Copyright © Media Law International 2018. All Rights Reserved.
Specialist Guide to the
Global Leaders in Media Law Practice
In case KKO 2017:85, Company B representing rights holders of films asked Company A, a teleoperator, to provide Company B with the contact details of specific users of Company A’s networks that were illegally making copyright protected films available to the public through a BitTorrent-network.
Company B asked for the contact details to be able to clarify the infringement and allocate its demands. The Finnish Market Court accepted Company B’s application based on section 60a of the Copyright Act and ordered Company A to provide Company B with the requested contact details. The Market Court stated in its judgements that the persons distributing the films can also be users or subscribers whose data must be retained under section 157 of the Information Society Code.
Section 60a of the Copyright Act (404/1961) enables an author or his representative to obtain, in individual cases and notwithstanding confidentiality provisions, for example from a teleoperator, contact information of tele-subscribers who illegally make material protected by copyright available to the public to a significant extent. The section is an important means by which rights holders in Finland can receive contact details of persons infringing their copyright so that they can approach such persons with, for example, a copyright infringement letter.
Section 157 of the Information Society Code (917/2014, as of 1 June 2018 called the Law on Electronic Communication Services) brings in privacy to the mix and states that certain undertakings are obligated to retain data related to internet access service provided by such an undertaking for nine months. The data in question may only be used for the purposes of solving and considering charges for specific criminal acts under the Coercive Measures Act (806/2011).
According to section 322 of the same act, data retained under section 157 can only be obtained from service providers by authorities who have a legal right to obtain the data.
Appeal and Supreme Court’s Decision
Company A appealed the Market Court’s decision to the Supreme Court to the extent it covered data to be retained for authorities under section 157 of the Information Society Code, stating that it retains the data covered by the Market Court decision for six months for its own needs and purposes, and nine months for the authorities. It claimed that it had handed over the data it retained for its own purposes, but that it is not authorised to hand over data that it holds for authorities.
Company B in turn argued that it is entitled to such data as well, since section 60a of the Copyright Act declares that contact details should be handed over notwithstanding confidentiality provisions. Company B also argued that Company A cannot decide upon a shorter retention period of its data so that it affects Company B’s rights.
The Supreme Court acknowledged that the Information Society Code does not declare how long a teleoperator shall store its traffic data. It also found that although it is not clear what is meant by the reference to confidentiality provisions in section 60a of the Copyright Act, a key privacy principle restricting teleoperators’ operations is included in section 137 of the Information Society Code.
The said section states that processing electronic messages and traffic data is only allowed to the extent necessary for the purpose of such processing, and it may not limit the confidentiality of messages or the protection of privacy any more than is necessary.
The Supreme Court also referred to case law from the CJEU, stating that regulations restricting the confidentiality of communications should be interpreted narrowly. Exceptions and restrictions concerning personal data should be executed within the limits for what is strictly necessary, a balance between different fundamental rights should be ensured, and the principle of proportionality followed.
The Court found 1) that sections 157 and 322 of the Information Society Code state for what purposes data under section 157 shall be retained and to whom it may be given, 2) that Company B is not an authority, and 3) that the copyright purposes under section 60a of the Copyright Act do not fulfil the conditions in section 157 of the Information Society Code.
Consequently, the Supreme Court ruled that a decision based on section 60a of the Copyright Act can only cover data that the teleoperator is retaining for its own purposes and not data retained based on section 157 for authority purposes.
Essentially, the decision means that the way teleoperators handle their data and define their data retention periods can have a significant impact on rights holders’ possibilities to defend their rights against piracy. If the teleoperator comes to the conclusion that it only needs the data for its own purposes for, for example, five months, rights holders cannot obtain the data for section 60a purposes after that time, even though the data is held for another four months for authority purposes.
Here, there is a rather apparent link to the GDPR, since it, in fact, urges companies to review the ways they handle data and make sure they do not keep and process data for longer than necessary.
Guidelines on Copyright Infringement Letters
While on the subject, it is worth mentioning that the Ministry of Education and Culture has recently published Best practices for monitoring of copyright infringements by letters directed to private persons, which aims to standardise the procedure of sending out copyright infringement letters.
The publication consists of 15 best practices based on the current Copyright Act to be followed when sending out copyright infringement letters. The letters must, for example, specify who the sender and the copyright holder are, and which infringement the letter refers to. The letter should also specify that the teleoperator has been ordered to provide contact details but has in no other way contributed to investigating the infringement.
The aim of the letter should be made clear, as well as the content of any settlement proposal. The letters should also describe the consequences of ignoring the letter. The letters may not include any misleading expressions and should contain a reference to the Ministry’s website, where recommendations and further information about the procedure is made available.
The last part of the best practices focusses on acquiring the contact information of the private person. The technical uniformity of the IP addresses must be ensured in all stages of the procedure, and the contact information of the private person must be protected in accordance with data protection legislation. It is emphasised that although the best practices are only a recommendation, they are based on the law and should be adhered to.
Copyright infringement letters have been somewhat of a “hot potato” in Finland back and forth for the past couple of years, but studies show that they have had an impact on reducing piracy. There is, at least partly, a clash between copyright and privacy, and as in all such situations, finding the right balance can be tricky at times. It remains to be seen how recent case law and the GDPR will affect the situation.
When faced with the opportunity to write an article about media law, the possibilities are – if not endless – many. On an EU level, the digital single market and copyright reform are still very much active, and they have had a secure spot on media lawyers’ radar for the past couple of years. However, with the GDPR around the corner, we thought it might be fitting to focus on a recent judgement from the Finnish Supreme Court concerning privacy issues in a copyright case.
Supreme Court Rules on Clash Between Copyright Enforcement
Jusse Rissanen is a partner in Procopé & Hornborg’s IPR, Media & Technology team and assists clients particularly in matters related to dispute resolution. Jusse has versatile litigation experience from various branches of law, especially contract, employment, tort, intellectual property, marketing and commercial law. He represents clients in both judicial and arbitration proceedings.
Hanna Ekqvist is a senior associate in Procopé & Hornborg’s IPR, Media & Technology team. Hanna advises clients in matters relating to the registration, licensing, and infringement of IPRs, as well as in media and communication law matters. She is particularly interested in copyright issues within the music and entertainment industry. She also has versatile experience from data protection assignments, and has most recently been assisting clients in GDPR compliance reviews. Hanna also advises companies of the requirements under consumer protection laws and regulations. Hanna’s professional experience includes a secondment at a music organisation in Brussels and a secondment at a law firm in London. Besides her law degree from the University of Helsinki, Hanna holds a M.Sc. (Econ.) from Hanken School of Economics, and a Post-graduate Copyright Diploma in UK, EU and US Copyright Law from King’s College London.