Can the personal data of infringers be disclosed to Intellectual Property Owners?

Bonnier Audio AB, a Swedish publisher of audiobooks, claimed before the Court of Solna (Sweden) that the Swedish Internet Service Provider, E-phone, should be obligated to report to Bonnier Audio AB, the name and address of its clients, who made protected audiobooks available through the use of a file-sharing program.

The Court of Solna had allowed this particular claim, despite E-phone’s defense, which stated that the request violates the Data Retention Directive (2006/24).

Subsequently, E-phone lodged appeal and demanded the rejection of the request for disclosure of personal data. The latter also asked that a prejudicial question would be formulated to the European Court of Justice concerning the interpretation of the Data Retention Directive. More specifically, it should be asked whether the Data Retention Directive (2006/24) contravenes the fact that a civil party would be compelled to disclose personal data of a subscriber to a third party, other than a public authority.

The Court of Appeal rejected the order for disclosure of personal data of one of E-phone’s clients, given that there was no substantial proof of any copyright infringement.

Bonnier Audio AB contested this decision before the High Court, who asked in return a prejudicial question to the European Court of justice, namely, whether the Data Retention Directive (2006/24), which provides that the stored personal data can only be disclosed to the competent public authorities in particular circumstances and in accordance with the national legislation, conflicts with the application of the Enforcement Directive (2004/48), by which, during a civil procedure, an Internet Service Provider can be obligated to disclose information to an Intellectual Property Owner concerning its clients, for the purpose of identifying the latter, to whom the Internet Service Provider has allocated an IP address, which has been used to violate copyrights.

On April 19th 2012, the European Court of Justice held that the provisions set out by the Enforcement Directive (2004/48) pursue another goal than those embedded in the Data Retention Directive (2006/24). The Data Retention Directive (2006/24) on the one hand, aims to harmonize the national legislation of the member states, by which the obligation is imposed on the Internet Service Providers to store the personal data of their clients for the pursuit of serious crimes. The dispositions of the Enforcement Directive (2004/48) on the other hand provide the possibility to disclose data to Intellectual Property Right Owners during a civil procedure in order to help determine the infringements committed on intellectual property rights, and thus fall outside the scope of the Data Retention Directive (2006/24).

Concerning the claims of civil parties regarding violations of intellection property rights, it is important to note that neither the Directive concerning Privacy and Electronic Communication (2002/58), nor the Data Retention Directive (2006/24) anticipates the possibility or the obligation to store or use personal data for such purposes.

Hence, the Court confirmed that the Enforcement Directive (2004/48) and the Directive concerning Privacy and Electronic Communication (2002/58) has to be interpreted that it does not conflict with national legislation resulting from the Enforcement Directive (2004/48), as far as (1) clear evidence of an infringement of intellectual property is being submitted, (2) the requested data can facilitate the investigation of an infringement on copyrights, and (3) the importance of the reasons for this order outweighs the inconveniences and disadvantages, or any other conflicting interests for that matter, suffered by the one who is the subject of the order.

In other words, personal data on the one hand and intellectual property rights on the other hand, should enjoy the same protection. Intellectual Property Right Owners cannot be favoured, by allowing them to use personal data, which is stored legitimately for purposes with no connection to the protection of their rights. The collection and the use of data for the protection of intellectual property rights does have to occur with the utter most respect to the Union law on the field of the protection of personal data. Serious proof of an infringement of an intellectual property right must be present and the conflicting interests of both parties have to be assessed, bearing the proportionality principle in mind.

Since the amendment of the law of May 9th 2007, the Belgian patent law and the Belgian copyright law renders already a provision, which explicitly foresees in the possibility to request an order for disclosure to an intermediary. The parliamentary work stresses out that the order for disclosure of information can only be allowed in so far as the measure seems justified and reasonable and only if the judge has determined the existence of a prior infringement.

It seems that the concerns of the Court have been met.