Monday, May 22, 2017

[New Paper] Website Blocking, Injunctions and Beyond: View on the Harmonization from the Netherlands

I have recently uploaded on SSRN a new draft of a paper about harmonization and blocking (forthcoming in GRUR Int) that I co-authored with my student, Lisa van Dongen. It is an extension of the talk that I gave in Berlin last year during the JIPLP/GRUR event. I hope you will find it useful. As always, any comments are welcome!

Very few provisions of the European Union intellectual property enforcement framework are subject to so many preliminary references as orders against intermediaries. The website blocking case law is also an interesting case study from the perspective of the European harmonization. It shows how harmonisation by a halo effect can work. The widely-publicized use of a particular enforcement measure is replicated country-by-country, by a homogeneous group of stakeholders, thereby testing the local implementations and bringing its elements to the public scrutiny. The resulting picture painted by the domestic website blocking cases then reflects the state of Union harmonization.

This piece contributes to the growing scholarship mapping the national post-implementation phase. It proceeds as follows. Part 1 gives a primer on Union law regarding injunctions against intermediaries. Part 2 explores the situation under the Dutch ‘localization’ of Union law, focusing particularly on injunctions, including against intermediaries, right to information and reimbursement of the costs. Part 3 explains the recent Dutch litigation chain concerning the website blocking and puts it in the broader context of discussions. Part 4 contrasts these findings with the situation under European Union law and practice in the other Member States. Part 5 concludes by evaluating the existing state of the harmonization in the area.

You can access it here.


Monday, October 3, 2016

Intermediary Liability as a Human Rights Issue [Call for Papers]

Call for Papers (abstracts due November 30, 2016) 

Intermediary Liability as a Human Rights Issue 

An issue of Journal of Intellectual Property, Information Technology and Electronic Commerce Law (JIPITEC) (link) 

Edited by: Martin Husovec (Tilburg University)

Overview
Intermediaries are backbones of Internet economy. Increasingly, they are also becoming unavoidable gatekeepers to our fundamental rights as citizens. They shape our opinions, but also amplify power of our words; they provide platforms for our creativity, but also limit its forms. Given their crucial position of control, they are increasingly called upon to assist the government in implementing various policies. These range from fighting hate-speech and terrorism to providing effective remedies against defamation and intellectual property violations. In addition to imposing liability, the governments, recognizing power of intermediaries, are turning to them into co-regulators of Internet environment asking them to surveil, control and enforce. 

Intermediary liability is generally understood as a set of rules that place responsibility on Internet companies with respect to third-party content that is deemed unlawful. These rules act as carrots and sticks. They incentivize intermediaries to handle complaints of individuals and governments. The design of the rules influences how and when the content is take-down, blocked, or filtered away. It influences what automated solutions intermediaries pick from the market and with what consequences.  

It is therefore no surprise that the governmental policies regarding intermediary liability are increasingly scrutinized from the perspective of human rights. The Council of Europe recently conducted a large scale study regarding such policies in its member states and is working on a set of recommendations.  The civil society globally launched a discussion about the principles regarding the best governmental practices.  The European Court of Human Rights is receiving a wave of new cases objecting to national schemes of intermediary liability.  In general, the intermediary liability policies are re-entering the spotlight globally and increasingly becoming to be evaluated for their human rights compliance. 

This paper symposium will provide an opportunity to highlight new academic work and serve as a venue to build theory about a rapidly changing subject. Owing to JIPITEC’s open access policy of the journal, it is our goal to facilitate and promote the relevant research to a variety of stakeholders working daily in the area—including lawyers, judges, law enforcement, legislators and policymakers, activists and civil and human rights organizations, technologists, and academics in a variety of fields.

We welcome contributions that present original research, offer conceptual, critical, or theoretical analyses of these issues.

We particularly encourage submissions addressing (not limited to) such subjects as:

Content take-down and reinstatement in light of human rights
Human rights aspects of filtering and website-blocking
Human rights aspects of voluntary enforcement agreements among individuals 
Government-pressured ‘codes of conduct’ and human rights
Relationship between EU law and ECHR law on intermediary liability
Digital jurisdiction and its role for due process
Positive obligations of the state and their impact on intermediary liability
Right to be delisted and its implications for global free speech
Transparency of intermediaries about content-removals
Algorithmic enforcement and fundamental rights

Deadlines and anticipated timeline:
Initial abstract submission deadline (~ 500 words): November 30, 2016 
Authors notified of (tentative) acceptance: December 31, 2016
Full papers due (based on accepted abstracts): May 31, 2017
Peer-review (after submission of full papers)
Publication in 2017

Specifics about submissions:
Initial abstracts should contain approximately 500 words. Subsequent full paper submissions should contain fewer than 10,000 words (including footnotes and citations), and should contain a 200-word abstract and biographical information about the authors on a cover page. Invited full paper submissions will undergo formal double-blind peer review, which is expected to take between 1 and 2 months (submissions that are not selected for peer-review will be released back to the authors quickly). All submissions should be submitted in editable Word (*.doc/x) or *.rtf formats, and should adhere to the formatting and citation requirements of JIPITEC (available at https://www.jipitec.eu/for-authors).

All submissions of abstracts and/or questions should be sent to the editor via email to: m.husovec (at) uvt (dot) nl

Wednesday, September 28, 2016

[New Paper] Holey Cap! CJEU Drills (Yet) Another Hole in the E-Commerce Directive’s Safe Harbors

Yesterday, I put on SSRN a draft of my upcoming piece for JIPLP, in which I reflect on Mc Fadden and its broader consequences. Its called: Holey Cap! CJEU Drills (Yet) Another Hole in the E-Commerce Directive’s Safe Harbors.

Here is the abstract:
The E-Commerce Directive is going through a hard time. Numerous policy initiatives and judgements of the Court are exposing its provisions to a real stress test. The goal of this paper is not summarize or evaluate in general this trend, but to show how a single decision of the CJEU with few open issues can lead to destabilization of the system. The center-stage of this brief article is the Court’s recent decision in Mc Fadden v Sony Germany and its short-term and long-term consequences for the future of safe harbours, their scope and IP enforcement. The paper argues that by allowing the exclusion of pre-trial costs and litigation costs from the liability exemptions, the Court has drilled yet another hole in the system of safe harbours. It also highlights that the decision to permit password-locking as an enforcement practice is a short-sighted policy choice that will require number of clarifications. Last but not least, it is argued that a root-cause of the rejection of Advocate General’s proposition to outlaw password-locking is the Court’s treatment of the fundamental rights as the only framework of reference for IP enforcement. This causes also constructive and well-explained arguments of good innovation policy to fall often on deaf ears.
You can download it here

I would love to hear your feedback! So if you have some, please get in touch.

Thursday, September 1, 2016

EC Proposes Stay-down & Expanded Obligation to License UGC Services

European Commission does not care about the future of the digital single market. This is basically what it just communicated to citizens of Europe in its recently leaked proposal on Directive on copyright in the Digital Single Market. Its content is nothing but a shameful statement of where a lobbying muscle of the music industry can drag our policy makers. Evidence does not matter; the public consultations are not worth the paper they are written on. This brief piece will try to make sense of the newly proposed rules on intermediary liability.

The proposal tries to address address the so called 'value gap' problem. Value gap is a rhetorical device borrowed from the music industry that mostly likely coined the term for the first time in its global music reports (before IFPI 2016 report, you see it really only in music industry documents). Its argument is that because the hosts such as YouTube are covered by a safe harbour and have to act only upon notice to remove content of its users, they get content via various voluntary revenue-monetizing agreements/systems like ContentID for less money than streaming services like Spotify. This then represents a gap between the added value to the service and income that it produces money to the right holders. To be sure, music industry complains about revenue-share that it gets based on agreements they agreed to in voluntary negotiations. They say that the hosting safe harbour causes imbalance in these negotiations because they cannot charge YouTube as Spotify because hosts can simply fall back on notice and take-down and not agree to anything. Yes, that is what happens if you provide a different type of service [selling music streaming with high quality content vs selling advertising on top of user-generated-content]. What music industry is really complaining about is that since they cannot perfectly enforce their rights against infringing users (or perhaps because it costs money), intermediaries should pay them for users, and the fee should be equal to what the highest paying sort of clients pay - those selling the music itself. This is not a place to expand on this debate too much, but let me just say one thing. If hosts see notice-and-takedown as a real alternative to negotiations with right holders, perhaps it indicates that the music is not so indispensable for the online service. Right holders can expose services without such agreements to more enforcement, and so if the music would be so crucial, notorious take-downs would destroy its business.

But let's get back to the proposal. After the public consultation on intermediary liability, the European Commissioned committed to following:
The Commission will maintain the existing intermediary liability regime while implementing a sectorial, problem-driven approach to regulation: (..) - in the next copyright package, to be adopted in the autumn of 2016, the Commission will aim to achieve a fairer allocation of value generated by the online distribution of copyright protected content by online platforms providing access to such content.
Remember these words because the proposal change all existing intermediary liability principles in the field of copyright. In the draft of the proposal that was leaked yesterday on fantastic IPKat, the relevant provisions are recitals 38 to 40 and art. 13 (click for bigger picture).


The proposal attacks the existing law already in Recital 39. Pretending that it summarizes some established principles, it says that hosts and other service providers who are not passive [don't provide technical infrastructure], are automatically ('thereby') communicating work to the public and thus have to license the content. If this was true than none of the courts in Member States would have to struggle with its own domestic secondary liability laws. Yes, because unlike the European Commission, most of the scholars, case-law and policy people think that if you assist in disseminating content, you might have that dissemination attributed to you under some circumstances (secondary liability), but don't pretend that dissemination is your own (direct liability). EC's attempt is what we have seen in 90's during the Bill Clinton administration and is exactly the reason why E-Commerce Directive or DMCA were enacted. Since the EC has to live with the E-Commerce Directive, because citizens clearly support it, it does a trick. First, it says that direct liability does not apply in case you are covered by a safe harbour, while immediately stressing its limited applicability. The proposal says that to assess neutrality, it is necessary to verify whether the hosting provider plays an active role, including that it optimizes or promotes user generated content (the language originates from the L'Oreal v eBay and was much criticized in the literature).

Second, it imposes on some intermediaries (see below), including those intermediaries who remain to be covered by any safe harbour, an obligation to implement filters [aka stay-down]. It does so in art. 13 in two ways: (1) by stipulating that those with existing voluntary agreements "shall take appropriate and proportionate measures to ensure the functioning of the agreements" and (2) by imposing an obligation "to prevent the availability" of works not covered by such agreements, "including through the use of effective content identification technologies". In addition, intermediaries are obliged to report to all right holders (sic!) what kind of measures they use and how much their works are used via their services and how successful their are with blocking. Right holders should provide their reference files - but there is no legal obligation to this end, since it is a small "should" appearing in the recital.

When I say some intermediaries, I mean all "service providers that store or and provide to the public access to large amounts of works or other subject matter uploaded by their users". If you wondered, this does not only cover hosting providers, but easily also internet access providers or any other providers that are not even covered by any existing safe harbour. There is no explicit requirement that works are uploaded on their service, only that they store or provide access to large amounts of such works uploaded also by their users. Where they are uploaded, seems irrelevant.

Update: I mistakenly copied "or" language in the previous version; the text actually reads "and", so this seems to refer to hosting more clearly; though it still omits to state storage on their services. Thanks for spotting Pekka

Art 13 can thus impose filtering and reporting obligation on unprecedented number of service providers. Far beyond "only" hosting providers. How exactly the European Commission imagines this to be compatible with Sabam and Scarlet Extended, is not clear to me. This is flatly and with a straight face proposing what those judgements rejected with pomp and human rights language. No sophistication. Period.

What is also striking is that the proposal finally comes up with an obligation to implement counter-notice (art. 13(2)). However, with a major wrinkle. It only applies to filtering mechanisms, not to regular notice and take-down. But hey, who will care about regular notice-and-taken anymore, right? The last paragraph of art. 13 nicely shows the cynicism of the proposal. It asks the Member States to help with facilitation of best practices/standardization with regard to filtering technologies. Counter-notice standardization? Not important. The main point is that of filtering. We got the message!

This proposal is deeply worrying. The European Commission clearly wants to challenge the E-Commerce Directive, just without really saying it.

To summarize. First, its proposal tries to impose strict liability by extending right to communication to the public to anyone who is not providing mere infrastructure. And it does not even have balls courage to say in the actual text of the provisions, it just pretends so in the recitals. Second, it imposes a full-flagged filtering and reporting obligation on yet unknown number of service providers. 

Effectively, this proposal will petrify competition and raise barriers to entry to the digital single market. I guess I am too horrified to think of all the consequences yet.

PS: this is, of course, super-preliminary assessment; comments are super-welcome!

Friday, August 5, 2016

ECtHR To Hear A Case About Liability For Hyperlinking [+ Intervention]

Internet case-law of the ECtHR will soon be enriched. Magyar Jeti Zrt v Hungary is a new important pending case. It concerns liability for hyperlinks in the domestic defamation law and its compatibility with freedom of expression.

The applicant is in the case is an operator of the Hungarian news portal 444.hu which is used by approximately 250,000 users per day. The applicant often utilises hyperlinks embedded in the published contents, which lead readers to relating materials published elsewhere. On 5 September 2013 a group of football supporters travelling to Romania stopped at an elementary school in Konyár, Hungary. The pupils of the school were predominantly of Roma origin. After getting off the bus, the football supporters made racist remarks, waved flags; and one of them allegedly urinated on the school building. Some minutes later the football supporters got back on the bus and left the village.

Mr J.Gy., the head of the local Roma minority self-government, accompanied by a parent and one of the children attending the school, gave an interview to a Roma minority media outlet on the same day. During the interview, he referred to persons related to Jobbik, a right-wing political party in Hungary, which had been previously criticised for its anti-Roma and anti-Semitic stance. The video was uploaded to Youtube.com the same day. On 6 September 2013 the applicant published an article on the incident on the 444.hu website that referred to reports concerning the events in Konyár and included an embedded text hyperlink leading to the video available on Youtube.com. The text of the article itself did not mention the term Jobbik. On 13 September 2013 Jobbik initiated legal proceedings against several respondents, including the applicant, the head of the local Roma minority self-government making the allegedly defamatory comment, the Roma minority media outlet recording the video uploaded on Youtube and the operators of other Hungarian news portals, alleging that its right to reputation had been violated by the Youtube video.

On 30 March 2014 the Debrecen High Court established the responsibility of six out of the eight respondents, including the applicant, in respect of the defamatory comments made in the video. Regarding the applicant, the court found that in making available the Youtube video by providing a hyperlink leading to it, it had disseminated the defamatory statements. On appeal, on 25 September 2014 the Debrecen Court of Appeal upheld the judgment. The applicant now compaints that this ruling is a disproportionate interference with its freedom of expression. 

It is without doubt that the decision of the Court will set important limits for the future of freedom of expression online. Therefore, on Monday, European Information Society Institute (EISi) filed its third party intervention also co-authored by me. The submission explains the importance of hyperlinks for the functioning of the Internet and illustrates how imposing restrictions on their use can have strong adverse effects for our society.

The brief was prepared by me, students of the Tilburg Law School (Bruno Bautista) and attorneys & affiliates of Law Firm TRINITI and University of Tartu (Karmen Turk and Maarja Pild), as part of an Internet Policy Clinic that I run at the Tilburg Institute for Law, Technology, and Society (TILT).

We urge the Court to take into consideration the special content-neutral nature of a hyperlink and of their importance for innovative journalism and decentralized non-editorial speech. In line with Thoma v. Luxemburg, hyper-linkers should not be subject to unnecessary obligations to distance themselves systematically and formally from the referred content. The hyperlinks are already understood by general public, as also evidenced in this brief, as opinion-neutral references. 

Any restriction on the dissemination of the information in a form of liability, also inevitably diminishes the value of initial authorship. A strict rule regarding liability for hyperlinking will inevitably lead to self-censorship and over-restriction of legitimate content which this court already outlawed as impermissible forms of collateral censorship. We urge the court to rely on its Grand Chamber ruling in Jersild v. Denmark by holding that “unless there are particularly strong reasons for doing so”, imposing civil liability for assisting in the dissemination of statements made by another person by means of hyperlinks is a breach Art. 10 of the Convention. The states should be bear a heavy burden to justify why a democratic society necessitates a rule that sanctions its own citizens, let alone its journalists, for merely referring to what other people say. 

As recognized by this court in Editorial Board of Pravoye Delo and Shtekel v. Ukraine, the states should even underlie a positive obligation to create an appropriate regulatory framework to ensure effective protection of journalists’ freedom of expression when the journalists are engaging with third party speech online. This obligation is in line with the explicit legislative approach of some of the states which created clear liability exemptions to prevent imposition of liability for referring to third party content in their own hyperlinks. Although European Union decided not to address this topic under the E-Commerce Directive, it left the possibility open to its Member States to decide whether or not to regulate hyperlinks in the context of commercial activities on internet.  Austria,  Liechtenstein,  Portugal  and Spain  have developed unambiguous liability exemptions for the provision of links to third party content. In other countries this is a standard outcome based on their national tort laws.  It is therefore usual to prevent any liability to be imposed on the person who sets a link as long as he/she has no actual knowledge that the information is unlawful,  and has no control over the content to which it refers.

The ‘particularly strong reasons’ for holding a hyper-linker liable should depend on ‘all the circumstances of the (..) case, in particular the nature of the information contained in the shared material and the weighty reasons for the interference with the applicants’ freedom of expression’, but also his/her privileged position (e.g. being a journalist). The ECtHR has already accepted that criminal liability can be imposed for a specific type of hyperlinks in case the person concerned (1) acts with the intent, (2) is not a journalist, and (3) the information that he links affords lower protection than political expressions (Neij and Sunde Kolmisoppi v. Sweden). Such circumstances should in any case remain exceptional in their nature.

Therefore, the rule accepted by the Hungarian court, imposing strict liability on the mere sharing of information, cannot be considered as a necessary interference with freedom of expression in a democratic society.




  • Magyar Jeti Zrt Intervention ECtHR (.pdf)
  • Monday, May 2, 2016

    Accountable, Not Liable (Video + New Paper)

    The regular readers of this blog will know that I have spent last couple of years (and hours of blogging time) pondering on problems posed by injunctions that are issued against Internet intermediaries irrespective of their tortious liability. Today, I would like to share with you some of the fruits of this work - a law and economics paper analyzing this novel type of remedy and a video of my Stanford talk which summarizes some its findings. I hope you will enjoy both of them and already look forward to your comments. Hopefully, in couple of months, I will be able to share with you the announcement of my forthcoming book on the same issue, though with a more typical legal analysis of the European situation.



    The paper: Accountable, Not Liable: Injunctions Against Intermediaries (on my SSRN). Its abstract read as follows:

    An injunction is usually understood as an order requiring the person to whom it is directed to perform a particular act or to refrain from carrying out a particular act. This conventional definition of injunction addresses a person who acts against the law – an infringer – and should be stopped from doing so. Such a person acts in a way that the rights of other people prohibit. Seeking an injunction is thus nothing but the request of a right holder to an authority (court) for the individual compliance of a particular person with the abstract letter of the law. Injunctions against intermediaries, based on Art. 8(3) of the InfoSoc Directive and Art. 11(III) of the Enforcement Directive , however, do not target such persons. They address by-standers who (also) comply with the law. The basis for this kind of injunction is thus not an act of disrespect towards the rights of others, but the mere existence of circumstances giving hope to right holders, that if they are assisted by such a person, they will be better off. Put differently, such injunctions want to achieve better enforcement by seeking a help of intermediaries who can do more, but do not have to, as they did all the law required from them in order to avoid liability in tort.
    This paper thus, as its primary goal, examines a two tier model of regulating intermediaries. A situation where intermediaries do not owe any duty of care under tort law, but are still obliged by injunctions (accountable) to provide assistance. It undertakes a thorough law and economics analysis of Intermediary liability and conceptualizes the role of injunctions against non-infringing intermediaries. The analysis is structured as follows. In the first step, an economic analysis of tort law, injunctions and market transactions is used to understand functioning of the different liability regimes, such as negligence rule and strict liability (see Part 2 and 3). In the second step, the framework is applied to Internet intermediaries and the optimal legal regulation is suggested (see Part 4). In the third step, the findings are summarizes into policy lessons (see Part 5) pertinent to two currently pending debates: should the policy makers (1) replace notice-and-take down policy by the stay-down policy and (2) should they export, reform or entirely repeal the European policy of injunctions against non-infringing intermediaries based on Art. 8(3) of the InfoSoc Directive and Art. 11(III) of the Enforcement Directive.

    Sunday, March 20, 2016

    AG Speaks Out On Accountability For Third Party Infringements Commited Via One's Open WiFi

    As many readers surely know by now, the much awaited Opinion of the Advocate General, Maciej Szpunar, in McFadden C-414/14 case has been released this week. To my great surprise, it is one of the best opinions on the E-Commerce Directive any member of the Court has ever produced (yes, even better than Maduro's Google France or Villalón's excellent Scarlet Extended). AG Szpunar goes systematically through numerous open questions and answers them with a great attention to detail and systematic importance. The fact that he even goes as far as to explicitly stress importance of open WiFi for innovation - something that I and EFF argued in the open letter to the Court - makes me naturally even very happy.

    This blog has reported on the issue and background of McFadden rather extensively in this blog post. The case arose between an entrepreneur selling light and audio systems who is also a member of the German Pirate Party and a record label. The entrepreneur operates an open and free of charge WiFi in his store. He uses the WiFi sometimes as a tool for advertising of his store (preloaded home page points to his shop and name of the network bears its name) and sometimes to agitate for his political views (pointing to particular websites such as data protection campaigns, etc.). After receiving a letter informing him about a copyright infringement allegedly committed via his hot-spot, the entrepreneur unusually sued the right holder pursuing the negative declaratory action. The right holder as a defendant later counter-claimed asking for damages, injunctive relief and pre-trail costs as well as court fees under the above mentioned doctrine of BGH.

    The heart of the case is about the following four questions:
    1. Is an open WiFi that is provided for free still an information society service covered under the E-Commerce Directive?
    2. Can an operator of an open WiFi benefit from a mere conduit safe harbour enshrined in Art. 12 of the E-Commerce Directive?
    3. Does the safe harbour limit pre-trial costs, injunctions and penalties for non-compliance with injunctions?
    4. Provided that injunctions are allowed in principle, is an injunction prescribing a) the termination of the Internet connection, b) the password-protection of the Internet connection and c) the examination of all communications passing through that connection compatible with the EU law?
    AG Szpunar provides guidance with respect to all of them and does not shy away from discussing some more subtle and critical issues of the E-Commerce Directive. The overall message of the opinion is clearly against imposition of the proposed measures to open wireless. But let's have a look on what AG has to say question-by-question.

    1. Is provision of open WiFi covered by ECD? Answer: Yes!

    41.      In my view, where, in the course of his business, an economic operator offers Internet access to the public, even if not against payment, he is providing a service of an economic nature, even if it is merely ancillary to his principal activity.
    42.      The very operation of a Wi-Fi network that is accessible to the public, in connection with another economic activity, necessarily takes place in an economic context.
    43.      Access to the Internet may constitute a form of marketing designed to attract customers and gain their loyalty. In so far as it contributes to the carrying on of the principal activity, the fact that the service provider may not be directly remunerated by recipients of the service is not decisive. In accordance with consistent case-law, the requirement for pecuniary consideration laid down in Article 57 TFEU does not mean that the service must be paid for directly by those who benefit from it. (13)
    (,,)
    48.      In my opinion, the provision of Internet access in such circumstances takes place in an economic context, even if it is offered free of charge.
     2. Is provision of open WiFi covered by Art. 12? Answer: Yes!
    65.      In accordance with Article 12(1)(a) to (c), this limitation of liability takes effect provided that three cumulative conditions are fulfilled: the provider of the mere conduit service must not have initiated the transmission, must not have selected the recipient of the transmission and must not have selected or modified the information contained in the transmission.
    66.      According to recital 42 of Directive 2000/31, the exemptions from liability solely cover activities of a merely technical, automatic and passive nature, which implies that the service provider has neither knowledge of nor control over the information that is transmitted or stored.
    67.      The questions referred by the national court are based on the assumption that those conditions are fulfilled in the present case.
    (..) 
    97.      Article 12(1)(a) to (c) of Directive 2000/31 makes the limitation of the liability of a provider of mere conduit services subject to certain conditions that are cumulative and also exhaustive. (24) The addition of further conditions for the application of that provision seems to me to be ruled out by its express terms.

     3. What kind of liability does Art. 12 not shield from? Answer: liability for injunctions and for penalties arising from non-compliance with them
     
    64.      As is apparent from the preparatory work for that legislative act, the limitation of liability in question extends, horizontally, to all forms of liability for unlawful acts of any kind, and thus to liability under criminal law, administrative law and civil law, and also to direct liability and secondary liability for acts committed by third parties. (19)
    (..) 
    68.      I would observe that it is clear from a combined reading of paragraphs 1 and 3 of Article 12 of Directive 2000/31 that the provisions in question limit the liability of an intermediary service provider with respect to the information transmitted, but do not shield him from injunctions.
    69.      Equally, according to recital 45 of Directive 2000/31, the limitations of the liability of intermediary service providers do not affect the possibility of injunctive relief, which may, in particular, consist of orders by courts or administrative authorities requiring the termination or prevention of any infringement.
    73.      I would recall that Article 12(1) of Directive 2000/31 limits the civil liability of intermediary service providers and precludes actions for damages based on any form of civil liability. (20)
    74.      In my opinion, that limitation of liability extends not only to claims for compensation, but also to any other pecuniary claim that entails a finding of liability for copyright infringement with respect to the information transmitted, such as a claim for the reimbursement of pre-litigation costs or court costs.
    76.      Pursuant to Article 12 of Directive 2000/31, a provider of mere conduit services cannot be held liable for a copyright infringement committed as a result of the information transmitted. Therefore, he may not be ordered to pay pre-litigation costs or court costs incurred in connection with that infringement, which cannot be imputed to him.
    This is a very important holding for the German practice. It basically precludes pre-trial reimbursement of cease and desist letters (Abmahnungskosten) against safe harbours-covered intermediaries. This leads to the most significant change for mere conduits who don't lose the safe harbours even after obtaining knowledge. Not only can this holding disrupt the industry of cease and desist letters against the operators of open WiFis in Germany, but after the BGH admitted the possibility of website blocking injunctions, this holding can significantly limit pre-trial risk of the Internet access providers in Germany. If accepted by the Court, ISPs could basically wait until they are sued, as is currently the case in the UK, since Stoererhaftung is blocked from leading to any important (pecuniary) consequences. I have argued for this solution in my PhD thesis [which is in the process of being turn into a book], so I am naturally very happy to see it formulated by the AG explicitly like this. It remains to be seen if the CJEU follows this suggestion.  
    77.      I would also observe that the making of an order to pay the pre-litigation costs or court costs relating to such an infringement could compromise the objective pursued by Article 12 of Directive 2000/31 of ensuring that no undue restrictions are imposed on the activities to which it relates. An order to pay pre-litigation costs or court costs could potentially have the same punitive effect as an order to pay damages and could in the same way hinder the development of the intermediary services in question.
    78.      Admittedly, Article 12(3) of Directive 2000/31 provides for the possibility of a court or administrative authority imposing certain obligations upon an intermediary service provider following the commission of an infringement, in particular by means of an injunction.
    79.      However, given the provisions of Article 12(1) of that directive, a judicial or administrative decision imposing certain obligations on a service provider may not be based on a finding of the latter’s liability. An intermediary service provider cannot be held liable for failing to take the initiative to prevent a possible infringement or for failing to act as a bonus pater familias. He may incur liability only after a specific obligation contemplated by Article 12(3) of Directive 2000/31 has been imposed on him.
    This is a very important line of the judgement. However, one should note that it is limited by the fact that injunctions can be imposed by the administrative authority or the court. Still, however, it confirms that "punishing" a safe-harbour-compliant intermediary is limited by the E-Commerce Directive in general. And given that injunctions based on Art. 8(3) InfoSoc have their own limitations that distinguish them from injunctions against infringers, the consequences are substantial especially for some countries. I particularly like the fact that AG has considered the issues in the context and explicitly foresees that possible penalties for injunction-non-compliance (e.g. for not respecting a website blocking injunction) should not be covered (§ 90). This is the only sensible policy since otherwise intermediaries could easily disrespect injunctions issued against them. Again, something I also argued in my PhD thesis. 
    80.      In the present case, in my view, Article 12(1) of Directive 2000/31 therefore precludes the making of orders against intermediary service providers not only for the payment of damages, but also for the payment of the costs of giving formal notice or other costs relating to copyright infringements committed by third parties as a result of the information transmitted.
    4. Can the measures of access termination / password-locking / surveillance be imposed on an operator of open WiFi? Answer: No

    115. In the light of those considerations, national courts must, when issuing an injunction against an intermediary service provider, ensure:
    –        that the measures in question comply with Article 3 of Directive 2004/48 and, in particular, are effective, proportionate and dissuasive,
    –        that, in accordance with Articles 12(3) and 15(1) of Directive 2000/31, they are aimed at bringing a specific infringement to an end or preventing a specific infringement and do not entail a general obligation to monitor,
    –        that the application of the provisions mentioned, and of other detailed procedures laid down in national law, achieves a fair balance between the relevant fundamental rights, in particular, those protected by Articles 11 and 16 and by Article 17(2) of the Charter.
    116. The national court asks whether Article 12 of Directive 2000/31 precludes injunctions which contain prohibitions formulated in general terms and leave it to the addressee of the injunction to determine what specific measures should be adopted.
    Here the AG starts making an attempt to limit CJEU's UPC Telekabel decision.
    117. The measure envisaged in the main proceedings consists in an order requiring the intermediary service provider to refrain in the future from enabling third parties to make a particular protected work available for electronic retrieval from an online exchange platform via a specific Internet connection. The question of what technical measures are to be taken remains open.
    118. I would observe that a prohibitory injunction that is formulated in general terms and does not prescribe specific measures is potentially a source of significant legal uncertainty for the addressee thereof. The fact that the addressee will be entitled, in any proceedings concerning alleged failure to comply with such an injunction, to show that he has taken all reasonable measures does not entirely remove that uncertainty.
    119. Moreover, given that determining what measures it is appropriate to adopt entails striking a fair balance between the various fundamental rights involved, that task ought to be undertaken by a court, rather than left entirely to the addressee of an injunction. (33)
    120. Admittedly, the Court has already held that an injunction addressed to a provider of Internet access which leaves it to the addressee to determine what specific measures should be taken is, in principle, consistent with EU law. (34)
    121. That solution was based, in particular, on the consideration that an injunction formulated in general terms had the advantage of enabling the addressee to decide which measures were best adapted to his resources and abilities and compatible with his other legal obligations. (35)
    122. However, it does not seem to me that that reasoning can be applied in a case, such as the case in the main proceedings, in which the very existence of appropriate measures is the subject of debate.
    123. The possibility of choosing which measures are most appropriate can, in certain situations, be compatible with the interests of the addressee of an injunction, but it is not so where that choice is the source of legal uncertainty. In such circumstances, leaving it entirely to the addressee to choose the most appropriate measures would upset the balance between the rights and interests involved.
    124. I therefore consider that, whilst Article 12(3) of Directive 2000/31 and Article 8(3) of Directive 2001/29 do not, in principle, preclude the issuing of an injunction which leaves it to the addressee thereof to decide what specific measures should be taken, it nevertheless falls to the national court hearing an application for an injunction to ensure that appropriate measures do indeed exist that are consistent with the restrictions imposed by EU law.
    This is a very clever suggestion to limit the UPC Telekabel ruling and substantially addresses the criticism that surrounded CJEU's approach. If there is no certainty that fundamental-rights-compliant measures to achieve the goal of an injunction do exist, then the court should not simply grant any injunction. It would be irresponsible to do so, as otherwise the courts would risk obliging to outcomes that have no implementations that are human-rights-complaint. I strongly agree that this outcome is impossible to reconcile with the EU Charter, since the courts cannot simply leave such scrutiny out of their hands just with a simple pointer to flexibility gains for injunction-addressees (the fact that they can choose the measures). Any other approach would basically allow also very easy circumvention of the holdings of the CJEU in Scarlet Extended or Sabam.
    (..)
    130. I consider that, in the present case, the inconsistency with EU law of the first and third hypothetical measures mentioned by the national court is immediately evident.
    131. Indeed, a measure which requires an Internet connection to be terminated is manifestly incompatible with the need for a fair balance to be struck between the fundamental rights involved, since it compromises the essence of the freedom to conduct business of persons who, if only in ancillary fashion, pursue the economic activity of providing Internet access. (39) Moreover, such a measure would be contrary to Article 3 of Directive 2004/48, pursuant to which a court issuing an injunction must ensure that the measures imposed do not create a barrier to legitimate trade. (40)
    The reference to the essence of a right is very crucial here. As Miquel and I have argued in our paper on disconnecting injunctions, since even the administrative three-strikes regimes are implementations of the EU law - usually of Art. 8(3) of the InfoSoc, they also underlie the same limits. If the CJEU accepts this reasoning, the court's holding will substantially limit availability of the three-strike schemes under the national laws.
    132. In so far as concerns a measure requiring the owner of an Internet connection to examine all communications transmitted through that connection, that would clearly conflict with the prohibition on imposing a general monitoring obligation laid down in Article 15(1) of Directive 2000/31. Indeed, in order to constitute a monitoring obligation ‘in a specific case’, (41) such as is permitted under Article 15(1), the measure in question must be limited in terms of the subject and duration of the monitoring, and that would not be the case with a measure that entailed the examination of all communications passing through a network. (42)
    (,,)
    d)      The compatibility of an obligation to make Wi-Fi networks secure
    (..)
    137. I would observe that an obligation to make access to such a network secure would potentially meet with a number of objections of a legal nature.
    138. First of all, the introduction of a security obligation could potentially undermine the business model of undertakings that offer Internet access as an adjunct to their other services.
    139. Indeed, some such undertakings would no longer be inclined to offer that additional service if it necessitated investment and attracted regulatory constraints relating to the securing of the network and the management of users. Furthermore, some users of the service, such as customers of fast-food restaurants or other businesses, would give up using the service if it involved a systematic obligation to identify themselves and enter a password.
    140. Secondly, I would observe that imposing an obligation to make a Wi-Fi network secure entails, for persons who operate that network in order to provide Internet access to their customers and to the public, a need to identify users and to retain their data.
    141. In this connection, Sony Music states in its written observations, that, in order to be able to impute an infringement to a ‘registered user’, the operator of a Wi-Fi network would need to store the IP addresses and the external ports through which registered users have established an Internet connection. Identifying users of a Wi-Fi network essentially corresponds to the allocation of IP addresses by an access provider. The operator of the Wi-Fi network could therefore use a computer system, which would not be very costly, according to Sony Music, to enable it to register and identify users.
    142. I would observe that obligations to register users and to retain their private data fall within the scope of the regulations governing the activities of telecoms operators and other Internet service providers. The imposition of such administrative constraints seems to me to be clearly disproportionate, however, in the case of persons who offer their customers and potential customers access to the Internet via a Wi-Fi network as an adjunct to their principal activity.
    143. Thirdly, although an obligation to make a Wi-Fi network secure that is imposed in a particular injunction is not the same as a general obligation to monitor information or actively to seek facts or circumstances indicating illegal activities, such as is prohibited by Article 15 of Directive 2000/31, any general obligation to identify and register users could nevertheless lead to a system of liability applicable to intermediary service providers that would no longer be consistent with that provision.
    144. Indeed, in the context of prosecuting copyright infringements, network security is not an end in itself, but merely a preliminary measure that enables an operator to have a certain degree of control over network activity. However, conferring an active, preventative role on intermediary service providers would be inconsistent with their particular status, which is protected under Directive 2000/31. (47)
    145. Fourthly, and lastly, I would observe that the measure at issue would not in itself be effective, and thus its appropriateness and proportionality remain open to question.
    146. It must also be observed that, given the ease with which they may be circumvented, security measures are not effective in preventing specific infringements of protected works. As the Commission states, the use of passwords can potentially limit the circle of users, but does not necessarily prevent infringements of protected works. Moreover, as the Polish Government observes, providers of mere conduit services have limited means with which to follow exchanges of peer-to-peer traffic, the monitoring of which calls for the implementation of technically advanced and costly solutions about which there could be serious reservations concerning the protection of the right to privacy and the confidentiality of communications.
    147. Having regard to all of the foregoing considerations, I am of the opinion that the imposition of an obligation to make access to a Wi-Fi network secure, as a means of protecting copyright on the Internet, would not be consistent with the requirement for a fair balance to be struck between, on the one hand, the protection of the intellectual property rights enjoyed by copyright holders and, on the other, that of the freedom to conduct business enjoyed by providers of the services in question. (48) By restricting access to lawful communications, the measure would also entail a restriction on freedom of expression and information. (49)
    148. More generally, I would observe that any general obligation to make access to a Wi-Fi network secure, as a means of protecting copyright on the Internet, could be a disadvantage for society as a whole and one that could outweigh the potential benefits for rightholders.
    149. First, public Wi-Fi networks used by a large number of people have relatively limited bandwidth and are therefore not particularly susceptible to the risk of infringement of copyright protected works and objects. (50) Secondly, Wi-Fi access points indisputably offer great potential for innovation. Any measures that could hinder the development of that activity should therefore be very carefully examined with reference to their potential benefits.
    Although I could imagine that AG could put forward even stronger arguments against WiFi password-locking, the opinion is definitely convincing as it stands. For my personal reasons, I would refer the reader to our letter to the Court

    Let's hope that the Court will follow the suggestions of AG Szpunar, at least in its most important aspects!