In his Opinion of April 2, 2020, the Advocate General Saumandsgaard Øe, in the Constantin Film v. YouTube case, C-264/19 pending before the Court of Justice, stated that YouTube and Google are not required to provide the email and IP address information belonging to a user who is infringing intellectual property rights under the Enforcement Directive.
The preliminary question arises in the context of a dispute between Constantin Film Verleih GmbH, a German film distributor, and the US companies YouTube LLC and Google Inc. and concerns the refusal of the latter to provide Constantin Film Verleih with information relating to users who have published several films on the internet infringing its exclusive exploitation rights and, in particular, e-mail addresses, telephone numbers and IP addresses pertaining to those users.
The Bundesgerichtshof (Federal Court of Justice, Germany) inquired the Court of Justice whether such information falls within the scope of Article 8, par. 2, lett. a of Directive 2004/48/EC (2), better known as the Enforcement Directive, under which the competent judicial authority may order the disclosure of the “name and address” of certain categories of individuals linked to goods or services infringing an intellectual property right.
Pursuant to the conclusions of Advocate General Henrik Saugmandsgaard Øe, rendered on April 2, 2020, the concepts of "name and address" must be defined in accordance with their common meaning in current language, taking into account the context in which they are used and the aims pursued by the relevant legislation. In detail, the notion "address" would concern only the postal address and not also the telephone number, e-mail address and IP address. Such an interpretation is supported by the fact that, when the EU legislator wanted to refer to the email address or IP address, it did so explicitly, by supplementing the term “address” with the suffixes “email” and “IP”. There is no example of a Union legislative act in which the terms “name and address”, used alone and in a general context, would refer to the telephone number, IP address or e-mail address.
Nor is it possible, according to the conclusions referred to, to interpret that provision 'dynamically' or teleologically, considering that the terms used in Article 8(2)(a) of Directive 2004/48 do not offer sufficient scope for such an interpretation to include the information referred to in the preliminary questions.
In conclusion, the Advocate General made it clear that, although it is indisputable that the Enforcement Directive aims to ensure a high level of protection of intellectual property in the internal market, there is no rule or judgment of the Court which has established that the intellectual property right is intangible and that its protection must therefore be absolutely guaranteed: the interpretation proposed by Constantin Film Verleih would therefore unjustifiably increase the level of protection of intellectual property in the internal market and would call into question, in a way which is favorable to the interests of IP rights holders, the balance established by the Union legislator between precisely intellectual property rights and the interests and fundamental rights of users of protected material, including the right to privacy.
The final decision of the Court, which may not even be in line with the conclusions of the Advocate General, is therefore highly expected, given that access to personal data of users guilty of infringements of intellectual and industrial property rights has long been the subject of discussion.
In our legal system, the ostentation of the data of the authors of the unlawful conduct is in itself admissible: articles 156bis and 156ter l. 633/1941, introduced precisely following the implementation of the Enforcement Directive, in fact expressly provide for the possibility for the holder of the rights to request an order of discovery of the data of the infringers (in particular art. 156bis provides, among other things, that the party has provided serious elements from which it may reasonably be inferred that its claims are well-founded and that the judge may order the other party to provide the elements for the identification of the persons involved in the production and distribution of the products or services that constitute an infringement of the rights under this law). The court's order may or may not be subject to special confidentiality protection measures.
In Italy, the issue was addressed in 2008 in relation to data collected and processed by Telecoms in relation to P2P users. After the granting of initial precautionary disclosure orders by the Court of Rome, the courts have radically changed and have ruled in the sense of a total closure with respect to access to users' IP addresses, also as a result of the position taken by the Guarantor for the Protection of Personal Data, which intervened directly in some judgments supporting the nature of traffic data of such IP addresses (see the well-known Peppermint case).
However, this issue came up again some years later, in 2015, in relation to data collected and processed by online platforms. The Court of Turin, commercial division, by order of June 3, 2015 in the case “Delta TV Programs v Dailymotion”, ordered the video sharing platform to provide the rights holder with the data in its possession useful to identify those responsible for infringements committed by uploading files of protected works, thus balancing the rights and stating that "Community law does not require Member States to establish an obligation to communicate personal data in order to ensure the effective protection of copyright in the context of civil proceedings, but neither does it prohibit it".
This line had already been outlined by the Tribunal de Grand Instance of Strasbourg which, on January 21, 2015, ordered four of the main service providers to provide an anti-piracy association with “the identity, postal address, e-mail address of the persons holding the IP addresses listed in the minutes”.
Moreover, the Italian Supreme Court itself, with sentence no. 7783 of April 3, 2014, had stated that the interest in the confidentiality of personal data should yield to the defence needs of other legally relevant interests, including the exercise of the right of defence in court, provided that the request was relevant to the defence and not exceeding its purpose.
More recently, in 2019, the Court of Milan, commercial division, during a series of proceedings instituted by the rights holders against hosting providers aimed at obtaining an injunction against access by the recipients of their services to IP addresses and domain names relating to IPTV that transmitted Serie A Football Championship content without authorization, expressly ordered some hosting providers to provide the holder of the rights with all the information in their possession that would allow the identification of the recipients of their services with which they had data storage agreements, with regard to IPTV services subject to trial, such as name, surname, date of birth, place of birth and address of residence, tax code, or name and registered office and identification number for tax purposes or registration in the commercial register, or similar, in the case of a legal entity (however, with regard to companies, the issue of data protection does not arise).
In the same view, it is also worth noting that the Court of Rome, issued on March 13, 2019, ordered the defendant, as an information service provider, to provide the applicant, the holder of the rights, with the requested identification data in its availability to identify the operators of portals broadcasting illegal content, specifying that such order was necessary to ensure effective protection of its copyright.
Recent measures in Milan and Rome, among other things, have not made the disclosure of data subject to any security measures.
Finally, it should be recalled that at the EU level there is a guideline stating that, in balancing between copyright protection and data privacy protection, data should be allowed to be disclosed when the rightholder has no alternative means of protection (judgment of the Court of Justice of October 18, 2018 in Case C-149/17 Bastei Lübbe GmbH & Co. KG v. Michael Strotze). In this case, the European Court of Justice has established that the holder of an internet connection that can be used by several members of the same family, through which copyright infringements have been committed by means of file sharing, cannot avoid communicating who has actually committed the infringement by simply enclosing the fundamental right to respect for private and family life, the protection of which falls under Article 7 ECHR, if the consequence is the total deprivation of any means of appeal in favour of the copyright holder.
In the light of the case-law mentioned above, the Advocate General's conclusions are therefore excessively formalistic. Indeed, it is questionable whether the common meaning of "address" is solely that of physical address and not also that of electronic address. If it is true that the Dictionnaire de l'Académie française cited in the opinion herein discussed defines the address as "the designation of the place where one can reach someone", it is also true that according to our Treccani the "address" is, among other things, "the set of alphanumeric data through which it is possible to send an email to a person". Moreover, in the digital age in which we find ourselves, it is also reasonable to believe that in fact the place where a person can be reached may also be determined by the email address and IP address.
It is consequently expected that the decision of the Court of Justice will deviate, at least in part, from the rigid conclusions of the Advocate General, and that the rights holders will thus be able to obtain as much information as possible in order to identify the persons who have committed violations, in compliance with the protection of personal data and therefore in a relevant manner and not exceeding the purpose of the right of defence.