Advocate General says that use of civil identity data linked to the IP address used should be allowed to identify perpetrators of copyright infringements

October 3, 2023

 The Advocate General has delivered his opinion in Case C-470/21 La Quadrature du Net and Others. The proceedings in this case were reopened and at the request of the Grand Chamber, the CJEU decided to refer the case to the full Court. The Advocate General had provided a previous opinion in these proceedings.

The task of the Haute Autorité pour la diffusion des œuvres et la protection des droits sur internet in France (Hadopi) is to ensure the enforcement of property rights. Where an infringement of copyright by an internet user is detected, Hadopi issues a recommendation to that user requesting him or her to abstain from further infringements, followed by a new warning if there is another infringement. If the first two warnings have not been considered and a third infringement occurs, Hadopi may refer the matter to the competent judicial authority to commence criminal proceedings.

This graduted response system presupposes that Hadopi can identify the person responsible for the infringement to notify him or her of those recommendations. To do so, a decree adopted in 2010 allows Hadopi to request electronic communications operators to provide it with the civil identity data of the user to whom the IP address used to commit the offence has been assigned.

Four associations for the protection of rights and freedoms on the internet brought legal proceedings to challenge the adoption of that decree. The French courts asked the Court of Justice whether the collection of civil identity data corresponding to IP addresses and the automated treatment of those data for the purpose of preventing infringements of intellectual property rights, without prior review by a court or an independent administrative entity, are compatible with EU law.

Advocate General Szpunar takes the view that EU law does not prevent providers of electronic communications services from being required to retain IP addresses and corresponding civil identity data. It also does not prevent an administrative authority responsible for protecting copyright against infringements of those rights committed on the internet from obtaining access to such addresses and data.

The Advocate General considers that the IP address, the civil identity of the person having a right of internet access and the information relating to the work in question do not make it possible to draw precise conclusions about the private life of the person presumed to have infringed copyright. All that is revealed is a viewing of content at a particular time which, taken on its own, does not make it possible to establish a detailed profile of the person who viewed the content.

This is intended to allow that authority to identify the holders of those addresses who are suspected of having committed the infringements and, if appropriate, to act against them. In addition, it is not necessary that that access should be subject to a prior review by a court or an independent administrative authority. The data is the only means of investigation that make possible the identification of the person to whom that address was assigned at the time when the infringement was committed.

The Advocate General makes clear that this is not a departure from existing case-law but a pragmatic development of that case-law. The AG has balanced the various interests involved, in accordance with the principle of proportionality.