Saturday, 25 August 2018

Milan court issues dynamic blocking injunction against Italian ISPs

Does a blocking injunction against an intermediary only concern the domain names indicated in the relevant order or can it be also considered as encompassing future infringements committed through other domain names?

This is the question that the Milan Court of First Instance (Tribunale di Milano) had to address in the context of interim proceedings between publisher Mondadori and a number of major Italian internet access providers (ISPs).

It provided an interesting response in two twin decisions [available hereissued last June and which the IPKat has learned about thanks to Katfriend Valentina Borgese.


In 2017 publisher Mondadori requested the Milan Court of First Instance to issue an interim injunction against a number of major Italian internet access providers (ISPs) consisting of an order to adopt the most appropriate measures to block access to a platform and all the different domain names (alias) under which it operated and from which unauthorized copies of Mondadori magazines could be downloaded through links made available therein. 

The Milan court initially granted the interim injunction in favour of Mondadori.

Later that year, Mondadori discovered that the platform had once again changed name and, through a new domain, was still making links available for the download of unlawful copies of its magazines. 

So, Mondadori requested the ISPs subject to the first injunction to take the appropriate measures to block access to the new versions of the platform, but without success. The ISPs, in fact, claimed that Mondadori’s request would be outside the scope of the injunction against them. This means that Mondadori had to apply for a new injunction, which it obtained inaudita altera parte.

The ISPs opposed the new injunction, on the following grounds:
  • They are mere conduit providers under the meaning of the provision under Italian law (Article 14 of Legislative Decree 70/2003) corresponding to Article 12 of the E-commerce Directive, and are not responsible for third-party unlawful activities;
  • The measures requested by Mondadori would result in a general monitoring obligation, which is contrary to Article 15 of the E-commerce Directive and Article 17 of the Italian Legislative Decree;
  • The court should also hear the actual infringers in the context of such proceedings.
During the hearing for the confirmation of the injunction, Mondadori requested that the ISPs be ordered to block access not just to the domains indicated in the application, but also any domain names that would redirect to the platform.

Ineffective blocking
The decision

In its decisions, the Milan court rejected the need that, in proceedings against ISPs, also the actual infringers should be heard.

Turning to the claim that the measure requested by Mondadori would amount to a general monitoring obligation, the Court recalled the decisions of the Court of Justice of the European Union (CJEU) in L’Oréal and Scarlet, to note that enforcement measures must be proportionate and not excessively costly. This said, an ISP is under an obligation to promptly inform competent authorities should it become aware of any infringements committed by users of its service, and this is so irrespective of any liability of the intermediary for the infringements themselves. In any case, intermediaries may be the addressees of injunctions against them.

Dynamic blocking injunctions

The court then noted that Mondadori’s rights were repeatedly infringed through the different domain names under which the infringing platform operated. 

Also recalling the CJEU Telekabel decision, the court ruled that it is compatible with the E-commerce Directive (notably Article 15 therein) to request an ISP to take the most appropriate measures to block access, not just to the domain names identified in the relevant injunction, but also to any further domain names under which infringements relating to the same rights are committed. 

If the obligation of an ISP as resulting from a certain injunction was limited to the domain names indicated therein, this would make the measure issued pointless: it is in fact likely that, at the time of issuing the injunction, the infringer is already operating under a different domain name. 

Hence, an injunction that required the ISPs targeted by it to block access to current and future domain names through which infringements of the same rights are committed would be the only one that may “have the effect of preventing unauthorised access to the protected subject-matter or, at least, of making it difficult to achieve and of seriously discouraging internet users who are using the services of the addressee of that injunction” (Telekabel, para 64). 

The court reasoned that, if the intervention of a judge was needed in relation to any further infringement of the same right, no injunction could be issued pro futuro, and this would be contrary to the rationale underlying the availability of injunctions themselves.

In reaching this conclusion, the court also referred to the EU Commission's guidance on the Enforcement Directive. In particular, it referred to the following:

Furthermore, injunctions may in certain cases lose some effectiveness because of changes in the subject matter in respect of which the injunction was ordered. This may be, for example, the case of website blocking injunctions, where a competent judicial authority grants the injunction with reference to certain specific domain names, whilst mirror websites can appear easily under other domain names and thus remain unaffected by the injunction.  
Dynamic injunctions are a possible means to address this. These are injunctions which can be issued for instance in cases in which materially the same website becomes available immediately after issuing the injunction with a different IP address or URL and which is drafted in a way that allows to also cover the new IP address or URL without the need for a new judicial procedure to obtain a new injunction. 

However, to be compatible with the prohibition of general monitoring obligations, a dynamic injunction must include an obligation of the relevant rightholder to provide the targeted ISPs with a prior, specific notification concerning the new domain names through which infringements are committed. 

Compiling the list of domains
to be blocked
Cost allocation

The court also ruled on the issue of cost allocation, and held that, since the measure requested was distinct from an assessment of any liability of the ISPs, [the translation from Italian is mine] “by balancing different interests, the costs relating to technical expenses, strictly necessary and concerning the measure requested by the rightholder, should be borne, provisionally, by the rightholder itself.”


This is an interesting, although not completely new, development in the approach to intermediary injunctions in Italy. In reaching its conclusion, the court referred to the rationale of injunctions as an enforcement measure. 

The CJEU itself in L'Oréal clarified that injunctions against intermediaries may be aimed repressing existing infringements but also preventing future infringements of the same rights. In that case, the CJEU clarified how the injunctions referred to in the third sentence of Article 11 of the Enforcement Directive differ from those to in the first sentence of that provision: while the latter directly target infringers and intend to prohibit the continuation of an infringement, the former relate to the ‘more complex’ situation of intermediaries whose services are used by third parties to infringe third-party rights. Also taking into account the overall objective of the Enforcement Directive, this being ensuring an effective protection of intellectual property rights, alongside the provision in Article 18 of the E-commerce Directive and Recital 24 in the preamble to the Enforcement Directive, the CJEU concluded that the jurisdiction conferred by the third sentence in Article 11 of the Enforcement Directive allows national courts to order an intermediary to take measures that contribute not only to the termination of infringements committed through its services, but also preventing further infringements. 

This conclusion appears in line with the overall framework established by the E-commerce Directive: Articles 12(3) (in relation to mere conduit providers), 13(2) (in relation to caching providers) and 14(3) clarify in fact that a court or administrative authority, in accordance with Member States' legal systems, may require the service provider at issue to terminate or prevent an infringement.

Furthermore, the safeguards envisaged by the Milan court appear in line with the practice in other EU Member States, including the UK, where - also in the context of the most recent innovation, live blocking orders [here and here- rightholders are required to provide the list of target sites to be blocked. As regards the issue of costs, in the Milan case, the reasoning (albeit in the context of interim proceedings) appears substantially similar with the most recent approach in the UK, as envisaged by the Supreme Court in Cartier [here].

[Originally published on The IPKat on 25 August 2018]

Wednesday, 22 August 2018

Has the CJEU quietly changed the conditions for safe harbour availability?

Kat at the beach
Right before the summer break, on 7 August last, when most people had already turned their out-of-office auto-reply on or were getting ready to move to the beach, the Court of Justice of the European Union (CJEU) issued quite an interesting ruling - SNB-REACT, C-521/17 - concerning enforcement of IP rights under Article 4(c) of the Enforcement Directive and the availability and scope of the safe harbours under the E-Commerce Directive.


This referral from Estonia was made in the context of proceedings that a collecting society, SNB-REACT, had initiated against an individual, Deepak Mehta, concerning the latter's alleged liability for infringement of the IP rights of 10 trade mark owners. 

According to SNB-REACT, Mehta had allegedly registered a number of IP addresses and internet domain names, which unlawfully used signs identical to the trade marks owned by SNB-REACT members, together with websites unlawfully offering for sale goods bearing such signs. 

Mehta, however: (1) denied that he had registered the IP addresses and domain names challenged by the claimant; (2) even if he owned 38,000 IP addresses, he had rented them to third-party companies; and (3) this activity should be regarded as akin to that of a service providing access to an electronic communications network, together with an information transmission service, being - as a result - eligible for the safe harbour protection under the Estonian provisions corresponding to Article 12 to 14 of the E-Commerce Directive.

At first instance, SNB-REACT's action was dismissed on grounds that, first, it would lack standing to bring legal proceedings in its own name to enforce its members' rights and, second, Mehta was eligible, as an information society service provider, for the safe harbour protection.

SNB-REACT appealed to the Tallinn Court of Appeal, which made a reference to the CJEU and asked:

(1) Is Article 4(c) of [the Enforcement Directive] to be interpreted as meaning that Member States are required to recognise bodies collectively representing trade mark proprietors as persons with standing to pursue legal remedies in their own name to defend the rights of trade mark proprietors and to bring actions before the courts in their own name to enforce the rights of trade mark proprietors?
(2) Are Articles 12, 13 and 14 of [the E-commerce Directive] to be interpreted as meaning that even a service provider whose service consists in registering IP addresses, thus enabling them to be anonymously linked to domains, and in renting out those IP addresses, is to be regarded as a service provider within the meaning of those provisions to whom the exemptions from liability provided for in those articles apply?’
The CJEU answered both questions in the affirmative, without seeking the prior Opinion of the appointed Advocate General (Wathelet). 

Here's how it reasoned.

Standing of a collecting society

Article 4(c) of the Enforcement Directive provides that:
Member States shall recognise as persons entitled to seek application of the measures, procedures and remedies referred to in this chapter [...] intellectual property collective rights-management bodies which are regularly recognised as having a right to represent holders of intellectual property rights, in so far as permitted by and in accordance with the provisions of the applicable law
The Court deemed it necessary to clarify the meaning of ‘applicable law’ and ‘as permitted’ in that provision:
  • First, the expression 'applicable law' refers to both EU and national laws, as appropriate. 
  • Second, Member States do not enjoy unlimited discretion as to whether or not recognize collecting societies as having standing.
  • Third, as is apparent from Recital 18 in the preamble to the Enforcement Directive, EU law intended to grant standing also to those having a direct interest in the defence of third-party IP rights.
It follows that, where a collecting society is regarded by national law as having a direct interest in the defence of its members' rights and that law allows that body to bring legal proceedings, the Member States are required to recognize such collecting society as a person entitled to seek application of the measures, procedures and remedies provided for by the Enforcement Directive, and to bring legal proceedings for the purpose of enforcing such rights.

Liability of providers of IP address rental and registration service

Turning to the second question, the CJEU provided a recap of the conditions at which the safe harbours within Article 12 to 14 of the E-commerce Directive apply.

Notion of 'information society service'

First, the Court tackled the question whether the provider of an IP address rental and registration service could be deemed an information society service provider for the sake of the E-commerce Directive. The Court noted how this notion is fairly loose, in that the concept of ‘information society service’ refers to services which are provided:
  • at a distance, 
  • by means of electronic equipment for the processing and storage of data, 
  • at the individual request of a recipient of services, 
  • normally in return for remuneration. 
It is a notion that includes services contributing to facilitating relations between persons engaged in online sales activities and their customers

The CJEU found that it did not have sufficient evidence to determine whether a service like that one at issue in the background proceedings would fall within the notion of information society service, but it appeared not to exclude it. 

Availability of safe harbours

Then the CJEU turned to consideration of the conditions at which the 'limitations of liability' [note that the Court used the term 'limitations'], aka safe harbours under the E-commerce Directive, apply. And here the Court provided a 'checklist'.

What one needs to do is in fact the following:
  1. Identify whether the information society service at issue consists of mere conduit (Article 12), caching (Article 13) or hosting (Article 14);
  2. Review whether the conditions for the safe harbour for the specific service at issue are satisfied.
For all three scenarios, the safe harbour only applies where the activity of the information society service provider is of a mere technical, automatic, and passive nature. This implies that that service provider has neither knowledge of nor control over the information which is transmitted or stored by the persons to whom he provides his services. 
By contrast, those limitations of liability do not apply in the case where a provider of information society services plays an active role, by allowing its customers to optimise their online sales activity. [para 48]
It's impossible to speak of safe harbours
without at least a (cheerful) sailor Kat pic!
When is the safe harbour trumped?

At this point of the judgment, things become a bit more interesting (or troubling, depending on one's own perspective), in that the CJEU stated [para 50]:
it is for the referring court to satisfy itself, in the light of all relevant facts and evidence, as to whether such a service provider has neither the knowledge of nor control over the information transmitted or cached by his clients and whether he does not play an active role by allowing them to optimise their online sales activity.
This paragraph is quite ambiguous. The reasoning appears construed in light of landmark safe harbours decisions like Google France and L'Oréal, yet the wording is not the same. In those cases the CJEU linked the active role of the provider which excludes the availability of the safe harbour to knowledge of or control over of third-party information. In Google France the Court held [para 120, emphasis added]:
Article 14 of Directive 2000/31 must be interpreted as meaning that the rule laid down therein applies to an internet referencing service provider in the case where that service provider has not played an active role of such a kind as to give it knowledge of, or control over, the data stored. If it has not played such a role, that service provider cannot be held liable for the data which it has stored at the request of an advertiser, unless, having obtained knowledge of the unlawful nature of those data or of that advertiser’s activities, it failed to act expeditiously to remove or to disable access to the data concerned.
Similarly in L'Oréal the Court stated that [para 113, emphasis added]:
Where, by contrast, the operator has provided assistance which entails, in particular, optimising the presentation of the offers for sale in question or promoting those offers, it must be considered not to have taken a neutral position between the customer-seller concerned and potential buyers but to have played an active role of such a kind as to give it knowledge of, or control over, the data relating to those offers for sale. It cannot then rely, in the case of those data, on the exemption from liability referred to in Article 14(1) of Directive 2000/31. 
In those cases the logic was the following:

active role  knowledge of or control over information  unavailability of safe harbours

While in SNB-REACT the process is different [see also para 52 of the judgment]:

knowledge of or control over information + active role (eg optimization of online sales activities) = unavailability of safe harbours

As it appears to be the case when the Court decides without the prior Opinion of the appointed AG, the resulting reasoning is not as straightforward as one would wish. 

The approach to the definition of the conditions for excluding the availability of the safe harbours is telling: are paragraphs 50 and 52 in the judgment just the result of rather imprecise writing or has the Court, instead, inaugurated a new approach to the definition of the conditions for the E-commerce safe harbours? 

The answer is ... till the next preliminary ruling!

[Originally published on The IPKat on 22 August 2018]

CJEU rules that unauthorized re-posting of protected content may be an infringement

The Cordoba photo at issue in Renckhoff
Today the Court of Justice of the European Union (CJEU) issued its last copyright judgment [but also - incredibly - the first copyright judgment of 2018] before the summer break. 

In Renckhoff, C-161/17 it ruled - contrary to the Opinion of Advocate General Campos Sanchéz-Bordona [here and here; ALAI thought it was very bad, and criticized it here] - that in a situation like the one at issue the unauthorized re-posting of a copyright work would be an act of communication to the public within Article 3(1) of the InfoSoc Directive.


As readers might remember, this case had a fairly odd factual background. The national proceedings relate in fact to copyright litigation that a photographer has brought in Germany against a school over the use, by one of the pupils, of copyright-protected material without authorization. 

More specifically, one of the pupils found an image of the city of Cordoba online and used it for an assignment for her Spanish class, providing acknowledgment of the website from which she had downloaded the photograph (though not of the photographer, because the website where the photograph appeared did not provide any). 

Upon finishing her work, she and her teacher uploaded it on the school's website, but the photographer came forward claiming infringement of his copyright in the photograph, and that he had just granted a licence to use to the image to the website from which the pupil had downloaded it.

Litigation has gone all the way up the German Federal Court of Justice, which decided to stay the proceedings and refer this question to the CJEU:

Does the inclusion of a work — which is freely accessible to all internet users on a third-party website with the consent of the copyright holder — on a person’s own publicly accessible website constitute a making available of that work to the public within the meaning of Article 3(1) of [Directive 2001/29] if the work is first copied onto a server and is uploaded from there to that person’s own website?

The CJEU response

Today the Court answered in the affirmative, noting that:

  1. The reposting of protected content freely available with the rightholder's consent on a third-party website is a new act of communication to the public (I'd also add that it is also an act of reproduction, and in fact this has been already established in the national proceedings) and no analogy with linking to lawful and freely accessible content in a Svensson sense may be drawn. Here the point is not - as it was, instead, in Svensson whether there is a communication to a new public, because there is a new communication to the public tout court.
  2. Holding otherwise would mean that a copyright owner would lose any control over their work once this has been made available online the first time. This would basically amount to an undue exhaustion of the right of communication to the public, contrary to Article 3(3) of the InfoSoc Directive, and would also be in breach of the principle according to which economic rights are preventive in nature (in a Soulier sense)
  3. The fact that a work has been initially published online and made available with no restrictions is irrelevant: holding otherwise would be akin to imposing formalities to the enjoyment and exercise of copyright, and this would go against the prohibition in Article 5(2) of the Berne Convention.
If that was ever possible,
now school may become even more stressful
The Court also recalled that copyright protection in a photograph only arises when the photograph is its author's own intellectual creation, in the sense that it results from the making of free and creative choices and carries the author's personal touch, in the sense clarified in Painer. Readers will remember that the AG doubted that the one at issue would be a copyright-protected photograph. However, Article 6 of the Term Directive leaves EU Member States free to protect sub-original photos.


Overall, the judgment is good news for copyright owners, in that it gives them reassurance that the control over their works is not reduced over the internet. 

The ruling is also interesting in relation to the practice of certain websites (including newspapers) that directly host third-party video content in respect of which they neither own the rights nor do they have a licence, in lieu of displaying such videos by means of embedded links. While the latter might be lawful (depending on whether the requirements set in Svensson and GS Media are fulfilled), the former might pave the way to a finding of liability. This may be something that we knew already, but that now the CJEU has confirmed.

[Originally published on The IPKat on 7 August 2018]

The AG Opinion in Levola Hengelo: more questions than answers?

As announced earlier today, this morning Advocate General (AG) Wathelet issued his Opinion [not yet available in English] in Levola Hengelo, C-310/17. He advised the Court of Justice of the European Union to rule that the taste of a cheese - Dutch spreadable cheese Heks’nkaas (for which a patent was registered in 2012 and a word trade mark is registered)  - is not eligible for copyright protection as a 'work' under the InfoSoc Directive.

While the outcome of the Opinion may be sensible, its content raises a number of issues and, potentially, problems.

But, first, let's see how the AG reasoned.

Concept of 'work'

At the outset, the AG tackled what is to be intended as 'work' under the InfoSoc Directive, this being a notion that this piece of EU legislation does not define. 

Despite this, 'work' should be regarded as an autonomous concept of EU law that mandates uniform application throughout the EU. It follows that Member States may not grant protection to objects as 'works' under the InfoSoc Directive beyond what the directive itself envisages.

Originality is not enough

Recalling in particular the decisions in InfopaqPainer and Football Dataco, the AG noted that an 'object' is protectable if it is sufficiently original, in that sense that it is 'its author's own intellectual creation' which results from the marking of 'free and creative choices' so that the resulting 'object' displays the 'personal touch' of the author.

However, originality alone is not sufficient: it is also required that the 'object' in question is a 'work' within Article 2(1) of the Berne Convention [the InfoSoc Directive implements into the EU legal order the 1996 WIPO Treaties and the WIPO Copyright Treaty mandates compliance with Articles 1 to 21 of the Berne Convention].

Can a taste be a work?

Article 2 Berne provides a non-exhaustive list of protectable subject-matter. Although the provision does not expressly exclude taste, smells or perfumes, according to the AG the only types of works included therein are those that can be perceived through sight or hearing. Hence, the taste of a food product is not a work within Article 2 Berne, nor are there any other international law provisions that protect the taste of a food product by means of copyright. 

According to the AG, there are two additional considerations that rule out copyright protection in a taste. 

The first is the idea/expression dichotomy, which excludes protection for a recipe as such, this being an idea that has not yet been expressed in some form, eg in writing. 

The second consideration is that original expressions should be identifiable with sufficient precision and objectivity. And here the AG brought trade mark law into the picture. By relying on the decision in Sieckmann concerning the (now seemingly defunct) graphic representation requirement and which - as a matter of fact - has made it virtually impossible to register less conventional signs like smells and, indeed, taste, he concluded that the same requirements envisaged for graphic representation of a sign in trade mark law - ie the representation be clear, precise, self-contained, easily accessible, intelligible, durable and objective - apply in copyright. Hence, if a certain subject-matter cannot be identified with sufficient precision and objectivity, it is not protectable. 

The taste of a food product is a qualitative element and, as things currently stand, there are no techniques to identify it precisely and objectively. It follows that it is not possible to identify precisely and objectively the scope of the protection (if any) afforded to it.

With regard to the additional consideration that a taste of a food product would not be protectable because of its inherent instability, the AG rejected this as relevant, noting that, on the one hand, the InfoSoc Directive does not envisage a fixation requirement and, on the other hand, copyright protects a work as such and not its support. However, he found that the very fact that a taste is ephemeral, volatile and unstable is actually an obstacle to its qualification as a work for the sake of copyright protection.

AG Melchior Wathelet
Issues and potential problems raised by the Opinion

The Opinion of AG Wathelet raises a number of issues [thanks to @SikkeKingma@toblu_de@martailj@jhtc@cjbuccafusco@questforbooty for the discussions already held on Twitter].

EU pre-emption

The first one is not particularly surprising, and is that - in areas harmonized by relevant copyright directives - Member States are no longer free to provide for different approaches, in particular by altering the scope of protection as set at the EU level. 

In more recent cases, the CJEU appears to have dispelled what could be indeed considered a ‘myth’ of EU copyright law – that of its substantial flexibility. Although neither the Court nor the AGs have systematically developed a system of EU pre-emption in EU copyright, the application of pre-emption has been substantial, prompted by the objective of achieving a certain, internal market-rooted, outcome for questions referred by national courts. 

Such practical, result-oriented use of EU pre-emption has occurred in the area of economic rights with regard to the scope of national implementations of, eg, the InfoSoc Directive; exceptions and limitations (notably national private copying provisions); and independent national legislative initiatives, such as the one at issue in Soulier and Doke concerning the 2012 French law on the exploitation of out-of commerce works [here]. As of today, this case arguably represent the most sophisticated and explicit use of EU pre-emption by the Court and – in even more express terms – by AG Wathelet in his Opinion [here].

In the present case, should the CJEU decide to follow the Opinion of its AG, this would mean that an approach like the one adopted by the Dutch Supreme Court in Kecofa v Lancôme (in which copyright was found to subsist in the smell of a perfume) would not be allowed.

Is copyright like trade marks? An EU fixation requirement?

The second point relates to the use, by the AG, of typical trade mark tools to achieve the conclusion that copyright only vests in subject-matter that can be identified with sufficient precision and objectivity, in a Sieckmann sense.

Although the AG ruled out that this would mean a fixation requirement, that seems to be instead the case. Would it be possible to have subject-matter that is precise and identifiable without it being also fixed in some material form?

This may be troubling in that, first, the requirements for trade mark registration are - formally -different from those for copyright protection and, secondly, because in principle the Berne Convention (Article 2(2)) leaves it to individual countries to determine whether to introduce a fixation requirement into their own copyright laws. 

But all this, perhaps, is no longer true and not only is there an EU notion of 'work' but there is also an EU fixation requirement.

Spreadable Kat
Objectivity required in copyright?

Finally, the AG said that subject-matter must be defined with sufficient precision and objectivity, and that this is required to determine both subsistence and scope of protection.

But has this ever been the case - or can it even be the case - in copyright?

If we take, for instance, the case of certain exceptions and limitations, can we say that the assessment required to determine whether, eg, a certain use of a work qualifies as parody may be conducted objectively and with absolute precision? 


As mentioned above, the AG Opinion may be correct from the perspective of its outcome, but the reasoning followed raises a number of questions. Let's now wait to see what the CJEU says ... it's not yet the end for Heks’nkaas after all!

[Originally published on The IPKat on 25 July 2018]