EMI Records (Ireland) Limited & ors v The Data Protection Commissioner, [2013] IESC 34 (2013)

Docket Number:369/2012
Judge:Clarke J.

THE SUPREME COURT[Appeal No. 369/12]

Fennelly J.

O'Donnell J.

Clarke J.


EMI Records (Ireland) Limited,

Sony Music Entertainment Ireland Limited,

Universal Music (Ireland) Limited and

Warner Music Ireland Limited

Applicants / Respondentsand

The Data Protection Commissioner

Respondent / Appellantand

Eircom Limited Notice Party

Judgment of Mr. Justice Clarke delivered the 3rd July, 2013.

1. Introduction

1.1 Much controversy has raged in recent years, at a philosophical, political and legal level, about the relative entitlements of internet users and copyright owners. While that debate ranges far and wide and forms the backdrop to the issues which arise in these proceedings, this judgment is only concerned with two specific questions. While it might be said that some of the issues which potentially arise between these parties do raise broad questions as to the precise legal rights enjoyed by private internet users, on the one hand, and copyright owners, on the other, the specific questions which this court currently has to answer are much narrower indeed.

1.2 The applicants/respondents (“the record companies”) are all major players in the music industry and own copyright in a significant number of valuable musical works. The notice party (“Eircom”) is involved in these proceedings as a result of its provision of internet services. There has, in recent years, of course, being much controversy about alleged unlawful copying, not least on the internet, of music (and indeed other works) in which copyright is held.

1.3 In circumstances to which I will shortly turn the record companies brought proceedings against Eircom arising out of what was said to have been unauthorised and unlawful sharing of copyright material facilitated by internet services provided by Eircom. Those proceedings were settled but it was asserted by the respondent/appellant (“the Commissioner”) that implementation of certain aspects of that settlement might amount to a breach of data protection law. The parties to the settlement applied to court for a ruling on the consistency of the settlement with data protection law and, in circumstances which it will be necessary to address, the Commissioner ultimately declined to participate. The court ruled that implementation of the settlement would not be in breach of any relevant law.

1.4 However the Commissioner appears to have remained of the view that the implementation of certain aspects of the settlement would be unlawful and, following a complaint, issued an Enforcement Notice to Eircom under the provisions of the Data Protection Act, 1988, as amended. Eircom appealed against the Enforcement Notice, as permitted by the same statutory regime, and the record companies sought to be joined in that appeal. However before any questions came to be determined in that appeal the record companies commenced these judicial review proceedings seeking to have the Enforcement Notice quashed. The High Court (Charleton J.) agreed with the record companies' case and quashed the Enforcement Notice. The Commissioner has appealed to this Court against that finding. The issues which arise on the appeal generally are, at least on one view, wide ranging involving important questions of both national and European Union law. However as a result of a case management process two issues have come to trial as a first module of the appeal. The first is an issue raised by the Commissioner as to whether judicial review is appropriate in the light of what is said to be the more applicable remedy of the statutory appeal to which reference has been made. The second issue concerns the question of whether the trial judge was correct to quash the Enforcement Notice on the basis of absence of reasons.

1.5 This judgment is directed solely to those two questions. In order to better understand the issues which arise and how it comes to pass that those two issues currently fall for decision it is appropriate to start by referring to the procedural history.

2. Procedural History

2.1 In 2008, the record companies sued Eircom in an attempt to restrict what was said to be unauthorised sharing of copyrighted material over the internet allegedly being carried on by customers of Eircom. However, while the matter was at hearing in the High Court, the parties asked for an adjournment during which they negotiated a settlement of the dispute. One product of those negotiations was the Graduated Response Protocol (the “Protocol”). The Protocol was filed in Court on the 29th January, 2009. Although some of its terms have subsequently been altered, the implementation of the terms of the Protocol is at the core of the dispute in these proceedings.

2.2 As already noted, on becoming informed of the Protocol, the Commissioner raised a number of data protection concerns with Eircom and discussions between those two parties continued between the 11th May, 2009, and the 17th December, 2009. On the 15th January, 2010, the Commissioner wrote a formal letter to Eircom setting out his concerns. The proceedings between the record companies and Eircom were re-entered in the High Court, as a result of the intervention of the Commissioner, for the purposes of having those concerns adjudicated upon. In advance of a hearing, however, the Commissioner sought assurances from the record companies and Eircom to the effect that they would either pay his costs and/or would not seek costs against him. The record companies and Eircom declined to give such assurances. Arising, it would appear, out of those concerns about costs the Commissioner declined to appear at that hearing.

2.3 Nevertheless, the hearing regarding the data protection issues went ahead before Charleton J. in the High Court. After hearing submissions from the record companies and Eircom, (who both urged that there was no data protection barrier to the implementation of the Protocol) the court ruled on the 16th April, 2010, amongst other things, that there were adequate procedural safeguards in the Protocol such that it was in accordance with Directive 2009/140/EC, ("the Directive") which governs the law in this area and, therefore, that there was no legal impediment to its implementation. The operation of the Protocol commenced in August 2010.

2.4 On the 9th December, 2010, a customer of Eircom received an infringement notice under the terms of the Protocol stating that she had uploaded material to the internet in breach of her contract with Eircom. This notice had been sent in error to a person uninvolved in the alleged illegal uploading due an oversight arising out of the changing of the clocks in October 2010. This notification was then referred to the Commissioner by a son of the recipient who said that he, rather than his mother, was the user of the internet service in question. This prompted further correspondence between the Commissioner and Eircom, following which Eircom acknowledged that a mistake had been made and that the notice should not have been sent to the relevant recipient.

2.5 When the complainant concerned was informed of this development, a further complaint was made in February 2011 to the effect that Eircom was acting in breach of his right to privacy by monitoring his internet activity without his permission. He alleged that this amounted to an ongoing breach of data protection law and requested that action be taken by the Commissioner against Eircom in respect of this alleged violation.

2.6 The Commissioner continued his investigation following receipt of this further complaint and, on the 16th September, 2011, he wrote to Eircom seeking further clarification on a number of issues. A response to this letter was sent by Eircom on the 7th October, 2011. This correspondence was shared with the record companies. On the 25th November, 2011, the Commissioner indicated via email to Eircom his view that the Protocol breached a number of provisions of the Data Protection Acts 1988-2003 (“the Data Protection Acts”) and the European Communities (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011. The Commissioner drew attention to the judgment of the European Court of Justice in Case C-70/10 Scarlet Extended v Société belge des auteurs, compositeurs et éditeurs SCRL (SABAM), which had been delivered the previous day. The initial view of the Commissioner was that this judgment would render any Enforcement Notice moot as it “has made clear that the Protocol operated by Eircom is unlawful as a matter of European Law and that Eircom is therefore obligated to terminate its operation.” The Commissioner indicated that an Enforcement Notice was contemplated and included a draft of the contraventions which it was intended to cite in the Notice. The Commissioner asked Eircom for its views on this matter by close of business on the 28th November, 2011, allowing only one full working day to respond. In response, via email on the 28th November, 2011, Eircom indicated that it was of the opinion that the judgment in Scarlet Extended had “little relevance to the factual and legal circumstances governing Eircom’s Graduated Response” and asked whether the Commissioner could identify any specific aspect of the judgment which supported a contention that the Protocol was unlawful. Eircom also indicated its surprise regarding the proposal to issue an Enforcement Notice and stated its intent to appeal any such Notice.

2.7 The Enforcement Notice was issued by the Commissioner against Eircom on the 5th December, 2011, and required Eircom to immediately cease its operation of the Protocol, destroy any customer data held by it pursuant to the scheme and take any other steps necessary to ensure compliance with data protection law within sixty days.

2.8 It is appropriate, in my view, to note that the Commissioner's action in seeking to advance matters with very great speed over a period of just ten days in late November and early December, 2011 must...

To continue reading