International

there are potential threats to privacy and data protection arising from reported language. The treaty will set the conditions under which ISPs and other online intermediaries may be held liable for infringing material on their networks, and may also impose measures on users for uploading or downloading unauthorized materials, it said. It’s possible the agreement could require ISPs to adopt a graduated response regime in which copyright owners can monitor users and identify alleged pirates for warnings and possibly access termination by ISPs, it said. These systems, already in place in France and under discussion in several EU forums, pose major privacy risks, it said. They involve generalized monitoring of Internet users’ activities, even lawful ones, affect millions of law-abiding Netizens, and are carried out by private parties, not law enforcement agencies, it said. Three-strikes policies must comply with European privacy rights, the EDPS said. EU law defines personal data as any information relating to an identified or identifiable person -- that is, one who can be identified, directly or indirectly, by reference to an identification number. In that context, Internet Protocol addresses and information about the activities linked to them is personal data, it said. In addition, Internet disconnection policies must also comply with confidentiality rules for electronic communications, it said. Intellectual property enforcement is important, but the three-strikes approach is far-reaching, disproportionate and unnecessary, it said. Other, less intrusive solutions exist and should be investigated, it said. Among these are requiring governments to produce standardized public interest information on copyright infringement and its consequences and to ask ISPs to distribute it to all subscribers and to include in service agreements, the EDPS said. Moreover, the new intellectual property enforcement directive is just coming into force in EU countries, so there’s been no chance yet to test the new regime, it said. Furthermore, it’s unclear whether anyone has thought about alternative business models such as ISP subscriptions where part of the price for a unlimited-access service is given to content owners, it said. If monitoring is to take place, it must be done less intrusively and only in cases where infringement takes place on a commercial scale, the EDPS said. Any data processing operations aimed at monitoring should be vetted by national privacy authorities, it said. There are also more specific legal reasons for rejecting the three-strikes policy, it said. Because it involves processing personal data, some of which will be used for legal or administrative procedures, it concerns sensitive data and raises issues of whether users can validly consent to its use, the EDPS said. Another problem is that ISPs can legally keep traffic data related to IP addresses for only a limited time unless it’s sought for serious crime investigations, and unless copyright holders contact providers quickly, the log files will be gone, the EDPS said. Separately, French civil liberties group La Quadrature du Net published what it said may be the U.S.’s ACTA Internet proposal. The document requires signers to limit online service provider liability for infringing activities that occur by automatic technical processes, where subscriber actions aren’t directed or initiated by the provider, which doesn’t select the material, and where the provider links users to an online location without knowledge of the infringement. Immunity, however, is conditioned on ISPs adopting policies such as access termination in appropriate circumstances, and taking down or disabling access to material deemed infringing upon receipt of legally sufficient notice, unless the provider is just a conduit for the transmission. The document also says immunity from liability can’t be conditioned on a service provider monitoring or affirmatively seeking facts showing infringement is taking place. La Quadrature attacked the proposal for forcing telecom operators and online service providers to develop monitoring regimes that will lead to traffic filtering, and three-strikes policies. It urged European negotiators to “oppose this circumvention of democratic processes aimed at putting the Internet under total surveillance by private actors.”