In Scarlet Extended SA v Société belge des auteurs, compositeurs et éditeurs SCRL C-70/10 24 November 2011, the Court of Justice of the European Union found that imposing an injunction on an internet service provider (ISP) requiring it to install a filtering system to prevent illegal downloading is unlawful under European law. To impose such a system would breach the ISP’s fundamental right to freedom to conduct business. Further, it would infringe the rights of its customers to the protection of their personal data and the freedom to receive or impart information.
The Belgian collecting society, Société belge des auteurs, compositeurs et éditeurs (SABAM), originally brought proceedings against Scarlet Extended SA, an ISP, for copyright infringement. SABAM alleged Scarlet had allowed users to download, via peer to peer (P2P) networks, works within SABAM’s catalogue without authorisation and without paying royalties.
The Belgian Tribunal de Première Instance ordered Scarlet to install blocking or filtering technologies to make it impossible for users to share files containing musical works contained within SABAM’s catalogue. Scarlet appealed to the Belgian Court of Appeal, claiming that it was impossible for it to comply with the injunction because the effectiveness and permanence of filtering and blocking systems had not been proved, and the installation of the equipment for so doing was faced with numerous practical obstacles, such as problems with network capacity and the impact on the network. Further, any attempt to block files was, Scarlet argued, doomed to fail in the very short term because there were, at that time, several P2P software products that made it impossible for third parties to check their content.
Scarlet also claimed that the injunction was contrary to Article 15 of the E-commerce Directive (2000/31/EC) because it would impose on Scarlet a general obligation to monitor communications on its network, inasmuch as any system for blocking or filtering P2P traffic would necessarily require general surveillance of all the communications passing through its network.
Finally, Scarlet argued that the installation of a filtering system would be in breach of EU law on the protection of personal data and the secrecy of communications, since such filtering would involve the processing of IP addresses, which constitute personal data.
The Belgian Court of Appeal made a reference to the CJEU asking whether EU law, including EU law on applicable fundamental rights, permitted Member States to authorise a national court to order an ISP to install, as a preventative measure, exclusively at its expense and for an unlimited period, a system for filtering all of its customers’ electronic communications in order to identify illegal file downloads.
In May 2011, Advocate General Pedro Cruz Villalón opined that imposing such an order on ISPs infringed the Charter of Fundamental Rights of the European Union, and that any such order would only be permissible if adopted on a national legal basis and it was “accessible, clear and predictable”.
The E-commerce Directive
The CJEU found that national law may not affect the provisions of the E-commerce Directive, more specifically, Articles 12 to 15. Consequently, national law must, in particular, respect Article 15(1), which, in the words of the CJEU, “prohibits national authorities from adopting measures which would require an ISP to carry out general monitoring of the information that it transmits on its network”.
The CJEU noted also that European case law has already ruled that the prohibition in Article 15(1) applies in particular to national measures that would require an intermediary provider, such as an ISP, actively to monitor all the data of each of its customers in order to prevent any future infringement of IP rights. Further, such a general monitoring obligation would be incompatible with Article 3 of the IP Enforcement Directive (2004/48/EC), which states that the measures referred to by the Directive must be fair and proportionate and must not be excessively costly (see LOréal v eBay C-324/09).
Looking at exactly what Scarlet would be required to do to comply with the injunction, the CJEU found that, on the facts, the ISP would effectively have to undertake active observation of all electronic communications conducted on its network, which would encompass all information transmitted and all customers using the network. This would amount to general monitoring, which is prohibited by Article 15(1).
The CJEU noted that the protection of the right to IP is enshrined in Article 17(2) of the Charter of Fundamental Rights. However, that provision did not state, nor was there any case law on the point, that the right was inviolable and must be absolutely protected. It must, therefore be balanced against the protection of other fundamental rights. As was found in Promusicae  C-275/06 ECR I-27, national authorities and national courts must strike a fair balance between the protection of copyright and the protection of the fundamental rights of individuals affected by such measures. In Scarlet v SABAM, a balance had to be struck between the rights of the copyright holders and the freedom to conduct a business pursuant to Article 16 of the Charter.
Accordingly, an injunction that required the monitoring of all electronic communications made through Scarlet’s network, with no limitation in time, directed at all infringements, and intended to protect not only existing works, but also future works, “Would result in a serious infringement of the freedom of the ISP concerned to conduct its business since it would require that ISP to install a complicated, costly, permanent computer system at its own expense…”. This would be contrary to Article 3(1) of the IP Enforcement Directive, which requires that measures to ensure the protection of IP rights should not be unnecessarily complicated or costly. Accordingly, the injunction would not strike the required fair balance.
The CJEU noted also that the effects of such an injunction would not be limited to just Scarlet. It would also affect the fundamental rights of its customers, namely their right to protection of their personal data and their freedom to receive or impart information as provided by Articles 8 and 11 of the Charter respectively.
Complying with the injunction would involve Scarlet undertaking a systematic analysis of all content and the collection and identification of users’ IP addresses from which unlawful content on the network is sent. IP addresses are protected personal data because they allow users to be identified.
The injunction would also, the CJEU held, potentially undermine freedom of information as the system might not distinguish adequately between unlawful and lawful content, which might result in lawful communications being blocked. The question of whether a communication is lawful or not was also subject to national copyright laws, which differed from one Member State to another, meaning that it was even more difficult to decide what was and was not lawful.
Therefore, imposing the injunction requiring Scarlet to install a filtering system on its network would not be respecting the requirement that a fair balance be struck between, on one hand, the right to IP protection, and on the other, the freedom to conduct business, the right to protection of personal data, and the freedom to receive or impart information.