The case of Productores de Música de España (Promusicae) v Telefónica de España SAU was a reference for a preliminary ruling by the Juzgado de lo Mercantil No 5 de Madrid (Commercial Court No.5). Promusicae is a not-for-profit organisation that represents producers and publishers of musical and audiovisual recordings. Telefónica is a Spanish internet service provider (ISP). Promusicae’s application sought the disclosure of the identities and physical addresses of certain individuals who had allegedly infringed Promusicae’s copyrights by providing access through KaZaA to computer files containing the copyrighted works. Telefónica was being pursued as it was the ISP that was in possession of the dates and times of the infringing access and the addresses of the alleged infringers. Promusicae claimed that the users of the peer-to-peer network were engaging in unfair competition and infringing intellectual property rights. It therefore sought disclosure of the information in order to be able to bring civil proceedings against the persons concerned.

At first instance, the Commercial Court ordered the preliminary measures requested by Promusicae. On appeal, the Court stayed the proceedings and made a reference to the European Court of Justice (ECJ), asking whether Community law, specifically Articles 15(2) and 18 of Directive 2000/31 (ECommerce Directive), Articles 8(1), (2) of Directive 2001/29 (Directive on the Harmonisation of certain aspects of copyright and related rights in the information society), Article 8 of Directive 2004/48 (Enforcement of the Enforcement of Intellectual Property Rights) and Articles 17(2) and 47 of the Charter of Fundamental Rights of the European Union permit Member States to limit the duty of the relevant parties to retain and make available connection and traffic data generated by communications established during the supply of an information society service, to cases of criminal (not civil) investigation. The “relevant parties” under debate were: i) operators of electronic communications networks and services; ii) providers of access to telecommunications networks; and iii) providers of data storage services.

The ECJ reformulated the question as follows: whether Community law, in particular Directives 2000/31, 2001/29 and 2004/48, read in the light of Articles 17 and 47 of the Charter, must be interpreted as requiring Member States to lay down an obligation to communicate personal data in the context of civil proceedings in order to ensure effective protection of copyright.

By way of preliminary observations, the ECJ noted that, in spite of the fact that the question raised by the Commercial Court was limited to the interpretation of the specified Directives and the Charter, the ECJ could provide this national court with all the elements of interpretation of Community law that might be useful in deciding the case.

The ECJ further examined Article 12 of the Spanish Law 34/2002 on information society services and electronic commerce. This provision formed the premise for the Commercial Court’s argument that Community law obligations requiring the effective protection of industrial property, in particular copyrights, may be restricted by Article 12. The ECJ observed that, by transposing the provisions of Directive 2000/31 into domestic law, it was common ground that Article 12 was intended to implement the rules for the protection of private life, which was also required by Community law under Directive 95/46 (Directive on the protection of personal data) and Directive 2002/58 (Directive on privacy and electronic communications). Directive 2002/58 concerned the processing of personal data and the protection of privacy in the electronic communications sector, which was the issue under debate in the main proceedings. Reading the provisions of these two Directives, the ECJ found that the communication of information sought by Promusicae constituted the processing of personal data that fell within the scope of Directive 2002/58. Such an interpretation gave rise to the following issues:

1. Whether Directive 2002/58 prevented Member States from enacting an obligation to communicate personal data, which would enable the copyright holder to bring civil proceedings based on the existence of that right;

2. If that was not the case, whether it could be directly construed from Directives 2000/31, 2001/29 and 2004/48 that Member States were required to lay down such an obligation;

3. If that was not the case either, do other Community laws require a different reading of the three Directives.

To answer the first question, the ECJ looked at Articles 5(1) and 15(1) of Directive 2002/58. Article 5(1) requires Member States to ensure the confidentiality of communications and related traffic data in an electronic environment. It also prohibits the storage of that data by persons other than users, without the consent of the users. The only exception was found in Article 15(1) of Directive 2002/58, which allows Member States to restrict the scope of Article 5(1). This restriction is permitted when it constitutes a necessary, appropriate and proportionate measure to safeguard national security, defence, public security, and the prevention, investigation, detection and prosecution of criminal offences or of unauthorised use of the electronic communications system. The ECJ concluded that none of the exceptions were related to situations that called for the bringing of civil proceedings so the Directive did not preclude the possibility of Member States enacting an obligation to disclose personal data in the context of civil proceedings.

As Article 15(1) did not compel Member States to enact such an obligation, it was necessary to answer the second question. According to the ECJ, the relevant provisions of Directive 2000/31, Directive 2001/29 and Directive 2004/48 did not oblige Member States to communicate personal data in civil proceedings. Moreover, neither did the enforcement provisions under the Trade Related Aspects of Intellectual Property Rights (TRIPS) Agreement create a similar obligation. Articles 17 and 47 of the Charter provide for the protection of the right to property (including intellectual property) and the right to an effective remedy, respectively. In addition, the extant case involved safeguarding the right to protection of personal data and, consequently, of private life. Thus, the case pitted fundamental rights to privacy against rights to the protection of property and to effective remedies. All these fundamental rights needed to be reconciled. In considering these provisions, the ECJ answered the second question in the negative.

The ECJ’s final ruling was that Directives 2000/31, 2001/29, 2004/48 and 2002/58 did not oblige Member States to communicate personal data to ensure effective copyright protection in civil proceedings. However, Community law mandates that the interpretation of the transposition of the Directives into national law should strike a fair balance between the various fundamental rights protected by the Community legal order. Further, when implementing the measures in those Directives, Member States were not only required to interpret their national law in a manner consistent with those Directives, but also had to rely on such interpretations that would not conflict with those fundamental rights or with the other general principles of Community law, for example, the principle of proportionality.

This decision deals with the opposing rights of privacy and intellectual property and highlights the divergence in position between the United States and the European Union in relation to ISP liability. This ruling is pro-ISPs as it reaffirms the principle established by the e-commerce, copyright and data protection Directives that ISPs are intermediaries that cannot be obliged to take responsibility for online infringement. By doing so, it furthers the cause of ISP self-regulation rather than legislation to combat such online infringement. It also strengthens the case for privacy rights in Europe as it suggests that, in the short term, the content industry in Europe may, unlike in the United States, be less inclined to pursue individual copyright infringement lawsuits.

For the copyright holders, on one hand the decision is detrimental as it clarifies that there is a lack of harmonisation in Community law in relation to the interplay between the right to privacy and intellectual property rights. On the other hand, it leaves open the possibility that individual nations could pass laws that compel ISPs to reveal personal data in civil cases, but the decision as to whether such laws are necessary is left to the discretion of national governments.

A likely consequence of the decision may be the tightening of technological protection measures and accelerating efforts to increase the liability of ISPs by the content industry. Taking a cue from the recently adopted French Olivennes proposal of November 2007, instead of focusing on individual internet users, major copyright owners are likely to put greater pressure on ISPs to filter and monitor their networks for copyright infringing materials and block protocols and terminate subscribers’ internet connections in cases of repeated infringement through file sharing networks. It may also increase pressure on the European Union to adopt a scheme to impose criminal sanctions to ensure that intellectual property right infringement is treated as a criminal offence for the purposes of effective copyright enforcement.