A bumper crop of pending litigation and legislative initiatives for the coming year (without even thinking about Brexit).
EU copyright reform
EU copyright reform
- The proposed Directive
on Copyright in the Digital Single Market is currently embroiled in trialogue
discussions between Commission, Council and Parliament. It continues to excite
controversy over the publishers’ ancillary right and the clash between Article
13 and the ECommerce Directive's intermediary liability provisions. [Directive adopted on 15 April 2019. Implementation by Member States due 24 months after publication in the Official Journal.]
- Political
agreement was reached on 13 December 2018 to a Directive (originally proposed as a Regulation) extending the
country of origin provisions of the Satellite
and Cable Broadcasting Directive to online radio and news broadcasts.
Formal approval of a definitive text should follow in due course. [The Directive was adopted on 15 April 2019.]
EU online business The European Commission has proposed
a Regulation on promoting fairness and transparency for business users of
online intermediation services. It would lay down transparency and redress rules
for the benefit of business users of online intermediation services and of corporate
website users of online search engines. The legislation would cover online
marketplaces, online software application stores, online social media and search
engines. The Council of the EU reached a common
position on the draft Regulation on 29 November 2018. [The Parliament and Council reached political agreement on the proposed Regulation on 12 April 2019.]
Telecoms privacy
The proposed
EU ePrivacy Regulation continues to make a choppy voyage through the
EU legislative process.
Intermediary liability The UK government has published its Internet
Safety Strategy Green Paper, the precursor to a White Paper to be published
in winter 2018-2019 which will include intermediary liability, duties and responsibilities.
In parallel the House of Lords Communications Committee is conducting an inquiry
on internet regulation, including intermediary liability. A House of
Commons Committee examining Disinformation and Fake News has also touched
on the topic. Before that the UK Committee on Standards in Public Life suggested
that Brexit presents an opportunity to depart from the intermediary liability
protections of the ECommerce Directive. [The government published its Online Harms White Paper on 8 April 2019.]
On 12 September 2018 the European Commission published a Proposal for a
Regulation on preventing the dissemination of terrorist content online.
This followed its September 2017 Communication
on Tackling Illegal Content Online and March 2018 Recommendation
on Measures to Effectively Tackle Illegal Content Online. It is notable
for one hour takedown response times and the ability for Member States to
derogate from the ECommerce Directive Article
15 prohibition on imposing general monitoring obligations on conduits,
caches and hosts.
The Austrian Supreme Court has referred to the CJEU
questions on whether a hosting intermediary can be required to prevent access
to similar content and on extraterritoriality (C-18/18
- Glawischnig-Piesczek). The German Federal Supreme Court has
referred two cases (YouTube
and Uploaded)
to the CJEU asking questions about (among other things) the applicability of the
ECommerce Directive intermediary protections to UGC sharing sites.
Pending CJEU copyright cases Several copyright
references are pending in the EU Court of Justice. Issues under consideration
include whether the EU Charter of Fundamental Rights can be relied upon to
justify exceptions or limitations beyond those in the Copyright Directive (Spiegel
Online GmbH v Volker Beck, C-516/17; Funke
Medien (Case C-469/17) (Advocate General Opinion 25 October 2018 here)
and Pelham
Case 476/17) (Advocate General Opinion 12 December 2018 here); and whether a link to a PDF amounts to publication for the
purposes of the quotation exception (Spiegel
Online GmbH v Volker Beck, C-516/17). The Dutch Tom Kabinet case on secondhand e-book trading has been referred to
the CJEU (Case
C-263/18). The YouTube
and Uploaded
cases pending from the German Federal Supreme Court include questions around
the communication to the public right.
Online pornography The Digital
Economy Act 2017 grants powers to a regulator (subsequently designated to
be the British Board of Film Classification) to determine age control
mechanisms for internet sites that make ‘R18’ pornography available; and to direct
ISPs to block such sites that either do not comply with age verification or
contain material that would not be granted an R18 certificate. The process of
putting in place the administrative arrangements is continuing. [The regime will come into force on 15 July 2019.]
Cross-border liability and jurisdiction The French CNIL/Google
case on search engine de-indexing has raised significant issues on
extraterritoriality, including whether Google can be required to de-index on a
global basis. The Conseil d'Etat has referred
various questions about this to the CJEU [Case C-507/17; Advocate General Opinion delivered 10 January 2019]. C-18/18
Glawischnig-Piesczek, a reference from the Austrian Supreme Court, also
raises territoriality questions in the context of Article 15 of the ECommerce
Directive.
In the law enforcement field the EU has proposed a Regulation on EU Production and Preservation Orders (the ‘e-Evidence Regulation’) and associated Directive that would set up a regime for
some cross-border requests direct to service providers. The UK has said that it
will not opt in the Regulation. US-UK bilateral negotiations on direct cross-border
access to data are continuing'. The Crime (Overseas Production Orders) Bill,
which would put in place a mechanism enabling UK authorities to make cross-border
requests under such a bilateral agreement is progressing
through Parliament and received Royal Assent on 12 February 2019]. [Meanwhile discussions continue on a Second Protocol to the Cybercrime Convention, on evidence in the cloud]
Online state surveillance The UK’s Investigatory
Powers Act 2016 (IP Act), has come almost completely into force, including
amendments following the Watson/Tele2
decision of the CJEU. However the arrangements for a new Office for
Communications Data Authorisation to approve requests for communications data
have yet to be put in place.
Meanwhile a pending reference to the CJEU from
the Investigatory Powers Tribunal raises questions as to whether the Watson
decision applies to national security, and if so how; whether mandatorily
retained data have to be held within the EU; and whether those whose data have
been accessed have to be notified.
Liberty has a pending judicial review of the IP Act bulk powers and data
retention powers, due to resume in June 2019. It has been granted permission to appeal to the Court of
Appeal on the question whether the data retention powers constitute illegitimate
generalised and indiscriminate retention.
The IP Act (in particular the bulk powers provisions) may be
indirectly affected by cases in the CJEU (challenges to the EU-US PrivacyShield and to the Belgian communications data retention regime), in the European Court of Human Rights (in which Big Brother Watch and various
other NGOs challenge the existing RIPA bulk interception regime) and by an attempted
judicial review by Privacy International of an Investigatory Powers Tribunal
decision on equipment interference powers.
The ECtHR gave a Chamber judgment in the BBW case on 13 September 2018. If the
judgment had becomes final it could have affected the IP Act in as many as three
separate ways. However the NGOs successfully have lodged an appliedcation for the judgment to be
referred to the ECtHR Grand Chamber, as did the applicants in the Swedish Rattvisa case, in which judgment was given on 19 June 2018. The two cases are therefore now pending before the Grand Chamber.
In the Privacy
International equipment interference case, the Court of Appeal held
that the Investigatory Powers Tribunal decision was not susceptible of judicial
review. [On further appeal the Supreme Court held on 15 May 2019 that the IPT decision was susceptible of judicial review. The litigation will now continue.]
Compliance of the UK’s
surveillance laws with EU Charter fundamental rights will be a factor
in any data
protection adequacy decision that is sought once the UK becomes a non-EU
third country post-Brexit.
[Here is an updated mindmap of challenges to the UK surveillance regime:]
[Software - goods or services? Pending appeal to UK Supreme Court as to whether software supplied electronically as a download and not on any tangible medium is goods for the purposes of the Commercial Agents Regulations. Computer Associates (UK) Ltd v The Software Incubator Ltd Hearing 28 March 2019.]
[Updated 28 Dec 2018 to add due date of AG Opinion in Google v CNIL, 2 January 2019 to add the CJEU reference on the Belgian communications data retention regime and the pending Supreme Court decision on ouster; 4 Jan 2019 to add the AG Opinion in Pelham; 14 Jan 2019 to add Rattvisa application to refer to ECtHR Grand Chamber; 15 Jan 2019 to add AG Opinion in Google v CNIL and Computer Associates v Software Incubator appeal; 16 Jan 2019 to add Cybercrime Convention; 14 May 2019, various updates; 21 May 2019, updated to add result of Privacy International Supreme Court appeal and update mindmap.]
[Here is an updated mindmap of challenges to the UK surveillance regime:]
[Software - goods or services? Pending appeal to UK Supreme Court as to whether software supplied electronically as a download and not on any tangible medium is goods for the purposes of the Commercial Agents Regulations. Computer Associates (UK) Ltd v The Software Incubator Ltd Hearing 28 March 2019.]
[Updated 28 Dec 2018 to add due date of AG Opinion in Google v CNIL, 2 January 2019 to add the CJEU reference on the Belgian communications data retention regime and the pending Supreme Court decision on ouster; 4 Jan 2019 to add the AG Opinion in Pelham; 14 Jan 2019 to add Rattvisa application to refer to ECtHR Grand Chamber; 15 Jan 2019 to add AG Opinion in Google v CNIL and Computer Associates v Software Incubator appeal; 16 Jan 2019 to add Cybercrime Convention; 14 May 2019, various updates; 21 May 2019, updated to add result of Privacy International Supreme Court appeal and update mindmap.]