Last updated: 
3 months 3 weeks ago
Blog Manager
One of Jisc’s activities is to monitor and, where possible, influence regulatory developments that affect us and our customer universities, colleges and schools as operators of large computer networks. Since Janet and its customer networks are classified by Ofcom as private networks, postings here are likely to concentrate on the regulation of those networks. Postings here are, to the best of our knowledge, accurate on the date they are made, but may well become out of date or unreliable at unpredictable times thereafter. Before taking action that may have legal consequences, you should talk to your own lawyers. NEW: To help navigate the many posts on the General Data Protection Regulation, I've classified them as most relevant to developing a GDPR compliance process, GDPR's effect on specific topics, or how the GDPR is being developed. Or you can just use my free GDPR project plan.

Group administrators:

Broad DPI Injunctions may be Unlawful

Wednesday, June 6, 2012 - 10:45

The Advocate General to the European Court has published his recommendation for the Court's response to questions raised in the long-running Belgian case of SABAM v Scarlet. In 2007 the Belgian court ordered the ISP Scarlet, at the request of the copyright enforcement society SABAM, to implement specific Deep Packet Inspection (DPI) systems to detect and prevent its users from exchanging copyrighted material on peer-to-peer networks. Scarlet claimed this order was contrary to European law, a question that the Belgian court referred to the European Court of Justice. That court is advised by an Advocate General, who has published (though only in French) his advice.

From the English summary, it appears that the Advocate General has two concerns, both arising from the fact that in order to be effective, the DPI equipment will have to examine the contents of all peer-to-peer communications, including those of customers of other ISPs and individuals who are not suspected of any breach of copyright.

First, the inspection is an interference with the privacy of communications (and, if blocking takes place, with the free exchange of opinions). Both of these are rights guaranteed by the European Convention. The Convention does allow a state to interfere with these rights, but only in ways and circumstances that are clearly set out in law. Since the Belgian court used a general power to prevent copyright infringement to impose this novel requirement on Scarlet, the Advocate General does not consider this effect of the law to be sufficiently clear. In principle, however, the Belgian Government could create new law that was "accessible, clear and predictable" to address this problem.

However the Advocate General also seems to raise a more serious problem: that the order constitutes "a general obligation which, it is intended, will be extended in the longer term on a permanent basis to all internet service providers". This wording is very close to that of Article 15(1) of the e-Commerce Directive (2000/31/EC):

Member States shall not impose a general obligation on providers, when providing the services [of network transmission, caching or content hosting], to monitor the information which they transmit or store.

In the French text (paragraphs 105 and 112) the Advocate General does indeed make the link to this Article, so it would appear that his advice, if followed by the Court, would prevent any European Government legislating in a way that can require ISPs to perform routine Deep Packet Inspection of all their customers' traffic.

The Court does not have to follow the Advocate General's advice, though it generally does so. The Court's response is expected later in the year.