|
|
Home
| Databases
| WorldLII
| Search
| Feedback
University of New South Wales Law Journal Student Series |
THE RIGHT TO PRIVACY TO COUNTERBALANCE ONLINE COPYRIGHT OVER-ENFORCEMENT
RADHA PULL TER GUNNE[1]
The internet has significantly grown and changed over the last years and this includes the types of intermediaries which are active in the online environment. An example is content hosting intermediaries. The majority of internet users use social media and other content hosting websites daily. Facebook, Instagram, LinkedIn, Youtube, Vimeo and TikTok are used to keep in touch with friends, share personal anecdotes, voice opinions, start discussions on various topics and even raise awareness. Look at, for instance, the influence social media had on the Body Positivity[2] and Black Lives Matters[3] movements. These types of intermediaries, those that host content, will be the subject of this essay due to the changes in the regulatory framework governing their liability. Further, this essay focusses on the two main players with regards to creating an intermediary liability framework, which are the European Union (EU) and the United States (US). Both frameworks are analysed because the internet is not restricted by territorial boundaries and the frameworks created have effects globally. In the EU the new Digital Single Market Directive[4] brings substantial changes to the intermediary liability framework. In the US, proposals to move from a Notice-And-Take-Down to a Notice-And-Stay-Down regime in combination with ‘voluntary agreements’ leads to a similar change in intermediary liability framework. However, this essay will take a slightly different approach to discussing this topic by involving the right to privacy.
The literature on the emerging intermediary liability frameworks is diverse[5] and so is the literature on interpreting privacy.[6] Further, other authors have sought to combine the theory of intellectual property law and privacy law in a variety of ways, for instance through a comparison by interpreting them both as a way to control information,[7] or by analysing intellectual property enforcement instruments and how they are diminishing the right to privacy.[8] However, this essay takes another angle and uses the right to privacy as a measure to counter the over-enforcement of copyright. This essay aims to contribute to the literature by not only including the latest developments of intermediary liability from a regulatory framework, it additionally aims to illustrate that the trend of imposing responsibility on intermediaries instead of just having an intermediary liability framework leads to a system of surveillance. Regulatory frameworks that impose an obligation on private companies to monitor user’s behaviour online is not novel as was seen with legislation obliging telecom providers to retain the information of its users.[9] A situation of symbiosis has developed between the government and private companies where the private companies are tasked to conduct surveillance. This means surveillance cannot be analysed as merely limited to the government.[10] Surveillance is known to have a chilling effect on individuals and will additionally lead to the curtailment of freedom of speech.
Secondly, this essay aims to contribute by asserting that the trend of over-enforcement can be counter-balanced when courts interpret the right to privacy to include more than just the right to data protection. More specifically, the right to privacy should also include the right to intellectual privacy, building upon the concept created by Neil Richard.[11] Currently the right to intellectual property is often balanced against the right to privacy in a way that it interprets privacy as the right to data protection which leads to unsatisfactory determinations.[12] However, the concept of privacy is much broader than that and should also include the right to intellectual privacy. The right to intellectual privacy captures the concept that new ideas develop best when not confronted with intense scrutiny of public exposure. It is the idea that free minds are the foundation of a free society.[13] This right can counterbalance the creation of an online surveillance framework as it would constitute a step too far. The right to intellectual property should be balanced against the right to privacy and by having the government impose monitoring obligations on intermediaries, the balance is tilted in favour of the copyright holders. Especially since the responsibility created for monitoring and taking down content swiftly or otherwise being held liable will lead to an architectural framework where the users of the internet will not even realise that they are being hindered in the free use of the internet.[14] This will curtail freedom of speech. However, this essay does not argue that intermediaries cannot be burdened with the task of enforcing copyright protection at all, but instead asserts that the current trend is a step too far and that the internet should not become a surveillance mechanism.
Therefore, this essay aims to answer the question: Can the right to privacy protect against over-enforcement of copyright holders against online intermediaries in the current global environment? To answer this question, this essay firstly provides an introduction into copyright from an EU and US perspective (Part II). This section dives into the development of intermediary liability and provides an interim conclusion which indicates that there is a paradigm shift from intermediary liability to intermediary responsibility both in the US and the EU. Secondly, it provides an analysis of the ‘right to privacy’ and how it is protected in the EU and US (Part III). As the ‘right to privacy’ is an open concept, a further deep-dive is provided into privacy as a concept with particular focus on the notion of intellectual privacy. Lastly, these two concepts are balanced against each other, copyright enforcement and the right to privacy in Part IV which leads to the conclusion (Part V). The essay concludes that the right to privacy can protect against over-enforcement of copyright holders against online intermediaries if the right to privacy is interpreted more broadly than merely the right to data protection and also includes the right to intellectual privacy.
Copyright is protected globally and has a long and rich history in multilateral treaties. Copyright law has been shaped since the late nineteenth century by these multilateral treaties.[15] The three main treaties that have defined the broad structure of copyright law are the Berne Convention for the Protection of Literary and Artistic works of 1886[16], the Rome Convention for the Protection of Performers, Producers of Phonograms and Broadcasting Organizations of 1961[17] and the Agreement on Trade-Related Aspects of Intellectual Property Rights of 1994[18] (TRIPS). Besides these multilateral treaties, copyright, and intellectual property generally, is protected on various levels. For instance, article 27 of the United Nationals Universal Declaration of Human rights (UDHR)[19] recognises the right to intellectual property as a fundamental human right. The EU protects the right to intellectual property in article 17(2) of the Charter of Fundamental Rights of the European Union (CFR).[20] Further, on an EU level copyright is protected in the Information Society Directive.[21] This directive in combination with further case law from the European Court of Justice (CJEU) harmonizes copyright law protection in the EU Member States.[22] The enforcement of copyright protection is governed in the Directive on the Enforcement of Intellectual Property Rights.[23] In the US copyright is protected in Clause 8, Section 8 of article 1 of the Constitution. This famous section provides Congress the competence to legislate copyright protection[24] which is done in the Copyright Act of 1976.[25]
Through multilateral agreements and national laws, copyright law has a comprehensive legal basis for protection. Copyright protection is thought to be essential for society because it provides an incentive to encourage the production and dissemination of works.[26] Copyright legislation outlines how copyright is acquired, when infringement takes place and how copyright can be enforced. However, copyright is not the only right afforded to individuals and has to be balanced to ensure proportionate enforcement. TRIPS, for instance, sets out a detailed framework on intellectual property enforcement which includes many safeguards to protect defendant’s rights and interests.[27] However, more recent international intellectual property instruments do not include such protections.[28] For instance the failed Anti-Counterfeiting Trade Agreement (ACTA)[29] lacked important safeguards with regards to privacy and data protection in favour of intellectual property enforcement.[30] An example is, for instance, the encouragement of the identification of internet users by intermediaries and cross border data flows.[31] Even though ACTA did not come to be, the idea of a stronger enforcement framework can be found in trade agreements such as the Trans-Pacific Partnership Agreement[32] (TPP).[33] Enforcement of copyright has developed over time and due to the nature of the internet grown to include online enforcement by introducing liability regimes for online intermediaries.
Intermediary liability for copyright infringement has developed globally. As will be analysed below, a trend can be identified which focuses on the online over-enforcement of copyright. This paragraph provides an in-depth overview of the recent changes in the EU and US. Especially in the EU, very recently, major changes have been implemented in the liability framework for intermediaries but these changes have been structural and can be recognised in other parts of the world as well. In addition, intermediary liability continues to also find support in international policy and is even a requirement for certain multi-national trade agreements, such as the TPP.[34]
Up until 17 April 2019 intermediary liability was governed in the E-Commerce Directive (ECD) which applies horizontally to any type of unlawful conduct, including copyright enforcement.[35] The ECD is applicable to Information Society Services[36] and creates a ‘safe harbour’ against liability.[37] The ‘safe harbour’ created for online content hosting providers in article 14 ECD can be categorised as a conditional immunity framework.[38] This means that these types of intermediaries are only shielded from liability if certain conditions are met.[39] The conditions are shaped around a Notice-and-Take-Down regime. Once an intermediary is made aware of the existence of copyright infringing content, for instance through notification by a right holder, they are required to swiftly take down the content. If the intermediary does not, it can be held liable under article 14 ECD.[40]
However, on 17 April 2019 the Digital Single Market Directive,[41] a lex specialis to the ECD, introduces a new liability regime in article 17 on copyright enforcement.[42] This Directive is evidence of a paradigm shift focused on granting copyright a “higher level of protection”.[43] This liability regime is applicable to Online Content-Sharing Service Providers (OCSSPs) (such as Youtube and Vimeo) and has no precedent in the history of copyright nor in international treaties, in the EU copyright acquis or national law.[44] OCSSPs are platforms which have a profit-making purpose and store and give the public access to a large amount of works uploaded by their users.[45] The Digital Single Market Directive introduces a strict liability regime as OCSSPs are directly liable for their users’ uploads, also when there is no knowledge of the illegality of the work.[46] This means OCSSPs are excluded from the hosting safe harbour created in article 14(1) of the ECD.[47]
The Digital Single Market Directive aims to close the so-called ‘value-gap’ between content hosting intermediaries and copyright holders and tilts the balance in favour of copyright holders.[48] The term ‘value-gap’ refers to a supposed unfair allocation of value generated in the distribution of copyright-protected content by intermediaries.[49] However, in general, there is no substantive evidence of the effects the digital environment has on copyright infringement, nor regarding the scale or nature of it. Further, there is no evidence for the effectiveness of more aggressive enforcement strategies.[50]
Article 17 Digital Single Market Directive actively erodes the liability exemption in the EU and burdens intermediaries with the responsibility to monitor the content it hosts.[51] It de facto imposes an automated filtering obligation on OCSSPs as general and indiscriminate monitoring of all content uploaded by users through manual filtering would be impossible, both from a financial and logistical perspective.[52] What is interesting, is that in the landmark cases Sabam[53] and Netlog[54] the CJEU ruled that the implementation of a filtering system to detect and block users that are suspected of unlawfully downloading copyrighted work would most likely hinder an intermediaries freedom to conduct business.[55] Yet, such a regime is now introduced. Further, article 15 ECD actually restricts Member States from imposing a general monitoring obligation. This has thus changed and article 17 Digital Single Market Directive requires platforms such as Youtube and Facebook to monitor all content.[56] Platforms will now have to evidence that “best efforts” are made to obtain a licence or authorization from the copyright holder.[57] If there is no such authorization, the platform is required to filter and block those works when copyright holders have provided “the relevant and necessary information”.[58] A shift has thus taken place from liability to responsibility.[59]
The intermediary liability legal framework from a public law perspective in the US has not changed much since the internet’s early days.[60] The legal framework of online intermediaries is captured in section 230 of the Communications Decency Act (CDA)[61] of 1996 and section 512 of the Digital Millennium Copyright Act (DMCA)[62] of 1998. These two sections define how intermediaries handle content uploaded by users and the associated scope of legal liability.[63] The DMCA creates a safe harbour for internet service providers[64] and was the first to develop a Notice-and-Take-Down procedure. [65] This procedure is both administrative and technical in nature as it requires intermediaries to remove infringing content online once being notified by copyright holders.[66] The Notice-and-Take-down procedure was first developed in response to copyright infringements but is now one of the most-used measures to combat the infringement of intellectual property online.[67]
However, copyright industry trade groups have intensified their campaigns against the DMCA and the safe harbour created.[68] This has led to the situation that online intermediaries have assumed private obligations to regulate online content, due to significant pressure from the US and other governments even though there is no basis in public law.[69] This is for instance done by the introduction of Notice-and-Stay-Down measures. This was developed due to the volume of online infringements and the fact that once content is taken down by the intermediary, it is often uploaded again. The Notice-and-Stay-Down regime not only requires intermediaries to take down infringing content, but also to monitor their digital space for the same infringing content and block it again if it pops up.[70] Intermediaries are required to identify any reoccurrence of content and make sure it “stays down”.[71]
Further, tech companies in the US are subjected to a robust regime of ‘voluntary agreements’ to resolve content-related disputes created alongside the DMCA and the CDA.[72] This regime is mainly constructed to benefit intellectual property right holders that seek to control online piracy and counterfeiting beyond the territorial limits of the US.[73] The reach of online content monitoring by private intermediaries is both widening and deepening. The increase in the range of intermediaries that have partnered with corporations and trade associations to block sites and remove content without a court order has widened as it now includes internet access providers, search engines and social media platforms.[74] It is deepening with regards to the internet protocol stack, as it is moving downwards from the application layer into the network’s technical infrastructure.[75] Even though the purpose of these agreements is the enforcement of intellectual property rights, the Notice-and-Action procedures created can easily be used to censor all kinds of disfavoured content.[76]
The above analysis of national developments and legal frameworks provides a clear indication of the robust protection for copyright holders. Copyright is protected from various perspectives and multiple players can be involved in ensuring that copyright infringement does not happen or is stopped immediately. In the EU through article 17 Digital Single Market Directive and in the US through Notice-and-Stay-Down frameworks and ‘voluntary agreements’. Both legal frameworks thus create general monitoring obligations. There is a trend emerging which goes beyond liability and creates a responsibility for online platforms.[77] The EU Commission’s even put forward in the Communication on Online Platforms and the Digital Single Market that the aim is to impose an obligation on these platforms to behave responsibly by actively and quickly remove illegal materials. This means moving away from the Notice-and-Take-Down regime which was about reacting to complaints.[78]
Article 17 Digital Single Market Directive is merely the most recent example of the paradigm shift in the EU. For instance, the European Court of Human Right, following the EU Commission, added intellectual property to the first Additional Protocol to the European Convention of Human Rights of 1950[79] (ECHR).[80] Further, the European Charter of Fundamental Rights also includes in article 17 relating to the right to property, that intellectual property “shall be protected” which suggests a “constitutional declamation of a maximalist approach to copyright protection”.[81] It is also the case that the CJEU defines copyright as a property, and thus as a fundamental right. This means copyright operates as an equally ranked right to the other rights listed in the ECHR and CFR.[82]
This change in balance and the far going monitoring obligations create a problematic situation. The monitoring of the immense amounts of content that is uploaded daily cannot be done through manual processes and intermediaries are thus forced to employ automated enforcement.[83] Such automated enforcement by private companies is a delegation of public authority and has as consequence that it determines online behaviour. Automated and algorithmic copyright enforcement implies certain policy choices about how to balance certain rights such as freedom of expression.[84] In the online enforcement of intellectual property rights these algorithms take decisions which reflect policy decisions and assumptions that have significant consequences for society and the enjoyment of fundamental rights.[85] References to the potential unfair balance struck between intellectual property enforcement and freedom of speech has been subject to much criticism. For instance, these private intermediaries should not be tasked with determining the legality of content as they do not have the knowledge to assess this.[86] As well as the very eminent risk of censorship due to the fact that intermediaries will be eager to take down rather than to keep content online when the legality of the content is questioned, to avoid the risk of liability.[87] On top of the lack of incentive to keep material online, of which the legality is unclear, research shows that the current tools used also leads to structural over-blocking”.[88] However, freedom of speech is not the only fundamental right to potentially be harmed. Many scholars have recognised the harms for privacy and data protection.[89] Privacy is enshrined as a fundamental right in many constitutions globally and many countries have enacted extensive privacy protections.[90]
Contrasting to the right to intellectual property, privacy does not have a long and rich history in multinational treaties. Despite this, privacy is recognised as a fundamental human right in article 12 UDHR.[91] In Europe there are explicit references to the right to privacy in both article 8 ECHR and article 7 CFR. Further, the EU recognises the right to data protection in article 16 of the Treaty on the Functioning of the European Union[92] and article 8 CFR. The rules on data protection have been codified in the General Data Protection Regulation (GDPR) under European Union law.[93] In the US, the constitution does not explicitly refer to the word ‘privacy’ but the Supreme Court has concluded that the Fourth Amendment protects against government searches whenever a person has a “reasonable expectation of privacy”.[94] Further, the Supreme Court also held that the Constitution preserves a “zone of privacy” which protects people’s decisions about their sexual conduct, birth control, and health.[95] The US has hundreds of laws at state and federal levels which protect privacy.[96]
Privacy is recognised to be important and it is known to be essential for freedom, democracy, psychological well-being, individuality and creativity.[97] Interestingly under these legal regimes, privacy is mainly equated with data protection or also called informational privacy. However, privacy is a much broader concept.
Currently the word “privacy” is used to describe a myriad of things such as freedom of thought, freedom from surveillance, control over personal information or the ability to prevent disclosure of facts about oneself, etc.[98] Others conceptualise privacy as ‘the right to be left alone’[99], meaning to “limit access” to the self.[100] The most common understanding of privacy is that it constitutes the secrecy of certain matters. This means privacy would be violated by the public disclosure of private information.[101] Others assert that privacy provides control about personal information and that personal information is the property of an individual.[102] However, privacy encompasses more than just the protection of personal information or ‘the right to be let alone’[103]. As Roger Clarke recognised, privacy involves many dimensions. Clarke distinguished 5 dimensions to privacy which include ‘privacy of the person’, ‘privacy of personal behaviour’, ‘privacy of personal communications’, ‘privacy of personal data’ and ‘privacy of personal experience’.[104]
Privacy is thus a broad concept and does not necessarily only cover one type of harm.[105] The right to privacy is not one-dimensional and can be seen as a positive and negative right. It is considered a negative right because it protects individuals against the interference in their autonomy by governments and private actors. It is a fundamental notion to limit the power imbalance in relationships.[106] Privacy functions also as a positive right as it protects a fundamental political value by guaranteeing an individual their freedom of self-determination and autonomy.[107] Both the positive and negative sides to privacy are required for an individual to be able to act freely. The right to privacy creates a free space where ideas can develop which is salient for creativity. Creativity often relies for a certain degree on imitation, drawing from previous work, and individuals must be provided enough room to ensure thoughts can be developed and shared online without the direct threat of intellectual property infringement and consequent enforcement.[108] The importance of this notion of privacy has been recognised by Neil Richards who conceptualised the term ‘Intellectual Privacy’.[109]
The theory of intellectual privacy suggests that new ideas often develop best away from the intense scrutiny of public exposure. The idea is that free minds are the foundation of a free society. Intellectual privacy is not just for the intellectual, it is an essential kind of privacy for everyone.[110] The most apparent threat to intellectual privacy is surveillance. Ordinarily the use of the word surveillance is related to activities done by the state to keep an eye on its citizens.[111] However, surveillance is not just for governments and private companies generate fortunes from the collected, use and sale of personal information. Such surveillance recognised by Richards focuses on the concept of “behavioural advertising” which is a multibillion-dollar business and is the foundation for the success of companies such as Google and Facebook.[112] Further, governments have previously already had an interest in making personal information collected by private companies amenable for public-sector surveillance. For instance, the Communications Assistance for Law Enforcement Act of 1944[113] in the US and the struck down European Data Retention Directive of 2006.[114] The Communications Assistance for Law Enforcement Act requires telecommunication providers to build their networks in ways that make government surveillance and interception of electronic communications possible.[115] The European Data Retention Directive required Internet Service Providers to retain details of all internet access and telephone use of users for twelve months, so that they can be made available for government investigations.[116] However, this law was struck down by the CJEU as it held that the EU legislature had created a Directive which was disproportional in relation to articles 7 on the right to privacy, article 8 on the right to data protection and article 52(1) on the limitation of rights of the CFR.[117] Even though this Directive is not in force anymore, it nevertheless, does indicate the symbiosis which has developed between the government and private companies who are tasked with surveillance. This means surveillance cannot be analysed as merely limited to the government.[118] The current development of intermediary liability to responsibility and imposing general monitoring obligations has created a bigger area of government surveillance with as an excuse the enforcement of intellectual property protection.
Scholars writing on surveillance continually reaffirm that a recurring purpose of surveillance is to control behaviour.[119] This is the case because direct awareness of surveillance not only can make a person feel extremely uncomfortable, it also leads to a person altering their behaviour. Surveillance can lead to self-censorship and inhibition. Further, ideas, thoughts, and arguments which would be developed and expressed through discussion and writing will be silenced.[120] Due to these inhibitory effects, surveillance can be characterized as a tool of social control, enhancing the power of social norms. These social norms work more effectively when people are being observed by others.[121] And too much social control can adversely impact freedom, creativity and self-development.[122] This is an increasing problem in modern societies as surveillance fails to respect the line between public and private actors. Therefore, interpreting the right to privacy to include intellectual privacy must protect against private actors as well as the state.[123]
The rights to intellectual property and privacy recognised by both the EU and US are to be balanced. As recital 2 of Copyright Enforcement Directive outlines: “[the protection of intellectual property] should not hamper freedom of expression, the free movement of information, or the protection of personal data, including on the Internet”.[124] This essay does not aim to argue that intermediary liability and a monitoring obligation is never warranted. This essay aims to clarify that currently the balance is tilted in favour of intellectual property right holders. This balance cannot be reconciled by balancing the right to intellectual property to the narrow interpretation of the right to privacy interpreted as the right to data protection, as it will lead to unsatisfactory judgements as happened in the recent case of the CJEU.
On the 9th of July 2020 the CJEU provided its preliminary ruling in the case Constantin Film Verleigh GmBh v Youtube LLC and Google Inc. Constantin Film created the cinematographic works ‘Parker’ and ‘Scary Movie’. These movies were uploaded to the Youtube website and Constantin Film demanded Youtube to provide the information of the users who uploaded the works.[125] The question posed to the CJEU was whether article 8(2)(a) of the Copyright Enforcement Directive, which refers to the word ‘addresses’, meant to include the email address, phone number and IP address used to upload the infringing works.[126] The CJEU determined that the word constitutes a concept of EU law and must be interpreted independently and uniformly because there is no reference to the law of Member States.[127] The CJEU then continued to determine that the term must be determined in accordance with its usual meaning in everyday language, because the term is not defined which is a given person’s permanent address or habitual residence.[128] Additionally, the travaux préparatoires for the Directive did not suggest that the term ‘address’ not only refers to postal address but also email address, phone number and IP address.[129] Therefore, when balancing the various rights,[130] the CJEU determined that the term ‘address’ must be interpreted to not cover the email address, telephone number and IP address.[131] Such a strict interpretation seems to indicate a balancing act between the right to copyright enforcement and the right to data protection as was done in Scarlet[132] and Netlog[133]. In these cases the CJEU established that there may be instances where the right to data protection may not be fairly balanced against the rights of copyright holders.[134] Especially since intellectual property rights have never conferred the right to identify users, per se.[135]
However, with the development of the internet and the current changes in regulatory landscape, the balancing exercise afforded here is short-sighted and has even been called non-convincing.[136] Many blogs critique the case because of its rigid interpretation of the word ‘address’ as the world we now live in is fast paced and a more ‘dynamic’ interpretation would have been better suited for the constant technological developments.[137] The court seems to use the narrow definition of address to create protection for individuals. However, this choice seems like an ‘easy way out’ as it did not actually lead to a proper balancing exercise. A more effective balancing strategy, which would restore the balance between privacy and intellectual property protection is by looking at privacy as a complete concept. This is possible since privacy as a concept is protected in article 7 CFR, not just the right to data protection is protected.
The EU is known to focus on the balancing of rights, but this is different in the US, especially since in general it is hard to have human rights enforced against the private sector.[138] Further, the US has a special form of subpoena which exists for copyright enforcement in section 512(h) DMCA. This tool is meant to obtain users’ identities associated to the IP address who engaged in copyright infringing activities.[139] This is thus in contrast to the EU, where such a right does not exist. However, in a case where the courts did balance the right of privacy and intellectual property, the type of privacy focused on was also data protection. In the Verizon[140] case the District Court of Columbia stated that Verizon must provide the information. However, the Court of Appeal reversed it by considering the balance between section 512(h) DMCA and the right to stay anonymous, in order words, to have personal data protected.[141] Interestingly, Verizon in its defence argued that the DMCA subpoena violated its users’ First Amendment right if the identity of the users was provided since the First Amendment also covers expression on the Internet.[142]
It is thus clear that the right to privacy and the right to freedom of expression are closely linked. However, it seems to be the case that merely balancing copyright infringement and data protection will lead to the limitation of freedom of speech because the burden shifts to intermediaries when individual infringers are protected through data protection. Copyright holders seem to want to find a way to have infringing content taken offline, either through individuals or intermediaries. Therefore, the balancing act that needs to take place here is not with regards to data protection, but the concept of privacy as a whole, which includes intellectual privacy. The right to privacy can counter balance the type of social control the government is trying to create by imposing monitoring obligations. The right to privacy is not merely an individual right, but is also an internal dimension of society and has social value. Even when the right to privacy protects an individual, it does so for the sake of society.[143] Therefore, the right to privacy can counter-balance the over-enforcement of copyright holders when the entire concept of privacy is included in the balancing act. This is especially of importance because the practical implications of the monitoring obligations will be done through algorithmic enforcement. The system of enforcement creates a legal system where intermediaries manipulate the internet architecture when implementing monitoring technologies. This will lead to fundamental architectural changes to limit the liability of intermediaries. This will most likely lead to over-enforcement that becomes invisible and leads users to get accustomed to a highly censored online ecosystem.[144] Evidence of this can already be found in the US, where a widening variety of online intermediaries are required to use the network’s technical infrastructure to ensure copyright enforcement can take place.[145]
To conclude and answer the question of this essay: Can the right to privacy protect against over-enforcement of copyright holders against online intermediaries in the current global environment? The answer is yes if the right to privacy is interpreted more broadly than merely the right to data protection and also includes the right to intellectual privacy. This conclusion is drawn after analysing the copyright framework from an EU and US perspective and the right to privacy. A broader scope for privacy protection is required due to the current developments of online intermediaries which are now held responsible for the content hosted, instead of merely liable when informed of infringing content. Both in the EU and US the trend of over-enforcement can be recognised in the obligation to monitor content online, stepping away from a liability-based framework to it becoming the responsibility of a private entity to monitor its online sphere. This essay does not aim to argue that online intermediaries should not be burdened with copyright enforcement at all, but instead argues that the current paradigm shift in regulatory framework for copyright enforcement leads to a system of surveillance. Such a system is known for its chilling effect on society, such as the curtailment of freedom of speech but also impugns the right to privacy as an individual needs to feel free to be able to properly participate in society. Surveillance is a tool for social control and the right to privacy protects the power imbalance placed on individuals.
[1] LL.B, LL.M (Cum Laude). I would like to thank Associate Professor Alexandra George for her assistance and encouragement. All errors are my own.
[2] Kendra Cherry, ‘What Is Body Positivity? Verywellmind (Blog Post, 25 February 2020) <https://www.verywellmind.com/what-is-body-positivity-4773402>.
[3] Larry Buchanan, Quoctrung Bui and Jugal Patel, Black Lives Matter May Be the Largest Movement in U.S. History’, The New York Times (News Article, July 3, 2020) <https://www.nytimes.com/interactive/2020/07/03/us/george-floyd-protests-crowd-size.html>.
[4] Council Directive 2019/790/EC of 17 April 2019 on copyright and related rights in the Digital Single Market and amending Directives 96/9/EC and 2001/29/EC [2019] OJ L130/92.
[5] See for instance, Marco Massini ‘Fundamental rights and private enforcement in the digital age’ (2019) 25(2) European Law Journal 182; Frederick Mostert and Jane Lambert, Study on IP enforcement measures, especially anti-piracy measures in the digital environment WIPO/ACE/14/7 (Advisory Committee on Enforcement Report, September 2019); Maurice Schellekens, ‘Liability of internet intermediaries: A Slippery Slope? (2011) 8(2) SCRIPTed, 154; Kuczerawy, Aleksandra, ‘Intermediary liability & freedom of expression: Recent developments in the EU notice & action iniative (2015) 31 Computer Law & Security 46; Kylie Pappalardo and Suzor, Nicolas, ‘The Liability of Australian Online Intermediaries’ [2018] SydLawRw 19; (2018) 40 Sydney Law Review 469.
[6] Bruno Zeller, et al, ‘The Right to be Forgotten – the EU and Asia Pacific Experience (Australia, Indonesia, Japan and Singapore)’ (2019) 1 European Human Rights Law Review 23; Daniel Solove, “Conceptualizing privacy” (2001) 90(4) California Law Review; Paul De Hert and Serge Gutwirth, ‘Privacy, data protection and law enforcement. Opacity of the individual and transparency of power’ in Erik Claes, Antony Duff and Serge Gutwirth (eds) Privacy and the criminal law (Intersentia, 2006) 61; Daniel Solove, “‘I’ve Got Nothing to Hide’ and Other Misunderstandings of Privacy” (2007) 44 San Diego Law Review 745; Daniel Solove, Understanding Privacy (Harvard University Press, 2008); Daniel Solove, ‘A Taxonomy of Privacy’ (2013) 154(3) University of Pennsylvania Law Review 477.
[7] Diana Liebenau, ‘What Intellectual Property Can Learn from Information Privacy, and Vice Versa’ (2016) 30(1) Harvard Journal of Law & Technology 285.
[8] Alberto Cerda Silva, ‘Enforcing Intellectual Property Rights by Diminishing Privacy: How the Anti-Counterfeiting Trade Agreement Jeopardizes the Right to Privacy’ (2011) 26(3) American University International Law Review 601; Kimberlee Weatherall, ‘Safeguards for Defendant Rights and Interests in International Intellectual Property Enforcement Treaties’ (2016) 32(1) American University International Law Review 211.
[9] For instance, the Communications Assistance for Law Enforcement Act of 1944 in the US and the struck down European Data Retention Directive of 2006, further elaborated on in Part II B; Neil Richards, ‘The Dangers of surveillance’ (2013) 126 Harvard Law Review 1934, 1941.
[10] Richards (2013) (n 9) 1941.
[11] Neil Richards, Intellectual Privacy: Rethinking Civil Liberties in the Digital Age (Oxford University Press 1st ed, 2015).
[12] This is the case in Constantin Film Verleih v Youtube and Google (Court of Justice of the European Union, C-264/19, ECLI:EU:C:2020:542, 9 July 2020), which is discussed in Part IV on balancing the right to intellectual property against the right to privacy.
[13] Richards (2013) (n 9) 1946.
[14] Giancarlo Frosio, ‘Algorithmic enforcement online’ (2019) in Paul Torremans (ed) Intellectual Property and Human Rights (Kluwer Law International, forthcoming 2020) 709, 709-710.
[15] Kathy Bowrey et al, Australian Intellectual Property, Commentary, law and practice (Oxford Univeristy Press 2nd ed, 2015) 32.
[16] Berne Convention for the Protection of Literary and Artistic Works of September 9, 1886, completed at Paris on May 4, 1896, revised at Berlin on November 13, 1908, completed at Berne on March 20, 1914, revised at Rome on June 2, 1928, revised at Brussels on June 26, 1948, and revised at Stockholm on July 14, 1967 (with Protocol regarding developing countries).
[17] Rome Convention for the Protection of Performers, Producers of Phonograms and Broadcasting Organizations, of October 23, 1961, completed at Rome on May 18, 1964.
[18] Marrakesh Agreement Establishing the World Trade Organization, opened for signature 15 April 1994, 1867 UNTS 3 (entered into force 1 January 1995) annex 1C (‘Agreement on Trade Related Aspects of Intellectual Property Rights’).
[19] Universal Declaration of Human Rights, GA Res 217A (III), UN GAOR, UN Doc A/810 (10 December 1948).
[20] Charter of Fundamental Rights of the European Union, ratified 7 December 2000 [2000] 2012/C 326/02, amended 26 October 2012 (CFR).
[21] Council Directive 2001/29/EC of 22 May 2001 on the harmonisation of certain aspects of copyright and related rights in the information society [2001] OC L 167/10.
[22] Thomas Margoni, ‘The Harmonisation of EU Copyright Law: The Originality Standard’ in M Perry (ed) Global Governance of Intellectual Property in the 21st Century (Springer International Publishing, 2016) 85, 85.
[23] Council Directive 2004/48/EC of 29 April 2004 on the enforcement of intellectual property rights [2004] OJ L 157/16.
[24] Federica Giovanella, ‘Effects of Culture on Judicial Decisions: Personal Data Protection vs. Copyright Enforcement in Roberto Caso and Federica Giovanella (eds) Balancing Copyright Law in the Digital Age (SpringerLink, 2015) 65, 79.
[25] Copyright Act of 1976 Pub. L. No. 94-552, 90 Stat. 2541 44 U.S.C. §§ 505, 2113; 18 U.S.C. § 2318.
[26] Bowrey et al (n 15) 30.
[27] Weatherall (n 8) 215.
[28] Ibid.
[29] Anti-Counterfeiting Trade Agreement, December 3, 2010 <https://ustr.gov/acta>.
[30] Silva (n 8) 616.
[31] Ibid 615-616.
[32] Trans-Pacific Partnership Agreement between the Government of Austl. And the Governments of: Brunei Darussalam, Can., Chile, Japan, Malay., Mex., N.Z., Peru, Sing., the United States and Vietnam, opened for Signature Feb 4 2016 (not in force) ch. 18, Office of the U.S. Trade Representative <https://ustr.gov/trade-agreements/free-trade-agreements/trans-pacific-partnership/tpp-full-text>.
[33] Weatherall (n 8) 217-219.
[34] Lucas Logan, ‘Free expression, privacy and intellectual property online: Contesting Intermediary Liability’ (2014) 16(1) Communication Law Review 24, 24.
[35] Council Directive 2000/31/EC of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market [2000] OJ L178/1.
[36] Ibid art. 2(a).
[37] Rebecca Mackinnon, Fostering Freedom Online: The Role of Internet Intermediaries (UNESCO Internet Society, 1st ed, 2014) 51.
[38] Council Directive 2000/31/EC of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market [2000] OJ L178/1, art. 14.
[39] Mackinnon (n 37) 40.
[40] L’Oréal SA and Others v eBay International AG and Others (C-324/09) [2011] ECR I-06011 [116]-[122].
[41] Council Directive 2019/790/EC of 17 April 2019 on copyright and related rights in the Digital Single Market and amending Directives 96/9/EC and 2001/29/EC [2019] OJ L130/92.
[42] Martin Husovec and Jaöa Pedro Quintais, ‘How to license article 17? Exploring the implementation options for the new EU Rules on content-sharing platforms’ (Working Paper 1/10/2019, Tilburg Institute for Law, Technology, and Society, Tilburg University) 3 <https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3463011>.
[43] Caterina Sganga, ‘EU copyright law between property and fundamental rights: a proposal to connect the dots’ in Roberto Caso and Federica Giovanella (eds) Balancing Copyright Law in the Digital Age (SpringerLink, 2015) 1, 8.
[44] Husovec and Quintais (n 42) 3.
[45] Council Directive 2019/790/EC of 17 April 2019 on copyright and related rights in the Digital Single Market and amending Directives 96/9/EC and 2001/29/EC [2019] OJ L130/92 art. 2(6).
[46] Dirk Visser, ‘Trying to understand article 13’ (2019) SSRN 4 <https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3354494 >; Husovec and Quintais (n 42) 3.
[47] Husovec and Quintais (n 42) 3.
[48] Giancarlo Frosio, ‘From horizontal to vertical: an intermediary liability earthquake in Europe (2016) 12(7) Journal of Intellectual Property Law 565, 567-568.
[49] Ibid 567.
[50] Ibid 568.
[51] Massini (n 5) 183.
[52] Frosio (2019) (n 14) 725-726.
[53] Scarlet Extended SA v SABAM C-70/10 [2011] ECR I-12006, [53].
[54] SABAM v Netlog NV (Court of Justice of the European Union, C-360/10, 16 February 2012) [51].
[55] Massini (n 5) 190.
[56] Mostert and Lambert (n 5) 15.
[57] Ibid.
[58] Ibid.
[59] Frosio (2019) (n 14) 718.
[60] Annemarie Bridy, ‘Addressing Infringement: Developments in Content Regulation in the US and the DNS’ in Giancarlo Frosio (ed) The Oxford Handbook of Online Intermediary Liability (Forthcoming) 1.
[61] Communications Decency Act of 1996 Pub. L. No. 104-104, 110 Stat. 113 47 U.S.C §230.
[62] Digital Millennium Copyright Act of 1998, Pub. L. No 105-304, 112 Stat. 280 17 U.S.C. § 512.
[63] Bridy (forthcoming) (n 60) 1.
[64] Digital Millennium Copyright Act of 1998, Pub. L. No 105-304, 112 Stat. 280 17 U.S.C. § 512.
[65] Mostert and Lambert (n 5) 10.
[66] Ibid.
[67] Ibid.
[68] Bridy (Forthcoming) (n 60) 1.
[69] Ibid 2.
[70] Mostert and Lambert (n 5) 12.
[71] Frederick Mostert, Study on Approaches to online trademark infringements¸ WIPO/ACE/12/9 (Advisory Committee on Enforcement Report, September 2017) 12.
[72] Annemarie Bridy, ‘Copyright’s Digital Deputies: DMCA-Plus Enforcement by Internet Intermediaries’ in John Rothchild (ed), Research Handbook on Electronic Commerce Law (Edward Elgar 2016).
[73] Bridy (Forthcoming) (n 60) 2.
[74] Annemarie Bridy, ‘Notice and takedown in the Domain Name System’ (2017) 74 Washington & Lee Review 1345, 1372.
[75] Bridy (Forthcoming) (n 60) 2.
[76] Ibid.
[77] Frosio (2019) (n 14) 718.
[78] Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions - Online Platforms and the Digital Single Market Opportunities and Challenges for Europe (COM(2016)288).
[79] Convention for the Protection of Human Rights and Fundamental Freedoms, opened for signature 4 November 1950, 213 UNTS 221 (entered into force 3 September 1953), as amended by Protocol No 14 to the Convention for the Protection of Human Rights and Fundamental Freedoms, Amending the Controls System of the Convention, opened for signature 13 May 2004 CETS NO 194 (entered into force 1 June 2010).
[80] Sganga (n 43) 8.
[81] Ibid.
[82] Ibid.
[83] Frosio (2019) (n 14) 725-726.
[84] Ibid 709-710.
[85] Ibid 710.
[86] Kuczerawy (n 5) 48.
[87] Massini (n 5) 192; Schellekens (n 5) 168.
[88] Schellekens (n 5) 168.
[89] Frosio (2019) (n 14) 711.
[90] Solove (2008) (n 6) 3.
[91] Universal Declaration of Human Rights, GA Res 217A (III), UN GAOR, UN Doc A/810 (10 December 1948).
[92] Consolidated versions of the Treaty on European Union and the Treaty on the Functioning of the European Union 2012/C 326/01.
[93] Regulation (EU) 2016/679 of the European Parliament and of the council of 27 April on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC [2016] OJ L 119/1 (GDPR).
[94] Katz v United States [1967] USSC 262; 389 U.S. 347 (1967).
[95] Griswold v. Connecticut, [1965] USSC 128; 381, US 479 (1965).
[96] Solove (2008) (n 6) 3.
[97] Ibid 5.
[98] Solove (2001) (n 6) 1095.
[99] As conceptualised by Samuel Warren and Louis Brandeis, ‘The Right to Privacy’ (1890) 4(5) Harvard Law Review 193.
[100] Solove (2001) (n 6) 1102.
[101] Ibid 1105.
[102] Ibid 1112.
[103] Warren and Brandeis (n 97).
[104] Roger Clarke, Introduction to Dataveillance and Information Privacy, and Definitions of Terms’ Roger Clarke’s Website (Blog Post, 24 July 2016) <http://www.rogerclarke.com/DV/Intro.html> .
[105] Solove (2013) (n 6) 486.
[106] De Hert and Gutwirth (n 6) 69.
[107] Ibid 70.
[108] Weatherall (n 8); Liebenau (n 7).
[109] Richards (2015) (n 11).
[110] Richards (2013) (n 9) 1946.
[111] Ibid 1940.
[112] Ibid 1938-1939.
[113] Communications Assistance for Law Enforcement Act Pub. L. No. 103-414, 108 Stat. 4279 47 U.S.C §§ 1001-1010.
[114] Council Directive 2006/24/EC of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC [2006] OJ L 105/54.
[115] Communications Assistance for Law Enforcement Act Pub. L. No. 103-414, 108 Stat. 4279 47 U.S.C §§ 1001-1010, §1002; Richards (2013) (n 9) 1941.
[116] Richards (2013) (n 9) 1941.
[117] Digital Rights Ireland (C-293/12 and C-594/12) [2014] ECR I-238, [69].
[118] Richards (2013) (n 9) 1941.
[119] Ibid 1949.
[120] Logan (n 34) 32.
[121] Solove (2013) (n 6) 494.
[122] Ibid.
[123] Richards (2013) (n 9) 1952.
[124] Council Directive 2004/48/EC of 29 April 2004 on the enforcement of intellectual property rights [2004] OJ L 157/16, rec 2.
[125] Constantin Film Verleih v Youtube and Google (Court of Justice of the European Union, C-264/19, ECLI:EU:C:2020:542, 9 July 2020) [13]-[15].
[126] Ibid [23].
[127] Ibid [28].
[128] Ibid [29]-[30].
[129] Ibid [31].
[130] Ibid [38].
[131] Ibid [40].
[132] Scarlet Extended SA v SABAM (C-70/10) [2011] ECR I-12006 [53].
[133] SABAM v Netlog NV (Court of Justice of the European Union, C-360/10, 16 February 2012) [51].
[134] Frosio (2019) (n 14) 735-736.
[135] Silva (n 8) 611-612.
[136] Eleonora Rosati, ‘CJEU follows AG and rules that notion of 'address' does not extend to email and IP addresses and telephone numbers’, The IPKat (Blog Post, 12 July 2020) <http://ipkitten.blogspot.com/2020/07/cjeu-follows-ag-and-rules-that-notion.html> .
[137] Rebecca Pakenham-Walsh, ‘Constantin Film Verleih v YouTube – is there more to 'address' following AG Opinion?’ Field Fisher Insight (Blog Post, 29 April 2020) <https://www.fieldfisher.com/en/services/intellectual-property/intellectual-property-blog/constantin-film-verleih-v-youtube-%E2%80%93-is-there-more; http://ipkitten.blogspot.com/2020/07/cjeu-follows-ag-and-rules-that-notion.html>.
[138] Silva (n 8) 616-617.
[139] Giovanella (n 24) 75.
[140] In re Verizon Internet Services, 240 F. Supp. 2d 24 (D.D.C. 2003); RIAA v. Verizon Internet Services[2003] USCADC 251; , 351 F.3d 1229 (DC Circ. 2003).
[141] Giovanella (n 24) 75.
[142] Ibid.
[143] Solove (2007) (n 6) 763.
[144] Frosio (2019) (n 14) 709-710.
[145] Bridy (Forthcoming) (n 60) 2.
AustLII:
Copyright Policy
|
Disclaimers
|
Privacy Policy
|
Feedback
URL: http://www.austlii.edu.au/au/journals/UNSWLawJlStuS/2020/28.html