A few days ago, we heard that the CNIL (the French National Commission for Data protection and the Liberties) authorized the SACEM (the French Music Authors Composers and Editors Society) to set up its system related to the monitoring of P2P networks to identify online infringers. This decision ensues from several others, but most of all the tripartite agreement recently signed between telecom operators, legal successors and government, providing to organise a mechanism of graduated riposte to contend for illegal download. Those events got better of CNIL’s resistances.
A strict position from the CNIL
The CNIL’s decisions have to respect requirements of proportionality to treat personal data. In a way, its position has always been very clear: any treatment must have a determined, explicit and rightful aim, and do not infringe private life of related people. Besides, the CNIL stays up to respect a balance between law of property and respect of private life.
Thereby in 2005, it examined the demands of automate treatments of infringement detection as regards music (SACEM, SCPP, SDRM, SPPF), videogames (the SELL : the French Union of Entertainment Software Editors) and audiovisual (the ALPA : Association of Contending for Audiovisual piracy). The objective was the same (contend for network infringement) but the carried out means were slightly different.
Indeed, the royalties collection and distribution societies (hereafter “collecting societies”) would like to set up a system allowing to detect automatically, almost on all the P2P network (whatever the use) the infringers IP addresses. They also provided to ask to Internet Service Provider (hereafter “ISP”) to identify by name each IP address supplied, so that to send a warning message directly to the relevant internet users (the sending might reach up to 100.000 a day).
Due to the lake of adequacy between the treatment proposed by the collecting societies with the requirements of contending for illegal download, by a decision dated on October, 18th, 2005, the CNIL refused to grant them, but did it for the SELL (decision dated on April, 11th, 2005) and the ALPA (decision dated on December, 21st, 2006).
In fact, the Commission had deemed the system was disproportional in relation to the followed purpose. The network monitoring seemed too exhaustive (unlike the SELL’s one which concerned 3 or 4 networks). The CNIL, furthermore, feared a massive collect of IP addresses. Bearing in mind, we can’t identify a person with an IP address without judiciary approval, except in cases prescribed by law, notably in matter of terrorism (article 6 by the Act n°2006-64 of January, 23rd, 2006) or organized crime (Act n°2004-204 of March, 9th, 2004).
Facing this refusal, the collecting societies applied the Council of State against the CNIL’s decision.
The Council of State’s censure weakens the CNIL’s position
By a decision on May 23rd, 2007, the Council of State censured the CNIL’s decision, and gave satisfaction to the collecting societies regarding their monitoring system. The Council had deemed in respect of massive download, that the solution provided was not disproportional in relation to the followed purpose, namely the contending for illegal download. Moreover, it jointed the CNIL’s position regarding the sending of warning messages, and retained that it was accordingly proper that it has raised their illegality. Indeed, the messages didn’t correspond to any case (prescribed by Act n°2004-575 of June, 21st, 2004, for the confidence of digital economy, called “LCEN” and by its implementing decree n°2006-358 of March, 24th, 2006 related to the store of data of electronic communication) on which ISP should store data connection. The Council, notwithstanding, had deemed this couldn’t justify the CNIL’s refusal.
This decision had lead to weaken more the CNIL’s position, which were yet questioned by two decisions of the Court of Appeal from Paris dated on April, 27th, 2007 (CA Paris, 13e ch., sect. B, 27 avril 2007, AG c/ SCPP) and May, 15th, 2007 (CA Paris, 13e ch., sect. A, 15 mai 2007, HS c/ SCPP) related to passing-off on P2P networks. The judges had considered that an IP address was not a personal data within the meaning of the article 2 by the Act of January 6, 1978.
Fortunately, everyone did not share this position. Recently, The Tribunal de Grande Instance from Saint-Brieuc had retained an opposite position. This particular case concerned passing-off committed by a collecting society (TGI, Saint Brieuc, 6 sept. 2007, Ministère Public, SCCP, SACEM c/J.P). This solution is also shared by the article 29 Data Protection Working Party (called “Group 29”) which rightly reminded it, in its June, 29th, 2007’s opinion related to the concept of personal data).
The interprofessional agreement forces the CNIL to give up
The interprofessional agreement signed on the last November 23rd, 2007 has ratified the Olivennes’s Commission proposal, providing to set up a graduated riposte as regards illegal download. This one, prior suppose, the filing of a complaint by legal successors before the Public Authority especially created for this purpose. This authority would send warning message to the subscribers through ISP. The subscription could then be suspended or terminated. Besides, the subscriber would be blacklisted in a national register managed by the new Public Authority.
This system of graduated riposte has definitively weighed down the scale in favour of the SACEM. On one hand, because it achieves the criminal way choose by the collecting societies in music industry related to a wide network monitoring. On the other hand it leads to sanction subscribers on the strength of legal successors complaint, without any possibility for them to stand up for themselves against their opponents, so unaware as rightly felt Ratatium, the principle of an adversarial system (audiatur et altera pars), fundamental in French law. It supposes that each party could debate and oppose argues and proofs of the other party. Notwithstanding, it ensures rights of defense for the purpose of fair trial within the meaning of article 6 from ECHR (European Convention of Human Rights).
In this context, the CNIL couldn’t refuse the repeated demand of the SACEM regarding the set up of its research and existence files of network infringements. That’s why the CNIL was forced to grant the SACEM carry out its operational part. So, this latter could investigate on the Internet to detect infringers and give their IP address to the Public Authority. Moreover, when the graduated riposte will be effective, it could send its awareness messages through ISP, without being illegal.
In view of aforementioned, we can worry about consequences of a such agreement but also case-law decisions regarding IP addresses. Keep in mind that the respect of copyright doesn’t lead to infringe the respect of the Internet user’s private life.
In a « cybersociety » where the boundary between private and public life gets reduced, and in which personal data are collected in a transparent manner (the Navigo Pass allow to identify and trace the run of a subway user, with the RFID technology) and widely circulate online (but also offline), it seems important to us that the CNIL which have the mission to “control the application of computer files to the nominative information treatment”, continues its role of guide rail.
