UPC Ireland, a largest Irish telecoms provider, has been obliged, by injunction, to introduce a “three strikes” disconnection strategy by the Irish High Court. UPC’s own terms of service are at least partly at fault.
In 2009, the former Irish monopoly telecoms provider, Eircom, entered into a voluntary arrangement with the music industry in order to introduce a “three-strikes” system for alleged unauthorised file-sharing. Under the scheme, a company collects IP addresses online, passes them to Eircom saying they were involved in unauthorised downloading. Eircom sends warnings and then disconnects the user’s internet connection, initially one week and then for a year. The approach has been shown to be a failure in several countries, but effectiveness and proportionality appear not to be priorities
UPC, having a generally impressive record in protecting its users’ rights both in Ireland and internationally, resisted demands to follow the same approach. As a result, a group of music industry giants took UPC to court in 2010, in a case that UPC ultimately won.
However, the judge’s ruling in the 2010 case was extremely activist, essentially demanding that the government pass legislation to impose injunctions of the kind requested in the case. He argued that this was necessary to implement EU law, even though no complaint (to EDRi’s knowledge) was ever made by the European Commission in this regard. The parties were invited to reapply for an injunction once the Irish government had passed the new law. Everyone then did what they were told – the law was passed and the new application was made.
As is typical in the internet sector, UPC’s terms of service are very extensive. Companies generally assume that this is the safest option, because it appears to allow them to act arbitrarily without the risk of being sued. The received wisdom is that this is all benefit and no cost. However, this is not true – because it implies that the company in question believes that such arbitrary behaviour is acceptable and creates the possibility, either through informal pressure or through law, that the internet provider will be pushed into undertaking the foreseen restrictions.
In the first case, the judge was particularly incensed by the fact that UPC’s (like almost all Irish internet providers’) terms of service allow them the possibility to unilaterally disconnect a customer for a variety of reasons. UPC’s terms of service explicitly include copyright infringement as a possible reason for unilaterally terminating a contract.
The judge in the 2010 case found it unacceptable that this part of the UPC contract not being exploited by the company. He complained that, even though it “is a matter of contract, and for a breach of this obligation by the customer, UPC can terminate the contract”, “it never does” nor, he added “do they have any interest in it”.
In the case that recently ended in the High Court, the judge pointed out that UPC regularly disconnects people for failing to pay their bills, without an appeals process. This specious argument was made extensively by music industry lobbyists during discussions on three-strikes at EU level. What EU policy-makers understood, that the High Court Judge did not, was that taking action against a subscriber for a prejudicial action (non-payment of a bill) against the company is fundamentally and obviously different for taking action against a subscriber for an alleged prejudicial action that harms a third party.
Finally, the Irish High Court ruled again (following a case looking only at this issue in 2010) that there is no data processing that falls under Ireland’s idiosyncratic reading of European data protection law when IP addresses are harvested by a company tasked with this activity and no personal data processing when these non-personal data – collected for the purpose of personally identifying individuals – are transferred to the internet provider. They are “publicly transmitted” data, in any event, according to the music industry and, for non-obvious reasons, therefore not entitled to protection. There is personal data processing when the internet provider writes to the end-user for purposes that are entirely outside the purpose of internet access provision because, of course, the activity is covered by the terms of service of UPC.
2015 High Court Ruling
Not yet published
2010 EMI Records vs UPC case
2010 EMI Records vs Eircom case
Human rights violations online (04.12.2014)
(Contribution by Joe McNamee, EDRi)