BT & Talk Talk, the two largest UK internet Service Providers (ISP) went to court towards the end of 2010 and the beginning of 2011 to obtain a judicial review of the Digital Economy Act, a law passed in the dying days of the last Labour Government. This law is designed to place duties on internet service providers to act on the instruction and on behalf of copyright holders and to authorise Web site blocking. On the 20th April, Mr. Justice Parker delivered his judgement.
This article is a personal summary of that ruling. The judgement is awfully hard to read and understand. I have an economics degree and nine years of Civil Service training! Actual quotes should be obvious, other representations are in my words, not those of the judgement. In some places I have got lost in the text of the judgement and while my summary is much shorter than the original, it remains pretty long. The impatient or easily satisfied can skip straight to the summary.
I had not been expecting much and certainly did not expect the court to strike down the law. I was not disappointed. The most accessible write-up I have found at the time is at Iptegrity.com in an article called “DE Act court ruling – a twisted balance ”. This is a (cc) by-sa article and the author has asked for a full citation (see below) which I have included at the bottom of this article. She argued that the Government won 4 – 1, with the Judge only ruling that the proposed cost allocation between the ISPs and copyright holders was disproportionate.
Another point before I start is that EU law refers to participants in the internet economy as Information Society Service Providers (ISSP), and I have thus used the term Internet Service Provider (ISP) to refer to those companies that offer internet connectivity and internet addresses to their customers.
BT & Talk Talk asserted that,
- the Act should have been referred to the EU Commission for comment/assent under the Technical Standards Directive and wasn’t
- the Act contravened EU legislation, specifically the E-Commerce Directive which underwrites ISSPs role as a common carrier i.e. ISSPs are not responsible for the activities of their customers, just as the Post Offices have not been responsible for the contents of letters and parcels and under EU law should not be constrained from carrying services originating and terminating in other EU countries
- the Act places duties in contravention with the Data Protection and Privacy and Electronics Communications Directives,
- the law is in breach of the EU’s Authorisation Directive which sets out the supranational legal framework for the regulation and licensing of ‘electronic communication sector’, and that the proposed cost sharing agreements are illegal
- the actions and duties potentially placed upon ISSPs, such as disconnection or other “Technical Measures” are disproportionate.
EU Legislative Process
The first ground of appeal was dismissed as the Judge ruled that the Government didn’t have to notify the Commission because the DE Act is not a draft technical regulation. The draft technical regulations are all delegated/secondary legislation to be drafted by Ofcom, and the Government will need to notify the Commission when it comes back to the Commons.
Illegal Constraint on E-Commerce
The second ground of appeal is that the DE Act contravenes the E-commerce Directive (ECD) which has been set up to ensure that member states of the EU don’t create laws and regulations that restrict
“the freedom to to provide Information Society services “
The critical articles of the ECD establish common carrier (mere conduit) rights, prohibit governments placing undue burdens and “general requirements” on ISSPs and while permitting national regulation of Information Society service providers, prohibits discrimination against providers from other member states.
The Judge ruled that the common carrier defence is not absolute. The ECD or its legislators sought to exercise a “Careful Balance” between the interests of the ISSPs, their customers and copyright holders. The DE Act builds on the British legal precedents of the Copyright, Design and Patents Act 1988 and the Norwich Pharmacal vs. Customs & Excise Commissioners that a copyright holder’s notification of criminal copying is sufficient to negate an ISSP’s mere conduit defence; it can no longer claim a lack of knowledge of the “information transmitted”. The Judge also ruled that an ISSP is only liable if the illegal activity is sanctioned, countenanced or approved, and that supply of machines, and presumably software capable of use for copying copyright works is not an “authorisation” where the carrier (my word) has no control over the use of the machine. (Phew, Microsoft and Apple can breath a sigh of relief!) However the Norwich Pharmacal case established the principle that even privileged data holders (HMC&E) have a duty to prevent crime and so the co-option of even public authorities in the pursuit of intellectual property crime is written into UK common law. ( The Government will regret this as the Inland Revenue, now HMRC, has spent years trying to avoid damaging its relationships of trust with tax payers by keeping its data secret from all other law enforcement/taxation agencies such as the DWP and Child Support Agency.)
It seems that the ECD prohibits member state governments from requiring ISSPs to undertake excessive monitoring of their traffic, but also permits Member State governments to require ISSPs to co-operate in the identification of “alleged” illegal activities and users, and “at their request” storage customers. (Use of Quote marks is mine, but accurate).
The Judge ruled that the DE Act does not require the ISSPs to undertake general monitoring!
However, since the DE Act passes the duty of identification of potential illegal acts to a civil party participant, one that has rights that the ISPs and Governments don’t, that’s all right then. The people monitoring the internet traffic aren’t the ISPs and don’t require a court order.
National regulation, no discrimination against other member states
The claimant’s argued that Article 3 of the ECD which provides that member states must ensure that ISSPs obey the law, and may not discriminate against ISSPs based in other EU member states unless in pursuit of certain public policy objectives including, protection of minors, prosecution of hate crimes, protection of public health and public/national security. NB Copyright infringement is not on this list. The Article also states that the State’s use of the exception powers must be proportionate.
It would seem to me that this ground for appeal is mainly about the “site blocking” clauses since I am unsure how a foreign company, as in one exclusively regulated by a foreign jurisdiction can provide ISP i.e. internet connectivity services to UK consumers since they require IT assets to be located in the UK.
Both sides accept that the DE Act is a restriction on market activities. The permitted exclusions do not include copyright. The claimants’ and defendant’s lawyers then argued if copyright enforcement was “within the coordinated field”. If it is in “within the coordinated field”, then the DE Act would be illegal, otherwise, the law would recognise that restrictions on ISSPs are permitted. The defendants argued that further clauses in the ECD excluded copyright from the law, both sides recognised that the EU’s Copyright Directive is relevant, and that the claimants argued that
- the exclusion from the ECD’s domain was in preparation for the Copyright Directives
- the Copyright Directive mandates that member states shall provide a mechanism for judicial injunction against ISPs
The claimants argued that further actions and powers, i.e. beyond those permitted by the Copyright Directive, for copyright holders or the government were in breach of ECD Article 3, (they should probably have added in breach of the Authorisation Directive as well) and thus illegal under EU law.
Judge Parker ruled, in to me the most troubling part of the ruling, that if the EU legislators had wanted to place copyright into ECD’s “coordinated field”, they would have done so. This troubles me because the Judge is not interpreting the Law, but the motives of legislators, a many of whom may have opposed the law. The Judge argued that the decision as to whether copyright law was sufficiently harmonised to remove its exclusion from the ECD was too fine for a Judge, but that if push came to shove he’d rule that it was not sufficiently harmonised.
The Judge ruled (c. 130) that if the DE Act conflicted with Copyright Directive then it would need to be struck down, but that the DE Act implements the crucial Article 8(3). Article 8(3) which states
“Member states shall ensure that rightsholders are in a position to apply for an injunction against intermediaries whose services are used by a third party to infringe copyright or related right”
Since judicial review of copyright enforcement is one of the central demands of the opponents of the DE Act , an argument supported by the UN and French Constitutional Court, and given that the DE Act writes out both judicial and jury review, I feel that it’s a stretch to argue that the DE Act is an implementation of the Copyright Directive. (Later in the ruling, Judge Parker rules that the judicial oversight inherent within the Act and its yet unpublished codes is sufficient.)
In summary, EU Law prohibits restriction on ISSP activity unless the restriction meets certain agreed objectives or is subject toa non-harmonised legal jurisdiction (including Copyright and other Intellectual Property laws). Judge Parker ruled that despite the existence of the Copyright Directive, that copyright law is not sufficiently “harmonised” to permit copyright issues to be covered by ECD 3.
The third ground for appeal is that the DE Act contravenes EU Data Protection and Privacy Laws. Everyone agrees that internet protocol (IP) addresses, subscriber details, and much of the content is “private data” under EU and UK law and can be only used for the purposes declared by the data controller conforming to the Data Protection Directive (DPD), Article 7, which is partially quoted in paragraph 137 of the judgement. To my mind most interestingly, processing may occur,
“that is necessary for the legitimate interests pursued by the controller or by third party or parties to whom the data is disclosed. except where such interests are overridden by the interests for fundamental rights and freedoms of the data subject which require protection under Article 1(1)”
To my mind this would require the Judge to determine if the ISPs processing of data about its customers is a breach of the data subjects Article 1 fundamental rights, however, since the initial obligations code has not been published, and thus the processing models required are unknown they cannot be deemed to be in breach of the DPD.
There are exceptions to this prohibition (Article 8(2)(e)) including where
“ the processing relates to data which are manifestly made public by the data subject or is necessary for the establishment, exercise or defence of legal rights”
This exemption is not universal, but the Judge rules that, despite the text, it would be “absurd” if it is not. (c 161). The key to Judge Parker’s ruling is that what is known of the DE Act data processing is that it is permitted by the requirement/permission to allow copyright holders to exercise their defence and rights.
This also troubles me. There is a quite explicit requirement to balance the rights of copyright holders against those of infringing and innocent data subjects, but the ruling makes no mention of how the proposed Law balances those interests.
Illegal Regulation of Business
The fourth ground of appeal is that the DE Act exceeds member state powers in the regulation of electronic communication and network businesses. The EU has passed this law, the Authorisation Directive (AD) in order to ensure a level and stable competitive playing field for Telcos. The AD is made law in the UK by Ofcom regulations.
Neither the AD nor Ofcom’s rules require a network provider to conform to the DE Act. The claimants argue that such regulation is illegal since the national authorities need to be given the right to legislate by EU laws. It seems to me that since the AD is designed to protect the rights of entrants into the market, they have a point, but the judge disagrees. He rules that a member state has the right to change the regulatory rules by supplementing them with new ones, which is what the DE Act does by placing the obligation on Ofcom. (This part of the ruling is in fact more complex than I make it seem, which means I may have missed something. The Judge also refers to the EU Framework Directive which also applies and constrains the Authorisation Directive. It is argued in clauses/paragraphs 168 – 183).
Costs and Taxes
The claimants also used the Authorisation directive as part of their appeal against the cost sharing arrangements. BT & Talk Talk argued that in order for Ofcom to take powers to charge them, it needs to acquire that power through Authorisation Directive. The judge ruled that costs incurred in fulfilling legal liability and case fees are not charges, and so can be levied. He also ruled that “qualifying charges” are administrative charges and hence illegal. Qualifying costs are the costs of running the appeals process and will be paid to Ofcom or some other, presumably new appeal tribunal. It was planned that the ISPs paid 25% of these costs and that the copyright holders (or their agents) pay the remaining 75%.
The Authorisation Directive also prohibits member states from discriminating against relevant ISSPs. The claimants argue that the exclusion of the smaller ISPs and Mobile Network Operators is discriminatory. The DE Act only places obligation on the top six ISPs, those with more than 400,000 customers. The Judge argues that the six ISPs with more than 400,000 customers represent 93.4% of broadband customers and that the seventh player is a long way behind; the law recognises a natural breakpoint. He also argues that since mobile technology is less used for copyright infringement due to technical features, including them would be disproportionate. It remains a fact that six companies are being coerced into undertaking costly actions. It’s not only the EU’s Authorisation Directive that prohibits discrimination, the whole of Parliament’s Hybrid Legislation precedents would seem to apply. I say six is an awfully low number to not consider discriminatory.
In summary. The claimants argue that the power to regulate ISSPs is constrained by EU Law and that the DE Act is beyond the powers of the UK as a member state. The Judge ruled that Parliament (& Ofcom) can legally supplement the current laws. i.e. EU law sets a lowest standard, not a high water mark.
The fifth ground of appeal is proportionality. BT & TalkTalk argued that the Act was a disproportionate restriction on the freedom to trade and freedom of opinion, conflicting with EU treaties and the European Convention on Human Rights. The concept of proportionality, it would seem, is embedded in much of EU law. (I am not a lawyer and am only summarising this ruling which does not mention UK judicial tradition and precedent.)
There are points of principle and points of detail in this part of the ruling. The point of principle is that the judgement of a ‘Careful balance’ should be taken by elected politicians, in this case Parliament. I can live with this. The ruling states that the level of disproportionality would need to be exceedingly high for a court to strike down a Law and examines the case law that establishes this, although he doesn’t quote the Act of Settlement.
The judge ruled that copyright is an important, (fundamental) human right, quoting the ECHR and that balancing it against other fundamental rights, such as the right to free speech, fair trial, access to culture, privacy, family life and education is a matter of balance not one for pendulum arbitration. i.e. Parliament should decide.
The court and judgement then went on to test if Parliament had exercised a “careful balance”. Previous system trials and attempts to create voluntary agreements had failed, the Government had issued consultations between the interested parties and the nature and volume of evidence is not appropriate to Judicial bench.
The ruling also states,
- that judicial oversight is sufficient, if not the balance might be different
- that the current laws may be supplemented and that in several ways, it increases the rights of alleged infringers, although we can’t know because the codes haven’t been published
- that even if the law is technically unfeasible, parliament has a right to pass the law if it pursues public policy
- that a ‘chilling effect’ is a matter for Parliament
- that the EU Directive on the enforcement of Intellectual Property law does not make the DE Act a disproportionate law
There is also a lot of stuff about the impact assessment performed by the Government. The claimants arguing that fundamental errors in the impact assessment undermined both the proportionality of the law and the exercising of “Careful balance”. This is evaluated via evidence to expert witnesses. There’s a couple of issues in this part of the ruling, but on the whole the Judge took the view that there was no better evidence and that missing facts would have made little difference.
The ruling makes no comments on the proportionality of any “Technical Measures” since they have not been drafted, agreed or promulgated.
The court makes no comment on whether a law requiring “careful balance” on the issues of “fundamental rights” should be passed using the unprecedented accelerated procedures of House of Commons’ Wash-up. This process meant that the possibly 100’s of hours of review time spent by elected politicians was avoided. (The Commons spent under 10 hours considering the Bill.)
The court ruled that
- the DE Act is not a technical regulation and thus does not need to be notified to the EU Commission as part of the legislative process.
- the DE Act does not conflict with the E-Commerce Directive because the ‘mere conduit’ defence is not absolute, it does not require ‘general monitoring’, and copyright protection measures are excluded from the domain of the ECD.
- the DE Act does not conflict with the EU or UK Privacy and Data Protection laws because copyright protection measures are permitted processing measures under the Law.
- the DE Act does not conflict with the EU’s Authorisation Directive since the AD does not prohibit amendment or supplementary regulation, however it does invalidate some aspects of the proposed cost sharing order
- the claimants failed to prove that the DE Act and its parliamentary passage was sufficiently disproportionate to warrant being struck down i.e. that the required “careful balance” of the intellectual property rightsholders rights and those of the ISSPs and citizens, is best taken by Parliament.
The Judge also refused BT & TalkTalk the right to appeal.