French attorney François-René Lebatard explores the French government’s efforts to strike a legislative balance in a collision between intellectual property law and the protection of privacy.
The challenges presented by the Internet, e-commerce, and digital technology generally are many. As governments struggle to legislate in these areas, new conflicts regularly arise.
For example, Recital 15 of the Directive on the enforcement of intellectual property rights[1] clearly states that the Directive should not affect the Directive on the protection of individuals with regard to the processing of personal data.[2]
Still, copyright owners must react to stanch the massive flow of infringing works on the Internet. With the help of Digital Rights Management (“DRM”) technologies, tools to process personal data related to these infringements have been developed and subsequently regulated by statute in the USA and Europe
In France, the Act of 6 August 2004, which implements the Directive on the protection of individuals with regard to the processing of personal data, added a new article, article 9-4, to Act no. 78-17 of 6 January 1978 on Data Processing, Data Files, and Personal Freedoms. Article 9-4 allows collecting societies to process personal data related to copyright infringement. However, this processing is subject to stringent requirements:
• It may be put in place only by collecting societies and professional organizations.
• It must be narrowly tailored so that any data collected is directly related to the infringement and necessary in order to prevent or note such infringement.
• A court order is necessary to obtain the identity of the infringer.
• Data may be kept for only one year.
• It must be authorized by the National Commission for Data Protection and the Liberties (“CNIL”).[3]
Generally, when deciding whether or not to grant the requisite authorization, the CNIL seeks to strike a balance between the scope of the proposed processing and the goal which the collecting society or organization hopes to achieve.
SELL, a union of leisure software publishers, submitted the first request for authorization to the CNIL. The authorization was granted on March 24, 2005.
In contrast, on October 18, 2005, the CNIL denied authorization to four collecting societies comprised of copyright owners and producers of musical works. The proposed processing scheme called for the collection of IP (“Internet protocol”) addresses from eleven major peer-to-peer networks. Moreover, the scheme would have required Internet Service Providers (“ISPs”) to relay warning messages directly to their customers. Due to the role of the ISPs, however, the CNIL deemed the requested processing to be contrary to the anonymity requirement, which mandates a court order to obtain the identity of an infringer. In addition, the CNIL found that the large scale of the processing was incompatible with the overall balance sought.
Considering the already wide-spread tracing and profiling of individuals on the Internet, the legitimate use of DRM technologies to protect copyrighted works could be another significant threat to the protection of privacy – protection which is already endangered.[4]
Please enter your username or e-mail address.
You will receive a new password via e-mail.
Share