performers in the Copyright Directive, p. 15. http://www.europarl.europa.eu/RegData/etudes/ STUD/2017/596810/IPOL_STU(2017)596810_EN.pdf. 69  Since a relevant discussion was also taking place in Belgium, Italy, and France. See, in particular, European Commission (2016) Remuneration of authors of books and scientific journals, translators, journalists, and visual artists for the use of their works. https://www.ivir.nl/publicaties/download/remuneration_of_authors_final_report.pdf. 70  Recital 33 of the Proposal dictated that “periodical publications published for scientific or academic purposes are expressly exempted (emphasis added) from the protection granted to press publications” similarly to the relevant definition provided under German law. This exception was retained in the text of the Directive adopted with a slight, though, difference in the relevant wording as provided now under Recital 56 (renumbered Recital 33); in particular, Recital 56 currently states that such publications “should not be covered (instead of “are expressly exempted) by the protection granted to press publications under the Directive” (emphasis added). Lastly, it should be noted that the exception concerning press publications serving scientific or academic purposes has been added as such to the definition of press publications provided under Art. 2 para. 4 of the Directive, entailing, in addition, the example of “scientific journals”. 71  Since both the German and Spanish legislative instruments provide that press publishers are awarded with a remuneration right exclusively against commercial search engines services and other commercial content providers. Talke (2017). However, the compromise amendment on Article 11 included an additional—to the initial proposal—rule (para. 1(a)) which similarly provided that the rights conferred upon publishers of press publications “shall not prevent legitimate private and non-commercial use of press publications (conducted) by individual users”. JURI Committee (2018) Proposal for a Directive on copyright in the digital single market. Compromise amendments and alternative compromise amendments (final). http://www.europarl.europa.eu/ cmsdata/149561/juri-committee-compromise-amendments-copyright-dsm.pdf. In the final version of Article 11 (now Article 15 para. 1(b)), the aforementioned wording is slightly different, thus expressly providing that “private (i.e., the word “legitimate” has been removed) or non-commercial uses of press publications carried out by individual users” are excluded from the scope of application of the press publishers right. Recital 56 of the Directive is additionally stating that these private and non-commercial uses include the online sharing of press publications conducted by individual users. 68

5  Copyright and the Press Publishers Right on the Internet: Evolutions and Perspectives

113

entail “journalistic publications, published by a service provider, periodically or regularly updated in any media, for the purpose of informing or entertaining”. On the contrary, Recital 56 of the final text of the Directive provides that the journalistic publications exclusively covered by this Directive are those “published in any media, including on paper, in the context of an economic activity which constitutes a provision of services under Union law”. Inversely, it is profound, while also explicitly stated,72 that private or non-commercial uses of press publications carried out by individual users are not covered by the press publishers right, including the case where they share such content online. Consequently, such uses shall continue to be governed by the existing EU copyright rules. Moreover, press publications have been defined as mostly incorporating literary works, stressing, in parallel, other types of works or other subject-matter of protection, such as photographs and videos, which are increasingly included therein. It is noteworthy that the indicative list of press publications, initially provided under Recital 33 of the Proposal,73 has been complemented by the additional reference to “subscription-based magazines”. As regards the subject-matter that falls outside the scope of application of the press publishers’ right, periodical publications published for scientific or academic purposes are expressly exempted. Moreover, the protection afforded to press publishers is not extending to the mere facts reported in press publications, reaffirming, as such, the axiom and very essence of copyright law under which facts, including raw information, and ideas are not copyrightable. The legal monopoly deriving from copyright is exclusively attached to the author’s own intellectual creation to the extent that it is original.74 A significant addendum that intervened, which was neither included in the Proposal nor in the compromise amendment of Article 11, concerns the explicit exclusion of individual words or very short extracts of a press publication75 from the rights conferred upon press publishers under the Directive. In this regard, Recital 58 of the final text of the Directive underlines that such an exemption should be construed in such a way as not to affect the effectiveness of the rights granted to press publishers, specifically considering the massive aggregation and use of press publications by such providers and the economic relevance that (even) the parts of such publications have gained. On the definition per se of press publications, the wording of Article 2 para. 4 is slightly but still essentially differentiated. In its initial form, it read as follows: “‘press publication’ means a fixation of a collection of literary works of a journalistic nature, which may also comprise other works or subject-matter and constitutes an individual item within a periodical or regularly-updated publication under a single title, such as a newspaper or a general or special interest magazine, having the

 Both in Recital 55 and Article 15 para. 1 of the Directive.  Renumbered Recital 56. 74  CJEU, Infopaq International A/S v Danske Dagblades Forening, Case C-5/08, Judgment of the Court of 16 July 2019, and subsequent case law. 75  Article 15 para. 1 of the Directive. 72 73

114

M.-D. Papadopoulou and E.-M. Moustaka

purpose of providing76 information related to news or other topics and published in any media under the initiative, editorial responsibility, and control of a service provider”. In its final version, it dictates that the notion of ‘press publication’ means a “collection composed mainly of literary works of a journalistic nature, but which can also include other works or subject matter”. The subsequent wording has been retained as such; however, it is now clearly distinguished to the three prerequisites77 that have to be cumulatively fulfilled for a press publication to fall within the scope of application of the press publishers’ right. In respect of the nature of the press publishers’ right, Recital 34 of the Proposal dictated that it shall have the same scope as the rights of reproduction and making available to the public provided for in Directive 2001/29/EC (Infosoc Directive)78 insofar as digital uses are concerned. In comparison to the text of the Directive on which final consensus was reached, the ‘digital uses’ term has been replaced, under Recital 57, by the notion of “online uses (provided) by information society service providers”. Exploring the rationale behind the establishment of such an entitlement to press publishers, the problems they are facing towards the licensing of online uses of their publications79 and their subsequent difficulty in recouping their investments,80 are demonstrated as the grounds for their recognition as related rightholders. Moreover, the establishment of such a tailor-made and foremost harmonized regulatory framework has been regarded as necessary for press publishers to be able to efficiently exercise and enforce their rights in the digital and cross-border environment. Consequently, both the proposed and the subsequently adopted regime confer upon press publishers a right related to copyright for the reproduction and making available to the public of press publications in respect of online uses provided by information service providers, since considered as the proper means to effectively guarantee the legal protection that press publishers deserve.  This second prerequisite for a press publication to fall within the scope of the press publishers’ right has been slightly changed in the text of the Directive adopted thus now describing the provision of information as addressing “to the general public”. 77  In particular, Article 2 para. 4 of the text of the Directive on which final consensus was reached dictates that a press publication (defined as above) shall further: (a) constitute an individual item within a periodical or regularly-updated publication under a single title, such as a newspaper or a general or special interest magazine, (b) have the purpose of providing the general public with information related to news or other topics, and (c) be published in any media under the initiative, editorial responsibility and control of a service provider. 78  Directive 2001/29/EC of the European Parliament and of the Council of 22 May 2001 on the harmonisation of certain aspects of copyright and related rights in the information society, OJ L 167/10. 79  In this regard, Recital 54 of the Directive emphasizes on the wide availability of press publications as regarded in relation to the constant emergence of new online services, indicatively stating the news aggregation and the media monitoring services. As it is respectively stated, the re-use of press publications constitutes an important part of such services’ business models, while further consisting of a source of revenues from which press publishers are deprived or at least prevented to have access to. 80  Otherwise, their “organisational and financial contribution” in the production of press publications, as stated under Recital 55 of the Directive. 76

5  Copyright and the Press Publishers Right on the Internet: Evolutions and Perspectives

115

For the purpose of increasing the intended legal certainty in the area, the final text of this provision incorporates, in addition, a definition of the concept of press publishers per se, dictating that it “should be understood as covering service providers, such as news publishers or news agencies, when they publish press publications within the meaning of this Directive”.81 Moreover, it is expressly provided that the legal protection for press publications provided under the Copyright Directive benefits publishers that are established in a Member State and have, in compliance with Article 11 of Directive 96/9/EC,82 their registered office, central administration or principal place of business within the Union. Moreover, para. 5 of Article 15 dictates that Member States shall ensure that authors of works incorporated in a press publication receive an appropriate share of the revenues that press publishers obtain for the use of their press publications by information society service providers; it is a slightly differentiated version of the provision introduced, under para. 4(a) of Article 11, in the compromise amendments83 of the Proposal. Considering the limitations applicable to the press publishers’ related right, the implementation of which is mandatory84 for Member States, it should be stressed that it is explicitly subject to the exceptions and limitations provided under Article 5 of the Infosoc Directive,85 entailing, in addition, the obligations as to technological measures and rights-management information, as well as the appropriate sanctions and remedies to be provided by the Member States in cases of infringement.86 Moreover, Directive 2017/1564/EU87 shall also apply mutatis mutandis to the press publishers’ right.88 Lastly, the rights of the authors and other rightholders over their works or other protected subject-matter incorporated in a press publication, shall not in any way be affected by the establishment of this right to press publishers. In particular, it has been expressly stated that this right cannot be invoked against authors or rightholders89 as specifically concerning their right to “exploit their works  Recital 55 of the Copyright Directive.  Directive 96/9/EC of the European Parliament and of the Council of 11 March 1996 on the legal protection of databases. OJ L 77, 27.3.1996. 83  According to the wording of the compromise amendment of Article 11, authors shall receive an appropriate share of the additional revenues press publishers receive for the use of a press publication by information society service providers (emphasis added). Supra n. 78. 84  Both Article 11 of the Proposal and the renumbered Article 15 of the final text of the Directive provide that Member States shall (emphasis added) provide press publishers (established in a Member State) with the rights provided for in Article 2 and Article 3(2) of Directive 2001/29/EC. 85  Where an explicit reference to the quotation exception for criticism and review is provided under Recital 57 of the Directive. 86  Articles 6–8 of Directive 2001/29/EC. 87  Directive (EU) 2017/1564 of the European Parliament and of the Council of 13 September 2017 on certain permitted uses of certain works and other subject matter protected by copyright and related rights for the benefit of persons who are blind, visually impaired, or otherwise print-disabled and amending Directive 2001/29/EC on the harmonisation of certain aspects of copyright and related rights in the information society. OJ L 242/6. 88  Article 15 para. 3 of the Directive. 89  Or, according to the final text of Recital 59 of the Directive, against other authorized uses of such works or subject-matter of protection. Article 15 para. 2 of the Directive dictates respectively that 81 82

116

M.-D. Papadopoulou and E.-M. Moustaka

and other subject-matter independently from the press publication in which they are incorporated”.90 In other words, the press publishers’ right is applicable without prejudice to the authors and other creators’ rights on their individual contributions that comprise the subject-matter of protection of this provision, namely the final press product.91 In this regard, special focus shall be placed upon hyperlinking, which admittedly consists of one of the most complex copyright issues.92 In respect of the right afforded to publishers, Recital 33 of the Proposal provided that the protection granted shall not extend to acts of hyperlinking “which do not constitute communication to the public”. As the CJEU had respectively ruled in Svensson,93 the provision on a website of clickable links to works freely available on another website (i.e., meaning without any access restrictions) does not constitute a communication to the public since not addressing to a ‘new public’. The same result, though, has also been reached in the case where the copyright holder had not authorized the posting of a hyperlink on a website to works protected by copyright being, as such, illegally published on the website to which those hyperlinks lead. However, two prerequisites must be fulfilled for such a determination; the person who posts that link shall not seek financial gain and shall act without knowledge that those works have been published illegally.94 In any case, the issue of communication to the public was eventually avoided as regards as hyperlinking and the press publishers’ right since both the compromise amendment of Article 11 and the final version of Article 15 of the Copyright Directive dictate that the legal protection granted to press publishers does not extend to mere “acts of hyperlinking”.95 The term of protection of this right was initially designated as lasting for twenty (20) years following the first publication of the subject-matter of protection.96 Provided that such a term attracted severe criticism per se, the duration of the press publishers’ right was then reformulated, under the amended version of the Proposal adopted by the European Council’s Permanent Representative Committee

such uses concern the inclusion of works or other subject-matter of protection based on a nonexclusive license or for prohibiting the further use of such works or other subject-matter the term of protection of which has expired. 90  Ibid. 91  Article 15 para. 2 of the Directive. A similar provision was also included in Recital 35 and Article 11(2) of the Proposal. 92  Indeed, the issue of hyperlinking as amounting (or not) to a restricted act of communication to the public has been treated in a different manner at national law even within the same jurisdiction and by the same competent court. See more in respect of the Greek case law in the area in: Nikolinakos et al. (2019). 93  CJEU, Nils Svensson, Sten Sjögren, Madelaine Sahlman, Pia Gadd v Retriever Sverige AB, Case C 466/12, Judgment of 13 February 2014. 94  CJEU, GS Media BV v Sanoma Media Netherlands BV, Playboy Enterprises International Inc., Britt Geertruida Dekker, Judgment of 8 September 2016. 95  Article 11 para. 2(a) of the compromise amendment of Article 11; Recital 57 and Article 15 para. 1 of the Directive. 96  Article 11, para. 4 of the Proposal.

5  Copyright and the Press Publishers Right on the Internet: Evolutions and Perspectives

117

(COREPER), to last for only one (1) year.97 The compromise provision adopted by the JURI Committee provided that the protection granted to press publishers should last for five (5) years. Eventually, the term provided, under Article 15 para. 4 of the Directive, expires in two (2) years following the publication of the press publication. In this regard, it should also be noted that this right does not have a retroactive effect and does not cover press publications published before the entry into force of the Directive. On the mandatory character, transferability, and management of the press publishers’ rights, they are assignable and may be administered either individually or collectively since a provision to the contrary is not included in the corpus of the legislation adopted. Similarly, the respective rightholders may waive the rights attributed to them since they are not compulsory.98

3  T  he Problematic and Controversial Debate on the New Press Publishers’ Right 3.1  Two Sides of the Same Arguments The considerable criticism99 and the argumentation against the Proposal and the compromise amendments that were later introduced, reflect the controversy surrounding the press publishers’ right, as well as the relevant concerns expressed by a variety of stakeholders, including legal and academic experts. Indeed, a “rare  Council of the European Union (2018) Proposal for a Directive of the European Parliament and of the Council on copyright in the Digital Single Market, Interinstitutional File: 2016/0280 (COD). 98  Under the draft compromise proposal issued by Axel Voss (the Copyright Directive Rapporteur) on March 28, 2018, not only press publishers but also news agencies were included in the rationae personae of Article 11 that would confer upon them the “inalienable right to obtain a fair and proper remuneration” for the digital use of their press publications: https://juliareda.eu/wp-content/uploads/2018/03/voss11.pdf.; Read more at: Rauer et al. (2018b). However, this proposal was strongly criticized as expanding the scope of exclusive rights to cover (unprotected) facts, threatening, as such, the fundamental right of access to information. Eventually, news agencies were explicitly included in the concept of ‘press publishers’, along with news publishers in the case where they publish press publications within the meaning of the Directive (Recital 55 of the Directive). In addition, the unwaivable nature of the remuneration provided under that proposal was argued to “interfere with the operation of open licensing” (such as the Creative Commons licenses): Vollmer (2018). At last, the final compromise amendment adopted by the JURI Committee on June 19, 2018 provided for the Member States’ obligation to grant press publishers with the rights of reproduction and communication to the public “so that they may obtain (emphasis added) fair and proper remuneration”, Supra n. 90. The wording of Article 15 para. 5 of the Directive provides, in this regard, that authors shall receive an appropriate share of the revenues that press publishers receive (emphasis added) for the use of their press publications by information society service providers. 99  Read more about the main lines of criticism in respect of Article 11 at: http://copyrightblog.kluweriplaw.com/2018/03/13/copyright-reform-new-right-press-publishers-not/?doing_wp_cron=15 35809220.9804170131683349609375. 97

118

M.-D. Papadopoulou and E.-M. Moustaka

academic consensus” has been reached against (former) Article 11, thus being characterized as a “bad piece of legislation”.100 According to the academics’ virtually unanimous position, the introduction of “very broad rights of ownership” in news and information in general is speculated to impinge on the “free flow of information that is of vital importance to democracy”.101 More precisely, it has been stated that if permission is required before sharing information, the foundational rule of copyright law under which “news of the day and miscellaneous facts having the character of mere items of press information”102 are explicitly excluded from the scope of copyright protection, would be violated. On the opposite side, the rationale behind the establishment of this new right lies exactly on the aim of ensuring the access of the public to information that is currently in threat because of the publishers’ precarious position in the digital environment. Furthermore, the repercussions of such a measure were also considered in relation to other fundamental rights such as the freedom of online service providers to conduct (online media) business, and foremost, the freedom of expression on the basis of the principle of proportionality. In this respect, it has been stated that all regulatory interventions, including the creation of exclusive rights in information for publishers, shall comply with the “strict standard of scrutiny in the case of news and other public interest information”.103 However, the same argument on the negative effects on fundamental rights was also developed from the opposite side that advocated in favor of the enactment of this right on the basis of safeguarding quality journalism and freedom of the press in the competitive digital age. The same finding, namely the opposite views on the same issue, is also observed in the argumentation developed by both the defenders and the opponents of this right on the grounds of a current or even a threatened distortion of competition. Further entailing the substantial differences between the different players involved, it has been argued that the obligation imposed for a prior licensing accompanied with the payment of a compensation fee for the use of news content in the digital environment, makes such a use conditional upon high transaction costs. Consequently, it has been stated that journalists, photographers, freelancers, smaller publishers or small (European) entities in general, as well as start-ups will be prevented from entering this emerging market. On the contrary, internet giants, such as Google, and in a broader sense, large incumbent (US-based) online news providers will be ultimately privileged—albeit targeted—by this provision, since the enhanced transaction costs might not be eventually prohibitive. Even in this case, though, the (questionable) benefit of the leaders in the field of news institutions will unavoidably rely upon the “existing power asymmetries in media markets” which will be inversely intensified. On the contrary, from the viewpoint of press publishers, news

 Academics against Press Publishers’ Right: 169 European Academics warn against it. https:// www.ivir.nl/publicaties/download/Academics_Against_Press_Publishers_Right.pdf. 101  Ibid. 102  Article 2(8) of the 1886 Berne Convention for the Protection of Literary and Artistic Works. 103  Van Eechoud (2017). 100

5  Copyright and the Press Publishers Right on the Internet: Evolutions and Perspectives

119

aggregation platforms are the ‘parasitic free-riders’104 on their rights and interests, distorting, as such, competition in the digital environment. Indeed, many aggregators are directly competing with newspapers’ and press publishers’ websites for the same advertising budgets by satisfying the same information demand of the same audience. This substitute effect means that news aggregations services impinge on the number of visits to news outlets, while their subsequent impact on the latters’ advertisement revenues “remains an open question”.105 Moreover, competition is also developed on the press product itself since the same news content (produced by press publishers at high costs) is merely copied (at no costs) by news aggregators.106 Irrespective of the standpoint adopted, this constitutes a classical market failure that needs to be addressed.107

3.2  Missing Causality and Burden of Proof What is crucial is that the controversy concerning the press publishers’ right lied on the very essence of the relevant provision since most commentators questioned the need for or even the desirability of introducing such a right,108 while the competence of the European Union to intervene in this field was additionally challenged.109 At this point, the main arguments developed in favor of this new right for publishers should be recalled as simultaneously debated by its opponents. According to the so-called ‘incentive argument’, the legal protection afforded to press publishers  Supra n. 70.  According, though, to the “market expansion effect”, news aggregators constitute an “important channel for attracting visitors to news outlets” since they increase the news consumers’ awareness in respect of their content, increasing, as such, search visits. Supra n. 59. 106  Read more about the news consumption system, the role and impact of aggregation and search engine services, and the development of the “‘hot news’ misappropriation doctrine” under the US jurisdiction based on direct competition and free-riding practices in: Whitmore (2015). 107  The economic justification of the press publishers’ right lies in the fact that the replication and distribution of press publications, or more precisely, their “mass exploitation” derives from strong economic incentives as aligned with the business model of news aggregation and search-engine services. Intending to “build their own customer relationships in order to generate revenues”, these platforms “keep users away from the source”, causing detrimental effects to the press publishing sector. Legal Affairs. The proposed Directive on Copyright in the Digital Single Market (Articles 11, 14 and 16): Strengthening the Press through Copyright. http://www.europarl.europa.eu/ RegData/etudes/BRIE/2017/596835/IPOL_BRI(2017)596835_EN.pdf. 108  In this regard, 37 professors and leading scholars of Intellectual Property, Information Law and Digital Economy have responded to the IPO’s request for views in relation to the modernization of the EU copyright framework. Their response concluded by stating that the proposed right is “unnecessary, undesirable, introduces unnecessary uncertainty and is unlikely to achieve anything apart from adding to the complexity and cost of operating in the copyright environment”. Supra n. 75. 109  Position Paper: New Rights for Press Publishers. https://www.communia-association.org/wpcontent/uploads/2016/12/COMMUNIAPositionPaperonNewRightsforPressPublishers-final.pdf. 104 105

120

M.-D. Papadopoulou and E.-M. Moustaka

would incentivize the commercial production of news, ensuring, as such, media diversity and plurality, while simultaneously contributing to a healthy democracy. However, the alleged “manifest weaknesses” of this argument concerned the lack of a causal link between the achievement of the objective sought and the establishment of a related right, further entailing the rationale for its harmonization. For this reason, the intervention at national level, instead of the establishment of an EU-wide right, had been suggested as more adequate.110 Furthermore, the ‘equality argument’ was based on the unfair treatment that press publishers are currently facing by virtue of the existing EU copyright regime. However, this argument was asserted as not sufficing per se for the introduction of a new related right. The ‘free-riding argument’ addressed the illegitimate benefit that news online distributors obtain at the expense of press publishers without providing, though, for clear evidence. Lastly, the ‘natural rights argument’, according to which commercial publishers have a natural right to the news they publish and should be protected as such, was not regarded as being substantiated; as it has been respectively stated, even if “an intervention to benefit the commercial news industry is merited, a publishers’ right has not been demonstrated to be an appropriate way to intervene to do so”.111 Focusing on the rationale behind the establishment of a related right to press publishers as demonstrated in the Explanatory Memorandum of the final text of the Copyright Directive, press publishers are facing problems in licensing the online use of their publications to the providers of online services such as news aggregators and media monitoring services. Provided that their investment112 must be recouped, while considering the difficulties that press publishers are currently facing towards the achievement of this goal, the increase and sustainability of the publishers revenues have been designated as two of the key objectives sought through the establishment of a related right. However, this aim has been considered as a ’wishful thinking’ by virtue of the unavailability of specific data on the manner and the extent to which such a goal will be actually achieved. In addition, an argument concerning the lack of concrete evidence in relation to the actual investment that press publishers undertake for the production and online presentation of press content, has been also developed.113 In this regard, the reason behind the suffering of press publishers on the transition from the traditional to the digital era and the causes for the newspapers revenue decline were investigated. According to this view, the relevant results do not indicate news aggregation or search engine services as exclusively liable for this phenomenon.114 Moreover, the precedents of Germany and Spain had allegedly indicated an inconclusive but still highly predictable incapability of such a rule to achieve its intended purpose. It is true that both these two recent ‘ancillary rights’ solutions had been widely criticized in respect of their ineffectiveness to address the problems that publishers undoubtedly face in the digital environment, including  Danbury (2016).  Ibid. 112  Being further regarded as contributing, inter alia, to the public’s access to information. 113  Peukert (2016). 114  Bently et al. (2017). 110 111

5  Copyright and the Press Publishers Right on the Internet: Evolutions and Perspectives

121

their inefficacy to provide the grounds for increased revenues especially from the major online service providers. Consequently, these previous national experiences have been used as an example not to be emulated at EU level, thus anticipating not only the failure of such an intervention but also its devastating effects. However, even if such initiatives have failed to achieve their underlying goal, the existence of a direct connection between their alleged ineffectiveness and the lack of a cross-­ border or an EU-wide effect, can neither be ascertained nor eliminated. Nonetheless, several concerns have been raised on the set of costs deriving from the establishment of a remuneration right for publishers at EU level. The first consideration concerns the legal uncertainty evoked by the layering of rights over the same subject-matter of protection. Questioning the rationale behind the creation of a new right, both academics and other stakeholders have underlined the protection already granted to press publishers since they already enjoy three sets of harmonized rights, as well as the rights deriving from national copyright law. More precisely, the national copyright regime provides for the legal protection of publishers as creators of collective works, for their recognition as related rightholders,115 while also conferring upon them the right to control the typographical arrangements of published editions.116 Additionally, publishers enjoy the protection granted under the sui generis right over newspapers and periodicals as databases, while unfair competition law is also available for their interests. Therefore, the widespread use of enhanced technological measures against indexing and crawling is considered as already addressing and satisfying the press publishers’ needs in respect of unauthorized uses of their digital content.117 This multiplicity of rights118 has been argued to generate ”uncertainties and complexities in rights negotiations and clearance”,119 to create confusion in respect of the limitations and exceptions applicable to copyright, while also inducing unpredictable—economic and other—repercussions on the exploitation rights afforded to copyright owners and other rightholders. Beyond the transaction costs accruing from the establishment of an exclusive right to publishers, it has been further stated that its equitation with the phonogram producers’ right lacks legal basis since the appropriate connecting factor for the introduction of a related right to publishers cannot be identified. On this basis, an argument on copyright’s overexpansion has been also developed by several critics asserting, in particular, that copyright rules are misused to grant rights irrelevant with the nature and scope of copyright protec For instance, in non-original photographs. Such rights may be either conferred upon publishers by the national legislator or transferred to them automatically, as in the case of employer ownership, or by virtue of an assignment agreement or an exclusive license. 116  As the case in United Kingdom and Greece. 117  Opinion of the CEIPI on the European Commission’s copyright reform proposal, with the focus on the introduction of neighbouring rights for press publishers in EU law (2016). http://www.ceipi. edu/fileadmin/upload/DUN/CEIPI/Documents/CEIPI_Opinion_on_the_introduction_of_neighbouring_rights_for_press_publishers_in_EU_final.pdf. 118  That, according to this view, will be further ‘burdened’ by the establishment of a new right for publishers. 119  Kretschmer et al. (2016). 115

122

M.-D. Papadopoulou and E.-M. Moustaka

tion and the policies deriving therefrom, while additionally circumventing the open access strategies adopted and promoted by the Union. In this regard, the argumentation against the establishment of the press publishers’ right had further included the impacts speculated on the open access model as being specifically interrelated with scientific research.120 From this point of view, there is nothing of substance to be added anew to the legal protection already granted to press publishers. Consequently, the concrete benefits sought through the creation of an additional right and foremost, the goal of facilitating and ensuring the enforcement of press publishers’ rights had been highly questioned. Notwithstanding the fact that the current issues of complexity and inefficiency in this realm are not disputed,121 the introduction of a neighboring right for press publishers has been considered as neither facing the problem, nor contributing to its solution. Since the enforcement of rights presupposes authorship or rights ownership, the existing multilayering of rights over the same subject-matter has been deemed as hampering its proof and subsequent determination. For this reason, an alternative to the introduction of an ancillary right has been suggested by the means of an extension of the scope of application of Article 5 of the Enforcement Directive.122 In particular, it has been stated that if press publishers could take advantage of the legal presumption of authorship or ownership provided therein, the enforcement of their rights would be sufficiently and effectively guaranteed through “simple and harmless mechanisms”.123

3.3  Diminishing or Maximizing Uncertainties? Since the proposed extension of the legal presumption of rights ownership was underpinned by the aim of preventing the introduction of a related right for press publishers, the substance per se of such a rule was called into question. First, the subject-matter of protection of related rights is not copyright works. These rights are triggered and granted by virtue of the specific investments made by market players since they are considered as significantly contributing to the production and dissemination of a work. On these grounds, de lege lata producers of sound recordings are granted with a specific neighboring right, as well as film producers and broadcasting organizations. Within this context, it could be said that the introduction of  As the case of universities’ open access repositories. Ibid.  From a differentiated, though, perspective. 122  Directive 2004/48/EC of the European Parliament and of the Council of 29 April 2004 on the enforcement of intellectual property rights. OJ L 157/45. According to this provision, in applying the measures, procedures, and remedies provided for in this Directive, it shall be sufficient, for the author of a literary or artistic work, for his/her name to appear on the work in the usual manner in order to be regarded as such (in the absence of a proof to the contrary) and to be consequently entitled to institute infringement proceedings. In addition, this presumption applies mutatis mutandis to holders of rights related to copyright with regard to their protected subject-matter. 123  Kreutzer (2016). 120 121

5  Copyright and the Press Publishers Right on the Internet: Evolutions and Perspectives

123

the press publishers right runs “fully in line with the scope and structure”124 of those comparable rights. The rationale behind the establishment of these rights is the economic assumption that without the legal protection provided by the related rights regime, “a market failure would occur”.125 Conversely, if third parties interfere in the value chain of the protected subject-matter, preventing, as such, investors from being adequately rewarded for their contribution, the protection that they deserve for their investment can only be guaranteed through the establishment of an exclusive related right. According to the opposite view, this is not the case for press publishers since their contribution and/or investment for the production of press publications cannot be leveraged by third parties. This argumentation lies on the perception that press publications fall within the realm of literary works being as such protected by copyright law. According to the Infopaq ruling126 and subsequent case law, a work, defined as the author’s own intellectual creation, is copyright protected provided it is original. Fulfilling the originality criterion,127 the protection granted to a work extends to any part of it which shall not be treated differently from the work as a whole. Since the parts of a work share the originality attributed to the whole work and contain elements that are the expression of the intellectual creation of the author, they are protected as such by copyright law. The criterion is not quantitative but qualitative. Inversely, the unauthorized use of any part of a literary work, such as the unlawful reproduction and making available to the public of excerpts of newspapers articles, even if only concerning a part consisted of eleven words,128 constitutes an infringing act. A similar conclusion has been reached at national level in the Copiepresse decision.129 In this case, the Brussels Court of Appeal ruled that the ‘cache copy’ service carried out by Google infringed the publishers’ copyrights over the publication at issue.130 Moreover, the court held that this service is not covered by any copyright exception or limitation, including the permitted uses of quotation and report on news events, while it is further ineligible of being substantiated in any rule of law or exercise of fundamental rights.131 Consequently, it has been  Hoppner (2018).  Position Statement of the Max Planck Institute for Innovation and Competition on the Proposed Modernisation of European Copyright Rules: PART E: Protection of Press Publications Concerning Digital Uses. https://www.ip.mpg.de/fileadmin/ipmpg/content/stellungnahmen/MPI_Position_ Statement_PART_E_Publishers_2017_02_21_RMH_VM-def-1.pdf. 126  Supra n. 81. 127  That shall be further construed in an autonomous and uniform manner throughout the Union. Ibid. 128  Consisting of the question brought before the court in the Infopaq case. 129  Brussels Court of Appeal, Copiepresse SCRL & alii v. Google Inc., Judgment of 5 May 2011. 130  Contrary to the conclusion reached, in a similar case, by the Spanish Supreme Court. Supra n. 68. 131  Furthermore, there is a relevant debate on the eligibility of Google’s catching system to fall within the ‘transient copying’ exception provided under Article 5(1) of Infosoc Directive and more precisely, on whether the reproduction made by Google News should be characterized as transient or not, as well as on the substance of its economic significance. An additional (to the reproduction 124 125

124

M.-D. Papadopoulou and E.-M. Moustaka

accordingly stated that press publishers can rely upon the already existing copyright rules and case law, being able, as such, to effectively control the further use of their publications. However, this rather oversimplified perception of press publications as literary works is incapable of addressing both the substance and nature of press publications per se, as well as the complex issues deriving from their massive re-use in the digital environment. Speaking of uncertainties, the scope of protection of Article 11 (now Article 15) has been criticized as overbroad, while the definitions provided therein have been described as rather vague. More precisely, it has been argued that the Proposal failed to accomplish its stated goal, thus not limiting the subject-matter of the press publishers’ right to “works and uses presently protected by authors’ rights”.132 As it had been respectively stated, if press publishers were granted with a related right over original publications, both the public copyright licenses, such as Creative Commons, and the works falling within the public domain could be restricted. Given that the public domain consist of a “metaphysical public forum”133 where the exclusive control of property owners is no longer relevant, such an expansion of rights would imply both intended and unintended consequences for both economic and cultural actors, as well as for society at large, thus “impinging greatly on freedom of expression and democratization, while favoring centralization of information”.134 In respect of the terminology adopted under the Proposal, it was criticized per se as leaving too much room for interpretations. A characteristic example was the inclusion of the “indefinite” term of news websites in the indicative list concerning the definition of press publications,135 as well as of the norm of publishers per se, thus not specifying the state of potential international beneficiaries.136 However, it is expressly provided, under the final text adopted, that the press publishers granted with the legal protection provided under the Directive are the publishers which are established in a Member State and have their registered office, central administration, or principal place of business within the Union. In respect of the desired uniformity at EU level, the European Commission had itself illustrated the limited level of harmonization previously achieved. Although the Infosoc Directive provided for a number of exception and limitations to exclusive rights, their implementation at national level remained optional. Consequently, a number of substantial disparities remained in place. As a result, a great number of commentators had described the introduction of a new right for press publishers as right) controversy has also been developed on the grounds of a potential infringement of the making available to the public right. Van Eechoud et al. (2009). 132  Supra n. 124. 133  Frosio (2018). 134  Supra n. 139. 135  A reference that also persisted in the final version of the Proposal under Recital 56. 136  It has been argued that since not provided by the wording of Article 11, a question remained as to the place where the eligible for protection publication should be published to be eligible or not for protection, as well as in relation to the criteria (i.e., nationality) applying to beneficiaries especially in the case of international situations. Rosati (2018).

5  Copyright and the Press Publishers Right on the Internet: Evolutions and Perspectives

125

creating an additional layer of (currently) 28 national rights on which a variety of exceptions and limitations could be further imposed by the national legislator. Within this framework, the most important concern was interrelated with the quotation exception. The question raised, in particular, was whether the reproduction of short excerpts could be perceived as falling within the realm of this (non-­mandatory) exception under the EU acquis.137 However, even if this exception could be realized as a mandatory rule by virtue of the wording adopted by the Berne Convention,138 the treaty does not apply to related rights, profoundly entailing the new ancillary right for publishers. Consequently, Member States would retain their discretion not to implement the quotation exception under the Infosoc Directive139 in respect of the publishers’ right. The first conclusion reached by this analysis140 is rather obvious thus related to the fact that this right will be subject to divergences from one jurisdiction to another within the Union, increasing as such the legal uncertainty in a rapidly transformative area. The second refers to the possibility that the new right could be (or is intended to be) significantly stronger than copyright since sharing the same scope and depth of protection. In addition, since the quotation exception under EU law refers to the purposes of criticism or review, the implication of an impact on other fundamental rights, such as the freedom of expression, has also been speculated on a case-by-case basis. In this regard, the freedom of access and the rather misunderstood ‘freedom of the internet’ principles had also intervened in the relevant argumentation. More precisely, the press publishers’ right had been, inter alia, accused of breaking the internet. According to this view, if the re-use of snippets is restricted or more precisely, forbidden without a prior authorization from the rightholder, then hyperlinking is necessarily implicated,141 especially if considering that the architecture of the web is built on links, quotations, and snippets. It is for this reason that the EU-wide right for press publishers, as well as the relevant national regimes, have been described as “link censorship laws”.142

 According to Article 5(3)(d) of the Infosoc Directive, Member States may provide (emphasis added) for exceptions and limitations to the reproduction, communication to the public and making available to the public rights in a number of cases, including quotations for purposes such as criticism or review, provided that: (i) they relate to a work or other subject-matter which has already been lawfully made available to the public, (ii) that, unless this turns out to be impossible, the source, including the author’s name, is indicated, and that (iii) their use is in accordance with fair practice, and to the extent required by the specific purpose. 138  Since the international treaty dictates under Article 10(1) that it “shall be (emphasis added) permissible to make quotations from a work which has already been lawfully made available to the public, provided that their making is compatible with fair practice, and their extent does not exceed that justified by the purpose, including quotations from newspaper articles and periodicals in the form of press summaries”. 139  Article 5(3)(d) of the Copyright Directive. 140  As demonstrated in the Study for the JURI Committee on the press publishers’ right. Supra n. 75. 141  Despite the assertion to the contrary. Keller (2016). 142  https://savethelink.org/. 137

126

M.-D. Papadopoulou and E.-M. Moustaka

However, on the opposite side, it is exactly this admitted legal uncertainty that dictates the establishment of a new harmonized right for press publishers as ­specifically concerning the massive online availability and re-use of press publications by information society service providers. This uncontrolled practice that implies severe repercussions on both rightholders and users, while also impinging on economy, society, and democracy per se in multiple ways, had profoundly to be regulated in a uniform manner throughout the EU. The objectives that are simultaneously pursued reflect the longitudinal battle of copyright law to achieve a fair balance between conflicted rights and interests. As it had been respectively stated, it is the high level of protection for rightholders that needs to be ensured especially in the complex and rather chaotic digital environment. It is the need to preserve the access of the public to information and foremost, to reliable information. It is the freedom and plurality of the press and quality journalism that have to be safeguarded by securing the sustainability of the EU publishing sector. It is the recognition of the multidimensional contribution of European publishers to the public debate and proper functioning of a democratic society. It is the guaranteeing of the proper functioning, competitiveness, and sustainability of the internal market in the light of an extremely demanding environment. At the very end, it is the actualization of the foundational objectives pursued through the establishment of the internal market per se.143

3.4  The Pie Theory and the Impact on Authors’ Shares As already demonstrated, a strong voice was raised within this controversial background that questioned the legal basis for establishing a new related right for press publishers, further emphasizing on the economic rationale and effects of such a legislative intervention. In this regard, the addendum of a new category of rightholders over the same subject-matter has been speculated to cut into the existing royalty pie, impinging, as such, on the authors’ rate-setting regime. As respectively stated, the “new royalties stemming from neighbouring rights are going to be distributed at the expense of those receiving royalties from authors’ rights today”.144 Provided that users might seek to reduce the fees payable to authors or other rightholders if adding a new category of beneficiaries who would be entitled to claim royalties deriving from the same acts of exploitation concerning the same subject-matter, the economic value of each right is speculated to be reduced.145 According to the Impact Assessment accompanying the Proposal, the “introduction of a related right covering digital uses of press publications is not expected to generate higher license fees for online service providers”.146 On the other hand, though, it was argued that the impact on authors has not been assessed. According  Recitals 1–3, 54–55 of the final text of the Directive.  Supra n. 139. 145  Pomianowski (2016). 146  Supra n. 13. 143 144

5  Copyright and the Press Publishers Right on the Internet: Evolutions and Perspectives

127

to this perspective, in the case where the royalty pie remains unchangeable,147 the authors’ share will be inevitably diminished. However, even in the case where the pie would grow, that “surplus would presumably be taken by press publishers in the exercise of their related right”.148 In both cases, it cannot be excluded that the content creators’ visibility will not be harmed. In addition, a combined reading of Articles 11 and 12149 of the Proposal had raised further concerns on the grounds that these two provisions “might bestow upon publishers two revenue streams if the same remunerated exceptions or limitations (e.g. private copying and educational use) are given for authors’ and neighbouring rights”.150 Within this context, the overall functioning of the copyright system has been argued to be threatened by claiming that it should primarily secure fair remunerations to creators and safeguard the public’s access to creative content rather than merely compensating the investment of other rightholders. On this basis, the European Federation of Journalists was also opposed to the creation of a new right for publishers. Stating their exclusion from any revenue increase in respect of press products in Germany and Spain, journalists asserted that not only their content would reach internet users with great difficulty, but also that publishers would “receive remuneration without creating any content, while they would remain empty-handed”.151

4  T  he Alternative(s) Proposed Against the Press Publishers’ Right Copyright law is founded on the concept of balance; encompassing simultaneously the rights and interests of authors and rightholders in general and the rights and interests of the public, the conflicts inevitably arising are resolved on the basis of the principle of fair balance.152 In respect of the press publishers’ right, the question on where the line shall be drawn between legal protection and access to creative content eventually reached a final consensus. As it had been previously stated, the legal protection afforded to press publishers neither extends to private or non-commercial  Following the introduction of the new press publishers right.  Van Gompel (2017). 149  Renumbered as Articles 15 and 16 in the text of the Directive adopted. In respect of Article 16, it provides for the discretion of Member States to provide that in the case where the author has transferred or licensed a right to the publisher, such a transfer or a license constitutes a sufficient legal basis for the publisher to be entitled to a share of the compensation for the uses of the work made under an exception or limitation to the transferred or licensed right. 150  Supra n. 141. 151  EDiMA. Directive Copyright in the Digital Single Market: The impact of Article 11—publisher rights. http://edima-eu.org/wp-content/uploads/2017/11/EDiMA-DE-Policy-Brief-on-PublisherRights.pdf. 152  Both in the institutional, namely the legislative framework and in the judicial context. 147 148

128

M.-D. Papadopoulou and E.-M. Moustaka

uses of press publications carried out by individual users, nor covers acts of hyperlinking. Moreover, individual words or very short extracts of press publications are also excluded from the scope of application of this right which shall further leave intact and in no way affect the rights provided for in Union law to authors and other rightholders as regards as works and other subject-matter of protection incorporated in a press publication. However, prior to the achievement of this compromise a number of alternatives to the introduction of such a right have been proposed. As previously stated, the opponents of this provision suggested the extension of the legal presumption established under the Enforcement Directive153 in order to additionally cover press publishers. This alternative was considered as a much less controversial intervention (than the creation of a new right) that would properly address the licensing and enforcement issues that press publishers face in the digital environment.154 According to this proposal,155 the publisher of a press publication shall be regarded as the person entitled to conclude licenses and to seek rights enforcement in respect of the “digital use of the works and other subject-matter incorporated in such a press publication, provided that the name of the publisher appears on the publication”.156 Furthermore, this presumption should not be invoked against authors and other rightholders (especially as regards the exploitation of their individual contributions) and could be rebutted by the defendant on the grounds that the material used was either licensed by the author or belongs to the public domain. According to this view, the installation of a new layer of rights in copyright law would subsequently be unnecessary since “publishers would be empowered to address actual copyright infringements of news articles and conclude new licensing agreements”.157 However, the final compromise amendment of Article 11 did not entail a legal presumption in favor of press publishers. Although providing for significantly differentiated rules in relation to the initial proposal,158 the option to con Supra n. 129.  Proposals to Directive on copyright in DSM—presumption for publishers of press publications (2017). http://www.dekuzu.com/en/2017/10/proposals-to-directive-on-copyright-in-dsm-presumption-for-publishers-of-press-publications.html. 155  Initially proposed in September 2017 by the Estonian Presidency. More precisely, this compromise proposal included two completely different options; the first was to keep Article 11 in the form originally proposed with slight differences. The second introduced the replacement of the provision by a rebuttable presumption that the publisher shall be regarded as the legitimate rightholder to all protected works incorporated in the respective press publication in the absence of a proof to the contrary. This solution was adopted and further proposed by the Former Rapporteur of the Committee for Legal Affairs (JURI), Therese Comodini Cachia (EPP, Malta). 156  CA 12bis - Article 11: ALTERNATIVE (Supported by Greens and GUE). http://www.europarl. europa.eu/cmsdata/149561/juri-committee-compromise-amendments-copyright-dsm.pdf. 157   Julia Reda discusses the current Proposal for a Directive on copyright in the Digital Single Market (2018). http://copyrightblog.kluweriplaw.com/2018/06/18/juliareda-discusses-current-proposal-directive-copyright-digital-single-market/?print=print. 158  Such as the term of protection of the press publishers’ right which was limited to five (5) years instead of its 20-year initial duration; the final text of this provision as adopted by the European Parliament provides, as aforementioned, for a two-year term. 153 154

5  Copyright and the Press Publishers Right on the Internet: Evolutions and Perspectives

129

fer upon publishers of press publications an exclusive related right, prevailed. Indeed, the distinction between the qualification of press publishers as related rightholders and the establishment, by extension, of a presumption of ownership, is ­crucial provided that, inter alia, such a presumption can be reversed by evidence or expressly set aside by contract. In this regard, it could be said that the alternative concerning the protection of press publishers on the grounds of a transfer of rights is also incapable of addressing the needs of the publishing sector, while further entailing a number of risks; for instance, the fact that the transferee may not be endowed with the moral rights on the work. Prior to the introduction of a number of significant limitations to the press publishers’ right as incorporated into the final version of the text eventually adopted,159 two different alternatives were additionally proposed. The first took the form of a limitation to this new right per se, thus aligning it with a substantial investment to the circumstances that would run in accordance with the requirements of the sui generis right allocated to the maker of a database.160 The second one was to re-build the quotation exception under Article 5(3)(d) of the Infosoc Directive as a mandatory one.161 Lastly, the establishment of a regulatory framework that would be based on cooperation between the media and technology companies rather than confrontation,162 has been further provided as serving the creation of a sustainable business model for the press within the framework of digital transformation. Under this view, the ‘failure’ of the national precedent in respect of the publishers’ related right had clearly demonstrated that the establishment of mandatory and/or inalienable fees in relation to the distribution of digital information is a mistake. On the contrary, the cooperation model proposed included alternative initiatives through the implementation of projects such as the “Digital News Initiative”,163 the “Accelerated Mobile Pages Project”,164 and the “Facebook Journalism Project”.165 However, it could be stated that such cooperation-based initiatives are neither discouraged nor in any way precluded from the establishment of the right for publishers.

 Concerning, in particular, the reduced term of protection thus lasting only for two (2) years and the exclusion of isolated words or very short extracts of press publications from the scope of the right. 160  Recitals 19, 39, 41, 42, 44, 46, 49, 50, 51, 54, 55 and Articles 7–10 of the Directive 96/9/EC of the European Parliament and of the Council of 11 March 1996 on the legal protection of databases, OJ L 77/20. 161  Supra n. 104. 162  A digital agreement: The media and technology companies need to move forward together (2017). https://elpais.com/elpais/2017/03/24/inenglish/1490355715_551697.html. 163  https://newsinitiative.withgoogle.com/dnifund/. 164  https://www.ampproject.org/. 165  https://www.facebook.com/facebookmedia/blog/introducing-the-facebook-journalism-project. 159

130

M.-D. Papadopoulou and E.-M. Moustaka

5  Conclusions Since its inception, copyright law has struggled to find the appropriate equilibrium between diverging rights and interests. The transition to the digital era and the goals pursued therefrom, had signified the nature, scope, and depth of the copyright regime in a modernization process that inevitably implied complexities, harsh uncertainties and rather difficult decisions. Professors Lionel Bently and Valeria Falce demonstrated the objectives sought under this EU intervention. In particular, they underlined that the “goals are sound”, thus including, inter alia, the adaptation of copyright to the digital ecosystem and the challenges of new technologies, the strengthening of the effectiveness of rights, and the promotion of an enriched relationship between authors/publishers and the general public.166 Nonetheless, the pathway of this groundbreaking legislative intervention towards its approval and further implementation would be tortuous, being thus affected by contradictory perspectives even amongst the European institutions. Article 11 along with Article 13 of the Proposal constituted the substantive pillars of this controversy. It is noteworthy that the European Parliament's Committee on Culture and Education (‘CULT’) proposed, in its draft report of February 6, 2017, the fundamental revision of the proposal “if it was to be accepted by the Parliament”. In this regard, the Committee on the Internal Market and Consumer Protection of the European Parliament (‘IMCO’) suggested abandoning the press publishers right in its entirety because it “lacked sufficient justification and was not appropriate in achieving its objectives”.167 Despite the compromise attempts, the mandatory license fees for the digital use of press publications under Article 11 of the Proposal and the control—through automated content filtering technologies—over web platforms and internet service providers administering user-generated content under Article 13, became eventually the major impediments to the adoption of the Directive in its entirety. As already stated, these two provisions were strongly supported and simultaneously criticized by a wide range of stakeholders. On the one hand, the publishing sector168 and in general, content owners, pushed for their adoption along with European film and TV federations and thousands of artists, with Paul Mc Cartney and Placido Domingo featuring prominently in this debate. On the other hand, there were the leaders of the technological and digital world, such as Facebook and Google, and, in a broader sense, online platforms and news aggregation services, while internet users and civil liberties groups were also against this reform. Lastly, political representatives from various groups within the European Parliament were also divided.169  Rosati (2017b).  Karapapa (2018). 168  Including EMMA, ENPA, EPC, and NME. See more at: https://www.publishersright.eu/ background. 169  In this regard, more than a hundred members of the European Parliament called for the deletion of Article 11 of the Directive on copyright in the digital single market, requesting, in contrast, an “alternative, less invasive, and more proportionate solution to support quality journalism and freedom of the press in the digital age”. https://www.digitalagendaintergroup.eu/ more-than-a-hundred-meps-oppose-new-publishers-right/. 166 167

5  Copyright and the Press Publishers Right on the Internet: Evolutions and Perspectives

131

On July 5, 2018, the European Parliament voted against the compromise agreement of the new copyright regime that was previously adopted by the Committee on Legal Affairs of the European Parliament.170 It has been described as a “dramatic and surprising turn of events”171 which was paradoxically perceived as a victory for both tech global giants and digital rights activists who have played a key-role in this undeclared copyright war. This fight against the EU copyright law reform evolved into the “Save Your Internet from censorship and control” campaign, entailing street protests and an online collection of signatures procedure.172 On the opposite side, the critics of this EU intervention were accused of supporting ‘American First’ policies and the internet capitalism as represented by major US platforms. Provided that the Proposal was intended to prevent the unauthorized exploitation of works of the European creators on the internet, especially from the “giants of the Silicon Valley”, its opponents were accused of inexplicably obstructing the prevention of online copyright infringements through the establishment of fair remuneration rights.173 On the opposite side of the same coin, it was contested that only those targeted Big-­ Tech companies “such as Facebook, YouTube and Twitter are likely to remain open to users posting and sharing content freely”.174 Going back to the history of this long-lasting and adventurous overhaul, the European Parliament had first rejected the Proposal instead of initiating the so-­ called ‘fast track’ trilogue negotiation process.175 Consequently, the draft legislation returned to the drawing board and was subject to a sudden reevaluation process. It could be said that the still pending negotiation process for the United Kingdom’s departure from the European Union had also thwarted the adoption of this legislative initiative. The task was definitely not easy. Even at the very end, an amendment referring to the withdrawal of the debating components of the Directive including Articles 11 (i.e., Article 15) and 13 (i.e., Article 17), was rejected by just five votes.176 However, an end was eventually reached. The European Parliament voted in favor of this “bitterly divisive”177 legislative package that changes the status – quo of copyright law as adapted to the digital era. Providing for the five substantive evolutions that this copyright reform generates, while also demonstrating the equilibrium achieved, the European Parliament signified that: (a) internet platforms are now liable for the users uploaded content; (b) some uploaded material, such as memes or GIFs, are now specifically excluded from the scope of application of the rights adopted; (c) hyperlinks to news articles, accompanied by individual words or

 Supra n. 6; Standeford (2018); Keslassy (2018).  Supra n. 6. 172  See more at: https://juliareda.eu/2018/08/saveyourinternet-action-day/. 173  Lomas (2018). 174  Times Editorial Board (2019), Copyright holders win big in Europe, but at what cost?. https:// www.latimes.com/opinion/editorials/la-ed-eu-copyright-directive-20190327-story.html. 175  Pakenham-Walsh (2018). 176  Temperton and Reynolds (2019), Cafolia (2019) and Vincent (2019). 177  Anderson (2019). 170 171

132

M.-D. Papadopoulou and E.-M. Moustaka

very short extracts, can be shared freely; (d) journalists are now entitled to and must get a share of any copyright-related revenue obtained by their news publisher; and (e) start-up platforms are subject to lighter obligations.178 The International Publishers Association (‘IPA’) and the Federation of European Publishers welcomed the vote by manifesting the establishment of a necessary legal framework for publishers to be able to continue “investing in such a beautifully diverse industry”, while also underlining the significance of this decision for “European culture, innovation, access to knowledge and creativity”.179 The President of GESAC, the European Grouping of Societies of Authors and Composers, stated that this is an unprecedented and historic victory for European creators and democracy.180 In direct contradiction with this reaction, the opponents of the Directive insisted on fighting against its establishment, thus speaking of a sad or even a dark day for the freedom of internet.181 Within this context, wide demonstrations had taken place across Europe in opposition to this copyright reform182; it has been described as imposing an even more restrictive enforcement, failing, as such, to appropriately address and resolve the copyright issues involved in the digital era.183 On the other hand, this opposition as a whole was described as a “tide of misinformation”.184 Nonetheless, the Copyright in the Digital Single Market Directive is now a reality. Following its publication in the Official Journal, Member States have until June 7, 2021 to transpose the new rules to their national legal systems. As it has been respectively stated, that provides the time to “ensure maximum legal clarity” in the corpus of the Directive, and to “shield smaller European platforms from unintended consequences”,185 addressing, as such, the concerns and widespread implications that the new copyright regime profoundly implies. However, the strong debate surrounding the Directive had already removed at national level demonstrating that the implementation stage will be rather harsh. In France (being the first Member State to implement the new copyright regime), the upcoming entry into force of the national press publishers’ right received Google’s clear denial to pay any fees for the digital use of press content, further stating that it will not enter into any licensing agreement with publishers. Instead, a modification to the manner in which the relevant results will be displayed in the search-engine platform has been announced, meaning that no snippets nor short extracts from press publications will be provided  European Parliament. Press Release of 26 March 2019. http://www.europarl.europa.eu/news/en/ press-room/20190321IPR32110/european-parliament-approves-new-copyright-rules-for-theinternet. 179  Supra n. 184. 180  https://www.politico.eu/article/european-parliament-approves-copyright-reform-in-final-vote/.; http://authorsocieties.eu/mediaroom/338/33/Copyright-Directive-historic-victory-for-creators-andEuropean-democracy. 181  Bonnici (2019) and Wodecki (2019). 182  Heijmans (2019). 183  Ibid. 184  Grabham (2019). 185  https://www.ft.com/content/233528e2-4cce-11e9-8b7f-d49067e0f50d. 178

5  Copyright and the Press Publishers Right on the Internet: Evolutions and Perspectives

133

unless publishers tell “that’s they want”. Franck Riester, the French Minister of Culture, described the Google’s statement as “not acceptable”, underlining the need for a “global negotiation”. In addition, the tech-giant has been accused as “putting itself above the law”, while French publishers dictate that their loss of revenues in  the online advertising market comes up to €320 million euros per year.186 Notwithstanding the controversies and the new battles to be given at national level, this copyright overhaul consists of the “world-first legislation” that has recognized the need to strike a fair balance between conflicting rights and interests in the digital environment.187 For this reason alone, the 26th of March was a critical and historic moment for the EU legislation and the Union as a whole.

References Anderson P (2019) European Parliament votes in favor of controversial copyright directive. https:// publishingperspectives.com/2019/03/european-parliament-votes-in-favor-of-controversialcopyright-directive/. Accessed 26 Mar 2019 Bailey J (2018) Breaking down the new EU copyright bill: Article 11. https://www.plagiarismtoday.com/2018/06/26/breaking-down-the-new-eu-copyright-bill-article-11/ Bently L et al (2017) Strengthening the position of press publishers and authors and performers in the Copyright Directive. Policy Department for Citizens’ Rights and Constitutional Affairs: Directorate General for Internal Policies of the Union PE 596.810. http://www.europarl.europa. eu/RegData/etudes/STUD/2017/596810/IPOL_STU(2017)596810_EN.pdf Bonnici J (2019) ‘Sad day for internet freedom’  - controversial ‘meme killing’ EU copyright directive gets final rubber stamp from legislators. https://lovinmalta.com/news/news-politics/ sad-day-for-internet-freedom-controversial-meme-killing-eu-copyright-directive-gets-finalrubber-stamp-from-legislators. Accessed 27 Mar 2019 Cafolia A (2019) The EU just voted in a controversial, internet-changing law. https://www.dazeddigital.com/science-tech/article/43824/1/european-parliament-vote-in-article-13-11-copyright-law-meme-ban. Accessed 27 Mar 2019 Caldaza J, Gil R (2018) What do news aggregators do? Evidence from Google News in Spain and Germany. https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2837553. Accessed 25 Mar 2019 Cooke C (2019) The record industry comments on the bloody Copyright Directive. https://completemusicupdate.com/article/the-record-industry-comments-on-the-bloody-copyright-directive/. Accessed 27 Mar 2019 Danbury R (2016) Is an EU publishers’ right a good idea?’ Evaluating potentiallegal responses to threats to the production of news in a digital era, University of Cambridge Final report on AHRC project: Evaluating potential legal responses to threats to the production of news in a digital era. https://www.cipil.law.cam.ac.uk/sites/www.law.cam.ac.uk/files/images/www. cipil.law.cam.ac.uk/documents/copyright_and_news/danbury_publishers_right_report.pdf. Accessed 16 Feb 2019

 Khan, M., Murgia, M., and Barker, A., “Google under fire over not paying for news content in  Europe”, https://www.ft.com/content/a451ffda-df87-11e9-9743-db5a370481bc; Kayali, L., “Google refuses to pay publishers in France”, https://www.politico.eu/article/licensing-agreementswith-press-publishers-france-google/. 187  Cooke (2019). 186

134

M.-D. Papadopoulou and E.-M. Moustaka

Essers L (2014) German publishers capitulate and let Google post news snippets -- for now. https:// www.pcworld.com/article/2838252/german-publishers-capitulate-and-let-google-post-newssnippets-for-now.html Frosio G (2018) Reconciling copyright with cumulative creativity: the third paradigm. Edward Elgar Publishing, Cheltenham Grabham D (2019) What is Article 13? We explain the EU’s new copyright law. https://www. pocket-lint.com/gadgets/news/147585-what-is-article-13-we-explain-the-eu-s-new-copyrightlaw. Accessed 27 Mar 2019 Heijmans PJ (2019) Is European Parliament’s new copyright law an attack on free speech? Accessed 27 Mar 2019 Hernández P (2014) Key aspects of the new reform of the Spanish Copyright Act. http://copyrightblog.kluweriplaw.com/2014/11/10/key-aspects-of-the-new-reform-of-thespanish-copyright-act/ Hirche T (2015) GPTO rules on “tariff press publishers”. http://ancillarycopyright.eu/ news/2015-09-25/gpto-rules-tariff-press-publishers Hoppner T (2018) EU copyright reform: the case for a publisher’s right. Intellectual Property Quarterly 1/2018. Available via SSRN. https://ssrn.com/abstract=3081733 Hoppner T, Kretschmer M, Xalabarder R (2017) CREATe public lectures on the proposed EU right for press publishers. Eur Intellect Prop Rev 39(10):607–622. Available via SSRN. https://ssrn. com/abstract=3050575 Karapapa S (2018) The press publication right in the European Union: an overreaching proposal and the future of news online. In: Bonadio E, Lucchi N (eds) Non-conventional copyright: do new and non-traditional works deserve protection? Edward Elgar. Available via SSRN. https:// ssrn.com/abstract=3118457 Keller P (2015a) More evidence from Germany: ancillary copyright still not working. https:// www.communia-association.org/2015/10/19/more-evidence-from-germany-ancillarycopyright-still-not-working/ Keller P (2015b) Research confirms: new Spanish ancillary copyright is actually good for no one. https://www.communia-association.org/2015/09/09/research-confirms-new-spanishancillary-copyright-is-actually-good-for-no-one/ Keller P (2016) EU commission: yes, we will create new ancillary copyright for news publishers, but please stop calling it a “link tax”. https://www.communia-association.org/2016/08/25/ eu-commission-yes-will-create-new-ancillary-copyright-news-publishers-please-stop-callinglink-tax/ Keslassy E (2018) European Parliament rejects copyright reforms. https://variety.com/2018/ digital/news/european-parliament-rejects-copyright-reforms-1202865640/ Kretschmer M, Dusollier S, Geiger C, Hugenholtz PB (2016) European Copyright Society: answer to the EC Consultation on the role of publishers in the copyright value chain. https://europeancopyrightsocietydotorg.files.wordpress.com/2016/06/ecs-answer-to-ec-consultation-publishers-role-june16.pdf. Accessed 2 Mar 2019 Kreutzer T (2011) German copyright policy 2011: introduction of a new neighbouring right for press publishers? Comput Law Secur Rev (CLSR) 27:214–216 Kreutzer T (2016) How to solve the only specific problem of press publishers with copyright without an ancillary copyright. http://ancillarycopyright.eu/news/2016-11-23/ how-solve-only-specific-problem-press-publishers-copyright-without-ancillary-copyright Lomas N (2018) MEPs vote to reopen copyright debate over ‘censorship’ controversy. https:// techcrunch.com/2018/07/05/european-meps-vote-to-reopen-copyright-debate-over-censorship-controversy/?guccounter=1 Matulionyte R (2018) The right to published editions: historical lessons to be learned. https://ssrn. com/abstract=3168946

5  Copyright and the Press Publishers Right on the Internet: Evolutions and Perspectives

135

Nikolinakos N, Papadopoulou MD, Moustaka EM (2019) Enforcement of intellectual property rights in Greece. In: Petillion F (ed) Enforcement of intellectual property rights in the EU Member States. Intersentia, Cambridge, p 523 Pakenham-Walsh R (2018) Draft Copyright Directive in state of flux as European Parliament rejects controversial proposals. https://intellectualpropertyblog.fieldfisher.com/2018/draftcopyright-directive-in-state-of-flux-as-european-parliament-rejects-controversial-proposals Peukert A (2016) An EU related right for press publishers concerning digital uses. A legal analysis. Research Paper No. 22/2016 of the Faculty of Law, Goethe University Frankfurt am Main. https://www.eco.de/wp-content/blogs.dir/copyright_-legal-analysis.pdf Pfanner E (2012) Germany trying to cut publishers in on web profits. https://www.nytimes. com/2012/03/12/business/global/germany-trying-to-cut-publishers-in-on-web-profits.html Plantada RX (2014) A bill to amend the Spanish IP law. http://copyrightb l o g . k l u w e r i p l a w. c o m / 2 0 1 4 / 0 7 / 1 0 / a - b i l l - t o - a m e n d - t h e - s p a n i s h - i p - l a w / ? _ ga=2.113966087.1059966912.1535386652-1381027617.1524634272#goo gle Pomianowski J (2016) Toward an efficient licensing and rate-setting regime: reconstructing § 114 (i) of the copyright act. Yale Law J 125:7. Available via Digital Commons. https://digitalcommons.law.yale.edu/cgi/viewcontent.cgi?referer=https://www.google.com/&httpsredir=1&artic le=5753&context=ylj Priora G (2018) News aggregation and the reform of EU copyright law. https://cmds.ceu.edu/ article/2018-07-03/news-aggregation-and-reform-eu-copyright-law#_ftn5 Rauer N (2017) CJEU to rule on press publishers’ neighbouring right. https://www.limegreenipnews.com/2017/05/cjeu-to-rule-on-press-publishers-neighbouring-right/. Accessed Aug 2018 Rauer N, Shaw A, Thornton P (2018a) European Parliament votes to reject controversial Copyright Directive proposal. https://www.limegreenipnews.com/2018/07/european-parliament-votesto-reject-controversial-copyright-directive-proposal/. Accessed 8 July 2018 Rauer N, Shaw A, Thornton P (2018b) DSM Watch: the new Copyright Directive – recent developments on the proposed Ancillary Right for Press Publishers. https://www.hlmediacomms. com/2018/04/16/dsm-watch-the-new-copyright-directive-recent-developments-on-the-proposed-ancillary-right-for-press-publishers/ Rosati E (2013) What happened after the German Lex Google? Google News became opt-in. http://ipkitten.blogspot.com/2013/06/what-happened-after-german-lex-google.html Rosati E (2014) What is the recent Spanish IP reform all about copyright-wise?. http://ipkitten. blogspot.com/2014/11/what-is-recent-spanish-ip-reform-all.html Rosati E (2017a) Is the German press publishers’ right lawful? More details on the CJEU reference. http://ipkitten.blogspot.com/2017/10/is-german-press-publishers-right-lawful.html/ Rosati E (2017b) Waiting for the approval of the EU Directive on copyright in the Digital Single Market. http://ipkitten.blogspot.com/2017/09/waiting-for-approval-of-eu-directive-on.html Rosati E (2018) Sleepwalking towards a perpetual (news?) publishers’ right in online publications. http://ipkitten.blogspot.com/2018/05/sleepwalking-towards-perpetual-news.html Rosati E (2019) BREAKING: Agreement on DSM Directive reached in trilogue. http://ipkitten. blogspot.com/2019/02/breaking-agreement-on-dsm-directive.html. Accessed 13 Feb 2019 Schlosberg J (2017) Media ownership and agenda control: the hidden limits of the information age. Routledge, p 60 Standeford D (2018) European Parliament rejects starting negotiations on copyright reform proposal. http://www.ip-watch.org/2018/07/05/ european-parliament-rejects-starting-negotiations-copyright-reform-proposal/ Talke A (2017) The “Ancillary Right” for Press Publishers: the Present German and Spanish legislation and the EU proposal. http://library.ifla.org/1849/1/119%20talke%20en.pdf. Accessed 20 Nov 2017 Temperton J, Reynolds M (2019) The European Parliament has voted in favour of Article 13. https://www.wired.co.uk/article/eu-article-13-vote-article-17. Accessed 27 Mar 2019

136

M.-D. Papadopoulou and E.-M. Moustaka

Van Eechoud M (2017) Freedom of expression implications. In: A publisher’s intellectual property right: implications for freedom of expression, authors and open content policies. Instituut voor Informatierecht (IVIR). Available via OpenForum Europe (OFE). http://www.openforumeurope.org/wp-content/uploads/2017/01/OFE-Academic-Paper-Implications-of-publishersright_FINAL.pdf Van Eechoud M et al (2009) Harmonizing European copyright law: the challenges of better lawmaking. Kluwer Law International Van Gompel SJ (2017) Better regulation for copyright. The proposed publishers’ right in press publications: an evidential mistake. https://www.ivir.nl/publicaties/download/Publishersright_SvG.pdf. Accessed 25 Aug 2018 Vidal ÁG (2014) Key points of the amendmentto the Spanish Intellectual Property Act effected by Act 21/2014. https://www.ga-p.com/wp-content/uploads/2018/07/key-points-of-the-amendment-to-the-spanish-intellectual-property-act-effected-by-act-21-2014.pdf. Accessed 15 Nov 2018 Vincent J (2019) Europe’s controversial overhaul of online copyright receives final approval. https://www.theverge.com/2019/3/26/18280726/europe-copyright-directive. Accessed 27 Mar 2019 Vollmer T (2018) MEP Voss doubles down on worst elements of Article 11. https://www.communia-association.org/2018/03/29/mep-voss-doubles-worst-elements-article-11/ Whitmore NJ (2015) Extending copyright protection to combat free-riding by digital news aggregators and online search engines. Cathol Univ J Law Technol 24(1) Wodecki B (2019) EU Copyright Directive: a dark day for internet freedom? http://www.ippromagazine.com/ippromagazinenews/article.php?article_id=6603. Accessed 27 Mar 2019 Xalabarder R (2012) Spanish Supreme Court rules in favour of Google search engine and a flexible reading of copyright statutes? JIPITEC 3:162, para 1. https://www.jipitec.eu/issues/jipitec-3-2-2012/3445/xalabarder.pdf. Accessed 17 Nov 2018 Xalabarder R (2014) The remunerated statutory limitation for news aggregation and search engines proposed by the Spanish Government – its compliance with International and EU Law. http://in3-working-paper-series.uoc.edu/in3/en/index.php/in3-working-paper-series/article/ download/2379/2379-8583-1-PB.pdf. Accessed 12 Oct 2018

Chapter 6

Author’s Right to Choose: Right of Divulgation in the Online Digital Single Market of the EU Branka Marušić

Abstract  This chapter provides an analysis in the material scope of application of the moral right of divulgation and the economic right of communication to the public in the EU’s digital single market. The aim is to bring forward arguments why the application of both rights should only be addressed through the protection afforded by the economic right. The rationale behind this is that the right of divulgation, as a moral right of the author, and the right of communication to the public, as an economic right of the author, both share the same trigger point for their application. This trigger point consists of the author’s choice in sharing her or his work with the public, in which the author of the work also chooses the manner, shape and place where this sharing will occur. Unlike the economic right of communication to the public, which has been harmonised in the EU, the right of divulgation, as a moral right is deeply rooted in the national legislative and judicial interpretation of the Member States that recognise this moral right of the authors. In line with this and for this chapter, analysis of the material scope of the application of the right of divulgation is evaluated through the monistic and dualistic approach to the regulation of copyright, and the jurisdictions that are analysed are primarily France and Germany. Against this background, the analysis in the chapter provides for overlapping interpretational criteria of both rights that encompass an act of sharing, the definition of what the public is, and what the modes of dissemination of work are.

1  Introduction The right of divulgation, as a moral right of the author, and the right of communication to the public, as an economic right of the author, both share the same trigger point for their application. This trigger point consists of the author’s fundamental choice of sharing her or his work with the world and public at large, in which the B. Marušić (*) Department of Law, Stockholm University, Stockholm, Sweden e-mail: [email protected] © Springer Nature Switzerland AG 2020 T.-E. Synodinou et al. (eds.), EU Internet Law in the Digital Era, https://doi.org/10.1007/978-3-030-25579-4_6

137

138

B. Marušić

author of the work not only chooses to disclose her or his work but also the manner, shape and place where this sharing will occur. Unlike the right of communication to the public, which has been harmonised in the European Union (EU), the right of divulgation, as a moral right is deeply rooted in the national legislative and judicial interpretation of the Member States that recognise this moral right of the authors. In very general terms, the right of divulgation in France entails making the work knowable to the public.1 In Germany, this right entails that the work has been publicly disclosed if it has been made available to the public with the consent of the right holder.2 The right of communication to the public, as harmonised in the EU under the InfoSoc Directive,3 entails the right to authorise or prohibit any communication to the public of works, by wire or wireless means, including the making available to the public of works in such a way that members of the public may access them from a place and at a time individually chosen by them. This chapter provides an insight to the material scope of the application of the right of divulgation and the right of communication to the public to bring forward arguments, why the application of both rights should only be addressed through the protection afforded by the economic right. The rationale behind the above statement is that since there exist fundamental connecting points in the material scope of application and interpretation of these rights, the right of communication to the public absorbs the right of divulgation, thus making the specific assessment of this moral right redundant. However, several qualifications need to be made. Firstly, the meaning of the material scope of application refers to the extent of the subject matter of both rights and the interpretation of their meaning by relevant courts. Secondly, in the EU, the economic right of communication to the public has been harmonised, whereas the right of divulgation as a moral right is defined by the national laws of the Member States that recognise this right. Consequently, the interpretation of the right of communication to the public is made by the Court of Justice of the European Union (CJEU), whereas the interpretation of the right of divulgation is done by national courts. Thirdly, since the material scope of the application of the right of divulgation is contingent on the national framework provided for this right, the definition of what this right entails is subject to change, depending on the jurisdiction in which we observe it. It should be noted that no single term can, with clear precision, provide a holistic definition and meaning of this right, since it is interdependent on the legal cultures and different theoretical postulates. Therefore, this chapter will attempt to observe the concept of the right of divulgation through the jurisdictions that have embraced the monistic and dualistic approach to regulation of copyright to define some common ground for the material scope of application of this right.  See Adeney (2006), pp. 192–193.  See Dietz and Peukert (2016) in Davies and Garnett (2016), pp. 472–473. 3  Directive 2001/29/EC of the European Parliament and of the Council of 22 May 2001 on the harmonisation of certain aspects of copyright and related rights in the information society, OJ L 167 (InfoSoc Directive). 1 2

6  Author’s Right to Choose: Right of Divulgation in the Online Digital Single Market…

139

Lastly, although the right of divulgation, as interpreted by national law, can also be viewed through the prism of other economic rights, such as the right of distribution or the right of reproduction, this chapter will concentrate on the right of communication to the public, since the connecting points of the material scope of the application are closely intertwined and the interpretation of these rights both on the EU level and national level have significant overlaps. Against this background, two issues pertaining to the right of divulgation, as a moral right and the right to communicate the work to the public, as an economic right need to be delineated. The right of divulgation is a specific moral right which is not harmonised either on an international level or on the EU wide level.4 This right was specifically excluded from the remit of Article 6bis of the Berne Convention5 during the Rome Revision Conference6 where it was stated that this right involved balancing of the authors interest against the interest of the person to whom economic rights were transferred, often the publisher, and might lead to a conflict between the two. Therefore, these questions were outside of the Berne Convention. It was noted by some academics that the exclusion of this right from the remit of the Berne Convention was done because of the practical impossibility of finding a workable definition that would be generally accepted.7 The effect of the exclusion of this right on an international level early on, resulted in other international treaties that refer to the Berne Convention and establish moral rights for related rights, such as the WCT,8 and WPPT9 to exclude this right from their scope of application. Furthermore, two additional issues need to be highlighted here, the first being that on the level of World Trade Organization (‘WTO’) moral rights are excluded from the scope of protection by virtue of Article 9 of the TRIPs Agreement,10 and the second being that moral rights are not harmonised on the EU level by virtue of their exclusion from the harmonisation by the EU legislator.11 This in turn results  See Adeney (2006), pp. 115–159 and Davies and Garnett (2016), pp. 41–78.  Berne Convention for the Protection of Literary and Artistic Works (Paris Act of 24 July 1971 as amended on 28 September 1979) (Berne Convention). 6  Actes de la Conférence réunie à Rome du 7 mai au 2 juin 1928 (Berne: Bureau de l’Union international pour la protection des œuvres littéraires et artistiques, 1929) (Rome Actes), p. 202. 7  See Strömholm (1967), p. 86. 8  World Intellectual Property Office Copyright Treaty, adopted on Dec. 20, 1996, WIPO, Doc. CRNRIDC/94 (WCT). 9  WIPO Performances and Phonograms Treaty, adopted on Dec. 20, 1996, S. Treaty Doc. No. 10517, 36 ILM 76 (1997) (WPPT). 10  Agreement on Trade-Related Aspects of Intellectual Property Rights, adopted on Apr. 15, 1994, Marrakesh Agreement Establishing the World Trade Organization, Annex 1C, The Legal Texts: The Results of the Uruguay Round of Multilateral Trade Negotiations 320 (1999), 1869 U.N.T.S. 299, 33 I.L.M. 1197 (1994). 11  See SEC (2004) 995 of 17 July 2004, Commission Staff Working Paper on the review of the EC legal framework in the field of copyright and related rights, par. 3.5; InfoSoc Directive, Rec. 19; Directive 96/9/EC of the European Parliament and of the Council of 11 March 1996 on the legal protection of databases, OJ L 77 (Database Directive), Rec. 28; Directive 2011/77/EU of the European Parliament and of the Council of 27 September 2011 amending Directive 2006/116/EC on the term of protection of copyright and certain related rights, OJ L 265 (Term Directive), Rec. 21 and Art. 9. 4

5

140

B. Marušić

to the fact that the right of divulgation is regulated on a national level of Member States of the EU. However, for this chapter, analysis of the material scope of the application of the right of divulgation will be evaluated through the monistic and dualistic approach to the regulation of copyright. For illustrative purposes, jurisdictions that will be analysed are primarily France and Germany. The choice of these two jurisdictions seems apt in the evaluation of coexistence of this right with the EU wide harmonised right of communication to the public since they demonstrate the two circles of influence in Europe in addressing the meaning and scope of the right of divulgation. France represents the circle of influence with a dualistic approach to copyright, which made its way to the enactment of Article 6bis of the Berne Convention.12 This dualistic approach views protection of moral rights independently of economic rights, and as such they can be exploited independently of each other.13 Germany represents the circle of influence with a monistic approach to copyright, which considers both moral and economic rights as inseparable from each other. This interdependence of the two is visible through the fact that exclusive economic rights are viewed as serving the authors personal and intellectual interests and, at the same time, personal moral rights serve her or his economic interest.14 The second delineation concerning the right of communication to the public focuses on the harmonised rule made on the EU level that would cater to an exclusive economic right of the right holder tailored for the online digital single market. Similarly, to the right of divulgation, the right of communication to the public concerns itself with the initial choice of the author to either share the work with the public or keep the work for herself or himself. The legal concept of the economic right of communication to the public, including making the work available to the public was introduced in the EU legal framework with the implementation of the InfoSoc Directive, which in turn implemented for the territory of the EU the WCT and TRIPs Agreement. The difference between making available to the public and communication to the public is that the right of making available, firstly introduced in Article 8 of the WCT, was to supplement the provisions of the Berne Convention concerning communication to the public. This is done by conferring an exclusive right of communication to the public for authors of all kinds of works, in so far as that right is not already conferred by the Berne Convention.15 Furthermore, the CJEU in its interpretation of making the work available to the public, stated that the concept of ‘making available to the public’, forms part of the wider ‘communication to the public’.16 This right, therefore, confers a right to authorise ‘any communication to the public of works, by wire or wireless means’ and is more suited for the online digital market.

 See Ulmer (1960), p. 101.  See Lucas et al. (2012). 14  See Davies and Garnett (2016), p. 24. 15  See Reinbothe and Von Lewinski (2002), pp. 105–107 and Ficsor (2002), pp. 494–495. 16  CJEU, C More Entertainment AB v Linus Sandberg, Case C-279/13, Judgment of 26 March 2015, par. 24. 12 13

6  Author’s Right to Choose: Right of Divulgation in the Online Digital Single Market…

141

To exemplify the difference, it could be stated that the regulative framework of the right of communication to the public was designed for ‘linear’ communication. The mechanisms of that communication model rest on the fact that the signal is ‘pushed’ to the recipient who can only receive it (or not) at the time it is communicated. In that model, it is relatively easy to determine when the communication took place, from whom it originates and who are its recipients. This is also the traditional model according to which radio and television broadcasting operate. With the advent of new technologies, specifically the arrival of television on demand (‘video on demand’) and then the internet, a new manner of communication appeared, whereby the content of the communication is merely made available to potential users, who can receive it when and where they wish to. The mechanisms of that communication model, rests on the fact that only when the user decides to receive the content the signal is actually communicated to him or her (‘pulled by the recipient’).17 These two delineations put forward the fact that in certain jurisdictions in the EU, there exist two sets of rights that have similar triggers to their application. Both the economic right to communicate one’s work to the public, and the moral right of divulgation have as an underlying presumption the author’s fundamental choice of sharing the work with the public, and as previously mentioned, the author of the work may choose to disclose her/his work and also the manner, shape and place where this sharing will occur. The setting chosen for the analysis of the intertwined modalities of these rights is the online digital single market of the EU in the light of the new development of case law of the CJEU. More specifically, in the recent case of GS Media,18 the CJEU ventured into the assessment of how to define parameters of the right of communication to the public, against a factual setting where photographs have been shared via a link that directed a user to an online storage platform. What was interesting about this case is that these photographs were shared before their disclosure to the general public in the Playboy magazine. Although the CJEU could only discuss the economic right pertained in the case, the question remains how would the assessment of the moral right of divulgation be made under the monistic and dualistic jurisdictions that have the right of divulgation in their respective legislation. This chapter is divided into three parts. The first part discusses the dualistic and the monistic approach to regulating copyright and how does that legal framework intertwine with the application of both the moral right and the economic right (Sect. 2). The second part discusses the peculiarities of the harmonised right of communication to the public, including making the work available to the public in the EU (Sect. 3). The third part discusses the conclusions on the coexistence of these rights in the EU’s digital market (Sect. 4).

 Opinion of Advocate General Maciej Szpunar in Stichting Brein, C 610/15, Opinion of 8 February 2017, paras. 32–33; See also Von Lewinski and Walter (2010), pp. 973–980. 18  CJEU, GS Media BV v Sanoma Media Netherlands BV and Others, Case C 160/15, Judgment of 8 September 2016. 17

142

B. Marušić

2  D  ualistic and Monistic Approaches in Regulation of Copyright The simple idea of copyright is to protect the creations of a human mind. This protection can be either viewed through the natural rights theory under which the author should be protected because he or she deserves it,19 or through the reward theory20 that states that the author should be rewarded, and it is good public policy to protect authors’ creations. The author’s creations, expressed through artistic and literary works represent the manifestation of the author’s mind to the public. It is both the demonstration of work and discipline that goes into shaping one’s mind, and an invitation to the intimate inner sphere of the author’s perception of the world. In legal protection of copyright, in general, these two aspects are protected through economic and moral rights afforded to the author. The purpose of economic rights is to safeguard the labour and discipline that is used to create a work and incentivise him or her to continue in artistic endeavours. The invitation to the intimate inner sphere of the authors’ mind is protected by moral rights, which in the most general sense as understood in copyright law, are a specific legal device that allow certain creators of works to control the treatment and presentation of their work to others.21 In their very core, they are used as a safeguard of non-economic interests that arise in the creative industries. In regulating copyright, the approach on how to view the application of these two rights can be roughly placed into two doctrinal settings. The first one is the dualistic approach, in which in general, the moral rights and economic rights are governed by separate legal regimes. Here, the moral rights are seen as a manifestation of personality rights, whereas the economic rights are seen as a type of property rights. For illustrative purposes, the analysis of the dualistic approach to regulating copyright and with it the right of divulgation, as a moral right, and the right of communication to the public, will be primarily focused on the French model. However, this will be supplemented by other solutions from other dualistic models, such as Belgian, Italian and Greek models. It should be noted here, that there is a visible trend in Europe, that dualistic approaches to copyright tend to merge the right of divulgation, as a moral right to the economic right of communication to the public. This has been done for example by the Nordic countries (Sweden, Denmark, Norway, Iceland, Finland),22 the Netherlands23 and the United Kingdom.24

 See Locke (1689/1988), vol. 2, chapter 5, Hughes (1988), p. 287, Yen (1990), p. 517 Gordon (1993), p. 1533. 20  See Landes and Posner (1989), p. 325, Gordon (1989), p. 1343. 21  See Adeney (2006), p. 1. 22  See Axhamn (2016), pp. 608–612. 23  See Grosheide (2016), pp. 586–588. 24  See Davies and Garnett (2016), p. 83. 19

6  Author’s Right to Choose: Right of Divulgation in the Online Digital Single Market…

143

The second approach to regulating copyright is the monistic approach in which both economic and moral rights are seen as a part of the same legal regime and are not separated as such. They are also not, in general, part of the property concept.25 From a theoretical point of view, they are considered to be an emanation of the personality of the author, and in line with that copyright is viewed to be of a mixed nature. Accordingly, monistic theorists attribute equal importance both to the personality of authors and economic aspects of copyright, and see copyright protection rather as a right sui generis, neither purely personal nor purely economic right.26 For illustrative purposes, the analysis of the monistic approach to regulating copyright will be primarily focused on the German model. However, solutions from Austria and Hungary will also be presented. It should be highlighted that there exist jurisdictions in Europe, which also recognise the right of divulgation, such as Spain, Portugal, Czech Republic, Slovakia and Luxembourg. However, these jurisdictions have a mixed monistic and dualistic approach to copyright regulation, and, therefore, will not be analysed. The mixture of both models in their respective regulative frameworks occurred either by these jurisdictions starting in monistic model, and then adopting solutions from the dualistic model, such as Czech Republic and Slovakia,27 or starting in the dualistic model and then adopting solutions from the monistic model such as Luxembourg.28 Additionally, Spain and Portugal mix of the two models derives from their constitutional setting in regulation of copyright.29 In line with this, the conceptual shift in observing copyright, as well as constitutional traditions of these jurisdictions, do not provide for a clear delineation that could be used as a ground for comparisons of modalities how the right of divulgation developed through time. Against this background, the dualistic and the monistic approach to regulating the right of divulgation will be presented in line with the coexisting economic right made on the EU level. The analysis of the dualistic and the monistic approaches to the right of divulgation will concentrate on three issues, the first issue is what this right entails, the second issue is the exhaustion of this right, and the third issue is the possible conflicts that might occur when we have a factual situation in which both rights can be employed.

 See Schricker (2017), p. 4.  See for discussions Adeney (2006), pp.  221–224, Allfeld (1902), p.  113, Ulmer (1980), pp. 147–148. 27  Leška and Štechova (2016), pp. 373–375. 28  See Bungeroth (1977), p. 4. 29  See Akester (2016), pp. 637–639 and Buganza (2016), pp. 657–659. 25 26

144

B. Marušić

2.1  Dualistic Approach As previously stated, the analysis of the dualistic approach to regulating the right of divulgation will primarily focus on the French model. This is so since France is oftentimes referred to as the modern-day birth place of moral rights.30 Without going into a deeper analysis of the reasons for the existence of moral rights and their exercise by the French courts, few general introductory lines will be made. The path of recognition of moral rights in France was said to be made by the courts, rather than the legislation. As early as 1814, a judgement was made on the protection of moral rights by the Civil Tribunal of the Seine,31 and the first judgment concerning the right of divulgation was made by the Court of Appeal of Paris in 1828.32 As stated above, the theory of authors’ rights in France is generally considered to be dualistic in nature, which in turn means that the moral rights and economic rights are governed by separate legal regimes.33 The economic rights are seen as a type of property rights, while the moral rights are seen as belonging to personal rights.34 By this, moral rights are considered a flexible tool by which the courts enforce these rights considering the type of work, the level of originality, number of authors involved, while having in mind the economic and other interests that might come into play.35 Since the duality of copyright protection, the moral rights are seen as perpetual, inalienable and imprescriptible in their nature. When it comes to the right of divulgation, some authors argue that although not strictly prescribed to be perpetual by legislation, the right still retains that quality,36 since the idea is that the author can divulge its work whenever he wants to. This view is quite peculiar for France and Italy, whereas other dualistic models have a more moderate view on moral rights, such as providing same term of duration for both economic and moral rights (not making them perpetual).37 Regarding the inalienability of the right, this right cannot be transferred to others, and regarding the imprescriptible aspect (i.e. that the right cannot lapse or be lost to non-use), this was viewed to be a general nature of moral rights.38 As indicated before, the right of divulgation is only ascribed to the author, and not the right holder of neighbouring and related rights. The right of divulgation found in Article L. 121-2 of the CPI39 entails making the work knowable to the public. On the other hand, the Greek model is more specific  See Strömholm (2002), pp. 224–225, Davies and Garnett (2016), p. 4.  Tri. Civ. Seine, Billecocq v Glendaz (1814). 32  CA Paris, Affaire Vergne (1828). 33  See Adeney (2006), p. 170. 34  See Caron (1998), pp. 121–122. 35  See Frabboni (2016a), p. 417. 36  See Caron (1998), p. 84. 37  For example, Belgium, Greece, Netherlands, Nordic countries. 38  See Adeney (2006), p. 169. 39  Code de la propriété intellectuelle (2018) https://www.legifrance.gouv.fr/affichCode.do?cidText e=LEGITEXT000006069414. (CPI). 30 31

6  Author’s Right to Choose: Right of Divulgation in the Online Digital Single Market…

145

in stating that the right of divulgation entails the right to decide on the time, place and manner in which the work will be accessible to the public.40 The Italian model does not seem to have a statutory definition of the right of divulgation, and this right is more merged with the economic right to publish one’s work. Yet courts had recognised it for heirs to oppose unauthorised publications of unpublished works.41 As was stated in one of the first French judgments about the right of divulgation, the nature of this right lies in the fact that the ‘author remains the judge of the opportunity of publication of her or his work’.42 In its nature, this right is a positive right, meaning that it allows the author to do more than simply react against the unauthorised acts of others. The authors, and their heirs, are also entitled to choose when, where and under what circumstances the work should be made public, and the author may refuse to make the work public. However, this is not an authorial right to force publication.43 These characteristics are also mirrored in the Belgian model.44 On the exhaustion of the right of divulgation, in France and Belgium,45 it is considered that the right of divulgation is a right of first divulgation. Once the author has exercised the right and divulgation took place, the right has been exhausted. However, the right will not be exhausted if the work was divulged without the author’s consent. It should be noted that there are different opinions whether the exercise of this right or the act of divulgation takes place; at the point when the author decides to divulge or at the point of physical divulging (presuming the intention to divulge is present).46 To add to the complexity, there is a discussion whether a new type of disclosure is a first disclosure. Some commentaries, as well as courts, were inclined to rule that divulging in a different form or medium or context will be a new disclosure for purposes of protection.47 In the Belgian model, the new type or a form of divulgating (such as a different medium) requires the author’s authorisation.48 However, if the work was divulged online, then changing the provider through which the work has been divulged (for example Google News uses clips from newspaper articles), is not considered a new medium, since the divulgation occurs on the Internet.49 This outlook is quite similar to the reasoning of the CJEU in its interpretation of the application of economic right on the Internet.50 In the Greek model, the  See Stamatoudi (2016), p. 499 and the footnotes contained therein.  See Frabboni (2016b), pp. 554–555. 42  CA Lyon, Lacordaire v Marle (1845). 43  See Adeney (2006), pp. 192–193. 44  See Torremans (2016), p. 360. 45  See Adeney (2006), pp. 192–193, Torremans (2016), p. 360. 46  See Adeney (2006), p. 194. 47  Ibid. 48  See Lips et al. (1998), p. 107. 49  See Torremans (2016), p. 360 and the footnotes contained therein. 50  See CJEU, Nils Svensson and Others v Retriever Sverige AB,Case C 466/12, Judgment of 13 February 2014, paras. 25-27; CJEU, BestWater International GmbH v Michael Mebes and Stefan Potsch, C 348/13, Order of 21 October 2014, par. 16. 40 41

146

B. Marušić

right of divulgation requires a new authorisation for every new type or a form of divulgating.51 The Greek model also entails the notion of a public, which is to be understood as encompassing any circle of persons larger than the narrow circle of family and friends.52 What is interesting here is the fact that here we do not assess whether the act of divulging was made public, but also the possibility of divulging the work.53 In practice, this means that the assessment in the infringement of this right would not only focus on the actual act of divulging, but also whether access is being made to the work, meaning that the fact whether recipients avail themselves to the possibility of consuming the work is irrelevant. Both these criteria closely resemble the criteria used to assess the right of communication to the public put forward by the CJEU. Regarding the public, the CJEU stated that the underlying idea is the public’s ability to receive the copyrighted work, and not the mere consumption of the work itself,54 meaning that we need to address the possibility of the consumption. Regarding the size of the public, the CJEU used the formula of an indeterminate number of potential viewers,55 which implies a fairly large number of persons. Two conclusions come to forefront. The first is that the right of divulgation, because of the dualistic nature of copyright protection, will coexist at the same time as the right of communication to the public. The second is that there are two connecting points of these rights. The first connecting point is the prerequisite to have obtained the consent of the author to disclose the work to the public, and the second is the manner in which the work is disclosed to the public. Unlike communication to the public, the right of divulgation is an exhaustible right, meaning that once the work is divulged, the author cannot claim protection. However, unlike the communication to the public, this right is perpetual in its nature (in France and Italy) and non-alienable. This means that even if the economic right has been transferred, the moral right could be used to prevent the disclosure of the work. This is even more so considering that different forms of disclosure (different mediums or infrastructures) can be viewed as a new type of disclosures. In the Belgium model, even if the author disclosed the work, the editor cannot exploit the

 See Stamatoudi (2016), pp. 497–498 and the footnotes contained therein.  See Stamatoudi (2016), p.  498, Court of First Instance, Athens, Decision No. 24610/2004, Private Law Annals (2006), p.  929, Court of First Instance, Athens, Decision No. 20669/1998, Commercial Law Review (1999), p. 153. 53  See Stamatoudi (2016), pp. 497–498 and the footnotes contained therein. 54  CJEU, Lagardère Active Broadcast v Société pour la perception de la rémunération équitable (SPRE) and Gesellschaft zur Verwertung von Leistungsschutzrechten mbH (GVL),Case C 192/04, Judgment of 14 July 2005, par. 30. 55  See CJEU, Mediakabel BV v Commissariaat voor de Media, Case C 89/04, Judgment of 2 June 2005, par. 30; CJEU, Lagardère Active Broadcast v Société pour la perception de la rémunération équitable (SPRE) and Gesellschaft zur Verwertung von Leistungsschutzrechten mbH (GVL),Case C 192/04, Judgment of 14 July 2005, par. 31; CJEU, Sociedad General de Autores y Editores de España (SGAE) v Rafael Hoteles SA, Case C 306/05, Judgment of 7 December 2006, par. 37. 51 52

6  Author’s Right to Choose: Right of Divulgation in the Online Digital Single Market…

147

work without an agreement on the exploitation (contract of alienation of rights),56 which makes this right a preventive tool for the author to block dissemination.

2.2  Monistic Approach The focus of the analysis of the monistic approach will be on the German model. The monistic approach signifies that both economic and moral rights are considered essential part of the subject matter of copyright as a whole. This in turn creates a situation where these rights are time barred, just as the EU harmonised economic right, and leads to the fact that although the right of divulgation is only ascribed to the author (and not to the right holders of neighbouring and related rights) and is inalienable, it can be exercised, in line with the authors interest and expressly authorised by the author, on her or his behalf or even in her or his name when there has been an infringement, for example by contractual partners of the author such as publishers.57 However, unlike the French model, the right of divulgation might be exercised expressly or by implication. The exercise by implication is quite important here, since it will practically always be implied by the transfer of economic rights to another party, if the exploitation of those economic rights necessary entail the divulging of work.58 The main question is what does the right of divulgation entails in Germany. Firstly, it should be mentioned that the German Bundesgerichtshof has described this right to be in its nature an authorial right which is also commercial.59 Therefore, it recognised the monistic approach of intertwining of economic and moral aspects of copyright. In general, the right of divulgation states that the work has been publicly disclosed if it is made available to the public with the consent of the right holder.60 In essence, the broader the definition of a public to which the work is divulged, the more limited the authorial rights are and the sooner they can be exhausted. It has been an issue of disagreement what public disclosure is. In the view of some commentaries,61 the term public entails when it is intended for a plurality of persons, no matter whether the group of persons is limited in some particular way and whether they are bound together through mutual relationship to the person carrying the act of divulgation. The dominant opinion62 is, however, that the work is publicly disclosed if it is made available to everyone without a limitation. This means that if a group of persons have a personal connection to each other, they

 See Torremans (2016), pp. 364–365.  See Dietz and Peukert (2016), pp. 462–463; Adeney (2006), pp. 230–231 and 269. 58  See Adeney (2006), p. 235. 59  BGH [1955] GRUR 201, Cosima Wagner. 60  See Dietz and Peukert (2016), pp. 472–473. 61  See Nicolini and Ahlberg (2018), p. 252. 62  See Dietz and Peukert (2017), p. 262. 56 57

148

B. Marušić

would not constitute a public in the relevant sense.63 This view resembles closely the definition of the public made by the CJEU in the line of cases pertaining to the economic right of communication to the public, where the CJEU stated that public consists of an indeterminate number of potential viewers,64 which implies a fairly large number of persons in general, that is not restricted to specific individuals belonging to a private group. However, some authors claim that the public may be represented by one person (such as a publisher), provided that he or she is not connected by personal relationship with the author.65 Furthermore, the right of disclosure also gives the author the permission to control the disclosure of her or his work to third parties, within a clearly defined group, until the time the author releases it to the open public.66 This is not problematic in the Hungarian model, which views the term public quite narrow and almost equalises it with the act of divulgation itself. In the Hungarian model, even one person, e.g. a licensed user, can be regarded as a public, if the work came to her or him into a lawful possession.67 The Austrian model, similarly to the Greek model, uses more precise terms and defines the right of divulgation as the authors exclusive right to decide whether, by whom and how her or his work will be made accessible to the public.68 However, this right is not explicitly stated in the statutory provisions, but it forms a part of rights of utilisation, which essentially means that the author through the authorisation of communication, consumes the divulgation right.69 Similarly to the French, Belgian and Greek model, the question also arises what forms of disclosure need to be made for the right of divulgation to apply. Here, the possible forms of acts of divulging can be practically unlimited. In the online arena, it has been advanced that the act of divulging takes place if a file is uploaded onto a server and thereby made available on the Internet. This is also true for placing material on a website or posting it to a newsgroup.70 As in the French model, on the exhaustion of the right of divulgation, it is considered that the right of divulgation is a right of first divulgation. However, the question still remains, what does the term first divulgation include. There are two differing opinions on this. The first opinion71 is that the right of divulgation is exhausted by first disclosure, as long as the act of divulging has been made with the author’s consent, and it is a decision which can be only made once. The second opinion72 is more in line with the EU harmonised economic right of communication to the public, which states that the right of divulgation covers any occasion that the  See Adeney (2006), p. 233 and the footnotes contained therein.  See Mediakabel BV v Commissariaat voor de Media, par. 30. 65  See Dietz and Peukert (2016), pp. 472–473. 66  Ibid, p. 473 and the footnotes contained therein. 67  See Faludi (2016), p. 528 and the footnotes contained therein. 68  See Kucsko (1995), p. 43. 69  See Dittrich and Kucsko (1981), p. 20. 70  See Adeney (2006), p. 233 and the footnotes contained therein. 71  See Müsse (1999), p. 104. 72  See Dietz and Peukert (2017), p. 266. 63 64

6  Author’s Right to Choose: Right of Divulgation in the Online Digital Single Market…

149

work is released in the public sphere. A more moderate view, and more in line with the French view, concentrates on the medium or the form of divulging, i.e. if a work has been divulged through printed book, the right is still not exhausted for divulging the work through a film. In this sense, the first divulgation means the divulgation for a specific purpose. Unlike the French model, there is no bone of contention whether divulging occurs with the consent of the author to divulge or the act itself; the act of divulging exhausts the right.73 From the above mentioned, two conclusions come to forefront. The first is that in defining whether the right of divulgation occurs, similar to the right of communication to the public, one needs to define what does the concept of the public entail. Secondly, similar to the French model, the right of divulgation will coexist with the right of communication to the public. However, unlike the French model, the possible employment of the consent of the author for every time the work is divulged can create parallel authorisation schemes. The auto corrective measure for this would be that the consent for the exercise of the right of divulgation is practically always implied by the transfer of economic rights to another party, if the exploitation of those economic rights necessary entail the divulging of the work (both in German model and the Austrian model).

3  C  ommunication to the Public: Contours of a Harmonised Economic Right In addressing the contours of the right of communication to the public, three issues need to be highlighted. The first issue is that the concept of communication to the public on the EU wide level was harmonised as a part of incorporation of international obligations deriving from international agreements to which either the EU or its Member States were a party to. There are five international agreements that are most relevant in the inception of this concept, and these are the Berne Convention,74 the WCT,75 the Rome Convention,76 the WPPT77 and the TRIPs78 Agreement. The subject matter of these agreements revolves around copyright protection in the  See Adeney (2006), pp. 234–235 and the footnotes contained therein.  Berne Convention for the Protection of Literary and Artistic Works (Paris Act of 24 July 1971 as amended on 28 September 1979) (Berne Convention). 75  World Intellectual Property Office Copyright Treaty, adopted on Dec. 20, 1996, WIPO, Doc. CRNRIDC/94 (WCT). 76  1961 Rome Convention for the Protection of Performers, Producers of Phonograms and Broadcasting Organizations [1992] ATS 29 / 496 UNTS 43 (Rome Convention). 77  WIPO Performances and Phonograms Treaty, adopted on Dec. 20, 1996, S. Treaty Doc. No. 10517, 36 ILM 76 (1997) (WPPT). 78  Agreement on Trade-Related Aspects of Intellectual Property Rights, adopted on Apr. 15, 1994, Marrakesh Agreement Establishing the World Trade Organization, Annex 1C, The Legal Texts: The Results of the Uruguay Round of Multilateral Trade Negotiations 320 (1999), 1869 U.N.T.S. 299, 33 I.L.M. 1197 (1994). 73 74

150

B. Marušić

broad sense and copyright protection in the narrow sense. This differentiation already points to the dispersion of the concept of communication to the public. This is not only in terms of the fact that it is placed in different legislative instruments but also that it has variable material scope depending on the type of work which is attached to (authorial or entrepreneurial) or the beneficiary of this right (author or for example a performing artist). This dispersion of the concept was mirrored in the harmonising efforts in the EU. By way of clarification, copyright protection in a narrow sense provides to the author protection for her or his economic and moral rights, and is embodied in the Berne Convention and WCT. Copyright protection ascribed to so-called copyright neighbouring and related rights does not encompass the full scope of copyright protection afforded to original works, but a limited one. The neighbouring and related rights protect rights of performing artists, economic investments of phonogram, as well as broadcasting organisations. Together with the copyright protection in the narrow sense, this type of protection forms copyright in a broad sense.79 On the international level, this copyright protection is embodied in the Rome Convention and WPPT. The TRIPs Agreement is an overarching international agreement, that— in a general manner—encompasses and references some of the above mentioned international agreements. The directives that implement the concept of communication to the public, deriving from the aforementioned international agreements are the SatCab Directive,80 the Rental and Lending Rights Directive,81 and the InfoSoc Directive. Generally speaking, the SatCab Directive and the Rental and Lending Rights Directive implement the obligations deriving from the international agreements that have as their subject matter neighbouring or related rights, whereas the InfoSoc Directive covers both types of copyright. Since the right of divulgation in France and Germany is only ascribed to the author and the beneficiaries of the neighbouring and related rights are excluded from exercising this right, the contours of the economic rights of communication to the public, will be addressed through its enactment in the InfoSoc Directive. The second issue pertains to the fact that the InfoSoc Directive introduces the concept of communication to the public, including making the work available to the public for both copyright in the narrow and broad sense. However, when it comes to assessing this concept through the body of harmonising measures made on the EU level, three generalities need to be noted. The first is the fact that this concept has an autonomous and uniform interpretation throughout the EU, to be uniformly applied.82 Secondly, that in the light of a requirement of unity of the EU legal order  See Kur and Dreier (2013), p. 241.  Council Directive 93/83/EEC of 27 September 1993 on the coordination of certain rules concerning copyright and rights related to copyright applicable to satellite broadcasting and cable retransmission, OJ L 248 (SatCab Directive). 81  Directive 2006/115/EC of the European Parliament and of the Council of 12 December 2006 on rental right and lending right and on certain rights related to copyright in the field of intellectual property (codified version), OJ L 376 (Rental and Lending Rights Directive). 82  CJEU, Sociedad General de Autores y Editores de España (SGAE) v Rafael Hoteles SA, Case C 306/05, Judgment of 7 December 2006, par. 31. 79 80

6  Author’s Right to Choose: Right of Divulgation in the Online Digital Single Market…

151

and its coherence, this concept used by the body of directives that harmonise the field of copyright must have the same meaning,83 unless the EU legislature has, in a specific legislative context, expressed a different intention.84 This expressed different intentions can be visible in the different material scope of rights that is pertained to communication to the public for the copyright in the narrow and broader sense under the EU harmonisation directives. For example, broadcasters (right holders of a neighbouring or related right) right of communication to the public under the Rental and Lending Directive is triggered with the commercial exploitation of their work, against a payment of an entrance fee, whereas authors—right holders in a narrow sense—right of communication to the public under the InfoSoc Directive is not conditioned with the commercial exploitation. Lastly, this concept needs to be interpreted broadly,85 as referring to any transmission of the protected works, irrespective of the technical means or process used86 and, as far as possible, interpreted in accordance with international law,87 in such a way that it is compatible with international agreements, considering the context in which those concepts are found and the purpose of the relevant provisions of the international agreements.88 Generally speaking, the parameters of communication to the public can be delimited under four criteria. The first two need to be cumulatively met, and these are an ‘act of communication’ which is directed to a ‘public’. Other two are complementary and interdependent and they concentrate on evaluation of a ‘new public’ or ‘the profit-making nature’ of the act of communication itself. In this sense, the CJEU discusses the need for an individual assessment of the concept of communication to the public to make an assessment on a case-by case-analysis.89  See CJEU, Airfield NV and Canal Digitaal BV v Belgische Vereniging van Auteurs, Componisten en Uitgevers CVBA (Sabam) (C 431/09) and Airfield NV v Agicoa Belgium BVBA (C 432/09), Joined cases C 431/09 and C 432/09, Judgment of 13 October 2011, par.44; CJEU, Reha Training Gesellschaft für Sport- und Unfallrehabilitation mbH v Gesellschaft für musikalische Aufführungsund mechanische Vervielfältigungsrechte eV (GEMA), Case C 117/15, Judgment of 31 May 2016, paras. 23–34; CJEU, GS Media BV v Sanoma Media Netherlands BV and Others, Case C 160/15, Judgment of 8 September 2016, paras 32–34. 84  See CJEU, Football Association Premier League Ltd and Others v QC Leisure and Others (C 403/08) and Karen Murphy v Media Protection Services Ltd (C 429/08), Joined cases C 403/08 and C 429/08, Judgment of 4 October 2011, paras. 187-18; CJEU, Verwertungsgesellschaft Rundfunk GmbH v Hettegger Hotel Edelweiss GmbH, Case C 641/15, Judgment of 16 February 2017, paras. 16–20. 85  See CJEU, Sociedad General de Autores y Editores de España (SGAE) v Rafael Hoteles SA, Case C 306/05, Judgment of 7 December 2006, par. 36; CJEU, Football Association Premier League Ltd and Others v QC Leisure and Others (C 403/08) and Karen Murphy v Media Protection Services Ltd (C 429/08), Joined cases C 403/08 and C 429/08, Judgment of 4 October 2011, par. 186. 86  CJEU, Football Association Premier League Ltd and Others v QC Leisure and Others (C 403/08) and Karen Murphy v Media Protection Services Ltd (C 429/08), Joined cases C 403/08 and C 429/08, Judgment of 4 October 2011, par. 193. 87  Ibid, par 189. 88  CJEU, Società Consortile Fonografici (SCF) v Marco Del Corso, Case C 135/10, Judgment of 15 March 2012, paras. 51–55. 89  See Quintais (2018), p. 4. 83

152

B. Marušić

This ­chapter will not go into analysis of what exactly each of these criteria mean, and how were they interpreted by the CJEU. Instead, what this chapter will concentrate on is an evaluative lens through which the CJEU observes this economic right. This economic right, in the CJEU’s interpretation is viewed through the author’s consent to communicate the work to the public. Similarly, to the national interpretations of the right of divulgation, it presumes that the author consented or wanted her or his work to be shared with the public. In the event that the consent is absent, this economic right is breached. The concept of consent can be analysed in two levels. First, when there is an act of communication and secondly when there is a need to assess whether this act is directed to a new public. When it comes to an act of communication, the indispensable role of the person facilitating the possibility of access of the recipient is assessed through a knowledge based criterion. This knowledge based criterion is connected to the degree of insight of the person on whether authors consent was given for the work to be communicated. If a person knew or ought to have known that there is no consent for communicating the work, then a copyright breach occurred. Furthermore, if this person is making a profit out of the breach, then the evaluation of knowledge is redundant, since it is understood that there is an obligation to seek consent before engaging in profit-making exercise.90 Therefore, consent is placed as a cornerstone in the evaluation of whether an act of communication occurred. On the assessment of the existence of a new public, the consent is viewed through the prism of the fact that every act of communication is individually authorised by the author of the work in question. In this context, the technical means of access play a role in the determination of the new public, since the manner that the access is given and the fact that this access was not envisaged by the initial authorisation determines whether a new public is reached.91 In the act of communication to the public, if the access envisaged by the author was given to a specific audience, everything falling outside this audience was deemed to be a new public. In the case of online access, if the author did not envisage in her or his initial consent that the work will be made available online, but only offline, a new authorisation or consent is needed.92 Therefore, if the consent is given for a specific infrastructure (the online or the offline arena) or a different technical mean, then there is no need to assess the audience or the new public.93 In conclusion, as far as the assessment of the existence of a new public is concerned, consent is required either in the presence of the new audience or in the presence of a new technical mean. Lastly, the right of communication to the public—including the right of making the work available to the public—under statutory provision of the Art. 3.3 of the InfoSoc Directive, cannot be exhausted. This means that for every act of communi See GS Media BV v Sanoma Media Netherlands BV and Others, paras. 40–43 and 52.  CJEU, BestWater International GmbH v Michael Mebes and Stefan Potsch, C 348/13, Order of 21 October 2014, par. 14. 92  CJEU, ITV Broadcasting Ltd and Others v TVCatchUp Ltd, Case C 607/11, Judgment of 7 March 2013, par. 26. 93  Ibid, paras. 38–39. 90 91

6  Author’s Right to Choose: Right of Divulgation in the Online Digital Single Market…

153

cation to the public, a new authorisation must be made by the author. Additionally, in line with the Term Directive,94 the economic right of communication to the public lasts for 70 years after the death of the author.

4  Redundancy: Connecting Points of Both Rights Against this background, the connecting points of the right of communication to the public and the right of divulgation can be seen in the application of these rights and their interpretation. As was stated above, the right of communication to the public is viewed through the consent of the author to communicate its work to the public, and this consent needs to be made for every act of communication. Both in the dualistic and monistic approach, the consent of the author is the basis of the right of divulgation, and unlike the economic right, this right can be exhausted by first disclosure. In the French, Belgian and Greek models, there are differing opinions in relation to the exercise of this right and to when the exhaustion takes place. There are certain similarities with the interpretation of the economic right of communication to the public, namely the criteria what is an act of communication. Both the act of communication and the act of divulging the work require consent of the author for the right not to be infringed. This consent is not only needed for the first act that discloses the work, but might also be needed for subsequent acts of disclosure if this was done through different modes of disclosure (for example, different technical mediums). In the German model and similarly in the Austrian model, the exercise of this right can be made by implication of the transfer of economic rights to another party, if the exploitation of those economic rights necessarily entails the divulging of the work. However, there are still differences in opinions on what does the term ‘to publicly disclose’ entail, the meaning of an act of divulging (the form of it), and when the right of divulgation is exhausted. On the term ‘to publicly disclose’ in the German model, the minority opinion highlights the fact that it can be viewed as intended for plurality of persons.95 This is irrelevant of the fact whether the group of persons is limited in some particular way and whether they are bound together through mutual relationship to the person carrying the act of divulgation. In this interpretation, the term public has a wide definition, which in turn limits the authorial rights which can sooner be exhausted. What is specifically problematic with this interpretation is the exclusion of the private sphere, since everything is deemed public. In essence, what this interpretation would suggest is that by way of disclosure of one’s work in a family circle, the author would have exercised and exhausted her or his right of divulgation. However,  Directive 2011/77/EU of the European Parliament and of the Council of 27 September 2011 amending Directive 2006/116/EC on the term of protection of copyright and certain related rights, OJ L 265 (Term Directive). 95  See Nicolini and Ahlberg (2018), p. 252. 94

154

B. Marušić

her or his economic right of communication to the public would remain untouched. The more dominant opinion in the German model,96 which provides a more balanced approach, and can be also found in the Greek model,97 advances the idea that the work is publicly disclosed if it is made available to everyone without a limitation, excluding the group of persons that have a personal connection to each other. By this, the definition of public is curtailed and excludes the private sphere. Consequently, this opinion suggests that if a work is disclosed in a private circle, for example, family circle, the author retains both the moral right of divulgation and the economic right of communication to the public. The definition of public, under the latter opinion, resembles the outlook adopted by the CJEU in defining the criterion of a public. In its interpretation of public, the CJEU stated that a public consists of an indeterminate number of potential viewers which implies a fairly large number of persons in general, that is not restricted to specific individuals belonging to private group. In both interpretations of the term public, in the moral right and the economic right, we can see that there is a connecting factor and a similar trigger point in the sense that this term excludes disclosure in private settings. Secondly, in both the monistic and the dualistic approach, the right of divulgation can be consumed and exhausted by first disclosure. Unlike the French model, in the German model there are essentially three ways to observe it. The first way is that the right has been consumed when the act of divulging with the prior authors consent has been made. The second view, which closely resembles the non-­ exhaustion principle of making the work available to the public, states that the right of divulgation covers any occasion that the work is released in the public sphere. The third view, which is in line with the above mentioned French view, is that the right of divulging is consumed every time the work is placed on a different medium. Here, we can also see the similarities in the trigger points between the right of divulgation and the right of making the work available to the public since the need of consent is triggered either by every act of divulging or by a new mode on which the work is made available. Lastly, in the German model, uploading a file onto a server (a similar situation in the GS Media98 case) was deemed to be covered by the right of divulgation. The possible frictions, in these similar ways of behaviour, can be boiled down to the issue of contractual transfers of economic rights. The first one is that, under the French model, this parallel scheme of two rights can lead to the problem of contractual transferability of the use of the work. This means that even if the economic right has been transferred, the moral right could be used to prevent the disclosure of the work. This is even more so, considering that different forms of disclosure (different mediums or infrastructures) can be viewed as a new type of disclosure. For example, similar issues brought about the exclusion of this right in Sweden, since it was  See Dietz and Peukert (2017), p. 262.  See Stamatoudi (2016), p.  498, Court of First Instance, Athens, Decision No. 24610/2004, Private Law Annals (2006), p.  929, Court of First Instance, Athens, Decision No. 20669/1998, Commercial Law Review (1999), p. 153. 98  See GS Media BV v Sanoma Media Netherlands BV and Others. 96 97

6  Author’s Right to Choose: Right of Divulgation in the Online Digital Single Market…

155

reasoned that this right is too closely connected with the economic right to reproduce copies and make them available to the public,99 and was commented by some academics as a viable legislative solution, since the existence of these two rights could lead to technical problems100 (such as the issue of transferability). In the German model, this would not be such a problem if the exploitation of the economic rights would necessary entail divulging of the work, since then there is a presumption of implied exercise of the right of divulgation. However, if both sets of rights have the same connecting points and—in essence—have the same underlying presumptions of consent and disclosure, then it would be reasonable to merge them under an economic right in their assessment, since double assessment of the same connecting points would seem redundant. In this case, assessment under the economic right, rather than the one under the moral right, can provide a higher standard of legal certainty for the market players in the EU. The general principle of legal certainty as defined under the EU law is a principle that relies on the fundamental premise that those subject to the law must know what the law is, to be able to plan their actions accordingly,101 thus being entitled to have legitimate expectations, otherwise the law becomes arbitrary to them. One set of rules for the entire territory of the EU and for the same trigger point, which in this case is consent and disclosure, does provide the market players with knowledge of what the law is to plan their actions accordingly. Having two parallel schemes, one for the entire territory of the EU, and one present in some Member States, depletes legal certainty, and creates obstacles to trade in the internal market, specifically when it comes to the transfer of rights of use, and even more so applied to online settings. By this, legitimate expectations of the market players are diminished, since they can never truly know when and under what circumstances the invocation of the right of divulgation might hinder their already legally obtained consent and disclosure authorisation.

5  Conclusion The fact that the same act can produce two sets of legal consequences, or two grounds for legal protection, is not a novelty in copyright protection. However, the question that is raised here is that if both of the grounds for legal protection have similar or almost the same material scope of application, does this create a redundancy in the assessment of one of the rights? The analysis of the material scope of application of both these rights demonstrates two trends. The first trend is that the jurisdictions that have monistic approach to copyright have both these rights contained in their copyright legislative framework, whereas the jurisdictions with dualistic approach are more inclined to merge  See Axhamn (2016), p. 607.  Strömholm (2002), p. 229. 101  Tridimas (2000), p. 163. 99

100

156

B. Marušić

these two rights. For example, in the Nordics,102 the rationale behind the merge was based mainly on the argument that the economic rights ascribed to the author provide for an adequate protection against unauthorised publication. The scope of both the moral right of divulgation and economic rights was seen as overlapping, therefore providing two sets of rights for the same legal problem, seemed redundant. The merging of the two rights is visible in, for example, Sweden, Denmark, Finland, Netherlands and United Kingdom, whereas other dualistic jurisdictions such as France, Belgium, Italy and Greece, retain the separation of the moral right and the economic right. Even with this quite general statement, it is visible that merging of the concepts and the material scope of application of both economic and moral rights, irrelevant of the dualistic or monistic approach, is more an intuitive step made either by the legislators (such as merging the right of divulgation with utilisation done by the Austrian legislator), or by courts (such as merging both concepts in German court, or providing a moral right dimension to an economic right by Italian courts). The second trend is that since this intuitive step is already being done by the legislator and the courts, the concept of divulgation done on the national level is slowly starting to resemble the concept of communication to the public on the EU level. This is visible through the authorisation criteria that is needed for different forms of divulging (France, Belgium, Greece, Germany), yet not for internet (Belgium); also in the criteria for determination of the public (Germany), or determination of whether the right can be exhausted (Germany). The question here is whether there is a room for harmonisation of moral rights in the EU and, with this, harmonisation of the right of divulgation. Although there has been an ongoing discussion on the EU level about the possibility of harmonisation of moral rights, the issue of competence to harmonise and a lack of a real need to do so has been put forward as main arguments against it.103 From the EU harmonisation competence perspective, two legal grounds come into the forefront. The first one is the adherence by the EU to the Berne Convention. However, several qualifications need to be made here. Firstly, the Berne Convention is an international agreement to which all Member States of the EU are party to, however EU is not. This does not mean that the EU is deprived of any link with the international obligations deriving from the Berne Convention. The TRIPs Agreement and the WCT, which are both international agreements to which the EU is a party to, include an obligation of adherence of the EU to the Berne Convention, but not the entire agreement is covered by this obligation.104 However, the TRIPs Agreement in Article 9 (1) excludes moral rights protection provided in Article 6bis of the Berne Convention, whereas the Article 1 (4) of the WCT encompasses this obligation.105 Secondly, and against this background, the CJEU, in several judgements, advanced an idea that the EU, by  Strömholm (2002), p. 219.  See Davies and Garnett (2016), pp. 69–78. 104  CJEU, Commision v Ireland, Case C-13/00, Judgment of 19 March 2002, paras. 14–20. 105  See for example CJEU, DR and TV2 Danmark A/S v NCB – Nordisk Copyright Bureau, Case C-510/10, Judgement of 26 April 2012, par. 29. 102 103

6  Author’s Right to Choose: Right of Divulgation in the Online Digital Single Market…

157

adopting the InfoSoc Directive, had exercised the competence previously devolved on the Member States in the field of intellectual property. Within the scope of that directive, the EU must be regarded as having taken the place of the Member States, which are no longer competent to implement the relevant stipulations of the Berne Convention.106 With this, the CJEU suggests in its case law that only economic rights stemming from the Berne Convention are covered in this obligation, through their incorporation in the InfoSoc Directive. Even if one takes the view of wide interpretation, which would encompass a derived competence to harmonise the moral rights from the Berne Convention, these rights would only be the right of paternity and integrity, since the right of divulgation is out of the remit of Article 6bis of the Berne Convention. The second legal ground can be found under Article 114 of the TFEU.107 Article 114 of the TFEU contains a functional competence rule,108 and is regarded as a proper legal basis through use of directives as legal mechanisms for harmonisation and approximation of laws on the EU wide level to alleviate differences caused by national laws. Since the right of divulgation, as seen through the analysis done in this chapter, has the possibility to create obstacles in the internal market, by the fact that it has different application (or lack of it) in the Member States, one could argue that harmonisation of this right could be done through a directive on moral rights. However, as was pointed out in this chapter, although the right of divulgation and the right of communication to the public differ in their raison d' etre, the end result of application and interpretation is practically the same, making the reason for the EU wide harmonisation of this moral right redundant. Therefore, in the light of legal certainty, the assessment of these two rights should be merged, paving way to the assessment through the economic right, to promote legitimate expectations of market players in the EU, and consequently higher standard of legal certainty.

References 1961 Rome Convention for the Protection of Performers, Producers of Phonograms and Broadcasting Organizations [1992] ATS 29/ 496 UNTS 43 Actes de la Conférenceréunie à Rome du 7 mai au 2 juin 1928 (1929) Bureau de l'Union international pour la protection des œuvres littéraires et artistiques, Berne Adeney E (2006) The moral rights of authors and performers: an international and comparative analysis. Oxford University Press, Oxford Agreement on Trade-Related Aspects of Intellectual Property Rights, Apr. 15, 1994, Marrakesh Agreement Establishing the World Trade Organization, Annex 1C, The Legal Texts: The Results of the Uruguay Round of Multilateral Trade Negotiation 320 (1999), 1869 U.N.T.S. 299, 33 I.L.M. 1197 (1994)

 Ibid par. 31, Cf. CJEU, Luksan, Case C-277/10, Judgement 9 February 2012, par. 64.  Treaty of Lisbon Amending the Treaty on European Union and the Treaty Establishing the European Community, Dec. 13, 2007, 2007 O.J. (C 306) 1 (TFEU). 108  Ramalho (2016), p. 20. 106 107

158

B. Marušić

Akester P (2016) Portugal. In: Davies G, Garnett K (eds) Moral rights, 2nd edn. Sweet and Maxwell, London, pp 637–655 Allfeld P (1902) Kommentar zum LUG und zum Verlagsgesetz von 1901 (Commentary to the LUG and the Publishing Law of 1901). Munich Axhamn J (2016) The Nordic countries. In: Davies G, Garnett K (eds) Moral rights, 2nd edn. Sweet and Maxwell, London, pp 605–635 Berne Convention for the Protection of Literary and Artistic Works (Paris Act of 24 July 1971 as amended on 28 September 1979) BGH [1955] GRUR 201, Cosima Wagner Buganza C (2016) Spain. In: Davies G, Garnett K (eds) Moral rights, 2nd edn. Sweet and Maxwell, London, pp 657–677 Bungeroth E (1977) Luxembourg. In: Möhring P, Schulze E, Ulmer E, Zweigert K (eds) Quellen des Urheberrechts, vol 4. Looseleaf, Frankfurt am Main and Berlin, p 4 CA Lyon, Lacordaire v Marle (1845) CA Paris, Affaire Vergne (1828) Caron C (1998) Abus de droit et droit d'auteur. Litec, Paris CJEU, Airfield NV and Canal Digitaal BV v Belgische Vereniging van Auteurs, Componisten en Uitgevers CVBA (Sabam) (C 431/09) and Airfield NV v Agicoa Belgium BVBA (C 432/09), Joined cases C 431/09 and C 432/09 Judgment of 13 October 2011 CJEU, BestWater International GmbH v Michael Mebes and Stefan Potsch, C 348/13, Order of 21 October 2014 CJEU, Commission v Ireland, Case C-13/00, Judgment of 19 March 2002 CJEU, C More Entertainment AB v Linus Sandberg, Case C 279/13, Judgment of 26 March 2015 CJEU, DR and TV2 Danmark A/S v NCB – Nordisk Copyright Bureau, Case C 510/10, Judgement of 26 April 2012 CJEU, Football Association Premier League Ltd and Others v QC Leisure and Others (C 403/08) and Karen Murphy v Media Protection Services Ltd (C 429/08), Joined cases C 403/08 and C 429/08, Judgment of 4 October 2011 CJEU, GS Media BV v Sanoma Media Netherlands BV and Others,Case C 160/15, Judgment of 8 September 2016 CJEU, ITV Broadcasting Ltd and Others v TVCatchUp Ltd, Case C 607/11, Judgment of 7 March 2013 CJEU, Lagardère Active Broadcast v Société pour la perception de la rémunération équitable (SPRE) and Gesellschaft zur Verwertung von Leistungsschutzrechten mbH (GVL),Case C 192/04, Judgment of 14 July 2005 CJEU, Luksan, Case C-277/10, Judgement 9 February 2012 CJEU, Mediakabel BV v Commissariaat voor de Media, Case C 89/04, Judgment of 2 June 2005 CJEU, Nils Svensson and Others v Retriever Sverige AB,Case C 466/12, Judgment of 13 February 2014 CJEU, Reha Training Gesellschaft für Sport- und Unfallrehabilitation mbH v Gesellschaft für musikalische Aufführungs- und mechanische Vervielfältigungsrechte eV (GEMA), Case C 117/15, Judgment of 31 May 2016 CJEU, Sociedad General de Autores y Editores de España (SGAE) v Rafael Hoteles SA,Case C 306/05, Judgment of 7 December 2006 CJEU, Società Consortile Fonografici (SCF) v Marco Del Corso, Case C 135/10, Judgment of 15 March 2012 CJEU, Verwertungsgesellschaft Rundfunk GmbH v Hettegger Hotel Edelweiss GmbH, Case C 641/15, Judgment of 16 February 2017 Code de la propriété intellectuelle. https://www.legifrance.gouv.fr/affichCode.do?cidTexte=LEGI TEXT000006069414 Council Directive 93/83/EEC of 27 September 1993 on the coordination of certain rules concerning copyright and rights related to copyright applicable to satellite broadcasting and cable retransmission, OJ L 248

6  Author’s Right to Choose: Right of Divulgation in the Online Digital Single Market…

159

Court of First Instance, Athens, Decision No. 20669/1998, Commercial Law Review (1999) Court of First Instance, Athens, Decision No. 24610/2004, Private Law Annals (2006) Davies G, Garnett K (eds) (2016) Moral rights, 2nd edn. Sweet and Maxwell, London, pp 3–12, 13–21, 23–40, 41–67, 69–78, 81–109 Dietz A, Peukert A (2016) Germany. In: Davies G, Garnett K (eds) Moral rights, 2nd edn. Sweet and Maxwell, London, pp 455–482 Dietz A, Peukert A (2017) In: Schricker G, Loewenheim U (eds) Urheberrecht, 5th edn. C.H. Beck, Munich, pp 262–266. Directive 2001/29/EC of the European Parliament and of the Council of 22 May 2001 on the harmonisation of certain aspects of copyright and related rights in the information society, OJ L 167 Directive 2006/115/EC of the European Parliament and of the Council of 12 December 2006 on rental right and lending right and on certain rights related to copyright in the field of intellectual property (codified version), OJ L 376 Directive 2011/77/EU of the European Parliament and of the Council of 27 September 2011 amending Directive 2006/116/EC on the term of protection of copyright and certain related rights, OJ L 265 Directive 96/9/EC of the European Parliament and of the Council of 11 March 1996 on the legal protection of databases, OJ L 77 Dittrich R, Kucsko G (1981) Urheberrecht: Systematischer Kommentarzum Urheberrechtsgesetz. Manz, Vienna Faludi G (2016) Hungary. In: Davies G, Garnett K (2016) Moral rights, 2nd edn. Sweet and Maxwell, London, pp 509–538 Ficsor M (2002) The law of copyright and the internet: the 1996 WIPO treaties, their interpretation and implementation. Oxford University Press, Oxford Frabboni MM (2016a) France. In: Davies G, Garnett K (eds) Moral rights, 2nd edn. Sweet and Maxwell, London, pp 415–454 Frabboni MM (2016b) Italy. In: Davies G, Garnett K (eds) Moral rights, 2nd edn. Sweet and Maxwell, London, pp 539–560 Gordon W (1989) An inquiry into the merits of copyright: the challenges of consistency, consent and encouragement theory. Stanford Law Rev 41:1343 Gordon W (1993) A property right in self-expression: equality and individualism in the natural law of intellectual property. Yale Law J 102:1533 Grosheide FW (2016) The Netherlands. In: Davies G, Garnett K (eds) Moral rights, 2nd edn. Sweet and Maxwell, London, pp 561–603 Hughes J (1988) The philosophy of intellectual property. Georgetown Law J 77:287 Kucsko G (1995) Austria. In: Metaxas-Maranghidis G (ed) Intellectual property laws of Europe. John Wiley & Son Ltd, London, p 43 Kur A, Dreier T (2013) European intellectual property law text, cases and materials. Edward Elgar. Cheltenham Landes W, Posner R (1989) An economic analysis of copyright law. J Legal Stud 18:325 Leška R, Štechova K (2016) Czech Republic and Slovakia. In: Davies G, Garnett K (eds) Moral rights, 2nd edn. Sweet and Maxwell, London, pp 373–413 Lips B, Vilars D, Maqua A, Folon J (1998) Du numérique au multimédia, Aspects juridiques et commerciaux, Ministère de la Région Wallonne. DGTRE, Brussels Locke J (1689/1988) Two treaties of government. Cambridge University Press, Cambridge Lucas A, Lucas H-J, Lucas-Schloetter A (2012) Traité de la propriété littéraire et artistique. Oxford University Press, Oxford Müsse HG (1999) Urheberpersönlichkeitsrecht unter besonderer Berücksichtigung der Veröffentlichung und der Inhaltmitteilung. Dissertation, Albert-Ludwigs-Universität Freiburg. Nicolini K, Ahlberg H (2018) Möhring-Nicolini Urheberrechtgesetz Kommentar, 2nd edn. Franz Vahlen, Munich, p 252

160

B. Marušić

Opinion of Advocate General Maciej Szpunar in Stichting Brein, C 610/15, Opinion of 8 February 2017 Quintais JP (2018) Untangling the hyperlinking web: in search of the online right of communication to the public. J World Intellect Property, p 4 Ramalho A (2016) The competence of the European Union in copyright lawmaking - a normative perspective of EU powers for copyright harmonization. Springer Reinbothe J, Von Lewinski S (2002) The WIPO treaties 1996. Butterworths/LexisNexis, London Schricker G (2017) In: Schricker G, Loewenheim U (eds) Urheberrecht, 5th edn. C.H.  Beck, Munich, p 4 SEC (2004) 995 of 17 July 2004, Commission Staff Working Paper on the review of the EC legal framework in the field of copyright and related rights Stamatoudi IA (2016) Greece. In: Davies G, Garnett K (eds) Moral rights, 2nd edn. Sweet and Maxwell, London, pp 483–508 Strömholm S (1967) Le droit moral de l'auteur, vol 1. Norstedt&SönersFörlag, Stockholm Strömholm S (2002) Droit Moral–the international and comparative scene from a Scandinavian viewpoint. Scandinavian Studies in Law, Stockholm Institute for Scandinavian Law Torremans P (2016) Belgium. In: Davies G, Garnett K (eds) Moral rights, 2nd edn. Sweet and Maxwell, London, pp 343–371 Treaty of Lisbon Amending the Treaty on European Union and the Treaty Establishing the European Community, Dec. 13, 2007, 2007 O.J. (C 306) 1 Tri. Civ. Seine, Billecocq v Glendaz (1814) Tridimas T (2000) The general principles of EC law. Oxford University Press, Oxford Ulmer E (1960) Urheber and Verlagsrecht, 2nd edn. Springer, Berlin Ulmer E (1980) Urheber- und Verlagsrecht, 3rd edn. Springer, Berlin Von Lewinski S, Walter M (2010) European copyright law: a commentary. Oxford University Press, Oxford WIPO Performances and Phonograms Treaty S. Treaty Doc. No. 105-17, 36 ILM 76 (1997) World Intellectual Property Office Copyright Treaty, adopted on Dec. 20, 1996, WIPO Doc. CRNRIDC/94 Yen A (1990) Restoring the natural law: copyright as labour and possession. Ohio St Law J 51:517

Chapter 7

“Digital” Exhaustion and the EU (Digital) Single Market Liliia Oprysk

Abstract  A reference for a preliminary ruling on the applicability of exhaustion of the right of distribution under the Copyright Directive to e-books reached the Court of Justice of the European Union (CJEU), putting copyright exhaustion once again under the spotlight in the EU. In light of the Court’s tendency to extend the scope of the right of communication to the public to include any act remotely related to a protected work, the reference is of uttermost importance for drawing the boundaries of copyright protection online. While the topic of “digital” exhaustion is intriguing from the perspective of copyright law, it is no less thought-provoking in the context of the internal market. Even before the copyright harmonisation took off, the CJEU used the principle to facilitate the functioning of the internal market by eliminating the impediments to the free movement of goods within the EU.  The subsequent copyright harmonisation of exhaustion under the acquis relied largely upon the CJEU rulings weighting the objectives of the internal market with that of national copyright laws. Accordingly, the Court’s ruling in the case is not only a matter of copyright but also a matter of the internal market. This chapter seeks to place the issue at stake in its broader context. Namely, it discusses whether extending the applicability of exhaustion to the acts of online dissemination would contribute to the Digital Single Market (DSM). It suggests that the “digital” exhaustion has a potential to advance the DSM. However, its role would be rather different from the one exhaustion had in the analogue internal market, which shall be accounted for.

L. Oprysk (*) IT Law Programme, University of Tartu, Tartu, Estonia © Springer Nature Switzerland AG 2020 T.-E. Synodinou et al. (eds.), EU Internet Law in the Digital Era, https://doi.org/10.1007/978-3-030-25579-4_7

161

162

L. Oprysk

1  Introduction Although the exhaustion principle developed separately in each field of Intellectual Property (IP),1 exhaustion is sometimes referred to as a common principle of IP.2 An item manufactured using a patented process, bearing a trademark and presenting a copy of literary or artistic work would, in most cases, be outside of the control of all the right holders involved, once it has been placed on the market. The right to authorise or prohibit further distribution of that particular copy would expire. Although exhaustion is a widespread concept stretching across the IP fields, its scope has been neither fully explored nor articulated.3 Whilst under the respective IP field, exhaustion is perceived as a boundary of an exclusive right of distribution, the concept has also occasionally been used to balance the divergent objectives of IP protection with that of other fields of law.4 Although the advent of digital technologies influenced IP types to a different extent, copyright, without a doubt, is a field that has been affected the most. Not only did the online environment become one of the primary dissemination channels, the challenges posed by the development of technology made international harmonisation highly desirable.5 Considering the unique challenges the exhaustion concept faced under the copyright law, this chapter refers to the concept solely in the copyright context. Besides the role of exhaustion in determining the scope of the exclusive rights under copyright, there are various other areas which have been associated with it.6 In the European Union (EU), which is the primary focus of this chapter, the exhaustion principle was used early on in the harmonisation to facilitate the functioning of the internal market. The concept became an instrument of regulating trade between the Member States (MS) even before exhaustion was harmonised under the EU copyright acquis.7 The very name itself was appropriated to develop means of dealing with the conflicts of a single market and national laws.8

 The research leading to this contribution has been supported by the Estonian Research Council grant PUT PRG 124. 2  Yusuf and von Hase (1992), pp. 115–131; for the EU law perspective, see Schovsbo (2010), p. 10. 3  Katz (2014), p. 55. 4  For instance, introducing exhaustion rule avoids the conflict between the exclusive rights under the copyright and property right in a tangible object in which a work is embodied. 5  Among the questions raised was the possible extension of the exclusive rights to the online environment and their limits. The issue was extensively discussed during the Negotiations on the Possible Protocol to the Berne Convention, which led to the adoption of the WIPO Copyright Treaty and WIPO Performances and Phonograms Treaty. 6  Inter alia, the exhaustion of the right of distribution enables a secondary market and competition between the platforms. See more in Rubí Puig (2013), pp. 160–162. 7  On the original intent behind harmonising the exhaustion on the EU level, see Jehoram (1994), pp. 821–840. On the usage of exhaustion in the context of competition law, see Gallego (2003), pp. 479–502. 8  Cook (2010), p. 357. 1

7  “Digital” Exhaustion and the EU (Digital) Single Market

163

Accordingly, the discussion on the exhaustion principle under the EU law is always two-fold: on the one hand, it is the copyright aspect under the EU copyright acquis, and, on the other hand, it is the internal market dimension. In the absence of clearly defined rationales of copyright protection under the EU copyright acquis, it is somewhat challenging to draw conclusions on the desirability of extending the principle relying solely on the wording of the acquis. The adoption of the Digital Single Market Strategy (DSM Strategy) calls for considering also the internal market perspective, digital version of which is where “the free movement of goods, persons, services and capital is ensured and where individuals and businesses can seamlessly access and exercise online activities under conditions of fair competition and a high level of consumer and personal data protection, irrespective of their nationality or place of residence”.9 This chapter discusses whether the exhaustion principle as formulated and worded in the analogue era can assist in facilitating the free movement of digital goods and services as set out in the DSM Strategy. Given the very absence of clarity on the exhaustion applicability to the online dissemination under the EU copyright acquis, the answer is nothing but straightforward. As a reference for a preliminary ruling on the application of exhaustion to acts of online dissemination under the EU copyright acquis has recently reached the CJEU, the copyright aspect of it is to be clarified in the nearest future.10 What remains to be seen is how the CJEU answering the question in either affirmative or in negative could contribute to or interfere with the objectives of the DSM.

2  Copyright Exhaustion and Cross-Border Trade Exhaustion is a term that generally refers to the consumption (meaning termination) of the copyright holder’s right to control further distribution of a copy of a work upon the first distribution of that copy.11 It defines the scope of the distribution right granted to the right holder, which shall not cover distribution of copies beyond their first marketing pursuant to the authorisation.12 As the copyright laws developed, the prerequisites of the exhaustion changed, which inevitably altered the scope of the exclusive right of distribution itself.13 Furthermore, the concept has also been  Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions. A Digital Single Market Strategy for Europe COM(2015) 192 final. 10  CJEU, Nederlands Uitgeversverbond and Groep Algemene Uitgevers. Case C 263/18. 11  Gotzen (1990), p. 300; Yusuf and von Hase (1992), p. 116; Tjin Tai (2003), p. 207; Karapapa (2014), p. 307; Rognstad (2014), p. 1. On importation, see Slotboom (2003), p. 422 and Schovsbo (2010), pp. 3–4. 12  The view also found in Lucas (2010), p. 306. 13  Confining exhaustion to a smaller range of acts triggering its application ultimately results in the expansion of the scope of the exclusive right. 9

164

L. Oprysk

employed by different fields of law. For instance, the principle was used to eliminate the adverse monopoly effect of the exclusive IP rights on market and competition within it, particularly on cross-border trade. Due to the different objectives that became attached to exhaustion, its harmonisation on the international level is so far a seemingly impossible task. Several attempts to harmonise it were made in the 1990-ies, as the influence of certain disparities in the national laws reached beyond the national borders.14 With the emergence of the new forms of exploitation of a work, the boundaries of the concept became of uttermost importance. For instance, one of the main driving forces behind the explicit recognition of the exclusive right of rental (not subject to exhaustion) was the very existence of exhaustion under certain national laws. In the absence of exhaustion, a separate right of rental would not be necessary, as it generally constituted a form of distribution.15 At present, when the rental right has been widely recognised and harmonised, the primary function of exhaustion is to delimit the scope of the broad right of distribution. However, the wording relies heavily on the distinction between the transfer of ownership and possession, which was drawn at the outset of international negotiations to ensure that the rental right would not be exhausted upon the first distribution.16 Accordingly, the wording of exhaustion under the international treaties should not be examined in isolation but rather in the context of negotiations ongoing at the time of the adoption. Although the exhaustion principle seems straightforward, it is far from that. Given the territoriality of copyright protection and the divergent scope of rights under the national laws, certain differences arise. For instance, for the application of exhaustion in a particular jurisdiction, it might or might not matter whether the copies in question were distributed for the first time within its territory or abroad. The latter is ultimately a question which is not resolved by the principles of copyright alone but rather depends on a variety of considerations outside it.17 The territoriality of exhaustion makes quite a difference for cross-border trade. Depending on the type applied, movement of goods and services across the borders can be severely distorted.18 Ultimately, the desirable international harmonisation of exhaustion would not be complete unless the territoriality aspect is settled as well. So far, there is still no agreement on the international level, although some international or supra-national organisations maintain common regimes. In the EU, for example, the regional exhaustion is practised. It resembles national exhaustion by  Most jurisdictions provided the right of distribution that was limited to the first distribution either through the exhaustion principle or other instruments (such as implied license). The territoriality of exhaustion, on the other hand, varied greatly and impaired the cross-border trade. 15  Longdin Lim (2013), p. 544; Gotzen (1990), p. 299. 16  Committee of Experts on a Possible Protocol to the Berne Convention (1991) First Session. Questions concerning a possible protocol to the Berne Convention Part II. (Draft). Memorandum prepared by the International Bureau, p. 20. 17  For example, it depends on a state’s trade policy on parallel importation. 18  Yusuf and von Hase (1992), p. 116; Slotboom (2003), pp. 421–440. 14

7  “Digital” Exhaustion and the EU (Digital) Single Market

165

precluding unauthorised import of copies which were put into circulation outside the EU, notwithstanding the right holder’s authorisation of the first distribution. The TRIPS Agreement would perhaps be an appropriate instrument to deal with the matter of exhaustion’s territoriality on the international level.19 Nevertheless, while it provides for common minimum standards of IP protection, the Agreement does not spell out the limitations to granted rights.20 Similarly, territoriality of exhaustion is out of the scope of the WIPO Copyright Treaty (WIPO CT).21 Although lively debated during the negotiations, the issue was left for the states to decide. In a sense, such a solution endorsed international exhaustion. By prescribing national exhaustion, the Treaty would foreclose any possibility of parallel importation and harm international trade.22

3  R  ole of Exhaustion in the EU Acquis and the Internal Market The harmonisation of the exhaustion principle under the EU acquis can be divided into two interconnected yet separate stages. First, before the copyright harmonisation took off, in the absence of any common copyright legislation, the CJEU had to examine the compatibility of the exclusive rights under the national copyright laws with the objectives of the European Economic Community (EEC) Treaty. At this stage, the Court was not concerned with the content of copyright protection as such, but rather with a possible interference of divergent national laws with the objectives of the internal market. Second, based on the CJEU jurisprudence and in the course of Community expansion, the European Commission (EC) introduced a couple of Directives aiming at harmonising copyright laws across the Member States, simultaneously fulfilling obligations under the international treaties.

 Agreement on Trade-Related Aspects of Intellectual Property Rights, adopted in Marrakesh on 15 April 1994, Marrakesh Agreement Establishing the World Trade Organization, Annex 1C (TRIPs). 20  Yusuf and von Hase (1992), p. 130. 21  World Intellectual Property Office Copyright Treaty, adopted on Dec. 20, 1996, WIPO Doc. CRNRIDC/94 (WIPO Copyright Treaty). 22  See comment made by the delegation of Singapore in Records of the Diplomatic Conference on Certain copyright and neighbouring rights questions (1999). WIPO Publication, vol II, no 348, p. 613. 19

166

L. Oprysk

3.1  Exclusive Rights Versus the Internal Market The CJEU jurisprudence preceding the adoption of the Directives clarified four important matters. First, it would be against the objectives of the EEC Treaty to invoke the right of distribution under copyright to prevent importation of goods already lawfully put on the EEC market.23 The emphasis is on the ‘lawfully’ put on the market, as the consent of copyright holder for putting copies on the market was never articulated as a necessary condition for exhaustion by the CJEU in the case law preceding copyright harmonisation. Second, jurisprudence established that invoking the right of distribution to prevent the import of the copies which were lawfully put on the market in the third country could be justified on the grounds of industrial property protection.24 Third, while preventing importation of copies lawfully put on the market in one of the MS was against the EEC Treaty, it could nevertheless be justified if national law of the country of destination provided for the right of rental.25 Finally, the right holder could also rely on the right of distribution to prevent importation of copies which were initially lawfully put on the European Economic Area (EEA) market but in a MS where copyright protection had lapsed.26 Hence, the case law of this period neither precluded the international exhaustion, as it merely established that preventing import from the countries outside the Union can be justified, nor did it prescribe the conditions for it. The exhaustion was deemed compatible with the EEC Treaty as long as the copies lawfully put on the market in one of the MS were not prevented from entering the market of another MS, on the sole ground that the fist putting on the market did not take place in the latter MS. In other words, it only precluded exercising national exhaustion on the copies put into circulation in a different MS. Moreover, the jurisprudence permitted right holders to enforce their right of rental, irrespective of the exhaustion of distribution right that might have already taken place in a different MS. In the course of subsequent harmonisation, the EC seems to rely heavily upon a rigid interpretation of the CJEU jurisprudence, although there is a doubt whether it can be interpreted beyond the treatment of territoriality.27

 CJEU, Deutsche Grammophon Gesellschaft mbH v Metro-SB-Großmärkte GmbH & Co. KG, Case C 78/70, Judgment of 8 June 1971; CJEU, Musik-Vertriebmembran GmbH and K-tel International v GEMA, Joined cases C 55/80 and C 57/80, Judgment of 20 January 1981; CJEU, Dansk Supermarked A/S v A/S Imerco, Case C 58/80, Judgment of 22 January 1981. 24  CJEU, Polydor Limited and RSO Records Inc v Harlequin Records Shops Limited and Simons Records Limited, Case C 270/80, Judgment of 9 February 1982. 25  CJEU, Warner Brothers Inc and Metronome Video ApS v Erik Viuff Christiansen Case C 158/86, Judgment of 17 May 1988. 26  CJEU, EMI Electrola GmbH v Patricia Im- und Export and others, Case C 341/87, Judgment of 24 January 1989. 27  As elaborated by Westkamp (2007), pp. 319–320. 23

7  “Digital” Exhaustion and the EU (Digital) Single Market

167

3.2  Exhaustion Under the EU Directives Under Art. 345 of the Treaty of the Functioning of the European Union (TFEU), MS are free to legislate in the field of IP provided that the matter is not already harmonised on the EU level.28 The legislative activity of the EU in the field of copyright is mainly based on Art. 114 of the TFEU, which permits harmonising the national laws for the purpose of maintaining the internal market. The latter, however, has little in common with copyright and provides little guidance on the substance of the rules.29 The policy behind the copyright acquis lies in the protection of interests, the hierarchy of which cannot be established under the Treaty, resulting in a normative gap.30 Community exhaustion principle, as shaped by the preceding CJEU jurisprudence, was incorporated into the Directives predominantly under Art. 30 of the TFEU, which resulted in “an unintelligible equation between the basic freedoms to provide, on the one hand, trade and services under European Community law and, on the other hand, to provide classification of economic rights in intellectual property”.31 Exhaustion read solely under Art. 30 of the TFEU does not lead to a conclusion that its scope goes beyond the proprietary distribution right being exhausted when an article is out on the consumer market.32 Moreover, it is only evident that the very last act of distribution to the consumers shall exhaust the rights, and up to this point the distribution chain is treated differently under the national laws of the MS.33 Certain aspects of exhaustion were first harmonised in the act of secondary EU legislation under the Software Directive (SD).34 The wording of exhaustion under the Directive reflects then ongoing discussions on the international level. Inter alia, in order to secure the rental right, the differentiation between the acts resulting in a transfer of ownership and the acts merely constituting a transfer of possession was drawn.35 Exception to an exception to an exclusive right under the SD was, de facto, a proposal for introducing a right of rental for computer programs.36

 Cistaro (2016), p. 141.  Ramahlo (2014), p. 208. 30  Ibid, p. 224. 31  Westkamp (2007), p. 292. 32  Ibid, p. 322. 33  Ibid, p. 329. 34  Directive 2009/24/EC of the European Parliament and of the Council of 23 April 2009 on the legal protection of computer programs (Codified version), OJ L 111/16 (Software Directive). 35  For the discussion, see Committee of Experts on Model provisions for legislation in the field of copyright. First Session. Draft model provisions for legislation in the field of copyright. Memorandum prepared by the International Bureau. III Comments on the draft model provisions for legislation in the field of copyright. CE/MPC/I/2-III 1989. p. 20. 36  Gotzen (1990), p. 299. 28 29

168

L. Oprysk

Shortly after the SD, the principle was also codified under the Rental and Lending Rights Directive (RLRD).37 The adoption of the latter is of interest, although the exhaustion under the RLRD relates to the neighbouring rights only. Although the preparatory works held that exhaustion provision is a simple codification of the CJEU jurisprudence, the wording went clearly further. The language of the RLRD has later been copied verbatim into the Copyright Directive (CPD) without any discussion whatsoever.38 While the wording does not conflict with the CJEU jurisprudence, it is not entirely backed up by the judgments either. The CPD, also known as the InfoSoc Directive, is the main instrument of copyright harmonisation in the EU. The Art. 4.2 provides for the exhaustion of the right of distribution for all types of works and reads as follows: “The distribution right shall not be exhausted within the Community in respect of the original or copies of the work, except where the first sale or other transfer of ownership in the Community of that object is made by the rightholder or with his consent”.39 By harmonising the exhaustion principle under the CPD, the EC aimed to prevent the distortion of the internal market caused by disparities under the national laws.40 The European Economic and Social Committee did not evaluate the wording of the provision at the preparatory stage, but merely supported the position on the exhaustion’s territoriality (it being confined to the Community).41 Arguably, as put by the Committee and also stipulated in the preceding Green Paper, the Community exhaustion followed the CJEU jurisprudence.42 Codifying the case law under the CPD was perhaps a logical step in harmonising the particular matters of copyright. However, it appears to have gone clearly beyond what was mandated by the jurisprudence without a sound preparatory work. Copying the wording from the previous Directive, which was serving different objectives, does not seem satisfactory, especially in light of the overreaching character of the CPD.

 Council Directive 92/100/EEC of 19 November 1992 on rental right and lending right and on certain rights related to copyright in the field of intellectual property, OJ L 346/61. 38  Directive 2001/29/EC of the European Parliament and of the Council of 22 May 2001 on the harmonisation of certain aspects of copyright and related rights in the information society. OJ L 167/10 (Copyright Directive). 39  Ibid, Art. 4.2. 40  Proposal for a European Parliament and Council Directive on the harmonisation of certain aspects of copyright and related rights in the Information Society COM (97) 628 final, p. 27. 41  Opinion on the proposal for a Council Directive on the legal protection of computer programs. Economic and Social Committee 89/C 329/02. 42  Green Paper on Copyright and Related Rights in the Information Society. European Commission COM (95) 382 final, p. 47. 37

7  “Digital” Exhaustion and the EU (Digital) Single Market

169

4  Extending Exhaustion to the Digital Environment Nowadays, a significant share of works protected by copyright is disseminated online. More than fifty percent of the global music recording industry income comes from digital channels, as well as a substantial part of the film and publishing industry income.43 Partially, it can be attributed to the development of e-commerce and the emergence of various online marketplaces, which facilitate distribution of copies on or without tangible mediums. However, the most significant feature of online-­ enabled dissemination is making a work available to end-users in one way or another through the means of the network, without the involvement of tangible mediums, and on-demand basis. Digital dissemination becoming the main channel of distribution raises the question of appropriate regulation and application of existing legal norms. When it comes to the copyright aspect, one of the most debatable issues is the scope of exclusive rights online and their overlap.44 The applicability of the right of distribution to online dissemination and its exhaustion is one of the questions.45 While, primarily, the exhaustion applicability is subject to the copyright regulations, in the EU, it is also an important instrument of the single market. Accordingly, extending exhaustion to online dissemination is addressed in the context of copyright and from the internal market perspective.

4.1  Copyright Perspective The question whether the right of distribution can be applied to online dissemination and subsequently exhausted is an unresolved one. While there are arguments for and against it, one aspect is the consistency with the obligations under the international treaties. For instance, there is substantial support for the view that digital exhaustion is precluded under the WIPO CT and, expressly, under the Agreed Statement (AS) concerning Articles 6 and 7.46 The AS was offered by the Chairman of Diplomatic Conference to summarise the comments on the so-called umbrella solution.47 It reads as follows: “As used in these Articles, the expression ‘copies and originals’ being subject to the right of  International Federation of the Phonographic Industry (2019).  For instance, on the scope of the right of communication to the public. See Cook (2015), Leistner (2015), Hugenholtz and van Velze (2016), Quintais (2018) and Ohly (2018). 45  More on digital exhaustion see Linklater (2014), Rognstad (2014), Spedicato (2015), Savic (2015b), Hilty (2015) and Mysoor (2018). 46  On Agreed Statement precluding application of exhaustion online, see Savic (2015b), Rognstad (2014) and Karapapa (2014). 47  Records of the Diplomatic Conference on Certain copyright and neighboring rights. Draft Agreed Statements concerning Treaty NO. 1 submitted by Main Committee I to the Conference, meeting in Plenary. CRNR/DC/92 Corr. 1996. p. 2. 43 44

170

L. Oprysk

distribution and the right of rental, refer exclusively to fixed copies that can be put into circulation as tangible objects”.48 The meaning of the statement is often interpreted restrictively as precluding an application of exhaustion to copies lacking tangible support. Although this chapter does not aim to analyse the obligations in light of the AS, the author concurs with the opposite interpretation. The AS shall be read in light of the umbrella solution, according to which the Treaty obliges parties to provide copyright holders with an exclusive right to authorise digital transmissions without prescribing the right under which such acts shall fall.49 Therefore, for the purpose of the WIPO CT interpretation, it is important to differentiate between the acts that always fall under the distribution right under the Treaty (for instance, dissemination of tangible copies), and the acts of digital transmission, for which no particular right is prescribed. The AS merely indicates a minimum obligation to provide the right of distribution at least in respect of the tangible copies.50 It shall not be seen as precluding application of the right of distribution to digital transmissions, but as indicating that provisions of the article are aimed to cover solely the analogue distribution. The exhaustion principle under the CPD Directive has yet to be interpreted in the context of intangible dissemination. Some scholars, however, believe that the CJEU ruling in Art&Allposters indicated that the intangible copies are outside of the scope of the Art. 4.2.51 Although the justifiability of considering the issue at stake  in Art&Allposters from the perspective of exhaustion is a topic on its own, it is important to recall the aspects of exhaustion countering such conclusion.52 First, the exhaustion principle under the EU acquis only exempts the subsequent distribution of copies of a work from requiring an authorisation.53 Second, the CJEU seems to err submitting that the principle applies to tangible objects rather than a copy of a work itself, as the Court has rightly established in the later Ranks&Vasilevics judgment.54 Furthermore, the CJEU employed the principle of technological neutrality when ruling on exhaustion and related matters under other Directives.55 For instance, this  Records of the Diplomatic Conference on Certain copyright and neighboring rights questions (1999). p. 777. 49  Geiger (2015), p. 424. 50  Ficsor (2002), p. 486. 51  CJEU, Art & Allposters International BV v Stichting Pictoright, Case C 419/13, Judgment of 22 January 2015. On precluding digital exhaustion see Rosati (2015) and Savic (2015a). 52  For a detailed analysis see Griffiths (2016). Also, Sganga (2018). 53  Other rights are not affected by the exhaustion, as well as any new forms of exploitation. For instance, consider rental of distributed copies, subject to authorisation, although the exhaustion allows further resale of copies. See Warner Brothers Inc and Metronome Video ApS v Erik Viuff Christiansen, par. 14. 54  Art & Allposters International BV v Stichting Pictoright, par. 40. See also the comment on Ranks&Vasilevics below. 55  On the CJEU applying technology-neutral approach see Linklater-Sahm (2017), p.  1556; on exhaustion and neutrality Synodinou (2012), pp. 624–625. 48

7  “Digital” Exhaustion and the EU (Digital) Single Market

171

section draws attention to three judgments by the CJEU: in UsedSoft,56 Ranks&Vasilevics57 and VOB cases.58 The first two cases concerned the SD.  In UsedSoft, the Court ruled on the applicability of the exhaustion principle to the copies delivered online and lacking a tangible medium, and in Ranks&Vasilevics, on the notion of a subsequent acquirer of a copy relying on exhaustion. The VOB case concerned the applicability of the lending right to e-lending under the RLRD and the relevance of exhaustion under the CPD for the application of an exception to the exclusive lending right. In UsedSoft, the CJEU had to decide, inter alia, whether the right of distribution under the Directive was exhausted when an acquirer obtained his copy with the right holder’s consent by downloading it from the Internet. Interestingly enough, the Court did not start with examining whether the initial dissemination of copies fell under the right of distribution but proceeded directly to the conditions for exhaustion to occur. The only condition the Court established for a transaction to qualify for exhaustion was the first sale of a copy of a program.59 The CJEU found that a download of a copy of a computer programme for disposal unlimited in time in return for a fee constituted a transfer of ownership.60 The absence of a tangible medium made no difference, as a copy remained inseparable from a user license agreement from the point of view of the acquirer.61 Limiting the exhaustion principle to tangible copies would provide right holders with the excessive control over intangible copies, which would undoubtedly go beyond what is necessary to achieve the objectives of copyright protection.62 In Ranks&Vasilevics, the CJEU had to examine whether a lawful acquirer of a copy of a computer programme could rely on the copyright exhaustion to resell a backup copy of that computer programme. The Court recalled that the exhaustion concerns a copy of a programme and not the material medium on which it is placed.63 The significance of the judgment is in establishing, that, although an acquirer is not allowed to sell a backup copy of a computer programme if the original copy is damaged, destroyed or lost, he is not deprived of a possibility to resell it altogether. Although the judgment did not provide any guidance on how it might be achieved

 CJEU, UsedSoft GmbH v Oracle International Corp, Case C 128/11, Judgment of 3 July 2012.  CJEU, Aleksandrs Ranks, JurijsVasiļevičs v Microsoft Corp, Case C 166/15, Judgment of 12 October 2016. 58  CJEU, VerenigingOpenbareBibliotheken v StichtingLeenrecht, Case C 174/15, Judgment of 10 November 2016. 59  UsedSoft GmbH v Oracle International Corp, par. 38. 60  UsedSoft GmbH v Oracle International Corp, par. 44–46. 61  UsedSoft GmbH v Oracle International Corp, par. 47. 62  UsedSoft GmbH v Oracle International Corp, par. 53–63. 63  Aleksandrs Ranks, JurijsVasiļevičs v Microsoft Corp, par. 34. This is contrary to what the CJEU seems to indicate in Art&Allposters case, holding that the exhaustion applies to a tangible medium on which a copy is fixed. See Art & Allposters International BV v Stichting Pictoright, par. 40. 56 57

172

L. Oprysk

in practice, it suggests that a vendor shall allow a download of a copy through their webpage.64 The rulling in  Ranks&Vasilevics received somewhat limited attention, as its application at first glance seems somewhat narrow and based mainly on the findings in the landmark UsedSoft judgment.65 The outcome of UsedSoft and the Court’s reasoning resulted, on the other hand, into a lively debate on the future of exhaustion in the online environment. The ruling was extensively commented on. For instance, the judgment was criticised for misinterpreting the SD and the WIPO CT by extending the scope of the right of distribution under the SD.66 The judgment has also been characterised as dictated by a policy agenda to create exhaustion for software or even for all types of works.67 The justifiability of such intent was not dismissed altogether, but alternative ways of dealing with the matter were proposed.68 The VOB case, although dealing with a different matter and under a different Directive, provides an interesting precedent in the context of applying exhaustion online. Firstly, it extended the application of the lending right, which in many countries is a part of a broader distribution right, to online dissemination, finding no decisive ground to preclude the application of the lending right to the intangible copies.69 Secondly, and most importantly, it ruled that the MS could make an application of an exception to the lending right subject to the condition that the right of distribution is exhausted under Art. 4.2 of the CPD. The latter leads to a significant consequence. If the lending right covers also the intangible copies, and the right of distribution under the CPD does not, it essentially renders the extension of the lending right to intangible copies useless.70 By making the application of an exception to the lending right dependant on exhaustion, the application of which to intangible copies is debated, MS would de facto block the exception as such. This would obviously be contrary to the intent of both the EC and the CJEU. All three rulings have been apprised and criticised on many grounds, one of them being the argumentation of the Court behind interpreting the provisions of the Directives broadly. The paradox is that the Court’s approach of technological neutrality, praised by certain scholars, seems to lead to the very opposite effect. The rulings attempt to recreate the circumstances of the analogue dissemination to find online acts functionally equivalent to tangible distribution. Accordingly, rather than  The subsequent acquirer shall be able to download a copy from a vendor’s webpage, see Aleksandrs Ranks, JurijsVasiļevičs v Microsoft Corp, par. 54. 65  See, for example, Colby (2017), Wolk (2017), Geiregat (2017), Leistner and Antoine (2018) and Sganga (2018). 66  See, for example, Linklater (2014) and Rognstad (2014), pp. 4–9. 67  Savic (2015b), p. 426; Hilty (2015), p. 10. 68  Rognstad, for instance, criticised the Court for not putting aside the right of distribution and recalling inexhaustibility of the right of communication to the public. In his view, the CJEU could use alternative methods for enabling acquirers of software to dispose of it, for example based on the impediment on the free movement of goods under the TFEU Treaty. See Rognstad (2014), p. 15. 69  Vereniging Openbare Bibliotheken v Stichting Leenrecht, par. 44. 70  Also as stressed out by Linklater (2014), p. 1565. 64

7  “Digital” Exhaustion and the EU (Digital) Single Market

173

embracing the diversity of online dissemination, they attempt to force the analogue framework. The question is whether more flexible solutions could be found, either within or outside of copyright.

4.2  T  he Internal Market and the Digital Single Market Perspective Following few reports and draft White Papers by the European Parliament and the EC, the DSM Strategy was unveiled in 2015.71 The strategy aims to ensure that “Europe maintains its position as a world leader in the digital economy, helping European companies to grow globally”.72 It rests on three pillars: better access for consumers and business to online goods and services across Europe, creating the right conditions for digital networks and services to flourish, maximising growth potential for the European Digital Economy.73 Copyright protection is mentioned few times in the Strategy. Remarkably, it is found mostly in the context of the first pillar, corresponding to the better access to digital content and, thus, mainly oriented to consumers. Territoriality of the rights and their clearance could hinder end-users from acquiring content or accessing content-­based services from another MS. The digital environment enabled a variety of services, which, on the other hand, fall short of availability because of the lack of legal certainty. Three initiatives under the first pillar of the strategy have already been adopted. They aim at combating unjustified geo-blocking in e-commerce, the lack of access to digital services while outside of the home MS and the absence of remedies for non-conformity of digital content.74 Copyright is, however, largely outside of the scope of these instruments. Consumer protection is addressed from the contract law perspective and focuses mainly on purchasing and obtaining goods and services. Undoubtedly, exclusive rights under copyright come into contact with market freedoms more often in the DSM than in the internal market of tangible goods. In the absence of the influence from other fields of law (such as property law), copyright governs considerably more aspects of dissemination of digital goods and services. The impact of copyright on the market freedoms shifted from distorting the  On the preceding reports, see Jütte (2017), pp. 79–89.  COM(2015), 192 final, p. 7. 73  Ibid, pp. 3–4. 74  Regulation (EU) 2018/302 of the European Parliament and of the Council of 28 February 2018 on addressing unjustified geo-blocking and other forms of discrimination based on customers’ nationality, place of residence or place of establishment within the internal market and amending Regulations (EC) No 2006/2004 and (EU) 2017/2394 and Directive 2009/22/EC, OJ L 60I/1; Regulation (EU) 2017/1128 of the European Parliament and of the Council of 14 June 2017 on cross-border portability of online content services in the internal market, OJ L 168/1; Directive (EU) 2019/770 of the European Parliament and of the Council of 20 May 2019 on certain aspects concerning contracts for the supply of digital content and digital services. OJ L 136/1. 71 72

174

L. Oprysk

free movement of goods in the analogue internal market to hindering access and disposal of works in the DSM.  Prominently, the copyright protection rather than technological capabilities restrains the acquisition and the consumption of a work by end-users. While previously, the regulation of cross-border trade and parallel importation was at stake, it is increasingly the reasonable expectations of consumers which are contemplated. Territoriality of the protected rights and their exhaustion, while still playing a role in the DSM, is no longer of assistance to the EC or the CJEU in eliminating the impediment to the DSM. Namely, export or import of copies is not a crucial concern anymore, considering the way businesses operate and the absence of the bulk sale online. The early references to the CJEU, in which the Community exhaustion was articulated, were made in the context of the free movement of goods and the parallel importation. While similar issues are unlikely to arise in the DSM, consumer expectations became an increasingly debated area of concern.75 In the analogue world, the exhaustion principle was capable of mitigating multiple concerns by enabling a (relatively) free disposal of an acquired copy of a work, thus facilitating the free movement of goods in the internal market. In the era of digital dissemination and the DSM, the role and potential of the principle are ­uncertain. In circumstances where technology enables pervasive control over the distributed copies, and copyright endorses it, the exhaustion alone does not represent a comprehensive solution. For instance, intermediaries distributing intangible copies of a work or providing access to a work have a variety of technology-enabled instruments at their disposal to control and restrict the acquisition and the use of a work. Given that employing these technologies is protected under the copyright as Technological Protection Measures (TPM), the exhaustion of the right to control the distribution in isolation is not enough to facilitate a secondary market or enable further disposal of acquired items.76 Still, complete inapplicability of the exhaustion to the digital environment would be to the detriment of the DSM too.77 Another reason for exhaustion not being a perfect fit for dealing with the issues of online dissemination, is possibly an arbitrary distinction between goods and services in the DSM.78 The analogue internal market encountered conflicts with the exclusive rights mainly in the context of the free movement of goods, while services remained a somewhat grey area. The tendency has been to qualify most of the ways of providing copyright-protected content online as a provision of services rather than goods. A clear distinction has never been articulated, and it is safer for the stakeholders to treat online dissemination as sui generis depending on the circumstances.79 The digital environment enables combining features typically associated with the provision of both goods and services. Thus, qualification of the business  Guibault (2016), pp. 207–227.  More on the point in the context of e-books in Oprysk et al. (2017), pp. 133–135. 77  On the role of exhaustion for economic freedoms in the DSM, see Cistaro (2016), p. 134. 78  More on this aspect see Mysoor (2018), pp. 677–683. 79  Hojnik (2016), p. 83. 75 76

7  “Digital” Exhaustion and the EU (Digital) Single Market

175

models operating online under one of the categories seems rather outdated. A further discussion, however, is outside of the scope of this chapter. Finally, yet importantly, as was briefly addressed in the previous section, even the so-called technology-neutral approach to the exhaustion under the EU acquis can be of detriment to the further development of the DSM. The approach is characterised by the lack of flexibility which is required to fully embrace the potential of technology. The wording of the exhaustion principle dates back to the analogue dissemination and serves to achieve the objectives articulated at that time. Enabling the “digital” exhaustion by forcing the legacy of the analogue framework upon the online dissemination bears the danger of achieving less than possible in balancing the copyright and consumer protection.

5  R  eference in Tom Kabinet and Future of the Digital Single Market The long-awaited reference for a preliminary ruling from the Dutch Court has recently reached the CJEU.80 For the first time, the CJEU is asked to rule on the applicability of the exhaustion to intangible copies and the scope of the right of distribution online under the CPD. Besides the distribution right, the referring Court also asks for a ruling on the right of reproduction for the subsequent disposal of a copy, which is outside of the scope of this enquiry. Essentially, the CJEU is asked whether a remote distribution of e-books at a price ensuring a fair remuneration of copyright holders falls under the Art. 4.1 of the CPD. If the question is answered in the affirmative, the next question is whether a download for an unlimited time, which meets the conditions of the first question, exhausts the right of distribution. These are precisely the questions that occupied the scholars ever since UsedSoft.81 The judgment would cause profound consequences regardless of the outcome. However, it would neither put the discussion nor the possibility to facilitate a potential secondary market to an end. If not for other reasons, the ruling would become an important precedent on the extent of copyright protection online and the scope of the exclusive rights. An affirmative answer to the questions would inevitably result in a lively debate on the creation of a secondary market for digital copies. The latter, as has been demonstrated in the previous section, is not a straightforward task and depends largely on the vendor’s ability to circumvent the exhaustion of the distribution right by applying TPM and/or exercising the rights other than distribution, such as the reproduction right. Nonetheless, the subsequent discussion would also largely depend on the affirmative answer to the remaining questions on the right of reproduction.

80 81

 CJEU, Nederlands Uitgeversverbond and Groep Algemene Uitgevers, Case C 263/18.  Among others, Schulze (2014), Savic (2015b) and Rosati (2015).

176

L. Oprysk

In addition, the affirmative answer would also trigger a further debate on the reasonable expectations of consumers in light of the exhaustion of the right of distribution. Intermediary’s willingness to meet the expectations of the end-users could become a key factor for developing business models matching the interests of both right holders and consumers. Nevertheless, intermediaries also have the advantage of being able to adapt to the changing circumstances, as observed after UsedSoft judgment. Since the referring Court asks about the exhaustion solely in the context of a copy provided on a time-unlimited basis, vendors could unilaterally change their licensing model from a perpetual to a time-limited one. Much of the content online is already distributed on a time-limited subscription-based basis. Accordingly, the criteria of the exhaustion applicability, which is based on the duration of a license, is serving neither the legal certainty nor consumer expectations. On the contrary, answering the questions in the negative would eliminate the exhaustion as the boundary of the exclusive distribution right from the tools for creating the DSM. It certainly does not mean that denying the “digital” exhaustion would put to an end any possibility of restricting the exclusive rights in the context of online dissemination. Other instruments, such as consumer protection or competition law, could potentially be used for this purpose. Notwithstanding, the exhaustion principle would be a more powerful tool, as it restricts the exercise of the exclusive right by confining its boundaries. Furthermore, denying the exhaustion’s applicability in the digital environment could foreclose further development in this field or cause the stagnation in adapting the copyright to the digital age.

6  Conclusions The CJEU ruling in the upcoming reference from the Dutch Court on the applicability of the copyright exhaustion to online dissemination would become a landmark case for the EU copyright acquis and an important one for the future of the copyright protection online. In addition, it would cause broad implications for other fields of law and the current harmonisation efforts on the EU level. The transition to the digital dissemination is on-going and so are the efforts to modernise the EU legal framework to unlock the full potential of the DSM. In light of the exhaustion’s role in enabling the analogue EU internal market, the upcoming reference provides a chance to employ the concept to serve the DSM. Nevertheless, the implications caused by the copyright online are different from that in the analogue world and shall be accounted for. While the ruling endorsing the application of the copyright exhaustion online would contribute to the certain aspects of the DSM, namely the protection of reasonable consumer expectations, it would not eliminate the challenges the DSM is facing in this area in its entirety. The copyright aspect in isolation would not be capable of resolving the difficulties in a way comparable to the analogue world. Nevertheless, opting for denying the “digital” exhaustion altogether could deprive the courts of a powerful instrument for balancing the divergent objectives of copy-

7  “Digital” Exhaustion and the EU (Digital) Single Market

177

right protection. As seen in the aftermath of UsedSoft, the exhaustion’s applicability did not severely affect the industry, but might even have encouraged further development. Accordingly, the reference would be very timely and encourage further discussion on the matter. Notwithstanding, it also bears a risk of resulting in a shortcoming by ruling on a specific aspect of online dissemination rather than developing a comprehensive solution for resolving the conflict between the exclusive rights and the objectives of the DSM.

References Agreement on Trade-Related Aspects of Intellectual Property Rights, adopted in Marrakesh on 15 April 1994, Marrakesh Agreement Establishing the World Trade Organization, Annex 1C Cistaro M (2016) The interface between the EU copyright law and the fundamental economic freedoms of trade and competition in the digital single market: from the FAPL case to the decision in UsedSoft. Queen Mary J Intellect Prop 6(2):133–153 CJEU, Aleksandrs Ranks, JurijsVasiļevičs v Microsoft Corp, Case C166/15, Judgment of 12 October 2016 CJEU, Art & Allposters International BV v Stichting Pictoright, Case C 419/13, Judgment of 22 January 2015 CJEU, Dansk Supermarked A/S v A/S Imerco, Case C 58/80, Judgment of 22 January 1981 CJEU, Deutsche Grammophon Gesellschaft mbH v Metro-SB-Großmärkte GmbH & Co. KG, Case C 78/70, Judgment of 8 June 1971 CJEU, EMI Electrola GmbH v Patricia Im- und Export and others, Case C 341/87, Judgment of 24 January 1989 CJEU, Musik-Vertriebmembran GmbH and K-tel International v GEMA, Joined cases C 55/80 and C 57/80, Judgment of 20 January 1981 CJEU, Nederlands Uitgeversverbond and Groep Algemene Uitgevers, Case C 263/18 CJEU, Polydor Limited and RSO Records Inc. v Harlequin Records Shops Limited and Simons Records Limited, Case C 270/80, Judgment of 9 February 1982 CJEU, UsedSoft GmbH v Oracle International Corp, Case C 128/11, Judgment of 3 July 2012 CJEU, VerenigingOpenbareBibliotheken v StichtingLeenrecht, Case C 174/15, Judgment of 10 November 2016 CJEU, Warner Brothers Inc and Metronome Video ApS v Erik Viuff Christiansen, Case C 158/86, Judgment of 17 May 1988 Colby J (2017) Back-ups on non-original tangible copies do not benefit from the doctrine of exhaustion. J Intellect Prop Law Pract 12(2):83–84 Commission Staff Working Document: A Digital Single Market Strategy for Europe - Analysis and Evidence. Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions. A Digital Single Market Strategy for Europe SWD (2015), 100 final Committee of Experts on a Possible Protocol to the Berne Convention. First Session. Questions concerning a possible protocol to the Berne Convention Part II. (Draft). Memorandum prepared by the International Bureau. BCP/CE/I/3 1991 Committee of Experts on Model provisions for legislation in the field of copyright. First Session. Draft model provisions for legislation in the field of copyright. Memorandum prepared by the International Bureau. III Comments on the draft model provisions for legislation in the field of copyright. CE/MPC/I/2-III 1989

178

L. Oprysk

Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions, A Digital Single Market Strategy for Europe COM(2015), 192 final Cook T (2010) Exhaustion – casualty of the borderless digital era. In: Bentley L, Suthersanen E, Torremans P (eds) Global copyright: three hundred years since the Statute of Anne, from 1709 to cyberspace. Edward Elgar, pp 354–366 Cook T (2015) The restricted act of making available and communication to the Public in the European Union. J Intellect Prop Rights 20:60–66 Council Directive 92/100/EEC of 19 November 1992 on rental right and lending right and on certain rights related to copyright in the field of intellectual property, OJ L 346/61 Directive 2001/29/EC of the European Parliament and of the Council of 22 May 2001 on the harmonisation of certain aspects of copyright and related rights in the information society. OJ L 167/10 Directive 2006/115/EC of the European Parliament and of the Council of 12 December 2006 on rental right and lending right and on certain rights related to copyright in the field of intellectual property, OJ L 376/28 Directive 2009/24/EC of the European Parliament and of the Council of 23 April 2009 on the legal protection of computer programs (Codified version), OJ L 111/16 Directive (EU) 2019/770 of the European Parliament and of the Council of 20 May 2019 on certain aspects concerning contracts for the supply of digital content and digital services. OJ L 136/1 Ficsor M (2002) The law of copyright and the Internet: the 1996 WIPO treaties, their interpretation and implementation. Oxford University Press Gallego BC (2003) The principle of exhaustion of rights and its implications for competition law. Int Rev Intellect Prop Compet Law 34(5):473–502 Geiger C (2015) In: Stamatoudi I, Torremans P (eds) EU Copyright Law. Edwar Elgar Geiregat S (2017) Digital exhaustion of copyright after CJEU judgment in Ranks and Vasiļevičs. Comp Law Secur Rev 33(4):521–540 Gotzen F (1990) Distribution and exhaustion in the EC. Eur Intellect Prop Rev 12(8):299–303 Green Paper on Copyright and Related Rights in the Information Society. European Commission, COM (95) 382 final Griffiths J (2016) Exhaustion and the Alteration of Copyright Works in EU Copyright Law  – (C-419/13) Art & Allposters International BV v Stichting Pictoright. ERA Forum 2016. Available via SSRN. https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2784704 Guibault L (2016) Individual licensing models and consumer protection. In: Hilty R, Liu KC (eds) Exploring sensible ways for paying copyright owners? Springer, pp 207–227 Hilty R (2015) “Exhaustion” in the digital age. Max Planck Institute for Innovation and Competition Research Paper No. 15-09, 2015. Available via SSRN. https://papers.ssrn.com/sol3/papers. cfm?abstract_id=2689518 Hojnik J (2016) Technology neutral EU law: digital goods within the traditional goods/services distinction. Int J Law Inf Technol 25:63–84 Hugenholtz PB, van Velze SC (2016) Communication to a new public? three reasons why EU copyright law can do without a “New public”. Int Rev Intellect Prop Compet Law 47:797–816 International Federation of the Phonographic Industry (2019) Key Statistics of 2018. Available via IFPI. http://www.ifpi.org/global-statistics.php Jehoram HC (1994) The EC copyright directives, economics and authors’ rights. Int Rev Intellect Prop Compet Law 25(6):821–840 Jütte BJ (2017) Reconstructing European copyright law for the digital single market. Nomos Verlagsgesellschaft Karapapa S (2014) Reconstructing copyright exhaustion in the online world. Intellect Prop Q 4:307–325 Katz A (2014) The first sale doctrine and the economics of post-sale restraints. Brigham Young Univ Law Rev 1:55–142

7  “Digital” Exhaustion and the EU (Digital) Single Market

179

Leistner M (2015) Copyright at the interface between EU law and national law: definition of “work” and “right of communication to the public”. J Intellect Prop Law Pract 10(8):626–637 Leistner M, Antoine L (2018) Exhaustion and Second-Hand Digital Goods/Contents. In: Heath C, Kamperman Sanders A, Moerland A (eds) Intellectual Property Rights as Obstacles to Legitimate Trade? Wolters Kluwer, ​pp 159–180 Linklater E (2014) UsedSoft and the big bang theory: is the e-exhaustion meteor about to strike? J Intellect Prop Inf Technol Electron Commer Law 5(1):12–22 Linklater-Sahm E (2017) The libraries strike back: the “right to e-lend” under the rental and lending rights directive: VerenigingOpenbareBibliotheken. Common Mark Law Rev 54:1555–1570 Longdin L, Lim PH (2013) Inexhaustible distribution rights for copyright owners and the foreclosure of secondary markets for used software. Int Rev Intellect Prop Compet Law 44(5):541–568 Lucas A (2010) International exhaustion. In: Bentley L, Suthersanen E, Torremans P (eds) Global copyright: three hundred years since the Statute of Anne, from 1709 to cyberspace. Edward Elgar, pp 304–320 Mysoor P (2018) Exhaustion, non-exhaustion and implied licence. Int Rev Intellect Prop Compet Law 49(6):656–684 Ohly A (2018) The broad concept of “communication to the public” in recent CJEU judgments and the liability of intermediaries: primary, secondary or unitary liability? J Intellect Prop Law Pract 13(8):664–675 Opinion of AG on the case EMI Electrola GmbH v Patricia Im- und Export and others, C 341/87, Opinion of 29 November 1988 Opinion on the proposal for a Council Directive on the legal protection of computer programs. Economic and Social Committee 89/C 329/02 Oprysk L, Matulevičius R, Kelli A (2017) Development of a secondary market for e-books: the case of Amazon. J Intellect Prop Inf Technol Electron Commer Law 8(2):128–138 Proposal for a European Parliament and Council Directive on the harmonisation of certain aspects of copyright and related rights in the Information Society COM (97) 628 final Quintais JP (2018) Untangling the hyperlinking web: in search of the online right of communication to the public. J World Intellect Prop 21(3-4):1–36 Ramahlo A (2014) Copyright law-making in the EU: what lies under the ‘internal market’ mask? J Intellect Prop Law Pract 9(3):208–224 Rb Den Haag, NUV v Tom Kabinet, 12 July 2017, ECLI:NL:RBDHA:2017:7543 Records of the Diplomatic Conference on Certain copyright and neighboring rights. Draft Agreed Statements concerning Treaty NO. 1 submitted by Main Committee I to the Conference, meeting in Plenary.CRNR/DC/92 Corr. 1996 Records of the Diplomatic Conference on Certain copyright and neighboring rights questions (1999) WIPO Publication, vol II, no 348 Regulation (EU) 2017/1128 of the European Parliament and of the Council of 14 June 2017 on cross-border portability of online content services in the internal market, OJ L 168/1 Regulation (EU) 2018/302 of the European Parliament and of the Council of 28 February 2018 on addressing unjustified geo-blocking and other forms of discrimination based on customers’ nationality, place of residence or place of establishment within the internal market and amending Regulations (EC) No 2006/2004 and (EU) 2017/2394 and Directive 2009/22/EC, OJ L 60I/1 Rognstad OA (2014) Legally flawed but politically sound? Digital exhaustion of copyright in Europe after UsedSoft. Oslo Law Rev 1:1–19 Rosati E (2015) Online copyright exhaustion in a post-Allposters world. J Intellect Prop Law Pract 10(9):673–681 Rubí Puig A (2013) Copyright exhaustion rationales and used software: a law and economics approach to oracle v. UsedSoft. J Intellect Prop Inf Technol Electron Commer Law 4(3):159–178 Savic M (2015a) The CJEU Allposters Case: beginning of the end of digital exhaustion? Eur Intellect Prop Rev 37(6):389–394

180

L. Oprysk

Savic M (2015b) The legality of resale of digital content after UsedSoft in subsequent German and CJEU case law. Eur Intellect Prop Rev 37(7):414–429 Schovsbo J (2010) Exhaustion of Rights and Common Principles of European Intellectual Property Law. Available via SSRN. http://ssrn.com/abstract=1549526 Schulze EF (2014) Resale of digital content such as music, films or eBooks under European law. Eur Intellect Prop Rev 36(1):9–13 Sganga C (2018) A plea for digital exhaustion in EU copyright law. J Intellect Prop Inf Technol Electron Commer Law 9(3):211–239 Slotboom MM (2003) The exhaustion of intellectual property rights: different approaches in EC and WTO law. J World Intellect Prop Law 6(3):421–440 Spedicato G (2015) Online exhaustion and the boundaries of interpretation. In: Caso R, Giovanella F (eds) Balancing copyright law in the digital age. Springer, Berlin, pp 27–64 Synodinou T (2012) The principle of technological neutrality in European copyright law: myth or reality? Eur Intellect Prop Rev 34(9):618–627 Tjin Tai ET (2003) Exhaustion and online delivery of digital works. Eur Intellect Prop Rev 25(5):2017–2211 Westkamp G (2007) Intellectual property, competition rules, and the emerging internal market: some thoughts on the European Exhaustion Doctrine. Marquette Intellect Prop Law Rev 11(2):291–335 World Intellectual Property Office Copyright Treaty, adopted on Dec. 20, 1996, WIPO Doc. CRNRIDC/94 WIPO Performances and Phonograms Treaty S. Treaty Doc. No. 105-17, 36 ILM 76 (1997) Wolk S (2017) CJEU holds that reproduced copies cannot be resold. Eur Intellect Prop Rev 39(2):125–126 Yusuf A, von Hase AM (1992) Intellectual property protection and international trade – exhaustion of rights revisited. World Compet 16(1):115–131

Part II

Emerging Technologies and New Digital Challenges

Chapter 8

Spoilers Under European Internet Law Philippe Jougleux

Abstract  This chapter discusses the legal framework of “spoilers”, defined here as the revelation of elements of a plot of a piece of fiction that the public is not yet aware of. The author distinguishes between “relative spoilers”, i.e., information about an already published work of mind, and “absolute spoilers”, i.e., information about a non-published work of mind. In the first part, it is argued that relative spoilers do not raise any liability as the person who publishes the spoiler is protected by freedom of expression. However, the question of moderation touches on sensitive legal issues related to the need to enforce a stronger horizontal effect of freedom of expression on the Internet. The second part focuses on the “absolute spoiler” and considers it as a form of information theft that is nowadays regulated by the Directive on trade secrets. In the third and last part of the chapter, the author shows how, alternatively, copyright law could be of use in guarding against both relative and absolute spoilers.

1  Introduction In the Internet society, people vote, comment, post, value, like, dislike, rate, follow and tweet. This enormous amount of information is mainly based on subjective values. Such communication, being an expression of the personality of the person concerned, also represents an indication to others on what to see, what to watch or what to read. For better or worse, everybody becomes an art critic. However, how can we talk or write about a movie, a TV show or a book without explaining it and without revealing what we liked or not? There is a great temptation to explain the plot, the mysteries, the big secret and all of these mechanisms of suspense the author had inserted into the story, to arouse the interest of the reader or the viewer. This phenomenon is commonly described as spoiling the movie, on the assumption that the revelation will “spoil” all of the interest in the movie or book. P. Jougleux (*) School of Law, European University Cyprus, Nicosia, Cyprus e-mail: [email protected] © Springer Nature Switzerland AG 2020 T.-E. Synodinou et al. (eds.), EU Internet Law in the Digital Era, https://doi.org/10.1007/978-3-030-25579-4_8

183

184

P. Jougleux

New practices have appeared, such as the indication on the title of an article that certain information will be revealed, by adding the expression “spoiler alert”. From a legal aspect, however, this question poses some new challenges that have not really been explored in detail yet by the doctrine. In a global entertainment system with simultaneous broadcasting of the most popular TV shows worldwide, a spoiler would potentially inflict huge economic damage on the right holders on the one hand, as the interest in the show will be diminished, and moral damage on the users on the other hand, as they are no longer in a position to fully appreciate the immaterial good. Furthermore, the legal issues posed by the spoiler offer a great opportunity to reassess and discuss the evolutions of fundamental principles related to regulation of the Internet, such as the extent of freedom of expression or the protection of information. To better understand the legal issues related to spoilers, two categories of spoilers have to be distinguished. The first scenario concerns sensitive information about a work of mind that has already been published or broadcast (Sect. 2). The information discloses an important part of the story, but the source of the information enjoyed legal access to it, whereas the public may or may not have had the opportunity to access it. In this case, the spoiler can be described as a “relative spoiler”. While there is, on the face of it, no doubt that a relative spoiler should be covered by the human right of freedom of expression, its existence and its boundaries offer a great opportunity to discuss its effectiveness on the Internet. The second category of spoiler could, on the other hand, be defined as an “absolute spoiler”. It concerns the publication of sensitive information about a work of mind that has not yet been published or broadcast. Subsequently, the hypothesis of a piece of information about a non-published work, or “absolute spoiler” will be analysed. This situation is deemed to activate various legal protection mechanisms covering confidential information, mainly the protection of trade secrets (Sect. 3). However, it is also possible that copyright law could prove to be a useful legal instrument used against spoilers in certain circumstances (Sect. 4).

2  L  egal Aspects of the “Relative Spoiler”: The Impossible Protection Legal frameworks of extra-contractual liability—either torts or civil liability—fail to effectively protect the victim of a relative spoiler (Sect. 2.1). The rationale behind this is the protection of freedom of expression (Sect. 2.2). However, the extensive use of contract law in the digital environment might change this equilibrium (Sect. 2.3).

8  Spoilers Under European Internet Law

185

2.1  T  heoretical Background on Information from a Civil Law Aspect From the point of view of the law of obligations, would it be possible for someone to be liable for the act of disclosing a spoiler to another person? This issue is not related to honour, privacy or false statement, where legal protection mechanisms are traditionally recognised. As a form of negligent statement, would it be possible to argue that the “spoiling person” has breached a legal or common law duty to refrain from publishing spoilers, from a common law perspective? No such duty exists for the moment and even if it did exist, the tort of negligence would also presuppose the existence of a close relationship. Specifically regarding negligent statement, the Hedley Byrne case law1 establishes a number of very strict conditions: the declarant must be a specialist, he must have known that the other person will have confidence in his expertise and he must accept the possibility of incurring liability. This leads to the conclusion that spoiling persons cannot be sued for negligence. Even if the spoiler is intentional, in the sense that the spoiler is told to a specific person, with the aim of ruining the entire movie or book experience, this would fall within the legal framework of intentional infliction of emotional distress. However, this tort is rarely used and for instance in the UK, the Supreme Court recently had the occasion to limit its application solely to cases where lies are told.2 This reasoning also applies in civil law countries. Extra-contractual liability in civil law countries is not limited to acts or omissions and should in theory also apply to statements. However, in practice, this encounters huge difficulties. Characteristically, in France, a decision of the Supreme Court in 20053 expressly halted any effort to base liability for statements on the general rule of delict liability. In this case, a newspaper published a fiction about a real tragedy, describing in great detail the characters and feelings of the protagonists. The Court of Appeal considered that there was no element of violation of privacy. However, the Court found the newspaper guilty on the grounds of Article 1382 of the Civil Code on extra-­ contractual liability for fault. The Supreme Court did not follow this reasoning and established the principle that “According to section 1382 of the Civil Code; Abuse of freedom of expression against persons cannot be used as grounds for legal action on the basis of this text”.4 This decision has been confirmed as a new piece of Supreme Court case law by following decisions previously made,5 although s­ cholars

 Hedley Byrne & Co Ltd v Heller & Partners Ltd (1964) AC 465 (HL).  Rhodes v OPO [2015] UKSC 32. 3  Cour de Cassation, Chambre civile 1, du 27 September 2005, 03-13.622, Publié au bulletin 2005 I N° 348 p. 289. 4  “Vu l’article 1382 du Code civil; Attendu que les abus de la liberté d’expression envers les personnes ne peuvent être poursuivis sur le fondement de ce texte”. 5  See for instance Cour de Cassation, 1 re ch. civ. 2013, Comité du débarquement c/ Mme X. et AspEG. 1 2

186

P. Jougleux

do not unanimously agree on this change, since the Court does not base its logic on any specific text that would explain this solution.6 Therefore, both in common law and civil law systems, only contract law, by means of a non-disclosure agreement, can create an obligation of silence between two persons. Furthermore, although the possibility of extra-contractual liability for fault was accepted for the publication of a “relative spoiler”, the question of assessing the extent of damages would be far from clear. While courts traditionally possess a vast degree of discretion in terms of asserting the emotional distress suffered by the plaintiff, some research seems to prove that the victims of spoilers tend to appreciate the story to a greater extent than they would if they had not read the spoiler.7 This is explained by the idea that, once they are aware of the big secret harboured by the story, the reader or viewer will try to find some hints of it as a kind of game in the previous chapters.

2.2  T  he “Relative Spoiler” Protected by Freedom of Expression If civil law does not offer extra-contractual solutions to protect the user’s interest to fully enjoy a work of mind, the explanation can be found in freedom of expression and the jurisprudential interpretation of Article 10 of the European Convention on Human Rights (ECHR). Even if, from a European perspective, freedom of expression is not recognised as an absolute human right, extensive case law built up by the European Court of Human Rights (ECtHR) indicates that interference with freedom of expression is accepted only based on the cumulative application of three conditions: the interference has to involve a legitimate purpose, prescribed by law and necessary in a democratic society. Article 10 (2) of the ECHR lays down a list of legitimate interferences. In terms of the scope of this analysis, the most relevant part of this list is the indication of confidential information as a legitimate interest. In other words, only if the information is confidential in nature (i.e., the case of the “absolute spoiler”, not the “relative” one) it would be possible to take legal action against its publication. Characteristically, in the “Observer and Guardian”8 case of 1991, the European Court had to decide whether gagging orders issued against the publication of quotes from a book named “Spycatcher” would be legitimate. The book described the life of a secret agent and potentially revealed secret defence information. The Court ruled that while the injunction would have been legitimate before the publication of the book, from the moment the book was published in the United States of America (USA), the information had lost its confidentiality. Before the publication of the  Derieux (2014). See at the opposite, Latil (2014).  See Kiderra (2011). 8  ECHR, Observer et Guardian, App No 13585/88, 26 November 1991. 6 7

8  Spoilers Under European Internet Law

187

book “Spycatcher” in the USA, national security interests would have prevailed and the gagging order would have been legitimate; afterwards, however, the information had lost its confidentiality, and therefore freedom of expression would prevail.

2.3  T  he Controversial Use of Contract Law as a Censorship Tool Consequently, no liability arises from the publication of “relative spoilers”, since the latter are protected by the human right of freedom of expression. However, self-­ regulation could constitute a solution to this, through the adoption, for instance, of ethical measures. In other words, once more in the case of Internet law, intermediaries are called upon to give an answer to this issue. This is characteristic of how most content-hosting services have implicitly evolved into content editors. For instance, the most popular TV shows are nowadays imported from the USA. The TV show is simultaneously broadcast on European channels, but this unavoidably means the new episode will be broadcast at around 2 am. Even if the public opts for broadcasting the next day, journalists will have already had access to it. Spoilers in the form of pictures from the movie, click bait titles and, of course, all spoiler articles will then submerge social media and news aggregators. Users will find it impossible to avoid spoilers and the only solution would therefore be to apply a kind of moderation. Private initiatives for the creation of an ethical code governing spoilers have multiplied in recent years. This code usually first proposes a “Fair warning” (the indication “spoiler alert” in the title, for instance), combined with a “three-year test”.9 Three years after the first publication of the work is long enough to consider that the information is “safe” to reveal to everyone. These codes are obviously not enforceable by themselves. However, they can be adopted by a service provider as part of its terms and conditions. Curiously, contract law is in this case being updated to have the role of a moderation tool. Incidentally, the validity of this “contract law approach to Internet expression” leads on to the issue of its horizontal effects. Indeed, regarding “relative spoilers”, adopting a practical approach, the question is whether the Internet hosting service can or even must moderate the spoiling comment. The ECtHR has already admitted, on a case related to freedom of expression, that the human rights protected by the Convention apply not only to the relationship between the State and its citizens, but also between citizens themselves.10 This corresponds to the indirect horizontal effect of the Convention’s theory,11 which is consecrated by the use of the mechanism of a positive duty. In other words, under certain circumstances (and not  See Bartz and Ehrlich (2012).  Fuentes Bobo c. Espagne, no 39293/98, 29 Février 2000. 11  See Bioy (2012). 9

10

188

P. Jougleux

s­ ystematically), it is held that Member States have a positive duty to protect the application of freedom of expression between individuals. Is the abuse by the hosting service of the right to moderate the service concerned by its application? Is it illegal for a content-hosting service, applying its term and conditions, to delete a spoiler (and sometimes, by extension, to terminate the contract with the user, closing his or her account)? In the case Appleby and Others v UK,12 in relation to the refusal by a company to install a stand, the ECtHR decided that Member States had no positive duty to enforce freedom of expression in this situation, since a positive duty here would violate the right to property (Art.1 of the First Additional Protocol of the ECHR). By extension and extrapolating on this case, the right to property of the hosting service on its server would justify some messages being moderated if they violate the contractual terms of the service. This situation leaves a lot of discretionary powers to the hosting service. In practice, the problem of the horizontal effect of freedom of expression leads to a severe limitation of its protection, as the major part of online media expression is managed by the private sector.13 On the other hand, the ECtHR has recently accepted the right of access to information as a part of freedom of expression.14 Furthermore, the freedom to receive information—does not extend only to reports of events of public concern, but also covers cultural expressions and entertainment.15 From this perspective, therefore, the moderation of messages would constitute a violation of the freedom to receive information, if it is not justified by the illegality of the information… or a violation of the contractual terms of service. However, contract law can be an uncertain tool for arbitrating this discussion and its use may, paradoxically, turn against the hosting service company. On the one hand, a violation of the terms of service is deemed sufficient grounds to delete the comment and to close the account. On the other hand, it could be asserted that every message that is not clearly in breach of the legislation should remain on the server, thanks to the application of the mechanism of implied terms of contract law. The recent French case regarding the famous painting “l’ Origine du monde” (Gustave Courbet, 1866), which shows a close-up view of the genitals and abdomen of a naked woman, is characteristic of this problem. A French teacher had posted a picture of the painting on his Facebook account and the company closed it for violating the social network's rules barring nudity. The teacher protested and claimed it was a form of censorship. The French court ruled on 15 March 2018 that Facebook failed to fulfill its contractual obligations towards the user, since it deactivated the account “without giving Frédéric Durand a reasonable period of notice and without specifying the reasons for this deactivation”.16 Therefore, while no violation of freedom of expression per se was found, freedom of expression was indirectly protected, thanks to the application of contract law.  ECHR, Appleby et autres v Royaume-Un, App No 44306/98, 24 September 2003.  See Hartmann (2013). 14  See Bychawska-Siniarska (2017). 15  ECHR, Khurshid Mustafa and Tarzibachi v Sweden, App No 23883/06, 16 March 2009. 16  See Stapley-Brown (2018). 12 13

8  Spoilers Under European Internet Law

189

Applying these findings to “relative spoilers”, it is possible to conclude first that although they do not give rise to liability, the spoiler’s author is not however protected against private censorship. This issue is still uncertain, since the legal mechanism of implied terms could be used by the courts as a safeguard against the broad discretionary powers left to private companies on the freedom of expression online.

3  L  egal Aspects of the “Absolute Spoiler”: A Case of Information Theft The problem of the absolute spoiler forms part of the thorny issue of the protection of confidential information. While the traditional answers to this questionnaire were vague and incomplete (Sect. 3.1), the new Directive on trade secrets17 lays down a serious basis for greater legal certainty (Sect. 3.2).

3.1  Information Protection in the Digital Age From a property law point of view, the question at stake is that of information defined as a good. This discussion is not novel. For instance, the French scholar Prof. Catala already proposed it in the early 1980s.18 All the theory of ownership of information presupposes that there is a form of possession of the information or, in other words, a de facto monopolistic control over it. In the case of “relative spoilers”, the information has already been communicated to the public. Any form of exclusive possession has, therefore, been lost. However, in the case of “absolute spoilers”, the question of ownership should be considered, since the confidentiality of the information has to be interpreted as a form of possession. Various legal frameworks have been created to protect information in specific cases. In this discussion, legal scholars mostly criticise19 the contentious European protection of the database maker by the database sui generis right.20 Furthermore, in its 2017 Communication on “Building a European Data Economy” the Commission introduced the perspective of creating, at European Union (EU) level, a ‘data producer’s right’ that would protect industrial data against the world.21 However, the  Directive (EU) 2016/943 of the European Parliament and of the Council of 8 June 2016 of the protection of undisclosed know-how and business information (trade secrets) against their unlawful acquisition, use and disclosure, OJ L 157. 18  See Catala (1984). 19  See Trosow (2005). 20  Directive 96/9/EC of the European Parliament and of the Council of 11 March 1996 on the legal protection of databases, OJ L 77. 21  Communication from the Commission to the European Parliament European Commission, the Council, the European Economic and Social Committee and the Committee of the Regions, Building a European Data Economy COM (2017) 9 final. 17

190

P. Jougleux

confidentiality of information, from a civil law perspective, has never been enough for the courts to be convinced of the need to apply a general property law mechanism. The law of obligations is used to protect the confidentiality of information against wrongful curiosity, using various mechanisms, according to the legal tradition of each country. First, every country recognises that certain specific duties of confidentiality apply to specific categories of professionals. Subsequently, in common law countries, the tort of breach of confidential information could be of use. For instance, the case of Douglas v Hello! Ltd22 discussed the legality of unauthorised photography of the wedding of two public personalities. It should be noted that in this case, there was strict security in place at the event and no guests were allowed to take photographs: the event was closed to the media and guests were told to surrender any equipment which could be used to take photographs. The court stated that for a breach of confidence to occur, certain requirements have to be met: the information must have “the necessary degree of confidence about it”; the information is provided in circumstances importing an obligation of confidence; there is an unauthorised use or disclosure of that information; and there must be a risk of damage. However, this tort acts as an exception, and in principle, intangible property cannot be the subject of a claim for the tort of conversion.23 In the same way, in civil law countries, an incomplete and uncertain protection of confidential information can be found in the doctrine of unfair competition, and specifically, in the notion of parasitism” or “free riding”. The civil claim of parasitism is founded on the general legal framework of extra-contractual liability for fault and does require a relationship of competition to exist between the claimant and the defendant. It is merely necessary to prove the wrongful “acquisition” of reputation or wealth. For instance, in France, a case was based on the visual appropriation of distinctive elements of one luxury goods company by another company in its advertisements (reference to a live panther, black and red jewellery, and use of mainly black and red colours). The Paris Court of Appeal stated that freedom of expression is not absolute and that the use of unfair methods to take advantage of a person’s reputation gives rise to extra-contractual liability.24 Although the theory of parasitism does not technically create a property right, it offers all the attributes of a monopolistic control over information.25 Extrapolating on this idea, it could be possible to claim that a company that mainly earns its income from the publication of “absolute spoilers” is in fact in a position of parasitism, which is harmful to the producers of the show, as its subsistence is based solely on exploitation of the show’s reputation.

 Douglas v Hello! Ltd [2005] EWCA Civ 595.  OBG Ltd v Allan [2007] UKHL 21. 24  Cour d’Appel de Paris, n° 13/08861, 21 Octobre 2015. 25  See Vivant (2006). 22 23

8  Spoilers Under European Internet Law

191

3.2  Trade Secrets Directive and Civil Liability Until recently, the EU legal framework covering the protection of secrets was largely fragmented. At international level, however, the Agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPs)26 between all the member nations of the World Trade Organization creates a positive obligation for members to protect undisclosed information. Article 39 states that: “1. In the course of ensuring effective protection against unfair competition as provided in Article 10bis of the Paris Convention (1967), Members shall protect undisclosed information in accordance with paragraph 2 and data submitted to governments or governmental agencies in accordance with paragraph 3. 2. Natural and legal persons shall have the possibility of preventing information lawfully within their control from being disclosed to, acquired by, or used by others without their consent in a manner contrary to honest commercial practices so long as such information: (a) is secret in the sense that it is not, as a body or in the precise configuration and assembly of its components, generally known among or readily accessible to persons within the circles that normally deal with the kind of information in question; (b) has commercial value because it is secret; and (c) has been subject to reasonable steps under the circumstances, by the person lawfully in control of the information, to keep it secret. 3. Members, when requiring, as a condition of approving the marketing of pharmaceutical or of agricultural chemical products which utilize new chemical entities, the submission of undisclosed test or other data, the origination of which involves a considerable effort, shall protect such data against unfair commercial use. In addition, Members shall protect such data against disclosure, except where necessary to protect the public, or unless steps are taken to ensure that the data are protected against unfair commercial use.”. At the EU level, this obligation has been firmed up in the new Trade Secrets Directive (the “TS Directive”) that aims to correct the disparity between different national protection systems, based on the assumption that the latter would interfere with the single market. Although Member States were already bound by Art. 39 of TRIPS to implement a minimum level of protection of confidential information, there was great deal of interest in European harmonisation, since the national legislations differed greatly in practice.27

 Agreement on Trade-Related Aspects of Intellectual Property Rights, adopted on Apr. 15, 1994, Marrakesh Agreement Establishing the World Trade Organization, Annex 1C, The Legal Texts: The Results of the Uruguay Round of Multilateral Trade Negotiations 320 (1999), 1869 U.N.T.S. 299, 33 I.L.M. 1197 (1994). 27  See Knaak et al. (2014). 26

192

P. Jougleux

Under the TS Directive, a trade secret must fulfill three conditions to obtain protection: the information must be secret, it must be valuable because of its secrecy and the holder of the secret must have taken reasonable steps to protect it from disclosure.28 It is unlikely that the European law makers had the specific case of spoilers in mind when the Directive was adopted. However, if the spoiler corresponds to each one of these three requirements, on what grounds should protection be withheld? The spoiled information is by definition a secret. However, is it valuable and have reasonable steps been taken to protect it? What constitutes reasonable action to protect the story of a movie or a TV show? A relatively close circle of individuals (the actors, the creator, the producer) knows about the movie’s story and this should cover the first requirement. Regarding the third requirement, it is worth highlighting the fact that the actors and the staff are usually bound by a non-disclosure agreement. Moreover, practical security measures are often taken to protect this secret: for instance, in the Game of Thrones TV show, even false scenes were filmed,29 in the Terminator Salvation movie false spoilers were even prepared,30 and in the case of recent plays in the United Kingdom (UK), the National Theatre refused to reveal details of the plot before the premiere.31 The existence of a non-disclosure agreement binding the staff should be enough to demonstrate the will to protect secrecy. Furthermore, nowadays there is a growing number of initiatives to protect secrecy with the creation of false endings or the disclosure of false spoilers. The second requirement is closely related to the third, if a subjective perspective is used: the existence of reasonable steps to protect the information should be enough to presume the value held by the information. For instance, costly manoeuvers intended to give false spoilers to journalists and to fans demonstrate in themselves the value the show creator places on the secrecy of the plot. The value of a spoiler can also be deduced from the revenue obtained by its disclosure: online publishers recognise that headlines concerning spoilers attract more traffic to their sites.32 Therefore, in the author’s opinion, a TV show story should be seen as a trade secret for the purpose of application of the TS Directive. Consequently, under Art. 4 of the Directive, the following are characterised as illegal: the breach of a confidentiality agreement or any other duty not to disclose trade secrets; the breach of a contractual or any other duty to limit the use of trade secrets; and the unlawful acquisition of trade secrets. Unlawful acquisition is defined either as unauthorised  Art. 2.1 of the Directive: (1) ‘trade secret’ means information which meets all of the following requirements: (a) it is secret in the sense that it is not, as a body or in the precise configuration and assembly of its components, generally known among or readily accessible to persons within the circles that normally deal with the kind of information in question; (b) it has commercial value because it is secret; (c) it has been subject to reasonable steps under the circumstances, by the person lawfully in control of the information, to keep it secret”. 29  See Hooton (2017). 30  See Hart (2009). 31  See Lawson (2012). 32  As interviewed by the journalist of the Wired—see note above. 28

8  Spoilers Under European Internet Law

193

access (access without the trade secret holder’s consent) to digital or non-digital documents containing the secret, or as any conduct contrary to honest commercial practices. The most interesting part of the new legal framework can be found in Art. 4.4 of the TS Directive. Article 4.4 adds as a cumulative condition that liability arises only if the individual “knew or ought, under the circumstances, to have known” the unlawful nature of the acquisition. This means that the protection is not limited to a personal interest, but the Directive offers a more extensive protection which could be seen as a kind of property interest, as it extends to third parties. In other words, whenever a third party ought to know that the acquisition of a trade secret is unlawful, he or she also becomes liable for any unlawful use he or she might make of it. The TS Directive encompasses a large number of safeguarding measures which are intended to protect freedom of expression. Indeed, the new legal arsenal covering protection of trade secrets should be enforced only in light of the principle of proportionality. In the author’s opinion, it excludes from such protection spoilers of minimal interest (such as information on which actor plays what character, how they play, the role or the general theme of a movie). At the opposite end of the scale, protection against spoilers that cause substantial damage to the exploitation of the movie/TV show/book, as these spoilers reveal an important plot twist, passes the test of the principle of proportionality.

4  Spoilers and Copyright Law Although traditionally copyright law does not protect simple information, it is nowadays impossible not to “acknowledging the tendency towards a privatisation of information through copyright”.33 This tendency also applies to spoilers, through various mechanisms: a provocative use of moral rights (Sect. 4.1) and an extensive interpretation of the right of reproduction (Sect. 4.2).

4.1  Moral Rights of the Author and Enjoyment of the Work Ultimately, spoilers are wrong because they seriously undermine the user’s experience. By losing the element of surprise from a cliffhanger, a surprise death or an ending, the user’s relationship with the work has been altered. At this point, it could be useful to analyse this situation from a copyright law perspective. The author of a copyright-protected work is granted the protection of moral rights. The Berne Convention34 recognises the moral right of paternity and the right to protect the  Geiger (2009).  Berne Convention for the Protection of Literary and Artistic Works (Paris Act of 24 July 1971 as amended on 28 September 1979). 33 34

194

P. Jougleux

integrity of the work. This right has been extensively discussed in the past before the courts and it can be ascertained that ultimately, it protects not only the work itself, but also the expected perception of the work by the user. In other words, even if there is no addition to, deletion from, alteration to or adaptation of the work from a narrow perspective, in various countries the courts have also accepted as a form of violation of the integrity of the work, the mere changing of the intended presentation of the work. In this case, the alteration is not objective, but subjective. Certain interventions in the work, such as multiple advertisements on TV that cut the movie into different parts35 or the location of a sculpture that was intended to be seen by the public in a specific place,36 while not really altering the work of mind stricto sensu, alter the way in which the work is perceived by the public. In these situations, the courts have not hesitated to award damages to the author of the work on the grounds of a violation of the right to protect the integrity of the work. For instance, in Germany, there is a violation of the right to integrity when the general impression of the work is altered.37 Characteristically, it was held that “The protection of the author of a work of architecture by the copyright right of integrity is directed not only against artistic deterioration, but also against other distortions of the essence of the work in the form as it is presented to others.”. Furthermore, in some countries, additional moral rights are recognised, such as the right to disclosure of the work.38 This right is far from harmonised at EU level. When this right is granted, it prohibits third parties from disclosing the author’s works to the public without his authorisation. The publication of substantial elements of the story could be seen as a partial disclosure of the work itself in some circumstances.

 See in France: Tribunal of First Instance of Paris, 29 May 1989, RIDA January 1990, p. 353. Of course, as an Italian court points out, it is not the principle of the advertisement cut that is illegal per se. It is on a contrario perspective the effect of the cuts considering the quality of the movie and the duration and the number of the advertisements. See Rome Court of Appeal, 16 November 1989, Germi v Reteitalia and Rissoli Film, RIDA 1990, no 144, p. 184. 36  See in Spain, Judgment of 18 January 2013 issued by the Plenary of the Judges of the Civil Chamber of the Supreme Court, when the renowned sculptor Andrés Nagel sued the city hall of the Spanish city of Amorebieta when the latter decided to move a work of art from its initial placement. Here again, the judges adopted an a contrario position: the relocation itself does not violate the right to integrity per se. It violates the author’s right only assuming that the relocation “substantially interferes in interpretation of the work.” For further details, see Abogados (2013). 37  BGH GRUR 1999, 230, 232—Treppenhausgestaltung. 38  The right is expressly stated in Belgium, France, Germany, Greece and Spain as an independent moral right. Some countries, for instance Austria, do not distinguish it from economic publication right. At the opposite, it does not exist at all in Ireland, Luxembourg, Netherlands, Portugal and Cyprus. Source: Salokannel and Strowel (2000). 35

8  Spoilers Under European Internet Law

195

4.2  T  he Right of Reproduction and a Detailed Summary of the Work It has been noted that copyright law infringement is used in practice by movie distributors to protect themselves against spoilers. For instance, when Season 6 of the popular TV show “The Walking Dead” ended on a cliffhanger, a fan site claimed that it knew (from an internal source) the name of the protagonist who died and that it would publish it. The producer then used an injunction for violation of copyright law (and also for violation of trade secrets!).39 Two legal issues have to be examined to determine whether the disclosure of a key element of a screenplay constitutes a violation of the right of reproduction. Firstly, does the publication of a detailed summary form part of the author’s artistic expression or is it just a piece of information, which is not protected by copyright law? Secondly, is the publication of a detailed summary substantive enough to constitute a reproduction of the work? The first issue is often under-analysed and implicitly covered by the second issue as part of the question of assessing the originality of the work. Some scholars, however, support the idea that this approach should not automatically be accepted, as some very short expressions (the author uses the expression “microworks”) can be original, but without the characteristic substance of a work.40 Reproduction is very broadly defined at an EU level by the Information Society Directive.41 Even partial reproduction is a form of reproduction, without however any references in relation to the extent of the reproduction. The Court of Justice of the European Union (CJEU), therefore, highlights the fact that an original part of the work should be copied for the right of reproduction to be infringed. In the landmark Infopaq case, the Court admitted that originality may be found in a quotation comprising just 11 words.42 The situation of spoilers is, however, different, as the short text of the spoiler is not itself part of the final work. It is a detailed summary of an unpublished work (in the case of “absolute spoilers”). The American injunctions against spoilers mentioned above cited the precedent of the “Twin Peak Productions” case.43 In this case, some fans had published a guide to the TV show “Twin Peaks” with detailed summaries of the (past) episodes, including direct quotations. The Court ruled that this book was a derivative work. It  See Siabon (2016).  See Hughes (2005). 41  Directive 2001/29/EC of the European Parliament and of the Council of 22 May 2001 on the harmonisation of certain aspects of copyright and related rights in the information society. Article 2 defines the right of reproduction as the “the exclusive right to authorise or prohibit direct or indirect, temporary or permanent reproduction by any means and in any form, in whole or in part” of the work of mind. 42  CJEU, Infopaq International A/S v Danske DagbladesForening, C 5/08, Judgment of the Court (Fourth Chamber) of 16 July 2009. 43  Twin Peaks Productions, Inc v Publications International, Ltd, Louis N Weber, Scottknickelbine, and Penguin USA, Inc, 996 F.2d 1366 (2d Cir. 1993). 39 40

196

P. Jougleux

is not obvious however that this case may apply to spoilers, as the facts of the case concern a whole book, not just a plot summary. Another relevant case shows how the idea of reproduction is currently interpreted in a way that could even include spoilers. In a German case related to the famous Harry Potter books series, the court was called upon to decide whether an educational book about introduction to reading could be based on the world appearing in the general story of the Harry Potter books. The court used an interesting argument to determine whether there was infringement. It ruled that from the moment that reading the original book was mandatory for the reader of the disputed work to be able to understand it, this work lacked the character of independence and that there was therefore an infringement.44 It is possible to distinguish a contemporary trend towards a more extensive interpretation of the right of reproduction that includes reference to the concept of the work without citing the work per se. In the UK, in the recent and heavily discussed “Red Bus” case,45 infringement was found, although it was proved that the disputed photography was different from the photography owned by the claimant. Characteristically, the evolution in the protection of fictional characters is very explicit. While the character of Sherlock Holmes was found by a German court in 1957 not to be original,46 a US Court of Appeal recently confirmed that “copyright on a “complex” character in a story, such as Sherlock Holmes or Dr. Watson, whose full complexity is not revealed until a later story, remains under copyright until the later story falls into the public domain”.47 These developments have to be balanced with the use of the principle of proportionality. In theory, copyright law would apply to both the situations of “relative” and “absolute” spoilers. However, “relative spoilers” would have more chance of being “saved”, by reference to freedom of expression, which is used here as an exception to the right of reproduction. It is established that copyright law per se represents an interference with the freedom of expression48 and the national courts do not hesitate to invoke Art. 10 of the ECHR to prevent the extensive use of copyright law in a way that would unreasonably limit freedom of expression.49

5  Conclusion A legal discussion about spoilers could be seen at first sight as superficial. For most people, this annoying phenomenon does not merit the attention of the courts. However, the article aimed first, to defend the view that a discussion about spoilers  LG Hamburg, 12.12.2003, 2004 GRUR-RR 65, Neue JuristischeWochenschrift, 2004, p. 610.  Temple Island Collections Ltd v New English Teas Ltd & another [2012] EWPCC 1. 46  BGH, 15.11.1957, 1958 GewerblicherRechtsschutw und Urheberrecht [GRUR] 354. 47  Leslie Klinger v Conan Doyle Estate, US Court of Appeals, No 14-1128 (7th Cir. 2014). 48  See ECHR (5th section), Ashby Donald and others v France, App No 36769/08, 10 January 2013. 49  See in Holland, Louis Vuitton v Nadia Plesner, District Court of the Hague of 4 May 2011. 44 45

8  Spoilers Under European Internet Law

197

would add further substance to the contemporary discussion on the scope and the boundaries of online freedom of expression. We have therefore examined how freedom of expression is used as a tool to block civil liability for fault, but at the same time how contractual liability has emerged as an empowering tool of censorship in the hands of online intermediaries. The discussion then focused on the specific situation of “absolute spoilers”. The author linked the issue of protection against spoilers to the broader question of ownership of confidential information. This classic but very contentious topic has recently re-emerged with the adoption of the European Directive on Trade Secrets. The chapter showed how the new legal framework opens up the possibility of protecting the plot of a story against spoilers. The last part of the chapter was devoted to the possibility of applying copyright law. While at first surprising (since copyright law does not protect mere information), this choice was explained with reference to the moral right to protect the integrity of a work of mind and to the economic right of reproduction. In conclusion, a partial protection against spoilers exists. This protection appears to be based on simultaneous reference to the protection of trade secrets and to copyright law infringement. This new value of the story plot and the related growing annoyance posed by spoilers also reveal a great deal from a societal perspective about the relationship of the public with works of art. Traditionally, knowing the entire story would not diminish the value of a work. In the end, Troy falls and the Iliad does not lose its value. However, even if works of mind are nowadays meant and produced as consumer goods, they still contribute greatly to the creation of a common cultural identity. The battle against spoilers, therefore, expresses the need of a society to protect itself against phenomena that could reduce this potential for growing uniformity.

References Abogados A (2013) Moral right to the integrity of a sculpture work. Does it include the right to decide the location of the work?. www.lexology.com Bartz A, Ehrlich B (2012) Don’t post TV, movie spoilers online. https://edition.cnn.com/ 2012/07/04/tech/web/spoilers-online-netiquette/index.html BGH, 15.11.1957, 1958 GewerblicherRechtsschutw und Urheberrecht [GRUR] 354 Bioy X (2012) bLa protection renforcée de la liberté d’expression politique dans le contexte de la Convention européenne des droits de l’homme. Les Cahiers de droit 53(4) Bychawska-Siniarska D (2017) Protecting the right to freedom of expression under the European Convention on Human Rights, a handbook for legal practitioners. Council of Europe Catala P (1984) Ébauche d’une théorie juridique de l’information. D. spéc No 5, p 97 CJEU, Infopaq International A/S v Danske DagbladesForening, C 5/08, Judgment of the Court (Fourth Chamber) of 16 July 2009 Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions, Building A European Data Economy COM (2017) 9 final Cour d’Appel de Paris, n° 13/08861, 21 Octobre 2015 Cour de Cassation, Chambre civile 1, du 27 September 2005, 03-13.622, Publié au bulletin 2005 I N° 348

198

P. Jougleux

Derieux E (2014) Une exclusion non légalement justifiée: Très favorable aux médias et préjudiciable aux victimes d’abus de la liberté d’expression. LEGICOM 52(1):15–22. https://doi. org/10.3917/legi.052.0015 Douglas v Hello! Ltd [2005] EWCA Civ 595 ECHR, Appleby et autres v Royaume-Un, App No 44306/98, 24 September 2003 ECHR, Khurshid Mustafa and Tarzibachi v Sweden, App No 23883/06, 16 March 2009 ECHR, Observer et Guardian, App No 13585/88, 26 November 1991 Fuentes Bobo c. Espagne, no 39293/98, 29 Février 2000 Geiger C (2009) Copyrighting ideas? Copyright on information technology products and its consequences for future creativity. Int J Intellect Prop Manage 4(1–2). https://doi.org/10.1504/ IJIPM.2010.029750 Hart H (2009) Spoiler wars heat up as lost returns. Wired Hartmann IA (2013) A right to free Internet? On Internet access and social rights. J High Technol Law 13:297 Hedley Byrne & Co Ltd v Heller & Partners Ltd (1964) AC 465 (HL) Hooton C (2017) Game of Thrones season 7: fake scenes were shot for 15 hours to throw off plot spoilers. Available via Independant.co.uk. https://www.independent.co.uk/arts-entertainment/ tv/news/game-of-thrones-season-7-filming-plot-spoilers-fake-scenes-kit-harington-daenerystargaryen-jon-snow-a7836561.html Hughes J (2005) Size matters (or should) in copyright law. Fordham Law Rev 74:575; Cardozo Legal Studies Research Paper No 140 Kiderra I (2011) Spoiler alert: stories are not spoiled by ‘Spoilers’. Available via http://ucsdnews. ucsd.edu/archive/newsrel/soc/2011_08spoilers.asp Knaak R, Kur A, Hilty R (2014) Comments of the Max Planck Institute for Innovation and Competition of 3 June 2014 on the Proposal of the European Commission for a Directive on the Protection of Undisclosed Know-How and Business Information (Trade Secrets) against their Unlawful Acquisition, Use and Disclosure of 28 November 2013’, Com(2013) 813 Final. Int Rev Intellect Prop Compet Law (IIC) 45(8):953–967; Max Planck Institute for Innovation & Competition Research Paper No. 14-11. Available via SSRN. https://ssrn.com/ abstract=2464971 Latil A (2014) Les fautes d’expression Ou la renaissance de l’article 1382 du Code civil en matière de liberté d’expression. Légipresse No 318 Lawson M (2012) Spoiler alert: the tough task of keeping a play’s plot secret. https://www.theguardian.com/stage/2012/jun/26/keeping-play-plot-secret LG Hamburg, 12.12.2003, 2004 GRUR-RR 65, Neue JuristischeWochenschrift, 2004 Louis Vuitton v Nadia Plesner, District Court of the Hague of 4 May 2011 OBG Ltd v Allan [2007] UKHL 21 Rhodes v OPO [2015] UKSC 32 Salokannel M, Strowel A (2000) Study contract concerning moral rights in the context of the exploitation of works through digital technology. Available via the European Commission’s Internal Market, europa.eu. http://ec.europa.eu/internal_market/copyright/docs/studies/ etd1999b53000e28_en.pdf Siabon HC (2016) Spoiler alert: copyright law and online spoiler culture. Intellect Prop Law Bull 29(9) Staff Working Document on the free flow of data and emerging issues of the European data economy, SWD (2017) 2 final Stapley-Brown V (2018) French court makes mixed ruling in Courbet ‘censorship’ case. https://www.theartnewspaper.com/news/french-court-makes-mixed-ruling-in-courbet-censorship-case Temple Island Collections Ltd v New English Teas Ltd & another [2012] EWPCC 1 Trosow S (2005) Sui Generis Database protection, a critical analysis. Yale J Law Technol 534 Vivant M (2006) La privatisation de l’information par la propriété intellectuelle. Revue internationale de droit économique t xx 4(4):361–388. https://doi.org/10.3917/ride.204.0361

Chapter 9

Data Ownership in the Data Economy: A European Dilemma Francesco Banterle

Abstract  To unleash the potential of new data-driven opportunities, players in the data market need to have access to large and diverse datasets. Access in relation to data is therefore a crucial factor. However, the new data economy raises unsolved issues. Where a multitude of actors interact in the elaboration of data, it is often questioned: who owns the data? As part of its Digital Single Market strategy, the European Commission has started a series of initiatives aimed at addressing the data ownership issue. They culminated with the idea of introducing a novel right in raw machine-generated data. This chapter briefly summarizes the European Commission’s strategy. It recalls the main characteristics of the data value chain. It then elaborates on the existing EU acquis on data ownership, deriving from intellectual property rights (namely copyright and database right), trade secrets, traditional property, and factual control situations derived by data protection laws. These ownership mechanisms are powerful although difficulty extend to raw data. Despite this, gaps in law have been filled through contractual schemes and technological access restrictions that enhance the ability to control data. The chapter further explores the position of those that support the idea of a new property right in data and elaborates on the new right proposed by the European Commission. This paper concludes that creating new monopolies capable of restricting open access to data, may result in a threat to development of an EU data market. Further, economic evidence is needed before discussing the introduction of such a new right. Indeed, we should learn from past lessons, as it happened with the Database Directive: new rights are here to stay. Other suggested approaches seem more able to fit the needs of the data-economy. In particular, sector-based access against remuneration can be an option to investigate. However, also in this case, this must come together with economic evidence and in dept analysis of possible market failures.

F. Banterle (*) University of Milan and Hogan Lovells Studio Legale, Milan, Italy © Springer Nature Switzerland AG 2020 T.-E. Synodinou et al. (eds.), EU Internet Law in the Digital Era, https://doi.org/10.1007/978-3-030-25579-4_9

199

200

F. Banterle

1  Introduction Data has become an essential resource in the new economy. Artificial intelligence is increasing its computational capacity and uses big data techniques to analyze large datasets in real-time and extract precious knowledges. As the data-driven transformation reaches into the society, ever-increasing amounts of data are generated by autonomous connected machines or processes based on the Internet of Things (IoT). The value of the “data economy”1 in the EU was estimated at more than EUR 285 billion in 2015, with a 5.03% annual growth. With the right policy and legal framework conditions, its value is expected to increase to EUR 739 billion by 2020.2 However, the new data economy raises new challenges and unsolved issues. The enormous diversity of data sources and the variety of opportunities for applying insights into this data are only beginning to emerge. To unleash the potential of these opportunities, players in the data market need to have access to large and diverse datasets. Access in relation to machine-generated-data is therefore a crucial factor for developing a data economy. In big data, IoT, and smart technologies, where a multitude of actors interact in the elaboration of data, it is often questioned: who owns the data? While organized datasets can be subject to intellectual property rights, and the use of personal data is regulated by data protection laws, this question particularly applies to raw (machine-­ generated) data, that are increasing their value as a source of precious insights and fall outside the scope of classical ownership/property schemes. As part of its Digital Single Market strategy, the European Commission has started a series of initiatives aimed at addressing the data ownership issue. They culminated with the idea of introducing a novel right in raw machine-generated data. Do we really need new ownership rights in data? This paper briefly summarizes the European Commission’s strategy. It recalls the main characteristics of the data value chain. It then elaborates on the existing EU acquis on data ownership, deriving from intellectual property rights (namely copyright and database right), trade secrets, and factual control situations derived by data protection laws. These ownership mechanisms are powerful although with difficulties do they extend to raw data. Likewise, raw data appears excluded from traditional property rights. Despite this, gaps in law has been filled through contractual schemes and technological access  See the study commissioned by the European Commission, prepared by IDC, European Data Market study, SMART 2013/0063 (1 February 2017). See also the presentation prepared by the European Commission, Final results of the European Data Market study measuring the size and trends of the EU data economy, of 2 May 2017, available at https://ec.europa.eu/digital-singlemarket/en/news/final-results-european-data-market-study-measuring-size-and-trends-eu-dataeconomy. The data economy measures the overall impacts of the data market. It involves all types of data processing operations (i.e., generation, collection, storage, processing, distribution, analysis, elaboration, delivery, and exploitation) enabled by digital technologies. In the data economy ecosystem, there are different types of market players. The ability to access and use data enables market players to extract value from data and to create innovative applications. 2  Ibid. 1

9  Data Ownership in the Data Economy: A European Dilemma

201

restrictions that enhance the ability to control data. Thus, many commentators believe this ownership framework does not need further intervention. The paper further explores the position of those that support the idea of a new property right in data and elaborates on the new proposed right. This analysis concludes that creating new monopolies capable of restricting open access to data, may result in a threat to development of an EU data market. Further, economic evidence is needed before discussing the introduction of such a new right. Indeed, we should learn from past lessons, as it happened with the Database Directive: new rights, once introduced in the legal system, even in the absence of any evidence about their positive effect, are here to stay. Other suggested approaches seem more able to fit the needs of the data-economy. In particular, sector-based access against remuneration can be an option to investigate. However, also in this case, this must come together with economic evidence and in dept analysis of possible market failures.

2  The European Commission’s Strategy on Data Within the Digital Single Market Strategy, the European Commission has launched since 2014 a series of initiatives aimed at addressing the regulation of a data market and the data ownership issue, announcing a further ‘free flow of data’ initiative.3 Following a public consultation in 2016, the Commission published an impact assessment, in which the Directorate General for Communications, Network, Content and Technology (DG Connect) affirmed that “barriers to the free flow of data are caused by the legal uncertainty surrounding the emerging issues on ‘data ownership’ or control, (re)usability and access to/transfer of data and liability arising from the use of data”.4 Meanwhile, the German Commissioner Mr Oettinger, at  Communication from the Commission to the European Parliament, the Council and the European Economic and Social Committee and the Committee of the Regions, Towards a Thriving DataDriven Economy COM (2014) 442 final; Communication from the Commission to the European Parliament, the Council and the European Economic and Social Committee and the Committee of the Regions, A Digital Single Market Strategy for Europe COM (2015) 192 final. This initiative included a mandate to study the issue of ownership delegated to the “Free flow of data” initiative: “It will address the emerging issues of ownership, interoperability, usability and access to data in situations such as business-to-business, business to consumer, machine generated and machine-tomachine data. It will encourage access to public data to help drive innovation” (at p. 15). 4  European Commission, European free flow of data initiative within the Digital Single Market— Inception impact assessment. http://ec.europa.eu/smart-regulation/roadmaps/docs/2016_ cnect_001_free_flow_data_en.pdf. The document continues stating that “a gap exists with regard to ‘ownership’ of non-personal data, particularly non-personal data that is machine-generated. Data driven innovation is greatly dependent on who has access to data collected through sensors, for instance as part of a manufacturing process, or to anonymised/non-identifiable personal data. Such issues are commonly addressed by contractual arrangements in a business to business context, which may prove to be a challenge to certain actors within the data value chain, potentially slowing down the free flow of data between sectors, companies and within companies, as well as research organisations. The contractual practices in the new business models inspired by technological developments may lead to contractual lock-in; technical or legal obstacles may prevent the switching of service provider or the portability (transfer) of data”. 3

202

F. Banterle

that time responsible for DG Connect, publicly called for a civil code on data and for the introduction of a new data use right.5 These actions culminated with the Communication of 10 January 2017 “Building a European Data Economy”,6 and the accompanying document detailing the “Free flow of data” initiative.7 In these latter documents, among six suggested options,8 the Commission advanced the idea of introducing a novel right in raw data (so-­ called “data producer’s right”). The new right would protect machine-generated industrial data against the world, thus addressing legal uncertainties caused by new data technologies.9

2.1  How the Data Value Chain Is Working? To better understand the data ownership issues, it is useful to recall how the data value chain is working in many industrial data ecosystems. First, defining the concept of data itself is challenging. The European Commission has repeatedly recalled the definition of data of ISO/IEC 2382-1: data is “a reinterpretable representation of information in a formalized manner, suitable for communication, interpretation or processing”.10 Information would become data as soon as it is represented in a formalized manner suitable for communication and processing. Data is therefore something that can be observed by the machine.11 Data, including “personal data”, can be created either by human activity or generated by sensors or machines, and it is often generated as a “by product” of other processes. The issue of the data ownership is even more challenging because of the complexity of the “data value chain”. Indeed, in the big data and IoT businesses, the data ecosystem is characterized by the interactions of multiple actors and multiple operations. Different stakeholders may act at different levels during the creation and generation of data. For instance, they can use, compile, create, select, structure, enrich,  Le Monde (2016) Big data: “Pour un “code civil” des données numériques”. https://www.lemonde.fr/idees/article/2016/10/14/big-data-pour-un-code-civil-des-donnees-numeriques_5013610_3232.html; See also Drexl (2016), p. 4. 6  Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions, Building a European data economy COM (2017) 9 final. 7  Commission Staff Working Document on the free flow of data and emerging issues of the European Data Economy Accompanying the document Communication Building a European Data Economy SWD (2017) 2 final. 8  The Commission is considering the introduction of this new right together with other initiatives such as: model contract terms; default contract rules; access against remuneration; and development of technical solutions for reliable identification and exchange of data. 9  COM(2017) 9 final, p. 12. 10  COM (2014) 442 final, p.  4. See also ISO/IEC 2382-1, revised by ISO/IEC 2382:2015— Information technology—Vocabulary. 11  Ottolia (2017), p. 16. 5

9  Data Ownership in the Data Economy: A European Dilemma

203

analyze, and add value to data. The data value cycle can be represented as follows12: ŝƐĐŽǀĞƌ /ŶƚĞůůŝŐĞŶĐĞ

/ŶŐĞƐƚ

WƌŽĐĞƐƐ

džƉŽƐĞ

ŶĂůLJnjĞ

WĞƌƐŝƐƚ /ŶƚĞŐƌĂƚĞ

The data ownership issue is significantly debated principally in the automotive sector. Sensor-equipped cars generate and transmit large amounts of data. Components (e.g., brakes, engine, cameras, etc.) are always more connected, and they provide information about traffic, performances, behaviors, etc. These data are extremely useful for developing smart vehicles and car apps and have therefore enormous value. In the case of a smart cars, a multitude of different players interact: manufacturers of the sensors in specific components; the car manufacturer; the car owner; Mobile Network Operator-Mobile Virtual Network Operators (MNO-­ MVNOs); the insurer; the content providers; the cloud provider; etc.13 As Mr Oettinger said, it is as yet unclear who owns these data: the automobile manufacturer; the car owner; or no one at all?14 In sum, different actors are involved in the data value chain.15 It may be therefore difficult to determine who would be entitled to claim ownership in data, as each of these actors may claim ownership of data at different levels, based on their specific role. It is likely that no single actor will have exclusive rights. Is this a real problem? From the European Union (EU) regulator perspective, the undisclosed worry seems against American large tech companies taking possession of EU data assets. It is somehow the same concern that recently inspired the new EU  copyright reform (with American over-the-top (OTT) companies exploiting the efforts of the European press and audio-video industries—see infra), and previously the Database Directive.16

 OECD (2015), p. 195.  Normally, the most important actors are: internet service providers; IT infrastructure providers; data providers; data analytics service providers; data-driven entrepreneurs. For more details, see Bird & Bird (2017), p. 21. 14  See Hugenholtz (2018), p. 1. 15  Bird & Bird (2017), p. 18. 16  Hugenholtz (2018). 12 13

204

F. Banterle

2.2  The Debate on Data Ownership The debate on the data ownership issue has been lively discussed in Germany (with a movement for ‘data property’ called Dateneigentum), both at academic and government level. There is a particular focus on the implication for Industrie 4.0, a German initiative launched in 2011 as a joint initiative of the government, private business sector, and public research to manage and promote a fourth industrial revolution.17 Policy-makers have started examining the need for additional regulation.18 Some German academics have endorsed the need to implement further regulation to properly allocate rights in data and proposed the adoption of a novel data usage right.19 The supporters of the new right in data believe that the European legal framework that currently applies to data ownership is not satisfactory. First, the current legal framework (traditional civil-law based property rights) is not specifically regulating ownership in data, neither in general terms nor specifically in relation to raw machine-generated data that does not qualify as personal data.20 Second, the existing data-related rights—granting some protection on datasets (see Sect. 3 below)—do not adequately respond to the needs of the actors in the “data value cycle”: there would be in particular an ‘allocation’ problem.21 Due to this situation, legal uncertainty in the data value cycle may frustrate open data or data sharing initiatives. Actors in the data-economy may currently rely only on contract. Yet, filing ownership/allocation gap by contract is far from ideal. It would be burdensome to regulate by contract the ownership issues in large-scale data projects, where there is a multitude of data sources and too many actors claiming ownership in the data. Moreover, non-property regimes do not create erga omnes rights—contracts are in principle non-binding against third parties.22 Third, where negotiation power is unequal, market-based solutions might not ensure fairness and innovation incentives.23 Finally, on the data access issue, current EU policy on access to data has focused on data generated by the public sector.24 In case of need to access data held by other private companies, data should be voluntarily tradable like any other resource.25 The current data marketplaces seem not yet developed. Data players are mostly focused  Drexl (2016), p. 5.  SWD (2017) 2 final, p. 23. 19  Zech (2016a, b); See also De Franceschi and Lehmann (2015); Hoeren (2014). See also Bird & Bird (2017). 20  Bird & Bird (2017), p. 22; COM (2016) 180 final. 21  Zech (2015), p. 197. The problem would not be in terms of creating incentives to generate data, but rather in ensuring a fair allocation of the profits generated by analyzing the data. 22  Bird & Bird (2017), p. 120. 23  Bird & Bird (2017). 24  SWD(2017) 2 final, p. 11. 25  Particularly within an economy based on the principle of freedom to contract, opposed to data trading based on obligations to licence at certain conditions; See SWD(2017) 2 final, p. 12. 17 18

9  Data Ownership in the Data Economy: A European Dilemma

205

on trading personal data for marketing purposes (e.g., commercial big data). Alternatively, marketplaces specialize in trading very particular—sector-based— kinds of data. Business models based on data are still emerging. This makes difficult drafting a general stable overview of the situation of data sharing in Europe. However, a research conducted on behalf of the European Commission26 has produced some insights about the current state of data sharing. It concluded that in the vast majority of cases, data is generated and analyzed in-house by companies and their data analysis providers: data stays within an organization and is not shared or traded with third parties.27

3  The EU Acquis on Data Ownership The EU acquis on data ownership is set out by a series of data-related rights, including intellectual property rights, trade secrets, data protection rights, and other emerging forms of protections. This section briefly recalls the existing legal regimes in the EU providing legal mechanisms to deal with data, and to what extent there is already control over data, in the form of either factual or legal control.

3.1  Intellectual Property Laws and Data The first protection that comes to mind is intellectual property, as the traditional form of protection of intangible assets. The intellectual property regimes most obviously applicable to protection of datasets are database rights. The EU legal database regime sets out a two-tier system: copyright protection and sui generis database protection.28 Each of these has the legal status of property and could in principle provide a strong protection for data.

 Impact Assessment Support Study on emerging issues of data ownership, interoperability, (re) usability and access to data, and liability—SMART 2016/0030. 27  SWD(2017) 2 final, p. 14. 28  SWD (2017) 2 final, p. 19. The Commission’s assumption is that machine-generated and industrial data do not normally benefit from protection by other intellectual property rights as they are deemed not to be the result of an intellectual effort. See, however, Drexl (2016) on possible patent protection for data, and Hugenholtz (2018) on phonographic neighboring rights. 26

206

F. Banterle

3.1.1  Copyright in Data Data and information as such are excluded from copyright protection. This is expressly stated in the TRIPs Agreement29 [Art. 9(2)], in the Berne Convention [Art. 2(8)],30 in the WIPO Copyright Treaty31 (“WCT”—Art. 2) and in the EU Software Directive32 [Art. 1.2]. Further, it is a corollary of the idea/expression dichotomy: form is protected whereas contents and ideas should stay free. If there cannot be copyright in data per se, data compilations are instead subject to a different treatment. Collections of data, that can be deemed creative by reason of their selection or arrangement of their contents, are protected in the TRIPs Agreement [Art. 10(2)], in the WCT (Art. 5), and, although not explicitly mentioning collections of data, also in the Berne Convention. The EU Database Directive33 has followed the same approach granting protection to databases that, because of the original selection or arrangements of their contents, constitute the author’s own intellectual creation [Art. 3(1)]. Originality (character of a creative work defined as ‘the author’s own intellectual creation’34—that reflects the author’s personality)35 is recognizable when the selection or arrangement of data is the result of a creative choice.36 Indeed, the Court of Justice of the European Union (CJEU) stated that there is no originality when the setting up of the database is dictated only by technical considerations, which leave no room for creative choices.37 Time and investments in that selection or arrangement are not relevant to determine the originality standard and the eligibility for copyright protection (no room for ‘skill and labor’ investments). Instead, originality requires that through selection or arrangements of the data “the author expresses his creative ability in an original manner by making free and creative choices […] and

 Agreement on Trade-Related Aspects of Intellectual Property Rights, adopted in Marrakesh on 15 April 1994, Marrakesh Agreement Establishing the World Trade Organization, Annex 1C (TRIPs). 30  Berne Convention for the Protection of Literary and Artistic Works (Paris Act of 24 July 1971 as amended on 28 September 1979) (Berne Convention). 31  World Intellectual Property Office Copyright Treaty, adopted on Dec. 20, 1996, WIPO, Doc. CRNRIDC/94 (WCT). 32  Directive 2009/24/EC of the European Parliament and of the Council of 23 April 2009 on the legal protection of computer programs, OJ L 111 (Software Directive). 33  Directive 96/9/EC of the European Parliament and of the Council of 11 March 1996 on the legal protection of databases, OJ L 77 (Database Directive). 34  See ex multis CJEU, Infopaq International A/S v Danske Dagblades Forening, Case C 5/08, Judgment of 16 July 2009, par. 35. 35  See Recital 17 in the preamble to Copyright Duration Directive—Directive 93/98. 36  See CJEU, Eva-Maria Painer v Standard VerlagsGmbH and Others, Judgment of 1 December 2011, par. 89. 37  CJEU, Football Association Premier League Ltd and Others v QC Leisure and Others (C 403/08) and Karen Murphy v Media Protection Services Ltd (C 429/08), Joined cases C 403/08 and C 429/08, Judgment of 4 October 2011. 29

9  Data Ownership in the Data Economy: A European Dilemma

207

thus stamps his ‘personal touch’”.38 Thus, the originality standard can be a limit to raw data aggregations. Indeed, copyright applies only after a selection/arrangement of data. On the contrary, raw data are in fact not arranged yet in most cases—they are bulk sets of data awaiting to be analyzed. Normally the processing of data is done through advanced computational programs that process information in standardized/automatized manner, creating databases that can be difficulty deemed creative.39 Indeed, quite often, the value is in the insights that can be extracted from raw data, not in the particular compilation of raw data or the structure of the resulting datasets. In any case, copyright applies to the specific form in which the compilation of data is structured (Database Directive, Recital 15), and not to the underlying raw data. The same data can be taken from the original selection and reshuffled without reproducing the selection/arrangement. Additionally, no copyright protection is applicable to data compilations generated by machines without human intervention.40 Indeed, the general rule is that copyright requires an act of human authorship, as clarified by the CJEU41 (and similarly by Art. 4(1) of the Database Directive). Only few countries in the EU deviate from this standard rule, e.g., UK,42 protecting computer-generated works. It should be seen how this rule can co-exist with the CJEU jurisprudence.43 3.1.2  Sui Generis Database Right The Database Directive adds an additional protection to databases resulting from a substantive investment. This sui generis database right protects the investment in obtaining, verifying, or presenting the data (Art. 7.1). The threshold of the investment should be minimal, although it does not necessarily have to be particularly  Football Dataco & Others v Stan James Plc & Others and Sportradar GmbH & Others, [2013] EWCA Civ 27, par. 98. Similarly, in the US, in Feist (Feist Publications, Inc. v. Rural Telephone Service Company, Inc., 111 Sup. Ct. 1282 (1991) [499 U.S. 340 (1991)]), the US Court held that: “The compilation author typically chooses which facts to include, in what order to place them, and how to arrange the collected data so that they may be used effectively by readers. These choices as to selection and arrangement, so long as they are made independently by the compiler and entail a minimal degree of creativity, are sufficiently original”. 39  Wiebe (2016). 40  See, on similar grounds, the US Copyright Office declaration, stating that they would not register works produced by animals or a machine: ‘To qualify as a work of “authorship” a work must be created by a human being’, quoting Supreme Court case Burrow-Giles Lithographic Co, 111 U.S. at 58. See US Copyright Office (2017) Compendium: Copyrightable Authorship: What Can Be Registered. https://www.copyright.gov/comp3/chap300/ch300-copyrightable-authorship.pdf, p. 17. See also Ginsburg (2018) and Ramalho (2017). 41  Football Dataco. 42  See Section 9(3), Copyright, Design and Patents Act, U.K. 1998: ‘in the case of a literary, dramatic, musical or artistic work which is computer-generated, the author shall be taken to be the person by whom the arrangements necessary for the creation of the work are undertaken’. See Perry and Margoni (2010). 43  Hugenholtz (2018). 38

208

F. Banterle

high. It could be qualitative or quantitative, i.e., either in time, efforts, and/or resources. The CJEU has clarified that the sui generis database right does not protect investment in the creation of data (data should be pre-existing).44 The investment must refer to the resources for elaborating the data and not for the creation as such of the independent material. Indeed, the goal of the Database Directive is to protect investment in creation of new databases and processing systems, not in generating information capable of being collected subsequently in databases. This distinction between creating and obtaining is of crucial importance. However, it is not always straightforward. The CJEU ruled out from protection football fixtures or horse racing schedules as invented/created data. Similarly, the investment for the development of smart devices with sensors that generate data could unlikely be considered.45 However, the case law has stated that “observed” facts are not “created data”.46 In that sense, sensor data produced by a device (e.g., information about the brake usage generated by sensors in a smart brake system within a smart car) could be considered “observed”.47 The growth of artificial intelligence raises new issues in relation to machine-to-­ machine generated data. The sui generis database right contemplates no authorship requirement. The maker of a database has no necessary human characterization (see for instance Art. 11 of the Database Directive). The unique requirement is a substantial investment in the processing technology and/or in the operations necessary for collecting or structuring the data. The substantial investment can lie on the initial technology, that is, for example licensed or developed for generating the database.48 Therefore, the investment could be in developing or licensing an artificial intelligence tool that is then able to process and organize datasets in a particular way. An additional limit is that the substantial investment requirement sets a minimum threshold. If the machine used for a particular data processing operation does not require substantial investment, the database resulting from its use will not be protected. However, such threshold does not seem particularly high. Finally, the investment cannot be on “creating” data but only on their collection and organization. This would rule out machine-generated synthetic data,49 e.g., the location data generated by GPS sensors on a number of smartphones—that is typically a set of raw data, whereas it would include the use analytics technologies—the use of location data for organizing data and analyzing movement patterns of a certain audience in a certain area.

 CJEU, The British Horseracing Board Ltd and Others v William Hill Organization Ltd, Judgment of 9 November 2004, par. 31. 45  Drexl (2016), p. 21. 46  Hugenholtz (2018) citing Football Dataco & Others v Stan James Plc & Others and Sportradar GmbH & Others. 47  Hugenholtz (2018). 48  Banterle (2018). 49  Ibid. 44

9  Data Ownership in the Data Economy: A European Dilemma

209

The database right is primarily designed to protect the investment in the organization of data, i.e., in the creation of structured processing systems. This comes together with the definition of database, that is, a set of data arranged in a systematic or methodical way (Art. 1.2 of the Database Directive). On the contrary, raw machine-generated data is by definition non-organized sets of information. Thus, the protection offered does not apply to machine-generated data as such (before they are collected and organized in a structured and systematic way).50 The Database Directive neither intend to create a new right in data (Recital 46 of the Database Directive), nor to protect mere facts or data (Recital 45), but rather to keep the semantic information in the public domain.51 The protection applies to the aggregation and processing of data. Consequently, any further independent processing of raw data can give right to an autonomous database right. Additionally, the database right comes with some statutory exceptions, to avoid creating a property right in the data as such. In particular, protection is granted against extraction or reutilization of a “substantial” part of the database. Non-substantial extractions from the database are lawful. Finally, protection is against extraction of data that result from substantial investment. On the contrary, extractions of data that are not the product of substantial investment are permitted. In sum, copyright and database right do not extend to information per se. They offer protection to data compilations that result from creative arrangement or investment in structuring datasets but deny protection to raw data. 3.1.3  New Emerging Copyright Trends The Commission’s controversial proposal gave light to Directive on copyright in the Digital Single Market  (the “DSM Copyright Directive”).52 The DSM Copyright Directive includes a series of very heterogenous provisions. On one hand, the Directive is expanding copyright protection on press news to protect any digital use of press publications (Art. 15), including use of small parts of such publications. Despite use of individual words or very short extracts will be exempted, this exclusion shall be interpreted in such a way as not to affect the effectiveness of the new ancillary press publishers’ rights (Recital 58):  in fact this means that press news would be protected by an ancillary copyright against any minimum type of digital uses (contrary to the initial statement above, under which data and information as such would be excluded from copyright protection). On the other hand, the Directive is introducing a text and data mining exception (Articles 3–4) that would allow text and data mining for research and commercial purposes. The latter is however subject to an opt-out mechanism that will likely reduce its application. Thus, such  SWD (2017) 2 final, p. 19.  Drexl (2016), p. 22. 52  Proposal for a Directive of the European Parliament and of the Council on copyright in the Digital Single Market COM (2016) 593 final, and Directive (EU) 2019/790 on the European Parliament and of the Council of 17 April 2019 on copyright and related rights in the Digital Single Market and amending Directives 96/9/EC and 2001/29/EC. 50 51

210

F. Banterle

exception has a clear restrictive effect in that it is confirming a contrario that text and data mining is in principle subject to copyright scope.53 Moreover, the Commission has started a revision of the Database Directive.54 We can conclude from the previous paragraphs that the Database Directive is probably based on a database technology that no longer corresponds to the use of data in the IoT and big data context, characterized by real-time data services. While the issue addressed by the Database Directive was the creation of data processing systems and technologies, the current problem is the availability of datasets as the new technologies show computational powers with no precedents. The fact that the Directive does not respond to the needs of the data economy cannot by itself justify a reform (by introducing new rights on data). A similar reform needs an economic justification.55 From the above, the overall picture appears to confirm the intention of introducing additional layers of protection to datasets and information. Further, this information policy should be considered from a holistic view when assessing the need of introducing an additional right in data.

3.2  Other Data-Related Rights 3.2.1  Trade Secrets Trade secrets protection was recently harmonized in the EU, at least in part, by Trade Secrets Directive.56 Trade secrets regime can in principle protect any type of information that (i) is secret; (ii) has economic value because of its secrecy; and (ii) is subject to adequate security measures. In view of big data or IoT projects, trade secrets protection is quite flexible: it grants protection to individual pieces of information without any originality requirement; it does not distinguish between the types of data that might be protected (although not all Member States’ laws have treated trade secrets as an open-ended category of any information which is confidential)57; the protection is potentially unlimited in time.58  See Banterle and Ghidini (2018). According to some scholars, non “expressive” uses, including computational uses, should be equally subject to copyright scope, see Ottolia (2017), p. 21. 54  See European Commission website newsroom, Commission launches public consultation on Database Directive, posted on 24 May 2017. https://ec.europa.eu/digital-single-market/en/news/ commission-launches-public-consultation-database-directive. 55  Drexl (2016), p. 22. 56  Directive (EU) 2016/943 of the European Parliament and of the Council of 8 June 2016 on the protection of undisclosed know-how and business information (trade secrets) against their unlawful acquisition, use and disclosure, OJ L 157 (Trade Secrets Directive). 57  Osborne Clarke (2016). For instance, this study reports that in Spain, data as such is not seen as within the category of things which can be a trade secret. For the Italian approach instead, see Banterle (2018). 58  Bird & Bird (2017), p. 110. 53

9  Data Ownership in the Data Economy: A European Dilemma

211

Yet, protection requirements can be difficult to meet in the context of real-time data processes. Data collected by sensors or smart devices need to be re-used and matched with data of many device manufacturers: secrecy cannot be always confirmed. If a database is in fact being licensed under confidentiality to a multitude of businesses in a particular sector, this could render it “generally known” in the relevant circles.59 On commercial value, it is unclear that single data generated by interconnected machines and devices could have commercial value as individual data. Instead, many data will be considered valuable only if they are part of larger datasets. Additionally, it is doubtful if raw data has a value per se or rather only potential value. This analysis is probably sector-based (e.g., personal data tend to have a high commercial value in the context of behavioral advertising and big data). Finally, it is questionable whether it will always be possible to establish a causal link between secrecy of the information and commercial value.60 Data must be shared among the various actors in the data value chain and needs to be subject to sufficient protection measures to keep it secret. The Directive gives no guidance as to what may constitute reasonable steps (this assessment is to be made by reference to the circumstances). However, at least in some jurisdictions, it is possible to rely on confidentiality agreements as security measures.61 Yet, it could be particularly difficult to allocate protection to a single actor controlling the trade secret, where a multitude of data players interact.62 On ownership, the Trade Secrets Directive refers to the holder of a trade secret as the person who lawfully controls that information. However, it introduces an effective right of control over data (granting protection of a de facto “possession”) while remaining neutral on the question of ownership of information.63 It does not establish indeed a property right system (although it leaves Member States free to introduce more far reaching provisions and to introduce property rights in data). However, under the trade secrets discipline, operators are able to treat data as another form of asset. On the scope of protection, the Trade Secrets Directive does not go so far as to introduce a new absolute-IP right for trade secrets, and indeed the protection is relative, i.e., only against misappropriation. Independent discovery of the same information and reverse engineering are lawful. The Trade Secrets Directive grants remedies against third party recipients of the data if they knew or should have  Osborne Clarke (2016), p. 10.  Drexl (2016). 61  Bird & Bird (2017), p. 110. This situation should now be harmonized (at least partially) under the Trade Secrets Directive. See Banterle (2018). 62  Drexl (2016), p. 24. 63  Osborne Clarke (2016), p. 11. This absence of ownership contrasts with the default position in patent and copyright law, where any rights arising in work done by an employee in the course of her employment automatically belong to the employer. Employers will not automatically be the holder of trade secrecy rights in valuable data arising from employees’ work. It will be important to provide for this in employment contracts. 59 60

212

F. Banterle

known that the person passing it to them was not authorized to do so. This protection can be considered as better suited to serve the purposes of the data-economy, by focusing on the specific way in which a third party has in unlawfully acquired access to the data (instead of granting exclusive protection on the use of data against the world), thus allowing a more flexible ownership regime, with the limits outlined above. 3.2.2  Controllership Schemes Derived from Data Protection Law The EU data protection legislation has been recently innovated by the General Data Protection Regulation (“GDPR”).64 The GDPR sets out the rules for processing personal data, including the collection, use of, access to, and portability of personal data, as well as the possibilities to transmit or transfer personal data. The data protection legislation gives rise to two distinct ownership schemes. On one hand, individuals shall have control on their data, as a general privacy right (Recital 7 of the GDPR). This comes close to a quasi-property rights on personal data,65 although it is debated if individuals are free to dispose or sell their data.66 On the other hand, data controllers (the operators that process individuals’ data) have a different kind of ownership in personal data, through a legitimate possession, as data controllers.67 Indeed, data protection laws allow data controllers to exploit personal data for commercial purposes (based on data subjects’ consent or data controller’s own legitimate interest—see Recital 47 GDPR in this regard). As long as all data protection requirements are met (subject to an accountability principle), data controllers can exploit those data. Thus, this position of legal control on the processing of data entails a sort of factual possession of data, although it is not equipped with direct exclusionary powers or special remedies against third parties, which may also have competitive consequences. Additionally, some commentators have argued that this control entitlement is in fact enhanced by market failure, where information asymmetries between companies and users about the actual processing of data occur and consumers face high monitoring costs68 that strengthen the factual possession by data controllers.  Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, OJ L 119. 65  A property right includes two powers: the right to use a good and the right to exclude others from such use. Privacy rights do not include the right to use personal data (which resides in image rights, name rights, etc.), but rather the right to exclude others from using them. See Purtova (2015) and Ubertazzi (2014). See also Specht and Zerbst (2018) and Rees (2014). 66  The possibility to pay services with personal data was suggested by the Proposed Digital Content Directive—Proposal for a Directive of the European Parliament and of the Council on certain aspects concerning contracts for the supply of digital content COM (2015) 634 final. See Metzger et al. (2018) for more details; see also Victor (2013), Purtova (2015) and Malgieri (2016). 67  In the same sense, see Bird & Bird (2017). 68  Sholtz (2001). 64

9  Data Ownership in the Data Economy: A European Dilemma

213

3.2.3  Traditional Property Rights Data are intangible, non-rivalrous goods, and as such fall outside the traditional definitions of property.69 Indeed, in light of the increasing role of immaterial assets, it is lively debated whether the concept of property should be flexible enough to extend it to new objects and rights, to apply also to res immateriales (traditionally protected by intellectual property (IP) rights),70 to eventually allow commoditization of data71 and be opened to move towards digitizing the Code civil. Property rights in goods are subject to a numerus clausus principle, preventing operators from creating previously non-existing property rights.72 The same principle applies to intellectual property, where law must determine the relevant subject matter.73 Thus, interests in res immateriales not included in existing property rights benefit from a limited protection, qualified as an “entitlement”,74 which is characterized by the absence of exclusivity.75 In this regard, to ensure protection in a similar “grey zone” between private and public goods, a proposed solution relies on the “material availability” of the immaterial good. A modern approach considers as a “natural” concept the ownership of any utility produced by a private activity where it has economic value.76 Moreover, a general principle has been occasionally affirmed, under which any outcome of an economic activity constitutes a good and its commercial exploitation is exclusively reserved to the entity that generated it (for example, this was affirmed in relation to sport events).77 National property law has been otherwise applied by courts linking “ownership” with respect to non-personal data to the ownership of the physical means of storage of such data.78

 Zeno-Zencovich (1989), p. 452.  Zech (2016a), pp. 59–60. 71  Purtova (2015) and De Franceschi and Lehmann (2015). 72  van Erp (2017), van Erp (2009) and Purtova (2015). 73  Resta (2011), p.  22. Intellectual property is protected by Art. 17.2 of the Charter of the Fundamental Rights of the European Union. The CJEU in Promusicae (Productores de Música de España (Promusicae) v Telefónica de España SAU, Case C 275/06, Judgment of 29 January 2008, par. 62) confirmed that “the fundamental right to property […] includes intellectual property rights”. 74  Van Erp (2017). 75  Zeno-Zencovich (1989), p. 460; van Erp (2017). 76  Resta (2011), p. 28. 77  Resta (2011), p. 45, referring to a judgment of the Court of Rome, First Instance, 31 March 2003, in Foro it., 2003, I, 1879, in relation to sport events; and the judgment of the BGH, of 25 January 1955, in BGHZ, 16 (1955), 172, which held that non-protectable know-how can, however, be subject to a general absolute right of the owner and unfair competition law protection. See, however, Hoeren (2014) for diverging case law, e.g., in the UK. 78  SWD (2017) 2 final, p. 19, recalling the decision of German Bundesgerichtshof (Federal Supreme Court) of 15.11.2006 (ownership of software on a CD-ROM); and the recent decision of the same court—decision of 10 July 2015—on the transfer of ownership on the physical storage as a result of data recordings (in that case: audio recordings on a tape) would be leading to a transfer of ownership under civil law to the party that could claim rights on the data. 69 70

214

F. Banterle

This debate on extending the traditional property concepts to immaterial assets was reinforced by the CJEU in UsedSoft.79 The CJEU defined the sale of an (tangible or intangible) asset as “an agreement by which a person, in return for payment, transfers to another person his rights of ownership in an item of tangible or intangible property belonging to him”.80 In that case, the Court recognized ownership in the downloaded copy of a software. Actually, it was correctly observed that the Court did not apply a general concept of property to immaterial assets. It applied the principle of exhaustion (typical of the analogic word) in the digital context and used the concept of ownership in a downloaded file to re-balance copyright exclusive right as another form of property.81 3.2.4  Unfair Competition Laws In many European jurisdictions,82 unfair competition laws may protect intellectual creations or economic assets against misuse and free riding (misappropriation of information by former employees or by competitors, etc.), as a subsidiary form of protection. Protection is normally granted against unlawful conducts contrary to honest commercial practices and depends on factual circumstances. In many cases, unfair competition law grants protection against misuse or misappropriation of confidential information, recognizing a general ownership in that data.83 It is possible to attribute a role to these general laws in the definition of a data ownership regime only in case there is sufficient economic justification for protection against free-riding. From an economic perspective, fee-riding should be considered unlawful where it undermines incentives for investment in the production of the asset that is copied.84 In practice, this should mean that one has to prove investments/efforts in creating that dataset and/or the fact that the information at stake is able to grant an unfair  competitive advantage.  However, it appears that unfair ­competition laws follow different local approaches in the EU, that show a critical level of de-harmonization and make it difficult to draw a common line.85 3.2.5  Factual Access Limitation and Contracts Data can be factually protected by physical/technological access restrictions or by contract. These are the two means market in the data-economy has used to grant access to data, relying on factual exclusivity. Despite limitations arising from  CJEU, UsedSoft GmbH v Oracle International Corp, Case C-128/11, Judgment of 3 July 2012. See SWD (2017) 2 final. 80  UsedSoft, par. 42. 81  Drexl (2016). 82  See Osborne Clarke (2016) for further details. 83  See Banterle (2018). 84  Drexl (2016). 85  Osborne Clarke (2016). 79

9  Data Ownership in the Data Economy: A European Dilemma

215

property laws (see Sect. 3.2.3 above), the CJEU has confirmed that contractual freedom can regulate access to databases not protected by copyright or the database right, i.e., raw data.86 New contractual schemes are indeed emerging. In many cases, data are traded as res immateriales. In particular, the ability to factually control data can trigger transaction following the traditional approach in the trade of immaterial assets that is based on intellectual property categorizations.87 Data are subject to the assignment of the right on the immaterial good encompassing such data, which also includes the right of the computational use of those data.88 Data can be also subject to temporary usage rights, following traditional intellectual property license schemes. In this case, the existence of a property right in the data (in terms of intellectual property, trade secrets, or data protection rights) is assumed. Where the data are not subject to any ownership regime, they will be the subject of a contractual obligation to provide the data (including the tangible asset where data are incorporated). In this case, remedies will be of contractual nature, with no effects against third parties89 (except for unfair competition law remedies, as explained above). In other cases, data are traded as commodities and transferred as res corporales.90 Data can be considered as an aggregation of bits incorporated in electronic files. In this case, their transfer can follow rules and practices that are most familiar to the trading of commodities, in relation to which data show many functional similarities.91 However, because of the particular nature of data, the rules for transferring material assets can be influenced by those of immaterial assets. For example, if intellectual property rights on the datasets encompassed in the tangible asset exist, the general principle that the transfer of the tangible asset does not include the assignment of the underlying IP rights in the material included in that asset applies.92 Other influences can derive from data protection laws. On the contrary, circulation of immaterial assets can be affected by technological rules applicable data intended as res corporales, such as consumer laws and communication laws (e.g., in relation to technical standards for electronic communications, particularly in regulated markets).93 Data can be also collected in deposits (or data lakes),94 to allow multiple parties to access and re-elaborate vast amounts of data. There is an emerging trend in the  CJEU, Ryanair Ltd v PR Aviation BV, Case C 30/14, Judgment of 15 January 2015.  Drexl (2016), p. 29. 88  See Ottolia (2017), p. 221. 89  Ibid. 90  See Zech (2017). 91  Ottolia (2017), p. 222. 92  Except for those rights that are instrumental and necessary to use that asset. 93  Ottolia (2017), p. 234. 94  A data lake is a “subject-specific repository for large quantities and varieties of data, both structured and unstructured. The data lake accepts input from various sources and can preserve both the original data fidelity and the lineage of data transformations.” See European Commission (2017) Big data: a complex and evolving regulatory framework. https://ec.europa.eu/growth/tools-databases/dem/monitor/sites/default/files/DTM_Big%20Data%20v1_0.pdf. 86 87

216

F. Banterle

offer of big data as a service: it is possible to outsource the computational use of data to external providers better equipped to process large amounts of data. In that case, it is common to have complex license arrangements, also in relation to the results of the computational uses of the datasets. Raw data are also offered as a service: services offer the data generation itself, e.g., real-time access to a measuring device generating data. In this case, data is offered as a service rather than a commodity. This distinction between commodity and service paradigm appears important for applying contract law categorizations.95 In more complex data projects, where a multitude of actors interact in the elaboration of data in view of developing innovating technologies (e.g., smart cars), contract arrangements are adapting to reflect the joint or partial ownership of the results of the data aggregation and processing, and the ability to re-use the data. A solution could have complex plurilateral framework agreements with the participation of all the actors involved in the data elaboration. Similarly, data pools are a model—deriving from the patent experience—applicable to complex interactions of actors in innovative big data projects, where the creation of a consortium of data players is a solution to allow complex innovative data initiatives and a better governance of the data lakes.96 3.2.6  Conclusion None of the data-related rights illustrated above configures a comprehensive ownership regime. In some cases, they provide tools to protect structured datasets. In other cases, they provide a more limited protection of a de facto “possession”, rather than referring to a concept of “ownership”. In the absence of a full property regime applicable to data as such, raw data is mostly controlled via contract and access restriction mechanisms, based on factual exclusivity, without recognition of ownership in the sense of private law. In fact, an ownership regime determined by contract, factual control, intellectual property, trade secrets, and data protection laws already results in a strong protection mechanism for data.

4  The New Proposed Data Producer’s Right The proposal of introducing a data producer’s right for non-personal or anonymized data assumes that EU data-economy would require protecting types of data not necessarily eligible for IP protection, but which merit protection as a valuable asset of the data value cycle. A similar right would enhance the tradability of non-personal machine-generated data as an economic good.97

 Zech (2017).  For more details see Ottolia (2017), p. 272. 97  SWD (2017) 2 final, p. 33; Zech (2016a). 95 96

9  Data Ownership in the Data Economy: A European Dilemma

217

4.1  Scope of the Right The Commission’s proposal is quite general and vague on the new proposed data producer right. However, its main features could be summarized as follows. It should be a right in rem, granting exclusive rights to re-utilize the data against the world (erga omnes). It would include a set of rights enforceable against any third party, independent of contractual relations. In other words, it would prevent further use of data by third parties, including the right to claim damages for unauthorized access and use of data.98 As an alternative option, the Commission proposed considering—instead of creating a right in rem—conceiving it as a purely defensive right.99 It would in fact follow the approach adopted by the Trade Secrets Directive, protecting a de facto possession (rather than recognizing a concept of ownership), as a relative right (i.e., only against misappropriation). It would provide defensive elements of a right in rem.100 To avoid granting too broad rights, there are two main limitations, relating the scope of the protected subject matter. First, the new right would not apply to personal data, as the protection of the latter is a fundamental right, and their use is subject to individuals’ control. Second, the scope of the data covered recalls Prof. Zech’s classification, which is based on semiotics.101 It distinguishes between content layer, code layer and physical layer, to define information and treat it as an object. The new right would protect non-personal or anonymized machine-­generated data not yet structured in a protected database. However, the protection should cover only the “syntactical” level information102 (information represented by a certain amount of “signs”: representation in code form).103 This includes metadata, as they  SWD (2017) 2 final, p. 33.  SWD (2017) 2 final, p. 33, citing Kerber (2016), that appears to be favouring this approach. 100  It would be possible for the de facto data holder to sue third parties in case of misappropriation of data. In particular, the following civil remedies would be granted: (i) the right to seek injunctions preventing further use of data by third parties who have no right to use the data; (ii) the right to have products built based on misappropriated data excluded from market commercialization; and (iii) the possibility to claim damages for unauthorized use of data. In particular, the Commission believes that the protection should not be limited so that mere dissemination of data without a real use made of the data could remain lawful [As suggested by Mattioli (2014)]. This is because such an approach would work only on the assumption that what happens de facto is already a balanced and efficient data market. Moreover, in the Commission’s view, this assumption may not be correct. In particular, it would be necessary to combine this approach with other measures to avoid consolidating de facto situations that could amount to market failures. See SWD (2017) 2 final, p. 33. 101  Zech (2015), citing Eco, A Theory of Semiotics, 1978. 102  SWD (2017) 2 final, p. 33; Quoting Zech (2016a). The Commission offers the following example: an e-book or a photographic image has a semantic level which is the expression of ideas or the presentation of objects or persons. Copyright covers this level of information. However, the data file of such an e-book or image is merely a representation of signs encoding such information usually requiring tools to present the information. 103  Syntactic information are bits, texts, pictures—intended as a number of signs, sound recordings, or data—intended as information coded for machines. 98 99

218

F. Banterle

contain the information necessary to use the data subject to such a potential new right. The “semantical” level information (the “meaning”: information and ideas encoded in the data) would be excluded from the scope of protection.104 Based on Prof. Zech explanation, the scope of protection would in particular include use by carrying out statistical analyses, but not the re-creation of the same data by independent measurement.105 The Commission does not define the term of protection. According to Prof. Zech, the term should be short.106

4.2  Right Allocation On initial ownership, according to Prof. Zech’s suggestion, the right would initially belong to the operator economically responsible of the equipment that generates the data.107 In the Commission’s proposal, the allocation of the data producer right should consider the investments done and the resources put into the creation of the data.108 In that regard, investments are made most often by: (i) the manufacturer of the sensor equipped machines or device—that invested in the creation of that tool or system; or (ii) the economic operators using such devices, that purchased the tool or paid a lease fee on that tool or machine. If more entities have invested in the data collection through that machine or device, according to the Commission, this should result in joint rights on the data generated. Since there may be a multitude of actors owning and/or operating the equipment used to generate the data, and allocating the right might be problematic, freedom to contract should allow deviating from that rule.109 If instead a set of purely defensive rights is to be considered, such rights could protect de facto data holders that have lawful possession of data against unlawful use by others. This would in fact replicate the same scheme of the Trade Secrets Directive, without application of the need of implementing reasonable security measures or secrecy requirement, since data need to be shared with a wider range of business partners. Technical measures such as digital watermarking would need to complement such a potential new right to make rights on data traceable.

 Zech (2015), p. 194.  Zech (2016a), p. 75. 106  Since using data by analyzing them can be done relatively quickly—Zech (2016a), p. 75. 107  Zech (2016a), p. 75. 108  SWD (2017) 2 final, p. 35. 109  SWD (2017) 2 final, p. 35. 104 105

9  Data Ownership in the Data Economy: A European Dilemma

219

5  Possible Negative Effects of Data Producer’s Right 5.1  E  xcessive Protection and Overlap with Existing Intellectual Property Rights The proposed data producer’s right has been lively criticized.110 Yet, as Prof. Drexl stated, equating data with tangible objects under a property right is risky because there are different economic models characterizing immaterial from tangible assets. Property provides two sub-rights: a right to use a good and a right to exclude others from that use. The debate on data ownership is inspired by the lack of protection on the right to use (allocation problem). The recognition of an exclusive right on data against the world would amount to a very powerful intellectual property right (a super IP right)111 that exceeds the limitation that intellectual property law has set for preventing data appropriation. Such an exclusive right would risk creating barriers to the free flow of information. Indeed, the supposed balancing elements do not seem adequate: the semantical/syntactical level distinction does not appear straightforward. On the contrary, it seems very hard to apply in concrete, as in most cases there will likely be an intrinsic relationship between the external form of data as electronic bits (syntactic layer) and its content (semantic layer), also because of the fact that data are commonly based on standardized protocols.112 Moreover, from an economic perspective, a right to exclude others from the use of data is less relevant than in the case of tangibles. Data are not rivalrous: re-use of the same data by third parties does not prevent the owner from their use. Additionally, raw data protection would not be connected to an intrinsic merit of that information (opposed to trade secrets or database protection). Therefore, the prejudice of the rightholder would only be in terms of missing a chance to potentially monetize an internal asset—problem that can be solved by way of contract and technological access restrictions. The data producer’s right would overlap and compete with existing intellectual property protection.113 This is mostly because the intellectual property rightholder  See Drexl (2016), Drexl et al. (2016), Hugenholtz (2018) and Ottolia (2017).  Hugenholtz (2018). 112  Ibid. The risk of this situation appears to be recognized also by Prof. Zech (2015), p. 194: “Thus, the physical layer carries the syntactic layer and the syntactic layer the semantic layer.” For example, GPS sensor-generated data produced by smartphones are commonly collected by apps, transferred to third parties, and then used for computational analysis for commercial purposes (e.g., to study a particular audience in a target metropolitan area, or for developing location-based services). How is it possible to differentiate the syntactic level from the semantic layer in the data produced by the GPS sensors? The formal expression of the GPS unit/data (the code/bit) is expressed in the form of geographical coordinates associated to an identifier (e.g., IP address) and a timestamp, i.e., there is a one-to-one relationship with the semantic level (the geographical coordinates). 113  Hugenholtz (2018). For instance, a database of consumer behavioral data collected from a cloud-based service, which is used to identify patterns to create customer segments, would qualify as a database protected under the sui generis database right; in some cases, as a creative database 110 111

220

F. Banterle

on that content may not be the same entity operating the machine that generates the data. Additionally, this overlap may conflict with and undermine exceptions under copyright and database rights—unless the data producer’s right would replicate all the existing ones. Additionally, intellectual property rights on data can co-exist with data protection rights.114 The new data producer rights would instead apply only to non-personal data and in certain sector (e.g., big data relating to consumer behaviors) this would add an additional difficulty. The new right would undermine typical intellectual property mechanisms of incentives. Indeed, the data producer right has no originality or similar eligibility threshold connected to an intrinsic merit or value of that information. It is granted only in view of the potential value of raw data. It would exceed intellectual property rights’ limitation (e.g., data collection/creation limitation in database right; secrecy, and commercial value for trade secrets). Thus, it would in fact offer an additional layer of protection that it is easier to obtain, competing with other intellectual property and similar data-related rights. The exclusion of information and data as such from the scope of intellectual property law should not be deemed merely ontological.115 Intellectual property law’s denial to protect data reflects instead a specific information policy not to protect information as such (and the same applies to trade secrets protection that is not following a property approach), that is depending on a variety of public interest values. First, freedom of expression and information, and then innovation. If we consider the American experience on protection of data and facts, in the Feist decision (which is considered as one of the antagonists of the sui generis database right in the EU),116 the United States (US) Supreme Court explained why granting ­exclusive rights on facts and data is contrary to the primary objective of (US) copyright system. That is, not to reward the author, but ultimately to promote progress of culture and of the society. In doing so, copyright grants protection to the original expression of a work but encourages other authors to build freely upon the ideas and information conveyed by a work. That is the core of the idea-expression (or fact-­ expression) dichotomy: “as applied to a factual compilation, assuming the absence of original written expression, only the compiler’s selection and arrangement may be protected; the raw facts may be copied at will. This result is neither unfair nor unfortunate. It is the means by which copyright advances the progress of science and art.”

that enjoys copyright protection; but also as a machine-generated data subject to the data producer’s right (that could belong to the cloud provider). The database right was designed to avoid crossing the frontier of other IP rights; the new data producer right risks leading to extensive overlaps and result in plurilateral competing claims of ownership in the same material. 114  Banterle (2018). 115  Hugenholtz (2018). 116  Football Dataco & Others v Stan James Plc & Others and Sportradar GmbH & Others, [2013] EWCA Civ 27, par. 98.

9  Data Ownership in the Data Economy: A European Dilemma

221

It appears that there is no natural law that says that, only because it has value, data as an asset has to be owned by somebody.117 Recognition of any new intellectual property right should be considered a form of government regulation of the market. It needs a particular justification, that for the data ownership needs to be an economic one: solving a market failure by creating an economic incentive for the production of data and facilitating the re-use and trade of data.118 Instead, no economic evidence supports the introduction of such data producer’s right.119 In particular, there is no evidence of the absence of incentives for producing data, nor that data-driven businesses are suffering from allocation problems. It is possible in principle that the data-economy suffers from market failures, but it seems that there are enough possibilities of trading data, and trading issues seem solvable through contract and technical access restrictions. Lastly, the innovation of big data and of the data-economy requires that these new resources and knowledges should be exploited as freely as possible. Otherwise, their potential, and the relevant benefits for the society as a whole, cannot be unleashed. This seems the same reason why the Commission proposed a text and data mining exception in the DSM Copyright Directive. Although the scope of the proposed exception appears too narrow (and could have negative effects, as underlined above), it confirms the need of promoting such uses and the accessibility of data. The introduction of a new right in data risks going in the opposite direction.

5.2  Legal Uncertainty, Data Fragmentation, and No Flexibility The concept of big data is often expressed by three features: volume, variety, and velocity. Real-time data generation and the amount of data processed would make difficult defining a clear concept of ownership, in terms of subject matter (the syntactical v. semantical level distinction appears difficult to apply) and allocation of the ownership to the various actors of the data value cycle. The introduction of a new right would not provide the flexibility needed to perform big data analytics, and it risks restricting contractual autonomy, as the industry has pointed out.120 Contract practice over data is fast-evolving and already treating data as property, where needed. The unique downside of leaving the solution to the market appears in the case of unequal bargaining power of the parties: a stronger  Drexl (2016).  Hugenholtz (2018). 119  European Commission, Joint Research Centre (2017) and Kerber (2016). 120  European Commission (2016) Synopsis report on the contributions to the public consultation regulatory environment for data and cloud computing. https://ec.europa.eu/digital-single-market/ en/news/synopsis-report-contributions-public-consultation-regulatory-environmentdata-and-cloud; and Id. (2017) Synopsis report of the public consultation on building a European data economy. Available at: https://ec.europa.eu/digital-single-market/en/news/synopsis-reportpublic-consultation-building-european-data-economy. 117 118

222

F. Banterle

party can obtain an advantage over a weaker party and/or create data lock-in effects. However, this does not seem enough to justify the introduction of new rights. Indeed, the same data industry rejects the introduction of new property rights in data, stressing that they are able to implement their business models by relying on contract law. Most probably, data ownership is not a concept that fits the needs of the data economy at all: given the velocity of the data-economy, any legislation in this area would likely inhibit the freedom of the parties121 and the introduction of a new right is seen as a form of governmental intervention to be avoided.122 Well-­ defined ownership rights may increase data fragmentation and prevent the realization of economies of scope because of high transaction costs.123 It would risk creating dominant positions on information. It would contravene freedom of expression and information, and pose new obstacles to freedom of competition, freedom of services, and ultimately the free flow of data.124

6  Conclusion Do we really need to define ownership in data? In the Roman law tradition, by qualifying the form of ownership, it is possible to obtain the type of utility that is legally protected.125 Similarly, economists are inclined to think that well-defined private property rights are a necessary condition for an efficient resource allocation. However, no economic evidence so far supports the introduction of such data producer’s right: further research is required.126 Indeed, the subject matter and scope of protection of the new right should be based on the interests and uses deserving protection and in framing the new regime economic arguments play a key role.127 At the moment, there seems to be no significant market failures (despite it is not excluded that this can occur, in principle). The industry is not concerned to establish complex contractual arrangements for managing their data.128 The same orientation emerged from the recent public consultations launched by the Commission.129 The complexity of the market is still not clear. Probably, it may be necessary to await a

 Osborne Clarke (2016), p. 86.  Drexl (2016), p. 6. 123  European Commission, Joint Research Centre (2017). 124  Hugenholtz (2018). 125  Zeno-Zencovich (2018), p. 3. 126  European Commission’s Joint Research Centre (2017) and Kerber (2016). 127  Drexl (2016). 128  Osborne Clarke (2016). 129  European Commission (2016) Synopsis report on the contributions to the public consultation regulatory environment for data and cloud computing. https://ec.europa.eu/digital-single-market/ en/news/synopsis-report-contributions-public-consultation-regulatory-environmentdata-and-cloud. 121 122

9  Data Ownership in the Data Economy: A European Dilemma

223

more mature commercial landscape to formulate if and what legislative intervention would be most appropriate.130 Introducing new exclusive rights in data does not seem appropriate in the data economy and it apparently does not fit with the main goal of ensuring a free flow of data. At the current stage, it is impossible to predict where value will be created. Access to data and the creation of knowledge should therefore be guaranteed. There is no room for experimenting new rights, that are in fact very difficult to be reversed once introduced in the legal system. The Database Directive offers a valuable example. Despite the evaluation of the Database Directive done by the European Commission in 2005—after 10 years, showed that the Directive had no positive effect (and that instead in the US after Feist—despite no new right on data was introduced, the database industry significantly grew),131 in 2017 the Commission has launched a new consultation with the aim of confirming the Directive.132 The result is that there is little evidence and unclarity regarding the application and effects of the Directive. However, there is no plan for a U-turn. Considering the three characteristics of big data—volume, velocity, and variety, it is reasonable to say that in the data economy, access is more important than property in the data. Indeed, in the data-economy, granting access equates to possessing information in traditional property categorizations. Hence, efforts should go into the direction of investigating the possibility of promoting access to information in a pro-competitive way, where factual control creates a lock-in effect,133 particularly in relation to the sources of information (i.e., where the analysis of real-time data can take place).134 As an alternative to an exclusive right (in line with the options proposed by the Commission), exploring access to data against remuneration (adopting a liability rule instead of a property rule) seems fitting best the data-economy. In that case, it could be considered degrading a property right to a right to compensation, which could happen at Fair, Reasonable, and Non-Discriminatory (FRAND) conditions. In fact, the original proposal of the Database Directive included a similar provision, with an obligation to license on non-discriminatory terms where the data were not available from other sources (that was eventually discharged).135 However,

 Same conclusion reached by Osborne Clarke (2016).  European Commission (2005) First evaluation of Directive 96/9/EC on the legal protection of databases, DG Internal Market and Services Working Paper, Brussels. http://ec.europa.eu/internal_market/copyright/docs/databases/evaluation_report_en.pdf. 132  See European Commission website newsroom, Commission launches public consultation on Database Directive, posted on 24 May 2017. https://ec.europa.eu/digital-single-market/en/news/ commission-launches-public-consultation-database-directive. 133  Drexl (2016). 134  Surblyte (2016). 135  COM (92) 24, p.  4, recital 31, Art. 8. See Banterle (2018) and the European Commission’s Explanatory memorandum to the Proposal for a Council Directive on the legal protection of databases COM (92) 24 final. 130 131

224

F. Banterle

as it is currently happening in certain contexts,136 applicability of such obligations should be sector-based: the data-economy is growing too fast and show too many different situations that one rule for all sub-markets seems difficult to achieve, and this is arguing against a regime of general applicability. Again, data indispensability must be further analyzed and provide economic evidences137—with extreme prudence when it comes to take any action to make more data available for reuse. Meanwhile, the Commission can also support industry by promoting contractual models, standardization agreements, and standardized tools that allow access, processing, collection, and interoperability of data.

References Banterle F (2018) The interface between data protection and IP law: the case of trade secrets and the database sui generis right in marketing operations, and the ownership of raw data in big data analysis. In: Bakhoum et al (eds) Personal data in competition, consumer protection and intellectual property law. MPI Stud. Intellec. Property, vol 28. Springer, pp 411–443 Banterle F, Ghidini G (2018) A critical view on the European Commission’s Proposal for a Directive on copyright in the Digital Single Market. Giur Comm 6:921–957 Bird & Bird (2017) White Paper - data ownership in the context of the European data economy: proposal for a new right. https://sites-twobirds.vuture.net/1/773/landing-pages/white-paperform.asp De Franceschi A, Lehmann M (2015) Data as tradable commodity and new measures for their protection. Ital Law J:51–72 Drexl J (2016) Designing competitive markets for industrial data  – between propertisation and access. Max Planck Institute for Innovation and Competition Research, Paper No. 16-13 Drexl J, Hilty R et al (2016) Position statement of the Max Planck Institute for Innovation and Competition on the current debate on exclusive rights and access rights to data at the European level. GRUR Int 65(10):914–918 European Commission, Joint Research Centre (Duch-Brown N, Martins B, Mueller-Langer F) (2017) The economics of ownership, access and trade in digital data. JRC Digital Economy Working Paper 2017-01  See SWD (2017) 2 final, p. 21. Sector-specific legislation regulates the access to private nonpersonal data. Regulation 715/2007 regulates access to in-vehicle data for supporting the market for after-sales services—maintenance and repair (Art. 6). Data does not have to be provided for free, but under a reasonable and proportionate fee (Art. 7). The ITS Directive (Directive 2010/40/ EU of the European Parliament and of the Council of 7 July 2010 on the framework for the deployment of Intelligent Transport Systems in the field of road transport and for interfaces with other modes of transport, OJ L 207) calls for actions to allow the sharing and exchange of transport and traffic data. The Payment Services Directive (Directive 2015/2366/EU revising Directive 2002/65/ EC) also regulates access to ‘payment information’ under certain conditions, thus favoring the development of fintech industry. 137  See SWD (2017) 2 final, p.  21, recalling the main conditions outlined by the CJEU for any action based on competition law principles to lead to an obligation to license the use of commercial information: (i) that the data is indispensable for the downstream product; (ii) that there would not be any effective competition between the upstream and downstream product; (iii) that refusal prevents the emergence of the second product; and (iv) there is no objective reason for the refusal. See also Drexl (2016), p. 48. 136

9  Data Ownership in the Data Economy: A European Dilemma

225

Ginsburg JC (2018) People not machines: authorship and what it means in the Berne Convention. IIC 49:131–135 Hoeren T (2014) Big data and the ownership in data: recent developments in Europe. EIPR 36(12):751–754 Hugenholtz P (2018) Against ‘Data Property’. In: Ullrich H, Drahos P, Ghidini G (eds) Kritika: essays on intellectual property, vol 3. Edward Elgar Publishing, Cheltenham, pp 48–71 Kerber W (2016) A new (intellectual) property right for non-personal data? An economic analysis. GRUR Int 989 Malgieri G (2016) Property and (intellectual) ownership of consumers’ information: a new taxonomy for personal data. PinG 4:133 Mattioli M (2014) Disclosing big data. Minn Law Rev:535–583 Metzger A, Efroni Z, Mischau L, Metzger J (2018) Data-related aspects of the digital content directive. JIPITEC. https://www.jipitec.eu/issues/jipitec-9-1-2018/4682 OECD (2015) Data-driven innovation: big data for growth and well-being. OECD Publishing Osborne Clarke (2016) Legal study on ownership and access to data. European Union Bookshop Ottolia A (2017) Big data e innovazione computazionale. Giappichelli, Turin Perry M, Margoni T (2010) From music tracks to Google maps: who owns computer-generated works? Comput Law Secur Rev 26:621–629 Purtova N (2015) The illusion of personal data as no one’s property. Law Innov Technol 7(1):83 Ramalho A (2017) Will robots rule the (artistic) world? A proposed model for the legal status of creations by artificial intelligence systems. J Internet Law 21(1):12–25 Rees C (2014) Who owns our data? Comput Law Secur Rev 30(1):75 Resta G (2011) Nuovi beni immateriali e numerus clausus dei diritti esclusivi. In: Resta (ed) Diritti esclusivi e nuovi beni immateriali. Utet Sholtz P (2001) Transaction costs and the social costs of online privacy. First Monday 6(5). http:// firstmonday.org/ojs/index.php/fm/issue/view/133 Specht L, Zerbst J (2018) Considering the relationship between the civil law treatment of data and data protection law in Germany. JIPLP 13(6):504–512 Surblyte G (2016) Data as a digital resource. Max Planck Institute for Innovation and Competition Research Paper No. 16-22 Ubertazzi LC (2014) Proprietà intellettuale e privacy. Foro it.: 3-16 Van Erp S (2009) From ‘classical’ to modern European property law? In: Sakkoulas, Bruylant (eds) Essays in honour of Konstantinos D. Kerameus, pp 1517–1533 (also available at SSRN: http://ssrn.com/abstract=1372166) Van Erp S (2017) Ownership of digital assets and the numerus clausus of legal objects. Maastricht European Private Law Institute Working Paper No. 2017/6. Available at SSRN: https://ssrn. com/abstract=3046402 Victor JM (2013) The EU general data protection regulation: toward a property regime for protecting data privacy. Yale Law J 123(2):266 Wiebe A (2016) Protection of industrial data: a new property right for the digital economy? JIPLP 12(1):62–77 Zech H (2015) Information as property. JIPITEC 6:192 Zech H (2016a) Data as a tradable commodity. In: De Franceschi (ed) European contract law and the Digital Single Market. Intersentia, pp 51–79 Zech H (2016b) A legal framework for a data economy in the European Digital Single Market: rights to use data. J Intellect Prop Law Pract 11:460–470 Zech H (2017) Data as a tradeable commodity  – implications for contract law. In: Drexl (ed) Proceedings of the 18th EIPIN congress: the new data economy between data ownership, privacy and safeguarding competition. Edward Elgar Publishing, forthcoming. Available at SSRN: https://ssrn.com/abstract=3063153 Zeno-Zencovich V (1989) Cosa. In: Digesto delle discipline privatistiche. Utet, vol IV, p 438 Zeno-Zencovich V (2018) Dati, grandi dati, dati granulari e la nuova epistemologia del giurista. Medialaws, 2

Chapter 10

Net Neutrality: Chances and Challenges in the Information Age Ioannis Iglezakis

Abstract  Traffic management on the internet might lead to discriminatory practices, in case network operators block or degrade online services that compete with their own services. Such practices jeopardize the open character of the internet and stifle competition on the net. In the EU, the European Commission acknowledged in 2009 its commitment in preserving the open and neutral character of the internet, and vowed to enshrine net neutrality as a policy objective and a regulatory principle. Consequently, Regulation 2015/2120 was adopted aiming to safeguard equal and non-discriminatory treatment of traffic on the provision of internet access services and related users’ rights. Providers of internet services are allowed, however, to apply reasonable traffic management in accordance with objectively justified technical requirements. The situation is different in the U.S., where the rules on net neutrality, that were adopted by the Federal Communications Commission in 2015, were repealed in December 2017. However, several U.S. states have introduced state legislation to ensure net neutrality, and this has been challenged before the courts. Contentious issues related to net neutrality appear additionally on the introduction of the 5G mobile network standard.

1  Introduction The internet is a global network connecting individuals and businesses worldwide. It owes much of its success to the fact that it is an open network, allowing easy and low-cost access and use of its services. Its architecture is indeed unique, as it is a decentralized network with no dependency on a central distribution system, which uses a packet-switching technology that cannot be controlled by traditional mechanisms used in telecommunications.1 Mainly because of this characteristic, the internet was subject to a liberal regulatory regime already from the beginning. This  See Savin (2013), p. 5.

1

I. Iglezakis (*) Aristotle University of Thessaloniki, Thessaloniki, Greece © Springer Nature Switzerland AG 2020 T.-E. Synodinou et al. (eds.), EU Internet Law in the Digital Era, https://doi.org/10.1007/978-3-030-25579-4_10

227

228

I. Iglezakis

liberal approach is enshrined in the existing legal framework. In the European Union (EU), Directive 2000/31 (E-Commerce Directive) includes, inter alia, the principle that the activities of information society service providers may not be made subject to prior authorization by the state.2 In the U.S., the Federal Communications Commission (FCC) does not regulate information technology services, unlike electronic communication services, although the internet uses the telecommunications infrastructure.3 A great challenge to the openness of the internet are the traffic management practices put in place by network operators. Modern technology allows internet service providers (ISPs) to prioritize traffic with a low latency threshold, such as VoIP, and streaming media over traffic with a high latency threshold, such as web browsing or music download. While providers argue that in this way they can use more efficiently the limited bandwidth to provide better services, it has been argued that this allows them to discriminate against certain applications or data types, and thus, worsen the quality of competitive services, such as Skype, YouTube or Netflix, or even slow-down upload speed and thus, make it difficult to use file or video sharing services.4 These practices endanger the open character and the neutrality of the internet, i.e., the provision of the same standard of service regardless of the application and content used and open the way to ISPs to discriminate between different applications and content distributed on the internet.5 To deal with this situation, the EU has adopted rules on net neutrality, i.e., the principle of safeguarding equal and non-discriminatory treatment of traffic on the internet, with the objective to preserve the openness of the internet. Interestingly in the U.S., the FCC adopted the Open Internet Order in 2015 that also dealt with this issue. It prohibited broadband providers from blocking or slowing traffic, as well as from promoting paid prioritization. These rules were challenged by internet providers that argued that they stifled investment and thus, they were repealed by the Republican led government in December 2017. This left the EU as the sole proponent of net neutrality protection at international level.

2  Definition of Net Neutrality Network neutrality or in other words, net neutrality, is referred to as ‘The First Amendment of the Internet’,6 meaning that it is a fundamental principle of cyberspace. One of the front-runners in this area, Tim Wu, referred to net neutrality as “a principle according to which the network does not favor one application over  E-Commerce Directive, Article 4.  See Oxman (1999). 4  See Murray (2013), p. 16. 5  See Nunizato (2009); Murray (2013), p. 7. 6  See LSE Media Policy Project Blog (2011). 2 3

10  Net Neutrality: Chances and Challenges in the Information Age

229

others” and “to treat all content, sites, and platforms equally”,7 while Murray stated that it is “the principle that data packets on the internet should be moved impartially, without regard to content, destination or source”?.8 These definitions evidently concentrate on technical aspects of the network and impose the application of the principle of non-discrimination to internet traffic. Net neutrality is a regulatory principle, and as such, it is not defined expressis verbis in legislation. However, Article 8 (4) (g) of Directive 2002/21(Framework Directive),9 in its previous form, provided that national regulatory authorities should be obliged to promote the interests of the citizens of the EU by promoting the ability of end-users to access and distribute information to run applications and services of their choice, without prejudice to national measures laid down to fight illegal activities. This definition is now included in the preamble of Regulation (EU) 2015/2120, laying down measures concerning open internet access (Regulation 2015/2120 or Regulation),10 which established rules on open internet access.11 Under the preamble of Regulation 2015/2120, “the measures provided for in this Regulation respect the principle of technological neutrality, that is to say, they neither impose nor discriminate in favor of the use of a particular type of technology”.12 This is further exemplified, as it is mentioned that “end-users should have the right to access and distribute information and content, and to use and provide applications and services without discrimination, via their internet access service.”13 Arguably, net neutrality is not only concerned with the content of internet traffic. It also implies the right of individual users to enjoy uninhibited access to the use of online services, and thus, a rights-based approach appears more appropriate than the U.S. approach which was oriented towards regulating broadband services as a public utility and classifying high-speed internet as a telecommunications service.

 See Wu (2003).  See Murray (2013), p. 25. 9  Directive 2002/21/EC of the European Parliament and of the Council of 7 March 2002 on a common regulatory framework for electronic communications networks and services, OJ L 108/33, 24.4.2002. 10  Regulation (EU) 2015/2120 of the European Parliament and of the Council laying down measures concerning open internet access and amending Directive 2002/22/EC on universal service and users’ rights relating to electronic communications networks and services, and Regulation (EU) No 531/2012 on roaming on public mobile communications networks within the Union, OJ L 301/1. 11  Ibid, Recital. 3. 12  Ibid, Recital 2. 13  Ibid, Recital 6. 7 8

230

I. Iglezakis

3  The Rationale for Net Neutrality Rules on net neutrality are important because they are purported to maintain the open character of the internet, and allow internet users to gain access to online content and services without any discrimination and hinderance from service providers. For businesses, this means that they will not be forced to pay so that their services (i.e., streaming services) are not blocked or throttled.14 For start-up businesses, it is also important to compete on same terms with bigger companies, when offering online services. A prominent example of discriminating internet content by an ISP was the U.S. Comcast case in 2017. Comcast, which is the largest internet access provider in USA, throttled traffic to BitTorrent, a peer-to-peer service. A complaint was filed with the FCC by non-profit advocacy organizations alleging that Comcast’s action violated the FCC Internet Policy Statement. More specifically, they stated that “consumers are entitled to access the lawful Internet content of their choice… [and] to run applications and use services of their choice”. Consequently, the FCC issued an order prohibiting Comcast from interfering with subscribers’ use of peer-to-peer software and ruled that it impeded consumers’ ability to access content and use their desired applications. The FCC’s decision was appealed by Comcast and the D.C. Circuit Court of Appeals vacated the decision.15 In the EU, the Body of European Regulators of Electronic Communications (BEREC) issued a report in 201216 in which it presented its findings on traffic management practices in Europe. Accordingly, almost one third of internet access subscribers were affected by such practices (blocking or throttling). Such restrictions were related to specific types of traffic such as peer-to-peer traffic on fixed and mobile networks, as well as blocking of VoIP traffic, mostly on mobile networks, whereas in a number of cases preferential treatment was given to specific types of traffic or applications at peak times, such as http, DNS, VoIP, gaming, instant messaging, etc., and lower priority was given to applications such as file downloading, P2P, etc. It should be noted that network neutrality is not uncontested and providers of electronic communications to the public perceive it as a constraint on price discrimination, since regulations impose direct restrictions on ISP pricing. They also state that elements of network neutrality impose regulatory burdens on ISPs, and that network neutrality requirements constitute a “confiscatory” and unlawful “taking” of their property, as they cannot profit the most with complete freedom to capitalize on their investment in the next generation infrastructure.17 It is therefore evident that any legislation should attempt to strike a balance between the interests  See, i.e., European Commission - Fact Sheet, Roaming charges and open Internet: Questions and answers, 30 June 2015. 15  Comcast Corp. v. FCC, 600 F.3d 642 (D.C. Cir. 2010). 16  BEREC (2012). 17  See Frieden (2007). 14

10  Net Neutrality: Chances and Challenges in the Information Age

231

of providers and network operators, who must be able to keep investing and innovating in a competitive environment, and end-users, who must be able to access and distribute the content, services, and applications of their choice.

4  Regulatory Models In the U.S. and the EU, there are different regulatory models in place regarding net neutrality.

4.1  USA In 2015, the U.S. Federal Communication Commission adopted the Open Internet rules to protect and maintain open, uninhibited access to lawful online content. These rules prohibited18: (a) blocking: broadband providers could not block access to lawful content, applications, services or non-harmful devices; (b) throttling: broadband providers could not deliberately target some lawful internet traffic to be delivered to users more slowly than other traffic; (c) paid prioritization: broadband providers could not favor some internet traffic in exchange for consideration of any kind. Internet service providers are also banned from prioritizing content and services of their affiliates. These rules also put in place standards going forward to ensure that ISPs cannot engage in new or different practices, outside those three prohibitions, that would cause similar harms to the open internet. However, the Trump administration withdrew the rules on net neutrality adopted by the Obama administration, arguing that these rules are impeding investment, and instead, lighter regulation is necessary.19 Namely, on January 4, 2018, the FCC issued the Restoring Internet Freedom Order that took effect on June 11, 2018. The new FCC framework consists of three parts: (a) consumer protection: the Federal Trade Commission will police and take action against ISPs for anticompetitive acts or unfair and deceptive practices; (b) transparency: ISPs must publicly disclose information regarding their network management practices, performance, and commercial terms of service through their company website or the FCC’s website; (c) removal of unnecessary regulations, i.e., applying Title II of the Communications Act of 1934 to network providers to promote broadband investment. Online content companies, such as Google, Amazon, Twitter, Facebook, Dropbox, Ebay, and others reacted against this rule change, arguing that telecom operators would discriminate against specific content and that ‘fast lanes’ would be 18 19

 FCC, Restoring Internet Freedom.  See Trump’s plan to overturn net neutrality rules to face ‘a tsunami of resistance’, Rushe (2017).

232

I. Iglezakis

created for those that would agree to pay broadband providers.20 Furthermore, opponents of the repeal of net neutrality rules expressed their concern that ISPs will have excessive control over the internet and even initiate the splitting and trading of access to particular services in bundles, similarly to cable-TV services.21 Despite the repeal of the FCC rules, many U.S. states introduced net neutrality legislation, but the U.S. Justice Department and trade groups representing internet providers challenged these state laws before the courts.22

4.2  EU In the EU, Regulation 2015/2120 enshrined Net Neutrality following previous legislative initiatives. The telecommunications regulatory framework, which was enacted in 2009, included various provisions reflecting this principle that although not directly addressed certainly influenced EU telecom policies at that time. In particular, various amendments were made to the regulatory framework before the enactment of Regulation 2015/2120. Firstly, Article 8 of the Framework Directive (as amended by Directive 2009/14023 and Regulation 544/200924) provides that National Regulatory Authorities (NRAs) shall promote the interests of the citizens of the EU by, inter alia, promoting the ability of end-users to access and distribute information or run applications and services of their choice. Secondly, Article 20 (1)(b) of Directive 2002/22/EC (Universal Sales Directive)25 provides that consumers and end-users have the right of information concerning traffic management, i.e., to receive “information on any other conditions limiting access to and/or use of services and application where such conditions are permitted under national law in accordance with Community law”. Under Article 20 (2) of this Directive, subscribers have the right to cancel their contract with a provider of electronic communications to the public if they receive notice of modification to the contractual conditions. Thirdly, transparency requirements are established in Article 21 (3)(c) and (d) of the Universal Service Directive that provide that NRAs are able  Coren (2017).  Sasko (2017). 22  See, i.e., Shepardson (2018). 23  Directive 2009/140/EC of the European Parliament and of the Council of 25 November 2009 amending Directives 2002/21/EC on a common regulatory framework for electronic communications networks and services, 2002/19/EC on access to, and interconnection of, electronic communications networks and associated facilities, and 2002/20/EC on the authorisation of electronic communications networks and services, OJ L 337/37, 18.12.200. 24  Regulation (EC) No 544/2009 of the European Parliament and of the Council of 18 June 2009 amending Regulation (EC) No 717/2007 on roaming on public mobile telephone networks within the Community and Directive 2002/21/EC on a common regulatory framework for electronic communications networks and services, OJ L 167/12, 29.6.2009. 25  Directive 2002/22/EC on universal service and users’ rights relating to electronic communications networks and services as amended by Directive 2009/136 OJ L 108/51. 20 21

10  Net Neutrality: Chances and Challenges in the Information Age

233

to oblige undertakings providing public electronic communications networks and/ or publicly available electronic communications services to inter alia: (i) inform subscribers of any change to conditions limiting access to and/or use of services and applications, where such conditions are permitted under national law in accordance with community law and (ii) provide information on any procedures put in place by the provider to measure and shape traffic to avoid filling or overfilling a network link, and on how those procedures could impact on service quality. Finally, Article 22 (3) of the Universal Service Directive gives NRAs the right to intervene to prevent the degradation of service and the hindering or slowing down of traffic over networks. In such cases, NRAs are able to set minimum quality of service (QoS) requirements on an undertaking or undertakings providing public communications networks. The EU Commission appeared to endorse the principles included in the FCC’s open internet rules and Neelie Kroes, the Vice President of the European Commission, Commissioner for the Digital Agenda, proposed five principles upon which rules on net neutrality should be based.26 First, it stated that freedom of expression is fundamental. Any outcome that may put in danger freedom of speech is not supported. Furthermore, transparency is non-negotiable. In a complex system like the internet, it must be clear what the practices of operators controlling the network mean for all users, including consumers. Thirdly, it claimed that we need investment in efficient and open networks. Clear regulatory measures must be adopted to foster investment in new efficient and open networks. Deploying such networks and promoting infrastructure competition may be the best way to avoid bottlenecks and monopolistic gatekeepers, thereby ensuring net neutrality. Fourthly, the Commission referred to fair competition. On this principle, it must be made clear that every player on the value chain should be free to fairly position himself to offer the best possible service to his customers or end-users. Any commercial or traffic management practice that does not follow objective and even-handed criteria, applicable to all comparable services, is potentially discriminatory in character. Discrimination against undesired competitors (for instance, those providing voice over internet services) should not be allowed. Finally, the Commission referred to support for innovation. There must be opportunities for new efficient business models and innovative businesses. Over time, one should continue to monitor whether traffic management is a spur to future network investment, and not a means of exploiting current network constraints. Network neutrality was included as part of the Telecoms Single Market Proposal to the EU Parliament and the Council,27 and the reason was that there were fears that the enactment of divergent national legislations would lead to inconsistencies and incompatibilities that would hamper the European single market.28 Subsequently, on  See Kroes (2010).  Proposal for a Regulation of the European Parliament and the Council laying down measures concerning the European Single Market for Electronic Communications and to achieve a connected continent COM (2013) 627 final. 28  Regulation 2015/2120, Recital 3. 26 27

234

I. Iglezakis

November 25, 2015, Regulation 2015/212029 was adopted with a view to safeguard equal and non-discriminatory treatment of traffic in the provision of internet access services and related users’ rights. Its objective is not only to provide protection to end-users but also guarantee the functioning of the internet ecosystem. It considers that the internet has been developed as an open platform with low access barriers for a multitude of players, such as users and providers, and that the regulatory framework promotes such ability. The openness of the internet can, however, be jeopardized by traffic management practices blocking or slowing down specific applications or services and may affect a significant number of end-users.30 It has also been considered that if Member States take measures against such practices, this may lead to fragmentation of the internal market. Indeed, network neutrality rules have been enacted in the Netherlands, Slovenia, and Finland. More specifically, the Dutch law was enacted in 2011 as a response to public outcry over the announcement of a network operator which intended to introduce a “chat charge” for users of IP messaging applications, such as WhatsApp, to deal with the negative impact that these services had over traditional SMS services.31 The choice of the European legislator to enact a regulation rather than a directive practically means that it has direct effect on EU Member States and does not need to be transposed into national law.32 Furthermore, according to its title, it applies additionally to European Economic Area (EEA) States. The subject matter and scope of Regulation 2015/2120 is defined in Article 1, which provides that it establishes common rules to safeguard equal and non-­ discriminatory treatment of traffic in the provision of internet access services and related end-users’ rights, but also sets up a new system for roaming services to abolish roaming surcharges. On the definitions of most used terms, Regulation 2015/2120 makes a reference to Article 2 of Directive 2002/21. Additionally, it provides definitions of ‘providers of electronic communications to the pubic’ and ‘internet access services’. To achieve the goal of safeguarding open internet access, the Regulation establishes a set of users’ rights. It does not make use of the term ‘network neutrality’ neither in its title nor in its content, but the rights enshrined by it have the perspective of achieving this objective. Article 3(1) provides that: “end-users shall have the right to access and distribute information and content, use and provide applications and services, and use terminal equipment of their choice, irrespective of the end-user’s or provider’s location or the location, origin or destination of the information, content, application or service,  Regulation (EU) 2015/2120 of the European Parliament and of the Council of 25 November 2015 laying down measures concerning open internet access and amending Directive 2002/22/EC on universal service and users’ rights relating to electronic communications networks and services and Regulation (EU) No 531/2012 on roaming on public mobile communications networks within the Union, OJ L 310/1, 26.11.2015. 30  Ibid. 31  Marcus (2016), p. 270. 32  See Article 288 TFEU. 29

10  Net Neutrality: Chances and Challenges in the Information Age

235

via their internet access service.” These rights are without prejudice to Union law or national law on the lawfulness of content, applications, or services.33 It is highlighted that providers of internet access services should not restrict connectivity to any accessible end-points of the internet,34 and not impose restrictions on the use of terminal equipment connecting to the network in addition to those imposed by manufacturers or distributors of terminal equipment under the Union law.35 Furthermore, Article 3 (2) provides that: “agreements between providers of internet access services and end-users on commercial and technical conditions and the characteristics of internet access services such as price, data volumes or speed, and any commercial practices conducted by providers of internet access services, shall not limit the exercise of the rights of end-users laid down in paragraph 1.” This right is particularly important, since end-users must be free to agree with providers of internet access services on tariffs for specific data volumes and speed of the internet access service. In addition, any commercial practices of internet access services should not limit the exercise of those rights, and thus, NRAs and other competent authorities should be empowered to intervene where end-users’ choice is essentially reduced.36 Further, under Article 3 (3), “providers of internet access services shall treat all traffic equally, when providing internet access services, without discrimination, restriction or interference, and irrespective of the sender and receiver, the content accessed or distributed, the applications or services used or provided, or the terminal equipment used.” As pointed out in the preamble of the Regulation, comparable situations should not be treated differently, and different situations should not be treated in the same way unless such treatment is objectively justified.37 The Regulation also addresses traffic management measures. The objective of such measures, in general, is to contribute to an efficient use of network resources and to an optimization of overall transmission quality responding to the objectively different technical quality of service requirements of specific categories of traffic, and thus of content, applications, and services transmitted.38 As it is evident, such measures may not be totally prohibited if they appear to be justified. Under the second subparagraph of Article 3(3), providers of internet access services may implement reasonable traffic management measures, to mitigate the effects of congestion and even take preventive action for this purpose. To be deemed reasonable, such measures must be transparent, non-discriminatory and proportionate, and shall not be based on commercial considerations but on objectively different technical quality of service requirements of specific categories of traffic, i.e., VoIP.

 Regulation 2015/2120, Recital 6.  Ibid, Recital 4. 35  Ibid, Recital 5. 36  Ibid, Recital 7. 37  Ibid, Recital 8. 38  Ibid, Recital 9. 33 34

236

I. Iglezakis

When adopting such measures, according to the above provision, internet access providers must not block, slow down, alter, restrict, interfere with, degrade, or discriminate between specific content, applications or services, or specific categories thereof, except as necessary, and only for as necessary to: (a) comply with Union legislative acts, or national legislation that complies with Union law, to which the provider of internet access services is subject, or with measures that comply with Union law giving effect to such Union legislative acts or national legislation, including orders by courts or public authorities vested with relevant powers; (b) preserve the integrity and security of the network, of services provided via that network, and of the terminal equipment of end-users; and (c) prevent impending network congestion and mitigate the effects of exceptional or temporary network congestion, provided that equivalent categories of traffic are treated equally. Thus, traffic management measures to avoid network congestion are accepted, if the above requirements are fulfilled. In any case, paid prioritization of traffic is prohibited. Under the Regulation, traffic management practices must be based on objective technical requirements rather than on commercial considerations, and must treat equivalent types of traffic equally.39 The Regulation allows the provision of specialized services, i.e., services provided in addition to internet access services, such as IPTV or HD videoconferencing or healthcare services (telesurgery). These require significant resources to ensure quality and that might affect the provision of basic internet access services. It therefore provides that ISPs may offer or facilitate such services only if the network capacity is sufficient to provide them additionally to other internet access services, and they should not be offered as a replacement for such services and should not be detrimental to their availability or general quality.40 Zero rating, which is a commercial practice used by some ISPs not to count the data traffic of specific applications, is not strictly prohibited. However, such commercial practices must comply with the provisions of the Regulation that prohibit any discrimination of internet traffic. To safeguard transparency of internet access services, the Regulation provides in Article 4 (1) lit (a)-(e) that providers of such services shall ensure that any contract which includes internet access services specifies minimum information requirements. This information is referring to traffic management measures, limitations, and explanations of ISPs practices. Furthermore, providers of internet access services have an obligation to put in place transparent, simple, and efficient procedures to address complaints of end-­ users relating to the rights and obligations (Article 3 and 4, paragraph 1). Compliance with the above provisions of Articles 3 and 4 is monitored by NRAs. Under Article 5 (1), they shall closely monitor and ensure such compliance, and shall promote the continued availability of non-discriminatory internet access services at levels of quality that reflect advances in technology. In particular, they may impose  European Commission - Fact Sheet. Roaming charges and open Internet: questions and answers, Brussels, 30 June 2015. 40  Regulation 2015/2120, Article 3(5)(2). 39

10  Net Neutrality: Chances and Challenges in the Information Age

237

requirements concerning technical characteristics, minimum quality of service requirements and other appropriate and necessary measures on one or more providers of electronic communications to the public, including providers of internet access services. They must also publish reports on an annual basis regarding their monitoring and findings, and provide those reports to the Commission and to BEREC. Infringements of the provisions of the Regulation establishing end-users’ rights and obligations of providers of internet access services are sanctioned according to Member States’ law, as provided for in Article 6. The penalties provided for in Member States’ legislation must be effective, proportionate, and dissuasive, under the same provision. Most EU Member States have enacted provisions providing penalties for Net Neutrality infringements, although with certain deficiencies.41

5  Conclusion In contrast to the developments in the U.S., the EU appears resolved to maintain and enforce the rules on network neutrality. These rules apply since April 2016, and consequently, NRAs have assumed responsibility to assess traffic management and commercial practices to effectively enforce the Regulation. It is noteworthy that the Greek NRA issued an Annual Report on Open Internet addressed to the Body of European Regulators for Electronic Communications (BEREC) on the implementation of the Regulation and stated that it will publish a national regulation on open internet, specifying the provisions of Regulation 2015/2120.42 The latter was finally adopted with Decision 876/7B of 17-12-2018 of the Greek NRA and it provides specific obligations of communication service providers and rights to end-users such as the right of subscribers to require compensation in case the speed of internet connection is less than the one stipulated in the contract with the user.43 Moreover, BEREC has announced that it intends to review its net neutrality guidelines to include 5G technologies in conformity with net neutrality principles.44 There is currently a confrontation with the telecom industry, which supports the relaxing of net neutrality rules to make a 5G-rollout more economically viable.45 From the policy perspective, net neutrality rules have a strong foundation on the EU consumer policy and the policy for the protection of users of ‘e-services’. In contrast to USA law, the rationale for net neutrality in the EU is not to assure effective competition in the market for internet access services, but rather the protection of end-users from discriminatory practices. Thus, EU net neutrality rules will play a significant role in the future in Europe more than in other parts of the world.  See Epicenter works, Penalties for Net Neutrality Infringements in the EU, https://en.epicenter. works/document/1255. 42  EETT (2017). 43  EETT (2018). 44  BEREC (2018). 45  EDRI (2018). 41

238

I. Iglezakis

References BEREC (2012) A view of traffic management and other practices resulting in restrictions to the open internet in Europe, 20 May 2012 BEREC (2018) BEREC Work Programme 2019, BoR (18) 174, 4 October 2018 Coren M (2017) Trump’s plan to overturn net neutrality rules to face ‘a tsunami of resistance’. https://qz.com/1027755/net-neutrality-google-and-amazon-are-fighting-to-save-internet-sthat-trump-says-are-killing-business EDRI (2018) Net neutrality vs. 5G: what to expect from the upcoming EU review? https://edri.org/ net-neutrality-vs-5g-what-to-expect-from-the-upcoming-eu-review/?fbclid=IwAR1J4oFbkH HR8Y2gOAF4o1omJFXTuOQqvd1wwdn331kEh3EvzgnxPZRbuGY EETT (2017) EETT Annual Report to the European Commission and the European Regulators’ Body for Electronic Communications (BEREC) on the implementation of Regulation (EU) 2015/2120 on access to the open Internet. http://www.eett.gr/opencms/export/sites/ default/EETT/Electronic_Communications/Telecoms/NetNeutrality/AnnualReport/NN_ report_2016-2017_EETT.pdf EETT (2018) National Regulation on Open Internet, 876/7B. https://www.eett.gr/opencms/export/ sites/default/admin/downloads/telec/apofaseis_eett/kanonistikes_apofaseis_eett/AP876-007B. pdf European Commission - Fact Sheet. Roaming charges and open Internet: questions and answers, Brussels, 30 June 2015 FCC, Restoring Internet Freedom. https://www.fcc.gov/consumers/guides/open-internet Frieden R (2007) Internet 3.0: identifying problems and solutions to the network neutrality debate. Int J Commun 1:461–492 https://www.phillymag.com/business/2017/12/18/comcast-net-neutrality-repeal Kroes N (2010) Net neutrality in Europe, Address at the ARCEP Conference, Paris, 13th April 2010. http://europa.eu/rapid/press-release_SPEECH-10-153_en.pdf LSE Media Policy Project Blog (2011) Net-neutrality: the first amendment of the internet. http://blogs.lse.ac.uk/mediapolicyproject/2011/03/30/net-neutrality-the-first-amendmentof-the-internet/ Marcus JS (2016) Net neutrality rules in Europe: comparisons to those in the U.S. Colo Technol Law J 14(2):270 Murray A (2013) Information technology law. The law and society. Oxford University Press, Oxford Nunizato D (2009) Virtual freedom: net neutrality and free speech in the internet age. Stanford University Press Oxman J (1999) The FCC and the unregulation of the internet, OPP Working Paper No. 31. https:// transition.fcc.gov/Bureaus/OPP/working_papers/oppwp31.pdf Rushe D (2017) Trump’s plan to overturn net neutrality rules to face ‘a tsunami of resistance’. https:// www.theguardian.com/technology/2017/apr/26/trump-overturn-net-neutrality-rules-resistance Sasko C (2017) What the FCC’s net neutrality decision means for Comcast (and you). https:// www.phillymag.com/business/2017/12/18/comcast-net-neutrality-repeal Savin A (2013) EU internet law. Edward Elgar, Cheltenham UK, Northampton MA, USA Shepardson D (2018) California will not enforce state net neutrality law pending appeal. https:// www.reuters.com/article/us-usa-internet/california-will-not-enforce-state-net-neutralitylaw-pending-appeal-idUSKCN1N02KU Wu T (2003) Network neutrality, broadband discrimination. J Telecommun High Technol Law 2:141

Chapter 11

Cybersecurity Legislation: Latest Evolutions in the EU and Their Implementation in the Greek Legal System Evangelia Vagena and Petros Ntellis

Abstract Cybersecurity has been attracting a lot of attention lately in EU. Cybersecurity is a top priority as a necessary condition for EU’s Digital Single Market. Recent EU and Greek activity in the field resulted in the current legislation on cybersecurity, which was adopted after a long law-making process aiming at the modernization of the institutional framework for combating cybercrime. This process brought forward significant as well as indispensable amendments. Full implementation of the newly voted texts demands various initiatives for the implementation of an institutional framework that will include inter alia the development of official structures and methods of response to events that threaten the security of information systems by criminal acts. This chapter analyses these, the new EU cybersecurity legislative framework with reference to its Greek implementation, and describes the major key players in combating cybercrime and traces the remaining challenges.

1  Cybersecurity Definition With the increasing use of technology in everyday life, from personal computers to mobile phones, e-commerce, corporate and public sector operations, as well as Internet-of-Things (IoT), the need to protect interconnected electronic infrastructure against malicious use becomes more and more imperative. Cybersecurity deals with this need. In simple words, since all human activity in developing countries becomes digital, there is a need to secure this activity against any possible threat so that the benefit from the digital transition overcomes any possible cost. E. Vagena Computer Engineering and Informatics Department, University of Patras, Patras, Greece e-mail: [email protected] P. Ntellis (*) Athens, Greece e-mail: [email protected] © Springer Nature Switzerland AG 2020 T.-E. Synodinou et al. (eds.), EU Internet Law in the Digital Era, https://doi.org/10.1007/978-3-030-25579-4_11

239

240

E. Vagena and P. Ntellis

Cybersecurity is generally defined as the activities necessary to protect network and information systems, their users, and affected persons from cyber threats. “Cyber threat” means any potential circumstance or event that may adversely affect network and information systems, their users and affected persons.1

2  EU Interest in Cybersecurity In his annual State of the Union address in 2017, the president of the European Commission Jean-Claude Juncker stated: “In the past three years, we have made progress in keeping Europeans safe online. But Europe is still not well equipped when it comes to cyber-attacks. This is why, today, the Commission is proposing new tools, including a European Cybersecurity Agency, to help defend us against such attacks”. The justification behind the European Union (EU) legislative initiatives is, in practice, imprinted in the Cybersecurity Strategy of the European Union2 where it is stated that: “Our freedom and prosperity increasingly depend on a robust and innovative Internet, which will continue to flourish if private sector innovation and civil society drive its growth. But freedom online requires safety and security too”. In practice, the European Commission’s initiatives aim to improve online security, trust, and inclusion. Trust and security are at the core of the Digital Single Market Strategy.3 Cybercrime has substantial financial costs4 and often political targeting in particular with the form of “hacktivism”, i.e., of activism that stimulates the combative advocacy of political, environmental, social, cultural demands and requests of citizens without necessarily defined ideology, hierarchy, or program, and that uses technological means that foster the dissemination and participation via the internet for its development.

3  Cyber-Threats Before discussing about security, we need to know what is the threat to confront. The most characteristics types of cyber threats are described below.  Proposal for a Regulation of the European Parliament and of the Council on ENISA, the “EU Cybersecurity Agency”, and repealing Regulation (EU) 526/2013, and on Information and Communication Technology cybersecurity certification (“Cybersecurity Act”) COM (2017) 477 final. 2  Joint Communication to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions Cybersecurity Strategy of the European Union: An open, safe and secure cyberspace, JOIN (2013) 1 final. 3  European Commission (2019). 4  See McAfee (2016). 1

11  Cybersecurity Legislation: Latest Evolutions in the EU and Their Implementation…

241

3.1  Denial of Services Denial of Services (DoS)5 attacks had already appeared in 2000 and had reached the point of being used to carry out operations in the 2008 cyberwarfare. These attacks are designed to lead to a collapse of the data network of a company or an e-­commerce website by bombarding it with a large volume of data traffic, as if thousands of people repeatedly called the same telephone number with intent to keep it busy. The first attack of this kind was recorded in February 2000 when a 15-year old Canadian hacker orchestrated a series of corresponding attacks against several e-commerce websites like Amazon.com and eBay.com. In 2005, a private citizen was convicted for the first time in the US for illegal acts through the use of botnets.6 These are described as a network of computer systems that have been compromised by a malicious user and can be used for malicious activities without the knowledge of their owner or legitimate user.7 This type of attack was used in 2008 by Russia against the Republic of Georgia with the objective, and subsequent result, to prevent Georgia from carrying its own view of the war that already took place to the rest of the world. This event was preceded by incidents in Estonia in 2007 and in Lithuania in 2008.8 Additionally in Greece, a case, with great worldwide publicity, ended with the arrest of the two domestic creators of the malware “Lecpetex” that infected hundreds of thousands of computers globally in 2014.

3.2  Data Theft Data theft is defined as the illegal transfer or storage of information that is confidential for any reason, whether it concerns individuals, companies, or organizations, and may include passwords, software code, patents, financial data, etc.9 It is considered the most serious breaches of security and privacy with potentially major consequences for businesses or individuals. Data theft is usually accomplished in two ways: either by an offender’s illegal entry into an information system and the copying or sending of data to them, or by installing malicious software, known as malware, which sends data to the offender. Data theft targets mainly financial institutions, companies of all industries, organizations, and individuals.

 Encyclopedia Britannica (2018).  US v. Jeanson James Ancheta, United States District Court for the Central District of California, Feb 2005 Grand Jury, Case No 05-1060. 7  See ENISA (2019). 8  Tikk et al. (2010). 9  Technopedia (2019). 5 6

242

E. Vagena and P. Ntellis

3.3  Ransomware Ransomware is a type of malware that prevents a legitimate user of a computer system from accessing files.10 This is accomplished by encrypting all or part of the files stored in this system. The legitimate user, to restore access to the files, should have the decryption key that the offender owns and delivers it to the legitimate user after a ransom payment, often in the form of cryptography. The ransom may amount to a few tens of euros up to several hundreds of thousands of euros, depending on the purpose and type of data encrypted.

3.4  Hacktivism Hacktivism (from the contraction of the words hack and activism) or electronic civil disobedience, both in terms of methods and goals, may be of a criminal nature. Their goal is to protest in a non-violent but still destructive way. Hacktivists usually rely on three methods to accomplish their goals: public disclosure of private and/or personal information, DDoS attacks, and defacement of web sites. Although the disclosure of information and defacement methods may appear less affecting to public safety, it is still a violation of the law in several cases, as it may include, among other things, unauthorized access to or use of information systems, access, copy, transfer, disclosure, and/or modification of private information. On the other hand, DDoS attacks may interfere with critical information systems’ operations and in some cases may cause irreversible and possibly lethal damage to people or goods, i.e. healthcare, water, or power supply industry.

3.5  Financial Costs In an ever-changing digital landscape, it is vital to keep up with the trends in cyber threats. The study “The Cost of Cybercrime 2019”11 combines research into 11 developed countries and 16 kinds of business sectors. Companies consisting of 355 participated in the survey to examine the economic impact of cyber-attacks. It was found that cyber-attacks are constantly changing for the following reasons: Evolved Targets: Information theft is the most accurate and faster growing consequence of cybercrime, but data is not the only target. Central systems, such as industrial control systems, are targeting attacks in an attempt to disrupt their operation or destroy them.

10 11

 Trend Micro (2019).  Accenture (2019).

11  Cybersecurity Legislation: Latest Evolutions in the EU and Their Implementation…

243

Impact Evolution: While data remains a target, theft is not always the result. A new wave of cyber-attacks is not about copying, but about destroying or manipulating them, which causes distrust of these data. The attack on the integrity of data is the next border. Advanced Techniques: Cyber criminals are adapting the methods of their attacks. They use the human factor, the weakest link, as a means of attacking, by increasing phishing and malicious internal users. Organizations of all sizes, geographical locations, and industries worldwide have been affected by the economic and regulatory consequences of cybercrime. Last year, there has been a significant rise in economic espionage, such as the theft of high-value intellectual property of states and companies.12 The impact of these cyber-attacks on organizations, industries and society is essential. Along with the growing number of security breaches, the total cost of e-crime for each company rose from $ 11.7 million in 2017 to $ 13.0 million. The 2019 analysis13 of nearly 1000 cyber-attacks reported malware as the most common attack and, in many countries, the costliest to solve. Human-based attacks seem to be some of the biggest and are constantly rising. The number of organizations and companies experiencing ransomware attacks has increased by 15% over the course of a year and has more than doubled in frequency over the past 2 years.14 Phishing and social engineering attacks are now being handled by 85% of organizations, an increase of 16% over a year—which is a cause of concern when people are still the weak link in cyber defense.15 In terms of country loss, the values provided reach up to 1.6% of the gross domestic product (GDP) in some EU countries.16 Other studies mention figures such as 425 thousand to 20 million euros per company per year.17 Lastly, it has been additionally estimated that the economic loss for the global economy can vary from 330 to 506 billion euros (375 to 575 billion $).18 By gathering these findings across the world, it has been found that the total risked value of cybercrime is 5.2 trillion $ over the next 5 years.19

 See ENISA (2016a), p. 4.  Ibid. 14  Ibid. 15  Ibid. 16  Ibid. 17  Supra n. 5. 18  Ibid. 19  Ibid. 12 13

244

E. Vagena and P. Ntellis

3.6  The “Lecpetex” Case An illustrative example of the cost of cybercrime in Greece is the “Lecpetex case”. This is the most famous Greek cybersecurity case up to day. It involved DDosS attacks, bitcoins, and money laundering. Based on statistics released by the Greek Police, the botnet used may have infected as many as 250,000 computers.20 These infections enabled those directing the botnet to hijack the compromised computers and use them to promote social spam, which affected close to 50,000 accounts at its peak. On 30 April 2014, the Lecpetex case was escalated to the Cybercrime Subdivision of the Greek Police. On 3 July 2014, the Greek Police reported that the investigation had progressed to the final stage and that two suspects were placed in custody. According to the Greek Police, the botnet creators were in the process of establishing a Bitcoin “mixing” service to help launder stolen Bitcoins at the time of their arrest.

4  Cybersecurity Legislation The first country to adopt relevant legislation was the United States, which already by 1984 had voted the law for online fraud, the Computer Fraud and Abuse Act of 1984 (CFAA). At international level, in 1990 the UN General Assembly in its decision emphasized the need to adopt legislation on cybercrime21 and on subsequent decisions the need to combat counterfeiting (misuse) of Information Technology (in 2000 and 2002).22 At the same time in 1997, the Council of Europe took the initiative for the establishment of a Special Committee of experts, with the scope of adopting appropriate legislation and fostering international cooperation in tackling crime in cyber-space. Consequently, the Convention on Cybercrime was organized, which ended up to the Convention of Cybercrime, also known as the Convention of Budapest.

4.1  Convention on Cybercrime: ETS No 185 The Convention of Budapest (Convention) was a pioneering text for the start of the twenty-first century, whose predictions remain valid after 18 years, and that has been ratified by various countries and especially those that have great internet access infrastructure and control the highest volume of data over the wire, such as the USA, Canada, Japan and most EU Member States.  See Facebook Notes (2014).  United Nations General Assembly (1990) A/RES/45/121. 22  United Nations General Assembly (2002) A/RES/56/121. 20 21

11  Cybersecurity Legislation: Latest Evolutions in the EU and Their Implementation…

245

At first, the Convention designates the types of crimes in the digital environment for which penal sanctions should be provided by all contracting States in their existing substantive criminal laws, such as illegal access on systems (i.e. hacking), data interference (i.e. DDoS attacks)23 or the construction and general use of programs with the purpose of committing one of the punishable crimes (trojans, worms etc.). The Convention includes provisions on criminal procedural law, as well as international cooperation with the scope of facilitating the detection and sanction of cybercrime cases. In the first section of the Convention Agreement, one finds provisions relating to: (a) the preservation of stored data on a computer, (b) the preservation and disclosure of transmitted data, (c) the offer of information, (d) the investigation and seizure of stored elements, (e) with real time collection of data and (f) monitoring—tapping of data content. Article 20 of the Convention is of great importance. It provides for the procedure to be followed by the parties to facilitate the judicial and police authorities to carry out their inquiries “in real time” (“en temps reel”) so that they collect the necessary evidence in the geographical boundaries of the national territory before these items are lost. This provision can be implemented in particular based on Articles 29 to 34 of the Convention on the rapid preservation of data, Article 29, the disclosure of data, Article 30, investigations and seizures of stored data, Articles 31 and 32, and spyware traffic data and content, Articles 33 and 34. The possibility of cross-border access to data without the obligation to comply with the procedure for the provision of judicial assistance is available solely in two cases found in Article 32: (a) to data that is accessible to the public (“publicly available data”, “donnees accessibles au public”, ”open data”) and (b) to data in which the party has accessed or received through a computer system located within its territory and which has received the lawful and voluntary consent of the person who has the legal right to dispose of them via the computer system. The latter category includes provisions relating to: (a) extradition, (b) applicable under the contract general principles relating to mutual assistance, (c) the possibility of official information, (d) disclosure of data stored in a computer system and (e) disclosure of traffic data. What is also interesting to note is the forecast for the spontaneous provision of information, Article 26, on behalf of a Member State to another when it considers that elements in the framework of its own investigations can be useful for investigating other criminal offences in another contracting party. The effects of cross-border nature of internet crime inflict the transnational cooperation furthered through a series of estimates and in particular, the provision for creating a network of permanent contact points to facilitate the rapid processing of requests for assistance coming from abroad.24 Due to the increasing flow of immigrants, the adoption of the additional protocol to the Convention on Cybercrime, concerning the criminalization of acts of a racist and xenophobic nature that are committed through computer systems, as signed in 23 24

 See Politis et al. (2009).  Article 35.

246

E. Vagena and P. Ntellis

Strasbourg, on 28 January 2013 is of particular importance to the EU. The additional protocol widens the scope of the Convention on Cybercrime, to address xenophobic and racist nature acts. As racist and xenophobic material is designated any written material, image or any other representation of ideas or theories, which advocates, promotes or incites hatred, discrimination, or violence, against any individual or group of individuals, based on race, color, ancestry or national or ethnic origin, religion, and if used as a pretext for any of these factors. As it will be analyzed below, Directive 2013/40/EC (known as “Cybercrime Directive”) on attacks against Information Systems attempted to harmonize the legislation of EU Members States in accordance with the provisions of the Convention on Cybercrime.

4.2  EU Cybersecurity Legislation Timeline The most important legislative initiatives on EU cybersecurity policy can be argued to be the following in a chronological order. In 2001, the Council framework decision 2001/413/JHA on combating fraud in regards to forgery of non-cash means of payment25 was adopted. It defines the fraudulent behaviors that EU Member States need to consider as punishable criminal offences. In 2002, Directive 2002/58/EC concerning the processing of Personal Data and the protection of privacy in the electronic communications sector was adopted, which is also known as the ePrivacy Directive.26 According to this directive, providers of electronic communications services must ensure the security of their services and maintain the confidentiality of client information. In 2005, the Council Framework Decision 2005/222/JHA of February 24th 2005 on attacks against information systems27 was adopted. It is actually a general decision aiming to harmonize national provisions in the field of cybercrime, encompassing material criminal law (i.e. definitions of specific crimes), procedural criminal law (including investigative measures and international cooperation), and liability issues. In 2011, Directive 2011/92/EU on combating the sexual exploitation of children online and child pornography, which better addresses new developments in the online environment, such as grooming (offenders posing as children to lure minors

 Council Framework Decision 2001/413/JHA: of 28 May 2001 combating fraud and counterfeiting of non-cash means of payment, OJ L 149/1. 26  Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications), OJ L 201/37. 27  Council Framework Decision 2005/222/JHA of 24 February 2005 on attacks against information systems, OJ L 69/67. 25

11  Cybersecurity Legislation: Latest Evolutions in the EU and Their Implementation…

247

for the purpose of sexual abuse)28 was adopted. It addressed child sexual abuse online and all relevant developments in the online environment, such as grooming. It contains provisions on substantive criminal law and criminal procedure, administrative measures, and policy measures. It gives Member States clear minimum standards for sanctions and measures to prevent abuse, combat impunity and protect victims. The most important improvements introduced by the Directive include more detailed definition of child pornography, increased criminal penalties, the criminalisation of possession and acquisition of online child sexual abuse material, the introduction of a new offence ‘grooming’, and provisions to remove and/or block websites containing child sexual abuse material (CSAM). In 2013, Directive 2013/40/EU of the European Parliament (EP) and of the Council of 12 Aug 2013 on attacks against information systems replacing the Framework Decision 2005/222/JHA.29 Objectives are to approximate the criminal law of the Member States in the area of attacks against information systems by establishing minimum rules concerning the definition of criminal offenses and the relevant sanctions and to improve cooperation between competent authorities, including the police and other specialized law enforcement services of the Member States, as well as the competent specialised Union agencies and bodies, such as Eurojust, Europol and its European Cyber Crime Centre, and ENISA. At the same year, the EU Cybersecurity Strategy adopted30 strategic objectives and concrete actions to achieve resilience, reduce cybercrime, develop cyber-­ defence policy and capabilities, develop industrial and technological resources, and establish a coherent international cyberspace policy for the EU. In 2015, the Digital Single Market strategy31 was adopted. It aimed to set the conditions for the free movement of persons, services, and capital by allowing individuals and businesses to seamlessly access and engage in online activities under conditions of fair competition, and a high level of consumer and personal data protection, irrespective of their nationality or place of residence. In this context, Trust and security are at the core of the Digital Single Market Strategy, and thus fighting cybercrime became an imperative. In 2016, there was a Communication on Strengthening Europe’s Cyber Resilience System and Fostering a Competitive and Innovative Cybersecurity Industry—evaluation and review of Regulation (EU) No 526/2013 of the European Parliament and

 Directive 2011/92/EU of the European Parliament and of the Council of 13 December 2011 on the assessment of the effects of certain public and private projects on the environment Text with EEA relevance, OJ L 26/1. 29  Directive 2013/40/EU of the European Parliament and of the Council of 12 August 2013 on attacks against information systems and replacing Council Framework Decision 2005/222/JHA, OJ L 218/8. 30  EU cybersecurity strategy: An open, safe and secure cyberspace, P7_TA (2013) 0376. 31  Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions, A Digital Single Market Strategy For Europe, COM (2015) 192 final. 28

248

E. Vagena and P. Ntellis

of the Council concerning ENISA (European Agency for Network and Information Security) and repealing Regulation (EC) No 460/2004 (“ENISA Regulation”).32 At the same year, the Directive on security of network and information systems that aims to increase the level of cyber security in all EU Member States and their cooperation for this purpose or the NIS Directive33 was adopted. The Directive 2016/1148 includes measures for a high common level of network and information systems security throughout the Union and aims for the adoption of measures by all Member States for a high common level of network and information systems security across the EU.  The Member States should define, based on certain criteria, which companies provide essential or vital services in the areas of energy, health, transport, financial, communications, and water supply. These enterprises should adhere to certain levels to increase their safety in cyberspace. In addition, they should report security incidents to the National Authorities. The above were decided from “lack of adequate registration” since the disclosed attacks or the incidents for which the authorities are informed about are considerably less than the number of cybercrime attacks conducted. Usually, companies that are being attacked prefer not to give details, as it will affect their public image, reputation, reliability, and trust of their customers. Under the directive, a national single point of contact for the security of networks and information systems (“one stop shop”) must be defined and the establishment of a CSIRTs network, also known as Computer Emergency Response Teams—CERT. The grace period expired on 9 May 2018. Integration and measures should have been implemented by 10 May 2018. In 2017, the Digital Single Market Strategy Mid-term Review was published.34 That was an overview of the Digital Single Market strategy adopted in 2015. It outlines that further actions are needed in the areas of data economy, cybersecurity, and online platforms. On 13 September of the same year, the Commission adopted a cybersecurity package. The package builds upon existing instruments and presents new initiatives to further improve EU cyber resilience and response. A proposal for an EU Cybersecurity Agency to assist Member States in dealing with cyber-attacks35 is given. Building on the existing ENISA, the Agency will be given a permanent mandate to assist Member States in effectively preventing and responding to  Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions, Strengthening Europe’s Cyber Resilience System and Fostering a Competitive and Innovative Cybersecurity Industry, COM (2016) 410 final. 33  Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union, OJ L 194/1. 34  Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions on the Mid-Term Review on the implementation of the Digital Single Market Strategy, COM (2017) 228 final. 35  Report from the Commission to the European Parliament and the Council on the evaluation of the European Union Agency for Network and Information Security (ENISA), COM (2017) 478 final. 32

11  Cybersecurity Legislation: Latest Evolutions in the EU and Their Implementation…

249

c­ yber-­attacks. It will improve the EU’s preparedness to react by organizing yearly pan-European cybersecurity exercises and by ensuring better sharing of threat intelligence and knowledge through the setting up of Information Sharing and Analyses Centres. It will help implement the Directive on the Security of Network and Information Systems, which contains reporting obligations to national authorities in case of serious incidents. On the same day, the Commission proposed a new Directive36 on combating fraud and counterfeiting of non-cash means of payment aiming at updating the current legal framework, removing obstacles to operational cooperation and enhancing prevention and victims’ assistance, to make law enforcement action against fraud and counterfeiting of non-cash means of payment more effective. A more effective law enforcement response focusing on detection, traceability, and the prosecution of cyber criminals is central to building an effective disincentive to commit such crimes. The proposed Directive will strengthen the ability of law enforcement authorities to tackle this form of crime by expanding the scope of the offenses related to information systems to all payment transactions, including transactions through virtual currencies. It will also introduce common rules on the level of penalties and clarify the scope of Member States’ jurisdiction in such offenses. At the same time, a proposal for an EU cybersecurity certification framework37 was published. This proposal aims at establishing a new European certification scheme that will ensure that products and services in the digital world are safe to use. The Cybersecurity Agency will help put in place and implement the EU-wide certification framework that the Commission is proposing to ensure that products and services are cyber secure. Just as consumers can trust what they eat, thanks to EU food labels, new European cybersecurity certificates will ensure the trustworthiness of the billions of devices which drive today’s critical infrastructures, such as energy and transport networks, but also new consumer devices, such as connected cars (IoT). In 2018, the Commission presented proposals to facilitate cross-border access to electronic evidence to step up effective investigation and prosecution of cyber-­ enabled crime.38 It also presented its reflections on the role of encryption in criminal investigations and concrete proposals to facilitate swift cross-border access to electronic evidence.

 Proposal for a Directive of the European Parliament and of the Council on combating fraud and counterfeiting of non-cash means of payment and replacing Council Framework Decision 2001/413/JHA, COM (2017) 489 final. 37  Proposal for a Regulation of the European Parliament and of the Council on ENISA, the “EU Cybersecurity Agency”, and repealing Regulation (EU) 526/2013, and on Information and Communication Technology cybersecurity certification (“Cybersecurity Act”), COM (2017) 477 final. 38  Communication from the Commission to the European Parliament, the European Council and the Council, Seventeenth Progress Report towards an effective and genuine Security Union, COM (2018) 845. 36

250

E. Vagena and P. Ntellis

Finally, in 2019, the EU Cybersecurity Act39 was adopted. Proposed in 2017 and adopted in March 2019, the Act brings new developments for the Member States in the cybersecurity landscape. ENISA is expected to play a broader role in the EU’s battle against cybercrime. The Commission adopted decisions to ensure that ENISA cannot only provide advice, assistance, and guidance to Member States but can also perform operational tasks. The Commission also decided to allocate more resources to ENISA so it can fulfill its extended role. In addition, the Cybersecurity Act provisions the creation of an EU cybersecurity certification framework for ICT products and services sold within the EU market, where ENISA will also play an important role. It will be responsible for preparing the cybersecurity certification schemes in cooperation with Member States and the industry. The certification framework is the first EU law that regulates the area of security of online services and consumer devices. “Security by design” is the key concept behind it. Players in the ICT industry and the market need to adopt information security features in the early stages of technical design and development of products and services.

5  EU Key Players 5.1  E  NISA: European Union Agency for Network and Information Security ENISA as already mentioned is the EU agency for information security. It is a center of expertise dedicated in enhancing network and information security in the EU. The agency, based in Greece, was set up in 2004 to contribute to the overall goal of ensuring a high level of network and information security within the EU. It has a fixed-term mandate. In 2013, the new mandate of the agency was established for a period of 7 years, until 2020. ENISA supports the EU institutions, the Member States, and the business community in addressing, responding, and especially in preventing network and information security problems. It also focuses on strengthening cooperation between Member States to deal with threats and incidents of infringement of security of information and the exchange of good practices. It does so through a series of activities across five areas identified in its strategy.40 At first, it focuses on providing information and expertise on key network and information security issues. Secondly, it supports policy-making and its implementation in the EU. Thirdly, it focuses on capacity for building across the EU (i.e. through trainings, recommendations, and awareness raising activities). Fourthly, it aims to foster  European Parliament legislative resolution of 12 March 2019 on the proposal for a regulation of the European Parliament and of the Council on ENISA, the “EU Cybersecurity Agency”, and repealing Regulation (EU) 526/2013, and on Information and Communication Technology cybersecurity certification (“Cybersecurity Act”) (COM(2017)0477 – C8-0310/2017 – 2017/0225(COD)) P8_TA(2019)0151. 40  ENISA (2013). 39

11  Cybersecurity Legislation: Latest Evolutions in the EU and Their Implementation…

251

the network and information security community (i.e. support to the Computer Emergency Response Teams (CERTs) and coordination of pan-European cyber exercises). Lastly, it aims at engaging with stakeholders at international level. Directive (EU) 2016/1148 (NIS Directive)41 concerning measures for a high common level of security of network and information systems across the Union provides important roles to ENISA.  At first, it provides the secretariat to the Computer Security Incident Response Team (CSIRTs Network), established to promote swift and effective operational cooperation between Member States on specific cybersecurity incidents and sharing information about risks. Secondly, it is called on to assist the Cooperation Group in the execution of its tasks. In addition, the NIS Directive (see above), requires ENISA to assist Member States and the Commission by providing expertise and advice and by facilitating the exchange of best practices.

5.2  European Cybercrime Centre (EC3) In the context of the EU, the European Internet Crime Center (European Cybercrime Centre—EC3)42 operates within the Europol. The EC3 serves as the focal point of the fight against cybercrime in the EU. It started its operations in January 2013. EC3 pools European cybercrime expertise to support Member States’ cybercrime investigations and provides a collective voice of European cybercrime investigators across law enforcement and the judiciary.

5.3  Global Alliance Against Child Sexual Abuse Online The Global Alliance against Child Sexual Abuse Online was launched on 5 December 2012, as a joint initiative by the EU and the US, gathering 54 countries from around the world to fight together against online child sexual abuse.43 At international level, there is an EU-US working group on cyber security and cybercrime, as well as other international organizations that deal with related issues such as the Organization for Economic Co-operation and Development (OECD), the United Nations General Assembly, the International Telecommunication Union (ITU), the Organization for security and cooperation in Europe (OSCE/OSCE), the World Summit Meeting on the information society (WSIS), and the Internet Governance Forum (IGF).  Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union, OJ L 194/1. 42  European Cybercrime Centre - EC3 (2019). 43  European Commission (2014). 41

252

E. Vagena and P. Ntellis

6  The Greek Cybersecurity Framework and Key Players 6.1  Legislation on Cybercrime The need to adapt the institutional framework in Greece to these circumstances was self-evident, not only because of its obligation as a Member State in the Council of Europe (COE) and the EU but primarily because of the need to cover the actual gaps in national legislation in the field of internet crime aimed at protecting citizens and states by online unlawful conduct. On the 3rd of August 2016, the Law on Cybercrime, L.4416/2016-Greek cybercrime law (Law), came into force in Greece44 entitled “Ratification of the Council of Europe Convention on cybercrime and its additional protocol, on the criminalization of acts of a racist and xenophobic nature committed through Computer Systems  - transfer to the Greek law of Directive 2013/40/EC of the European Parliament and of the Council on attacks against information systems and replacing the framework decision 2005/222/JHA, prison and anticrime policy settings and other provisions”. The Law, adopted after a long and eventful law-making process, contributes to the modernization of the institutional framework for combating cybercrime in Greece bringing forward indispensable amendments. The ratification of the Convention was completed in Greece with a delay of 15 years while the deadline for transposition of Directive 2013/40/EC had been the 4th of September 2016. Greek national law, up to the introduction of the above-mentioned law, encompassed no specialized provisions and in practice, cybercrime was sanctioned mainly by virtue of the provisions of Law L.1805/1988 titled “Modernization of wine registry, amended criminal provisions and other related issues”. That law had introduced Articles 370B, 370C, and 386A in the Greek Penal Code to cover at the time crimes committed through computers. It had also broadened the notion of “documents” as found in the penal code to include electronic documents in the scope of the relevant crimes. The lack of specialized provisions had been pointed out on several occasions by both lawyers and the police that were involved in the investigation and prosecution of electronic crime in Greece. The new provisions introduced in 2016  in the national legislative framework concern the three main offenses that constitute the core of cybercrime in a strict sense: (a) the illegal access to an information system, (b) unauthorized interference in an information system and (c) the unlawful intervention in data along with the offence of interception and of dissemination of tools for the purpose of online piracy. One common point in all the provisions adopted for e crime in the new law is that the acts consisting the crime described in each case must be committed by the accused person “without right” to be characterized as “intentional” crimes. This

44

 Official Gazette of the Greek Government No. 142/a/03-08-2016.

11  Cybersecurity Legislation: Latest Evolutions in the EU and Their Implementation…

253

way, ethical hacking45 ordered by a company for example to test the security of its information systems may not be considered as criminal offenses. Apart from the amendments made to the National Penal Code, the Greek Cybercrime Law amended the law on the protection of the secrecy of communications that is Law 2225/1994, as applicable. In particular, it added the newly provided e crimes (Articles 292A, 292B, 292C, 370C, 370E, 381A, and 381B of the Greek Penal Code) to the list of Art. 4 of this law that enumerates the crimes for the investigation of which the lifting of the secrecy of communications is permitted. This was crucial for the effective detection of e crimes. The protection of secrecy of communications, as in force in Greece, covers the IP address that every computer receives on the internet connection, which is one of the most important keys that can lead to the identity of suspects that commit internet crimes. The last amendment as described about permits authorities to ask from providers to reveal the identity of their subscriber to whom a particular IP addressed corresponded at a time detected as possibly related to an e crime. The same amendment provides for sanctions for any person that would possibly disclose the fact of lifting the secrecy of communications to third parties.46

6.2  Legislation on Cybersecurity Recently, Law 4577/2018 (GG 199/Α'/03-12-2018) transposed Directive 2016/1148/ EU of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union into Greek law (“NIS Directive”). The Law establishes the national cybersecurity plan and Cybersecurity Authority in the Ministry of Digital Policy, Telecommunications and Information, designating the latter with a supervisory and regulatory role. It also provides for the establishment of a Computer Security Incident Response Team (CSIRT). The new Law sets out important cybersecurity obligations for the following categories of companies: • Operators of Essential Services in the fields of energy, transport, credit institutions, financial market infrastructure, health, water supply, and digital infrastructures.  Ethical hacking or penetration testing refers to the exploitation of an IT system with the permission of its owner to determine its vulnerabilities and weaknesses. It is an essential process of testing and validating an organization’s information security measures and maturity. The results of ethical hacking are typically used to recommend preventive and corrective countermeasures that mitigate the risk of a cyber-attack. An ethical hacker is an individual who is trusted to attempt to penetrate an organization’s networks and/or computer systems using the same knowledge and tools as a malicious hacker, but in a lawful and legitimate manner. See at https://www.itgovernance. co.uk/ec-council. 46  Article 5, paragraph 11 of L.2225/1994. 45

254

E. Vagena and P. Ntellis

• Providers of Digital services, in particular e-commerce businesses and in general, digital services, search engines, and cloud computing providers. • Businesses falling within the scope of the Law have to adopt technical and organizational measures for the security of networks and information systems and to notify the National Cybersecurity Authority and the CSIRT of incidents with a serious impact on business continuity. The notification must be made without undue delay and be accompanied by additional information to the Authority regarding the severity of the relevant incident. The must in general cooperate with the competent authorities. The newly established National Cybersecurity Authority is responsible for assessing the compliance of liable businesses with Law 4577/2018, ordering liable businesses to provide the necessary information, including security policies and to correct any breach of compliance. Following the opinion of the National Cybersecurity Authority, the Minister of Digital Policy, Telecommunications and Information, imposes sanctions in case of violation of the provisions of Law 4577/2018 including fines from 15,000 up to 50,000 in case of non-provision or unjustified delay in the provision of information, if requested by the National Cybersecurity Authority.

6.3  Key National Players in Combatting Cybercrime In the Greek legal system, many different public as well as private bodies and institutions can be found involved in tackling cybercrime. These include, firstly, the Ministry of National Defense, the Directorate of Cyberdefense of the Hellenic National Defense General Staff (GEETHA), as well as the Hellenic National Defense General Staff itself as responsible for the adoption of the National Security Regulation, concerning security policies and the specific projects implemented by the ministries, public bodies, and public corporations that hold classified material. Additionally, the National Intelligence Service, according to L.39/2008 is responsible for the national CERT (Computer Emergency Response Team) and is the national authority dealing with online attacks. At the same time, it is a principle of information security (InfoSec) and ensures the security of communications and information systems at national level, as well as for the certification of classified (secret) material of national communications. The Cybercrime Unit, a Greek Police Division based in Athens, has, as its mission, the prevention, investigation and repression of crimes or anti-social behavior, committed through the Internet or other means of electronic communication. It is an independent agency that reports directly to the Head of the Greek Police. Under the new Greek Law, and specifically Article 5, it is defined as the focal point for the fulfilment of the objectives of Article 35 of the Convention.47 47

 “24/7 Network”.

11  Cybersecurity Legislation: Latest Evolutions in the EU and Their Implementation…

255

The Civil Emergency Planning Directorate (PSEA), that forms part of the Ministry of Interior, prepares the service schemes for the departments of the General Secretariat of Administrative Reconstruction and e-Governance. Furthermore, the Security Studies Centre (KEMEA), found additionally under the Ministry of Interior, is a founding member of “European Security Organization” in Belgium. The KEMEA, in collaboration with the Institute of Technology Research (ITR) and the Aristotle University of Thessaloniki, created the “Hellenic Centre for Cybercrime” (GCC—Greek Cybercrime Center), which aims to provide training programs and education, to become a Centre of Excellence on cybercrime investigation. The National and Kapodistrian University of Athens established the Laboratory of Law and Informatics in 2015 with the purpose to drive research in the field of Law and New Technologies. The subject of Legal Informatics is offered since 2000 as a course in the Law School of the National and Kapodistrian University of Athens, both at undergraduate and postgraduate levels. The Hellenic Association of Data Protection & Privacy (HADPP) is a non-profit group of professionals that aims to raise public awareness on potential risks, to acknowledge vulnerabilities and help improve business response and standards to data protection through multidisciplinary practice and collaborative information. It provides both advice and practical suggestions, especially on upcoming legal framework (GDPR, DPOs, PIAs, PETs, ePrivacy, accountability etc.) However, new developments at the EU and international48 level rendered it necessary to incorporate new legislative provisions and to take further institutional initiatives for the implementation of an institutional framework that will include inter alia the development of official structures and methods to respond to events that affect the security of information systems from criminal acts. As mentioned above, a new Cybersecurity Authority has been established in the Ministry of Digital Policy, Telecommunications and Information, and it is expected to play a central role as the point of contact between the different key players to achieve effective cyber protection and coordination of the activity of the dispersed activity of the other key players.

7  GDPR & Cybersecurity Cybersecurity and data protection are often the two sides of the same coin. Individuals are strongly concerned with the protection of their data online while most e crimes involve illegal processing of personal data. Therefore, there has been  In the upcoming international developments, it is worth mentioning Russia’s proposal for a new Convention on Cybercrime, considering that the Budapest Convention has been in operation for 18 years, as well as the proposal of the Norwegian Judge Stein Schjolber for a new Convention on Cybercrime under the UN and the establishment of an International Tribunal for Cyberspace (Court or International Tribunal for Cyberspace—ICTC) see Schjolberg (2012).

48

256

E. Vagena and P. Ntellis

a need to strengthen the protection of individuals on the processing of personal data in the digital environment. In this context is the adoption of Directive 2016/680/ EC,49 which had to be transposed at national level by 25 May 2018. This directive lays down the rules of orderly, cross-border, or domestic processing of personal data in the context of prevention, investigation, detection, or prosecution of criminal offenses or the execution of criminal sanctions and on the free movement of such data. It includes inter alia, the right of access to the data of the party concerned and compensation in the event of a loss incurred by failure to comply with the prescribed rules. The settings in this area constitute a mound in the ever-expanding trend of internet “all-seeing eyes” in the name of stamping out of cybercrime so they can balance the two conflicting rights, i.e. that of security and that of privacy. Other legislative actions include the adoption of Regulation 2016/679/EC on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)50 and Directive 2016/681/EC on the use of passenger name record (PNR) data for the prevention, detection, investigation, and prosecution of terrorist offenses and serious crime.51

8  I nsurance Coverage for Cybercrime or Personal Data Breach Cyber threats have changed over the course of the last few years. There is a movement from wide range distribution of malware to targeted infection of designated businesses or organizations with ransomware and encryption of the targets’ data with the intent to extort financial benefits, often in the form of cryptocurrency. To rectify the heavy financial losses that may come because of a successful cyber-attack or data breach, businesses are turning to insurance coverage.52 The US is again a pioneer in this area, with a 30% penetration of cyber insurance in the local market, with this percentage going up to 70% for the most valued companies in the country. Financial institutions, public sector agencies, retail market, manufacturing,  Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA, OJ L 119/89. 50  Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, OJ L 281/31. 51  Directive (EU) 2016/681 of the European Parliament and of the Council of 27 April 2016 on the use of passenger name record (PNR) data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime, OJ L 119/132. 52  Grzadkowska (2018). 49

11  Cybersecurity Legislation: Latest Evolutions in the EU and Their Implementation…

257

transportation, logistics, healthcare and education institutes, and businesses are adopting insurance coverage for financial remediation of possible cyber incidents. The decisive factor for this move was that businesses, which although might not hold large volumes of sensitive data, realized that their operations depend upon technology and availability of technology and the information they handle and store. On the international level, the situation is different. Businesses and the public sector are now starting to realize the benefits of cyber insurance, gradually increasing the adoption of such services. The expectation is that given time, more business sectors and companies will include cyber insurance in their efforts to protect themselves from the financial consequences of cybercrime.

9  Certifications 9.1  Certification: Business Opportunities The EU Members States encourage the establishment of data protection certification mechanisms and of data protection seals and marks for demonstrating compliance with the regulatory framework on data protection and cybersecurity. These certifications are voluntary and available via processes that are transparent to all stakeholders, with a renewal period of 3 years. They have also started working on the creation and adoption of a common certification at EU level, that of European Data Protection Seal, under the European Data Protection Board. Private initiatives have also emerged in this sector during the last few years, providing data protection certification and seals and marks for businesses and electronic or software products, based on criteria and recommendations included in the latest EU regulatory framework.

9.2  Certifications for Organizations & Businesses Some of the most widely known certifications that organizations and businesses pursue are, indicatively, the ISO/IEC 27001: Information Technology—Security Techniques—Information Security Management Systems—Requirements, the I­ SO/ IEC 27018: Information Technology—Security Techniques—Code of Practice for protection of Personally Identifiable Information (PII) in public clouds acting as PII processors and the PCI/DSS (Payment Card Industry Data Security Standard): Proprietary information security standard for organizations that handle branded credit/debit cards’ transactions from the major card schemes including Visa, MasterCard, American Express, Discover, and JCB.

258

E. Vagena and P. Ntellis

9.3  Certifications for Professionals Several private organizations and associations, some of which are non-profit, provide training and certifications to professionals on data privacy, ethical hacking, penetration testing, secure architecture of information systems, and other areas of information security. Some of these: (ISC)2, ISACA (Information Systems Audit and Control Association), IAPP (International Association of Privacy Professionals), EC-Council, CompTIA, the SANS Institute, and others. Due to legislation differences between different regions, some of these certifications are tailored to deal with legislation in specific regions such as the EU, US, Canada, and Asia.

10  Conclusion Although the new institutional instruments were necessary for the prosecution of cybercrime, those dealing with this sector agree that prevention is the most decisive factor for reducing the perpetration of crimes of this kind. No matter how much anyone invests to protect their infrastructure from a cyber-attack, the weakest link always remains the human factor as it has been proven through the so-called “social engineering”.53 Ultimate deception, ignorance, or the goodwill of someone in a key position will open the “backdoor” for a cybercrime or/and the attack on an information system.54 The new laws provide the legal instruments to facilitate legal sanctions but—as always—prevention is preferable to the suppression of crime and in this context the action of agencies promoting awareness for the consequences of electronic and/or online crimes would be decisive. The EU has the manpower and expertise to respond in a timely manner to the challenges of dealing with cybercrime as long as there is relevant institutional will and a central coordination of all stakeholders, as required by the EU laws and institutional developments.

References 2001/413/JHA: Council Framework Decision of 28 May 2001 combating fraud and counterfeiting of non-cash means of payment, https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex% 3A32001F0413 Accenture & Ponemon Institute (2019) “The Cost of Cybercrime”. https://www.accenture.com/_ acnmedia/PDF-96/Accenture-2019-Cost-of-Cybercrime-Study-Final.pdf Encyclopedia Britannica (2018) Denial of service attack. https://www.britannica.com/technology/ denial-of-service-attack

53 54

 Proofpoint (2016).  ENISA (2016b).

11  Cybersecurity Legislation: Latest Evolutions in the EU and Their Implementation…

259

ENISA (2013) Mission and Objectives. https://www.enisa.europa.eu/about-enisa/ mission-and-objectives ENISA (2016a) The cost of incidents affecting CIIs. https://www.enisa.europa.eu/publications/ the-cost-of-incidents-affecting-ciis ENISA (2016b) Annual Incident Reports 2015. https://www.enisa.europa.eu/publications/ annual-incident-reports-2015 ENISA (2019) Botnets. https://www.enisa.europa.eu/events/botnets European Commission (2014) Migration and Home Affairs, We Protect Global Alliance to End Child Sexual Exploitation Online. http://ec.europa.eu/dgs/home-affairs/what-we-do/policies/ organized-crime-and-human-trafficking/global-alliance-against-child-abuse/index_en.htm European Commission (2019) Shaping the Digital Single Market. https://ec.europa.eu/ digital-single-market/en/policies/shaping-digital-single-market European Cybercrime Centre  - EC3 (2019). https://www.europol.europa.eu/about-europol/ european-cybercrime-centre-ec3 Facebook Notes (2014) Taking Down the Lecpetex Botnet. The Telegraph. https://www.telegraph. co.uk/technology/internet-security/10959158/Arrests-as-Facebook-spam-botnet-is-shutdown.html Grzadkowska A (2018) How cybercrime and coverage evolved in 2018. Insurance Business America. https://www.insurancebusinessmag.com/us/news/cyber/how-cybercrime-and-coverage-evolved-in-2018-118721.aspx Joint Communication to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions Cybersecurity Strategy of the European Union: An open, safe and secure cyberspace, Join (2013). https://eur-lex.europa.eu/procedure/ EN/202369 McAfee (2016) Economic Impact of Cybercrime Report. http://www.mcafee.com/us/resources/ reports/rp-economic-impact-cybercrime2.pdf Politis D et  al (eds) (2009) Socioeconomic and Legal Implications of Electronic Intrusion, Information Science Reference, 2009, Athens, Greece, ISBN 978160566205 Proofpoint (2016) “The Human Factor”. https://www.proofpoint.com/sites/default/files/humanfactor-report-2016.pdf Schjolberg S (2012) A paper for the EastWest Institute (EWI) Cybercrime Legal Working Group. http://www.cybercrimelaw.net/documents/ICTC.pdf. 19 Apr 2019 Technopedia (2019) Data Theft. https://www.techopedia.com/definition/26274/data-theft Tikk E et  al (2010) International cyber incidents: legal considerations. CCDCOE Publications. https://ccdcoe.org/uploads/2018/10/legalconsiderations_0.pdf Trend Micro (2019) What is Ransomware?. https://www.trendmicro.com/vinfo/us/security/ definition/Ransomware

Chapter 12

The Role of Human Dignity in Processing (Health) Data Building on the Organ Trade Prohibition Anne E. de Hingh and Arno R. Lodder

Abstract  The datafication, commodification, and commercialization of our existence as an inevitable part of the online infrastructure of today not only affects our privacy but it goes deeper by touching upon even more fundamental conditions of being human. In this chapter, bio-medical regulations prohibiting the trade of human body parts are explored to see whether the non-commercialization principle in these laws is helpful in assessing data processing practices. An analogy between data processing and organ trade may help us to develop a new perspective on what constitutes improper commercial use of personal data and find ways to prohibit (reprehensible aspects of) the trade in personal data. We propose to reorient the debate on data processing by introducing the notion of human dignity as constraint into the discussion. A prohibition of personal data commercialism (analogous to a prohibition of transplant commercialism) could contribute to a more future-proof regulation of data processing activities.

1  Introduction The effects of harvesting personal data by large commercial entities, such as internet companies, social media, and internet service providers, are at least threefold. First, virtually all aspects of our lives are converted into computerized data (datafication, see e.g. Newell and Marabelli 2015). Subsequently, our identities, habits, and behavior are transformed into new forms of value or commodities (commodification, see e.g. Schwartz 2004). Finally, as our personal data and consumer profiles represent high values, they are purchased, processed, and sold on over and over again (commercialization, see e.g. Smutny et al. 2017). The worldwide data broker industry, which thrives on the fact that personal data generate economic value, makes for great revenues.1  OECD (2013).

1

A. E. de Hingh · A. R. Lodder (*) CLI-Center for Law and Internet, Vrije Universiteit Amsterdam, Amsterdam, The Netherlands e-mail: [email protected] © Springer Nature Switzerland AG 2020 T.-E. Synodinou et al. (eds.), EU Internet Law in the Digital Era, https://doi.org/10.1007/978-3-030-25579-4_12

261

262

A. E. de Hingh and A. R. Lodder

The datafication, commodification, and commercialization of our existence as an inevitable part of the online infrastructure of today not only affects our privacy but it goes deeper by touching upon even more fundamental conditions of being human. In this chapter, bio-medical regulations prohibiting the trade of human body parts are explored to see whether the non-commercialization principle in these laws is helpful in assessing data processing practices. An analogy between data processing and organ trade may help us to develop a new perspective on what constitutes improper commercial use of personal data and find ways to prohibit (reprehensible aspects of) the trade in personal data. There is another reason for our approach. Since the nineteenth century, the world is connected via telex, telephony, fax, and most recently, computers. This latter network, of connected computers, known as the internet, is gradually moving into a next phase. Besides PCs and from later date smartphones and tablets, presently all kinds of objects, such as toothbrushes, wearables, TVs and cameras, are connected to the internet. The internet of bodies is a subspecies of this internet of things, and represents the connected body. This internet of bodies facilitates communication about, e.g. the performance of implants, as well as the health condition of the individual being monitored. Moreover, pace makers can be connected, insulin levels can be measured at a distance, eventually followed by automatic injections. All kinds of sensitive data are communicated about a person’s health, like general condition, heartbeat, blood pressure, etc. Now the processing of data gets close to and even enters our bodies, Article 3(2) of the EU Charter springs to mind: “the prohibition on making the human body and its parts as such a source of financial gain”. This article was not drafted with data processing in mind, but covers, e.g. slavery and human trafficking in relation to the body and its parts. One could, however, argue that the data being transferred from human implants and wearables is in conflict with this fundamental right. Companies are making money with parts of the human body, viz. data (in)directly related to our body. More generally, one could question to what extent human dignity asks for protection against the processing of (health) data. Hence, Article 1 of the EU Charter of Fundamental Rights does state “Human dignity is inviolable. It must be respected and protected.” In relation to trade in body parts, governments set limits to the free choice of its citizens, even in criminal law. In May 2015, Marc H. put an advertisement on Marktplaats.nl, the Dutch eBay, to sell his kidney for the sum of 50,000 euros. He was arrested by the police soon afterwards but acquitted because of insufficient evidence for financial gain. As the suspect had not yet received any offer, the purpose of financial gain could not be sufficiently demonstrated—advertising body parts alone was considered insufficient evidence for the purpose of financial gain. In this chapter, we do not focus on eventual sanctions, be it criminal, administrative, or civil, but explore the underlying principles for regulating the processing of (health) data. The chapter is structured as follows. In the light of the focus of our chapter (an analogy between data processing and the organ trade prohibition), we discuss some relevant assumptions of data protection law. Subsequently, the analogy between

12  The Role of Human Dignity in Processing (Health) Data Building on the Organ…

263

data processing and trade in body parts is explored. We aim to strengthen our observations related to the analogy between trade in body parts and data processing in general with a discussion of the processing of health data, and briefly touch upon paternalism (Husak 2009).

2  Need for a Change in Application of Data Protection Law The topic of this paper is part of a broader argument in the context of data protection law (Bygrave 2018). Our concern with data protection law, not only relates to the fact that gradually more intimate data is being processed. This is actually one side of the spectrum, the processing of (very) sensitive data. This is what the GDPR does, to some extent, regulate, because in principle it is not allowed to process special categories of data such as health data (Article 9(1) GDPR). However, there are exceptions to this rule, e.g. in case the data were manifestly made public by the data subject (Article 9(2)(e) GDPR). The other end of the spectrum is personal data to which data processing rules apply, but where one can question whether data protection law for these data is necessary in the first place. We start this chapter by briefly discussing what we would like to call different flavors of data processing. Many observe the discrepancy between the scope of GDPR norms and the effect these norms have in practice. We believe that data protection law, as it exists today, is too straightforwardly simple. The GDPR distinguishes special categories of data, but besides that the same norms apply to a controller/processor not interested at all in the personal data that are being processed (e.g. ERP cloud providers), controllers who have a small business and only use personal data to deliver goods, controllers whose business model is based on data analytics, etc. A possible reason might be that the drafters of the norms do not provide the data protection law framework with empirical backing, cf. Bamberger and Mulligan (2015): This absence of empirical assessment of regulatory impact on the practice of privacy leaves legal reformers shooting in the dark, without a real understanding of the ways in which previous regulatory attempts have either promoted or thwarted privacy’s protection.

What is happening right now is that big data processors like Facebook and Google largely can continue with their business as usual, whereas all kind of small players like sport clubs, schools, stores, are outright panicking about the consequences of the GDPR, in this context commonly referred to as “The new privacy law”. Also in academia, there is a tendency to ask for permission of processing of totally innocent use, e.g. asking permission to a group of 15 people in the same room, for the same reasons, to share the e-mail addresses—funny enough they already did when sending the invitation… Thus, the data protection norms that apply to Google, Facebook, and the likes are the same as those that apply to the next corner butcher and flower shop or the cloud provider only providing the tech to process data cannot be left unnoticed. A physical analogy for the latter situation is that the company that stores boxes with personal

264

A. E. de Hingh and A. R. Lodder

data is controller/processor. We want to start a discussion on differentiation of data processing regimes. What we propose is tentative, and is meant as a starting position rather than a well worked out division. We suggest to distinguish the following four categories, ranging from most infringing (1) to hardly infringing if at all: 1. Processing is in principle forbidden, but the DPA can license the processing activity. One category might be the processing of health data for commercial purposes. Article 9(2)(a) GDPR provides this option to Member States, to allow data subject to lift the prohibition of processing as defined in Article 9(1) GDPR. Markou (2011) did propose a ban for the processing of sensitive data in the context of commercial profiling and personalized advertising. Sometimes processing of health data is inevitable, e.g., for insurance companies. They will thus get a license. A more controversial category is to prohibit the business model that is solely based on the processing of personal data. 2. The current framework. The GDPR as it is right now should apply to all data processing activities that do not fall under one of the other categories. 3. GDPR light. A basic set of rules, based on Article 5 GDPR.  An organization needs to demonstrate that they act in accordance with the data protection principles listed in Article 5. This category applies based on for what purpose the data is being processed, and the nature and number of data being processed. 4. Processing is allowed, but security measures must be taken. This category applies to parties processing data as a service (e.g. cloud providers), and do nothing with the data other than storing the data or providing the services necessary to process the data. We suggest the data protection framework, or at least its application, should better consider the nature of the data and the purpose for which the data is being processed along the lines just sketched. We do not further elaborate on this topic in this paper in general, but as a first step concentrate on how the data protection norms related to health data could be reconsidered.

3  Data Protection in General: Data Subject Responsible Current laws and regulations on privacy and data protection heavily rely on the concept of informational self-determination (Cavoukian 2015)—the ability of individuals to have control over the collection, use, and disclosure of their personal information—on autonomous choice and consent (Austin 2014). This is what Solove (2013) refers to as “privacy self-management”: rights that provide people with control over their own personal data. According to Solove, this control helps people to “decide for themselves how to weigh the costs and benefits of the collection, use and disclosure of their information”. He argues that it would be paternalistic to protect people against their own bad decisions: “people make decisions all the time that are not in their best interest. People relinquish rights and take bad risks, and the law often does not stop them.”

12  The Role of Human Dignity in Processing (Health) Data Building on the Organ…

265

In this interpretation, the regulatory framework presumes a high degree of consumer knowledge, a freedom of choice and autonomous, “empowered” consumers. In practice, however, in particular online consumers are all but empowered individuals. Due to a lack of transparency in the market, and the absence of a true choice, consumers cannot take up responsibility for the protection of their own personal data (Zwitter 2014). Consumers who want to make use of free online services and social media, like Google, Facebook, or the apps on their phones do not have real choice but to agree to the terms and conditions. This is not a matter of free choice, but of enforced choice (Carolan 2016). The current system is based on coercion, forcing consumers to accept all terms and conditions of search engines, websites, and social media just by clicking “OK” and to agree to the commercial use of their personal data. As the Minister of Economic Affairs of Cyprus phrased it at the conference in Nicosia November 2017: “The statement that someone has read terms and conditions is the biggest lie of the century.” Consumers, most of the time, are not really aware what personal data is being collected by companies, and are therefore not familiar with the data protection risks they run. Online reality outpaces “the idea that it is possible or desirable for every individual to monitor and manage a shifting collection of privacy settings of which they may only be dimly aware” (Richards and King 2014). Even if consumers read a privacy policy, it is almost never sufficiently clear for the person concerned that his personal data are used and for what purpose (Zuiderveen Borgesius 2014). How many LinkedIn users were aware of the possibility that their personal profiles were sold to third parties, and eventually to Microsoft? As Whittington and Hoofnagle (2012) remark: “Having spent time reading a privacy policy, the consumer may still not discover critical terms, such as whether the company sells personal information to third parties. Many privacy policies use vague, innocuous-sounding terms to mask third-party information sharing”. Consequently, consent in current data protection law has become “tainted” by unfair bargaining conditions and has lost its effectiveness altogether (Schermer et  al. 2014). A lack of knowledge and information renders the classical privacy/ consent based framework inadequate. Any form of self-determination on the decision whether one should share or sell his or her personal data has become illusory. The objections with regard to the underlying principles of privacy law and data regulation are acknowledged by many, but satisfactory solutions are difficult to come up with. For example, Opinion 4/2015 of the EDPS,2 does suggest a radically new approach towards the question of “the ever-increasing amounts of personal information being collected and processed in increasingly opaque and complex ways”. However, it does not offer new solutions to get out of the deadlock. On the contrary, it presents the same, well-known framework that leans heavily on empowered individuals, accountable controllers, and innovative privacy engineering. Neither does the General Data Protection Regulation seem to address the  Opinion EDPS, September 11th 2015, “Towards a new digital ethics. Data, dignity and technology”. 2

266

A. E. de Hingh and A. R. Lodder

i­ nadequacies of the regulatory system nor bring any substantive changes in this situation, although consumers are granted the right to object to (profiling related to) direct marketing.3 Law is still based predominantly on the misconception that consumers understand the rules of data collection, are well informed, and are digitally savvy enough to be able to realize an adequate level of data protection themselves. Giving up personal data to get some product or online service “for free” is considered as an inevitable consequence of taking part in the digital world of today. Legal authors have struggled with the above-mentioned problems on current privacy and data protection laws. Some of them propose, for example, a more flexible regulation of data protection by introducing a less strict form of consent (Schermer et al. 2014). Others discuss a proprietary approach vesting a property right on personal data (Prins 2006; Purtova 2011), or a “privacy 2.0 approach”, which leaves less room for the principle of purpose limitation;4 or, rules of unfair trading practices could be an alternative for privacy regulation (Hartzog and Solove 2015). However, the proposed solutions do not offer a truly satisfactory solution to the concerns the majority of consumers experience. We do not believe that these problems can be addressed simply by adjusting the conditions within which the data market operates. Even if the solutions proposed resulted in fair background conditions, well-informed consumers, a transparent market, explicit consent, even the possibility for consumers to vest property rights to their own data, the aversion, and moral concerns on the commodification and commercialization of personal data will not disappear. We encounter what lies beyond simple market-driven practices. This leads to the question whether there may be “some things that money should not buy?” (Sandel 2013). Our conclusion is that privacy law and data protection rules alone do not offer enough protection to consumers who are concerned that their identities are fragmented into marketable parts and feel uneasy having to sell those parts whenever they are online. This unease can neither be explained by the single fact that people feel coerced to sell their data in exchange for (free) online services and consequently lose control over the process, nor can this be addressed by simply adjusting the market conditions, as liberal consent theorists believe. Other dimensions of life than privacy are at stake here, selling data per se can be more fundamentally, intrinsically degrading.

 REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). Art 21 (2): Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing. 4  Moerel and Prins (2015). 3

12  The Role of Human Dignity in Processing (Health) Data Building on the Organ…

267

4  Body Parts and Data We believe that looking into a different field of law, namely biotechnology law, and the role human dignity plays in this field may help us articulate new approaches to data protection. Human dignity is commonly approached from two perspectives. One is dignity as empowerment, as respect for autonomy. We use dignity here in another sense, viz. dignity as a constraint, as protection against instrumentalization. It may seem infeasible to bridge the conceptual gap between the human body and personal information, but as already touched upon in the introduction this might be less far-fetched than it seems. Obviously, the legal status of human body parts does not correspond with the status of personal data entirely, but there are good grounds to make the comparison. Current technologies have enabled medical science to isolate, process, change, and exploit parts of the body (like organs, blood, embryos, stem cells, and tissues) to be used for medical, scientific, and commercial purposes. Parts that previously were inextricably linked to the human body are now considered as a useful resource. This process of objectifying the individual has enabled the industry to extract, use, and market body parts without reference to the person involved. It is often observed that here practices are permeated by commercial metaphors. These metaphors in biotechnology reflect the reduction of the person into marketable body parts: “bodies are mined like a resource and organs are harvested like a crop” (Andrews and Nelkin 1998). This process shows resemblance with the harvesting of personal data in the context of big data applications, and considered by the companies as the “oil of the internet”. The developments in the domain of medical biotechnology have put pressure on the idea of the unity of the person and the body. Just like the development of Big Data practices and datafication have turned persons into (data-)objects, packages of data that are subsequently stripped and fragmented, analyzed and sold, bio technologies have deprived the human body of its organic unity and have transformed the human body into a kit of useful (exploitable) “bio-materials” (Van Beers 2017). Both biotechnology and in data processing and data analytic practices, parts of the person or identity of individuals are separated from the individuals themselves. Both practices render persons into an endless source of use values: bio products and personal data. In this sense, the legal status of personal data and human body parts can be compared; or, as Mittelstadt and Floridi (2016) noted, “it is likely more ethically problematic to strip context from data used to track the behaviors of individuals than it is to remove identifying information from tissue samples for medical research”. The ethical issues surrounding the human body have resulted in an extensive regulation of medical biotechnology provided with many legal prohibitions and restrictions. In (international) bio-regulatory instruments, the conception of human dignity plays a dominant (constraining) role where it prescribes the limits of modern

268

A. E. de Hingh and A. R. Lodder

technologies (Beyleveld and Brownsword 2002). For instance, Article 1 of the Convention on Human Rights and Biomedicine of the Council of Europe: Parties to this Convention shall protect the dignity and identity of all human beings and guarantee everyone, without discrimination, respect for their integrity and other rights and fundamental freedoms with regard to the application of biology and medicine

Article 1 and 2(a) of the Universal Declaration on the Human Genome and Human Rights: The human genome underlies the fundamental unity of all members of the human family, as well as the recognition of their inherent dignity and diversity. In a symbolic sense, it is the heritage of humanity Everyone has a right to respect for their dignity and for their rights regardless of their genetic characteristics

Article 1 of the International Declaration on Human Genetic Data: The aims of this Declaration are: to ensure the respect of human dignity and protection of human rights and fundamental freedoms in the collection, processing, use and storage of human genetic data, human proteomic data and of the biological samples from which they are derived […]

Article 2(c) and 3(1) Universal Declaration on Bioethics and Human Rights: The aims of this Declaration are: to promote respect for human dignity and protect human rights, by ensuring respect for the life of human beings, and fundamental freedoms Human dignity, human rights and fundamental freedoms are to be fully respected.

One specific way in which the concept finds its expression in the regulation of biomedical technology is that human dignity in itself is contradictory with the commodification and the trade of human body parts: the principle of non-­ commercialization. The principle that the human body is extra commercium applies to all parts of the human body: i.e. tissue, blood, organs, eggs, sperm, and embryos. The prohibition of so-called transplant commercialism is found in numerous declarations and treaties,5 where transplant commercialism is defined as “…a policy or practice in which an organ is treated as a commodity, including by being bought or sold or used for material gain”.6 The trade of human cells, tissues, and organs is prohibited as it is inconsistent with the most basic human values and would imply the instrumentalization of the personhood that contravenes the Universal Declaration of Human Rights. Moreover, payment for human body parts is likely to take unfair advantage of vulnerable groups of people and leads to profiteering and human trafficking. The principle of non-commercialization conveys the idea that people lack dignity once

 See Convention on Human Rights and Biomedicine Article 21 – Prohibition of financial gain: The human body and its parts shall not, as such, give rise to financial gain. See Istanbul Declaration on Organ Trafficking and Transplant Tourism 2008. 6  http://hottproject.com/about-the-crime/other-crimes/transplant-commercialism.html. 5

12  The Role of Human Dignity in Processing (Health) Data Building on the Organ…

269

they are used by others as mere objects. This draws upon the writings of Kant (1797): A human being cannot be used merely as a means by any human being (…) but must always be used at the same time as an end. It is just in this that his dignity (personality) consists (…). [H]e cannot give himself away for any price (this would conflict with his duty of self-­ esteem) …

The principle of non-commercialization is reflected, for example, in the practice in the Netherlands (and in the United Kingdom) that blood donors are not paid, but only modestly reimbursed for their donation of blood (Petrini 2012). The principle that the human body should be neither commercialized nor a source of gain seems no subject of discussion: many countries at least in Europe have laws that embrace human dignity as constraint and prohibit the purchase or sale of body parts. Dignity as constraint and the principle of non-commercialization have up until now been left out of the debate on data protection law. Instead, in privacy and data protection law, dignity as empowerment and the principles of individual autonomy and consent, as instruments of self-determination, prevail. It is however precisely the former, constraining dimension that could be of help in trying to find ways to offer better legal protection for digital consumers. Introducing the dimension of human dignity as a constraint enables us to reconsider the legal issues in the discussion on commercial use of personal data on the internet from a different angle (Brownsword 2007). For the sake of this argument, an analogy must be drawn between parts of the human body on the one hand and personal data as parts of the personal identity of a human being on the other. The financial gain of the trade of body parts, whether for the person from whom these parts have been removed or for a third party, must be compared to the financial gain of data trade. Like in the bio-market, the prohibition of commercialization of data would apply to the individual whose personal data are purchased in exchange for free access to internet services and to the third parties: corporate entities of which the business models depend on the trade of human identities. The absence of any regulation where the parallel between body parts and data processing is drawn could be considered as a legal inconsistency.

5  Towards an Alternative Data Protection Approach In this section, we elaborate on three alternative ways to approach data protection law, inspired by the law on biotechnology just discussed. Subsequently, we address health data and the concepts of paternalism and dignity.

270

A. E. de Hingh and A. R. Lodder

5.1  Explicit Consent for Processing of Health Data It is considered a crime to sell your organs, but what if health data are sold, and people agree to this transaction? Article 4(11) GDPR has a very strict definition of consent: ‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

As already referred to above, Article 9(1) GDPR prohibits the processing of special categories of data such as: (…) the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health (…)

There are several exceptions to this ban on processing of special categories of data, relevant for now is the following one: 2. Paragraph 1 shall not apply if one of the following applies: (a) the data subject has given explicit consent to the processing of those personal data for one or more specified purposes, except where Union or Member State law provide that the prohibition referred to in paragraph 1 may not be lifted by the data subject (…)

Whereas Article 4(11) presents a type of consent that seems the most rigid possible, here the GDPR uses the concept explicit consent. This is not the place to discuss what this addition “explicit” entails, but we have not encountered yet someone, who could come up with a meaningful distinction between consent in the sense of Article 4(11) and explicit consent. This was also the outcome of a discussion during the November 2017 REDA conference in Nicosia, Cyprus. Health data may be provided by the data subject for free, but normally there is a reward, e.g. a service is provided in return. In case of organ trade, if someone provides his organs without monetary reward this is allowed, but if money is received in return this is considered a crime. The rationale is that trade is only possible when there are at least two parties (and often third parties, intermediaries), so also the one who provides the body parts falls under the scope of the regulation. Also, and in particular, intermediaries and the one who receives the organ are condemned. However, to stop transactions, criminalizing the donor is considered necessary. In the context of data protection the donor, viz. data subject, is not the one on which the normative framework should concentrate from an enforcement perspective. Rather, the parties collecting and processing the data are the ones relevant here.

12  The Role of Human Dignity in Processing (Health) Data Building on the Organ…

271

5.2  Paternalism and Health Data Paternalism is a recurring issue when regulation is aimed at protecting people  (Moore 2013). In the context of organ trade, Conly (2012, p.  3) writes “We should save people from doing things that are gravely bad for them when they do that only as a result of an error in thinking (…) government should intervene in cases of obvious harm (…) I argue for paternalistic laws, and more specifically, paternalism of the sort that forces people to act, or refrain from acting, according to their best interests.” One reason for a paternalistic approach is that in case of the sale of organs, debate is that genuine and free consent is impossible. To what extent is free consent, in particular in the (explicit) GDPR sense, possible in case of data processing? The answer is that often it is not. In some of these cases, a paternalistic government approach should be considered (Allen 2015). One is the right to data portability in the context of health data. If citizens get control over health data, they can also provide these data to interested commercial parties. We doubt whether citizens realize the possible impact of having their health data analyzed by commercial parties. On consent and health data, there is also a flip side to this issue. Since consent should be freely given, and in case of health data explicitly, data protection law can also prevent rather innocent processing activities. One example is an outing with the company you are working with. Assume they want to climb walls, and some health data need to be provided to the company of the climbing wall. The employer cannot get consent for obtaining these data, since due to the power relation freely given consent is not possible. As we briefly sketched above, we should strive for data processing that covers all sides of the spectrum: no or fewer constraints in case of rather innocent data processing, and firmer constraints and maybe even a ban for intrusive data processing activities. Is it a task for governments to protect, more than under the GDPR is the case, citizens against the processing of (health) data? There is a thin line between justified government interference and unduly paternalism. Privacy advocates are easy targets for accusations of paternalism: “If you really considered it, you would not give permission!”, “Don’t click okay blindly.” Still privacy, and in the European Union even data protection, are fundamental rights (Van der Sloot 2017). Therefore, it could be considered the duty of government to protect its citizens in this respect and create further safeguards (Wisman 2019). But how, and to what extent? A relevant angle for a refined approach to data processing is including ethical considerations. Roughly put, for legal and tech phenomena in general and data processing in particular, at least three questions are relevant. The first is about the technology, what is possible? The second is about the law, what is permissible? But even within the limits of the law, ethics should play a role, viz. what is desirable? To some extent this is covered by the Article 5(1) GDPR principle “fair processing”. Processing should be fair, in relation to both a particular data subject and society at large. In relation to body parts, Kishore (2005) states “Arguments against organ sale are grounded in two broad considerations: (1) sale is contrary to human dignity, and

272

A. E. de Hingh and A. R. Lodder

(2) sale violates equity (…) they reflect a state of moral paternalism rather than pragmatism.” We claim that sometimes data processing can be non-ethical, against human dignity. An example is the commercial exploitation of health data of vulnerable people.

5.3  Dignity In the GDPR, not much reference to dignity can be found, actually, only once, in the case of processing in the context of employment. Article 88(2) GDPR states “Those rules shall include suitable and specific measures to safeguard the data subject’s human dignity, legitimate interests and fundamental rights…”. Post (2018) correctly observes that the GDPR is based on Article 8 EU Charter of fundamental rights, in which data protection is presented as a fundamental right. It is somewhat strange, amongst all those other fundamental rights, because the description is instrumental, even explicitly referring to fair information processing principles such as purpose specification, consent, and correction rights. This is different from the right to privacy in Article 7 of the EU Charter of fundamental rights: In contrast to data privacy, Article 7 of the Charter of Fundamental Rights of the European Union is entitled “Respect for Family and Private Life.” (…) protects the dignity of persons by controlling inappropriate communications that threaten to degrade, humiliate or mortify them. (…) Article 7 enshrines the same privacy values as those safeguarded by the American tort of public disclosure of private facts. It protects what we may call “dignitary privacy.”

These different approaches to data protection and privacy might explain why there is not room for dignity in the GDPR. It might be also the reason there is not a single reference to privacy in the GDPR (except twice in a footnote when reference is made to the ePrivacy directive). In earlier versions, privacy was mentioned. The rigorous “privacy cleaning” of the GPDR has also led to the renaming of the well-­ known concepts Privacy by Design, Privacy by Default, and Privacy Impact Assessment to Data protection by design, Data protection by default, and Data protection impact assessment. However, even from the perspective of data protection, as described in Article 8 of the Charter, the concept of dignity should not be left out of the picture totally. Article 1 of the Charter, after all, is about dignity, and as the Fundamental Rights Agency explains7: “It results that none of the rights laid down in this Charter may be used to harm the dignity of another person”. Thus, there is even fundamental backing for looking at dignity in the context of data protection. Hence, based on dignity, there are situations where individuals should be allowed to permit the collecting, gathering, and deriving of their personal data. We discussed Article 9(2)(a) and that the processing of health data could in some situations even be prohibited if the data subject gives explicit consent. The responsibility for respecting a prohibition based on dignity should not be placed at the realms of the  http://fra.europa.eu/en/charterpedia/article/1-human-dignity.

7

12  The Role of Human Dignity in Processing (Health) Data Building on the Organ…

273

individual or data subject, rather the focus has to be directed to the controllers and processors of personal data (De Hingh 2018).

6  Conclusion Were it not for the law, parts of the human body like blood and skin could be an inexhaustible source of income—just like personal data are today. On a massive scale, large parts of our identity and our personality are commodified and becoming the object of trade. The fundamental right to privacy and data protection do not suffice to explain this discomfort or to tackle the legal issues arising from it. The commodification of our personal data as part of the online infrastructure of today does not affect the right to privacy alone but goes further by touching upon more fundamental conditions of being human, the deformation of which interferes deeply with the core of our human dignity. Therefore, we propose to reorient the debate on data processing by introducing the notion of human dignity as constraint into the discussion. A prohibition of personal data commercialism (analogous to a prohibition of transplant commercialism) could contribute to a more future-proof regulation of data processing activities. Legal instruments similar to the ones concerning the human body could be applied to the trade of personal data as well. Today, numerous (online) companies have developed business models based on the trade of personal data. However, none of the “potential benefits of the new technologies really depend on the collection and analysis of the personally identifiable information of billions of individuals”.8 The collection and processing of personal data is by definition neither indispensable when doing business on the internet, nor is data processing an absolute prerequisite for the functioning of online services. Against this background, there are no obstacles to limit or prohibit the use of this technology at least in areas where human dignity is evidently at stake, such as many situations where health data are being processed for commercial purposes.

References Allen AL (2015) Unpopular privacy. What must we hide? Oxford University Press Andrews L, Nelkin D (1998) Whose body is it anyway? Disputes over body tissue in a biotechnology age. The Lancet 351(9095):53–57 Austin LM (2014) Enough about me: why privacy is about power, not consent (or harm). In: Sarat A (ed) A world without privacy: what law can and should do? Cambridge University Press Bamberger KA, Mulligan DK (2015) Privacy on the ground. Driving corporate behavior in the United States and Europe. The MIT Press

 Opinion EDPS, see note 2.

8

274

A. E. de Hingh and A. R. Lodder

Beyleveld D, Brownsword R (2002) Human dignity in bioethics and biolaw. Oxford University Press Brownsword R (2007) Rights, regulation, and the technological revolution. Oxford University Press Bygrave LA (2018) Legal scholarship on data protection: future challenges and directions. In: Degrave E, de Terwangne C, Dusollier S, Queck R (eds) Law, norms and freedoms in cyberspace: Liber Amicorum Yves Poullet. Larcier, pp 493–504 Carolan E (2016) The continuing problems with online consent under the EU’s emerging data protection principles. Comput Law Secur Rev 32(3):462–473 Cavoukian A (2015) Evolving FIPPs: proactive approaches to privacy, not privacy paternalism. In: Gutwirth S, Leenes R, de Hert P (eds) Reforming European Data Protection Law. Law, Governance and Technology Series, vol 20. Springer, Dordrecht Conly S (2012) Against autonomy. Justifying coercive paternalism. Cambridge University Press De Hingh A (2018) Some reflections on dignity as an alternative legal concept in data protection regulation. German Law J 19(05):1269–1290 Hartzog W, Solove DJ (2015) The scope and potential of FTC Data Protection. George Wash Law Rev 83:2230; GWU Law School Public Law Research Paper No. 2014-40; GWU Legal Studies Research Paper No. 2014-40. https://ssrn.com/abstract=2461096 Husak DN (2009) Legal paternalism. In: LaFollette H (ed) The Oxford handbook of practical ethics Kant I (1797) The metaphysics of morals (trans: Gregor MJ). Cambridge University Press, 1991 Kishore HH (2005) Human organs, scarcities, and sale: morality revisited. J Med Ethics 31:362–365 Markou C (2011) Consumer-oriented software agents in the buying process: risks, issues and the EU legal response. Ph.D. thesis, University of Lancaster, Lancaster Mittelstadt D, Floridi L (2016) The ethics of biomedical big data. Springer Moerel L, Prins C (2015) On the death of purpose limitation. Privacy perspectives, 2 June 2015. http://Iiap.org/news/a/on-the-death-of-purpose-limitation Moore AD (2013) Coercing privacy and moderate paternalism: Allen on unpopular privacy (February 26, 2013). https://ssrn.com/abstract=2225376 Newell S, Marabelli M (2015) Strategic opportunities (and challenges) of algorithmic decision-­ making: a call for action on the long-term societal effects of ‘datification’. J Strateg Info Syst 24(1):3–14 OECD (2013) Exploring the economics of data: a survey of methodologies for measuring monetary value. OECD digital economy papers, no 220. OECD Publishing Petrini C (2012) Ethical and legal considerations regarding the ownership and commercial use of human biological materials and their derivatives. J Blood Med 3:87–96 Post R (2018) Data privacy and dignitary privacy: Google Spain, the right to be forgotten, and the construction of the public sphere. Duke Law J 67(5) Prins C (2006) Property and privacy: European perspectives and the commodification of our identity. In: Guibault L, Hugenholtz PB (eds) The future of the public domain. Kluwer Law International, Deventer, pp 223–257 Purtova NN (2011) Property rights in personal data: a European perspective. BOXPress BV, Oisterwijk Richards NM, King J (2014) Big data ethics. Wake Forest Law Rev 49:393–432 Sandel MJ (2013) What money can’t buy: the moral limits of markets. Farrar, Straus and Giroux; Reprint edition (April 2, 2013) Schermer BW, Custers B, van der Hof S (2014) The crisis of consent: how stronger legal protection may lead to weaker consent in data protection. Ethics Info Technol 16(2):171–182 Schwartz PM (2004) Property, privacy, and personal data. Harv Law Rev 117(7):2056–2128 Smutny Z, Janoscik V, Cermak R (2017) Generation Y and internet privacy: implication for commercialization of social networking services. In: Benson V, Saridakis G, Tuninga R (eds) Analyzing the strategic role of social networking in firm growth and productivity. IGI Global, Hershey, pp 95–119

12  The Role of Human Dignity in Processing (Health) Data Building on the Organ…

275

Solove DJ (2013) Privacy self-management and the consent dilemma. Harv Law Rev 126:1880 Van Beers BC (2017) Imagining future people in biomedical law: from technological utopias to legal dystopias within the regulation of human genetic modification technologies. In: Ambrus M, Rayfuse R, Werner W (eds) Risk and the regulation of uncertainty in international law. Oxford University Press, Oxford, pp 117–140 Van der Sloot B (2017) Legal fundamentalism: is data protection really a fundamental right? In: Leenes R, van Brakel R, Gutwirth S, De Hert P (eds) Data protection and privacy: (in)visibilities and infrastructures. Springer, pp 3–30 Whittington J, Hoofnagle CJ (2012) Unpacking privacy’s price. N C Law Rev 90:1327 Wisman THA (2019) The quest for the effective protection of the right to privacy: on the policy and rulemaking concerning mandatory Internet of Things systems in the European Union. Ph.D. thesis, Vrije Universiteit Amsterdam Zuiderveen Borgesius FJ (2014) Improving privacy protection in the area of behavioural targeting. Ph.D. thesis, UvA Amsterdam Zwitter A (2014) Big data ethics. Big Data Soc: 1–6

Chapter 13

Trusted Computing Initiative on the Spectrum of EU Cyber-Security Legal Framework Yianna Danidou

Abstract  EU is admittedly investing into technological advancements that would protect the users’ security, trust, and privacy, by funding privacy by design and privacy by default research and technologies. The legal framework seems unprepared in dealing effectively with the rising sophisticated cyberattacks, therefore EU is coping to improve the overall network and information security, along with data protection, through the newly introduced and long anticipated General Data Protection Regulation (GDPR) and the Network and Information Security Directive (NIS). Trusted Computing (TC) is a technology that aims to protect the user, and the integrity of her machine and her privacy against third-party users. To defeat security threats, what is needed are “networks of security” rather than isolated security solutions and “gated communities”. It was argued that technologies like TC can be used to build secure networks and if adopted by Critical Infrastructures (CIs), to avoid cascade effects in interdependent CIs, as well as to standardize components, to comply with EU’s cybersecurity framework.

1  Introduction As the Internet became a common place for online users globally and since the Internet was not originally designed for this type of commercial activity, huge problems have been caused both regarding economy, but mainly concerning online safety and the evolution of cybercrime (Gordon and Loeb 2002, 2006). Zittrain, in his book with title “The future of the Internet and how to stop it” states that: If the Internet had been designed with security as its centerpiece, it would never have achieved the kind of success it was enjoying, even as early as 1988. The basic assumption of Internet protocol design and implementation was that people would be reasonable; to assume otherwise runs the risk of hobbling it in just the way the

Y. Danidou (*) European University Cyprus, Nicosia, Cyprus e-mail: [email protected] © Springer Nature Switzerland AG 2020 T.-E. Synodinou et al. (eds.), EU Internet Law in the Digital Era, https://doi.org/10.1007/978-3-030-25579-4_13

277

278

Y. Danidou

proprietary networks were hobbled. The cybersecurity problem defies easy solution, because any of the most obvious solutions to it will cauterize the essence of the Internet and the generative PC (Zittrain 2008).

The Internet was not originally intended as a platform where people spend a substantive percentage of their lives, engage in commercial activity on a large scale, work, play and socialize, and interact in various forms with their governments. As the Internet becomes more central to the lives of most people, it was inevitable that criminals began to exploit its weaknesses to a much greater extent than before. At one brief time, the main threat seemed to come from overenthusiastic teenagers designing viruses, but the risks are now from highly organized criminal groups with significant resources, both in terms of expertise and computing power (Hunton 2009). In addition, entire nation states can be subject to successful cyber-attacks even on their Essential Infrastructures, possibly with the tacit approval or open participation of foreign states, or at the very least “rough agencies” close to state security agencies or the military. For example, the attack on the cyber infrastructure in Georgia in August 2008 (Russia US-CCU Special Report 2009) or the attack on the Iranian nuclear powerplant facilities through Stuxnet (Langner 2011; Andress 2014). Cyberthreats can originate from both state and non-state actors; motivations can be profit, political and strategic, and the impact can be extensive, affecting governments by interfering discreetly with internal democratic processes. WannaCry ransomware attack in 2017 on the National Health Service of England pinpointed the enormous scale a cyberattack can have, the severity of the impact, the interdependencies between Critical Infrastructures (CIs)1 and countries, but most significantly it showed the weaknesses and the reinforcement that is needed on the three main pillars of resilience, deterrence, and defense (King 2017). Major transformative developments, like Cloud Computing2 and the Internet of Things (IoT), reshuffle the landscape of security (Vermesan and Friess 2015; Simon 2017; Maglaras et al. 2018). The human loses even more control (depersonalization) (Schneier 2010), is even more taken out of the equation, and the power shift to the software developers becomes even more complete. Networks that combine, in addition to hundreds of millions of connections between desktops or similar devices, will become networks of hundreds of billions of entities, increasing exponentially in complexity. Security becomes, consequently, an even more interdependent network of strong and weak links—an attack on a badly protected thermostat could follow down communication lines to entirely different computer systems. At the same time, vulnerabilities become even more threatening—hacking into my computer to steal credit card details or spam people in my address book is one thing, hacking into my car while I am driving and disabling the brake system is a very different threat scenario. In other words, it is even more alarming if the attack is on devices or infrastructures that are involved in life-saving functions.  For the different types of interdependencies between CIs, see Eusgeld et al. (2011).   See discussions on the appropriateness of using Cloud computing services in Critical Infrastructures in Corn (2017) and Homeland Security (2017) and a discussion on the technical barriers of using Cloud computing in CIs in Mackay et al. (2012). 1 2

13  Trusted Computing Initiative on the Spectrum of EU Cyber-Security Legal…

279

While private and public sector organizations are switching to new technologies like Cloud Computing, things are riskier when referring to Cloud computing for CIs and when viewed from a Critical Information Infrastructure Protection (CIIP) perspective (Dekker 2013). It has been characterized as a ‘double-edged sword’ since cloud computing can deploy remarkable security and resilience measures, but at the same time, if a security breach occurs, then millions of data will be exposed along with their owners, and in the case of CIs, there will be widespread disastrous impact on the activities of all interdependent infrastructures ranging possibly to other related countries and their citizens as well. Interdependencies will be magnified under IoT and cloud computing technologies, and should not be neglected because they also cause mutual influences in failures and affect the calculated probability of occurrence of cascading failures (Eusgeld et al. 2011). Moreover, it has been claimed that digital forensics on the cloud is a perplex issue that while it is a necessity in an era of cyberattacks, it raises technical, legislative, and organizational challenges (Liveri and Skouloudi 2016). The EU Member States have committed to protecting critical ICT systems via the European Commission’s CIIP action plan by preventing large cyberattacks and cyber disruptions of critical ICT systems (European Commission 2009a). EU has accelerated the development of its CyberSecurity and has implemented a Strategy (EUCSS) showing the policy that the Union will follow to tackle with crucial challenges and cybersecurity issues (European Commission 2013a), elaborating more in its recent digital agenda (European Commission 2015), yet being aware that given the global and open nature of the Internet, the challenges cannot be addressed fully. Cyberattacks are taking a new form—the one of advanced persistent threats3 (Farwell and Rohozinski 2011; Tankard 2011), therefore the need for detection, as well as mitigation of these attacks, is more imperative than ever. The UK government recognizes the detrimental impact that a cyberattack can have on the economy and the social well-being of the country (Cm7234 2007; Cm7948 2010; Office of Cyber Security and Information Assurance (OCSIA) and Detica 2011),4 and the effect of how nations deal with internet freedom and security. While the legal system struggles to keep up with technology developments and their enforcement and prosecution, the regulation through technology took increasingly center stage (Lessig 1996; Yeung 2008; Yeung and Dixon-Woods 2010; Pagallo 2015). Rather than prosecuting crime, the focus shifted on communicating architectures that make it impossible to commit crimes in the first place. In hindsight, the development of the Internet might usefully have included security as a design feature. Starting Internet’s development again from scratch is not a feasible option, which means that any response is likely to be a patch added to the existing system rather than a complete rebuild. Attempts to deal with the increasing number of reported cyber crime incidents include more legislation, user training, public awareness, and other technical security measures (Cm7642 2009).  Cyber attacks are characterized as advanced persistent threats due to their increased frequency, sophistication, clear target, and coordination. 4  The Home Office minister Baroness Neville-Jones presented an estimation that cybercrime costs UK £27bn each year in UK Cabinet Office and National security and intelligence. 3

280

Y. Danidou

Transactions over the Internet are perceived as high risk, and trust is mostly needed in such cases of high risk (Mutz 2005). In the absence of interaction with people who are validated as trustworthy, the risk is higher. With technology improving and upgrading online and offline, and as digital crimes increase, consumers seem increasingly concerned regarding privacy and security, while researches identify that the primary goal to balance these is by winning public trust. These concerns have been addressed by the research community in a number of studies, using different indices that may affect individuals’ perception on trustworthiness (Belanger et al. 2002; Schoorman et al. 2007). In the digital world currently experienced every day, there are two evident conclusions: • that the digital companies will need to find the measures to increase the trust and security that they provide towards their users; • technology solutions should be implemented to ensure, based on their carrying features, protection over user’s trust, privacy, and security while transacting over the internet. However, the Internet will remain imperfect, and things will go wrong. Indeed, the futile search for perfect security may ultimately do more harm than good, by creating a misplaced sense of security in technology that might increase the use to take greater risks. It is a fact that the cyberattack-related critical question is not how it will happen, but when it will happen, and when it occurs, users (personal or organizational) need to be in resilient. It is of great importance to note that not only the systems connected to the Internet are candidates for cyberattacks, systems can also malfunction while not Internet-connected, possibly affecting the economy by the downtime, the stability of the organization and even threatening human lives. This is even more true in the case of CIs which are essential for the functioning of the Member State’s society and economy. Critical Infrastructures, as the name suggests, are systems or assets, vital for the well-being of the citizens and their disruption can lead to undesired consequences. National security, economic prosperity, and public health and safety depend on the reliable functioning of critical infrastructures that cannot be secured independently of one another, since they form a set of highly dependable infrastructures, especially in modern societies. Interdependencies among diverse infrastructure systems that can be either spatial or functional have grown dramatically over the past years mainly as a consequence of a highly network society (Zimmerman 2004). Although these interdependencies create several opportunities, they also form a “network of networks” generating inherent vulnerabilities that are present in other network structures and ultimately lead to widespread impact. The importance of safeguarding these essential complex infrastructures is crucial and represents one of the most central national security challenges that nations should confront, addressing at the same time the interactions, interconnections,5 and interdependencies among ­computer, communication, and power infrastructures. An example could be the  Such interconnections can be classified as physical, geographical, cyber, or logical (Rinaldi et al. 2001). 5

13  Trusted Computing Initiative on the Spectrum of EU Cyber-Security Legal…

281

interdependencies between power and telecommunication infrastructures, or between energy and transport infrastructures that if impacted, their failure can lead to cascade effects affecting all supply networks, the community, and economic prosperity (Varianou Mikellidou et al. 2017). Physical security of critical infrastructures has been accepted to be an important issue; however, during the last years, cyber vulnerabilities have been also a rising threat (Ten et  al. 2010) and specifically, failures on ICT are often catastrophic (Zimmerman 2004).6 Key sectors depend highly on ICT, and CIs act as a “network of networks” in the sense that infrastructures cannot be isolated and deal with the security of each infrastructure separately—the aim should be at devising ways to secure CIs based on their complex network nature. Repeated cyber intrusions into critical infrastructures demonstrate the need for improved cybersecurity (The White House 2013). Traditional IT solutions seem to be inadequate in dealing with severe cyberthreats and cybervulnerabilities. It was argued that to defeat security threats that are parasitic on the Internet structure, and with other words themselves (complex dynamic networks) are typical for a DoS attack for instance, “networks of security” are needed rather than isolated security solutions and “gated communities”. “Understanding the fragility induced by multiple interdependencies is one of the major challenges in the design of resilient infrastructures” (Vespignani 2010). In the same vein, prior research review suggests that new technologies and frameworks should be developed to address the issue of security, trust, and privacy (STP) assuring that data are safe while used over the internet, considering the large number of vulnerabilities existing (Ab Manan et al. 2011). A mapping of the basic technologies existing in cybersecurity and identification of research challenges have been covered in (Kert et al. 2014). Here two paradoxes are presented—(a) organizations are reluctant in investing into security products because of high cost, however, cheap security products do not seem to do the job—low cost and security are incompatible; and (b) IT people are more interested in releasing patches to fix software errors mostly in terms of interface, while security experts need stability. What is needed in the case of critical infrastructures is a new approach that will be stable and resilient, and that provides security and reliability in different threat and failure scenarios by analyzing the interdependencies and the coupling between these highly dynamic systems (Eusgeld et al. 2011). Such an approach is called a complex system. Security should be incorporated from the inception of the technology and throughout the system development lifecycle (SDLC) of design, development, testing, deployment, and not as a patch at a later stage. While security solutions and technologies have been developed in an effort to deal with security, trust and privacy issues, a unified solution has not been achieved, leading Service Providers, Collaborators, and Trusted Third Parties to create an unstable and imbalance environment for users (Ab Manan et al. 2011).

 The three modes of malicious attacks on a power infrastructure are as follows: (1) attack upon the system; (2) attack by the system; and (3) attack through the system (Amin 2002). 6

282

Y. Danidou

2  The TC Technology Under the NIS Directive While computer systems have changed in nature and become more and more ubiquitous, many technical challenges came into sight and led to the realization that system designers must proceed to design new computing systems that offer a higher amount of trust than the currently implemented ones. Especially in the case of CIs where the impact of a cyberattack will be enormous and can affect other infrastructures and create cascade effects. Threats to CIs span from electronic, radio-­frequency to computer-based attacks on the information components that control the CIs (Simon 2017). Prevention of denial of service (DoS), the performance of access control and monitoring and the achievement of scalability are just some of the numerous technical challenges that need to be overcomed by the current distributed systems. The need for such a platform becomes more imperative by the recognition that it is insufficient to rely on users taking the necessary precautions to protect their systems themselves (by frequently updating firewalls and anti-virus systems) and that the threats and attacks have amazingly increased because of automated attack tools, proliferation of vulnerabilities, and increased mobility of users (Berger 2005; Kraemer et al. 2009). CERT Coordination Center has reported the extremely large amount of vulnerabilities catalogued until 2017 (CERT 2018). Furthermore, it has been found that software-only security mechanisms cannot provide sufficient protection for the whole system (Berger 2005). A related problem are existing unsecured operating systems that currently do not provide single application isolation—thus reducing to the minimum the platform security level—which is found in diverse environments following the same security requirements. In addition to the increasing security threats, the ease with which to write and spread malicious code (even ubiquitously), the vast number of Internet connected devices along with the substantial use, and incredible evolution of the Internet during the last 18 years (IWS 2018), have led to the conclusion that systems with increased security, high confidentiality, integrity, non-repudiation, high-availability, and authenticity should be deployed (Oppliger and Rytz 2005). Thus, the three basic conditions that a trusted environment, in the computer science sense, must fulfill are: protected capabilities; integrity measurement; integrity reporting, all creating and ensuring platform trust (Burmester and Mulholland 2006). Systems covering these aspects are described as “trustworthy” (Burmester and Mulholland 2006). Achieving the ideal unified and balanced framework is supposed to include STP policies, technologies, processes, and legal aspects all blended together to present the optimal trusted environment. As a step towards the success of a holistic system that promotes and assures security, trust and privacy in all levels, computer scientists, architects, engineers, designers, and developers from large market players have reached to the decision that Trusted Computing (TC)7 is the ideal environment,  Back in 2003, the Trusted Computing Group (TCG) (formerly known as the Trusted Computing Platform Alliance (TCPA))—a non-profit organization—formed an alliance of promoters like AMD, Hewlett-Packard (HP), IBM, Intel Corporation, Microsoft, Sun Microsystems Incorporation, Fujitsu Limited, and of contributors like Canon, Dell, Erickson, Google, Oracle, Samsung, and many more; initiated the Trusted Computing (TC) project. 7

13  Trusted Computing Initiative on the Spectrum of EU Cyber-Security Legal…

283

comprised of hardware and software that can address all the issues. The Trusted Computing Group (TCG) works on the creation of a new computing platform that would provide enhanced trust to the current platform and aims to develop, define, and promote standards to achieve higher security levels for the Information Technology (IT) infrastructure between multiple platforms, devices, and networks (Berger 2005). Internet security is a big problem, and since it is a complex dynamic network, companies or individuals cannot protect themselves only without caring what happens outside of their small sphere of influence (Guadamuz 2013). Trying to deal with individual threats, one at a time, while ignoring that the main security threats match the structure of the network, so that taking out one node at a time, would not be successful. TC emerged as a possible solution to this dilemma. It promises to take the weakest link in the security chain—the individual PC user—out of the equation and shift the power of securing personal computers to organizations like TCG. It also promises to “build up” secure networks in the same way the Internet itself operates—that is, as a complex dynamic system of mutually assured trustworthiness. TC tries to build complex dynamic trust networks “bottom up”, without central, let alone state, oversight or control. If social trust relations in complex modern societies also organize themselves in dynamic complex networks, and if security “travels along” the trust edges in this network—because people only trust those whom they can securely trust, those who are “trustworthy”—the result would be an environment with ubiquitous security, which is the ultimate aim of the Trusted Computing Initiative (TCI). As mentioned above, to defeat security threats that are parasitic on the Internet structure, “networks of security” are needed rather than isolated security solutions and “gated communities”. In the case of TC in particular, this requires networks of trust relations that are isomorphic to the structure of the Internet and where CIs are involved an alloy of correctness, reliability, security, privacy, safety, and survivability should be present (Schneider 2000). While TC tries to make using the Internet more secure, it is not what is technically known as “secure computing” (Proudler et al. 2014). Proudler draws the distinction like this: • “Secure” is a classification, the result of an assessment to determine that an item does exactly what it is supposed to do, nothing more and nothing less. • Something can be trusted if it behaves as expected. • Something is trustworthy if its behavior is predictable. The proponents of TC suggest that Trusted Computing promises to provide four crucial advantages: reliability, security, privacy, and business integrity. Thus, these guarantee a system that will be available when in need, that will resist any attack once protecting the system itself and the data, that will give the demanded privacy to the user, and finally that provides to businesses the ability to interact effectively with their customers. This proposition is extremely important in terms of CIs, since downtime or even a cyberattack can cause significant disruption of services with a long lasting wide impact, economic damage, and even loss of human life.

284

Y. Danidou

Also, TC will provide protection from viruses as check will be applied to all files trying to “enter” the system. This is to be done through structuring new applications that give new possibilities to the owners of computer systems and/or end users. One of them is that a TC system can detect files that are unauthorized, such as pirated software, or viruses, and delete them remotely. This means that TC could be used to restrict access to any suspicious file. This approach is not uncontroversial. Content-­ owning businesses may wish to prevent end-users doing particular things with files; and employers may wish to control employees’ ability to access and/or distribute information across corporate networks, and so support this functionality. CIs are highly interconnected and mutually dependent in many complex ways, both physically but also in a technological way through the exchange of information and communication technologies (ICT). This leads to the obvious conclusion that what happens in one infrastructure can directly or indirectly affect other infrastructures presenting a number of challenges and complexities (Rinaldi et al. 2001). Currently, TC is a composite of five main components: the ‘Fritz’ chip; a ‘curtained memory’ in the CPU; a security kernel in the operating system; a security kernel in each TC application; and a back-end infrastructure of online security servers. Safford stated that TC architecture supports two important security functions (Safford 2002a): • Secure storage of the key pairs generated, along with public key signatures, verifications, encryptions and decryptions; and • System software integrity measurement. Minimum functionality which is necessary to describe the properties that influence the trustworthiness of a computing environment is represented by Roots of Trust8 (Burmester and Mulholland 2006). There are three core Roots of Trust: • a root of trust for measurement (RTM) • a root of trust for storage (RTS) • a root of trust reporting (RTR). For any misbehavior within the system to be detected, all three Roots of Trust must be trusted. Roots of Trust are expected to function correctly without any external interactions. In conjunction with the Trusted Building Blocks (TBB), Roots of Trust achieve trust, while measurement, storage, and reporting are done with minimal configuration (Burmester and Mulholland 2006). TC aims to allow the computer user to trust his own computer and for third parties to trust that specific computer (Lipson 2002). Having said that CIs are interconnected and interdependent relying on ICT which are aimed to secure, TC seems like an excellent candidate to protect each information and technology system individually but also to allow other systems to trust it as well. TC tries to build complex dynamic trust networks “bottom up”,9 without central, let alone state, oversight, or control. In a related study, the author articulated that if social trust relations in complex modern societies  A Root of Trust is a hardware component to help protect viable configurations.  Using base elements to build up a larger system.

8 9

13  Trusted Computing Initiative on the Spectrum of EU Cyber-Security Legal…

285

also organize themselves in dynamic complex networks, and if security “travels along” the trust edges in this network—because people only trust those whom they can securely trust, those who are “trustworthy”—the result would be an environment with ubiquitous security, which is the ultimate aim of the TCI.10 It has been shown that the TC network will only work when in addition to security and techno-trust, also legally enabled social trust “runs along” the edges that connect the nodes of the network. That is, if for any two connected nodes in the TC network, the parties can trust each other in the computer science sense, and have as a fallback a shared trust in institutions that can apply legal sanctions; it has been argued that will get dynamic complex networks that are isomorphic to the communication network of the Internet (Danidou 2015). TC’s idea is to keep keys secret with the use of a digital encryption and signature device. In addition, it prevents identity theft and unauthorized access to personal data on the user’s own device, while connected to the internet or to any other network (Carroll et al. 2002). This makes the compromization of the crown jewels of any company, even harder for malicious intruders. Overall, what this platform provides to the user is: protection to personal data, to sensitive communications and to e-commerce transactions, from attack to either the system’s software or to a network’s software. TCG proposed a technology that makes use of four main features. Along with these, new hardware installation on existing PCs is required. These features can work individually, but can also work in conjunction with each other.

2.1  Memory Curtaining This refers to a “strong, hardware-enforced memory isolation feature” (Schoen 2003) to avoid reading and writing memory between several programs. In TC, the operating system should have access to this type of memory, so if an adversary enters the operating system it would not be possible for him to enter and interfere with any program and its memory. The advantages of using a hardware feature instead of software— which could operate in a similar fashion—are the: backwards compatibility; the reusability of code; and the fact that fewer changes need to be made to hardware drivers and application software (Burmester and Mulholland 2006).

2.2  Secure I/O This provides a secure hardware path from the keyboard or mouse (i.e., the user) to an application and vice versa. By doing this, none of the software programs will know what the user typed as a command or input to another program and how the application responded. Protection from physical attacks is provided and any 10

 See more in Danidou (2015).

286

Y. Danidou

programs that intentionally “corrupt, modify, or mislead the user, will be prevented from running or operating” (Burmester and Mulholland 2006).

2.3  Sealed Storage Until recently, any keys and passwords used by applications were stored locally on the hard-drive. This was not so secure, because keys could be accessible by any intruder or virus. Thus, it is important to ensure that only legitimate users can access these valuable and secret data. This is exactly what sealed storage does. It is characterized as “an ingenious invention that generates keys based in part on the identity of the software requesting to use them and in part on the identity of the computer on which that software is running” (Schoen 2003). Furthermore, sealed storage can cooperate with memory curtaining and secure I/O to ensure that a user’s data can be read on their computer, and only by the particular computer that were initially created on. If a different application than the one that was originally used to create the data tries to decrypt or unseal the data, the operation will end up in failure.

2.4  Remote Attestation This aims to allow “unauthorized” changes to software to be detected. It remotely traces any changes made to any application and allows a third party to decide whether the platform is considered trustworthy (Reid et al. 2003). This feature helps to prevent the sending of data to or from a compromised or untrustworthy computer and certifies that no unauthorized program installs, updates or that modifications are made in the hardware or software on the user’s machine. Moreover, “this allows an entity to authenticate the software configuration of a platform that is not under its control” (Reid et al. 2003). This is the most significant of all features mentioned. TCG provides protection to sensitive authentication information from attacks by hackers and this is achieved by providing protection to the user’s private key. In addition, by sealing the master encryption key under a TCG register, it is possible to protect a user’s sensitive files and data (Safford 2002b). By extending this analogy to critical infrastructures systems, the huge benefits that TC has to offer can be easily observed.

3  Privileged Access Management Privileged access management (PAM) is said to help the Operators of Essential services (OES) and digital service providers to respond to the compliance regulations laid out in the NIS directive (European Commission 2016). Security policies

13  Trusted Computing Initiative on the Spectrum of EU Cyber-Security Legal…

287

should be enforced for the prevention, detection and incident reporting. For PAM to work properly and comply with NIS, there should be tracking of all access and sessions by privileged users in the IT network, and should also provide the IT administrator with complete visibility of the access rights and activities done using the network, monitor internal and external access to the system and resources, real-time detection of malicious activity, and log traceability for audit reporting. TCG was formed as a result of the concerns on data exposure on systems; system compromise as part of software attack; and lack of methods to prevent identity theft (Berger 2005; TCG 2006). TC is an idea which has evolved from the need to address these issues with security solutions that will mitigate the risks and dangers; and help to increase data management and identity security. Furthermore, it aims to protect the software and data in computer platforms (servers, desktops, laptops, PDA’s, mobile phones, and many more) (Proudler 2005) from external attacks and physical theft and hopes to improve security for remote access. TC aims to add on computer hardware’s functionality to “enable entities with which the computer interacts to have some level of trust in what the system is doing” (Mitchell 2008). This protection is provided by implementing isolated execution environments where software and data will be protected from any interference—not just by third parties but also the owner of the computer. Trusted platforms provide such environments and define the applications that will be permitted to operate on selected data (Proudler 2005). TC also addresses the issue of privilege escalation by preventing access to parts of the system that are not needed for the operation of another—a security problem that has been observed in Windows operating systems. Privilege Escalation essentially means that a computer is only as secure as its weakest link. Once a bug or configuration oversight in one component was identified and the component taken over by an adversary, it was often possible to gain elevated access to resources that are normally protected from an application or user and thus control the entire machine. TC restores the ability to trust a computer by reducing this complex interaction—to be trusted, operations have to show that they are unhindered. Additionally, trusted platforms can offer assurances about their behavior both in hardware and software (Gallery 2008). As the author’s most recent research reveals, ‘Trust’ has different interpretations in different disciplines (Danidou 2015)—relevant for “techno-trust” is the definition of trusted systems according to RFC 2828 (Shirey 2000), and discussed further by Balacheff et al. (2000) and Mitchell (2008). Thus, Trusted Systems are systems that can be relied upon to perform certain security policies in an expected manner and in the sense of behavioral consistency: TC “refers to a computer system for which an entity has some level of assurance that (part or all of) the computer system is behaving as expected” (Mitchell 2008) for a particular purpose. The outcome ultimately would be to allow the user to ‘blindly trust’ his computer again, without a constant need for self-monitoring. A very concise account of how Trusted Systems give rise to trust networks was recently given by Rosinger and Beer within the project “Smart Nord”, which aims at providing a multi-agent infrastructure for the electric grid of the future. In this complex market, the relevant actors (electricity consumers, producers, storage facilities,

288

Y. Danidou

etc.) are represented by autonomous software agents (Rosinger et al. 2013). These agents coordinate their activities and thus can give rise to self-organizing alliances and conglomerates. In the process of forming coalitions, several factors need to be considered by the software to decide “whom to talk to”. One of them is the decision if another agent or machine can be trusted. The very same mechanism that will enable “benevolent” agents of consumers to build a coalition that then negotiates a bulk discount with a supplier can also be used to form a Denial of Service attack against that very supplier if the agents are malevolent or infected. A model of “trust” then becomes central for the attempt to ensure network security—TC as a security service. The core of the TCI hardware is the protocol that implements attestation, known as Direct Anonymous Attestation (DAA). From its name, the basic logic of the initially planned protocol is derived, which implied: • proof without a Trusted Third Party (TTP) involvement (Direct); • non-disclosure of the identity of the signer (Anonymous); • requirement of statement or claim from a TPM (Attestation). It is capable of “remotely prov[ing] that a key is held in some hardware device and provid[ing] a strong authentication combined with privacy protection” (Camenisch 2004). The DAA is standardized by the Trusted Computing Group and implements several applications, such as use of a cryptographic key for authentication of the OS as secure, secure access to networks and services, and ease of key management in companies.

4  Standards, Policy, and Regulation While the cyber threats landscape is fundamentally changing, a steep rise in hostile cyber intrusions and unauthorized network breaches is observed. In the face of this security storm, where EU’s infrastructure has also been affected, the cyber legal and regulatory landscape is rapidly evolving and is now found consistently at the top of political agendas. Efforts have been made to implement cyber-oriented laws and regulations while adapting to the new shifting environment. EU has admittedly committed into protecting the essential interests of its own security, to safeguard public policy and public security, and allowing the investigation, detection, and prosecution of criminal offenses. Moreover, the new EU cybersecurity package examines how to build EU resilience to cyberattacks, how to create effective EU cyber deterrence, and how to strengthen international cooperation on cybersecurity (European Commission 2018). EU aims for sustainable development are to develop quality, reliable, sustainable, and resilient infrastructure. In this vein, of combating cybercrime while boosting security, regulating the Internet through cybersecurity strategies, protecting networks and information systems, as well as data stored or processed on those systems; regimes like the Directive on Security of Network and Information Systems (NIS Directive) (European

13  Trusted Computing Initiative on the Spectrum of EU Cyber-Security Legal…

289

Commission 2016) and—the very much anticipated—General Data Protection Regulation (GDPR) (European Parliament 2016) have been adopted. Their importance to the economy and to the society has been acknowledged in direct relation to the increased security incidents that pose a major threat to network and information systems and to the Internet itself. Both GDPR and NIS are influential and of course valuable in terms of cybersecurity, containing security requirements and incident reporting obligations, and should be seen, as a positive opportunity to blow the wind of change. However, the NIS directive is focusing on essential services infrastructures that are depending on technology and attempts to ensure resilience to cyberattacks by including the requirement for prevention of incidents, while GDPR ensures confidence in processing personal data. NIS concentrates on the protection of the network and information systems in terms of security and acts to ensure confidence in technology. Essential services are observed to have lower level of cybersecurity capabilities and resilience, and NIS directive is a step taken forwards. Here comes the big question: how can essential services gather and consolidate all the security artifacts to leverage detection and prevention of incidents in the new IT environment? It is argued that the right mix for cyber resilience, is a combination of people, processes and technology. To elaborate more, this points out that even if you have the most secure system available, it is useless if an employee is sharing his passwords on phishing websites allowing third parties to attack the system. Moreover, here comes another important parameter—the one of education, not only for technical people, but also equally for non-technical people who however are involved in cybercrime one way or another, e.g. Law enforcement agency officers (LEAs). State of the Union Factsheet on cybersecurity has revealed that despite the growing threats, awareness and knowledge of cybersecurity issues is still insufficient and numbers show that 51% of EU citizens feel completely or not adequately informed on cyber threats while 69% of companies have no or basic understanding of their cyber exposure to cyber risks (European Commission 2017). Since different Member States have different degree of preparedness and cybersecurity maturity, bringing the Union—as a whole—at stake, the need for common EU-wide legislative tool imposing global minimum requirements and obligations— on both essential services operators and digital service providers—should be laid down targeting to coordinate prevention, detection, mitigation, and response to possible cyber attacks. In particular, the NIS directive is the first piece of EU legislation that aimed at improving cybersecurity throughout the Union, minimizing the asymmetry in the preparedness of EU Member States, and covering on one hand the operators of essential services (OESs), while on the other hand, digital service providers (DSPs). NIS has been adopted to overcome the lack of a common European framework, the fragmented participation into agreements at international or national level, and as a legal instrument to address the challenges of cybercrime and security in cyberspace, paving the way for stronger cooperation and dissemination of expertise between Member States (European Political Strategy Centre 2017). NIS is directing EU Member States to ratify their own laws and regulations internally while meeting other requirements as well. The digital infrastructure sector is the one

290

Y. Danidou

most effected and the three main initiatives discussed in the NIS directive are governance at national level, mandatory information sharing between Member States and reporting of incidents of significant impact. Although up to 2013 when the first version of NIS was proposed, the Directive of Electronic Communications was imposing security and reporting obligations on electronic communications providers for telecom providers and data controllers (European Commission 2009b), the NIS Directive of 2016 has extended the reporting obligation to all relevant public and private actors involved in essential infrastructures. In Article 14, the NIS directive requires OES and DSPs to: • take appropriate technical and organizational measures to secure their network and information systems; • take into account the latest developments and consider the potential risks facing the systems; • take the appropriate measures to prevent and minimize the impact of security incidents to ensure service continuity; and • notify the relevant supervisory authority of any security incidents having a significant impact on service continuity without undue delay (European Commission 2016).

5  Essential Operators Identification NIS calls Member States to transpose its requirements into national legislation and decide which operators will be categorized under the ‘essential services’ following specific criteria proposed by ENISA, creating a disparity in the operators between the States. The identification of Essential Services Operators (ESOs) should be re-­ evaluated by Member States, every two years. The diversity of interpretation may mean that NIS will not be applied to the same operators across the EU, which poses a significant problem to the overall consistency of the NIS application (BBVA 2016; Kaskina 2017; Kalis 2018). Moreover, NIS will neither be applied to small and medium enterprises (SMEs) nor to software and hardware manufacturers, therefore becoming the weakest link in the chain. Setting minimum security measures or reporting obligations has also been criticized since it may lead to companies becoming an easy target for cybercrime especially if they are not obliged to comply (BBVA 2016). Further, the broadness of this EU-wide approach is hesitantly seen by legal scholars, warning that since each Member State will set their own laws and regulations, it is expected that each ­individual Member State will comprehend and implement NIS in a different way—probably on a different level of strictness, lacking cybersecurity policy cohesion throughout EU, thus creating fragmentation, policy confusion and compliance problems, jeopardizing the NIS’s initial target (BBVA 2016; Joe Stanganelli 2018; Kalis 2018). This problematic selective targeting can be vanished using technologies like Trusted Computing (TC), where all companies will be under the same digital

13  Trusted Computing Initiative on the Spectrum of EU Cyber-Security Legal…

291

security standards and therefore, all will need to meet the same criteria to form a holistic secure system that will eventually minimize cybercrime.

6  Security Requirements and Incident Notification In an effort to increase cybersecurity awareness in the EU and to identify new vulnerabilities in a world of rapidly evolving cyberthreats, the Directive opens a channel for reporting even the smallest significant incidents11 “without undue delay”. Mandatory incident reporting for digital service providers and essential service providers (Art. 14 NIS Directive), will help to better identify the challenges within the sector and propose relevant mitigation measures based on facts and figures. Yet, it is considered a thorny and controversial requirement since it has an impact on the continuity of core services but also affects regulatory steps to be taken. Law enforcement authorities should be aware of any major incidents in essential services operators and digital service providers to tune the legal responses appropriately. It is imperative to note that for a case to follow the legal route, there should be investigation forensics and information sharing and coordination between the Member State authorities, the private sector, and other stakeholders. For an effective incident reporting mechanism, a permanent public-private dialogue should be maintained, and industry should be give the incentives to promote reporting. The reporting requirement has not been welcomed by the industry who fears that this carries the risk of reputational damage that will also affect consumer confidence. Critical infrastructures as interdependent which means that an incident in one sector will affect other critical sectors as well, possibly impacting their core activities. Further, it has been scrutinized that there is neither guidance on the overlapping reporting obligations in a number of authorities and under many categories of regulations, nor the fact of overlapping to various local or international regulators that can demand the same responsibilities between entities, trickle the effectiveness of the regulations and increase the economic cost and complexity for businesses and governments (BBVA 2016). The mandatory hands-on approach has been added in the NIS directive as it is believed to “bring the most effective security as resilience by incentivizing through obligations and sanctions” (Christou 2016). Devising the most practical way for incident reporting implementation and compliance, has been a brain teaser, to allow homogeneous reports between Member States. What also remains a challenge is the legality of these reports especially when incidents involve the use of personal data and should be used to enhance private and public companies’ collaboration. BBVA research report has suggested using internationally recognized standards certification to ensure all Member States are under the same cubit (BBVA 2016).

 The significance of an incident can be determined based on specific parameters Art. 16 (4) (European Commission 2016). 11

292

Y. Danidou

7  C  onsistent Mandatory Information Sharing Between National Authorities of Member States Digital Service Providers (DSPs), in the context of the NIS directive, are narrowed down to three categories: online marketplaces (excluding intermediary to third-­ party services), online search engines, and cloud computing services, which under the NIS directive, are required to ensure a secure and trustworthy digital environment throughout the EU.  Apart from benchmarking and best practices sharing, another initiative of the NIS, requests private and public field players to perform risk management and share information with the national NIS authorities and other involved actors, like CERTs, law enforcement agencies and industry, bridging the gap between these players and facing the complexity of cyber incidents and their mitigation. Many essential service operators are operated by private companies, or public-private partnerships (PPP), therefore EU and Member States should develop and adhere to public policies taking into consideration the diversity of actors introduced in the new cyber landscape at all levels (European Political Strategy Centre 2017). Information sharing is said to enhance best practices exchange between Member States and will boost CSIRT network and cooperation networks, ultimately raising awareness in the private sector and cultivating a culture in cybersecurity. In the EU, information-sharing networks covering critical infrastructures are still under development, while the demand for such networks is clearly rising. According to the Directive that encourages benchmarking, attention should be paid to preserve informal and trusted channels of information sharing between the market operators, and between the private and public sectors to maintain a sufficient protection across the EU (European Commission 2013b). Information sharing initiative has not been uncontroversial either since it has been argued that it could harm the public–private sector dialogue by imposing a top-down obligation to report (Christou 2016). Yet, it aims at improving the Internet security and private networks and information systems on which the digital society depends on. In the cases where incidents result in personal data breach or the information to be shared processes personal data in any way, then the GDPR should be considered in close cooperation with the Data Protection Authorities (DPA).

8  Conclusions Our era has been characterized by an extensive use of digital technologies and the Internet in our everyday tasks. The centralized nature of the Internet initiates a number of issues related to online safety, privacy, data protection, and cybercriminality. EU seems determined to improve its cybersecurity and resilience to attacks protecting in this way the economy, the critical infrastructures that affect the public policy and public security, and more generally, the well-being of the Member States and their core activities.

13  Trusted Computing Initiative on the Spectrum of EU Cyber-Security Legal…

293

New technologies used in critical infrastructures are based on the network structure, like Cloud computing and virtualization affecting severely essential infrastructures of Member States, sometimes even leading to collapse of interdependent infrastructures. It is significant for these technologies to be aligned with the EU frameworks for cybersecurity and strengthen the three main pillars of resilience, deterrence, and defense. It has been argued that these should incorporate security, trust, and privacy by design, and a step towards the success of a holistic system that promotes and assures these parameters is the Trusted Computing technology. The criticism that TC has gone through has been discussed earlier and the author has attempted a parallel read of the features of TC and how these are mirrored in the Critical Infrastructure reality and in the NIS directive provisions. TC—has been argued—is a possible way to confine cyberthreats while boosting security. Particularly, it has been argued that secure and interoperable interfaces among different critical infrastructures could be developed using the TC initiative to prevent from cascading effects. Moreover, in our view, if a convergence of safety and security standards could be established, since TC can offer standardization of some components, then it would be possible to achieve certifications; but most importantly, if technologies like TC are adopted by Critical Infrastructures, given the interdependencies that these present and the network trustworthiness, security, and privacy the TC can offer, then this would make TC the optimal trusted environment for more cyber-resilient critical infrastructures.

References Ab Manan J-L, Mubarak MF, Isa MAM, Khattak ZA (2011) Security, trust and privacy–a new direction for pervasive computing. Inf Secur:56–60 Amin M (2002) Security challenges for the electricity infrastructure. Computer (Long Beach Calif) 35:supl8–supl10. https://doi.org/10.1109/MC.2002.1012423 Andress J (2014) Cyber warfare techniques, tactics and tools for security practitioners, 2nd edn. Syngress, an imprint of Elsevier, Waltham Balacheff B, Chen L, Pearson S et al (2000) Computing platform security in cyberspace. Inf Secur Tech Rep 5:54–63. https://doi.org/10.1016/S1363-4127(00)87631-1 BBVA (2016) The Network and Information Security (NIS) Directive. Part 2 of 2. Digit Econ Outlook Belanger F, Hiller JS, Smith WJ (2002) Trustworthiness in electronic commerce: the role of privacy, security, and site attributes. J Strateg Inf Syst 11:245–270 Berger B (2005) Trusted computing group history. Inf Secur Tech Rep 10:59–62. https://doi. org/10.1016/j.istr.2005.05.007 Burmester M, Mulholland J (2006) The advent of trusted computing: implications for digital forensics. In: Proceedings of the 2006 ACM symposium on applied computing. ACM Press, Dijon, pp 283–287 Camenisch J (2004) Better privacy for trusted computing platforms. In: Samarati P, Ryan P, Gollmann D, Molva R (eds) Computer security  – ESORICS 2004. Springer, Heidelberg, pp 73–88 Carroll A, Juarez M, Polk J, Leininger T (2002) Microsoft Palladium: a business overview. Microsoft Press Release

294

Y. Danidou

CERT (2018) Vulnerability notes. https://www.kb.cert.org/vuls. Accessed 25 Jun 2018 Christou G (2016) Cybersecurity in the European Union Cm7234 (2007) The Government reply to the fifth report from the House of Lords Science and Technology committee Cm7642 (2009) Cyber Security Strategy of the United Kingdom safety, security and resilience in cyber space. 26 Cm7948 (2010) Securing Britain in an age of uncertainty: the strategic defence and security review Corn T (2017) A new era for critical infrastructure: IT Security. In: CSO – Resour. Data Secur. Exec. https://www.cso.com.au/article/621183/new-era-critical-infrastructure-it-security/. Accessed 25 Jul 2018 Danidou I (2015) Trusted computing or trust in computing?: legislating for trust networks. ProQuest Dissertations Publishing Dekker MAC (2013) Critical cloud computing – a CIIP perspective on cloud computing services. Eur Netw Inf Secur Agency 33 European Commission (2009a) Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions on Critical Information Infrastructure Protection. “Protecting Europe from large scale cyberattacks and disruptions: enhancing preparedness, security and resilience”. COM 149 Final European Commission (2009b) Directive 2009/140/EC of 25 November 2009 amending Directives 2002/21/EC, 2002/19/EC and 2002/20/EC. Off J Eur Union L 337:37–69 European Commission (2013a) Cybersecurity strategy of the European Union: an open, safe and secure cyberspace. European Commission European Commission (2013b) Proposal for a Directive of the European Parliament and of the Council concerning measures to ensure a high common level of network and information security across the Union. 0027: European Commission (2015) Cybersecurity. https://ec.europa.eu/digital-agenda/en/ cybersecurity#Article European Commission (2016) Directive (EU) 2016/1148 Of The European Parliament And Of The Council - of 6 July 2016 - concerning measures for a high common level of security of network and information systems across the Union. European Parliament and of the Council European Commission (2017) Factsheet State of the Union 2017 European Commission (2018) Joint communication to the European Parliament and the Council Resilience, Deterrence and Defence: Building strong cybersecurity for the EU European Parliament (2016) Regulation (EU) 2016/679 of the European Parliament and of the Council – of 27 April 2016 – on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDP). European Parliament and of the Council European Political Strategy Centre (2017) Building an effective European cyber shield. Eur Comm 16. https://doi.org/10.2872/955505 Eusgeld I, Nan C, Dietz S (2011) “System-of-systems” approach for interdependent critical infrastructures. Reliab Eng Syst Saf 96:679–686. https://doi.org/10.1016/J.RESS.2010.12.010 Farwell JP, Rohozinski R (2011) Stuxnet and the future of cyber war. Surviv Glob Polit Strateg 53:23–40 Gallery E (2008) Who are the TCG and what are the trusted computing concepts? TRUST2008 Gordon L, Loeb M (2002) The economics of information security investment. ACM Trans Inf Syst Secur 5:438–457. https://doi.org/10.1145/581271.581274 Gordon L, Loeb M (2006) Economic aspects of information security: an emerging field of research. Inf Syst Front 8:335–337. https://doi.org/10.1007/s10796-006-9010-7 Guadamuz A (2013) Networks, complexity and internet regulation scale-free law. The University of Edinburgh Homeland Security (2017) Risks to critical infrastructure that use cloud services Hunton P (2009) The growing phenomenon of crime and the internet: a cybercrime execution and analysis model. Comput Law Secur Rev 25:528–535. https://doi.org/10.1016/j.clsr.2009.09.005

13  Trusted Computing Initiative on the Spectrum of EU Cyber-Security Legal…

295

IWS (2018) World Internet Users Statistics and 2018 World Population Stats. https://www.internetworldstats.com/stats.htm. Accessed 25 Jun 2018 Pieter Kalis (2018) NIS Directive – update for the Netherlands – Leiden Law Blog. In: 31/01/2018. http://leidenlawblog.nl/articles/nis-directive-update-for-the-netherlands. Accessed 16 Jun 2018 Kaskina BB (2017) How the European Union is tackling cybersecurity: a look at the NIS directive. ITU News, 1–12 Kert M, Lopez J, Markatos E, Preneel B (2014) State-of-the-art of Secure ICT landscape King J (2017) Commissioner King’s speech at the EU Cybersecurity Conference “Digital Single Market, Common Digital Security 2017”, 15 September 2017, Tallinn, European Commission. https://ec.europa.eu/commission/commissioners/2014-2019/king/announcements/commissioner-kings-speech-eu-cybersecurity-conference-digital-single-market-common-digital-security_en. Accessed 28 Jun 2018 Kraemer S, Carayon P, Clem J (2009) Human and organizational factors in computer and information security: pathways to vulnerabilities. Comput Secur 28:509–520. https://doi.org/10.1016/j. cose.2009.04.006 Langner R (2011) Stuxnet: dissecting a cyberwarfare weapon. IEEE Secur Privacy 9:49–51. https://doi.org/10.1109/MSP.2011.67 Lessig L (1996) The zones of cyberspace. Stanford Law Rev 48:1403–1411 Lipson HF (2002) Tracking and tracing cyber-attacks: technical challenges and global policy issues Liveri D, Skouloudi C (2016) Exploring cloud incidents. Eur Netw Inf Secur Agency 1–14 Mackay M, Baker T, Al-Yasiri A (2012) Security-oriented cloud computing platform for critical infrastructures. Comput Law Secur Rev 28:679–686. https://doi.org/10.1016/J. CLSR.2012.07.007 Maglaras L, Drivas G, Noou K, Rallis S (2018) ICST Transactions Preprint NIS directive: The case of Greece Mitchell CJ (2008) What is trusted computing? In: Mitchell CJ (ed) Trusted computing. The Institution of Engineering and Technology (IET), London, pp 1–10 Mutz DC (2005) Social Trust and E-Commerce: experimental evidence for the effects of social trust on individuals’ economic behavior. Public Opin Q 69:393–416. https://doi.org/10.1093/ poq/nfi029 Office of Cyber Security and Information Assurance (OCSIA), Detica (2011) The cost of cyber crime. 28 Oppliger R, Rytz R (2005) Does trusted computing remedy computer security problems? IEEE Secur Priv 3:16–19. https://doi.org/10.1109/MSP.2005.40 Pagallo U (2015) Good onlife governance: on law, spontaneous orders, and design. In: The onlife manifesto. Springer, pp 161–177 Proudler G (2005) Concepts of trusted computing. In: Mitchell CJ (ed) Trusted computing. The Institution of Engineering and Technology (IET), London, pp 11–27 Proudler G, Dalton C, Chen L (2014) Trusted computing platforms: TPM2.0 in context, 1st edn. Springer Reid J, González Nieto JM, Dawson E, Okamoto E (2003) Privacy and trusted computing. In: Proceedings of the 14th international workshop on database and expert systems applications (DEXA’03). IEEE, Washington, pp 383–388 Rinaldi SM, Peerenboom JP, Kelly TK (2001) Identifying, understanding, and analyzing critical infrastructure interdependencies. IEEE Control Syst 21:11–25. https://doi. org/10.1109/37.969131 Rosinger C, Uslar M, Sauer J (2013) Threat scenarios to evaluate trustworthiness of multi-agents in the energy data management. EnviroInfo, pp 258–264 Russia US-CCU Special Report (2009) Overview by the US-CCU of the cyber campaign against Georgia in August of 2008. US Cyber Consequences Unit Safford D (2002a) Clarifying misinformation on TCPA. In: White Pap. http://www.research.ibm. com/gsal/tcpa/tcpa_rebuttal.pdf Safford D (2002b) The need for TCPA. http://www.research.ibm.com/gsal/tcpa/why_tcpa.pdf

296

Y. Danidou

Schneider FB (2000) Critical infrastructures you can trust: where telecommunications fits. Comput Sci Telecommun 1–29 Schneier B (2010) Security in 2020  – Schneier on security. https://www.schneier.com/blog/ archives/2010/12/security_in_202.html. Accessed 21 Jun 2018 Schoen S (2003) Trusted computing: promise and risk. Electronic Frontier Foundation Schoorman FD, Mayer RC, Davis JH (2007) An integrative model of organizational trust: past, present, and future. Acad Manag Rev 32:344–354. https://doi.org/10.5465/amr.2007.24348410 Shirey R (2000) RFC2828: Internet Security Glossary. RFC Editor Simon T (2017) Critical infrastructure and the Internet of Things. Cent Int Gov Innov Chatham House 46 Stanganelli J (2018) EU’s NIS Directive Compounding GDPR Burdens & Confusion – Security Now. In: 23/02/2018. https://www.securitynow.com/author.asp?section_id=613&doc_ id=740750. Accessed 16 Jun 2018 Tankard C (2011) Advanced persistent threats and how to monitor and deter them. Netw Secur 2011:16–19. https://doi.org/10.1016/S1353-4858(11)70086-1 TCG (2006) More secure computing. TCG Ten C-W, Manimaran G, Liu C-C (2010) Cybersecurity for critical infrastructures: attack and defense modeling. IEEE Trans Syst Man Cybern – Part A Syst Humans 40:853–865. https:// doi.org/10.1109/TSMCA.2010.2048028 The White House (2013) Executive Order 13636: improving critical infrastructure cybersecurity. Fed Regist 78:1–8 Varianou Mikellidou C, Shakou LM, Boustras G, Dimopoulos C (2017) Energy critical infrastructures at risk from climate change: a state of the art review. Saf Sci. https://doi.org/10.1016/J. SSCI.2017.12.022 Vermesan O, Friess P (2015) Building the hyperconnected society: Internet of things research and innovation value chains, ecosystems and markets. River Publishers Vespignani A (2010) Complex networks: the fragility of interdependency. Nature 464:984–985. https://doi.org/10.1038/464984a Yeung K (2008) Towards an understanding of regulation by design. In: Yeung K (ed) Regulating technologies: legal futures, regulatory frames and technological fixes. Hart, Oxford, pp 79–108 Yeung K, Dixon-Woods M (2010) Design-based regulation and patient safety: a regulatory studies perspective. Soc Sci Med 71:502–509 Zimmerman R (2004) Decision-making and the vulnerability of interdependent critical infrastructure. In: IEEE international conference on systems, man and cybernetics (IEEE Cat. No. 04CH37583). IEEE, pp 4059–4063 Zittrain J (2008) The future of the Internet and how to stop it. Yale University Press, New Haven

Part III

E-commerce and Online Consumer Protection

Chapter 14

Adopting a Smart Approach to EU Legislation: Why Has It Proven So Difficult to Introduce a Directive on Contracts for the Supply of Digital Content? Paula Giliker Abstract  In December 2015, the European Commission put forward a proposal for a directive providing a single set of rules covering contracts for the sale and rental of digital content and digital services: the Directive on contracts for the Supply of Digital Content (pDCD). At face value, this was a proposal that had much to commend it. It is a key part of the Commission’s Digital Single Market Strategy that aims to reduce barriers to trade and offer more opportunities for consumers and businesses to contract across European Union (EU) borders in a legal, safe, secure and affordable way, and deals with an area of law in which few Member States have to date legislated. It builds on earlier directives (notably the Consumer Sales Directive 1999/44/EC) and seeks to provide for the particular needs of the digital marketplace. This chapter will examine why, then, it has proven so difficult to introduce. Suggestions for change and amendments have come from academics, consumer and business groups, and practitioners and we have seen strong differences of opinion between the European Parliament and Council of the EU. The saga of the pDCD is one that takes us into EU consumer and private law policy and highlights the real difficulties of legislating in the digital age. Although Directive 2019/770/EU on Contracts for the Supply of Digital Content and Digital Services (DCSD) was finally brought into force in June 2019, this chapter seeks to identify lessons that may be learnt from the troubled journey of the pDCD towards legislative approval.

P. Giliker (*) University of Bristol, Bristol, UK e-mail: [email protected] © Springer Nature Switzerland AG 2020 T.-E. Synodinou et al. (eds.), EU Internet Law in the Digital Era, https://doi.org/10.1007/978-3-030-25579-4_14

299

300

P. Giliker

1  Introduction On 9 December 2015, the European Commission tabled a proposal for a directive on contracts for supply of digital content to consumers (pDCD or Directive).1 The proposal is for a single set of rules covering contracts for the sale of digital content (i.e. when consumers buy music, films, e-books or applications), for rental of digital content (i.e. when consumers watch a movie online, but do not download a copy), as well as contracts for digital services (i.e. cloud computing and social media). Such a proposal has much to commend it. It is part of the Commission’s Digital Single Market Strategy that aims to reduce barriers and offer more opportunities for consumers and businesses to contract across European Union (EU) borders in a legal, safe, secure and affordable way.2 Such steps, in the Commission’s estimation, could contribute €415 billion per year to economic growth, boosting jobs, competition, investment and innovation in the EU.3 It is also consistent with the Commission’s 2018 New Deal for Consumers strategy4 which expressly acknowledged that the digital contracts proposals are “a central element of the Digital Single Market strategy aiming to modernise consumer contract rules for the supply of digital content.”5 The Commission therefore urged that: Considering the importance of these proposals in order to provide consumers with clear and effective rights when accessing digital content and to ensure that both consumers and businesses can rely on uniform and effective rules across Europe, … the European Parliament and the Council … ensure the rapid adoption of these proposals.

One of the reasons for urgency on this matter is that rules on the supply of digital content are generally absent in European private law systems. While the United Kingdom chose to legislate in this area in the Consumer Rights Act 2015,6 it is unique in this respect. Ireland, which had intended to follow the lead of the UK and had drafted its own Consumer Rights Bill, put this on hold when the 2015 proposal was introduced.7 Other States such as Germany and the Netherlands have extended the scope of existing contract rules to include sale of digital content, but States such as France and Poland have at present no explicit rules relating to the supply of digital content. There is therefore a gap (a) which needs to be filled in this fast-moving area of law (the Commission has found that the value of retail e-commerce in the  Proposal for a Directive of the European Parliament and of the Council on certain aspects concerning contracts for the supply of digital content COM (2015) 634 final. 2  Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions: A Digital Single Market Strategy for Europe, COM (2015) 192 final. 3  https://ec.europa.eu/commission/priorities/digital-single-market_en. 4  Communication from the Commission to the European Parliament, the Council, and the European Economic and Social Committee: A New Deal for Consumers, Brussels, 11.4.2018 COM (2018) 183 final. 5  Ibid., p. 2. 6  See Giliker (2017a), Willett (2018) and Samuels (2016). 7  Kelly (2018). 1

14  Adopting a Smart Approach to EU Legislation: Why Has It Proven So Difficult…

301

European Union grew by 13.4% in 2014 reaching a total of €370 billion8), (b) where both businesses and consumers would benefit from greater certainty and clarity of their respective rights and (c) where, unusually, there is limited potential to clash with domestic law in that it does not generally exist. The main exception to (c)—the United Kingdom—obviously becomes of limited relevance in the light of Brexit. The Commission reported in 2015 that at least 70 million consumers had experienced one or more problems with just four popular types of digital content (music, anti-virus, games and cloud storage) over the last 12 months and yet only 10% of consumers experiencing problems received remedies. As a result of these unresolved problems, consumers in the EU have suffered financial and non-financial detriment estimated at around €9–11 billion.9 Businesses equally are being affected by consumer reluctance to incur the risks of contracting online; the Commission estimating that if consumers were reassured it could create a market of up to 70 million online cross-border buyers.10 Why, then, did it take until 2019 for the Council of the EU to announce that agreement had been reached on the text of the Directive? If there is a need for law in this area, obvious benefits to consumers, little or no conflict with the private law provisions of individual Member States, what, then, was the reason for this delay? The tale of the pDCD is one that takes us into EU consumer and private law policy and highlights the real difficulties of legislating in the digital age. With Directive 2019/770/EU on certain aspects concerning Contracts  for the Supply of Digital Content and Digital Services (DCSD) finally coming into force on 11 June 2019, it is timely to reflect on what lessons can be learnt from the delays and debates in this particular area of law. Why has it proven so hard to legislate on contracts for the supply of digital content?

2  W  hat Are Contracts for the Supply of Digital Content and Why Is Legal Intervention Needed? The case for legal intervention in this area of law is hard to dispute. Indeed, it is difficult to identify a clearer example where an agreed framework at a European level would be advantageous to deal with a situation affecting every EU state where consumers need greater protection and businesses greater clarity. It is also an area of contract law that is under-developed and under-theorised.11 Traditional codified systems of contract law inevitably struggle to respond to the demands of new  Communication from the Commission to the European Parliament, the Council and the European Economic and Social Committee, Digital Contracts for Europe—Unleashing the potential of e-commerce, COM (2015) 633 final. 9  European Commission, ‘EU Fact Sheet: Digital Contracts for Europe’ (December 2015), p. 2. 10  Ibid. 11  Although the proposed Directive has encouraged literature in this field, see, for example, Schulze et al. (2017), de Franceschi (2016), Grundmann (2017) and Claeys and Terryn (2017). 8

302

P. Giliker

technology,12 raising fundamental issues such as how to classify such contracts—is “data” a product? Is “cloud computing” which permits the consumer to access the supplier’s server via the internet a service or even a rental contract?—what standards of performance are expected and indeed what remedies are appropriate? Remedies honed to respond to the sale of physical (tangible) items do not necessarily translate well into the digital marketplace. Further, it is often unclear whether these new forms of contracting fall within existing legislation.13 The Product Liability Directive 85/374/EEC14 provides a good example of the issues that can arise. Art. 2 of this directive defines a product under the directive as a “moveable”— a term familiar to all civil lawyers, traceable to Roman law, and not wholly unfamiliar to common lawyers. When applied, however, to software and intellectual property generally, there has been confusion; Fairgrieve reporting that in Belgium legislation expressly excludes intangible products from its implementation of the directive, while in other jurisdictions the courts have settled that the product in question must be a material item.15 The point is that the language of Roman law is ill-­ placed to categorise forms of contracting in the twenty-first century. As Howells, Twigg-Flesner and Wilhelmsson commented recently: A subject and body of legislation formed in the era of the development of mass consumer markets for cars and white goods is developing fast and being driven by increased consumer affluence and technological developments. The service sectors are growing, and the digital revolution is likely to spawn both new products and new ways of delivering them. This is the ideal time to review the development of EU consumer law to check that its fundamental values are fit for purpose.16

The very breadth of the term “digital content” that covers a wide range of items ranging from the download of music, films, apps, e-books and games, to matters such as cloud storage and social media services, on-line games, pay-per view access to films and so on highlights the scale of the problem and the need to provide both businesses and consumers with a legal framework which reflects the distinctive needs of this market. The Commission Digital Single Market initiative thus provides the ideal basis to move forward, building on the first steps taken in this direction in the Consumer Rights Directive 2011/83/EU (CRD) that expressly acknowledged that contracts for the supply of digital content should fall within its

 Of the particular problems raised by digital content contracts, see Helberger et al. (2013) and Loos et al. (2011). 13  See, for example, the points raised in Bradgate (2010). 14  Council Directive 85/374/EEC of 25 July 1985 on the approximation of the laws, regulations and administrative provisions of the Member States concerning liability for defective products OJ L 210, 7.8.1985, pp. 29–33. 15  Fairgrieve (2019), pp. 38–40. 16  Howells et al. (2018), p. 1. 12

14  Adopting a Smart Approach to EU Legislation: Why Has It Proven So Difficult…

303

scope.17 Art. 2.1 of the pDCD defines “digital content” even more broadly than the CRD to include data and services.18

3  The 2015 Initiative: A Step Forward? On 9 December 2015, proposals for two new directives were published with the aim to harmonise key aspects of contract law relating to online and distance sale of goods contracts and contracts for the supply of digital content. (i) The first, and the focus of this chapter, concerned business to consumer contracts for the supply of digital content (the proposed Supply of Digital Content Directive [pDCD]).19 This covers both digital goods and digital services. (ii) The second proposal dealt with consumer contracts concerning the online and other distance sale of goods (the proposed Online Sale of Goods Directive [pOSG]).20 Both measures involved maximum harmonisation and sought to ensure that t­raders in the Internal Market are not deterred from cross-border trading by differences in mandatory national contract laws, while providing consumers with a higher level of protection. It was the pOSG that proved the more controversial proposal. This was always likely to be the case. The law relating to sale of goods is already highly regulated at national level, with additional EU intervention.21 Any new measures were therefore likely to give rise to friction and contradiction with rules at a national level; a factor accentuated by making the directive one of maximum harmonisation. Further, the decision to confine intervention to distance contracts proved unpopular with  Directive 2011/83/EU of the European Parliament and of the Council of 25 October 2011 on consumer rights, OJ L 304, 22.11.2011, pp. 64–88, recital 19. It also attempted a definition of digital content as “data which are produced and supplied in digital form, such as computer programs, applications, games, music, videos or texts, irrespective of whether they are accessed through downloading or streaming, from a tangible medium or through any other means”: recital 19. See also Art. 2(11), CRD. 18  Art. 2.1, pDCD: “(a) data which is produced and supplied in digital form, for example video, audio, applications, digital games and any other software, (b) a service allowing the creation, processing or storage of data in digital form, where such data is provided by the consumer, and (c) a service allowing sharing of and any other interaction with data in digital form provided by other users of the service.” 19  Proposal for a Directive of the European Parliament and of the Council on certain aspects concerning contracts for the supply of digital content Brussels, 9.12.2015, COM (2015) 634 final. 20  Proposal for a Directive of the European Parliament and of the Council on certain aspects concerning contracts for the online and distance sales of goods Brussels, 9.12.2015 COM (2015) 635 final. 21  Notably the Consumer Sales Directive 1999/44/EC of the European Parliament and of the Council of 25 May 1999 on certain aspects of the sale of consumer goods and associated guarantees, [1999] OJ L 171/12. 17

304

P. Giliker

b­ usinesses which deal with customers both face-to-face and online. It was also likely to be confusing to consumers faced with different rules depending on the mode of contracting. In October 2017,22 the Commission amended the pOSG to extend its scope to include face-to-face sales contracts, responding to concerns that it would prove unworkable in relation to businesses that used more than one channel for sales (omni-channel distributors).23 The amended directive (pSGD) sought to provide coherent rules for all sales of goods contracts for the benefit of both businesses and consumers and to avoid legal fragmentation that would result from the application of different regimes depending on how the goods were sold. In view of an overlap with the Consumer Sales Directive 1999/44/EC (CSD), previously subject to a Regulatory Fitness and Performance Programme (REFIT) Check,24 it was i proposed that the 1999 Directive would be repealed.25 In contrast, the reaction to the pDCD was generally warm. This is not surprising given its aim to bring certainty and clarity to an area of contracting to which many modern systems of contract law have been slow to respond, if at all. Nevertheless, this did not prevent an active debate as to its precise content. Looking at the basic structure of the pDCD, we can identify four main characteristics26: • For a digital contract to be included in its scope, it must either provide for a price to be paid by the consumer, or the consumer must provide personal data or other data in exchange (Art 3);27 • With regard to criteria for determining the conformity of the businesses’ performance, the Directive gives preference to the text of the contract over objective criteria for assessing quality (Art. 6);

 Amended proposal for a Directive of the European Parliament and of the Council on certain aspects concerning contracts for the online and other distance sales of goods, amending Regulation (EC) No 2006/2004 of the European Parliament and of the Council and Directive 2009/22/EC of the European Parliament and of the Council and repealing Directive 1999/44/EC of the European Parliament and of the Council, Brussels, 31.10.2017 COM (2017) 637 final—2015/0288 (COD). 23  For criticism, see Smits (2016) and Beale (2016b). See also Remáč (2016). 24  European Commission Staff Working Document, Report of the Fitness Check on Directive 1999/44/EC of the European Parliament and of the Council of 25 May 1999 on certain aspects of the sale of consumer goods and associated guarantees, Brussels, 23.5.2017, SWD(2017) 209 final. 25  There is, however, no overlap with the Consumer Rights Directive 2011/83/EU (CRD)—the intention is that the pSGD will supplement the CRD and that they will function in a complementary manner. The CRD mainly includes provisions on pre-contractual information requirements, the right of withdrawal from distance and off-premises contracts and rules on delivery of goods and passing of risk, while the pSGD lays down rules on the conformity of the goods with the contract, the remedies available to consumers in the event of a lack of conformity and the modalities for the exercise of those remedies. 26  See also Art. 1 that defines the subject matter of the Directive. 27  Art. 3(1): “This Directive shall apply to any contract where the supplier supplies digital content to the consumer or undertakes to do so and, in exchange, a price is to be paid or the consumer actively provides counter-performance other than money in the form of personal data or any other data.” The directive, therefore, does not apply to digital content provided free of charge. 22

14  Adopting a Smart Approach to EU Legislation: Why Has It Proven So Difficult…

305

• The Directive introduces a “hierarchy of remedies”, meaning that the consumer may not terminate the contract and demand a refund upfront, but must give the business a “second chance” (Art. 12); • While the right to terminate is limited, rules do exist for termination of the contract immediately when the supplier failed to supply the digital content28 and for the termination of long-term (over one year) contracts for the supply of digital content (Arts. 11 and 16). Art. 4 of the pDCD provides that it will be a maximum harmonisation measure with Member States not able to maintain or introduce provisions diverging from those laid down in this Directive, including more or less stringent provisions. The aim is to provide a set of harmonised contract law rules which will make it easier for businesses to offer digital content cross-border, while consumers will benefit and gain confidence from a set of clear rights that address the problems they face with contracts for the supply of digital content. The pDCD is not, however, engaging in full harmonisation. It leaves to national law issues such as the formation and validity of contracts, the legality of the content and related issues such as the obligations of the consumer towards the supplier of digital content and the laws governing limitation or prescription periods.29 It also does not determine whether the contract will be considered as sales, services, rental or sui generis contract, leaving this to Member States (despite recognising this as a specific problem creating uncertainty in its Explanatory Memorandum).30 The aim, therefore, is to focus on a specific problem: the absence of a clear remedial framework for consumers raising matters of non-conformity and failure to supply under contracts for the supply of digital content. Art. 6(1) focuses on the quantity, quality, duration, version, functionality, interoperability and other performance features such as accessibility, continuity and security—qualitative standards attuned to the needs of digital contracts—in addition to more traditional concerns of being fit for any particular purpose for which the consumer requires it. Remedies equally take account to a certain extent of the particular needs of digital content, although the starting point is the hierarchy of remedies found in the CSD: in the case of a lack of conformity with the contract, the consumer shall be entitled to have the digital content brought into conformity with the contract free of charge, unless this is impossible, disproportionate or unlawful.31 The right to terminate is limited, as

 Art. 5(2) provides that the supplier shall supply the digital content immediately after the conclusion of the contract, unless the parties have agreed otherwise. 29  See Art 3(9) pDCD. These are not inconsiderable gaps, although contract is defined at Art. 2(7). Such matters would seem to be excluded to reduce intrusion into national contract law. Note also that Art. 3 excludes certain specified types of contracts which are regulated elsewhere. 30  Mak (2016) argues that this is likely to lead to fragmentation and confusion, especially for consumers and SMEs. She recommends that the rules should be transposed into national laws as a separate set of rules for digital content contracts, similar to the approach taken in the UK Consumer Rights Act 2015: pp. 12–13. See also Lehmann (2016), p. 767. 31  Art. 12(1) pDCD. 28

306

P. Giliker

­indicated above,32 but when available, Art. 13 makes express provision for the measures needed when ending a contract for digital content, particularly where the consumer has provided personal data to the supplier. Art. 16 also provides for a new right to terminate in relation to long term contracts33 with the consumer entitled to terminate the contract any time after the expiration of the first 12 months period. Art. 14 further provides for a rather ill-defined action for damages for “any economic damage to the digital environment of the consumer caused by a lack of conformity with the contract or a failure to supply the digital content.” Given this clear framework, why, then, has agreement on these provisions proven so difficult to achieve?

4  Legislating on New Technology: Lessons To Be Learnt This section will identify four main reasons why the introduction of the pDCD has been delayed and seek to draw out lessons to be learnt from this experience. Two crucial developments post-2015 must first be noted: (1) On 8 June 2017, the Council of the EU (Council) adopted a position on the Directive setting out new rules for business-to-consumer contracts for the supply of digital content and digital services.34 This was a response to debates both internally (within the European Parliament and Council) and externally (input from academics/practitioners/interest groups). A compromise text was proposed to establish “a well-balanced regime of a high level of consumer protection and the creation of a business-friendly environment for EU entrepreneurs … [and to provide] for a delicate balance between the different positions of Member States.”35 (The 2017 General Approach). (2) On 29 January 2019, Council and European Parliament negotiators agreed on a compromise package which would include both the pDCD and the pSGD. (The 2019 Compromise Package).36 This followed negotiations started in December

 See also Arts. 12(3) and (5) pDCD limiting right to terminate for non-conformity.  Defined as where the contract provides for the supply of the digital content for an indeterminate period or where the initial contract duration or any combination of renewal periods exceed 12 months: Art. 16(1). 34  https://www.consilium.europa.eu/en/press/press-releases/2017/06/08/contracts-for-digital-contentsupply/. 35  Proposal for a Directive of the European Parliament and of the Council on certain aspects concerning contracts for the supply of digital content (First reading)—General approach, Interinstitutional File: 2015/0287 (COD), Brussels, 1 June 2017, p. 3. 36  Proposal for a Directive of the European Parliament and of the Council on certain aspects concerning contracts for the supply of digital content—Confirmation of the final compromise text with a view to agreement, Interinstitutional Files: 2015/0288(COD) 2015/0287(COD), Brussels, 1 February 2019. 32 33

14  Adopting a Smart Approach to EU Legislation: Why Has It Proven So Difficult…

307

2017, which, from December 2018, included the related proposal for the pSGD.37 While I do not have the space here to go through all the suggested changes to the pDCD, some of which merely involved clarification38 and some which did not survive to the final version, in this section I will highlight key points of tension and why they led to delays. Four issues, in particular, stand out which will be examined below. These offer both an indication of the difficulties which the pDCD has faced in its path towards legislation and matters which are of more general relevance in drafting legislation in EU private law.

4.1  B  eware of the Company You Keep: The Impact of the (Online) Sale of Goods Directive When adopting a proposal for a directive on the supply of digital content on 9 December 2015, the Commission simultaneously adopted a second proposal: on the online sale of goods. Collectively, these were seen as part of the Digital Market Strategy pillar to ensure better access for consumers and businesses to online goods and services across Europe, tackling legal fragmentation in the field of consumer contract law and low consumer trust when buying online from another Member State.39 The pDCD was not, therefore, intended to be regarded in isolation, but as part of a series of measures, including the pOSG. This has led to two related problems which have delayed the progress of the Directive. First, there is a crucial overlap between goods sold online and contracts for the supply of digital content. Consider, for example, the purchase of a DVD or a smart phone—are they goods or contracts for the supply of digital content? (The internet of things, indeed, takes this a step further with more objects and devices connected to digital networks than ever before.40) The terms of the directives are not identical and so demarcation matters. The Commission intended that the pDCD would apply to all digital content, independently of the medium used for its transmission. It would include the supply of digital content whether transmitted on a durable medium, downloaded by consumers on their devices, web-streamed, allowed access to storage capabilities of digital content and content accessed by use of social media. It would thus extend to: … goods such as DVDs and CDs, incorporating digital content in such a way that the goods function only as a carrier of the digital content. The Directive should apply to the digital  The Joint IMCO and JURI committee approved the provisional agreement on 20 February 2019.  For example, inserting the term “digital services” into the title of the directive to make it more obvious that it covers both services and digital content; replacing the word “supplier” with “trader”. 39  See European Commission, Consumer Conditions Scoreboard (2017 edition). 40  Bunz and Meikle (2017), Weber and Weber (2010) and Wendehorst (2017). The internet of things is not, however, included in the proposal. 37 38

308

P. Giliker

content supplied on a durable medium, independently whether it is sold at a distance or in face-to-face situations, so as to avoid fragmentation between the different distribution channels.41

This leads, however, to a complicated distinction: … this Directive should not apply to digital content which is embedded in goods in such a way that it operates as an integral part of the goods and its functions are subordinate to the main functionalities of the goods.42 (An example is given of data storage in a car).

Such an approach contrasts with that of UK legislation that deals with goods, services and supply of digital content within one piece of legislation. Section 16 of the Consumer Rights Act 2015,43 makes it clear that CDs and DVDs, which most consumer would assume would be subject to the general protection for sale of goods, are, in fact, subject to this regime. A distinction, then, is drawn between goods, and digital content supplied in tangible form, for example on a disk or preloaded onto a device such as a phone or tablet, which would fall within the digital content provisions. The technical distinction found in the pDCD is one unlikely to prove popular with consumers and was particularly egregious when the sale of goods protection envisaged was confined to online sales with different protection again for face-to-­face contracts. In amending the pOSG in 2017 to cover all types of sale of goods contracts,44 the intention was that the revised proposal (pSGD) would, together with the pDCD, contribute to unleashing the potential of the Digital Single Market, with the amended proposal being a very important part of this package as the sales of goods represents more than 80% of the total cross-border trade.45 Yet, in so doing, the Commission caused a further delay towards implementation of the pDCD. In revising the now pSGD and creating an ongoing debate as to its content, the pDCD was likely to be caught in the cross-fire. In being linked, therefore, to a controversial proposal, the fate of the pDCD was to a certain extent entwined with the ability of the Commission to provide a proposal for sale of goods legislation that would receive approval. Could the pDCD have gone alone? This, indeed, was contemplated at one stage and commentators have speculated whether the decision in 2015 to split the proposals between two directives was in itself a tactical consideration designed to ensure that at least one of them would pass should the other be rejected by the Council.46 Yet, the demarcation question continues to haunt these proposals. While the European Parliament at one time favoured including digital content embedded in a good within the pDCD, with the good itself (the hardware) governed by the pSGD,  Recital 12, pDCD.  Recital 11, pDCD (emphasis added). For criticism, see Sein (2017). 43  S.16(1)(a) Consumer Rights Act 2015: Goods include an item that includes digital content. The Act thus allows for “mixed contracts”. See, further, Giliker (2017b), pp. 121–122. 44  Amended Proposal for a Directive on contracts for the online and other distance sales of goods COM(2017) 637 final. 45  Impact assessment accompanying the digital contracts proposals, SWD (2015) 274 final, p. 5. 46  Lehmann (2016), p. 771. 41 42

14  Adopting a Smart Approach to EU Legislation: Why Has It Proven So Difficult…

309

Council in 2017 took an opposing view. In its General Approach, Council asserted its view that embedded digital content should be excluded from the pDCD. This, it now defined, as “digital content forming part of a good in a way that such good would be inoperable or would be prevented from performing its main functions in the absence of such digital content.”47 The 2019 Compromise Package indicates agreement that products with a digital element (for example, smart fridges) would be regulated only through the sale of goods directive. In recitals 12–12(a) and 20, it clarifies that to meet the expectations of consumers and ensure a clear-cut and simple legal framework for suppliers of digital content, the pDCD would apply: • To digital content which is supplied on a tangible medium, such as DVDs, CDs, USB sticks and memory cards, as well as to the tangible medium itself, provided that the tangible medium functions only as a carrier of the digital content. The pSGD should apply to contracts for the sale of goods, including goods with digital elements (that is, goods that incorporate or are inter-connected with digital content or a digital service in such a way that the absence of that digital content or digital service would prevent the goods from performing their functions). This will cover goods such as smart TVs and smart watches. • Where digital content or digital services are combined with the provision of goods or other services and offered to the consumer within the same contract comprising a bundle of different elements (bundle contracts), for example, the provision of digital television and the purchase of electronic equipment, the pDCD should only apply to the elements of the overall contract which consist of the supply of digital content or digital services. The other elements of the contract should be governed by the rules applicable to those contracts under national law or, as applicable, other Union laws governing a specific sector or subject matter. One might express doubts whether these rather complicated provisions resolve all the issues raised in this section.

4.2  H  ow Innovative Do You Want To Be? The Problem of Engaging with New Technology This takes me to the second issue which has arisen in this context: innovation. The Directive seeks to cater for fast technological developments, take account of the nature of digital content, and meet the expectations of consumers, while ensuring a clear-cut and simple legal framework for suppliers providing measures which are future-proof.48 Nevertheless, as Merdi has noted, the pDCD and pOSG were put forward in 2015 as “modified” proposals to replace the earlier proposal for a 47 48

 2017 General Approach (n 35), p. 5.  See, for example, Recitals 11 and 12 to pDCD.

310

P. Giliker

Common European Sales Law (CESL).49 Thus, looking at the pDCD, we can see that it remodels to a certain extent the sales of goods provisions in CESL and the CSD, focussing on non-conformity and remedies for non-conformity.50 This has not, however, been wholly successful. Commentators have noted that the supply of digital content may raise issues beyond those normally found in sale of goods contracts. A simple example may be found in Art. 3 of the pDCD. This recognises the value of personal data as a form of payment in modern business practice,51 but has given rise to questions as to which types of personal data it covers,52 and to what extent there may be a potential conflict with the EU’s own data protection legislation, notably the General Data Protection Regulation.53 The revised form of Art. 3 in the 2019 Compromise Package again struggles to find a form of wording which succinctly resolves this problem.54 There is a danger, therefore, of paying insufficient attention to the nature, value and potential abuse of data and the fact that personal data is regulated elsewhere.55 Hoekstra and Diker-Vanberg observe that the origins of the initiative prove in practice a weakness with a failure to focus on the particular context of digital contracts.56 By seeking to engage with new forms of exchanges, the pressure mounts on the legislator to produce legislation which is reflective of market practices and consider other forms of regulation (notably those which derive from the EU itself!) Further examples of the difficulties of drafting provisions based on traditional sale of goods law principles but adapted to new technology may be found, but the  Prastitou Merdi (2017), p. 126. See also Grundmann and Hacker (2017) who, at p. 289, describe the directives as “a continuation of the Common European Sales Law (CESL) with other means, and with a different scope.”. See Proposal for a Regulation of the European Parliament and of the Council on a Common European Sales Law COM (2011) 635 final. 50  Lehmann (2016), for example, comments that the provisions of the pDCD at times simply paraphrase the rules of the Consumer Sales Directive: at 759–760. CESL made express provision for criteria for conformity of goods and digital content: Art. 100. 51  Contrast the UK Consumer Rights Act 2015 (s.33(1),(2)) which chose to avoid this issue entirely, but has been criticised as out of tune with modern forms of contracting: see Mak (2016), p. 10. See also Schulze and Staudenmayer (2016), p. 32: personal data is increasingly becoming a substitute currency. 52  Spindler (2016), pp. 191–194. He noted that the scope of application regarding digital content provided in exchange for data was not defined in a precise way and could lead to practical problems in interpretation. 53  Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data OJ 4.5.2016 L 119/1. Note, for example, comments by the European Data Protection Supervisor in March 2017: Option 4/2017, Document 7369/17. 54  Article 3(1): “This Directive shall also apply where the trader supplies or undertakes to supply digital content or a digital service to the consumer and the consumer provides or undertakes to provide personal data to the trader, except where the personal data provided by the consumer is exclusively processed by the trader for supplying the digital content or digital service in accordance with this Directive or for the trader to comply with legal requirements to which the trader is subject, and the trader does not process this data for any other purpose.” 55  Grundmann and Hacker (2017), pp. 289–291. 56  Hoekstra and Diker-Vanberg (2019). 49

14  Adopting a Smart Approach to EU Legislation: Why Has It Proven So Difficult…

311

key point here is that the two approaches do not mix well. Seeking to provide “future proof” legislation, while adapting core principles from the CSD and CESL, was always going to be problematic and so it proved to be. It begs the fundamental question whether the methodology underlying the Directive is, in fact, flawed and the Commission should, in fact, have taken more time to focus on how to legislate in this area of law rather than opting for the quick and, at face value, easier option of simply adapting pre-existing legislative proposals to this new context. Innovation is not easy and short-cuts rarely prove to be satisfactory in practice.

4.3  C  onsumer Protection and Maximum Harmonisation: A Match Made in Heaven? The pDCD then represented an attempt at a compromise: a traditional focus on conformity and consumer remedies, but one attuned to the question of digital content. In so doing, it sought to provide a high level of consumer protection with maximum harmonisation ensuring that consumer rights are available at the same level across all Member States. Yet, maximum harmonisation comes at a price—it precludes Member States from providing any greater or lesser protection than that stated in the Directive. There is a danger, then, that in “capping” consumer protection, some consumers might be left with less protection than currently exists in their Member State. Three particular measures would seem to leave the Commission open to accusations of reducing consumer protection: • Art. 6 that gives preference to the text of the contract over objective criteria for determining the conformity of the businesses’ performance • Art. 14 giving a right to damages for economic damage to the digital environment of the consumer caused by a lack of conformity with the contract or a failure to supply digital content. • Arts. 11–16. restricting the ability of Member States to permit termination of the contract. Article 14 can be dealt with straightaway. As a maximum harmonisation measure governing damages for economic loss in this specific context, arguably it prevents Member States from permitting recovery for consequential loss.57 In the face of criticism, such a provision was soon abandoned in the 2017 General Approach. Art. 6 on conformity seeks, as stated above, to provide provisions suited for digital content. Controversially, however, it provides at Art. 6(2) that an objective approach to conformity would only apply to the extent that the standards of quality, duration, functionality, etc. are not stipulated in a clear and comprehensive manner by the parties to the contract. In other words, priority is given to contractual autonomy. Spindler has argued that, faced with a test that makes no attempt to benchmark 57

 See Beale (2016a), pp. 22–24; Mak (2016), pp. 26–27.

312

P. Giliker

the reasonable expectations of consumers, it is unlikely that Art. 6 pDCD would actually improve the level of consumer protection for digital content in that it leaves the contract’s content almost entirely to parties’ individual stipulations and consumers vulnerable to disadvantageous provisions in standard term contracts.58 The assessment by the European Law Institute in 2016 agreed: This would allow the trader to set its own minimum standard in the terms and conditions, provided that the terms are in plain and intelligible language. Consumers are most unlikely to read the terms and conditions before making the contract, so they may not notice that what is to be supplied may be of a much lower standard than the consumer reasonably expects. The words quoted are therefore dangerous, and also unnecessary. They should be deleted.59

The 2017 General Approach of Council responded to a certain extent to these arguments, choosing to opt for a mix of subjective (agreed in the contract) and objective (stipulated by law) criteria, while still allowing parties to contract out of the objective criteria, provided that this is done at the time of conclusion of the contract, and the consumer is specifically informed about any deviations from the objective conformity requirements and he expressly and separately agrees to those deviations. The 2019 Compromise Package sets out expressly that, to ensure that consumers are not deprived of their rights, e.g. where the contract sets very low standards, the digital content or digital service should not only comply with the subjective requirements for conformity, but should in addition comply with objective requirements for conformity set out in the Directive, looking, inter alia, at the purpose for which digital content or digital services of the same type would normally be used. It should also possess the qualities and performance features which are normal in digital content or digital services of the same type and which consumers may reasonably expect, given the nature of the digital content or digital service and, considering any public statements on the specific characteristics of the digital content or digital service made by or on behalf of the trader or other persons in earlier links of the chain of transactions.60 The Art. 6 saga highlights the difficulties of matching high standards of consumer protection with the desire of businesses to control the content of contracts to ensure greater predictability. In choosing maximum harmonisation, this measure was always going to attract scrutiny and concern from the consumer lobby and indeed it did. The compromise reached demonstrates that the Commission has taken these concerns on board, albeit after a considerable delay and redraft of Art. 6 itself. Similar controversy has arisen in relation to the right to terminate the contract. Again, the idea was to adapt measures previously seen in the CSD and CESL to the context of contracts for the supply of digital content. The approach taken by the EU in the CSD was to adopt a hierarchical structure having as its central drive repair and replacement of goods. This clashes with the approach dominant in common law  Spindler (2016), p. 199.  ELI (2016), p. 4. 60  Recital 25. See now Art. 8 DCSD Objective requirements for conformity. 58 59

14  Adopting a Smart Approach to EU Legislation: Why Has It Proven So Difficult…

313

systems whereby “[t]he buyer’s first and primary remedy for a breach of contract by the seller is to reject the goods, and, if appropriate, to repudiate the contract”.61 It is also an approach that limits consumer choice. Nevertheless, the pDCD adopted this approach, albeit with some signs of innovation in that provision is made for a right to terminate where (a) the supplier is liable to the consumer under Art. 5 for failure to supply digital content (Art. 11), (b) as a last resort for lack of conformity (Arts. 12(5) and 13) and (c) under a long term contract (Art. 16). These latter provisions are directed at the consumer and seek to use termination as a way to strengthen the position of the consumer in the marketplace. It is interesting that here innovation has faced criticism of inconsistency with the hierarchy of remedies approach.62 The 2017 General Approach accepted that, to preserve both the interests of consumers and suppliers, suppliers should instead be allowed a “second chance” in case of lack of supply before the contract can be terminated, although it did suggest on non-conformity, that more flexibility for the implementation at national level could be achieved by setting out the conditions for the use of the different remedies rather than establishing a strict hierarchy between the different remedies. The 2019 Compromise Package builds on this. Art. 11 is completely revised. Article 11: Remedy for the failure to supply 1. Where the trader has failed to supply the digital content or digital service in accordance with Article 5, the consumer shall call upon the trader to supply the digital content or digital service. If the trader then fails to supply the digital content or digital service without undue delay, or within an additional period of time as expressly agreed to by the parties, the consumer shall be entitled to terminate the contract. 2. Paragraph 1 shall not apply and the consumer shall be entitled to terminate the contract immediately where: (a) the trader has declared, or it is equally clear from the circumstances, that the trader will not supply the digital content or digital service; or (b) the consumer and the trader have agreed, or it is clear from the circumstances attending the conclusion of the contract, that a specific time for the supply is essential for the consumer and the trader fails to supply the digital content or digital service by or on that time

Compromises, it would seem, are wordy; the previously succinct 28 words now extended to 167. As was found with the Consumer Rights Act 2015, lengthy statutory provisions rarely assist clarity for consumers.63 The “second chance” philosophy, however, would now seem to be an inherent part of the remedial framework of the directive, despite the fact that consumer groups, such as BEUC, have opposed such a move.64 Further Art. 16 is no more. This potentially innovative provision that sought to stimulate competition by enabling consumers to switch between suppliers65 has been deleted in the face of criticism that it lacked clarity and might lead to  Twigg-Flesner et al. (2016), p. 435. See also Miller (2011), p. 77.  See, for example, the November 2017 report of the Committee on Legal Affairs and Committee on the Internal Market and Consumer Protection. 63  Whittaker (2016). 64  BEUC (2018), p. 5. 65  Recital 46 to pDCD. 61 62

314

P. Giliker

unintended consequences such as increased cost of digital content and service.66 No doubt this is a considerable relief to the business lobby, but does indicate tension inherent in the Directive between the needs of consumers and businesses. Dropping this provision at this stage is a clear indication of the desire to move forward with this Directive, albeit to some extent at the expense of the consumer.

4.4  Time Limits: To Have or Have Not? Art. 9 of the pDCD places the burden of proof for conformity with the contract on the supplier, unless the supplier can show that the digital environment of the consumer is not compatible with interoperability and other technical requirements of the digital content and where the supplier informed the consumer of such requirements before the conclusion of the contract.67 This measure is justified on the basis that it reflects the supplier’s deemed superior knowledge in matters of a technical nature. The key point here is that there is no time limit. Art. 10 confirms that the supplier shall be liable for any failure (a) to supply the digital content; (b) lack of conformity which exists when the digital content is supplied; and (c) where the contract provides for supply over a period of time, any lack of conformity during that period. Contrast Art. 5(1) of the CSD that provides for liability where the lack of conformity becomes apparent within 2 years as from delivery of the goods.68 Recital 43 explains that this is because by its nature digital content is not subject to wear and tear while being used and is often supplied over a period of time rather than as a one-off supply. National prescription rules will, however, apply. These are not subject to harmonisation. There will therefore be variation in the period of applicability of the conformity requirement which is far from ideal in a maximum harmonisation directive. Mak has enquired why there is no time limit and on what basis it can be held necessary to hold the supplier to a reversed burden of proof for an indefinite time.69 Compatibility problems, she argues, often become apparent fairly soon after the installation of the content—to what extent, realistically then, are latent issues arising long after supply going to be an issue in the digital market? Are not such issues more likely to be because of external changes to the digital environment? It cannot be a great surprise that Mak was correct in predicting that this would prove a sticking point for Member States. Spindler also noted that the absence of time limits for remedies would actually lead to discrepancies between Member  Hoekstra and Diker-Vanberg (2019), Sect. 2.2.3.  However, Art. 9(3) provides that the consumer must cooperate with the supplier to the extent possible and necessary to determine the consumer’s digital environment. The obligation to cooperate is limited to the technically available means which are the least intrusive for the consumer. 68  S.42(9) of the UK Consumer Rights Act 2015 also provides for a six month reversed burden of proof for non-conformity. 69  Mak (2016), p. 20. 66 67

14  Adopting a Smart Approach to EU Legislation: Why Has It Proven So Difficult…

315

States, as national prescription periods would apply leading to fragmentation and diversity.70 Such a measure was also inconsistent with provisions in the pOSG.71 In 2017, Council bowed to the inevitable and announced that it would consider differences at national level. The new approach did not fully harmonise prescription or guarantee periods, but stipulated that the liability of the supplier for cases of lack of conformity may not be shorter than 2 years. The period for the reversal of the burden of the proof would be set at one year. Council noted that this was a compromise between delegations who preferred a short period and those who wished to align this with the limitation of liability. In the 2019 compromise text, Art. 10 (previously 9) adds that: 1a. In cases referred to Article 9(2), the burden of proof with respect to whether the supplied digital content or digital service was in conformity at the time of supply shall be on the supplier for a lack of conformity which becomes apparent within a period of one year from the time when the digital content or digital service was supplied.

Art. 9(2) [previously Art. 10] again casts aside brevity in favour of complicated compromise: Where a contract provides for a single act of supply or a series of individual acts of supply, the trader shall be liable for any lack of conformity under Article 6, 6a, and 7, of the digital content or digital service which exists at the time of supply, without prejudice to Article 6a(1a)(b). If, under national legislation, the trader is only liable for any lack of conformity that becomes apparent within a period of time after supply, that period shall not be less than two years from the time of supply, without prejudice to Article 6a(1a)(b). If, under national legislation, the rights laid down in Article 12 are also subject or only subject to a limitation period, Member States shall ensure that such limitation period allows the consumer to exercise the remedies laid down in Article 12 for any lack of conformity that exists at the time indicated in the first subparagraph and becomes apparent within the period of time indicated in the second subparagraph.

In confirming the compromise reached in 2017, one might nevertheless have hoped for less convoluted wording in this respect! What this final example demonstrates, however, is the importance of placing European initiatives in a national context. Faced with distinct prescription periods engrained in national legal systems, but also real concerns about an unprecedented reversed burden of proof without any time restriction, this part of the directive became a ready target for opposition and debate. Here, innovation was always going to meet opposition. To expect otherwise was to ignore the context in which this maximum harmonisation directive arose. Equally, to contradict the position taken in the pOSG was a step bound to invoke controversy.

 Spindler (2016), p. 213: “quite the opposite of a European harmonization”.  See now Art. 8(3) pSGD: “Any lack of conformity with the contract which becomes apparent within two years from the time indicated in paragraphs 1 and 2 is presumed to have existed at the time indicated in paragraphs 1 and 2 unless this is incompatible with the nature of the goods or with the nature of the lack of conformity.” 70 71

316

P. Giliker

5  An Agreed Package: An Easter Surprise On 15 April 2019, the Council of the EU announced that it had adopted a package comprising of a directive for the supply of digital content and services and one on contracts for the sale of goods and that this would mark the end of the legislative procedure.72 Following Council approval, directives on contracts for the supply of digital content and services and the sale of goods were adopted and brought into force on 11 June 2019.73 Member States have until July 2021 to transpose the measures into national law. Both directives bear the scars of the legislative process and exhibit a limited resemblance to their 2015 predecessor. For the DCSD, the term “digital service” is far more prominent, and in the title of the directive. Goods “with digital elements” are now defined in the body of the Directive.74 Suppliers are now “traders”.75 While here is not the place for a detailed dissection of the DCSD, we see refinements to Art. 3 (scope) and Art. 5 (supply of the digital content or digital service); but, as expected, more radical changes to conformity (now Arts. 6,76 7,77 878 and 979), burden of proof (now Art. 12),80 liability of the trader (now Art. 11)81 and remedies (see Art. 13 which maintains the revised remedy for failure to comply with Art. 582 and  Press release, ‘EU adopts new rules on sales contracts for goods and digital content’ 15 April 2019. 73  Directive (EU) 2019/770  of the European Parliament and of the Council of 20 May 2019  on certain aspects concerning contracts for the supply of digital content and digital services OJ L 136/1, 22.5.2019, pp. 1–27 and Directive (EU) 2019/771 of the European Parliament and of the Council of 20 May 2019 on certain aspects concerning contracts for the sale of goods, amending Regulation (EU) 2017/2394 and Directive 2009/22/EC and repealing Directive 1999/44/EC OJ L 136/28, 22.5.2019, pp. 28–50. 74  Art. 2(3) as “any tangible movable items that incorporate, or are inter-connected with, digital content or a digital service in such a way that the absence of that digital content or digital service would prevent the goods from performing their functions.” 75  Art. 2(5). 76  The trader shall supply to the consumer digital content or a digital service that meets the requirements set out in Articles 7, 8 and 9, where applicable, without prejudice to Article 10. 77  Subjective requirements for conformity. 78  Objective requirements for conformity, stated to be in addition to complying with any subjective requirement for conformity. 79  Incorrect integration of the digital content or digital service. 80  Art. 12(2): “the burden of proof with regard to whether the supplied digital content or digital service was in conformity at the time of supply shall be on the trader for a lack of conformity which becomes apparent within a period of one year from the time when the digital content or digital service was supplied.” 81  Art. 11(2): “If, under national law, the trader is only liable for a lack of conformity that becomes apparent within a period of time after supply, that period shall not be less than two years from the time of supply, without prejudice to point (b) of Article 8(2).” 82  Art. 13(1): “Where the trader has failed to supply the digital content or digital service in accordance with Article 5, the consumer shall call upon the trader to supply the digital content or digital service. If the trader then fails to supply the digital content or digital service without undue delay, or within an additional period of time, as expressly agreed to by the parties, the consumer shall be entitled to terminate the contract.” 72

14  Adopting a Smart Approach to EU Legislation: Why Has It Proven So Difficult…

317

Art. 14),83 with complex termination provisions (Arts. 15–18) now including express reference to the General Data Protection Regulation 2016/679. The DCSD bears all the hallmarks of a compromise. It is one admittedly that has finally achieved sufficient agreement to complete the legislative process, but for those familiar with the 2015 proposal, the scars are self-evident. It is not clear also that all the issues concerning interpretation highlighted in this paper  have been resolved, but that is an argument for another day

6  Conclusion What conclusions, then, can we draw from the attempt to introduce a new maximum harmonisation directive on contracts for the supply of digital content? The auguries were good. This was an area of law in which consumers felt vulnerable and businesses faced uncertainty and the Commission had data to support the need for intervention. Equally, because of a general absence of specialist legislation in Member States, the proposals were unlikely to meet the kind of opposition generated when the EU seeks to overturn rules of law developed over centuries and encapsulated in an iconic civil code. Faced with a demand for change, evidenced by the UK legislating in this area and other States contemplating the need for national legislation, it appeared that this would be a proposal that was likely to receive considerable support and a fairly painless path to implementation. As this chapter has shown, this has not been the case. It has taken two “compromises” and a further redraft before the Directive on contracts for the supply of digital content completed the legislative process. Ireland, which held back on following the UK approach in 2015 under the assumption that EU law was imminent, has had a long wait to legislate in this field. In this chapter, I have tried to draw out lessons to be learnt from this process. The first, and most obvious, is that drafting legislation in a fast-moving area of law is never going to be easy. As Grundmann and Hacker have recently argued, the pDCD went well beyond known territory: … digital content is about the problem of an object of the contract which poses considerably or even completely new problems in large quantity: namely non-rivalrous and/or ­nonexcludable use of the good and questions of compensation; alternative modes of compensation (namely giving personal data instead of monetary payment); services which have strong IP implications, but as well network effects, etc. Digital contents pose these new problems to a degree that seem to open a truly new dimension of object of contract and questions of performance.84  Remedies for lack of conformity. Art. 14(1) provides that “In the case of a lack of conformity, the consumer shall be entitled to have the digital content or digital service brought into conformity, to receive a proportionate reduction in the price, or to terminate the contract, under the conditions set out in this Article.” There are changes, note, in particular, new Art. 14(4)(d): “the lack of conformity is of such a serious nature as to justify an immediate price reduction or termination of the contract” (see also recital para. 65). 84  Grundmann and Hacker (2017), p. 262. 83

318

P. Giliker

In seeking to future-proof legislation, the Commission faced the challenge of catering for fast technological development and a wide range of types of contracts, including computer programmes, applications, video files, audio files, music files, digital games, e-books or other e-publications, and also digital services which allow the creation, processing, access to or storage of data including software-as-a-service such as video and audio sharing and other file hosting, word processing or games offered in the cloud computing environment and social media. There can be no doubt that the Commission underestimated the difficulty of the task it set itself. Secondly, while the aim of the pDCD was to innovate and adapt contract law to this new context, this was not undertaken from scratch and the Directive owes much to its predecessors: the CSD and CESL. This gives rise to an obvious tension within the final version of the Directive between the desire to innovate and the decision to adapt previous models of consumer contract law to the specific context of the supply of digital content. This can be seen, for example, in the desire to place “second chance” at the heart of the remedial structure of the Directive, at the expense of the right to terminate, and in the focus on “non-conformity”. Inevitably, the question is raised of just how “innovative” this Directive wants to be. Examining the response to the pDCD and the debate which followed, it is worrying also that many of the more radical proposals (reversed burden of proof with no time limit; right to terminate long-term contracts; even the automatic right to terminate for failure to supply) that sought to protect consumers in this context have been regarded as sticking points and abandoned. This does indicate a certain level of desperation to obtain approval for the provision as a whole and a lack of confidence in the initial drafting process of the directive. It begs, however, the question whether more time was needed in drafting the directive to avoid the debate which followed or, at least, to have the ability to defend innovative provisions. Maximum harmonisation is also an issue that has caused problems. Essentially, if such measures are perceived to reduce consumer protection in a number of States, then any “consumer protection” credentials will be immediately tarnished.85 In engaging in maximum harmonisation, therefore, the Commission needed to consider (and consult more fully on) the implications for national consumer law. Further, one cannot ignore matters of procedure, notably the impact of different national prescription/limitation periods that are not subject to maximum harmonisation and the risk of fragmentation which may result. Finally, tying the measure to an even more ambitious project—the online (now all types of) sale of goods contracts rendered it vulnerable to attack on a number of fronts—notably for inconsistency with the provisions of the sale of goods proposals and for a lack of clarity in its demarcation—and rendered it difficult for the pDCD to sever its fate from that of its more contentious counterpart. Drafting legislation, then, in this field is not easy. As a UK lawyer, I would certainly not make any claim that the UK Consumer Rights Act 2015 got it 100% right.86  Lehmann (2016), p. 755, more cynically, has asserted from the start that the main motivation behind the proposals was not the lack of consumer protection provisions at the national level, but rather the stimulation of the EU economy rendering such concerns inevitable. 86  See my critical assessment: Giliker (2017b). 85

14  Adopting a Smart Approach to EU Legislation: Why Has It Proven So Difficult…

319

I would argue, however, that a failure to implement on time legislation in an area of law where there is a clear demand for intervention should make us pause and reflect. Recognition is needed that innovation requires consultation to bring stakeholders on board, that national sensitivities regarding matters such as prescription and consumer welfare need to be appreciated and that the more ambitious the project (inter-­ linked directives; maximum harmonisation; new rights to terminate long-term contracts and so on) the more likely that approval cannot be guaranteed and that care must be taken in the drafting process. These may seem obvious conclusions to draw, but, as this chapter has shown, they continue to provide obstacles to legislative reform. To be blunt, while it is clear that one reason for the delay has been the failure to embrace fully the difficulties of using traditional consumer law methods in the context of new technology, this is not the only problem. In particular, I would argue that this saga raises deeper concerns about the need to draft legislation in a way that attracts consensus and avoids the detailed debates and dissections which have met the pDCD. It would seem that offering “an ambitious yet balanced compromise between guaranteeing rights for European consumers while creating new business opportunities for EU companies”87 has not been the straightforward exercise the Commission in 2015 had hoped.

References Beale H (2016a) Scope of application and general approach of the new rules for contracts in the digital environment: in depth analysis. European Parliament – Policy Department for Citizen’s Rights and Constitutional Affairs. PE 536.493 Beale H (2016b) The future of European Contract Law in the light of the European Commission’s proposals for Directives on digital content and online sales. Revista de Internet, Derecho y Política, No. 23 (December 2016), pp 1–20 BEUC (The European Consumer Organisation) (2018) Digital Content Directive: key recommendations for the trialogue negotiations. https://www.beuc.eu/publications/beuc-x-2018-003_ digital_content_directive.pdf Bradgate R (2010) Consumer rights in digital products: a research report prepared for the UK Department for Business, Innovation and Skills. Institute for Commercial Law Studies, Sheffield and BIS, London. http://www.bis.gov.uk/assets/biscore/consumer-issues/ docs/c/10-1125-consumer-rights-in-digital-products Bunz M, Meikle G (2017) The internet of things. Polity Press, Cambridge Claeys I, Terryn E (eds) (2017) Digital content and distance sales: new developments at EU level. Intersentia, Cambridge de Franceschi A (ed) (2016) European Contract Law and the digital single market: the implications of the digital revolution. Intersentia, Cambridge European Law Institute (2016) Statement of the European Law Institute on the European Commission’s Proposed Directive on the supply of digital content to consumers COM (2015) 634 final. https://www.europeanlawinstitute.eu/fileadmin/user_upload/p_eli/Publications/ ELI_Statement_on_DCD.pdf  Press Release by European Council, ‘Council and Parliament agree on new rules for contracts for the sale of goods and digital content’ 29 January 2019, quoting T. Toader, Minister of Justice of Romania. Romania held the Presidency of the EU from January–June 2019. 87

320

P. Giliker

Fairgrieve D (2019) Reforming the European Product Liability Directive: Plus ça change, plus c’est la même chose? JPI Law: 33–40 Giliker P (2017a) The Consumer Rights Act 2015 – A bastion of European consumer rights? Leg Stud 37:78–102 Giliker P (2017b) Regulating contracts for the supply of digital content: the EU and UK response. In: Synodinou T, Jougleux P, Markou C, Prastitou T (eds) EU Internet Law. Springer, Cham, pp 101–124 Grundmann S (2017) European Contract Law in the digital age. Intersentia, Cambridge Grundmann S, Hacker P (2017) Digital technology as a challenge to European Contract Law. Eur Rev Contract Law 13:255–293 Helberger N et al (2013) Digital content contracts for consumers. J Consum Policy 36:37–57 Hoekstra J, Diker-Vanberg A (2019) The proposed directive for the supply of digital content: is it fit for purpose? Int Rev Law Comput Technol 33:100–117 Howells G, Twigg-Flesner C, Wilhelmsson T (2018) Rethinking EU consumer law. Routledge, Abingdon Kelly C (2018) Consumer reform in Ireland and the UK: regulatory divergence before, after and without Brexit. Common Law World Rev 47:53–76 Lehmann M (2016) A question of coherence, the proposals on EU contract rules on digital content and online sales. Maastricht J Eur Comp Law 23:752–774 Loos M et al (2011) The regulation of digital content contracts in the optional instrument of contract law. Eur Rev Private Law 19:729–758 Mak V (2016) The new proposal for harmonised rules on certain aspects concerning contracts for the supply of digital content: in depth analysis. European Parliamentary Research Service, PE 536.494 Miller L (2011) The emergence of EU Contract Law. OUP, Oxford Prastitou Merdi T (2017) The proposed new digital single market contract law directives: a new start for digital European Contract Law? In: Synodinou T, Jougleux P, Markou C, Prastitou T (eds) EU Internet Law. Springer, Cham, pp 125–161 Remáč M (2016) Contract rules for online purchase of digital content and tangible goods – part of digital single market: implementation appraisal briefing. European Parliament PE 573.293 Samuels A (2016) The Consumer Rights Act 2015. JBL: 159–185 Schulze R, Staudenmayer D (eds) (2016) Digital revolution: challenges for contract law in practice. Nomos, Baden-Baden Schulze R, Staudenmayer D, Lohsse S (eds) (2017) Contracts for the supply of digital content: regulatory challenges and gaps. Nomos, Baden-Baden Sein K (2017) What rules should apply to smart consumer goods: goods with embedded digital content in the borderland between the digital content directive and normal contract law. J Intellect Property Inf Technol Electron Commun 8:96–110 Smits JM (2016) New European Union proposals for distance sales and digital contents contracts: fit for purpose? Zeitschrift für europäisches Privatrecht: 319–324 Spindler G (2016) Contracts for the supply of digital content  – scope of application and basic approach – proposal of the Commission for a directive on contracts for the supply of digital content. Eur Rev Contract Law 12:183–217 Twigg-Flesner C, Canavan R, MacQueen H (2016) Atiyah and Adams’ sale of goods, 13th edn. Pearson, Harlow Weber RH, Weber R (2010) Internet of things: legal perspectives. Springer, Heidelberg Wendehorst C (2017) Consumer contracts and the internet of things. In: Schulze R, Staudenmayer D, Lohsse S (eds) Contracts for the supply of digital content: regulatory challenges and gaps. Nomos, Baden-Baden, pp 189–224 Whittaker S (2016) Distinctive features of the new consumer contract law. Law Q Rev 133:47–72 Willett C (2018) Re-theorising consumer law. Camb Law J 77:179–210

Chapter 15

Consumer Protection on Social Media Platforms: Tackling the Challenges of Social Commerce Christine Riefa

Abstract  A growing number of individuals and businesses are using social media platforms to sell goods and services. Social commerce therefore combines e-­commerce features with the rich social interaction that social media fosters. Social commerce is a growing phenomenon, but to expand its reach, trust in online platforms and the processes used to transact is essential. Yet, there is convincing evidence that social media sites are increasingly used by fraudsters, a fact that could rapidly undermine consumer confidence. This chapter explores some key trends as to how social media platforms are used to advertise and buy/sell consumer goods and evaluates their compliance with consumer protection laws. It shows some of the challenges faced by consumers, in particular with the rise of e-commerce scams perpetrated on social platforms. The article reflects on a range of avenues (including self regulation, intermediary liability, collective actions, public enforcement) to improve the protection of users that engage in social commerce or use social platforms more generally.

1  Introduction The Cambridge Analytica scandal brought to the fore the many dangers that the unrestricted use of the data collected and circulating on social media platforms1 represents. It is alleged that data mining enabled the manipulation of votes during

 ‘Online platforms come in various shapes and sizes (…). Presently, they cover a wide-ranging set of activities including online advertising platforms, marketplaces, search engines, social media and creative content outlets, application distribution platforms, communications services, payment systems, and platforms for the collaborative economy’. European Commission Communication COM (2016) 288 final, p. 2. For a more detailed classification, see TNO (2015), p. 10. Also see Evans and Gawer (2015), p. 9. Also see European Commission (2018), p. 10, par 1.3 which differentiates between profile centric platforms and media centric platforms. 1

C. Riefa (*) Brunel University, Uxbridge, UK e-mail: [email protected] © Springer Nature Switzerland AG 2020 T.-E. Synodinou et al. (eds.), EU Internet Law in the Digital Era, https://doi.org/10.1007/978-3-030-25579-4_15

321

322

C. Riefa

the US election, as well as swing other elections thanks to fake news2 and other dirty tricks. But it only touches the surface. Beyond the use of personal data for political ends, social media platforms harbour a number of further challenges for consumer protection, many going unnoticed. A large volume of literature exists concerning social media, mostly focussed on how to harness it as a marketing outlet. However, very little has been written on consumer protection aspects and how to protect consumers from scams and purchases gone wrong and other poor market practices. Yet, a growing number of individuals and businesses are using social media platforms to sell goods and services, announcing the era of social commerce. Social commerce uses social media tools and Web 2.0 technologies in electronic commerce.3 Distinct from traditional e-­commerce, which focusses on enhancing the efficiency of online shopping, social commerce delivers a rich social, interactive and collaborative shopping experience.4 It includes relying on users to assist online buying and selling of products and services. While to this day, social commerce is still in its infancy, there are clear sign that developments are forthcoming.5 Transaction fees are already one of the revenue streams of social media platforms.6 Besides, it is estimated that social commerce represented at least $14 billion dollars in 2015, steadily increasing from previous years. In 2016, a study revealed that 73% of those who have tried a social buy buttons say that they would do so again.7 Another survey by Statista showed that 65.4% of US users had used a social media platform to make purchase directly through a post in 2017.8 Facebook captures 47.7% of those users with other platforms trailing behind. As the size of social media worldwide continues to grow, social commerce is predicted to develop.9 As social commerce tries to expand its reach, trust in online platforms is essential. Yet, there is equally convincing evidence available that social media sites are increasingly used by fraudsters, a fact which could rapidly undermine consumer confidence. In particular, research carried out by Consumers International shows that while the overall numbers of scamming incidents (on and off-line), may not be on the increase overall, the internet and social media platforms in particular are  See Digital, Culture, Media and Sports Committee (2019).  Huang and Benyoucef (2017), p. 40. See also, Liang and Turban (2011), pp. 5–13, cited in Gibreel et al. (2018), p. 152. 4  Ibid Huang, 40 citing Yang et al. (2015), pp. 1–9. 5  Meanwhile, a number of consumer protection issues are salient with the way social media platforms interact with their users. Notably, presenting the use of social media as ‘free’ when in fact data is used as a currency and the use of many unfair terms and conditions. This chapter does not address those problems. 6  European Commission, Behavioural Study on Advertising and Marketing Practices in Online Social Media, Final report (June 2018), 26, par 2.5 in fine. 7  Api2cart (2016). 8  Statista (2017). 9  Statista (2019a). The number of social media users worldwide in 2017 was estimated at 2.46 billion, a number predicted to rise to 3.02 billion by 2021. 2 3

15  Consumer Protection on Social Media Platforms: Tackling the Challenges of Social… 323

increasingly used to perpetrate those scams.10 A report from the Australian Competition and Consumer Commission also shows that consumers in that country have lost over $15 million in 2018 to scams on social media platforms.11 This chapter explores some key trends as to how social media platforms are used to advertise and buy/sell consumer goods. It shows some of the challenges faced by consumers, in particular with the rise of e-commerce scams perpetrated on social platforms. The article reflects on a range of avenues to improve the protection of users that engage in social commerce or use social platforms more generally.

2  Social Commerce Social commerce is essentially composed of two main elements. Social media marketing, as most social media outlets operate on a two-sided model, financed by advertisement12; and buying/selling products directly on a social platform. Both bring their own set of challenges.

2.1  Buy and Sell Features on Social Media Platforms Twitter’s early attempt at social commerce failed and all development of the ‘buy’ button was suspended in 2016. Other platforms have been more successful but unlike more established marketplaces such as eBay, Airbnb or Uber, social media platforms do not (yet) provide a proper infrastructure to conduct sales online. The Facebook market place enables the posting of an advert and for sellers to be messaged with a view to conclude a sale, but it does not support online payments. Advertisers have to refer visitors to an external website or other facilities to conclude the sale. The buy and sell function is at present mostly designed to enable consumers to conclude purchases face to face. Many discuss the details of a sale via messenger and agree price and a collection point via this channel. Retail posts on Instagram often refer to a website or provide mobile phone and/or email details to get in touch. However, Instagram has also developed a ‘shop now’ button that launched in 2016, but so far reserved to a selection of partners. Some Pinterest posts enable direct purchases, through what are known as ‘buyable pins’. They are also, for the time being, restricted to a number of selected retail partners and US businesses, although those pins are accessible from the EU. An ‘add to bag’ button is included on the pins and simply links back to the merchant’s website. One of the key to the development of social commerce is to enable payment features and those have been developing at a fairly fast pace. Wechat, the tencent  Consumers International (2019), p. 12.  Scamwatch (2018). 12  House of Lords (2016), p. 19, par. 48. 10 11

324

C. Riefa

chat app developed Wechat Pay to rival with Alibaba Pay was launched in Europe in 2017 (following the launch of Alipay in 2015). Third-party app developers also offer solutions to transform social media marketing into an integrated e-commerce solution. Spreesy is such an example. It enables sales on Instagram, Facebook, Twitter and Pinterest without the need for a link to an external website and/or email address provided by the seller to place an order. The solution rests on ‘comment buying’. Interested purchasers need to provide their email addresses in the comment section of the social media post and receive an email for automated purchase.13 Spreesy also allows users selling on the market place Etsy to link directly to Instagram or Facebook, providing additional shopping outlets. Penny #paywithpenny also enables Instagram users to pay for goods through an app. It is therefore only a matter of time before social media users are able to seamlessly pay for goods and services advertised on all platforms from their laptops, tablets and phones. It is early days and, so far, retail functions are slow to attract a wide audience, but they are spreading.14 This is possibly explained by the fact that, even if they do not generate revenue, they contribute to building user profiles.15 The links between market places and social media are also likely to blur further in social commerce with the development of overlay services. From a user’s point of view, it is feasible that consumers will understand that they bought from a particular entrepreneur and not from the social media platform or market place itself, or even the overlay service, although it may be quite confusing in some cases. For example, a seller on Etsy (a market place) can use Spreesy (an overlay service) to also advertise and conclude the sale via Facebook (the social media platform) that the consumer consults. It is not at all clear who the consumer would have to get in touch with if something goes wrong with that sale. An added layer of complexity is linked to the legal classification of the seller in the first place. The background report to the 2016 OECD Ministerial meeting on the digital economy rightly notes that ‘it can be difficult to apply existing consumer protection frameworks to business models that blur the boundaries between consumers and businesses. Some peer providers may generate sufficient commercial activity to suggest that they should bear consumer protection responsibilities, while at the same time appearing to be in a consumer relationship with the platform’.16 The report is focused on peer-to-peer platforms and not social media, but the problem is raised in almost identical terms on social media platforms, the same way it also was when eBay exploded as a B2C tool.17 On Facebook or Pinterest for example, it is difficult to tell if the party the consumer is buying from is a trader. Yet, it is only in B2C relationships that consumer  Aside from any social commerce issue, this also raises some privacy issues as the email address is left as a public comment. This is the case even if the shop operated as a closed group. 14  Chen (2016). 15  Alba (2016). 16  OECD (2016), p. 6. 17  For more details on the difficulties to identify consumers and traders on online platform and suggestions for a workable test, see Riefa (2015), pp. 23–30. 13

15  Consumer Protection on Social Media Platforms: Tackling the Challenges of Social… 325

law applies. Unlike on eBay, the parties are not normally identified as traders or consumers with a label affixed to their profiles. Social media platforms also do not provide a template for posts that is adequate for B2C sales and meeting all the legal requirements applicable to the sellers who are defined as traders (at least in the EU). For example, there is no requirement to fill in a template with the key information about the trader including its geographical location, the price including taxes, the main characteristics of the goods, how to solve disputes, etc. The overlay services such as Spreesy offer more structure but are also not fully compliant with European standards of disclosure. Many practices would already fall within the remit of the Unfair Commercial Practices Directive18 but much uncertainty remains. The behavioural study on the transparency of online platforms,19 showed that after price, information about the fact that the contractual entity is a trader, which offers consumer rights, increased the probability of selection of products advertised on marketplaces. The absence of such information decreased selection probability. Consequently, the latest effort from the European Commission to reform consumer law, the so-called ‘new deal’ requires more transparency on online marketplaces and imposes a positive obligation on the platform itself to identify parties as consumers or traders. The proposal introduces additional information requirements in Directive 2011/83/EU, which require online marketplaces to clearly inform consumers about: (a) the main parameters determining ranking of the different offers, (b) whether the contract is concluded with a trader or an individual, (c) whether consumer protection legislation applies and (d) which trader (third party supplier or online marketplace) is responsible for ensuring consumer rights related to the contract (such as the right of withdrawal or legal guarantee). Those obligations would apply to social commerce. But the requirement for information remains largely based on the parties self-­ certifying and opting for their choice of legal classification (trader or consumer). Thus, problems will remain because the proposal does not provide a reliable test to predictably decide who is a trader and who may be a consumer. The opinion from AG Szpunar in the case of Kamenova does present a number of criteria that can be used on a case-by-case basis20 but it leaves this assessment to national courts, with all the complications this may engender. This position was confirmed by the CJEU. The court held that it was not sufficient, by itself, to classify a person as a “trader” that a person published simultaneously on an online platform eight advertisements offering new and second-hand goods for sale. To be classified as such and for the activity to constitute a commercial practice, the person must be acting for  See SWD (2016) 163 final.  European Commission (2018). 20  AG Szpunar’s opinion in CJEU, Komisia za zashtita na potrebitelite v Kamenova, Case C 105/17 highlights the following as potential criterion to use in making this assessment: Whether the sale is part of an organised profit-seeking activity; specific timeline and frequency; seller’s legal status allowing to trade; VAT tax payer; agency; purchase of new or used goods for resale purpose; organised, frequent or concurrent sales in connection with professional activity; number of items of same type and value. Also see for suggestions for a workable test, supra n 25. 18 19

326

C. Riefa

purposes relating to his trade, business, craft or profession, which the national court must determine in light of all relevant circumstances in the individual case.21 While the onus to comply with consumer laws is on the platform users,22 it seems essential that social media platform develop adequate means to ensure consumer laws are respected by businesses using social media to advertise and trade. They ultimately benefit from sellers on their platforms by selling advertising. At the very least, platforms ought to do more to educate their users about legal obligations that befit them when selling and/or advertising via their intermediary and possibly provide templates that enable users to include key information that the law requires. The new deal seems to impose a more proactive approach, but it is not specifically designed for social media where the usual lines between private/public life and commerce are fuzzier than on other platforms. There will also be a need to consider the fact that social media platforms are not ‘traditional’ online retail spaces and the behaviour of consumers using them to initiate and/or make purchases may differ as a result. In other areas, such as trolling, platforms have taken action, demonstrating that they are able to exercise some control over their users and the contents produced. It could therefore be feasible to envisage more control over who is using the platform and in particular controlling the spread of fake accounts and striking out users that do not respect consumer laws, although this of course presents its own challenges. It first clashes, at least in Europe and the USA, with standards of liability for online intermediary hosts and raises questions about the way in which the platforms ought to proceed to police retail activity (more below). The rules under the new deal focus primarily on information. When sales go wrong in social commerce, the already existing provisions under the Consumer Rights Directive would apply. While this provides the EU consumers with more or less adequate protection, it leaves unresolved the fact that in social commerce less prominence is given to the geographical location of the parties than in more traditional electronic commerce. Hence, presuming that the Trader/Consumer legal classification are clear, there is an additional danger to see the EU consumers buying beyond the borders of the EU and thus forego the protection they would have been entitled to under the EU law. According to a survey of Which? members, about a quarter of consumers do not check the geographical location of the party they purchase from.23 This has the potential to create very thorny problems, not least the fact that redress may be very difficult to obtain if not impossible.24  CJEU, Komisia za zashtita na potrebitelite v Kamenova, Case C 105/17 Judgement of 4 October 2018, par. 2, 37–40 and 45. 22  Unless the trader has given the platform it uses a mandate to act in their name or on their behalf. If that was to be the case, the EU Commission guidance document on the Consumer Rights Directive explains that the platform and trader using the platform would share the liability for compliance with consumer law. See European Commission (June 2014), p. 31. 23  BEUC (2017), p. 12. 24  On those issues, see BEUC (2017). The report explains that while there is a legislation that dictates that a consumer could not be prevented from suing in his or her country of origin, enforcing that judgment is another matter that requires suing in the country where the trader is established to obtain exequatur in case of non-compliance. 21

15  Consumer Protection on Social Media Platforms: Tackling the Challenges of Social… 327

2.2  Marketing Products on Social Media Platforms Social media offers a platform for advertising25 which takes several forms. It relies primarily on consumers themselves to spread the message, by sharing information on product or simply ‘liking’ the business page. This is often referred to as viral marketing, the equivalent of word of mouth.26 Businesses can also create a business page or channel on social media and use it to promote their activities and products. Finally, social media platforms also promote products by selling advertising space. The advertising in those cases is targeted and uses data gathered on each user to present relevant product information.27 The Ofcom Communication Market Report 2017 highlights that advertising on social media in the UK is on the rise. In particular, social media is the preferred advertising channel for SMEs.28 This is a trend that is confirmed worldwide with top brands in the world having a presence on Instagram and other social media. Advertising revenues on social media platforms have also grown year on year.29 Problems with advertising standards are clear. A search on the UK’s ASA rulings database for the year 2017 alone, using the key word ‘Internet Social Networking’ returns 47 rulings (of which 15 were not upheld and 4 were upheld only partly) and 164 informally resolved cases. It shows that there are a number of cases where the legitimacy of the business operator is not called into question (contrary to the issue of scams dealt with below), but where the advert or practice falls short of professional standards and the code of conduct. One issue of particular concern is the use of online reviews and endorsements and ensuring that consumers can tell the difference between unprompted reviews and paid-for commercial communications. A number of studies have highlighted the fact that social media marketing is particularly influential in a consumer buying decision process.30 In 2016, fake online endorsements were in the top 10 scams according to the BBB.31 ICPEN has issued a set of guidance on this subject aimed at review administrators, digital influencers, traders and marketing professionals.32 They prompt for fairness and transparency. However, communication on social networks can make spotting the commercial nature of certain content particularly difficult. This is why

 Note that WhatsApp is an ad-free app, which used to run on a subscription model. It is no longer charging for the use of the app (with some exception in some markets) and reporting a loss. There is a speculation as to how it will make money in the future. It was acquired by Facebook in 2014 for $19.6 billion to reach markets where Facebook is not as established. 26  Trzaskowski (2011). 27  Riefa and Markou (2014), p. 384. 28  Ofcom (August 2017), p. 201. 29  Statista (2019b). Figures show advertising spend more than double between 2014 and 2017. 30  CMA (2015) and European Commission (2018). 31  Weichel (2017). 32  ICPEN (2019). 25

328

C. Riefa

it is important that ‘digital influencers’33 are providing the public with genuine reviews and are adequately disclosing whether the content of their reviews or endorsement are paid for or if they have any particular relationships with any of the products featured, principles that are adopted by the ICPEN guidance. For example, on Twitter one way to denote that a post is an advert may be to use a hashtag, although not all regulators agree that this is necessarily sufficient to make the nature of the advert clear to consumers. For example, in the UK, the CMA has taken some action against businesses and social media personalities, as well as issuing some guidelines.34 There is also an ASA ruling confirming that @brandname directly following a message could be sufficient35 but the absence of #ad despite the presence of a @brandname could fall foul of the rules and be misleading consumers as to the nature of a tweet.36 Similar discussions take place in the USA, where the FTC does not believe that #Spon denoting that a post is sponsored is always sufficiently clear, nor are links to external websites explaining the nature of the post.37 According to the Norwegian Ombudsman, the label needs to be placed at the beginning of the advert text and not at the end.38 In addition, consumers may be also publicising products in exchange for prizes, free products or vouchers and review products favourably without their peers being aware this is the case. The EU Commission guidance on unfair commercial practices quotes the ‘guidance on Labelling of Marketing in Social Media by the Norwegian Consumer Ombudsman [that] reads: ‘You can comment on products that you have bought yourself or received as presents from, for example your friends or your boyfriend, without labelling the information as marketing, as long as you do not link the product to an advertising network. It is in cases where both you and the advertiser get an advantage from your comments that you must label it as marketing, for example if you have received a jacket for free and then make comments about the jacket in your blog.’39 It is however unclear how such rule could be enforced because the unfair commercial practices directive only applies in B2C relationships. Not all bloggers will be ‘traders’ under the legal definitions normally applicable and it seems that trying to conceptualise the consumer posting the review against a ‘payment of sort’ would fall short of the definition of a trader in many  For more on the issue, see Riefa and Clausen (2019).  CMA (2016b); see also, CMA (2015, 2016a). 35  ASA (2013) Nike UK Ltd. Wayne Rooney posted a tweet message “The pitches change. The killer instinct doesn’t. Own the turf, anywhere” followed directly by the @NikeFootball Twitter address, the hashtag “myground” and a link to a picture. The ASA considered that the reference to Nike Football was prominent and clearly linked the tweet with the Nike brand and the overall effect was that the tweet was obviously identifiable as a Nike marketing communication. 36  ASA (2016) Alpro (UK) Ltd.An ad by a TV presenter was presented in a similar ‘voice’ to his other tweets and did not include any clear identifier, such as “#ad”, to demarcate it from her own content. The ASA concluded that the presence of the @alpro_uk would not make clear to consumers the commercial intent of the content or the editorial control exercised by the advertiser. 37  See for example in the US, FTC (2013) Guidelines, Annexes, Example 17, A20. 38  Forbrukertilsynet (2018). 39  SWD (2016) 163 final, p. 144. 33 34

15  Consumer Protection on Social Media Platforms: Tackling the Challenges of Social… 329

cases. However, many bloggers are increasingly making a living out of the activity (whether full or part-time), in which case they could no doubt be subjected to the legislation in question. The difficulty will remain however with defining the point at which activity ceases to be on a personal basis only to becoming professional.40 The EU Parliament Resolution on Online Platforms and the Digital Single Market stressed the importance of providing users with clear, impartial and transparent information on the criteria used to filter, rank, sponsor, personalise or review information presented to them. It underlined the need for clear differentiation between sponsored content and any other content.41 It called on the Commission to address certain issues of platforms’ review systems, such as fake reviews or deletion of negative reviews, with the aim of gaining competitive advantage, and stressed the need to make reviews more reliable and useful for consumers and to ensure that platforms respect existing obligations.42 While the new deal acknowledged the Parliament’s position, the bulk of the new rules focus on transparency regarding rankings rather than on reviews.43 The onus thus remains on the application of the Unfair Commercial Practices Directive to ensure fairness for consumers with the caveats already highlighted. Further, the application of the UCPD to control digital influencer marketing and online reviews is an imperfect tool, which would require some legislative changes that the new deal largely ignores.44

3  Social Media Scams It is difficult to assess the scale of scams on social media platforms. This is primarily because the way fraud gets reported, does not normally record the type of platform used. While some statistic record whether the fraud was online or off, it does not normally record what type of website or platforms it was perpetrated on. Besides, it is not always clear how to classify practices on a scale between unfair commercial practices and scams. While all scams are clearly unfair commercial practices, the opposite is not necessarily true. Some practices are difficult to place,45 although it is possible to envisage that practices on the UCPD black list would be most likely deemed scams as opposed to those that must be tested for unfairness.  Similar classification issues were encountered with the legal classification of traders on eBay. The issue resides in identifying the cut-off on this sliding scale. See Riefa (2015), pp. 26–30. See also, Kamenova supra 30. 41  European Parliament (2017), p. 11, par. 56. 42  Ibid, par. 57. 43  European Parliament (2018). 44  Riefa and Clausen (2019). 45  See for example, social proof practices that consist of buying followers or likes to increase the exposure of an online profile and use it to convince more users to buy products. For more on this practice and how to control it (via the UCPD blacklist), see European Commission (2018), p. 94, par. 7.3. 40

330

C. Riefa

While all the scams are not necessarily focused on advertising or the formation of a sales contract, the existence of scams can have an influence on the purchasing habits of consumers and their trust in social commerce. Addressing the safety of the environment in which consumers transacts is therefore also key to improving the protection of consumers. To do so, good understanding of the way social media is used to questionable ends is essential. Common scams include password hacking, fake and duplicate accounts alongside scams that play on consumers’ vulnerabilities. Get rich quick schemes play on greed and credulity. Other scams play on the victims’ need to form relationships (some out of loneliness), wanting to make friends or find love for example. Other scams focus on exploiting trading situations. In many scams, the social media platform is only a way to contact the victim. In others, the social media account is the target of a first scam to set up another scam using the ‘stolen’ account. The techniques encountered are all pre-existing but are being adapted to the use of social media. For example, identity fraud used to require sophisticated and sometimes long investment into researching the life of a victim. It now takes very little time on Facebook to pick a birthdate, complete with year of birth, relationship status, name of next of kin (especially when people declare to Facebook what their relationships are), location, etc. Some techniques go even faster and simply consist in finding a trick to have the consumer voluntarily hand over those details through the lure of ‘free’ goods or having won a prize or download a piece of spyware that will do the work for the scammer. Table 15.1 describes the most reported scams and the platforms they have been reported to operate on based on desk research conducted in July/August 2017. While there may be slight regional variations (or scams that are particularly active in certain regions—Sextorsion scams for example are said to be particularly prominent in Asia46), the techniques used to prey on unsuspecting consumers are pretty similar around the world. Note however that scams tend to be transient and spread to new territories once shut down in a country or set of countries. The report from Consumers International also found that scams are often perpetrated across boundaries between countries speaking a common language and that a large proportion of scams always have at least some international elements.47

4  S  olutions to Improve Consumer Protection in Social Commerce Potential solutions do not exist in a vacuum. They all interlink and need, to a large extent, to work together to be efficient. The avenues explored should also not overshadow the need for educating consumers as much as possible on the dangers of 46 47

 Symantec (2016), p. 29.  Consumers International (2019), p. 10.

15  Consumer Protection on Social Media Platforms: Tackling the Challenges of Social… 331 Table 15.1  Social media scams by category & platforma Scam Description Instagram Twitter Facebook Greed & fear Scams—Scam using greed or fear to extract money or access personal information x x Phishing emails E.g. claiming that access to Fb or Twitter will x & SMS scams be disabled, that by clicking on a link you will be able to watch a live stream of an important (Smishing) sport event. All have fake links to click on, to extract access to the social media site x Instagram profiles with lots of followers are Sale of fake sold off. Playing on vanity or greed (having a account with lot more followers than would normally have) followers x x Money flipping Several variations exist: Adding money onto a x prepaid card and giving access to the scammer who promised to hack the card account and add money to it. Instead they block the consumer and take the money on the card; using empty bank account of the victim depositing fraudulent cheques and withdrawing all the money before the victim can access it Bogus employment Scams—Scams using the need for work to extract money x x Ponzy Scheme/ Against a membership fee, users can make an income from liking items on social media and Pyramid recruit more members to do the same. A Scheme variation is earning money through seeing online advertising Financial services Scams—Scams using the need for money to extract money Loan Scam Loan is offered at a low rate against a set up x fee Loneliness Scams—Scams using the need to form relationships to extract money or access personal information x Friend Scam Scammers befriend the victim and ask for a phone number and provider to buy gaming credits online or online gift cards. Victims asked to confirm via message to their phone with a verification code often do so. Later to realise their mobile phone bill has been charged x Romance Using platform to befriend and extract money either via fake story of hardship or by sending a parcel detained by customs, for which the victim needs to pay money to release and receive x Sextorsion Use of compromising personal images to ask for money under the threat of sending the photos to friends and family Gaming scams—scams using entertainment to lure victims (continued)

332

C. Riefa

Table 15.1 (continued) Scam Fake Quizzes

Description Instagram Twitter Facebook x What kind of character from [tv show, etc.] are you? Quiz asking for personal and bank details and starting to charge money monthly, unbeknown to the consumer Trading Scams—scam developing in a seemingly commercial relationship for the provision of goods (incl. digital) or services x x Scam Gift/ Using logos of known brand, the scam vouchers requires claiming vouchers by liking or sharing the link to a scam survey with personal details which enable scammers to steal identity. A variation may enable gaining control of the social media account x x ‘Free’ stuff Use lure of ‘free’ to obtain personal account details (often through spyware or details given by consumer). Includes hoverboard, iphones, flight tickets, etc. x Fake lottery or Victim is contacted via messaging to inform a prize has been won. To access the said prize, competition winner needs to provide personal information win as well as pay fees or taxes. Variations include messages with a link to malware or message coming from a hijacked account form a family or friend’s profile x Links to websites are advertised on social Fake product media (through hacked accounts). They lead sales to shops selling fake merchandise or (counterfeit) completely bogus sites extracting credit card information x Fake fan pages Page running a competition and asking fans to participate by linking the page, sharing and commenting on the page Products non Consists in taking orders and money but not x delivered delivering the goods X (1) x (2) X (4) Bitcoin scams Targeted at bitcoin users or wannabe users. (3) The scams exploit what makes bitcoin desirable (decentralized, anonymous and irreversible). This includes a number of scams also references elsewhere in this table. Money flipping offering to increase the amount of bitcoin in one’s account—emptying it instead (1); bitcoin phishing claiming clicking on link will earn bitcoins, but instead installs malware (2); Phishing bitcoin brand impersonators asking consumers to check status on database asking consumers to enter private key (3); pyramid schemes and cloud mining schemes (4) (continued)

15  Consumer Protection on Social Media Platforms: Tackling the Challenges of Social… 333 Table 15.1 (continued) Scam Bad products Subscription traps Click farms & botnets click fraud

Description Consumers receive a product that does not do what it claims. No refund issued Consumers subscribe to a free trial, which includes a covert subscription Fake ‘likes’ inflate the popularity of pages on social media. Reliant on very cheap human labour. An equivalent technique consists in using a botnet set up for click fraud using computers to create fake traffic without their owners’ knowledge

Instagram Twitter Facebook x x x

x

Source Christine Riefa—using examples of scams collected through online and desk research: between 27 July and 16 August 2017

a

social media and appropriate uses, although it cannot be the only measure adopted. Indeed, according to the Symantec Internet Security Threat Report 2016, ‘many scams still rely on the poor security habits of the general public to succeed’.48 Besides, manual sharing was the most popular way to spread scams in 2015 representing 76% of cases recorded (up from 70% in 2014) followed by fake offering (17% down from 23% the previous year), like jacking (5%, remaining stable) and fake apps (2% and 1% in 2014).49 With manual sharing, the scammers rely on the victims to share the scam with their friends by providing intriguing video content, fake offers, etc. For fake offerings, the scammers invite users to join a fake event of group lured by an incentive. This technique normally asks users to provide credentials or send a premium rate text. LikeJacking uses fake like buttons to trick users into clicking on website buttons that install malaware.50 Similarly, unfair commercial practices, as well as poor retail practices, can often be spotted by consumers that are sufficiently knowledgeable. Changing the habits of consumers and help them become more Internet savvy is therefore important for any suite of solutions to be fully effective, but any legislative solution relying on an ever-increasing amount of information communicated to consumers as the main way forward would be flawed.51 Using legislation on Unfair Commercial Practices is also an important part of combatting unfair commercial practices and increasing consumer protection in social commerce. However, at least at the EU level, it is clear that the pre-existing legislative instruments do not always facilitate an easy route to enforcement for national enforcers or consumers themselves and that some key changes to the legis-

 Symantec (2016), p. 27.  Ibid, p. 30. 50  Ibid. 51  See Siciliani et al. (2019) who argue that one of the limitations of consumer law is to rely on the neo-classical model of regulation where information is king, when it is in fact rational for consumers not to pay attention to the plethora of information provided. 48 49

334

C. Riefa

lation would be necessary.52 Besides, looking at international level, there are a lot of differences in the way the practices would be controlled. Therefore, complementary solutions may need to be found elsewhere.

4.1  Self-regulation of Social Media Platforms There is some evidence that platforms do go some way to assist users. They have a reputational incentive in ensuring that users of their platforms are not subjected to practices that may affect their trust. A lot of activity is noticeable on trolls, protecting intimate images and looking at the safety of children. No platforms however seem to provide any kind of redress to consumers falling victims of scams or if the consumer buys a product that is not suitable or is never received for example. There is also very little offered by way of assistance to differentiate between good and bad traders, although solutions along the lines of algorithms identifying scams are starting to develop. Airbnb notably provides warnings about how to avoid scams had has adopted a real-time detection system that uses machine learning and predictive analytics to evaluate hundreds of risk signals to spot fake listings on its platform and flags these to stop bad actors and scams before they can harm consumers.53 Facebook enable users to identify content appearing on their timeline as scams, or block or remove pages. Blue and grey badges also appear in pages search results indicating that a page is verified by Facebook. The help pages offer some light advice on how to report fake accounts. However, when it comes to helping consumers victims of scams, the responses from the help centre are not particularly helpful. There does not seem to be much available to advise consumers who may have bought goods and services via the platform’s intermediary if things go wrong. Yet, it is clear that platforms are able to act if they chose to. Their user agreements enable them to terminate their agreement with anyone violating their rules. So far, however, the benefits of self-regulation remain limited and while account blocking is a daily occurrence, the action tends to focus on manifestly illegal material or repeated offences to the social media platform’s terms of use. Leaving enforcement to the platforms alone is unlikely to work while those businesses are driven by shareholders’ values seeking to maximise profits from advertising unless there is a clear incentive to do so to retain consumer trust. However, platforms may currently lack the motivation to act, because the scale of the problem is not yet sufficiently acute to deter users from engaging with the platforms. Regulatory solution may need to come to the fore to offer more viable protection. However, the new deal

 Riefa and Clausen (2019). Also see Siciliani, Riefa, Gamper supra n 71 who advocate the creation of a general and positive duty to trade fairly which could be done via an extensive application of the general clause under Article 3 UCPD and in particular the notion of professional diligence. 53  Consumers International (2019), p. 17. 52

15  Consumer Protection on Social Media Platforms: Tackling the Challenges of Social… 335

and improved transparency in the EU does not tackle the issue.54 Other regulatory obstacles such as the territoriality of the consumer laws in place in the EU55 and the liability regime in operation explain apathy in this area. There is also an issue of competition as platforms rely on network effects and there are after all very few alternatives to Facebook and other social media platforms. In addition, ownership of platforms also reveals that moving from one platform to another may not solve the issue for consumers. For example, Facebook also owns Instagram and WhatsApp amongst others meaning that consumers are often ‘trapped’ and cannot vote with their feet.

4.2  Regulation of Liability of Social Media Platforms The question of liability thus becomes central to protecting users on social media platforms that engage in social commerce activities. Liability regimes vary across the world. In the USA, intermediaries are protected by safe harbours rules that seem difficult to bring down. By contrast, Chinese law adopts a very restrictive regime and puts pressure on intermediaries that have knowledge of infringing activities without necessarily having much control over them.56 In addition, some provisions expect that business operators (which would include social media platforms) to compensate consumers that are victim of a fraud. Punitive damages can be imposed leading to consumers recovering more than they have actually lost. It is therefore placing the bar very high expecting social media platforms to act as gate keepers. In the EU, there has long been debate as to how much liability online intermediaries should shoulder when transactions occurring or originating on their platforms go wrong.57 This is especially so because the liability regime set out by the E-commerce Directive (ECD)58 offers, at least on face value, a generous system of protection. It provides an exemption from liability for illegal content and activities, in respect of which the platforms, acting as a mere conduit or host, do not have control or knowledge over, and upon obtaining such knowledge acts expeditiously to disable access.59

 Supra n 46.  BEUC (2017). 56  For a discussion of liability regimes for intermediaries in China, the USA and Europe, see Riefa and Mo (2016). The liability principles for market places would apply to social media. 57  See for example concerning the liability of online auction sites and touching on search engines, Riefa (2015), p. 175. 58  Council Directive (EC) 2000/31/EC of 08 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the internal market OJ L178/1. 59  Ibid, Art 14. 54 55

336

C. Riefa

The case law from the European Court of Justice largely predates social media but is applicable to their liability.60 It did however very much reduce the scope of this exemption. In a number of key cases concerning search engines and online retail platforms, it opted for a restrictive application of Article 14(1) and only grants immunity to neutral hosts that behave like diligent economic operators in their discovery and removal of any litigious materials.61 In addition, when intermediaries are found to exercise decisive influence over the way a service is provided, they can be barred from benefiting from the legal classification of information society services altogether (and not just the immunity of Article 14) despite meeting all of its criterion.62 In addition, under Article 15 ECD, it is not possible for Member States to impose general monitoring obligation on online platforms.63 However, ‘Article 1(3) of the e-Commerce Directive also makes it clear that the e-Commerce Directive “complements Community law applicable to information society services without prejudice to the level of protection for, in particular, public health and consumer interests, as established by Community acts and national legislation implementing them in so far as this does not restrict the freedom to provide information society services”. This means that the e-Commerce Directive and relevant EU consumer acquis apply in  They fall squarely within the remit of the ECD. They provided a service normally provided for remuneration, at a distance, by electronic means and at the individual request of a recipient of services. The provision of personal data in exchange for the use of the service can indeed be considered remuneration. The CJEU recognised that the remuneration did not have to be paid by those to whom a service was supplied in Bond van Adverteerders. For the problems recognising data as counterperformance may engender, see European Data Protection Supervisor, Opinion 4/2017, on the proposal for a Directive on certain aspects concerning contracts for the supply of digital content (14 March 2017), https://edps.europa.eu/sites/edp/files/publication/17-03-14_opinion_digital_content_en. pdf. 61  See Joined Cases Google France SARL, Google Inc v Louis Vuitton Malletier SA and v Viaticum SA, Luteciel SARL; Google France SARL v Centre National de Recherche en relations humaines (CNRHH) SARL, Pierre Alexis Thonet, Bruno Raboin, Tiger SARL; See also L’Oréal SA and Others v eBAy International AG and Others. In CG v Facebook Ireland Ltd and Joseph McCloskey, Facebook failed to take down pages that identified a sex offender and disclosed details about his offences and geographical location, despite having knowledge of the existence of the pages on its service. Facebook was fined. 62  In Asociación Profesional Élite Taxi v Uber Systems Spain SL, the court explained: ‘the intermediation service provided by Uber is based on the selection of non-professional drivers using their own vehicle, to whom the company provides an application without which (i) those drivers would not be led to provide transport services and (ii) persons who wish to make an urban journey would not use the services provided by those drivers. In addition, Uber exercises decisive influence over the conditions under which that service is provided by those drivers. On the latter point, it appears, inter alia, that Uber determines at least the maximum fare by means of the eponymous application, that the company receives that amount from the client before paying part of it to the non-professional driver of the vehicle, and that it exercises a certain control over the quality of the vehicles, the drivers and their conduct, which can, in some circumstances, result in their exclusion.’ 63  In J20 v Facebook Ireland Ltd, Facebook was fined for failing to remove information that it had knowledge of. The Court of Appeal disagreed with the argument that the platform knew or ought to have known about the content without the need to be notified simply because it was similar to content previously found to be unlawful. 60

15  Consumer Protection on Social Media Platforms: Tackling the Challenges of Social… 337

principle in a complementary manner.’64 Thus, it is possible for national legislation to impose specific obligations on social media platforms, although it is not clear how those could take effect. The Commission announced that it planned to maintain a balanced and predictable liability regime for online platforms, although it will tackle a number of specific issues relating to illegal and harmful content65 through some reforms of the liability environment. Concerning consumer protection, no changes to the regime under Art. 14 are envisaged. The trend however is very much towards less protection for intermediaries, although, the Commission explained that taking voluntary proactive measures does not automatically lead to the hosting service provider concerned losing the benefit of the liability exemption provided for in Article 14 of Directive 2000/31/EC.66 In 2017, the EU Commission required that social media companies comply with consumer protection rules and ‘remove any fraud and scams appearing on their websites that could mislead consumers, once they become aware of such practices. In this connection, national consumer protection authorities should have a direct and standardised communication channel to signal such wrongdoings to social media operators (for example infringing the Unfair Commercial Practices Directive or the Consumer Rights Directive) and obtain take down of content, as well as information concerning the traders responsible for the infringements.’67 This measure is limited to the companies that have been targeted by the enforcement authorities, namely Facebook, Twitter and Google +. In addition, the European Commission Recommendation from March 201868 which builds on The European Commission Guidelines that were issued in September 201769 explains: ‘The Commission’s work is motivated by concerns that the removal of illegal content online continues to be insufficiently effective – incitement to terrorism, illegal hate speech, or child sexual abuse material, as well as infringements of Intellectual Property rights and consumer protection online need to be tackled across the EU with determination and resolve.’ It places consumer protection alongside IP rights infringement giving consumer law the profile it deserves and ought to make enforcement more effective moving forward. The inclusion of consumer protection in this Recommendation also means that the new tools such as the general recommendation relating to all type of illegal content, becomes applicable to consumer law violations. This is an ­acknowledgment that content that contravenes consumer protection laws is illegal and failing to remove it promptly under the procedures laid down in application of Article 14  SWD (2016) 163 final, p. 126.  COM (2016) 288 final, pp. 7–8. 66  European Commission (2017) Tackling Illegal Content Online  – Towards an Enhanced Responsibility of Online Platforms, COM (2017) 555 final, p. 12. 67  For full details, see European Commission Press Release (2017). 68  European Commission Recommendation on measures to effectively tackle illegal content online, C (2018) 1177 final. 69  COM (2017) 555 final. 64 65

338

C. Riefa

could lead to liability of the intermediary. This is an important step forward. In the context of online auctions, I have elsewhere defended the idea that ‘the principle under which an intermediary could have liability for all third party content hosted, if it was contrary to unfair commercial practices or unfair terms legislation for example, can be established even if in practice some amendments to legislation were necessary to make it a reality’.70 The Recommendation goes some way to recognising officially this principle. The Recommendation also clears the way for a notice process to be elaborated to report consumer law violations, as well as the use of software for their detection. Indeed, Recommendation 18 states that ‘hosting service providers should be encouraged to take, where appropriate, proportionate and specific proactive measures in respect of illegal content. Such proactive measures could involve the use of automated means for the detection of illegal content only where appropriate and proportionate and subject to effective and appropriate safeguards, in particular the safeguards referred to in points 19 and 20’. Where automated means are used, Recommendation 20 explains: ‘effective and appropriate safeguards should be provided to ensure that decisions taken concerning that content, in particular decisions to remove or disable access to content considered to be illegal content, are accurate and well-founded. Such safeguards should consist, in particular, of human oversight and verifications, where appropriate and, in any event, where a detailed assessment of the relevant context is required in order to determine whether or not the content is to be considered illegal content.’ However, there is still a long way to go. One of the main difficulties resides in defining precisely what the social media platforms, using software or manpower, would have to look for by way of consumer law violations and how to police them. Take for example, an obviously fake item advertised on Pinterest. If the advert contains the wording ∗∗fake designer sofa∗∗ a trademark violation may be easy to identify. But the advert is not misleading from a consumer law’s point of view, although it should clearly raise some alarm bells. Similarly, if the advert contains some terms and conditions, one clause excluding any liability for any defect for example, it would be easy to detect on wording alone. In the EU, this term would be clearly unfair and should be struck off as such. But for other terms, the process may be more complex. Indeed, under the EU law, terms are to be interpreted taken the economy of the contract as a whole. This means that some terms that, on face value, have a propensity for unfairness, may be considered valid, when the contract is read in its entirety.71 Turning to unfair practices, it is not always easy to determine if a consumer would have taken a different transactional decision, if the unfair practice had not been in place. There are however areas where human or algorithmic detection could be facilitated with devising the right checklists, starting, for example, with the list of 21 banned practices in the Unfair Commercial Practices Directive.

70 71

 Riefa (2015), p. 216.  For a possible model, see Micklitz et al. (2017), pp. 367–388.

15  Consumer Protection on Social Media Platforms: Tackling the Challenges of Social… 339

4.3  Bolstering Enforcement In an ideal world, self-regulation ought to be sufficient to tackle consumer protection challenges on social media platforms. Platforms should ensure the users selling via their intermediary apply high standards of consumer satisfaction and address any issues. However, should this fail to gather sufficient pace, and liability of intermediary be changed (to force this level of supervision), using a private and/or public enforcement framework will be necessary. The discussions currently ongoing on the creation of an EU collective action72 could provide some impetus for improved private consumer law enforcement and the involvement of consumer associations in the protection of social media users.73 A collective action has been launched against Facebook by a number of consumer associations in Italy, Belgium and Portugal. But collective actions are not freely available everywhere. Therefore, public enforcement remains often the only viable option for many consumers. 4.3.1  A  ccurately Recording Consumer Problems to Help Target Responses One of the key steps to enable better enforcement is to devise a system whereby information on scams and other consumer law violations can be accurately recorded. There is currently an obvious gap in the data available and developing a set of measures to record scams and other consumer law violations, as well as their sources or place(s) of operation would be useful to protect consumers more effectively. Exploring the development of a taxonomy of consumer law violations is vital for all stakeholders to be able to focus their efforts in the right places. Improving current recording processes for scams, as well as develop others, is essential because it is not just scams that are causing consumers detriment. Sales of goods that are not of satisfactory quality, or for which the seller does not offer an appropriate right to return for example, also need documenting. Social networking platforms are best placed to gather such data if it is reported to them, but other stakeholders (consumer associations, enforcers, etc.) could also compile such data from the complaints they may become privy to. Collaborations between all entities to create a workable and international taxonomy would greatly improve the way intervention and protection could be directed. This taxonomy could in turn be used to use software to identify and flag obvious consumer law protection violations, which would go some way in identifying and neutralising users that do not play by the rules.

72 73

 European Commission Press Release (2018).  See European Commission (2018), p. 97, par. 7.5.

340

C. Riefa

4.3.2  Cooperation of Social Media Platforms with Enforcers There is legislation to control poor retail practices, unfair commercial practices and the scams we have highlighted above, providing that enforcement authorities can identify the social media user who perpetrates them and mount a convincing case. For example, in the UK, it is feasible that the creation of a fake social media account can be construed as a criminal offence. Similarly, ‘revenge porn’ is a criminal offence under Section 33 of the Criminal Justice and Courts Act 2015, which sanctions the ‘disclosure of private sexual photographs or films without the consent of an individual who appears in them and with intent to cause that individual distress’. This would also be applicable to ‘sextorsion’, a case of ‘blackmail’, also sanctioned by the law.74 In addition, the scams, which are misleading consumers either by omission or by action, would fall under the remit of the Unfair Trading Regulations 2008, with the limitations we have already hinted at. But to be efficient, it is essential that social media platform disclose information that they hold about the scammers in an efficient manner. That is of course, providing that the scammer was not using a fake account and thus being untraceable. In the EU, Article 19(1) of the E-Commerce Directive states that ‘Member States shall have adequate means of supervision and investigation necessary to implement this Directive effectively and shall ensure that service providers supply them with the requisite information.’ This feasibly includes details pertaining to identity and account activity. Many jurisdictions do require, on court orders at least, that social media platform release the necessary information. But such solution does take time and ensuring social media platforms’ collaboration without the need for a court order may be preferable although there is no guarantee that it will always be more efficient. The reluctance of social media platforms to collaborate with enforcers is unfortunately a common occurrence, including in social media circles, as the case of Luxstyle, started by the Danish Ombudsman attests.75 The Commission Recommendation on measures to effectively tackle illegal content online provides some assistance. It includes some provisions to encourage cooperation between hosting services and member states. In particular, it provides for the creation of fast track procedures to process notices submitted by competent authorities, which could include consumer protection agencies.76 Besides, the Recommendation encourages that ‘Member States establish legal obligations for hosting service providers to promptly inform law enforcement authorities, for the purposes of the prevention, investigation, detection or prosecution of criminal offences, of any evidence of alleged serious criminal offences involving a threat to the life or safety of persons obtained in the context of their activities for the removal or disabling of access to illegal content, in compliance with the applicable legal requirements, in particular regarding the protection of personal data protection,

 Parliament UK (2014).  Consumers International (2017). 76  C (2018)1177 final, p. 13. 74 75

15  Consumer Protection on Social Media Platforms: Tackling the Challenges of Social… 341

including Regulation (EU) 2016/679’.77 This could without a doubt include some consumer protection legislation. Finally, the Recommendation also considers cooperation with what are called ‘trusted flaggers’ as well as between hosting services. It is also important to reflect on influencing social media platforms to ensure conformity to a high level of consumer protection. This is a place where consumer associations and enforcers, in particular, can play an important part by monitoring the market place and uncovering bad practices and alerting the public and enforcement authorities. Doing so and changing the practices in place can also have an important ripple effect. Smaller platforms tend to mimic larger ones and the spreading of best practices ought to have a positive impact. For this, a positive relationship between enforcers, consumer associations and platforms is key. Platforms could also be asked to inform consumers on the potential dangers of using their intermediary to make purchases. The practices identified via the tools described above could help platforms target areas where consumers clearly would need more information (alongside themselves taking action to neutralise users who are using their platforms for scams or poor practices). Equally, enforcers and other stakeholders ought to reflect on how best to use social media to communicate about consumer rights and ensure wide spread information.

4.4  International Enforcement Efforts There are here two main aspects to consider: scams on the one hand and unfair practices or poor retail practices on the other. There is a difference because scammers have malicious intent, whereas perpetrators of unfair commercial practices may not reach the bar for criminal prosecution, but the practices are nevertheless caught by the law. Responses to be brought concerning sales that require general redress (e.g. satisfactory quality issue and other problems falling under Sales of Goods Act or equivalent legislation, breach of contract, etc.) also need some attention but are normally within the realm of direct negotiation or use ADR/ODR as well as courts as redress mechanisms. Because the operation of the courts, ADR/ODR systems or direct negotiation between parties, is much broader than the scope of this chapter, they will not be discussed here. Satisfactory protection however can only be achieved if such solutions are easily available to consumers and are affordable. To solve the most excessive practices noted to take place on social media, international cooperation is paramount. In Europe, the forthcoming CPC Regulation promises to drastically improve how national enforcers cooperate. This is essential because scammers, in particular, have a habit to target jurisdictions they are far removed from to avoid detection and prosecution. Criminal prosecution is notably difficult across borders and often this discourages enforcement authorities to act because of costs and the difficulties to gain enforcement. Similarly, enforcing unfair 77

 Ibid.

342

C. Riefa

commercial practices is equally difficult across borders. To be most effective, legislation dealing with unfair commercial practices does therefore need to be able to catch practices originating beyond the borders of a particular state. In the EU, the unfair commercial practices Directive can feasibly apply beyond the EU borders and Member States lines. This is because, Article 6(1) of Regulation No 864/2007 on the law applicable to non-contractual obligations (Rome II) states: ‘The law applicable to a non-contractual obligation arising out of an act of unfair competition shall be the law of the country where competitive relations or the collective interests of consumers are, or are likely to be, affected.’ Thus, the Commission Guidance states that when those conditions are fulfilled, e.g. if misleading advertising is targeted to the EU consumers and this harms the collective interests of the EU consumers, the UCPD will be applicable.’78 Networks of enforcers, with adequate training to detect unfair practices and scams on social media sites and legislation at their disposal enabling them to act are therefore key ingredients to ensure consumers are protected. This may require that existing networks (ICPEN, for example, as well as regional networks) lend a hand to train and share best practices with countries where there is a need. Consumer associations can also assist consumers in countries where they have some powers to do so, for example, through bad publicity for platforms that allow such practices, as well as enforcement via representative actions.

5  Conclusion Social commerce is developing and could become the next big thing providing payment system solutions, and technological tools can provide a seamless experience to users. Social commerce is also bringing its own set of challenges, including the size of the medium used to consult social media sites (more often on mobile phones than on PCs) and the community feel it creates. This impacts on the way users interact and place their trust in a retail relationship. Current consumer protection legislation goes some way to provide consumers with rights should a transaction go wrong or an advert prove misleading. However, it does not yet fully cater for social commerce and leaves some gaps. The growth of social media scams and the role of social influencers are two key trends that show the dangers of social media. Those, as well as challenges relating to buying and selling on social media platform, would be best tackled by ensuring social media platforms are willing to self-regulate and impose standards that are conducive of trust. Failing this, it seems inevitable that the question of the platforms’ liability will need revisiting. The Commission Recommendation from March 2018 paves the way for better consumer law enforcement on social media (and other online) platforms but it is unlikely to yield the  SWD (2016) 163 final. However, enforcement is likely going to be expensive unless the countries in which the perpetrators are established have reciprocal arrangements with the country where consumer harm is detected. 78

15  Consumer Protection on Social Media Platforms: Tackling the Challenges of Social… 343

expected results in the immediate future as it lacks binding force. As a reform of the e-commerce directive is unlikely in the near future, it leaves enforcement as the primary tool to protect consumers. The limitations of ADR, as well as access to court, have been well documented. They will remain an obstacle to consumer protection in social commerce given the often-transnational nature of the relationships formed by the consumer. This means that public enforcement is the best tool to achieve better consumer protection in social commerce. Much improvements are necessary to improve the enforcement machinery especially across border and improve the technical capabilities of enforcers. However, it is not out of reach and the recent Cambridge Analytica scandal and the rising profile of scams and social media influencers problem may well have given sufficient impetus to move towards higher expectations being placed on platforms.79

References Alba D (2016) Get ready to buy stuff straight through Instagram. Wired. https://www.wired. com/2016/11/get-ready-buy-stuff-straight-instagram/ Api2cart (2016). https://api2cart.com/ecommerce/social-commerce-end-2016-trends-statistics/ ASA (2013) Nike UK Ltd (4 September 2013). https://www.asa.org.uk/rulings/nike-uk-ltda13-229986.html ASA (2016) Alpro (UK) Ltd (21 September 2016). https://www.asa.org.uk/rulings/alpro-uk-ltda16-344134.html BEUC, Vzbv (2017) The challenge of protecting EU consumers in online global markets. https:// www.vzbv.de/sites/default/files/downloads/2017/11/08/17-11-08_brochure-vzbv-beuc-lr3.pdf CG v Facebook Ireland Ltd and Joseph McCloskey [2016] NICA 54 Chen Y (2016) Why buy buttons on Pinterest and Instagram haven’t taken off for retailers. Digiday. https://digiday.com/media/buy-buttons-pinterest-instagram-havent-taken-off-retailers/ CJEU, Asociación Profesional Élite Taxi v Uber Systems Spain SL, Case C 434/15, judgement of 20 December 2017 CJEU, Bond van Adverteerders and Others v. The Netherlands State, Case C 352/85, judgement of 26 April 1998 CJEU, Google France SARL, Google Inc v Louis Vuitton Malletier SA, Case C236/08, Judgment of 23 March 2010 CJEU, Google France SARL, Google Inc v Viaticum SA, Luteciel SARL, Case 237/08, Judgement of 23 March 2010 CJEU, Google France SARL v Centre National de Recherche en relations humaines (CNRHH) SARL, Pierre Alexis Thonet, Bruno Raboin, Tiger SARL, Case C238/08, judgement of 23 March 2010 CJEU, L’Oréal SA and Others v eBAy International AG and Others, Case C 324/09, judgement of 12 July 2011 CMA (2015) Online reviews and endorsements: report on the CMA’s call for information CMA41 CMA (2016a) Open letter guidelines. https://www.gov.uk/government/uploads/system/uploads/ attachment_data/file/545227/An_open_letter_to_marketing_departments_marketing_agencies_and_their_clients.pdf

79

 Siciliani et al. (2019) who advocate the creation of a general and positive duty to trade fairly.

344

C. Riefa

CMA (2016b). Social Chain (11 August 2016). https://www.gov.uk/cma-cases/ non-disclosure-of-paid-endorsements-social-media Consumers International (2017) How can we better protect consumers in a globalised digital world. http://www.consumersinternational.org/news-resources/blog/ posts/20170704-how-can-we-better-protect-consumers-in-a-globalised-digital-world/ Consumers International (2019) Social Media Scams: understanding the consumer experience to create a safer digital world. https://www.consumersinternational.org/media/293343/socialmedia-scams-final-245.pdf Digital, Culture, Media and Sports Committee (2019) Disinformation and Fake News. https://www.parliament.uk/business/committees/committees-a-z/commons-select/ digital-culture-media-and-sport-committee/inquiries/parliament-2017/fake-news-17-19/ European Commission (2018) Behavioural study on advertising and marketing practices in online social media, Final report. https://ec.europa.eu/info/sites/info/files/osm-final-report_en.pdf European Commission (June 2014) DG Justice Guidance on the Consumer Rights Directive. https://ec.europa.eu/info/sites/info/files/crd_guidance_en_0.pdf European Commission, Communication on Online Platforms and the Digital Single Market Opportunities and Challenges for Europe, COM (2016) 288 final European Commission, Communication on Tackling Illegal Content Online  – Towards an Enhanced Responsibility of Online Platforms, COM (2017) 555 final European Commission Press Release (2017) The European Commission and Member States consumer authorities ask social media companies to comply with EU rules. http://europa.eu/rapid/ press-release_IP-17-631_en.htm European Commission Press Release (2018) A new deal for consumers: commission strengthens EU consumer rights and enforcement. http://europa.eu/rapid/press-release_IP-18-3041_en.htm European Commission, Recommendation on measures to effectively tackle illegal content online, C (2018) 1177 final. https://ec.europa.eu/digital-single-market/en/ illegal-content-online-platforms European Commission Staff Working Document, Guidance on the implementation/application of Directive 2005/29/EC on Unfair Commercial Practices SWD (2016) 163 final European Data Protection Supervisor (March 2017) Opinion 4/2017, on the proposal for a Directive on certain aspects concerning contracts for the supply of digital content. https://edps.europa.eu/ sites/edp/files/publication/17-03-14_opinion_digital_content_en.pdf European Parliament (2017) Resolution of 15 June 2017 on Online Platforms and the Digital Single Market. 2016/2276(INI). http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-// EP//NONSGML+TA+P8-TA-2017-0272+0+DOC+PDF+V0//EN European Parliament (2018) Briefing modernisation of EU consumer protection rules. http://www. europarl.europa.eu/RegData/etudes/BRIE/2018/623547/EPRS_BRI(2018)623547_EN.pdf Evans PC, Gawer A (2015) The rise of the platform enterprise, a global survey. The Centre for Global Enterprise. http://thecge.net/wp-content/uploads/2016/01/PDF-WEB-PlatformSurvey_01_12.pdf Forbrukertilsynet (2018) The Consumers’ Authority’s guidance on labelling advertising in social media. https://www.forbrukertilsynet.no/english/guidelines/ the-consumer-ombudsmans-guidance-on-labelling-advertising-in-social-media FTC (2013) Guidelines. https://www.ftc.gov/sites/default/files/attachments/press-releases/ftcstaff-revises-online-advertising-disclosure-guidelines/130312dotcomdisclosures.pdf Gibreel, Alotaibi, Altmann (2018) Social commerce development in emerging markets. Electron Commer Res Appl 27:152 House of Lords (2016) Select Committee on European Union, Online Platforms and the Digital Single Market (HL Paper 129) Huang Z, Benyoucef M (2017) The effects of social commerce design on consumer purchase decision-making: an empirical study. Electron Commer Res Appl 25:40 ICPEN (2019) Initiatives. https://www.icpen.org/initiatives J20 v Facebook Ireland Ltd[2016] NIQB 98

15  Consumer Protection on Social Media Platforms: Tackling the Challenges of Social… 345 Liang, Turban (2011) An introduction to the special issue on social commerce: a research framework for social commerce. Int J Electron Commer 16(2):5–13 Micklitz H-W, Pałka P, Panagis Y (2017) The Empire strikes back: digital control of unfair terms of online services. JCP 40(3):367–388 OECD (2016) Protecting consumers in peer platform markets, exploring the issues, 2016 Ministerial meeting on the digital economy, Background report. OECD Digital Economy Papers no. 253 OFCOM (2017) Communication Market Report 2017, United Kingdom. https://www.ofcom.org. uk/__data/assets/pdf_file/0017/105074/cmr-2017-uk.pdf Parliament UK (2014) Communications Committee, Social media and criminal offences. https:// publications.parliament.uk/pa/ld201415/ldselect/ldcomuni/37/3704.htm Riefa C (2015) Consumer protection and online auction platforms, towards a safer legal framework. Ashgate, Farnham Riefa C, Clausen L (2019) Online reviews: the new deal is missing the mark on the control of digital influencers’. EuCML 8(2): 64-74 Riefa C, Markou C (2014) Online marketing: advertisers know you are a dog on the Internet! In: Savin A, Trzaskowski J (eds) Research handbook on EU Internet law. Edward Elgar, Cheltenham Riefa C, Mo JYC (2016) Mind the gap: modelling the liability of online auction intermediaries and market places in Hong Kong on the EU regime. Chin J Comp Law:1–26 Scamwatch (2018). https://www.scamwatch.gov.au/about-scamwatch/scam-statistics Siciliani P, Riefa C, Gamper H (2019) Consumer theories of harm  – an economic approach to consumer enforcement and policy making. Hart, Oxford Statista (2017). https://www.statista.com/statistics/250909/brand-engagement-of-us-onlineshoppers-on-pinterest-and-facebook/ Statista (2019a). https://www.statista.com/statistics/278414/number-of-worldwide-socialnetwork-users/ Statista (2019b). https://www.statista.com/statistics/271406/advertising-revenue-of-socialnetworks-worldwide/ Symantec (2016) ISTR 21:30 TNO (2015) Digital platforms: an analytical framework for identifying and evaluating policy options. TNO 2015 R11271. https://www.rijksoverheid.nl/documenten/rapporten/2015/11/09/ digital-platforms-an-analytical-framework-for-identifying-and-evaluating-policy-options Trzaskowski J (2011) User-generated marketing – legal implications when word-of-mouth goes viral. Int J Law Inf Technol 19:8 Weichel A (2017) Top scams of 2016 include fake endorsements from online ‘influencers’. http://bc.ctvnews.ca/top-scams-of-2016-include-fake-endorsements-from-online-influencers-1.3307091 Yang, Li, Kim (2015) Social shopping website quality attributes increasing consumer participation, positive eWOM, and co-shopping: the reciprocating role of participation. Retail Consum Serv 24:1–9

Chapter 16

The 2018 New Deal on Better Enforcement and Modernisation of EU Consumer Law: An Actually Good Digital Deal? Thalia Prastitou Merdi

Abstract  As part of its ‘New Deal for Consumers’, the European Commission brought forward, on 11 April 2018, a legislative package comprising of two proposals for directives encompassing substantial reforms in the area of consumer law. The first is a proposal for a directive on better enforcement and modernisation of European Union consumer protection rules. What is really interesting to note is that although this proposal forms part of the “New Deal”, it is not bringing forward purely new legislation but instead amendments to already established EU consumer protection rules that, according to the Commission, are essential for adjusting these legislative documents to the development of the digital sphere. After providing some background information, this chapter proceeds to an analysis of the four fundamental changes brought forward by the Proposal aiming to shed light on the question of whether it improves or not the substance of EU consumer protection legislation. These changes are consumer access to individual remedies for unfair commercial practices, simplifications for businesses, transparency requirements for online marketplaces and the addition of ‘free’ digital services to the scope of the Consumer Rights Directive. This chapter concludes its analysis by answering the question of whether this Proposal forms, after all, a good or a bad digital deal.

1  I ntroduction: An Amending Proposal Rather Than a Brand New Legislative Initiative As part of its ‘New Deal for Consumers’ (New Deal), the European Commission (or Commission) brought forward, on 11 April 2018, a legislative package comprising of two proposals for directives encompassing substantial reforms in the area of consumer law. The first, and the topic of this chapter, is a proposal for a directive on better enforcement and modernisation of the European Union (EU) consumer

T. Prastitou Merdi (*) European University Cyprus, Nicosia, Cyprus e-mail: [email protected] © Springer Nature Switzerland AG 2020 T.-E. Synodinou et al. (eds.), EU Internet Law in the Digital Era, https://doi.org/10.1007/978-3-030-25579-4_16

347

348

T. Prastitou Merdi

protection rules1 (the Proposal), containing substantive law improvements, brought forward in particular in light of developments in the digital sphere.2 The second one is a proposal, of a procedural law character, for a directive on representative actions for the protection of the collective interests of consumers replacing Directive 2009/22/EC.3 Both proposals follow up on the REFIT Fitness Check of EU consumer and marketing law (REFIT)4 and the evaluation of Directive 2011/83/EU (CRD evaluation)5 published together on 23 May 2017. Although both reports concluded that the substantive consumer protection provisions of the Directives examined are overall fit for purpose, some of their aspects could benefit from improved enforcement and modernisation. Secondly, the proposals respond to recent large-scale abusive practices, such as the Dieselgate scandal, that “sparked a debate about whether the EU has strong enough mechanisms in place to handle such issues, namely to effectively enforce consumer protection rules and provide redress to harmed consumers”6 or the widespread use of unfair contract terms in mortgage contracts by banking institutions. What is really interesting to note is that although the Proposal forms part of the “New Deal”, it is not bringing forward purely new legislation but instead amendments to already established EU consumer protection rules. More specifically, the Proposal includes amendments to four different directives, these being the Unfair  Proposal for a Directive of the European Parliament and of the Council as regards better enforcement and modernisation of EU consumer protection rules COM (2018) 185 final. 2  What shall be noted is that although, in the context of the ordinary legislative procedure, in January 2019 the European Parliament Internal Market and Consumer Protection (IMCO) Committee adopted its report on the Proposal, this chapter and the analysis found herein is focussed solely on the Commission Proposal of April 2018 as it appeared up to March 2019. 3  Proposal for a Directive of the European Parliament and of the Council on representative actions for the protection of the collective interests of consumers and repealing Directive 2009/22/EC COM (2018) 184 final. 4  European Commission (2017), Commission Staff Working Document, Report of the Fitness Check on Directive 2005/29/EC of the European Parliament and of the Council of 11 May 2005 concerning unfair business-to-consumer commercial practices in the internal market and amending Council Directive 84/450/EEC, Directives 97/7/EC, 98/27/EC and 2002/65/EC of the European Parliament and of the Council and Regulation (EC) No 2006/2004 of the European Parliament and of the Council (‘Unfair Commercial Practices Directive’); Council Directive 93/13/EEC of 5 April 1993 on unfair terms in consumer contracts; Directive 98/6/EC of the European Parliament and of the Council of 16 February 1998 on consumer protection in the indication of the prices of products offered to consumers; Directive 1999/44/EC of the European Parliament and of the Council of 25 May 1999 on certain aspects of the sale of consumer goods and associated guarantees; Directive 2009/22/EC of the European Parliament and of the Council of 23 April 2009 on injunctions for the protection of consumers’ interests; Directive 2006/114/EC of the European Parliament and of the Council of 12 December 2006 concerning misleading and comparative advertising, SWD (2017) 209 final. 5  Report from the Commission to the European Parliament and Council on the application of Directive 2011/83/EU of the European Parliament and of the Council of 25 October 2011 on consumer rights COM (2017) 259 final. 6  Ibid, pp. 2–3. 1

16  The 2018 New Deal on Better Enforcement and Modernisation of EU Consumer…

349

Commercial Practices Directive (UCPD),7 the Consumer Rights Directive (CRD),8 the Unfair Contract Terms Directive (UCTD)9 and the Price Indication Directive (PID).10 It “covers a range of slightly unrelated topics”11 including inter alia traders’ penalties for widespread cross-border infringements, consumers’ right to individual remedies, transparency for consumers on online marketplaces and protection in respect of free digital services, as well as flexibility for businesses regarding withdrawal rights. What must be made clear is that apart from the provision for penalties for widespread cross-border infringements, that is proposed to be applied to all four concerned directives, the rest of the amendments included in the Proposal affect solely the UCPD and the CRD. According to the Commission, these updates are essential as, apart from the need for better application and enforcement, as well as a need for reducing regulatory burdens in some areas, there is a need for modernisation of these rules in line with the development of the digital sphere.12 In relation to the latter need, one must not forget that all of the above directives constitute horizontal pieces of legislation, rather than sector specific, and, apart from the CRD, they do not distinguish between online or offline environments. Therefore, although in theory they “deal with new problems even if they were adopted before the age of e-commerce kicked in”,13 their application to contractual disputes arising in an online environment is not as unproblematic as it seems, and could consequently benefit from some of their provisions being brought into line with the uniqueness of the digital era. Looking at this Proposal one may wonder, inter alia,14 does it bring forward viable amendments that respond to the present needs of consumer contracting especially in the digital sphere? Are these enough? Does it therefore form an actually good digital deal? After providing a brief account of the REFIT and CRD evaluation as well as a rapid overview of the Dieselgate scandal by way of background, this chapter attempts to answer these questions focusing on the four fundamental changes brought forward by the Proposal affecting online consumer contracts.15

 Directive 2005/29/EC of the European Parliament and Council of 11 May 2005 concerning unfair business-to-consumer commercial practices in the internal market, OJ L 149/22. 8  Directive 2011/83/EU of the European Parliament and Council of 25 October 2011 on consumer rights, OJ L 304/64. 9  Council Directive 93/13/EC of 5 April 1993 on unfair terms in consumer contracts, OJ L 95/29. 10  Directive 98/6/EC of the European Parliament and of the Council of 16 February 1998 on consumer protection in the indication of the prices of products offered to consumers, OJ L 80/27. 11  Šajn (2018), p. 2. 12  COM (2018) 185 final, p. 1. 13  SWD (2017) 209 final, p. 76. 14  Another question could be whether the proposed amendments respond fully to the findings of the two evaluation reports. 15  The changes discussed affect either solely online consumer contracts or both online and offline consumer contracts. 7

350

T. Prastitou Merdi

2  Background: How Did We Get Here? 2.1  The REFIT and the CRD Evaluation Back in 2013, the European Commission announced, in its 2013 Regulatory Fitness and Performance (REFIT): Results and Next Steps Communication,16 its intention to undertake a fitness check of legal acts related to consumer rights and advertising. The detailed scope of this exercise was set up in a Roadmap17 published in December 2015 and included six directives, these being the UCPD, the UCTD, the PID, the Consumer Sales Directive,18 the Misleading and Comparative Advertising Directive19 and the Injunctions Directive.20 The REFIT check aimed to evaluate whether these six directives remained fit for purpose based on five criteria: these being effectiveness, efficiency, coherence, relevance and EU added value. Additionally, based on the same Roadmap a separate evaluation was going to take place, in parallel, regarding the CRD, in accordance to its Article 30. Both evaluations reports were published together on 23 May 2017.21 Although both evaluations concluded that substantive EU consumer rules, found in all seven directives, were overall fit for purpose and had positively contributed to the functioning of the business-to-consumer internal market providing a high level of consumer protection, some of their provisions could benefit from improved enforcement and modernisation to adjust to the developments of the digital sphere. The REFIT evaluation report “found that further improving the overall effectiveness, efficiency and coherence of the six Directives [concerned] requires three strands of action: 1) ensuring that not only consumers, traders and their associations, but also judges and other legal practitioners, have better knowledge of all rights and duties under this part of EU consumer and marketing law; 2) ensuring stepped-up enforcement and easier redress when the substantive law provisions in question are breached; 3) considering targeted amendments to simplify the regulatory landscape where this is fully justified”.22 In relation to the second and third  Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions Regulatory Fitness and Performance (REFIT): Results and Next Steps, COM(2013) 685 final. 17  http://ec.europa.eu/smart-regulation/roadmaps/docs/2016_just_023_evaluation_ consumer_law_en.pdf. 18  Directive 1999/44/EC of the European Parliament and Council of 25 May 1999 on certain aspects of the sale of consumer goods and associated guarantees OJ L 171/12. 19  Directive 2006/114/EC of the European Parliament and of the Council of 12 December 2006 concerning misleading and comparative advertising, OJ L 376/21. 20  Directive 2009/22/EC of the European Parliament and of the Council of 23 April 2009 on injunctions for the protection of consumers’ interests OJ L 110/30. 21  Supra n 4, n 5. 22  Commission Staff Working Document Executive Summary of the Fitness Check on Directive 2005/29/EC of the European Parliament and of the Council of 11 May 2005 concerning unfair business-to-consumer commercial practices in the internal market and amending Council Directive 16

16  The 2018 New Deal on Better Enforcement and Modernisation of EU Consumer…

351

strands of action, which are mostly related to the topic of this chapter, the Commission suggested the need to work on the lack of direct consumer rights under the UCPD to individual remedies, the need to strengthen the level of penalties for breaches of EU consumer law, as well as the need to reduce some of the information requirements provided in the UCPD as they are duplicated in the CRD. Furthermore, the CRD evaluation suggested, inter alia, that “targeted legislative interventions could help streamline and clarify the application of the Directive. In particular, it should be considered to extend the scope of the Directive to digital service contracts provided without the payment of a price and to provide further clarification concerning the rules applicable to digital content contracts, as well as introducing transparency requirements for online intermediaries.”23 Following the release of its reports, the Commission ran a public consultation from June to October 2017 “to gauge public opinion on a range of issues. The results of this consultation fed into what was announced as the “New Deal” Package in April 2018”.24

2.2  The Dieselgate Scandal Furthermore, apart from the consumer acquis evaluations, back in autumn 2015, the United States Environmental Protection Agency reported that Volkswagen (VW) had installed illegally in 482,000 cars, sold in America in 2009,25 a “defeat device”, practically a software, in diesel car engines. This software installed assisted these cars in meeting exhaust pollution standards when monitored in tests but in reality their emissions exceeded by far the pollution limits. VW then admitted that about 11 million cars worldwide, including eight million in Europe, were fitted with this 84/450/EEC, Directives 97/7/EC, 98/27/EC and 2002/65/EC of the European Parliament and of the Council and Regulation (EC) No 2006/2004 of the European Parliament and of the Council (‘Unfair Commercial Practices Directive’); Council Directive 93/13/EEC of 5 April 1993 on unfair terms in consumer contracts; Directive 98/6/EC of the European Parliament and of the Council of 16 February 1998 on consumer protection in the indication of the prices of products offered to consumers; Directive 1999/44/EC of the European Parliament and of the Council of 25 May 1999 on certain aspects of the sale of consumer goods and associated guarantees; Directive 2009/22/EC of the European Parliament and of the Council of 23 April 2009 on injunctions for the protection of consumers’ interests; Directive 2006/114/EC of the European Parliament and of the Council of 12 December 2006 concerning misleading and comparative advertising. {SWD (2017) 209 final}, SWD(2017) 208 final, p. 4. 23  Commission Staff Working Document Executive Summary of the Evaluation accompanying the document Report from the Commission to the European Parliament and the Council on the application of Directive 2011/83/EU of the European Parliament and of the Council of 25 October 2011 on consumer rights, amending Council Directive 93/13/EEC and Directive 1999/44/EC of the European Parliament and of the Council and repealing Council Directive 85/577/EEC and Directive 97/7/EC of the European Parliament and of the Council {COM(2017) 259 final} {SWD(2017) 169 final}, SWD (2017) 170 final. 24  Twigg Flesner (2018), p. 3. 25  https://www.bbc.com/news/business-34324772.

352

T. Prastitou Merdi

so-called “defeat device”.26 Unsurprisingly, VW consumers triggered legal action internationally, as well as in many EU Member States.27 However, unlike the US VW consumers, the EU VW consumers were not able to recover damages even in Member States that provided remedies for victims of unfair commercial practices as these remedies are only contractual. Consequently, these remedies could only be applied against the consumers’ contractual counterparts, which in this case were the car dealers and not the car producers.28

2.3  Announcement of the New Deal Considering the results of the aforementioned consumer acquis evaluations, as well as thousands of unhappy VW EU customers, Commission President Jean-Claude Juncker in his 2017 State of the Union address announced, within Priority 7 on an area of Justice and Fundamental Rights based on mutual trust, a “New Deal for Consumers’ package, aiming at facilitating coordination and effective action from national consumer authorities at EU level and reinforcing public enforcement action and better protection of consumer rights.”29

3  I nserted Consumer Protection Rules: Improving or Not the Substance of EU Consumer Law? Aiming to shed light on the question of whether this Proposal improves or not the substance of EU consumer protection legislation, this chapter focuses on the four fundamental changes30 brought forward by the Proposal affecting online consumer contracts. These are consumer access to individual remedies for unfair commercial  Ibid.  Mak and Lujinovic (2019), p. 5. 28  COM(2018) 185 final, p. 13. 29  European Commission (2017) State of the Union 2017 by Jean-Claude Juncker, President of the European Commission 13 September 2017 https://ec.europa.eu/commission/sites/beta-political/ files/state-union-2017-brochure_en.pdf. 30  Apart from the four main changes that will form the focus of analysis in this chapter, the Proposal brings forward a new provision on penalties for widespread cross border infringements (to be inserted in all four directives covered by the Proposal). Furthermore, in relation to the UCPD solely it introduces, firstly, an amendment to Article 6(2) regarding misleading practices, making it explicit that a commercial practice involving the marketing of a product as being identical to the same product marketed in several other Member States, where those products have significantly different composition or characteristics causing or likely to cause the average consumer to take a transactional decision that he would not have taken otherwise, is a misleading commercial practice and secondly an amendment to Articles 3(5) and (6) clarifying that Member States are not prevented from adopting rules on certain forms and aspects of off-premises sales. 26 27

16  The 2018 New Deal on Better Enforcement and Modernisation of EU Consumer…

353

practices, simplifications for businesses, further transparency of online marketplaces and lastly, the addition of free digital services to the scope of the CRD.

3.1  I ntroducing a Right to Individual Redress for Unfair Commercial Practices: The Greatest Change of All? Until now, under Article 11 of the UCPD, only courts and public authorities can impose fines and stop unfair commercial practices by businesses. No provision for individual remedies for consumers can be found within the directive. Interestingly, although in the case of misleading practices for goods, the CSGD existing rules on the lack of conformity apply for the legal guarantee period only, this protection is limited as it does not apply to aggressive practices for goods or, more importantly, services “for which the risk of misleading or aggressive behaviour is equally high, if not higher”.31 In contrast to this limited provision, the Proposal introduces for the first time a right of individual redress for unfair commercial practices. Under the proposed Article 11A (1) “…Member States shall ensure that contractual and non-contractual remedies are also available for consumers harmed by unfair commercial practices in order to eliminate all the effects of those unfair commercial practices in accordance with their national law”. More importantly, according to its next paragraphs “contractual remedies shall include, as a minimum, the possibility for the consumer to unilaterally terminate the contract” and “non-contractual remedies shall include, as a minimum, the possibility of compensation for damages suffered by the consumer”. Reading this provision one must comment that, at first sight, this addition appears to be an extremely positive amendment, improving, in general, the level of consumer protection, and clarifying in general that consumers should be able to recover for any losses they have suffered because of an unfair commercial practice. Furthermore, such an addition reduces, in theory, the gap currently existing between national law different provisions regarding this issue. What must be noted at this point is that the REFIT check examined the possibility of introducing remedies for consumers having suffered an individual detriment from unfair commercial practices. More importantly, significant divergences between national provisions were actually revealed regarding this issue.32  European Commission (2018) Commission Staff Working Document Impact Assessment accompanying the document proposals for Directives of the European Parliament and of the Council (1) amending Council Directive 93/13/EEC, Directive 98/6/EC of the European Parliament and of the Council, Directive 2005/29/EC of the European Parliament and of the Council and Directive 2011/83/EU of the European Parliament and of the Council as regards better enforcement and modernisation of the EU consumer protection rules and (2) on representative actions for the protection of the collective interests of consumers, and repealing Directive 2009/22/EC {COM(2018) 184 final}—{SWD(2018) 98 final}, SWD(2018) 96 final, Part 2/3, p. 55. 32  According to the REFIT evaluation check, “under the national law of all Member States, it appears to be possible to rely on general contract law for remedies which consumers may invoke 31

354

T. Prastitou Merdi

Yet, reading this provision thoroughly, this appears to be a vague and complex provision. Initially, the European Commission appears to do “little more than establish a basic principle, with Member States left to work out what could be very complex rules”33 therefore following neither of the two options suggested by the REFIT evaluation.34 More importantly, it leaves many questions unanswered as to the content and application of this provision. Firstly, the wording of this provision appears to be quite problematic. By using the phrase “contractual remedies shall include, as a minimum the possibility for the consumer to unilaterally terminate the contract”, in paragraph 11a (2), the European legislator appears to open up the question of what other contractual remedies might then be included? Refund? Restitution? Mutual Restitution? Specific performance? Similarly, the same question applies in paragraph 11a (3) which reads “non-­ contractual remedies shall include, as a minimum the possibility of compensation for damages suffered by the consumer”. Again, shall the national legislator include injunctions? Specific restitution? Such a provision grants a lot of discretion to Member States’ national legislators and courts, undoubtedly opening up in this way the possibility for discrepancies at national level. Furthermore, should these remedies be available to all types of unfair commercial practices? For example, according to the UK Unfair Trading Regulations 2008, as amended in 2014, an individual right to redress is available only in cases of a misleading or aggressive action rather than in a case of misleading omission. Furthermore, what do these remedies entail? For example, it is clear that the right to unilaterally terminate the contract includes compensation for pecuniary damages in all Member States’ national laws but what about non-pecuniary damages such as distress, inconvenience or loss of enjoyment? Domestic legislations once again diverge significantly on this issue.35 Apart from the content of these remedies, this provision appears incomplete in relation to the conditions for the exercise of the in courts. However…there is little national case-law providing a clear link between the remedies derived from the general contract law doctrines in national law and the unfair commercial practices as established in the UCPD. In addition, none of the Member States provide for the automatic triggering of contractual remedies…[furthermore] in six Member States [Bulgaria, France, Luxembourg, the Netherlands, Portugal and Slovakia] the existence of contractual remedies is made more explicit…[while] three Member States — Belgium, Poland and the UK — provide for special remedies specifically for breaches of the UCPD, which generally differ from the contractual remedies provided for other breaches of consumer law” SWD(2017) 209 final, p. 93. 33  Twigg Flesner (2018), p. 7. 34  These being either obliging in general Member States to introduce effective individual remedies for breaches of the UCPD or providing a harmonised set of remedies within the UCPD. 35  For example in the UK, although the general rule according to the Addis v Grammophone, [1909] AC 488, case the claimant cannot recover damages for injured feelings in a contractual action, according to Farley v Skinner, [2002] 2 A.C. 732, “it is sufficient if a major or important object of the contract is to give pleasure, relaxation or peace of mind” In Greek law, under Article 299 of the Greek Civil Code (GCC) “compensation for immaterial damages cannot be awarded unless a legal provision explicitly permits such type of damages”. This is permitted in only two cases; firstly, in a tort/delict action according to Article 932 of the GCC, and secondly, if there is a violation of personality rights under Article 59 of the GCC.

16  The 2018 New Deal on Better Enforcement and Modernisation of EU Consumer…

355

rights contained therein such as how does a consumer terminate the contract? Is there a time limit for the exercise of this right? Furthermore, “does this remedy have retroactive effect? Is fault required”?36 This restricted approach is additionally strange if one takes a look at the 2015 Proposal for a Directive the Supply of Digital Content (pDCD)37 where the European legislator had in contrast provided greater detail in Articles 13 and 16 on how to terminate a contract and how to terminate a long-term contract accordingly.

3.2  A  mending the Right of Withdrawal: Watering Down Protection? One of the most important regulatory mechanisms enjoyed by consumers in the EU, through Article 9 of the CRD, is the well-known right of withdrawal ascribing to consumers, save for where the exceptions of Article 16 apply, the option, within 14 days, to change their mind and withdraw freely from a contract they have concluded, either in a distance (i.e. online or through the phone) or off premises without bearing any negative consequences. Through this right, “consumer contract law derogates from pacta sunt servanda and instead provides an advanced level of protection for consumers in their relationship with traders. The purpose of the right is to contribute to the equality of the contractual parties”.38 That is why 95% of consumers in the EU find this right important.39 Interestingly, following up on one of the CRD Report recommendations that aim to reduce burdens for businesses,40 the Proposal changes this important consumer right in two significant ways. 3.2.1  Goods Handled More Than Necessary Initially, the Proposal adds another exception to Article 16, in new paragraph (n), which reads that a right of withdrawal shall not be provided in cases where the consumer has handled the goods, during the right of withdrawal period, “other than what is necessary41 to establish the nature, characteristics and functioning of the goods”. Reading this provision although, on the one hand, one realises that the  Loos (2019), p. 117.  Proposal for a Directive of the European Parliament and of the Council on certain aspects concerning contracts for the supply of digital content, COM (2015) 634 final. 38  Durovic and Micklitz (2017), pp. 47–48. 39  European Commission (2017) Study on the application of the Consumer Rights Directive 2011/83/EU, p. 160. ec.europa.eu/newsroom/document.cfm?doc_id=44637. 40  European Commission (2017) Commission Staff Working Document, Evaluation of the Consumer Rights Directive SWD(2017) 169 final, p. 58. 41  Emphasis added. 36 37

356

T. Prastitou Merdi

Commission proceeds to proposing such a change to eliminate small and medium-­ sized businesses annual losses caused by the current obligation to accept such ‘unduly tested goods’,42 on the other, this new exception as it currently stands, can be regarded as far from clear and unambiguous. This new exception will take over the current rule in Article 14(2) of the CRD according to which “the consumer shall only be liable for any diminished value of the goods resulting from the handling of the goods other than what is necessary43 to establish the nature, characteristics and functioning of the goods”. Although this new rule will eliminate, according to the Commission, “difficulties for traders who are required to assess the ‘diminished value’ of the returned goods and to resell them as second-hand goods or to discard them” in reality the main definitional difficulty regarding the phrase “other than what is necessary” remains intact. As Rott puts it, in the context of Article 14(2), “the crucial question is: when does testing end and use begin”?44 The answers to these questions were not, and are not, always clear. For example, although washing a newly bought dress to check whether it is comfortable would be clearly regarded as “other than what is necessary in order to establish the nature, characteristics and functioning of the good”, the same clear cut answer might not be given in the case of a recipe book where the consumer has tried on the first one or two recipes to see whether he/she likes the chef’s style. Furthermore, the ‘tip’ given by the Commission within the Explanatory Memorandum of the Proposal on the fact that the consumer will be solely allowed to try out the good in the same way he could have done in a brick-and-mortar shop45 is not always helpful. As Loos interestingly asks “can the consumer be considered to be testing or using a computer if, in order to see whether it meets her expectations, she starts it and is prompted to install it before she can try it out? By the time she can, several files will have been automatically installed and a ‘personal profile’ will have been created on the computer. The comparison with what the consumer would do with the computer in a brick-and-mortar store does not help us here, as then the computer will already have been unpacked and installed. The proposed amendments to the CRD do nothing to solve this matter”.46 As Advocate General Trstenjak highlighted in the landmark Messner47 case, commenting on a similar provision found in the Draft Common Frame of Reference,48 such legislative provisions “lead to complex problems of distinguishing between inspection or testing and use, which are detrimental to legal certainty and can ultimately mean that purchasing by distance selling is less attractive to consumers”.

 COM(2018) 185 final, p. 15.  Emphasis added. 44  Rott (2010), p. 190. 45  COM(2018) 185 final, p. 3. 46  Loos (2019), p. 119. 47  ECJ, Pia Messner v Firma Stefan Krüger, Case C-489/07, Advocate General Trstenjak opinion of 18 February 2009, par. 85. 48  Von Bar et al. (2008), see specifically Article II.-5:105(4). 42 43

16  The 2018 New Deal on Better Enforcement and Modernisation of EU Consumer…

357

Considering the importance of the amendment proposed on this rule, one may argue that the ambiguous content of this phrase will not erase any of the difficulties currently existing as this problematic phrase, “other than what is necessary”, remains untouched, but will more importantly open even further the possibility for abuse by the trader because of the consumer’s weaker position. As Loos explains, “the problem is that when a trader after inspection argues that the goods have been used, the consumer no longer in a position is to prove otherwise as the trader already has acquired possession of the goods. An unwilling trader would thus be able to deprive a consumer from her right of withdrawal even though she would be entitled to withdraw from the contract”.49 More importantly, as Advocate General Trstenjak highlighted “the fear of abuse by individuals must not generally result in the protection of rights guaranteed under Community law being restricted for everyone”.50 Furthermore, one could comment on the nature of this new exception. The 13 exceptions currently found in Article 16 can be seen as quite specific and, according to both the Court of Justice of the European Union51 and the Commission,52 should be interpreted quite narrowly as the aim of the directive is to ascribe to consumers in most instances of distance or off premises contracts the right of withdrawal as being the most important consumer right aiming to ensure that a fair and balanced contract is concluded.53 Therefore, one could ask how easily this new vague exception could fit in this narrow interpretative approach. Additionally, one could ask why such a problematic change is actually required considering that Article 14(2), as it currently stands, actually serves cases of excessive use as it allows traders in cases of destruction of a good because of improper use to retain 100% of the purchase where the good cannot be resold.54 Its current wording can be seen, at least in theory, as striking a good balance between the interests of the trader and those of the consumer.55  Loos (2019), p. 119.  Supra n 47, par. 90. 51  See, for example, CJEU, E. Friz GmbH v Carsten von der Heyden, Case C-215/08, Judgment of 15 April 2010, para 32: “In this connection, it should first be observed that it is settled case-law that derogations from the rules of European Union law for the protection of consumers must be interpreted strictly (see, inter alia, Case C-481/99 Heininger [2001] ECR I-9945, paragraph 31)”. 52  European Commission (2014), DG Justice Guidance Document concerning Directive 2011/83/ EU of the European Parliament and of the Council of 25 October 2011 on consumer rights, amending Council Directive 93/13/EEC and Directive 1999/44/EC of the European Parliament and of the Council and repealing Council Directive 85/577/EEC and Directive 97/7/EC of the European Parliament and of the Council, https://ec.europa.eu/info/sites/info/files/crd_guidance_en_0.pdf. 53  Watson (2016), p. 244. 54  SWD(2018) 96 final, Part 1/3, p. 75. 55  The Federation of German Consumer Organisations in its report (Federation of German Consumer Organisations 2018, p. 10) brought forward interesting ways of preventing the abuse of right of withdrawal. More specifically, ”one possibility, for example, might be for clothing retailers to put technical safeguards in place that allow the goods to be tried on, but only worn if clearly visible labels or similar are removed first. The removal of such a protective device would invalidate the right to withdrawal. Similar measures could be used for technical devices such as televisions, which would initially be supplied in a restricted test mode. Active steps would be required to acti49 50

358

T. Prastitou Merdi

Lastly, apart from these definitional difficulties, various practicalities on the exercise of this right remain unanswered as well. The Proposal neither provide any guidance as to who will bear the cost for the second delivery, back to the consumer, if the seller decides that the good returned falls within this new exception nor does it explain what happens if the goods are, further, damaged or even lost during this second delivery. Furthermore, although under Article 6(1)(k) of the CRD, the trader shall inform the consumer, inter alia, of the circumstances, where applicable, under which the latter loses his right of withdrawal, no explanation is given as to what happens if the consumer is not informed about this possible loss. 3.2.2  Timing of Reimbursement Secondly, the Proposal amends Article 13(3) on the timing of the reimbursement in the event of withdrawal. The new provision reads that “unless the trader has offered to collect the goods himself, with regard to sales contracts, the trader may withhold the reimbursement until he has received the goods back” thus, deleting the trader’s obligation to reimburse the consumer even before the receipt of returned goods provided that the latter has supplied sufficient evidence of proof of posting. This new provision, in conjunction with the new Article 16 exception, will reduce dramatically the level of consumer protection as it will allow traders, having full control of the goods sent back, to reject much more often withdrawal requests. Furthermore, this removal, in conjunction with the gap found within the CRD as to who bears the risk for the return of the goods, and the danger of returned goods being damaged during delivery will reduce even more the level of consumer protection, discouraging customers from exercising their right of withdrawal.

3.3  T  ransparency of Online Platforms: A Step in the Right Direction? In a digital era, consumers use excessively various online sale platforms, such as eBay, Amazon, etsy, booking, to complete transactions quickly and efficiently. When consumers proceed to a search query, the decisive factor for the results appearing on the screen and the specific order in which these are appearing is one, the algorithms used by the platform operator. Yet, consumers are unaware of this specific information and may even believe that the ranking list is based on unbiased criteria. For this reason, the Proposal brings forward amendments to both the CRD and the UCPD in an attempt to improve the transparency of online platforms. The Proposal amends paragraph 11 of the Annex of the UCPD, which encompasses the blacklist of commercial practices, to clarify that a commercial practice vate the full functionality of the device, and the user would be warmed that by taking these steps, they would lose their right of withdrawal”.

16  The 2018 New Deal on Better Enforcement and Modernisation of EU Consumer…

359

“providing information to a consumer’s online search query,56 to promote a product where a trader has paid for the promotion without making that clear in the content or search results57 or by images or sounds clearly identifiable by the consumer (advertorial; paid placement or paid inclusion)”58 would be regarded per se as unfair. This amendment can be regarded as a fundamental step forward in ensuring transparency in a search query undertaken by a consumer. Yet, one could comment, that this amendment is limited just to the factor of direct payment. Why not include other factors that might have additionally an impact on the placement, such as the possible commercial link between the platform operator and the trader of the good or service? This is an issue that the European legislator must look at. Apart from the UCPD, the Proposal brings forward a new article, Article 6a, in the CRD regarding additional information requirements for contracts concluded on “online marketplaces”. Before examining these additional information requirements, one shall have a look at the definition of the term “online marketplace”. What does this term actually mean? Under Article 2(19) of the CRD, as added by the Proposal, “‘online marketplace’ means a service provider which allows consumers to conclude online contracts with traders and consumers on the online marketplace’s online interface”. This can be seen as a quite problematic and complex definition. This definition brings in another brand new term for the CRD, that of “online interface”. According to the Proposal, in new Article 2(20) of the CRD, “‘online interface’ means online interface as defined in point (16) of Article 2 of Regulation (EU) 2018/302”.59 Yet, one could ask how will the term “online interface”, encompassing the term website, actually works, in parallel to the term “trading website” currently found in the CRD?60 Furthermore, using the term “online marketplace” to define what constitutes an “online marketplace” seems awkward. Additionally, one could question whether the term “online marketplace” appears to be the appropriate one for establishing transparency requirements for online sales at the EU level. This notion seems quite restricted and does not seem to encompass other type of platforms such as search engines or comparison tools. This is problematic as some Member States, like France, have introduced more consumer friendly rules and this EU amendment, considering especially its maximum harmonisation approach, might “lead to a lowering of the level of protection for consumers that currently exists in some Member States”.61 Furthermore, the additional information requirements, the Proposal brings forward a list of four. These are “(a) the main parameters determining ranking of offers  Emphasis added.  Ibid. 58  Ibid. 59  According to this point “‘online interface’ means any software, including a website or a part thereof and applications, including mobile applications, operated by or on behalf of a trader, which serves to give customers access to the trader’s goods or services with a view to engaging in a transaction with respect to those goods or services”. 60  CRD, Article 8(3). 61  BEUC (2018), p. 4. 56 57

360

T. Prastitou Merdi

presented to the consumer as result of his search query on the online marketplace; (b) whether the third party offering the goods, services or digital content is a trader or not, on the basis of the declaration of that third party to the online marketplace; (c) whether consumer rights stemming from Union consumer legislation apply or not to the contract concluded; and (d) where the contract is concluded with a trader, which trader is responsible for ensuring the application of consumer rights stemming from Union consumer legislation in relation to the contract. This requirement is without prejudice to the responsibility that the online marketplace may have or may assume with regard to specific elements of the contract”. Reading these requirements one could easily claim that they form a good basis for strengthening transparency in online marketplaces. Yet, without doubt, these requirements can and shall be improved. In relation to Article 6a (a), one must comment that the term “main parameters” used is vague and therefore problematic. What does this term actually encompass? No examples can be found within the Proposal, in either an exhaustive or non-­ exhaustive list. More importantly, the Proposal perplexes even further the meaning of this term as Recital 19 states that “the obligation to provide information about the main parameters determining ranking of search results is without prejudice to any trade secrets regarding the underlying algorithms. This information should explain the main default parameters used by the marketplace but does not have to be presented in a customized manner for each individual search query”. As Twigg Flesner puts it “to some extent, this information requirement and the extended prohibition in paragraph 11 of the UCPD discussed earlier would overlap – if a particular search result is paid for, then this has to be disclosed under the latter provision”.62 In relation to the next requirement that deals with the status of the party offering the goods, whether this is a trader depends solely on the declaration of this party. Again, this rule appears problematic; one realises that the correctness of this information depends solely on the goodwill of the third party to supply true information. Yet, is this practically correct especially considering that the Proposal offers no criteria in distinguishing between a trader and a non-trader, nor does it explain how this declaration shall be practically applied? One could claim that this rule is dangerous for two reasons. First, it will allow traders, acting on purpose, to make false declarations. Experience has shown that various traders using collaborative economy platforms attempt to hide that they are professional traders.63 Yet, it will even allow various others, acting unintentionally to proceed to incorrect declarations, as it has been claimed, “the point at which the line is crossed and a private seller

 Twigg Flesner (2018), p. 11.  Hotrec (2018), Hotrec in its position paper gives various examples of multiple listings with one “host”. In page 2 of the Position Paper, it stated that “see for instance tourism accommodation services offered through collaborative economy platforms, where multiple listings by traders are common. E.g. on AirBnB, in Amsterdam, 20% of all listings are multiple listings, with 1 ‘host’ (in reality a trader) having more than 100 apartments. In Athens and Brussels, respectively 42% and 36% of listings are multiple listings”. 62 63

16  The 2018 New Deal on Better Enforcement and Modernisation of EU Consumer…

361

engages in commercial dealing” is sometimes difficult to determine.64 More importantly, the Proposal does not explain what happens in case this third party makes a false or incorrect declaration. Would the contract still be binding on the consumer? Would it be possible for the consumer to sue for compensation? Furthermore, is there any liability on behalf of the online platform operator? Quite recently in the Wathelet65 case, the CJEU clarified that “the seller’s liability, in accordance with Directive 1999/44, must be capable of being imposed on an intermediary who, by addressing the consumer, creates a likelihood of confusion in the mind of the latter, leading him to believe in its capacity as owner of the goods sold”. All these issues need to be clarified. On the requirement under Article 6a(c), one could question why this forms a separate requirement and has not been instead inserted, as a second sentence, in Article 6a(b) forming the legal consequence in case the third party, mentioned in the latter provision, is actually a trader. This view can be argued to be strengthened if one has a look at the wording of Article 6a(d). Furthermore, the phrase “Union consumer legislation” is new to the CRD. One could ask why the phrase “Union law” found elsewhere66 in the CRD has not been employed instead. Lastly, Article 6a(d) appears puzzling. Which other trader might be responsible for ensuring the application of consumer rights? Would that possibly be the online marketplace supplier? Considering the gap existing in Article 6a(b) on the possible liability of the supplier of the online marketplace, if at all, as to whether the third party can be classified as a trader, the imposition of such an obligation at this latter stage appears confusing.

3.4  D  igitalising the Scope of the CRD to Include Services: Are These Changes Enough? Over time, it has become clear that consumers are increasingly using various social media services, such as Facebook or Instagram, as well as other online and messaging services for which they do not have to provide back any money. However, these online services are not provided actually for ‘free’. Consumers gain access to these services after the supply of data to online service providers who use them as part of their business model. Yet, the use of these online services does not remain without problems in relation to the business to consumer (B2C) contractual relationship. As a first step in combatting such contractual problems, in January 2019 the European Parliament and the Council of the European Union, agreed to include in the scope

 Federation of German Consumer Organisations (2018), p. 18.  CJEU, Sabrina Wathelet v Garage Bietheres & Fils SPRL, Case C-149/15, Judgment of 9 November 2016. 66  CRD, Preamble: paragraphs 13 and 18. 64 65

362

T. Prastitou Merdi

of the forthcoming Digital Content Directive (DCD) apart from digital content additionally digital services.67 Consequently, in an attempt to respond even more to this increased consumer protection need, as well as to align the CRD with the forthcoming DCD, the European Commission proposes to extend the scope of the CRD to cover the provision of ‘free’ digital services to consumers. The Proposal brings forward, inter alia, various changes in Article 2 of the CRD regarding definitions. Under the updated Article 2(11) of the CRD, “‘digital content’ means data which are produced and supplied in digital form, including video files, audio files, applications, digital games and any other software” while under the new Article 2(17) “‘digital service’ means (a) a service allowing the consumer the creation, processing or storage of, or access to, data in digital form; or (b) a service allowing the sharing of or any other interaction with data in digital form uploaded or created by the consumer and other users of that service, including video and audio sharing and other file hosting, word processing or games offered in the cloud computing environment and social media.” Looking at these proposed definitions, one may note that, in contrast to the agreed text of the DCD68 corresponding provisions, the Proposal provisions include additionally non-exhaustive examples. Although this minor difference might be unproblematic, one could comment that it would have been better if both definitions were fully aligned with the DCD. Furthermore, one could ask whether Recital 19 of the CRD will remain unchanged. Under this Recital “if digital content is supplied on a tangible medium, such as a CD or a DVD, it should be considered as goods within the meaning of this Directive”. Interestingly, Article 3(3) of the agreed text of the DCD states almost the opposite as it reads “with the exception of Articles 5 and 11, this Directive shall apply also to any tangible medium which serves exclusively as a carrier of digital content”.69 This ongoing asymmetry must be clearly and finally solved.70 More importantly, under the new Article 2(18) “‘digital service contract’ means a contract under which a trader supplies or undertakes to supply a digital service to the consumer and the consumer pays or undertakes to pay the price thereof. This  https://data.consilium.europa.eu/doc/document/ST-5856-2019-INIT/en/pdf.  For a discussion of these definitions as they appeared in the 2015 pDCD see Giliker (2017), pp. 106–109. 69  In Recital 12 of the DCD it is mentioned that “this Directive should also apply to digital content which is supplied on a tangible medium, such as DVDs, CDs, USB sticks and memory cards, as well as to the tangible medium itself, provided that the tangible medium functions only as a carrier of the digital content. However, instead of the provisions of this Directive on the supplier’s obligation to supply as well as on the consumer’s remedies for failure to supply, the provisions of Directive 2011/83/EU of the European Parliament and of the Council on obligations related to the delivery of goods and remedies in the event of the failure to deliver should apply. In addition, the provisions of Directive 2011/83/EU, for example on the right of withdrawal and the nature of the contract under which those goods are supplied, should also continue to apply to such tangible media and the digital content supplied on it. This Directive is also without prejudice to the distribution right applicable to these goods under copyright law”. 70  Prastitou Merdi (2017), pp. 140–141. 67 68

16  The 2018 New Deal on Better Enforcement and Modernisation of EU Consumer…

363

also includes contracts where the consumer provides or undertakes to provide personal data to the trader, except where the personal data provided by the consumer is exclusively processed by the trader for the purpose of supplying the digital service, or for the trader to comply with legal requirements to which the trader is subject, and the trader does not process this data for any other purpose”. As a result of this addition, consumers of both paid and ‘free’ online services would be entitled to the same pre-contractual information, as well as to a right of withdrawal. This is an essential and quite important addition. Yet, what shall be made clear is that various questions still exist on this new definition. Many issues have been raised on this addition from a purely data protection perspective such as the issue of valid consent, as well as reference to the data protection legal framework in general and the GDPR in particular.71 One point that shall be particularly brought forward within this chapter is one that affects to a great extent the contractual relationship itself. One must look at the complex relationship between the right of withdrawal from the contract and the right of withdrawal of the consent for processing personal data. As it has been aforementioned, under Article 9(1) of the CRD, the consumer shall have a period of 14 days to withdraw from a contract, either being concluded at distance or off premises. Furthermore, under Article 7(3) of the General Data Protection Regulation (GDPR)72 “the data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Prior to giving consent, the data subject shall be informed thereof. It shall be as easy to withdraw as to give consent.” In a case where for the conclusion of a digital service contract, a consumer provides personal data to the trader, which is based on consent, it remains questionable whether this 14 days contract withdrawal period, found in the CRD, can easily reconcile with the right to withdraw consent, found in the GDPR. This is an issue that the EU legislator must additionally work on.

4  Conclusion: A Good or a Bad Digital Deal? This chapter has attempted to answer the question of whether the 2018 New Deal on better enforcement and modernisation of EU consumer law forms an actually good digital deal. Whilst the foregoing analysis has not covered every aspect of the Proposal, various conclusions can easily be drawn from the matters discussed herein. It can be concluded that the European Commission must be overall applauded for its attempt to work constantly on the area of EU consumer contract law. In general, it would not be an overstatement to claim that European consumer contract law  See for example: European Data Protection Supervisor (2018).  Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR), OJ L 119/1. 71 72

364

T. Prastitou Merdi

lies at the heart of European private law. Therefore, looking at the latest steps taken by the Commission in this area of law, starting off with the REFIT and CRD evaluations and moving on, inter alia, to the 2018 New Deal, after considering, yet not extensively,73 the findings of these evaluations, as well as other factors such as the Dieselgate scandal effect in the EU, one can easily claim that it ascribes to this area of law a position in its top priority legislative list. Yet, the 2018 Proposal, in detail, two important points must be brought forward. First, one must look at the approach of this Proposal in certain places. Based on the above analysis, it has become clear that despite the overall theoretical priority ascribed to the area of EU consumer protection specific provisions found therein appear to reduce dramatically consumer protection. More importantly, by amending the right of withdrawal, encompassing a brand new vague exception to its application, as well as extending the timing of reimbursement in the event of withdrawal to the detriment of the consumer, the Commission drops significantly the level of EU consumer protection. Furthermore, certain other provisions such as the new, yet limited in content, ‘online marketplace’ definition, when coupled with the maximum harmonisation character of the Proposal seems to reduce once again the consumer protection level in various member states of the EU.  It therefore becomes clear that in a legislative proposal titled New Deal for consumers, such provisions shall be definitely rethought. Furthermore, apart from the approach of this Proposal one cannot remain silent on its content. Examining the four main changes brought forward by the Proposal, one can easily conclude that their content appears overall problematic and ambiguous, and many questions still need to be answered. One may ask, inter alia, (a) in relation to the proposed individual right to redress for unfair commercial practices: what other contractual or non-contractual remedies might may or shall be included at national level? (b) In relation to the new exception to the right of withdrawal regarding goods handled more than necessary: when does actually testing end and use begin? (c) In relation to the additional requirements for online platforms: what are the criteria for distinguishing between a trader and a non-trader selling goods in an online marketplace? Finally, (d) in relation to the new term of “digital service contract” how will the 14 days contract withdrawal period, found in the CRD, reconcile with the right to withdraw consent, found in the GDPR? Generally, this Proposal appears to form a first step, rather than a good digital deal, in adjusting the directives concerned to the digital era and economy. Considering the above analysis, several of its provisions must be rethought both from an approach, as well as from a content perspective, before becoming official EU legislation. Otherwise it will be soon regarded as a bad deal.

 One cannot remain silent on the fact that many recommendations of both the REFIT and CRD evaluations have not been followed. See Loos (2019). 73

16  The 2018 New Deal on Better Enforcement and Modernisation of EU Consumer…

365

References BEUC (2018) Proposal for a better enforcement and modernisation of EU consumer protection rules  – “Omnibus Directive” The BEUC view. https://www.beuc.eu/publications/beucx-2018-081_omnibus_directive.pdf Durovic M, Micklitz HW (2017) Internationalization of consumer law – a game changer. Springer, Cham European Data Protection Supervisor (2018) EDPS Opinion 8/2018 on the legislative package “A New Deal for Consumers”. https://edps.europa.eu/sites/edp/files/ publication/18-10-05_opinion_consumer_law_en.pdf Federation of German Consumer Organisations (2018) A new deal for consumers  – effective enforcement of consumer rights, Position paper on the proposals of the European Commission for the Directive on representative actions, COM(2018) 184 final, and the Directive on better enforcement and modernisation of EU consumer protection rules COM(2018) 185 final. https://www.vzbv.de/sites/default/files/downloads/2018/09/03/18-08-28_en_position_paper_ new_deal.pdf Giliker P (2017) Regulating contracts for the supply of digital content: the EU and UK response. In: Synodinou T-E et al (eds) EU Internet Law – regulation and enforcement. Springer, Cham, pp 101–124 Hotrec (2018) HOTREC position on better enforcement and modernisation of EU consumer protection rules: a good basis that must be supported and improved. https://www.hotrec.eu/ wp-content/customer-area/storage/60b28e69da3429b668064045a4ba591f/D-0618-167-AWDM-HOTREC-position-on-enforcement-and-modernisation-of-EU-consumer-protection.pdf Loos M (2019) The modernization of European consumer law: a pig in a poke? Eur Rev Priv Law 27(1):113–134 Mak V, Lujinovic E (2019) Towards a circular economy in EU consumer markets – legal possibilities and legal challenges and the Dutch example. J Eur Consumer Mark Law 8(1):4–13 Prastitou Merdi T (2017) The proposed new digital single market contact law directives: a new start for digital European contract law? In: Synodinou T-E et al (eds) EU Internet Law – regulation and enforcement. Springer, Cham, pp 125–161 Rott P (2010) The balance of interests in distance selling law – case note on Pia Messner v. Firma Stefan Krüger. Eur Rev Priv Law 18(1):185–194 Šajn N (2018) Modernisation of EU consumer protection rules A new deal for consumers, European Parliamentary Research Service. http://www.europarl.europa.eu/RegData/etudes/ BRIE/2018/623547/EPRS_BRI(2018)623547_EN.pdf Twigg Flesner C (2018) Bad hand? The “New Deal” for EU consumers. https://papers.ssrn.com/ sol3/papers.cfm?abstract_id=3178952 Von Bar C et  al (2008) Principles, definitions and model rules of European Private Law. Draft Common Frame of Reference (DCFR). Interim Outline Edition; prepared by the Study Group on a European Civil Code and the Research Group on EC Private Law (Acquis Group) Munich Watson J (2016) Withdrawal rights. In: Twigg-Flesner C (ed) Research handbook on EU consumer and contract law. Edward Elgar, Cheltenham, pp 241–265

Chapter 17

Alternative Dispute Resolution (ADR) & Online Dispute Resolution (ODR) for EU Consumers: Τhe European and Cypriot Framework Anna Plevri Abstract  Τhe paper discusses Alternative Dispute Resolution (ADR) and, especially, Online Dispute Resolution (ODR) as an alternative dispute resolution method with the help of online technology. Moreover, the article aims to present the “mechanism” of the online platform, launched by the European Commission on the 15th of February 2016, where consumers and traders can resolve online disputes arising from online purchases. This ODR platform offers a single point of entry that allows consumers and traders across the EU to settle their disputes arising from both domestic and cross-border online markets and purchases. Moreover, the paper presents the legal framework of the ODR platform, namely the EU Regulation No 524/2013 regarding online resolution of consumer disputes and the EU Directive 2013/11 for consumer disputes. Finally, the paper also outlines in a comparative way the Cypriot ADR and ODR framework, and examines how European consumers are or could be helped by ODR when it comes to consumer disputes in comparison to the traditional court proceedings.

1  Introduction ADR refers to Alternative or Appropriate or Amicable Dispute Resolution methods through which parties can resolve their disputes out of the framework of the governmental judicial system.1 The most well known forms of ADR are arbitration

 Α detailed analysis of ADR, ODR and “Legaltech” is provided in Kaisis (2018), pp. 309–318, p. 343. 1

A. Plevri (*) School of Law, University of Nicosia, Nicosia, Cyprus e-mail: [email protected] © Springer Nature Switzerland AG 2020 T.-E. Synodinou et al. (eds.), EU Internet Law in the Digital Era, https://doi.org/10.1007/978-3-030-25579-4_17

367

368

A. Plevri

(including fast track arbitration), mediation2 and negotiation.3 The spectrum of ADR methods includes also conciliation, ombudsmen and judicial or private early neutral evaluation.4 Resolving disputes through ADR, in general, is easier, faster and less expensive than resolving disputes before a court. In the European Union, ADR procedures can take different forms and have different names, e.g., mediation, conciliation, ombudsmen, arbitration, complaints boards, etc. It is obvious that ADR methods are alternative to court litigation, where one (or more) competent state judge decides on a specific dispute, often after a long and burdensome procedure going on for years, which is actually the case in Cyprus, in Greece and in many other European countries. Moreover, usually there is a full right of appeal and a hearing before the Court of Appeal or the Supreme Court, so the delay may result to a “waiting period” of seven to eight years for a final judgment.5 In addition, when it comes to the judgments of courts, there is the barrier of limited international enforceability, especially outside of Europe (for instance Japan, China, etc.). On 2 July 2019, the HCCH finalised the text for a new multilateral treaty: the 2019 HCCH Convention on the Recognition and Enforcement of Foreign Judgments in Civil or Commercial Matters. The 2019 HCCH Judgments Convention has been  See further, Walker (2017a), pp.  15–31. On the landscape of ADR provisions in England and Wales, see Civil Justice Council, ADR Working Group, ADR and Civil Justice, Interim Report (October 2017), 15–16 and for Overseas 41–48, https://www.judiciary.gov.uk/wp-content/ uploads/2017/10/interim-report-future-role-of-adr-in-civil-justice-20171017.pdf and ADR and Civil Justice, CJC ADR Working Group Final Report (November 2018). Section 3: 3.8–3.10. Available at: https://www.judiciary.uk/announcements/new-report-on-alternative-disputeresolution/. 3  In the UK, another ADR technique similar to negotiation (least evaluative) is the Round Table Meetings (RTMs). The RTMs operate ‘in the direct shadow of the civil courts’. Sometimes they are described as ‘mediation without the mediator’ as there is no process manager in this type of ADR. Process is worked out by the lead lawyers for each party, who also are the main protagonists in the discussion. This process is frequently deployed in the UK, particularly in clinical negligence and personal injury cases, albeit when it does not lead to settlement, it is sometimes followed by a formal mediation which may yet lead to settlement. See in detail, ADR and Civil Justice, CJC ADR Working Group Final Report, November 2018, Section 3: Τhe types of ADR available, 3.6. Available at: https://www.judiciary.uk/announcements/new-report-on-alternative-disputeresolution/. 4  See ADR and Civil Justice, CJC ADR Working Group Final Report (November 2018), Section 3: 3.8–3.10. 5  The EU justice scoreboard as an information tool, provides comparable data on the independence, quality, and efficiency of national justice systems. See: https://ec.europa.eu/info/policies/justiceand-fundamental-rights/effective-justice/eu-justice-scoreboard_en. The scoreboard mainly focusses on civil, commercial and administrative cases. In figure 1 of the 2018 EU Justice Scoreboard, one can see the legislative and regulatory activity concerning justice systems in 2017 (adopted measures/initiatives under negotiation per member state). In column 2 of this figure on the promotion of ADR methods, Cyprus (CY) and Greece (EL) are located at low level. Furthermore, in figure 7 of the same Scoreboard there is a presentation on the time needed to resolve civil, commercial, administrative and other cases (1st instance/in days) where it is presented that in Cyprus the above needed time is more than 800 days. See also figures 8 and 9 of the above Scoreboard on the time needed to resolve litigious civil and commercial cases per Member State. It is worth noting that for some Member States, there are no available data. 2

17  Alternative Dispute Resolution (ADR) & Online Dispute Resolution (ODR) for EU…

369

adopted on 8 July 2019. It will be a single global framework and a legal regime, enabling the free circulation of judgments in civil or commercial matters across borders, the reduction of transactional and litigation costs in cross-border dealings and the promotion of international access to justice. In the EU of course, these matters are regulated by relevant Regulations such as the Regulation (EU) No 1215/2012 of the European Parliament and of the Council of 12 December 2012 on jurisdiction and the recognition and enforcement of judgments in civil and commercial matters.6 Furthermore, it is well known that trade and business are sectors where commercial and economic conflicts frequently arise in an international level. Thus, businesses, companies, traders, suppliers and other individuals need to consider the factors of time and cost to choose an appropriate, a suiting dispute resolution method. Additionally, because of factors such as the complexity of some disputes, the length of court proceedings and other factors in specific industries, ADR methods became an often and powerful tool, used by parties internationally to protect and safeguard valuable economic interests and rights. The following chapter aims to present shortly but effectively mediation as an ADR method. At first, it will discuss the definition and core characteristics of mediation and then the key features and benefits of it. The chapter ends with a short analysis of the mediator’s role.

2  Mediation as an ADR Method: A Short Presentation When it comes to mediation, it is well known that the ADR method does not end with a judgment as an outcome of the process.7 Mediation seeks a voluntary solution which is acceptable to the parties involved in a dispute.8 Moreover, mediation is a flexible, cost-effective and confidential procedure, which assists the parties with the help of a third, neutral person, the mediator, to find common ground and work towards settling and reaching an agreement without delay.9 In addition, mediation is a ‘civilised’ way to resolve a dispute because, unlike the adversarial method of litigation, mediation is best suited to those cases where the parties genuinely wish to avoid prolonging the dispute and to preserve their relationship. In this framework, mediation is not just an amicable alternative but also an appropriate and effective way to resolve certain categories of disputes, such as civil, family, commercial or workplace, where there are specific positions, interests and needs of the disputant parties, but who would like to preserve their (family, working, commercial, business  Available https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32012R1215&fro m=EN. 7  Plevri (2018), p. 234. 8  Rewald (2014). 9  Comparison of laws, regulatory models and fundamental issues of mediation are discussed in Hopt and Steffek (2013), pp. 3–127. On the core principles, key points and process of mediation, see Aubrey-Johnson and Curtis (2012), pp. 3–30. 6

370

A. Plevri

etc.) relationship and cooperation after the resolution of their dispute. This is not the case in civil litigation, where the litigants become involved in a court battle. In other words, one could further define mediation as a confidential method of voluntarily resolving disputes between two or more parties out of court, with the help of a third neutral individual, the moderator. More specifically, mediation is a confidential method of voluntarily  resolving disputes between two or more parties out of court, with the help of a third, neutral, intermediary person, the mediator, who assists the parties in negotiating and reaching a settlement they both accept.10 Moreover, mediation could be viewed as a process of facilitated negotiation, under which, disputants parties have an actual opportunity to settle early, reducing (emotional) stress, acrimony and legal costs. At the same time, mediation is a way for the opposing parties to save time through a constructive dialogue. According to the revised definition of mediation of the Centre for Effective Dispute Resolution (CEDR): ‘Mediation is a flexible process conducted confidentially in which a neutral person actively assists parties in working towards a negotiated agreement of a dispute or difference, with the parties in ultimate control of the decision to settle and the terms of resolution’.11 This definition seeks to emphasise the idea that while mediation is a process with a powerful format, it is nevertheless fundamentally flexible. Furthermore, it highlights that mediation is a safe environment where parties can talk freely, experiment with ideas and are ultimately in control of the process. It also stresses that mediators should be proactive in assisting parties to find a solution, although the parties have ownership of the outcomes.12 The key features and benefits of mediation as an alternative dispute resolution method13 could be listed as following14: (i) In comparison to litigation and/or arbitration, mediation is time effective. A dispute may be resolved just in some hours, since no lengthy submissions, cross examination, discovery and legal arguments are involved. (ii) Mediation is a voluntary process. This means that the opposing parties are the ones who decide and actually try to resolve their dispute through mediation. The outcome of mediation (if any) is commonly elaborated and agreed by the parties. Even in jurisdictions such as in England and Wales where the civil litigation rules do not make mediation mandatory, there is pressure on parties to go to mediation before going to trial. Mediation clauses are also increasingly used in commercial contracts instead or as a supplement to arbitration clause. Furthermore, in mediation, the parties have the power and opportunity to choose their mediator and they have control on their dispute too. Of course, the parties may be compelled to go to mediation but they cannot be compelled to reach a settlement. This would be contrary to the protection of the right to access to court and the right of a person to be heard by a court in a judicial scheme, as well as to each person’s private auton See further, Walker (2017a), pp. 15–16, 28–30, 32–36.  See CEDR, ‘CEDR revises definition of mediation’ (2004, November 1), available at https:// www.cedr.com/solve/mediation/. 12  See the above footnote. 13  Regarding the various mediation models, see Walker (2017a), p. 74. 14  See Plevri (2018), pp. 235–237. 10 11

17  Alternative Dispute Resolution (ADR) & Online Dispute Resolution (ODR) for EU…

371

omy. All these rights are of course protected by the Constitution of each state and the European Convention on Human Rights (ECHR, Article 6). Thus, in mediation, the parties only settle their dispute if they want to settle.15 (iii) The outcome of mediation is binding and enforceable for the parties according to the provisions of the national mediation legislation of each state and when it comes to the EU, under the Directive 2008/52/EC of the European Parliament and of the Council of 21 May 200816 on certain aspects of mediation in civil and commercial disputes.17 (iv) Τhe procedure of mediation in total is confidential.18 This means that any information disclosed during mediation may not be used in subsequent arbitration or litigation proceedings (without prejudice). The element of confidentiality is crucial in all stages of the mediation process, meaning preparation, opening, exploration, negotiation and closing. This specific aspect of mediation is very important in connection with the reputation, fame, personal information, data, etc. for both individuals and corporations. It is also remarkable that the advantage of confidentiality in mediation provides to the parties the opportunity to resolve their differences in a way that will not attract negative publicity. They actually have the chance to disclose infor Walker (2017a), p. 33.  Directive 2008/52/EC of the European Parliament and of the Council of 21 May 2008 on certain aspects of mediation in civil and commercial matters (hereinafter Parliament and Council Directive on Mediation), available at: http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2008:1 36:0003:0008:En:PDF. 17  On the implementation of the Mediation Directive in the EU, see the June 27th 2017 Report on the implementation of Directive 2008/52/EC of the European Parliament and of the Council of 21 May 2008 on certain aspects of mediation in civil and commercial matters (the ‘Mediation Directive’), of the Committee on Legal Affairs of the EU.  Rapporteur: Kostas Chrysogonos. Available at: http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP// TEXT+REPORT+A8-2017-0238+0+DOC+XML+V0//EN#title1. The main findings of the above report, among others, are: Almost all Member States opted to extend the Directive’s requirements to domestic disputes too. A number of Member States allow the use of mediation in civil and commercial matters, including family and employment matters, while not explicitly excluding mediation for revenue, customs or administrative matters or for the liability of the State for acts and omissions in the exercise of State authority. All Member States foresee the possibility for courts to invite the parties to use mediation. 15 member states introducing the possibility for courts to invite parties to information sessions on mediation. Less than half of the Member States have introduced an obligation in their national laws to spread information about mediation. The report also noted the need of a balanced relationship between mediation and judicial proceedings. See also, Tymowski (2016). In addition, on 27 November 2018, the EU Parliament organised an inter-parliamentary committee meeting, in cooperation with the European Network of Ombudsmen. Members of the 28 national parliaments were also invited. In this committee meeting, the key findings of the briefing note titled: ‘A Ten-Year-Long EU Mediation Paradox  – When an EU Directive Needs To Be More … Directive’ were presented. More specifically, it was noted that ten years since its adoption, the EU Mediation Directive remains very far from reaching its stated goals of encouraging the use of mediation and especially of achieving a ‘balanced relationship between mediation and judicial proceedings’ (Article 1 of the Directive). The entire briefing note is available at http://www.europarl.europa.eu/RegData/etudes/BRIE/2018/608847/IPOL_ BRI(2018)608847_EN.pdf. The link to the video recording of the meeting, simultaneously interpreted in the 23 official languages of the EU is the following: http://www.europarl.europa.eu/ ep-live/en/committees/video?event=20181127-0930-COMMITTEE-PETI-JURI. 18  See Walker (2017a), pp. 33–34, 127–130, 229–237. 15 16

372

A. Plevri

mation in a “safe environment”. (v) Through mediation, the parties have the chance to restore and preserve their future relationships or even create opportunities of further cooperation, etc. It is well known that the “litigation battle” creates enemies, while mediation does not. In addition, in the mediation framework, the parties have the possibility to find effective solutions, tailor made to their interests and needs. This is an opportunity that is not possible in court proceedings, where specific remedies apply and there are limitations on the certain content of court’s orders. (vi) When it comes to the cost of mediation, compared to that of litigation and/or arbitration, there is a clear advantage of mediating especially early in the timeline of a dispute.19 It is about the potential cost that one can save from an early settlement. In any case, “the cheapest lawyer is a settlement”.20 Based on the above analysis, one could conclude that mediation is not a panacea for all kinds of dispute.21 As any other process, mediation has disadvantages, which are often overlooked. For instance, parties should not use mediation to get to the truth of disputed matters but to find a mutually acceptable solution. Moreover, while in litigation, lawyers have legal arguments, tools and methods to produce evidence and testimony, this is not the case in mediation. Mediators have specific skills that may help restore balance, but there is a limit to what they can do. Finally, mediation may not be successful and the parties may not reach an agreement. In this case, the disputants will have to go through the time-consuming and expensive process of a trial after having spent time and money in mediation. On the mediator’s role,22 it should at first be noted that the mediator is a third, neutral person, who tries, by using specific skills and techniques such as active listening, open questioning, positive reframing, empathy, acknowledgement of the emotions of the parties and summarising, to help the opposing parties to reach an amicable solution and resolve their dispute in a mutually acceptable manner. The mediator is neither a judge nor an arbitrator. As a third, neutral, intermediary person, the mediator listens to potential apologies, explores possible points of settlement and realistic solutions, discusses with each party possible agreements, and23 prioritises the main points of the dispute and the key issues for each party. Moreover, every mediator should practice of course in compliance to the fundamental rules of conduct for mediators according to the national legislation of each state (if any) and in the EU, under the European Code of Conduct for Mediators.24 The European Code of Conduct for Mediators sets out a number of principles to which individual mediators may voluntarily decide to commit themselves, under their own responsibility. It may be used by mediators involved in all kinds of mediation in civil and commercial matters.  This is of high importance for jurisdictions where civil or commercial claims (too) are decided by jury and/or the legal costs in litigation are high. 20  Quote of unknown American. 21  Plevri (2018), p. 237. 22  See in detail, Walker (2017a), pp. 39–49, 51–58. On the mediation profession, business or job, see Walker (2016, 2017b). 23  Zone of Possible Agreement, the so-called ZOPA. 24  Available http://ec.europa.eu/civiljustice/adr/adr_ec_code_conduct_en.pdf. 19

17  Alternative Dispute Resolution (ADR) & Online Dispute Resolution (ODR) for EU…

373

3  Legislative Framework of ADR and ODR in Cyprus 3.1  Mediation in Cyprus Cyprus25 is a state with a mixed legal system26 and not a pure common law jurisdiction. The major parts of the law, though, belong to the tradition of common law. Mediation has been introduced in Cyprus by the (applicable) Mediation on Civil Disputes Law 159(I) of 2012,27 which was enacted on 16 November 2012 and governs the mediation process.28 This law harmonised Cypriot legislation with the (above) Mediation Directive 2008/52/EC29 of the European Parliament and of the Council of 21 May 2008 on certain aspects of mediation in civil and commercial matters. In this way, Cyprus adopted appropriate legislation regarding mediation. Yet, this was not enough to actually have mediation practice in Cyprus and to benefit from its advantages. In any case, the adoption of laws does not necessarily result in a broader understanding and actual practice of mediation.30 The theoretical influence of the “Anglo-Saxon mediation” is more or less present in the model of mediation in European countries,31 especially when it comes to communication techniques and psychology elements in training, principle of confidentiality in the procedure and the fact that the final solution-outcome of mediation should be reached by the parties. The provisions of the above law are applicable to certain aspects of civil and commercial disputes, whether cross-border or not, as well as to cross-border labour disputes. Under the provisions of the Mediation Law, mediation is regulated in Cyprus32 as an alternative, voluntary, out of court, confidential and cost effective dispute  Cyprus was a British colony until 1960. After 1974, the island is until now divided in two parts. The south part is the Republic of Cyprus has a Greek-Cypriot population and is a member of the European Union. The north part of the island is the part where the Turkish-Cypriots live and is not a member of the European Union. This paper refers to the legal order of the Republic of Cyprus. 26  See Hatzimihail (2013). 27  See, the website of the Cyprus Bar Association: http://www.cyprusbarassociation.org/index.php/ en/for-lawyers/mediation where there the Law 159 (I) of 2012 is available in Greek. The law is also available in Greek at www.cylaw.org. 28  See Emilianides and Charalampides (2014), pp. 103–123 on the monistic legal framework of Law 159 (I)/2012. See Emilianides and Xenofontos (2012), pp. 92–94, regarding the long tradition of Cyprus of mediation mechanisms in labour law disputes. 29  On the transposition of the EU Mediation Directive in Cyprus, see Emilianides and Charalampides (2014), pp.  103–123; Emilianides and Xenofontos (2012), pp.  87–95; Georgiades (2012), pp. 47–58; Georgiades (2014), pp. 99–107. 30  See Plevri (2018), p. 241. 31  For a short summary of mediation in China, where there is a millennial tradition in mediation, 4 kinds of procedures and 800,000 centres of mediation, see Tang (2014). 32  Article 2 of Law 159 (I)/2012: ““mediation” means a structured process, however named or referred to, whereby two or more parties to a dispute attempt by themselves, on a voluntary basis, to reach an agreement on the settlement of their dispute with the assistance of a mediator. Provided that, it excludes any attempt that may be made by the Court or judge seized to settle a dispute in the course of judicial proceedings concerning the dispute in question”. 25

374

A. Plevri

resolution method.33 Unfortunately in the Cypriot culture, there is no tradition on mediation although other types of ADR such as arbitration are often in practice especially in commercial and construction disputes. In this framework, the current actual mediation practice in Cyprus is moving slowly despite the fact (as a reality in other countries of Europe) that this method of ADR could actually resolve many disputes, in a jurisdiction where a period from 3 to 8 years approximately is usually needed to achieve a final and enforceable34 court’s decision in civil and/or commercial disputes because of the large caseload that is overwhelming the courts. Consequently, this is causing substantial delays to the administration of justice. At this point, the findings of a very recent report on the Functional Review of the Courts System in Cyprus, conducted and delivered by the Institute of Public Administration of Ireland, dated March 27 of 201835 are very enlightening. In the above report it is stated that: (i) “Serious deficiencies with the operations of the courts system highlighted in previous reports e.g. Erotocritou Report (Report of the Supreme Court on operational needs of the courts, 2016)”, (ii) “Comparative EU studies e.g. EU Justice Scoreboard, show that while Cyprus scores relatively highly on judicial independence, it scores poorly on measures of efficiency e.g. length of time for case to be processed through the courts, and measures of quality e.g. information available to the public”. Furthermore, it was emphasised that the key challenges of the system are: (i) “Problem of delay in the system is chronic, and the backlog of cases is growing year by year”, (ii) “Average waiting time for hearing of an appeal at the Supreme Court was 6.3 years at end- 2016, with 4300 cases pending at the end of that year”, (iii) “In the past 10 years the number of civil and criminal appeals filed has increased by over 90%”, (iv) “In District Courts the main area of delay is with Civil Cases, where the backlog is increasing year by year”. In addition, in the above report it is noted regarding the delays in Cypriot justice, that there are “serious implications of the delays for reputation, business and investment, and rule of law” and there is “little use of alternative dispute resolution”. Thus, it is explicitly stated in the report that “to continue with the current system without major reform is not an option”.

 According to the legislation, there are certain prerequisites for the official registration of mediators to the Mediation Registry of the Ministry of Justice and Public Order, which include necessary mediation training, etc. A register of mediators has been created under the supervision of the Cypriot Ministry of Justice and Public Order, and a number of mediation training courses are taking place in Cyprus on a frequent basis. 34  See the 2018 and 2017 EU Justice Scoreboards, published by the European Commission, which give a comparative overview of the quality, independence and efficiency of justice systems in the European Union and aims at assisting Member States to improve the effectiveness of their justice system. More specifically figures 4, 5, 7, 8, 10 and 11, where statistics about Cyprus (among other Member States) are provided, see https://ec.europa.eu/info/policies/justice-and-fundamentalrights/effective-justice/eu-justice-scoreboard_en and http://ec.europa.eu/justice/effective-justice/ scoreboard/index_en.htm. 35  See http://www.supremecourt.gov.cy/Judicial/SC.nsf/All/F8C912FFF71E0020C225825D0038 F145/$file/Functional%20Review%20of%20Courts%20System%20of%20Cyprus%20IPA%20 Ireland_Final%20Report%20March%202018.pdf. 33

17  Alternative Dispute Resolution (ADR) & Online Dispute Resolution (ODR) for EU…

375

It is moreover important that among the recommendations of the report, especially on the area of ADR, there is a proposal to “introduce ADR mechanisms in consumer disputes and injuries assessments, and consider making recourse to these a requirement prior to recourse to court” and “amend Rules of Court to support mediation, particularly to be encouraged where settlement is a likely outcome”. It is worth noting that the Ministry of Justice and Public Order of the Republic of Cyprus is currently exploring ways to promote effectively mediation. In this framework, the Ministry has commissioned experts to conduct a study on various issues related to the institution of mediation, which primarily concern the quality of service provided by mediators, as well as to inform the public about mediation and access to mediators. The content of this study includes specific suggestions regarding the reform of the mediation legislation of Cyprus, specially the Mediation on Civil Disputes Law 159 (I) of 2012. Briefly, the above study contains a comparative overview of the institution of mediation in Europe, various “types of mediation” that could be implemented in Cyprus, possible ways of upgrading the quality of mediation services and promote mediation in Cyprus and finally specific suggestions of necessary amendments to the legislation on mediation, civil procedure, etc. It should be noted that one of the proposals of this study is the implementation of compulsory mediation in specific categories of civil and commercial disputes, such as claims up to 10,000 euro. Lastly, the Ministry has raised a number of issues related to mediation and the findings of the above study for consultation with any interested party. This (public) consultation process ran until 28 September 2018.36 The provisions of the Cypriot Mediation on Civil Disputes Law 159(I) of 2012 are applicable to certain aspects of civil37 and commercial disputes, whether cross-­ border or not, as well as to cross-border labour disputes.38 This law is not applicable to family disputes as it is explicitly defined in Article 2 of the law regarding its scope. The wording of the above law is broad enough to capture the whole spectrum of commercial disputes, as well as every kind of civil dispute.  See further http://www.mjpo.gov.cy/mjpo/MJPO.nsf/All/35831E1FF7421AE2C22582E300384 881?OpenDocument (August 8th, 2018) (in Greek) and http://www.cylegalnews.com/2018/08/ blog-post_25.html?m=1 (in Greek). 37  Article 2 of Law 159 (I)/2012: “In this Law, unless the context otherwise provides- “civil dispute” means any dispute which may be an object of civil proceedings by the meaning assigned to this term by virtue of the Courts Law and includes labor disputes but does not include family disputes. “Commercial dispute” means dispute arising from a commercial transaction between undertakings or between undertakings and public authorities, as this term is interpreted by the Combating Late Payment in Commercial Transactions Law”. 38  Article 3 of Law 159 (I)/2012: “3. – (1) Subject to the provisions of subsection (2), this Law shall be applied to civil disputes, including cross-border disputes. (2) This Law shall not apply - (a) to any civil disputes, whether cross-border or not, concerning certain rights and obligations, for which the parties are not free to decide themselves under the relevant applicable law; (b) to labor disputes which are not included in the cross-border disputes, notwithstanding if no rights and obligations are raised thereof, for which the parties are not free to decide themselves under the relevant applicable law (c) to any revenue, customs or administrative disputes, or matters relating to the liability of the state for acts or omissions in the exercise of state authority. (“acta jure imperii”). 36

376

A. Plevri

Moreover, the above mediation law does not apply to any dispute in which the parties have no freedom to determine pursuant to the applicable law, and to tax, customs, administrative disputes or disputes concerning the state’s actions or omissions. This law constitutes an attempt to regulate the mediation process by containing provisions for, among others, the creation of a register of mediators and relevant minimum requirements, mediators’ duties during the mediation process, procedural matters of the mediation process, the role of the court and the issue of the enforcement of any settlement agreement reached. The  Financial Ombudsman of the Republic of Cyprus examines consumers’ complaints against credit institutions with a view to settling those disputes and moreover aids and cooperates with certified mediators to resolve financial disputes between consumers and banks pursuant to the provisions of Law 84(I)/2010 on “the establishment and operation of a single agency for the out-of-court settlement of disputes of a financial nature (financial ombudsman)”, which was enacted to implement EU Commission Recommendation 98/257/EC.  Under Law 84(I)/2010, as amended or replaced, debt restructuring mediations are actually taking place in Cyprus between consumers and banks. Online Dispute Resolution is established in Cyprus for disputes between consumers and businesses via the Consumer Protection Service of the Ministry of Energy, Commerce and Industry, under the relevant European and national legislation, which is the Directive 2013/11/EU of the European Parliament and of the Council of 21 May 2013 on alternative dispute resolution for consumer disputes and amending Regulation (EC) No. 2006/2004 and Directive 2009/22/EC (Directive on consumer ADR),39 the Alternative Consumer Dispute Resolution Law of 2015 (No 85 (I)/2017) and the Regulation (EU) No 524/2013 of the European Parliament and of the Council of 21 May 2013 on online dispute resolution for consumer disputes and amending Regulation (EC) No. 2006/2004 and Directive 2009/22/EC (Regulation on consumer ODR).40 Although no relevant official statistics are available, the truth is that the civil and commercial mediation practice in Cyprus today, seven years after the enactment of the mediation Law (159 (I)/2012), is an unfortunately just an exception and mediation is not an actual part of the dispute resolution sector in civil and commercial cases. The existence of a mediation legislation itself is not enough in order to promote and enhance the use of mediation in practice. This is the case for Cyprus too. The local legal culture performed an indolent resistance to embracing the full benefits of the mediation process. In addition, it is notable that Section 15 (1) of the Mediation Law41 provides that the court before which an action  http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex:32013L0011.  http://eur-lex.europa.eu/legal-content/EN/ALL/?uri=celex:32013R0524. 41  Article 15 of Law 159 (I)/2012: “15. -(1) A Court, before which judicial proceedings are brought, in relation to a case that falls within the scope of this Law, at any stage of the proceedings and before the issue of a decision, may (a) invite the parties to appear before it, to inform them on the use of mediation and the possibility of settlement of their dispute by using this procedure; and (b) upon a common request of all the parties or one of them, with the explicit consent of the others, when appropriate and having regard to all the circumstances of the case, postpone the judicial proceedings so that mediation can take place. (2) In the event that any of the parties does not agree 39 40

17  Alternative Dispute Resolution (ADR) & Online Dispute Resolution (ODR) for EU…

377

is pending may invite the parties to attend an information session on the use of mediation and the possibility of resolving the dispute via mediation. In that case, any of the parties may veto the above suggested possibility and the consent of all parties is required before the power of the court to stay proceedings for mediation to take place is exercised. Another important notice is that the general “picture” of the relationship of the (civil) justice system and ADR in Cyprus, is characterised by the combined absence of both a court’s power to compel parties to participate in any form of ADR practice, other than arbitration and a substantive or procedural obligation on litigants to consider ADR before the proceedings start. According to my view, the reasons for holding back the actual practice of mediation in Cyprus could be summarised as follows. Firstly, there is the fact that the majority of people, businesses, companies, etc. do not actually know much or even regarding this ADR method. This means that the levels of awareness of mediation in Cyprus are very low. In other words, there is a misinformation gap on the potential benefits mediation may confer over the litigation process in Cyprus. In addition, it has to be noted that the “attitude” of the Bar has contributed into the above result. Lawyers should play an important role at promoting and encouraging mediation as an effective way of avoiding costly and time-consuming court cases, where only one can be the winner.42 This role could be seen as a duty of lawyers. Secondly, filing an action to court in Cyprus in general, is not too expensive and the costs of civil litigation are not as high as they are in other jurisdictions, for example the UK or in the USA, where ADR methods are “blooming”. Thirdly, courts in Cyprus are not doing enough to promote and encourage mediation at the early stages of a dispute. Finally, the popularity of mediation in Cyprus could increase if the mediation law would be amended in a way that a power is conferred on the court to compel parties and their legal representatives to engage in the mediation process and moreover to consider, acknowledge and embrace the full benefits of mediation as an effective dispute resolution method. The option of “compulsory mediation” as a pre-trial condition before the hearing of a claim or by court mandate is a possibility for every European legislator in the framework of a justice system and its relationship with ADR. This policy maintains that mediation is an adjunct to, not a replacement for, litigation. The success, flexibility and effectiveness of this model of mandatory mediation may be an issue in to use mediation, the Court shall proceed with the judicial proceeding. (3) In the decision of the Court to postpone the judicial proceeding, issued by virtue of subsection (1) explicit reference is made to the consent of the parties and to the duration of the mediation, which may not exceed three (3) months. (4) With the completion of the time-limit set out in the Court decision, the parties shall inform the Court of the procedure followed and the result of the mediation and may, in case no agreement on the settlement is reached, ask for extension of the duration of the mediation, for a period not exceeding three (3) months. (5) The Court may, in proprio motu, or, at the request of any of the parties, interrupt the mediation procedure before the end of the time-limit provided for by virtue of this section. (6) A Court decision issued by virtue of subsection (4) or by subsection (5) is not subject to an appeal.” 42  See Levitt (2017).

378

A. Plevri

comparison to voluntary mediation and remains to be seen. In this context, it is crucial that among the recommendations of the report on the Functional Review of the Courts System in Cyprus, conducted and delivered to the Cypriot Ministry of Justice and the Supreme Court by the Institute of Public Administration of Ireland on March 2018, there is a clear proposal of introducing ADR mechanisms in consumer disputes too. Additionally, the proposal of amending the Rules of Court to support mediation and particularly to be encouraged, where settlement is a likely outcome, would be an important “step” towards the improvement of both the judicial reality and the development of mediation in Cyprus.

3.2  Arbitration in Cyprus Arbitration is a form of dispute resolution where parties can usually nominate arbitrators of their trust for all (civil or commercial) disputes arising out of or in connection with a specific contract. The primary reasons for every sector of industry to prefer arbitration instead of litigation in courts are actually the problems with the existing legal system themselves.43 On the legislative arbitration framework in Cyprus, domestic arbitration in Cyprus is ruled by the Arbitration Law (Chapter 4). This law was implemented in Cyprus in 1944 and regulates the framework for conducting (domestic) arbitrations in Cyprus by laying down rules on the arbitration procedure, powers and duties of the arbitrator, the rights and obligations of the parties and the scope for judicial review of arbitration awards. The above law has remained the same since 1944 and is similar to the UK’s Arbitration Act of 1950. It is clear that a modernisation of the law is more than necessary. When it comes to the international commercial arbitration in Cyprus, Law 101/1987 is applicable. It is clear that companies/businesses unprepared or not aware of ADR methods are likely to lose market share and face economic losses in case of the arising of a  When it comes to the question why choose arbitration over litigation to resolve disputes arising of any kind of business, one could notice that the important benefits of confidentiality, neutrality and expertise, profound technical knowledge and experience on behalf of the arbitrator(s) (in any case, proficiency in these skills is not usual when it comes to judges), seem to be key factors in answering the above question. Parties also choose arbitration because this process can (mainly, but not always) be faster than court proceedings. This is the reality in Cyprus too. The question is whether arbitration is actually cheaper than court proceedings. This depends on many factors such as whom the parties have appointed as arbitrators, the complexity of the case, the duration of the procedure and whether the award is challenged before the domestic courts. Overall, however, arbitration is often cheaper because, to an extent, the parties control the process and the procedure. It is not dictated by national Courts’ rules. In summary, the advantages of arbitration are: (a) worldwide enforceability of awards because of the New York Convention of 1958, (b) internationality: common rules and standards, (c) dispute decided by arbitrators who are nominated, appointed and trusted by the parties, (d) specialisation, experience and neutrality of the arbitrators, (e) the fact that there are very limited grounds for appeal, (f) the fact that the language to be chosen freely, (g) the efficiency, confidentiality of the process, (h) the time and cost effectiveness and (j) the neutral forum for parties from different states, minimising the risk of national bias. 43

17  Alternative Dispute Resolution (ADR) & Online Dispute Resolution (ODR) for EU…

379

civil, commercial dispute, etc. A valid and binding arbitration clause is therefore needed in parties contracts. A very often and effective process is also the hybrid arbitration processes of “med-arb”, where a relevant clause is needed. The legal seat of arbitration is a key because it determines the law that will govern the conduct of the arbitration proceedings and issues such as the availability of interim measures or the likelihood of involvement (and interference) in the arbitration by the national courts. Ad hoc international arbitrations are frequently governed by the law of the seat only. By way of example, if the seat is Cyprus, the parties will follow the Arbitration Act (Chapter 4) or the International Commercial Arbitration Law. Small consumer claims, meaning claims up to 5000 euros (interest and expenses not included) per product in every sales contract could be resolved in Cyprus through arbitration44 according to the out of court resolution of consumers claim via arbitration Law No 148 (I)/2015.45 This law aimed to harmonise the Cypriot ­legislation with the European Directive 2013/11/EU of the European Parliament and of the Council of 21 May 2013 on alternative dispute resolution for consumer

 See: http://www.arbitration.com/blog/interaction-between-the-arbitration-act-and-the-consumer-protection-act/. Posted on July 18th, 2017: “In the USA, the Arbitration Act allows for the parties of a contract to agree to arbitration in the event that a dispute arises. However, the Consumer Protection Act prohibits mandatory arbitration clauses in consumer agreements. These contradictors results can create confusion. Basically, the interaction between these two acts is that arbitration cannot be forced before a dispute arises. However, once the dispute is evident, the parties can agree to arbitration. Consumer agreements includes an agreement between a merchant that provides goods and services to an individual for personal or household purposes. The Consumer Protection Act is premised on the idea that consumers may not be able to fully comprehend the implications of an arbitration clause before the goods or services are provided and not in an equal position to merchants. However, by eliminating the ability to contract to arbitration before a dispute arises, the end result may be to diminish consumer rights by preventing them from entering into arbitration agreements that could help resolve consumer disputes. There are a number of advantages to participating in arbitration that consumers can benefit from. This includes realizing a faster resolution of the case. Litigation is extremely time-consuming. It may take years before a consumer protection claim goes to court. Arbitration may help resolve the claim in a fraction of the time. Additionally, arbitration awards can usually not be appealed while verdicts can, which further increases the amount of time that a claim can be pending. In litigation, complex rules may be used, resulting in extensive discovery and months of reviewing documents and other evidence. The parties in arbitration can agree to simplified rules so that the parties are on a more even playing field. In arbitration, the parties can choose someone who has subject matter expertise instead of be assigned a random judge with no particular sophistication in the case at hand”. See also: http://www.reuters.com/article/bc-finreg-california-arbitration/california-may-curb-mandatory-arbitration-provisions-in-consumer-financial-contracts-idUSKBN1AI2KW (last access: 16/11/2017). “California may curb mandatory arbitration provisions in consumer financial contracts. It should be no surprise then that California is taking action on arbitration provisions in consumer contracts for financial products and services independently from the U.S.  Consumer Financial Protection Bureau, which issued its own final arbitration rule on July 10”. 45  Since the commencement date of Law 148(I)/2015, the Law 78(I)/2011 on the out-of-court settlement of consumer claims via arbitration has been abolished, according to Article 41 of the of Law 148(I)/2015. 44

380

A. Plevri

disputes and amending Regulation (EC) No 2006/2004 and Directive 2009/22/EC, the so-called “Directive on consumer ADR”.46 Under the above law, a trader based in Cyprus may agree with a consumer who is based in Cyprus or in another Member State of the EU, meaning in both domestic and cross border contractual disputes on sales of goods or services, to resolve them via arbitration. Under Article 3 (2), this law is not applicable, among others, in a procedure that started from a trader/supplier against a consumer. The competent state authority to manage this process and organise the Registry of the Traders who agree to be involved in this consumer arbitration procedure and the Arbitrators Registry is the Office for Competitiveness and Consumer Protection of the Cypriot Ministry of Energy, Trade, Industry and Tourism. The procedure starts by filling an application to the above Office on behalf of the consumer. Before that, the consumer has to secure a written consent on behalf of the other party, meaning the trader, that he agrees to this arbitration procedure, except if the trader is already registered in the relevant Registry (Article 14 (1)). Article 27 (1) of the above law states that the arbitrator should deliver his/her award in 15 days after the final hearing, and in any case the procedure should be over in a period of 90 days from the date that the competent Office received the full file of the claim. There is of course a right (by the Office) to extend this period [Article 27 (5)]. When it comes to the fees of the arbitrator, the first Annex of the above law states that these should be paid by the applicant and it is 85 euro per case per arbitrator for each consumer claim up to 2500 euros and 170 euro per case per arbitrator for each consumer claim higher than 2500 euros. It is worth noting that in general, the provisions of this law are quite similar with those of the Law 85 (I)/2017 on the Online Dispute Resolution (ΟDR) of consumer disputes, which is in force since July 2017.47 This law will be discussed further below. Finally, it should be noted that there is a lot of fair criticism on the failure of Law 148/2015 to convince businesses and traders to adapt arbitration as an ADR method.

4  Online Dispute Resolution: An Evolution in ADR Online Dispute Resolution (ODR) is the alternative dispute resolution process which is carried out online with the help of online technology. In a nutshell, one could indeed claim that, in order to start a cross border litigation, a European lawyer needs to know at least 10 EC regulations. Of course, there are other ways of dealing with a cross border dispute, much easier to cope with. One solution could fall under the Directive 2008/52 on mediation in civil and commercial matters. As already stated, there is a huge debate about mediation and its pros and cons. For the time  http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32013L0011 15/11/2017). 47  7th of July 2017. 46

(last

access:

17  Alternative Dispute Resolution (ADR) & Online Dispute Resolution (ODR) for EU…

381

being, mediation is not delivering as expected at least in Cyprus (and Greece). Still, there other ADR paths suitable for cross border cases. Such a mechanism is the Online Dispute Resolution (ODR) which is established in several kinds of disputes of a particular nature by the European Union and seems to actually work in several cases of cross border disputes. An example of a category of disputes where the EU has established ODR is the domain name disputes under the European code “.eu”. This alternative to the costly and definitely lengthy solution of cross border litigation exists since 2006 in the framework of the Regulation 874/2004, which establishes a unified EC-wide ADR procedure that is expeditious, fully digitalised, harmonises the applicable law in question and sets aside all the problems connected with cross border litigation. It is worth noting that since February 2006, the .eu ADR Dispute Resolution Centre (also called Czech Arbitration Court (CAC)) operates under the auspices of the European Union. The headquarters of the .eu ADR Centre are situated in Prague, Czech Republic. Currently, it is the sole Dispute Resolution Body dealing with complaints related to disputes arising from the use of .eu domain names. The official web site of CAC is: https://www.adr.eu.48

5  A  lternative Dispute Resolution of Consumer Disputes: ODR for EU Consumers—The ODR Platform—Settling Consumer Disputes Online49 Consumer’s complaints or claims on goods or service they have bought could be settled out of court using ADR methods. The term ADR includes all the ways of resolving a complaint which do not involve court’s procedures. Typically, consumers ask a neutral third party to act as a mediator between them and the trader; this neutral third party is called an ADR entity. The ADR entity can then suggest or impose a solution, or simply bring the parties together to discuss how to find a solution. This is also known as “mediation”, “conciliation”, “arbitration”, “ombudsman” or “complaints’ board”. Αs already stated, in comparison to litigation, ADR methods are usually quicker, simpler and cost effective. How European consumers are or could be helped by ODR when it comes to consumer disputes in comparison to the traditional court proceedings?50 ODR is an ADR procedure conducted entirely online.51  The basic operating principles of the .eu ADR Court are defined in Articles 22 and 23 of Regulation 874/2004. These provisions provide for the possibility of adjudication through either a single arbitrator or a three member arbitration committee [or Panel] (Article 23 § 2 para. A). Publication of the decisions on the website of the provider [www.adr.eu] is mandatory. See also, www.nic.cy for the Cypriot registry and www.gr for the Greek registry. 49  http://www.eccireland.ie/popular-consumer-topics/online-dispute-resolution-odr/ (last access: 16/11/2017) 50  Jeretina and Uzelac (2014), pp. 39–72. 51  See the Report of the ICC Commission on Arbitration and ADR on Information Technology in 48

382

A. Plevri

On the benefits of ADR/ODR, consumers and traders will be more confident in trading online and across borders. In addition, this is a way for the consumers to settle their disputes out of court in a simple, fast and low-cost way. Moreover, ADR/ ODR has the ability to contribute to the development of a new culture of out of court, conciliatory dispute resolution between consumers and traders in the EU. This way consumers will be encouraged to seek redress even for low-value purchases and enforce their rights. EU traders could and will benefit from ADR/ODR too. Currently, 60% of the EU traders do not sell online to other countries because of the perceived difficulties of solving a problem arising from such sales. ADR/ODR could save on costly court proceedings, as well as maintain business reputation and good customer relations. Moreover, the European Commission launched on the 15th of February 2016 an online platform where consumers and traders can resolve online disputes arising of purchases made online. This ODR platform offers a single point of entry that allows consumers and traders across the EU to settle their disputes arising from both domestic and cross-border online markets and purchases. Via this online platform, disputes are channelled to national ADR bodies (providers) which are connected to the platform and have been selected by the Member States according to quality criteria and notified to the Commission. The ODR Platform is set up and maintained by the European Commission. To allow consumers to file a complaint, online traders must provide an electronic link to the ODR Platform.52 This obligation entered into force on January 19, 2016, but the ODR Platform was launched on February 15, 201653 to allow for a maximum geographical and sectoral coverage across the European Union as Member States had first to assess and notify to the Commission the national ADR entities. Around 162 Alternative Dispute Resolution (ADR) bodies from 22 Member States are connected to the Online Dispute Resolution (ODR) platform. The European Commission is working with the Member States in order to achieve a full coverage of all Member States and sectors as soon as possible. On average, it takes a maximum of 90 days for cases to be solved. The experience of European consumers who have used ADR tends to be positive: 70% were satisfied by the way their complaint was handled through this procedure. This is an additional way for consumers to solve their disputes and does not replace the possibility of going to court, which is however usually more costly and takes longer. Thus, only 45% of consumers are satisfied by the way a court handled their complaint. Traders also benefit from this platform, as ADR procedures will help them avoid costly litigation fees and maintain good customer relations. The legal basis for the International Arbitration, https://iccwbo.org/publication/information-technology-internationalarbitration-report-icc-commission-arbitration-adr/. 52  https://ec.europa.eu/consumers/odr/main/index.cfm?event=main.home.show&lng=EN (last access: 16/11/2017). 53   The ODR Platform is accessible here: https://ec.europa.eu/consumers/odr/main/index. cfm?event=main.home2.show&lng=EN.

17  Alternative Dispute Resolution (ADR) & Online Dispute Resolution (ODR) for EU…

383

creation and establishment of the EU-wide ODR platform to facilitate online resolution of contractual disputes between EU consumers and traders over purchases made online is the EU Regulation No 524/2013 of the European Parliament and of the Council for the online resolution of consumer disputes54 (amending the EU Regulation No 2006/2004 and the EU Directive 2009/22), which describes the main functions of the platform, as well as the workflow for the disputes that are being submitted through it. This EU ODR platform links all the ADR entities notified by the Member States in line with the ADR Directive. Under the above legislation, traders must also provide a link to the EU ODR platform on their website.55 The platform is user-friendly, multilingual56 (“choose your language”), accessible to all57 and on all types of devices. Everything is done in four, simple steps. (i) At first, the consumer fills in an online complaint form on the platform in three simple steps and submits it. The platform offers users the possibility to conduct the entire resolution procedure online. Member States have to establish a national contact point to provide assistance to users of the ODR platform. The list of these national contact points is available on the ODR platform. The complaint is sent to the relevant trader, who proposes an ADR entity to the consumer. (ii) Once consumer and trader agree on an ADR entity to handle their dispute, the EU ODR. (iii) The ODR platform transfers automatically the complaint to the quality dispute resolution bodies communicated by Member States. (iv) The ADR entity handles the case entirely online and reaches an outcome in 90 days. Finally, it is worth to note that within the first year of use of the EU ODR platform, the results were very positive. Ιn this period, over 24,000 consumer complaints were filed, with more than one third of cross border transactions within the EU. Most of the complaints and disputes were related to clothing, footwear, airline tickets and information and communication technologies. Consumers across the EU have available, since the launch of EU ODR platform, an effective method to resolve disputes with traders. This could be noted as one of the benefits of the EU.

 See the 2017 Report from the Commission to the European Parliament and the Council on the functioning of the European Online Dispute Resolution platform established under Regulation (EU) No 524/2013 on online dispute resolution for consumer disputes, https://ec.europa.eu/info/ sites/info/files/first_report_on_the_functioning_of_the_odr_platform.pdf. 55  So far, 260 ADR entities are enrolled on the EU ODR platform and 27 Member States have notified the European Commission that they have fully incorporated the EU Directive (2013/11) on ADR for consumer disputes. Moreover, 24 Member States have sent the list of the certified ADR entities and 27 Member States have appointed a national contact point. Source: synigoroskatanaloti.gr and https://www.eccgreece.gr/en/greek-european-consumer-centre/. 56  It allows consumers to submit their disputes online in any of the 23 official languages of the European Union. A translation service is available on the platform to assist disputes involving parties based in different European countries. 57  https://ec.europa.eu/consumers/odr/main/index.cfm?event=main.home.chooseLanguage (last access: 16/11/2017). 54

384

A. Plevri

5.1  European Legislative Framework The legal framework for consumer Alternative and Online Dispute Resolution is established by the following acts58: (i) The Directive on Consumer ADR (ADR Directive),59 (ii) the Regulation on Consumer ODR (ODR Regulation)60 and (iii) the Commission Implementing Regulation on Consumer ODR61 (COMMISSION IMPLEMENTING REGULATION (EU) 2015/1051 of 1 July 2015 on the modalities for the exercise of the functions of the Online Dispute Resolution platform, on the modalities of the electronic complaint form and on the modalities of the cooperation between contact points provided for in Regulation (EU) No 524/2013 of the European Parliament and of the Council on online dispute resolution for consumer disputes). 5.1.1  EU Directive 2013/11/EE The EU Directive 2013/11 of the European Parliament and of the Council on ADR for consumer disputes62 ensures that EU consumers can turn to an ADR entity for all their contractual disputes in virtually all economic sectors with traders no matter where (domestically or across borders) and how (online/offline) the purchase was made. It furtherly  ensures that the ADR entities notified to the Commission by Member States will offer a high quality service and will respect core principles, such as impartiality, transparency, effectiveness and fairness.63 The ADR Directive reserves that consumers have access to ADR for resolving their contractual disputes with traders. Access to ADR is ensured no matter what product or service the consumer has purchased (only disputes regarding health and higher education are excluded), whether the product or service was purchased online or offline and whether the trader is established in the consumer’s Member State or in another one.64 This Directive also established binding quality requirements for dispute resolution bodies offering ADR procedure to consumers. Member  See the EU legislation on Alternative and Online Dispute Resolution at: http://ec.europa.eu/consumers/solving_consumer_disputes/non-judicial_redress/adr-odr/index_en.htm (last access: 16/11/2017). 59  https://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2013:165:0063:0079:EN:PDF. 60  https://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2013:165:0001:0012:EN:PDF. 61  https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32015R1051&from=EN. 62  Directive 2013/11/EU of the European Parliament and of the Council of 21 May 2013 on alternative dispute resolution for consumer disputes and amending Regulation (EC) No 2006/2004 and Directive 2009/22/EC (Directive on consumer ADR), OJ L 165, 18.6.2013, pp. 63–79 (adopted together with the Regulation). 63  See further, Europa webpage: Alternative and Online Dispute Resolution (ADR/ODR) http:// ec.europa.eu/consumers/solving_consumer_disputes/non-judicial_redress/adr-odr/index_en.htm. 64  http://ec.europa.eu/consumers/solving_consumer_disputes/non-judicial_redress/adr-odr/index_ en.htm (last access: 16/11/2017). 58

17  Alternative Dispute Resolution (ADR) & Online Dispute Resolution (ODR) for EU…

385

States’ competent authorities, after their assessment, communicate to the European Commission the list of national dispute resolution bodies.65 Οn the 29th of May 2017, the European Commission has announced the Results of the Fitness Check of consumer and marketing law and of the evaluation of the Consumer Rights Directive. The European Commission has completed its Fitness Check of consumer and marketing law66 and the evaluation of the Consumer Rights Directive. (Press release; factsheet).67 The evaluations confirm that in general consumer law remains fit for the purpose. When applied effectively, the existing rules tackle the problems that European consumers are facing today, also in online markets. However, findings also point to the need to improve awareness, enforcement of the rules and redress opportunities to make the best of the existing legislation. In addition, the evaluation shows targeted legislative changes to address certain identified shortcomings of the Directives could be beneficial. For example, in light of recent developments in the digital economy, one such change could be enhancing the transparency of online platforms. Another could be introducing EU-level rights to remedies (such as right to terminate the contract or to receive a refund of the price paid) for victims of unfair commercial practices, in view of the still relatively high occurrence of such practices. Μoreover, a Fitness Check follow-up actions, updated in October 2017, was announced. Based on these evaluations of EU consumer law, the Commission is assessing the need for possible changes in legislation. To this end, the Commission published in June 2017 an Inception Impact Assessment on targeted revision of EU consumer law directives and related consultation strategy. In addition, the Commission published in October 2017 an Inception Impact Assessment68 on the revision of the Injunctions Directive and related consultation strategy and will prepare an impact assessment, and, if necessary, present legislative proposals. The Commission carried out the following consultations for this Impact Assessment: (i) Online public consultation for 14 weeks (June–October 2017), (ii) SME panel survey (July–September 2017), (iii) structured discussions with Member States authorities and experts also via specific surveys within DG JUST networks such as Consumer Protection Network (CPN—national ministries); Consumer Protection Co-operation network (CPC—consumer protection enforcement authorities), European Consumer Consultative Group (ECCG—national consumer associations), European Judicial Network (EJN), (iv) continuation of the targeted consultation of the consumer and business organisations in the framework of the REFIT Stakeholder Consultation Group, and (v) targeted consultations of relevant stakeholders including consumer and business organisations.

 https://ec.europa.eu/consumers/odr/main/index.cfm?event=main.adr.show.  https://ec.europa.eu/info/live-work-travel-eu/consumers_en. 67  http://ec.europa.eu/newsroom/just/item-detail.cfm?item_id=59332 (last access: 16/11/2017). 68  https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2017-5324969_en. 65 66

386

A. Plevri

5.1.2  EU Regulation 524/2013 The EU Regulation 524/2013 of the European Parliament and of the Council for the online resolution of consumer disputes is based on the EU Directive 2013/11 of the European Parliament and of the Council on ADR for consumer disputes (amendment of the EU Regulation No 2006/2004 and the EU Directive 2009/22), which provides consumers with access to ADR methods on the resolution of contractual disputes with traders. The Regulation is directly applicable and valid in the entire Union since it went into force on January 19, 2016. The regulation states that the European Commission develops and operates the ODR Platform (Art. 5 Regulation). The specific functions of the platform, as well as the entire process for form filing and processing a complaint to its resolution are also set out in the Regulation (Art. 5 No. 4 and Art. 7-10 Regulation). Businesses established in the EU which  sell goods or services to consumers online need to comply with the ADR/ODR legislation. Under the heading “Consumer Information” in Article 14, there is the important obligation to provide an electronic link on the website to the ODR platform is set out. Thus, online traders that commit or are obliged to use ADR must inform consumers of the dispute resolution body/ bodies by which they are covered. They should do this on their websites and in the general terms and conditions of sales or service contracts. More specifically, they are required to provide a link (i.e., http://ec.europa.eu/odr) from their website to the ODR platform. To signpost the ODR platform, traders can use the following clickable web-banners that are available in the different EU languages. These obligations cover the followings: (i) Traders established in the Union engaging in online sales or service contracts, and online market places established in the Union (para 1). They must make the link easily accessible and include their own e-mail addresses. (ii) Traders established in the Union engaging in online sales or service contracts, who are committed or obliged to use one or more alternative dispute resolution entities (“ADR entities”) under Art. 4(1) Directive 2013/11/EU (para 2). If an offer is made by e-mail, then the link to the ODR Platform must also be included in the e-mail. Where applicable, the information must comply with the general terms and conditions for online sales and service contracts. For traders (para 1 and para 2), the link must be easily accessible, but there are no precise requirements on the placement of the link on the website. The term “easily accessible” should of course be interpreted in uniform manner throughout the EU, which means that ultimately the ECJ has to provide some guidance in this respect.69 It is worth to note that in Germany, online traders were rather reluctant to comply by placing a link to the ODR Platform on their websites. Yet, a relatively  recent judgement by the district court of Bochum70 is likely to change that. The District Court of Bochum has ruled that an online trader who does not provide a link to the  See: https://www.whitecase.com/publications/article/online-traders-new-obligation-euprovision-link-online-dispute-resolution-odr. 70  District Court of Bochum, No: 14 O 12/2016. 69

17  Alternative Dispute Resolution (ADR) & Online Dispute Resolution (ODR) for EU…

387

ODR Platform infringes on Unfair Competition Law and is prohibited from further trading online. In the judgment by the District Court of Bochum, an online trader for watches (applicant) requested a preliminary injunction by the court against another online trader of watches (defendant) who did not include a link to the ODR Platform. The preliminary injunction was granted. The court held that the defendant was obliged to include an easily accessible link as of January 9, 2016—when the Regulation went into force—although the ODR Platform was not online at the time (it was launched on February 15, 2016). Since the defendant did not provide such link, they violated Sect. 3a of the German Unfair Competition Act in connection with Article 14 para 1 sentence 1 of the Regulation (No) 524/2013. The above decision of the district Court of Bochum provides an outlook of how German courts will tackle non-compliance with the Regulation. According to Article 18 of the Regulation, it is for each Member State to decide on applicable penalties for infringements of the Regulation; yet they must be effective, proportionate and dissuasive. However, as mentioned above, it is unclear where the link must be placed on the website. Ultimately, this is for the ECJ to determine. In any case, the major task for online traders is to include the link to the ODR Platform in an easily accessible way on the website to comply with the Regulation. Finally, the above Regulation is directly applicable in all EU Member States (no transposition into national law is necessary) and therefore directly obliges online traders to follow the rules therein.

5.2  ODR for Consumers in Cyprus Law 85 (I)/2017 is the applicable law of Cyprus regarding online alternative resolution of consumer disputes. This act has entered into force since July 2017 (7.7.2017) and sets the framework for consumers to make voluntary complaints against traders to bodies providing independent, impartial, transparent, effective rapid and fair alternative dispute resolution procedures in Cyprus. The competent state authority for the control and approval of alternative dispute resolution entities in accordance with the requirements of the legislation is the Consumer Protection Service of the Cypriot Ministry of Energy, Trade, Industry and Tourism.71 The site of the Consumer Protection Service of the Cypriot Ministry of Energy, Trade, Industry and Tourism informs the consumers of Cyprus for the legal obligations of the online shops, for ADR as a method of resolving disputes and for the EU ODR platform also. In this framework, if a consumer who is a resident of the Republic of Cyprus wishes to apply to an ADR entity in order to resolve a consumer dispute with a trader located in the Republic, then he/she can contact directly an ADR entity based in the Republic

71  http://www.consumer.gov.cy/mcit/cyco/cyconsumer.nsf/All/B234AC4A5ABED7C5C2257F16 002B5F9B?OpenDocument.

388

A. Plevri

which is approved by the competent authority and listed in the ADR entities pursuant to Article 21 (1) of Law 85 (I)/2017.72 However, if the consumer resides in the Republic of Cyprus but the trader is established in another EU Member State, then the consumer may refer to an ADR entity in Cyprus73 or in another EU country through the European Commission’s E-Dispute Resolution Platform. Currently in Cyprus, there are the following ADR-­ ODR entities for consumer disputes: (i) Cyprus Consumer Center for Alternative Dispute Resolution, (ii) Cyprus Technical Chamber (ETEK) Alternative Dispute Resolution Centre (ETEK ADR Centre) (iii) Interdisciplinary Centre for Law, Alternative and Innovative Methods (ICLAIM) and (iv) the Office of the Commissioner of Electronic Communications and Postal Regulation.

5.3  ODR for Consumers in Greece In Greece, an important and total reform of the mediation law in civil and commercial disputes took place in January of 2018. The (new) mediation Law 4512/17.01.2018 has substantially amended the previous law in force (3898/2010).74 Articles 178–206 of the law regulate the new mediation landscape. In the mediation law of 2018 in Greece, there are provisions (Article 182) that introduce compulsory mediation on seven categories of private law disputes,75 as a pre-trial procedural condition before the court’s hearing (condition of admissibility of the hearing). Failure to engage in a mediation “attempt” is sanctioned with inadmissibility of the hearing proceedings. The attorney-at-law of the claimant is required to inform the party about the possibility or the obligation to resort to mediation. Regardless of the result, a respective document signed by the party and the attorney-at-law must be submitted to the court, otherwise the latter will not enter into the merits of the hearing of this dispute and a reopening of the case will be ordered. The reform of mediation legislation in Greece and especially the fact that attorneys-­at-law are compelled by the law to inform in writing their clients about mediation and promote mediation as an ADR mechanism before filling any sort of legal action, as well as the provisions on the compulsory pre trial mediation in specific categories of disputes, aims to promote and establish mediation in the Greek legal system and that way to reduce delays in the court system; moreover, to harmo See: http://www.consumer.gov.cy/mcit/cyco/cyconsumer.nsf/All/763E35ABFEF8EC1CC22582 D4004539AD?OpenDocument. 73  See https://ec.europa.eu/consumers/odr/main/?event=main.adr.show2. 74  Law 3898/2010 titled “Mediation in civil and commercial matters” implemented in Greece the Directive 2008/52/EC of the European Parliament and the Council of 21 May 2008 on certain aspects of mediation in civil and commercial matters. On the mediation landscape in Greece under Law 3898/2010, see in detail, Diamantopoulos and Koumpli (2015), pp. 313–343 and Theocharis (2015). 75  The provisions of the new mediation law on the compulsory pre-trial mediation will take effect in 17.10.2018 in Greece. 72

17  Alternative Dispute Resolution (ADR) & Online Dispute Resolution (ODR) for EU…

389

nise more with the European Mediation Directive. The Greek legislator is trying actually to put into force in Greece the “Italian mediation model” on compulsory mediation, which has shown successful results so far.76 The provisions of the mediation Law 4512 of 2018 for compulsory pretrial mediation was about to come into force in Greece as of 17 October 2018, but a more recent law (No 4566/2018) was enacted and delayed these provisions from taking effect until September 2019. This legislative development was actually a result of an opinion of the Administrative Plenary Session of the Supreme Court of Greece (No 34/2018) on the mandatory recourse to mediation in which it was stipulated that compulsory mediation as a pretrial condition is not compatible with specific provisions of the Greek Constitution and EU Law.77 More specifically, that the above law’s provision for compulsory mediation is in violation of the right of access to justice, since mandatory mediation comes at a cost which is deemed excessive.78 The legislative framework of ODR for consumer disputes in Greece is based on the EU Directive 2013/11/ΕΕ, the EU Regulation 524/2013,79 the 2012/1051 Regulation and a joint decision of the Ministries of Economy and Justice, No 70330/9.7.201580 regarding arrangements on the adoption in the Greek legal order of the EU Directive 2013/11/EU on alternative dispute resolution for consumer disputes and the adoption of additional national measures implementing EU Regulation 524/2013 on the online resolution of consumer disputes. The EU ODR platform has officially begun to resolve its first cases in Greece. Α consumer who buys online purchases can now file his complaint via the platform regarding any trader based in the European Union. In this way, the consumer and the trader may resolve their dispute out of court via an approved resolution ADR entity registered in the Register of Bodies of the Ministry of Development and notified to the European Commission. As an example in one case, a consumer from Spain bought online books from a large Greek publishing house. The delivery of the products was delayed and the  See further analysis and statistics on the Italian model at Giovanni (2017).  See further, Review of Civil Procedure, Volume 3/2018, Sakkoulas Publications, pp. 287–325 with comments by Assistant Professor Giannopoulos P., pp.  325–330 (in Greek), Journal Arbitration & Mediation and other ADR Methods, Volume 1/2018, Nomiki Bibliothiki S.A., pp. 99–131 (in Greek) with comments by Judge of the Supreme Court Loverdos D., pp. 131–132 and the Memo of the Plenary Session of the Presidents of the Bar Associations of Greece to the Administrative Plenary Session of the Supreme Court of Greece, (28.06.2018), available at: www. dsa.gr%2Fsites%2Fdefault%2Ffiles%2Fnews%2Fattached%2Fdiamesolavisi-ypomnimashe dio_2_28.6.2018. 78  Regarding the relationship of compulsory mediation and EU law, see the CJEE’S decision on case C-75/16 Livio Menini and Maria Antonia Rampanelli v. Banco Popolare Società Cooperativ, https://curia.europa.eu/jcms/upload/docs/application/pdf/2017-06/cp170062en.pdf. 79  The above EU Directive and Regulation provide for two basic obligations for e shops: (a) to provide a link on their website (https://webgate.ec.europa.eu/odr), to inform consumers and (b) to provide the address of their email in order any consumer complaints to be able to be sent to the traders via the EU platform. 80  See Komnios (2016), p.  244, https://www.lawspot.gr/nomikes-plirofories/nomothesia/koiniypoyrgiki-apofasi-70330oik-972015 (in Greek). 76 77

390

A. Plevri

consumer refused to receive the books. The trader attributed the delay to the Spanish post office, which delayed delivery. This delay forced the consumer to buy the books from another supplier. The consumer did not accept the reason for the delay of the Spanish post office and demanded a full refund of the money he has paid to the Greek trader. The latest offered a discount on the value of the products, which the consumer refused on the basis that he had already bought other books. With the intervention of was appointed by an ADR entity, the trader agreed to return the money. In addition, the cost of the post expenses was shared by the two parties.81 In another case, a consumer from Luxembourg complained about a car that he rented online from a supplier in Greece. The EU ODR platform sent the complaint to the competent ADR body in Greece. The dispute was settled within 60 days. The supplier refunded the full amount to the consumer.82 In Greece, the accredited (according to the provisions of the EU Directive) so far ADR entities connected to the EU ODR platform are four: (i) the Independent Authority “Consumer’s Ombudsman” on all commercial sectors,83 (ii) the Mediator for Banking-Investment Services on the financial services industry, (iii) the ADR POINT IKE84—Center of Alternative Dispute Resolution on all commercial sectors, with the exception of the categories explicitly mentioned in Art. 2 par. 2 of the Joint Ministerial Decision and (iv) the European Institute for Conflict Resolution85 on all commercial sectors, with the exception of the categories explicitly mentioned in Art. 2 par. 2 of the Joint Ministerial Decision.

6  Conclusion The legislative framework of ADR and that of ODR in the EU and in Cyprus, as well as the connection of ADR-ODR to consumer disputes and its opportunities especially in comparison to the ordinary judicial proceedings were analysed in the above chapters. A synopsis of the advantages of the ODR process as and ADR method for the consumers could include the following: Firstly, the parties can anticipate a resolution of their dispute within 90 days and complete all formalities through the web, by using the EU ODR platform. Secondly, the parties and their  http://www.opemed.gr/?p=2923 (in Greek).  Another example: https://www.lawspot.gr/nomika-nea/epityhis-diamesolavisi-meso-tis-platformas-ilektronikis-epilysis-diaforon-tis-ee-kai (in Greek). 83  The Independent Authority of the “Consumer’s Ombudsman” has joined the EU ADR platform since 15 February 2016 and achieved the electronic resolution of all disputes transmitted through it, with an average resolution time of 48 days (under the regulation there is a period of 90 days for this process). 75% of complaints were domestic and 25% were cross-border. The European Consumer Center of Greece as a contact point, answered 72 questions coming from consumers and suppliers, most of which concerned e-shop obligations and the online mediation process (average response time of 3.66 days). Source: synigoroskatanaloti.gr. 84  https://www.adrpoint.gr/ (in Greek). 85  http://www.europeanresolution.com/en/european-institute-for-conflict-resolution/. 81 82

17  Alternative Dispute Resolution (ADR) & Online Dispute Resolution (ODR) for EU…

391

lawyers are not obliged to be actually present during the process. Thirdly, the parties are in full knowledge of the process. The policies, practice, rules and regulations are available online in all EU official languages and transparency is achieved to its maximum. Lastly, the parties are not dependent on any international jurisdiction rules, they can select any lawyer they wish to, irrespectively of his/her place of origin and the place that (s)he practices the profession so they are saved from extra legal fees, necessary for litigation abroad. It is also of high importance, especially in terms of time and cost efficiency that there are no remedies and there is no right to appeal, etc.

References ADR and Civil Justice, CJC ADR Working Group Final Report, November 2018, Section 3: Τhe types of ADR available, 3.6. Available at: https://www.judiciary.uk/announcements/ new-report-on-alternative-dispute-resolution/ Aubrey-Johnson K, Curtis H (2012) Making mediation work for you, a practical handbook. Legal Action Group, London Civil Justice Council, ADR Working Group, ADR and Civil Justice (Interim Report, October 2017), 15–16 and for Overseas 41–48. https://www.judiciary.gov.uk/wp-content/uploads/2017/10/ interim-report-future-role-of-adr-in-civil-justice-20171017.pdf Diamantopoulos G, Koumpli V (2015) Mediation: the Greek ADR journey through time. In: Esplugues C, Marquis L (eds) New developments in civil and commercial mediation. Ius Comparatum - global studies in comparative law, vol 6. Springer, Cham, pp 313–343 Emilianides A, Charalampides N (2014) Cyprus. In: Esplugues C et al (eds) Civil and commercial mediation in Europe, vol II. Intersentia, Antwerp, pp 103–123 Emilianides A, Xenofontos X (2012) Mediation in Cyprus. In: Esplugues C, Iglesias JL, Palao G (eds) Civil and commercial mediation in Europe: national mediation rules and procedures. Ιntersentia, Cambridge, pp 92–94 Georgiades A (2012) Cyprus. In: De Palo G, Trevor M (eds) EU mediation law and practice. Οxford University Press, Oxford Georgiades A (2014) In: Schonewille M, Schonewille F (eds) The variegated landscape of mediation. Eleven International Publishing, The Hague Giovanni M (2017) Civil mediation how to kick start it: the Italian Experience. The relevance of training. http://www.academia.edu/35125411/ADR_Matteucci_2017.10.30_Civil_mediation_ how_to_kick-start_it_the_Italian_experience._The_relevance_of_training and http://www. altalex.eu/content/civil-mediation-how-kick-start-it-italian-experience Hatzimihail N (2013) Cyprus as a mixed legal system. J Civ Law Stud 6(1). http://digitalcommons. law.lsu.edu/jcls/vol6/iss1/3 Hopt K, Steffek F (eds) (2013) Mediation. Principles and regulation in comparative perspective, 1st edn. Oxford University Press, Oxford Jeretina U, Uzelac A (2014) Alternative dispute resolution for consumer cases: are divergences an obstacle to effective access to justice? Mednarodna revija za javno upravo XII(4):39–72 Kaisis A (2018) The award of justice in years of alternative dispute resolution and disruptive technologies, Law without borders, Τhessaloniki, 2days Conference in honor of the Honorary Professor Athanasios Kaisis, Sakkoulas Publication (in Greek) Komnios K (2016) The implementation of the consumer ADR directive in Greece. J Eur Consum Mark Law (EuCML) (6):244–249 Levitt R (2017) Compulsory mediation edges closer after Civil Justice Council report, October 23, 2017. https://www.linkedin.com/pulse/compulsory-mediation-edges-closerafter-civil-justice-roger-levitt/?trk=v-feed

392

A. Plevri

Plevri A (2018) Mediation in Cyprus: theory without practice, Cyprus Review, Spring 2018, vol 30, number 1. Published by the University of Nicosia Report (2017) from the Commission to the European Parliament and the Council on the functioning of the European Online Dispute Resolution platform established under Regulation (EU) No 524/2013 on online dispute resolution for consumer disputes. https://ec.europa.eu/info/sites/ info/files/first_report_on_the_functioning_of_the_odr_platform.pdf Report (2017) on the implementation of Directive 2008/52/EC of the European Parliament and of the Council of 21 May 2008 on certain aspects of mediation in civil and commercial matters (the ‘Mediation Directive’), of the Committee on Legal Affairs of the EU.  Rapporteur: Kostas Chrysogonos. http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP// TEXT+REPORT+A8-2017-0238+0+DOC+XML+V0//EN#title1 Report of the ICC Commission on Arbitration and ADR on Information Technology in International Arbitration. https://iccwbo.org/publication/information-technology-international-arbitrationreport-icc-commission-arbitration-adr/ Rewald R (2014) Mediation in Europe: the most misunderstood method of alternative dispute resolution, World Arbitration Report, New York City: Weil, Gotshal & Manges LLP, Spring 2014, 14. Available at: https://www.weil.com/~/media/files/pdfs/WWAR_Newsletter_Spring2014. pdf Tang S (2014) Mediation in China. http://www.adrmaremma.it/english/tang01.pdf Theocharis D (2015) Mediation as an alternative dispute resolution method. Analysis of law 3898/2010. Nomiki Bibliothiki Publishers (in Greek) Tymowski J (2016) The Mediation Directive, European Implementation Assessment, in-depth analysis. European Parliamentary Research Service, Brussels. Available at: http://www. europarl.europa.eu/thinktank/en/document.html?reference=EPRS_IDA(2016)593789 Walker S (2016) Setting up a business as a mediator. Bloomsbury Professional Walker S (2017a) Mediation advocacy: representing clients in mediation. Bloomsbury Professional Walker S (2017b) FAQs for mediators. Bloomsbury Professional