In his conclusions in response to three preliminary questions submitted by the French Council of State to the Court of Justice of the European Union, Advocate General Maciej Szpunar ruled on Thursday 27 October in favour of the French public authorities in a case related to the processing of personal data that pitted four French associations (La Quadrature du Net, the Federation of Associative Internet Service Providers, Franciliens.net and the French Data Network) against the French Prime Minister and the French Ministry for Culture.
The four associations had requested the annulment of a decree authorising the automated processing of personal data in order to send warnings, as provided for in the intellectual property code, to online subscription holders with the intention of preventing infringements of copyright and neighbouring rights on the Internet and, more specifically, to fight against the infringement of “gross negligence”.
These associations argued that this decree authorises access to connection data in a way that is disproportionate to the level of seriousness of the offences, without prior control by a judge or an authority that offers guarantees of independence and impartiality as advocated by the case law of the Court (they refer to the judgments of 21 December 2016 C-203/15 and C-698/15).
The French Council of State notes that the volume of recommendations sent to the affected people, in application of the so-called “graduated response” procedure, is considerable, and that in order to do so, the agents of the rights protection commission of the High Authority for the dissemination of works and the protection of rights on the Internet (Hadopi) must have the ability to collect a large amount of data relating to the civil identity of the users concerned. Subjecting these recommendations to prior checking would prevent the implementation of the recommendations.
In his Opinion, Advocate General Szpunar proposes that the Court interpret Article 15(1) of Directive 2002/58/EC on the processing of personal data, read in the light of Articles 7, 8 and 11 and Article 52(1) of the Charter of Fundamental Rights of the European Union as follows.
According to him, the article of the Directive does not preclude, on the one hand, national regulations that permit telecommunications service providers to retain data (limited to civil identity data corresponding to IP addresses) and, on the other hand, access to such data by an authority responsible for the protection of copyright and neighbouring rights against infringements committed online, even if such access is not subject to prior checking by a court or an independent administrative body.
This is the case insofar as these data constitute the only means of investigating and identifying the address attribution at the time at which the infringement occurred and for a period limited to the strict minimum.
Link to the conclusions: https://aeur.eu/f/3to (Original version in French by Émilie Vanderhulst)