More Bad News for ACTA as Another Legislative Report and Privacy Authority Pan Web Provisions

ACTA has several problems, Andersdotter said. Data about the scale of IP rights infringements are incomplete and inconsistent, she said at an ITRE meeting in Brussels. ACTA shouldn’t be put in place without sufficient evidence of the problems it’s meant to address, she said. Parliament should initiate a new debate about intangible rights and the digital market, Andersdotter said.

ITRE members are split over the agreement, with most support coming from the largest political group, the European People’s Party (EPP). ACTA won’t affect people’s rights or online access and contains privacy guarantees, said Pilar del Castillo Vera of Spain and the EPP. Parliament’s legal services have said over and over that there’s no reason to reject the treaty, she said. Since debate on ACTA began in 2008, hundreds of billions of euros have been lost to IP violations, she said. If the document needs more clarification, lawmakers should ask the European Commission to give it immediately, she said.

German EPP member Herbert Ruel urged colleagues not to sweep ACTA under the table simply because of the massive public demonstrations it sparked. The discussion has been more ideological than anything else, said Romana Jordan of Slovenia and the EPP. People are afraid to say positive things about ACTA publicly, but how can Parliament take it forward in the face of so much pressure for its abolition, she asked.

Protecting personal data and Internet rights is important, but it’s surprising when some see IP rights protection as a contradiction to Internet freedoms, said Gunnar Hökmark of Sweden and the EPP. Given the legal services’ conclusion that ACTA isn’t inconsistent with EU legislation and doesn’t contain much of anything new, “we are hunting a ghost,” he said. Some people just don’t want IP rights protected, and maybe that’s the basis of their opposition, he said.

ACTA also found backing in the draft JURI Committee report by French EPP member Marielle Gallo. She stressed that the text doesn’t create new IP rights and generally requires that any enforcement measures governments adopt be proportionate. The Internet provisions don’t refer to the possibility of requiring “graduated response” to online infringements, and bar EU members from imposing general monitoring on ISPs, she wrote.

The Socialists and Democrats oppose ACTA, which will hit infringers regardless of size or motivation, said Catherine Trautmann of France and the S&D. David Martin of the same party has already said that as author of the International Trade Committee (INTA) response he will recommend rejection (WID April 18 p6). INTA meets Thursday to discuss his report.

Enforcing IP rights internationally is a legitimate concern, but “the means envisaged for strengthening their enforcement must not come at the expense of fundamental rights of individuals,” Assistant European Data Protection Supervisor (EDPS) Giovanni Buttarelli said Tuesday in a second opinion on ACTA that EDPS wrote on its own initiative. The document focused on threats to privacy and data protection raised by potential enforcement mechanisms in the digital environment. ACTA’s digital provisions have two measures specifically designed to make it easier to enforce IP rights on the Internet which the parties may, but don’t have to, introduce, Buttarelli’s opinion for EDPS said. It said ISPs may be ordered by a “competent authority” to divulge the identity of a suspected subscriber directly to a rights holder, and governments may also promote “cooperative efforts within the business community to effectively address trademark and copyright or related rights infringement.” The second clause isn’t as clear-cut as the first, the EDPS wrote. Many parties who already have voluntary enforcement cooperation mechanisms between ISPs and rights holders “are likely to contend” that they fall within this provision, Buttarelli said. Those voluntary mechanisms include “three-strikes” or graduated response systems, blocking and filtering of peer-to-peer traffic or blocking websites that allegedly infringe, he said.

Those regimes are problematic from a data protection perspective because they involve some form of monitoring of individuals’ Internet use, the opinion said. Generalized monitoring is “highly invasive,” is usually carried out unnoticed and may affect millions or even all users, whether they're under suspicion or not, it said. Such surveillance also usually involves systematic recording of data such as Internet Protocol addresses of suspected users, it said. That’s personal data under EU law, so the measure will often amount to interference with privacy rights, it said. Any such measures must comply with European rules on proportionality, it said.

The ACTA provisions on enforcement mechanisms aren’t mandatory, yet still spark concerns, the EDPS said. The language isn’t precise and it leaves a lot of wiggle room, it said. In principle, the measures to toughen digital enforcement should stay within the bounds of EU law and respect for fundamental rights, it said. But there’s a risk that ACTA will affect future EU law as new legislation and changes to current law may be motivated by ratification of the treaty along the lines of the ACTA text, it said.

The European Commission is looking to revise the IP rights enforcement directive, but ACTA ratification may offer incentives to introduce voluntary cooperation enforcement measures despite the lack of consensus on them at EU level, the EDPS said. It’s premature for the EU to commit to certain basic principles given the amount of disagreement over such plans, it said. And member countries may also go ahead with their own cooperative enforcement rules, which run a high risk of not respecting EU data protection requirements, it said.

The digital chapter isn’t clear enough on what kinds of acts would be subject to enforcement procedures online and whether they would include or exempt activities carried out by individuals online for private purposes such as file-sharing, the opinion said. It’s particularly vague as to whether only activities done on a “commercial scale” would be subject to the treaty, it said. The commercial scale criterion is only mentioned in relation to criminal enforcement, but under EU law the notion applies to civil enforcement as well, it said. ACTA doesn’t sufficiently guarantee that only commercial-scale actions are covered, it said.

Another troublesome provision envisions the possibility for parties to set up a specific injunction mechanism directed at ISPs, the EDPS said. It would let “competent authorities” order ISPs to identify users from their IP addresses, it said. But that implies that rights holders will engage in some form of monitoring of Internet usage to determine which accounts are being allegedly used for infringement, it said. That involves processing sensitive data relating to suspected offenses or criminal convictions, which under existing EU law can only be done under the control of an official, preferably judicial, authority, it said. But the text doesn’t explain who the competent authorities are, it said. The European Commission has asked the European Court of Justice to rule on whether ACTA is compatible with European treaties such as the Charter of Fundamental Rights. ITRE could vote on the Andersdotter report May 8.